static int
xmlSecMSCryptoRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1);
ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->data == NULL, -1);
ctx->data = xmlSecKeyDataDuplicate(xmlSecKeyGetValue(key));
if(ctx->data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecKeyDataDuplicate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
EVP_PKEY* pKey;
RSA *rsa;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey == NULL, -1);
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
xmlSecInternalError("xmlSecOpenSSLKeyDataRsaGetEvp",
xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA, -1);
rsa = EVP_PKEY_get0_RSA(pKey);
xmlSecAssert2(rsa != NULL, -1);
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecInternalError("xmlSecOpenSSLEvpKeyDup",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
/**
* xmlSecOpenSSLKeyDataHmacSet:
* @data: the pointer to HMAC key data.
* @buf: the pointer to key value.
* @bufSize: the key value size (in bytes).
*
* Sets the value of HMAC key data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecOpenSSLKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataHmacId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
PyObject *xmlsec_KeyDataCheckId(PyObject *self, PyObject *args) {
PyObject *data_obj, *dataId_obj;
xmlSecKeyDataPtr data;
xmlSecKeyDataId dataId;
if (CheckArgs(args, "OO:keyDataCheckId")) {
if (!PyArg_ParseTuple(args, "OO:keyDataCheckId", &data_obj, &dataId_obj))
return NULL;
}
else return NULL;
data = xmlSecKeyDataPtr_get(data_obj);
dataId = xmlSecKeyDataId_get(dataId_obj);
return (wrap_int(xmlSecKeyDataCheckId(data, dataId)));
}
static int
xmlSecGCryptKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecGCryptKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataAesId), -1);
ctx = xmlSecGCryptKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
if(keySize < ctx->keyExpectedSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key=%d;expected=%d",
keySize, ctx->keyExpectedSize);
return(-1);
}
ret = xmlSecBufferSetData(&(ctx->keyBuffer),
xmlSecBufferGetData(buffer),
ctx->keyExpectedSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"expected-size=%d",
ctx->keyExpectedSize);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
int ret;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacCtx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
ret = HMAC_Init_ex(ctx->hmacCtx,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
ctx->hmacDgst,
NULL);
if(ret != 1) {
xmlSecOpenSSLError("HMAC_Init_ex",
xmlSecTransformGetName(transform));
return(-1);
}
ctx->ctxInitialized = 1;
return(0);
}
/**
* xmlSecKeyReqMatchKeyValue:
* @keyReq: the pointer to key requirements.
* @value: the pointer to key value.
*
* Checks whether @keyValue matches key requirements @keyReq.
*
* Returns: 1 if key value matches requirements, 0 if not and a negative value
* if an error occurs.
*/
int
xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
xmlSecAssert2(keyReq != NULL, -1);
xmlSecAssert2(value != NULL, -1);
if((keyReq->keyId != xmlSecKeyDataIdUnknown) &&
(!xmlSecKeyDataCheckId(value, keyReq->keyId))) {
return(0);
}
if((keyReq->keyBitsSize > 0) &&
(xmlSecKeyDataGetSize(value) > 0) &&
(xmlSecKeyDataGetSize(value) < keyReq->keyBitsSize)) {
return(0);
}
return(1);
}
static int
xmlSecGCryptHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecGCryptHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
gcry_error_t err;
xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecGCryptHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digestCtx != NULL, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGCryptKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key is empty");
return(-1);
}
err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer));
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"gcry_md_setkey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCryptoKWDes3CtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDesId), -1);
ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key length %d is not enough (%d expected)",
keySize, XMLSEC_KW_DES3_KEY_LENGTH);
return(-1);
}
ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
EVP_PKEY* pKey;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey == NULL, -1);
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLKeyDataRsaGetEvp",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLEvpKeyDup",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"keySize=0");
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
HMAC_Init(&(ctx->hmacCtx),
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
ctx->hmacDgst);
ctx->ctxInitialized = 1;
return(0);
}
/**
* xmlSecKeyDataBinaryValueBinRead:
* @id: the data klass.
