static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
EVP_PKEY* pKey;
RSA *rsa;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey == NULL, -1);
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
xmlSecInternalError("xmlSecOpenSSLKeyDataRsaGetEvp",
xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA, -1);
rsa = EVP_PKEY_get0_RSA(pKey);
xmlSecAssert2(rsa != NULL, -1);
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecInternalError("xmlSecOpenSSLEvpKeyDup",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacVerify(xmlSecTransformPtr transform,
const xmlSecByte* data, xmlSecSize dataSize,
xmlSecTransformCtxPtr transformCtx) {
static xmlSecByte last_byte_masks[] =
{ 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecByte mask;
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->dgstSize > 0, -1);
/* compare the digest size in bytes */
if(dataSize != ((ctx->dgstSize + 7) / 8)){
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"data=%d;dgst=%d",
dataSize, ((ctx->dgstSize + 7) / 8));
transform->status = xmlSecTransformStatusFail;
return(0);
}
/* we check the last byte separatelly */
xmlSecAssert2(dataSize > 0, -1);
mask = last_byte_masks[ctx->dgstSize % 8];
if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_DATA_NOT_MATCH,
"data and digest do not match (last byte)");
transform->status = xmlSecTransformStatusFail;
return(0);
}
/* now check the rest of the digest */
if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_DATA_NOT_MATCH,
"data and digest do not match");
transform->status = xmlSecTransformStatusFail;
return(0);
}
transform->status = xmlSecTransformStatusOk;
return(0);
}
static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
xmlSecInvalidNodeError(cur, xmlSecNodeXPointer,
xmlSecTransformGetName(transform));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataNodeRead",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetTree;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
if(ret < 0) {
xmlSecInternalError("xmlSecBufferBase64NodeContentRead",
xmlSecTransformGetName(transform));
return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
xmlChar* algorithm;
/* Algorithm attribute is required */
algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
if(algorithm == NULL) {
xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm,
xmlSecTransformGetName(transform),
"empty");
return(-1);
}
/* for now we support only sha1 */
if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
xmlSecInvalidTransfromError2(transform,
"digest algorithm=\"%s\" is not supported for rsa/oaep",
xmlSecErrorsSafeString(algorithm));
xmlFree(algorithm);
return(-1);
}
xmlFree(algorithm);
} else {
/* not found */
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
/* next node */
cur = xmlSecGetNextElementNode(cur->next);
}
return(0);
}
/**
* xmlSecTransformXPointerSetExpr:
* @transform: the pointer to XPointer transform.
* @expr: the XPointer expression.
* @nodeSetType: the type of evaluated XPointer expression.
* @hereNode: the pointer to "here" node.
*
* Sets the XPointer expression for an XPointer @transform.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr,
xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(transform->hereNode == NULL, -1);
xmlSecAssert2(expr != NULL, -1);
xmlSecAssert2(hereNode != NULL, -1);
transform->hereNode = hereNode;
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataRegisterNamespaces(data, hereNode);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataRegisterNamespaces",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
ret = xmlSecXPathDataSetExpr(data, expr);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataSetExpr",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = nodeSetType;
return(0);
}
static int
xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
xmlSecTransformCtxPtr transformCtx) {
xmlChar** idPtr;
xmlDocPtr doc;
xmlAttrPtr attr;
xmlNodeSetPtr nodeSet;
xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
xmlSecAssert2(idPtr != NULL, -1);
xmlSecAssert2((*idPtr) != NULL, -1);
doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
xmlSecAssert2(doc != NULL, -1);
attr = xmlGetID(doc, (*idPtr));
if((attr == NULL) || (attr->parent == NULL)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlGetID",
XMLSEC_ERRORS_R_XML_FAILED,
"id=\"%s\"",
xmlSecErrorsSafeString((*idPtr)));
return(-1);
}
nodeSet = xmlXPathNodeSetCreate(attr->parent);
if(nodeSet == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlXPathNodeSetCreate",
XMLSEC_ERRORS_R_XML_FAILED,
"id=\"%s\"",
xmlSecErrorsSafeString((*idPtr)));
return(-1);
}
transform->outNodes = xmlSecNodeSetCreate(doc, nodeSet, xmlSecNodeSetTreeWithoutComments);
if(transform->outNodes == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecNodeSetCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlXPathFreeNodeSet(nodeSet);
return(-1);
}
return(0);
}
static int xmlSecMSCngSignatureVerify(xmlSecTransformPtr transform,
const xmlSecByte* data,
xmlSecSize dataSize,
xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCngSignatureCtxPtr ctx;
BCRYPT_KEY_HANDLE pubkey;
NTSTATUS status;
int ret;
xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(dataSize > 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecMSCngSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
pubkey = xmlSecMSCngKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic);
if(pubkey == 0) {
xmlSecInternalError("xmlSecMSCngKeyDataGetKey",
xmlSecTransformGetName(transform));
return(-1);
}
status = BCryptVerifySignature(
pubkey,
NULL,
ctx->pbHash,
ctx->cbHash,
(PBYTE)data,
dataSize,
0);
if(status != STATUS_SUCCESS) {
if(status == STATUS_INVALID_SIGNATURE) {
xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH,
xmlSecTransformGetName(transform),
"BCryptVerifySignature: the signature was not verified");
transform->status = xmlSecTransformStatusFail;
return(-1);
} else {
xmlSecMSCngNtError("BCryptVerifySignature",
xmlSecTransformGetName(transform), status);
return(-1);
}
}
transform->status = xmlSecTransformStatusOk;
return(0);
}
/**
* This is step 2, point 4: if the input sourceId list doesn't contain the Id attribute of the current node,
* then exclude it from the output, instead of processing it.