* @key: the pointer to destination key.
* @buf: the source binary buffer.
* @bufSize: the source binary buffer size.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Reads binary key data of the klass @id from @buf to the @key.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
const xmlSecByte* buf, xmlSecSize bufSize,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
int ret;
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* check do we have a key already */
data = xmlSecKeyGetValue(key);
if(data != NULL) {
xmlSecBufferPtr buffer;
if(!xmlSecKeyDataCheckId(data, id)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != bufSize)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"cur-data-size=%d;new-data-size=%d",
xmlSecBufferGetSize(buffer), bufSize);
return(-1);
}
if((buffer != NULL) && (bufSize > 0) && (memcmp(xmlSecBufferGetData(buffer), buf, bufSize) != 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"key already has a different value");
return(-1);
}
if(buffer != NULL) {
/* we already have exactly the same key */
return(0);
}
/* we have binary key value with empty buffer */
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecKeyDataBinaryValueSetBuffer(data, buf, bufSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataBinaryValueSetBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", bufSize);
xmlSecKeyDataDestroy(data);
return(-1);
}
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyReqMatchKeyValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(0);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(-1);
}
return(0);
}
/**
* xmlSecKeyDataBinaryValueXmlRead:
* @id: the data klass.
* @key: the pointer to destination key.
* @node: the pointer to an XML node.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Reads binary key data from @node to the key by base64 decoding the @node content.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar* str;
xmlSecSize len;
xmlSecKeyDataPtr data;
int ret;
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
str = xmlNodeGetContent(node);
if(str == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* usual trick: decode into the same buffer */
ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecBase64Decode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
len = ret;
/* check do we have a key already */
data = xmlSecKeyGetValue(key);
if(data != NULL) {
xmlSecBufferPtr buffer;
if(!xmlSecKeyDataCheckId(data, id)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"cur-data-size=%d;new-data-size=%d",
xmlSecBufferGetSize(buffer), len);
xmlFree(str);
return(-1);
}
if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"key already has a different value");
xmlFree(str);
return(-1);
}
if(buffer != NULL) {
/* we already have exactly the same key */
xmlFree(str);
return(0);
}
/* we have binary key value with empty buffer */
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataBinaryValueSetBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", len);
xmlSecKeyDataDestroy(data);
xmlFree(str);
return(-1);
}
xmlFree(str);
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyReqMatchKeyValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(0);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCryptoHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
HMAC_INFO hmacInfo;
int ret;
xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecMSCryptoHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
xmlSecAssert2(ctx->provider != 0, -1);
xmlSecAssert2(ctx->pubPrivKey != 0, -1);
xmlSecAssert2(ctx->cryptKey == 0, -1);
xmlSecAssert2(ctx->mscHash == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecMSCryptoKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"keySize=0");
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
/* Import this key and get an HCRYPTKEY handle.
*
* HACK!!! HACK!!! HACK!!!
*
* Using CALG_RC2 instead of CALG_HMAC for the key algorithm so we don't want to check key length
*/
if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->provider,
ctx->pubPrivKey,
CALG_RC2,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
FALSE,
&(ctx->cryptKey)
) || (ctx->cryptKey == 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecMSCryptoImportPlainSessionBlob",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* create hash */
ret = CryptCreateHash(ctx->provider,
CALG_HMAC,
ctx->cryptKey,
0,
&(ctx->mscHash));
if((ret == 0) || (ctx->mscHash == 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"CryptCreateHash",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* set parameters */
memset(&hmacInfo, 0, sizeof(hmacInfo));
hmacInfo.HashAlgid = ctx->alg_id;
ret = CryptSetHashParam(ctx->mscHash, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0);
if(ret == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"CryptSetHashParam",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* done */
ctx->ctxInitialized = 1;
return(0);
}