*/
static int
xmlSecTransformRelationshipProcessNode(xmlSecTransformPtr transform, xmlOutputBufferPtr buf, xmlNodePtr cur) {
int found = -1;
xmlSecRelationshipCtxPtr ctx;
xmlSecSize ii;
int ret;
xmlSecAssert2(transform != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(cur != NULL, -1);
if(xmlSecCheckNodeName(cur, xmlSecNodeRelationship, xmlSecRelationshipsNs)) {
xmlChar* id = xmlGetProp(cur, xmlSecRelationshipAttrId);
if(id == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlGetProp(xmlSecRelationshipAttrId)",
XMLSEC_ERRORS_R_XML_FAILED,
"name=Id");
return(-1);
}
ctx = xmlSecRelationshipGetCtx(transform);
for(ii = 0; ii < xmlSecPtrListGetSize(ctx->sourceIdList); ++ii) {
if(xmlStrcmp(xmlSecPtrListGetItem(ctx->sourceIdList, ii), id) == 0) {
found = 1;
break;
}
}
xmlFree(id);
if(found < 0) {
return(0);
}
}
ret = xmlSecTransformRelationshipProcessElementNode(transform, buf, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecTransformRelationshipProcessElementNode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecGCryptHmacNodeRead:
*
* HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
*
* The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
* as a parameter; if the parameter is not specified then all the bits of the
* hash are output. An example of an HMAC SignatureMethod element:
* <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
* <HMACOutputLength>128</HMACOutputLength>
* </SignatureMethod>
*
* Schema Definition:
*
* <simpleType name="HMACOutputLengthType">
* <restriction base="integer"/>
* </simpleType>
*
* DTD:
*
* <!ELEMENT HMACOutputLength (#PCDATA)>
*/
static int
xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecGCryptHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecGCryptHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* Ensure that HMAC length is greater than min specified.
Otherwise, an attacker can set this length to 0 or very
small value
*/
if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"HMAC output length is too small");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"no nodes expected");
return(-1);
}
return(0);
}
static int
xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last,
xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlDocPtr doc;
xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
xmlSecAssert2(transform->hereNode != NULL, -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, -1);
doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
xmlSecAssert2(doc != NULL, -1);
transform->outNodes = xmlSecXPathDataListExecute(dataList, doc,
transform->hereNode, transform->inNodes);
if(transform->outNodes == NULL) {
xmlSecInternalError("xmlSecXPathDataExecute",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1);
ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->data == NULL, -1);
ctx->data = xmlSecKeyDataDuplicate(xmlSecKeyGetValue(key));
if(ctx->data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecKeyDataDuplicate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last,
xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlDocPtr doc;
xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
xmlSecAssert2(transform->hereNode != NULL, -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, -1);
doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
xmlSecAssert2(doc != NULL, -1);
transform->outNodes = xmlSecXPathDataListExecute(dataList, doc,
transform->hereNode, transform->inNodes);
if(transform->outNodes == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataExecute",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int xmlSecMSCngSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCngSignatureCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecMSCngSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
xmlSecAssert2(ctx->pszHashAlgId != 0, -1);
xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(value != NULL, -1);
ctx->data = xmlSecKeyDataDuplicate(value);
if(ctx->data == NULL) {
xmlSecInternalError("xmlSecKeyDataDuplicate",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
xmlSecKeyDataPtr value;
EVP_PKEY* pKey;
xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digest != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(value != NULL, -1);
pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLEvpKeyDataGetEvp",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
if(ctx->pKey != NULL) {
EVP_PKEY_free(ctx->pKey);
}
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLEvpKeyDup",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecGCryptKWAesInitialize(xmlSecTransformPtr transform) {
xmlSecGCryptKWAesCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
ctx = xmlSecGCryptKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes128Id)) {
ctx->cipher = GCRY_CIPHER_AES128;
ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
} else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes192Id)) {
ctx->cipher = GCRY_CIPHER_AES192;
ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
} else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes256Id)) {
ctx->cipher = GCRY_CIPHER_AES256;
ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ctx->mode = GCRY_CIPHER_MODE_CBC;
ctx->flags = GCRY_CIPHER_SECURE; /* we are paranoid */
ctx->blockSize = gcry_cipher_get_algo_blklen(ctx->cipher);
xmlSecAssert2(ctx->blockSize > 0, -1);
ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecGCryptKWAesGetKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
int ret;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacCtx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
ret = HMAC_Init_ex(ctx->hmacCtx,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
ctx->hmacDgst,
NULL);
if(ret != 1) {
xmlSecOpenSSLError("HMAC_Init_ex",
xmlSecTransformGetName(transform));
return(-1);
}
ctx->ctxInitialized = 1;
return(0);
}
static int
xmlSecGCryptKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecGCryptKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataAesId), -1);
ctx = xmlSecGCryptKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
if(keySize < ctx->keyExpectedSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key=%d;expected=%d",
keySize, ctx->keyExpectedSize);
return(-1);
}
ret = xmlSecBufferSetData(&(ctx->keyBuffer),
xmlSecBufferGetData(buffer),
ctx->keyExpectedSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"expected-size=%d",
ctx->keyExpectedSize);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
transform->status = xmlSecTransformStatusWorking;
}
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLRsaOaepProcess",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_STATUS,
"status=%d", transform->status);
return(-1);
}
return(0);
}
static int
xmlSecGCryptHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecGCryptHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
gcry_error_t err;
xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecGCryptHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digestCtx != NULL, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGCryptKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key is empty");
return(-1);
}
err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer));
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"gcry_md_setkey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCryptoKWDes3CtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDesId), -1);
ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key length %d is not enough (%d expected)",
keySize, XMLSEC_KW_DES3_KEY_LENGTH);
return(-1);
}
ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(node!= NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* Ensure that HMAC length is greater than min specified.
Otherwise, an attacker can set this length to 0 or very
small value
*/
if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform),
"HMAC output length is too small");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform,
const xmlSecByte* data,
xmlSecSize dataSize,
xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCryptoDigestCtxPtr ctx;
xmlSecAssert2(xmlSecMSCryptoDigestCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecMSCryptoDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->dgstSize > 0, -1);
if(dataSize != ctx->dgstSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"data_size=%d;dgst_size=%d",
dataSize, ctx->dgstSize);
transform->status = xmlSecTransformStatusFail;
return(0);
}
if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"data and digest do not match");
transform->status = xmlSecTransformStatusFail;
return(0);
}
transform->status = xmlSecTransformStatusOk;
return(0);
}
static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
EVP_PKEY* pKey;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey == NULL, -1);
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLKeyDataRsaGetEvp",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLEvpKeyDup",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform,
const xmlSecByte* data, xmlSecSize dataSize,
xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
ret = EVP_VerifyFinal(&(ctx->digestCtx), (xmlSecByte*)data, dataSize, ctx->pKey);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"EVP_VerifyFinal",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
} else if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"EVP_VerifyFinal",
XMLSEC_ERRORS_R_DATA_NOT_MATCH,
"signature do not match");
transform->status = xmlSecTransformStatusFail;
return(0);
}
transform->status = xmlSecTransformStatusOk;
return(0);
}
static int
xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) {
xmlSecNssKWAesCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
ctx = xmlSecNssKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
} else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
} else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecRelationshipCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecRelationshipGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = node->children;
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) {
xmlChar* sourceId;
sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId);
if(sourceId == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
"xmlGetProp",
xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(sourceId);
return(-1);
}
}
cur = cur->next;
}
return(0);
}
static int
xmlSecTransformXPathInitialize(xmlSecTransformPtr transform) {
xmlSecPtrListPtr dataList;
int ret;
xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(dataList != NULL, -1);
ret = xmlSecPtrListInitialize(dataList, xmlSecXPathDataListId);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListInitialize",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) {
int ret;
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
ret = xmlSecBufferInitialize(xmlSecNssKWAesGetKey(transform), 0);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecTransformVisa3DHackSetID:
* @transform: the pointer to Visa3DHack transform.
* @id: the ID value.
*
* Sets the ID value for an Visa3DHack @transform.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecTransformVisa3DHackSetID(xmlSecTransformPtr transform, const xmlChar* id) {
xmlChar** idPtr;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformVisa3DHackId), -1);
xmlSecAssert2(id != NULL, -1);
idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
xmlSecAssert2(idPtr != NULL, -1);
xmlSecAssert2((*idPtr) == NULL, -1);
(*idPtr) = xmlStrdup(id);
if((*idPtr) == NULL) {
xmlSecStrdupError(id, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecBase64Initialize(xmlSecTransformPtr transform) {
xmlSecBase64CtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
ctx = xmlSecBase64GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
transform->operation = xmlSecTransformOperationDecode;
ret = xmlSecBase64CtxInitialize(ctx, 0, xmlSecBase64GetDefaultLineSize());
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxInitialize",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
