[Libreoffice-commits] .: 2 commits - libxmlsec/ExternalPackage_xmlsec.mk libxmlsec/ExternalProject_xmlsec.mk libxmlsec/include libxmlsec/Makefile libxmlsec/makefile.mk libxmlsec/Module_libxmlsec.mk libxmlsec/prj libxmlsec/src libxmlsec/UnpackedTarball_xmlsec.mk libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch libxmlsec/xmlsec1-android.patch libxmlsec/xmlsec1-customkeymanage.patch libxmlsec/xmlsec1-update-config-sub-and-guess.patch libxmlsec/xmlsec1-vc10.patch libxmlsec/xmlsec1-vc.patch Module_tail_build.mk pyuno/CustomTarget_zipcore.mk RepositoryExternal.mk RepositoryModule_ooo.mk tail_build/prj xmlsecurity/Library_xsec_xmlsec.mk
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Fri Nov 30 08:34:34 PST 2012
Module_tail_build.mk | 2
RepositoryExternal.mk | 1
RepositoryModule_ooo.mk | 1
libxmlsec/ExternalPackage_xmlsec.mk | 32
libxmlsec/ExternalProject_xmlsec.mk | 63
libxmlsec/Makefile | 7
libxmlsec/Module_libxmlsec.mk | 20
libxmlsec/UnpackedTarball_xmlsec.mk | 50
libxmlsec/include/akmngr_mscrypto.h | 72
libxmlsec/include/akmngr_nss.h | 57
libxmlsec/include/ciphers.h | 36
libxmlsec/include/tokens.h | 183 +
libxmlsec/makefile.mk | 249 -
libxmlsec/prj/d.lst | 9
libxmlsec/src/akmngr_mscrypto.c | 237 +
libxmlsec/src/akmngr_nss.c | 384 ++
libxmlsec/src/keywrapers.c | 1213 ++++++++
libxmlsec/src/tokens.c | 548 +++
libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch | 4
libxmlsec/xmlsec1-android.patch | 4
libxmlsec/xmlsec1-customkeymanage.patch | 2757 --------------------
libxmlsec/xmlsec1-update-config-sub-and-guess.patch | 2314 ----------------
libxmlsec/xmlsec1-vc.patch | 25
libxmlsec/xmlsec1-vc10.patch | 15
pyuno/CustomTarget_zipcore.mk | 3
tail_build/prj/build.lst | 2
xmlsecurity/Library_xsec_xmlsec.mk | 4
27 files changed, 2942 insertions(+), 5350 deletions(-)
New commits:
commit 921f31fb3629fe3bf278ddb49aacf28e0ffdeafe
Author: Peter Foley <pefoley2 at verizon.net>
Date: Tue Nov 27 20:50:38 2012 -0500
add python3 to tail_build
Change-Id: I01c3d280b4ff05ddbce77343ced6934b26bd3ceb
diff --git a/Module_tail_build.mk b/Module_tail_build.mk
index e0664bb..61fcc43 100644
--- a/Module_tail_build.mk
+++ b/Module_tail_build.mk
@@ -131,6 +131,7 @@ $(eval $(call gb_Module_add_moduledirs,tail_end,\
padmin \
$(call gb_Helper_optional,POSTGRESQL,postgresql) \
psprint_config \
+ $(call gb_Helper_optional,PYTHON,python3) \
$(call gb_Helper_optional,PYUNO,pyuno) \
$(call gb_Helper_optional,QADEVOOO,qadevOOo) \
readlicense_oo \
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index 4c0f83f..5f02c49 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -1967,6 +1967,7 @@ endef
else # !SYSTEM_PYTHON
define gb_LinkTarget__use_python_headers
+$(call gb_LinkTarget_use_package,$(1),python3)
$(call gb_LinkTarget_set_include,$(1),\
-I$(call gb_UnpackedTarball_get_dir,python3) \
-I$(call gb_UnpackedTarball_get_dir,python3)/PC \
diff --git a/pyuno/CustomTarget_zipcore.mk b/pyuno/CustomTarget_zipcore.mk
index dc2f560..6b37424 100644
--- a/pyuno/CustomTarget_zipcore.mk
+++ b/pyuno/CustomTarget_zipcore.mk
@@ -49,7 +49,8 @@ pyuno_zipcore_FINDLIBFILES:=\
# create zip archive
$(call gb_CustomTarget_get_workdir,pyuno/zipcore)/$(pyuno_PYTHON_ARCHIVE_NAME) : $(pyuno_zipcore_FINDLIBFILES) | \
- $(call gb_CustomTarget_get_workdir,pyuno/zipcore)/.dir
+ $(call gb_CustomTarget_get_workdir,pyuno/zipcore)/.dir \
+ $(call gb_ExternalPackage_get_target,python3)
$(call gb_Output_announce,$(subst $(WORKDIR)/,,$@),$(true),ZIP,1)
cd $(pyuno_PYTHON_LIB_DIR) && zip $@ $(shell cd $(pyuno_PYTHON_LIB_DIR) && $(FIND) . -type f | $(GREP) -v "\.pyc" | $(GREP) -v "\.py~" | $(GREP) -v .orig | $(GREP) -v _failed)
diff --git a/tail_build/prj/build.lst b/tail_build/prj/build.lst
index 8090698..ac96f9e 100644
--- a/tail_build/prj/build.lst
+++ b/tail_build/prj/build.lst
@@ -1,2 +1,2 @@
-tb tail_build : CPPUNIT:cppunit EXPAT:expat FONTCONFIG:fontconfig ICU:icu LIBPNG:libpng LIBXML2:libxml2 LIBXSLT:libxslt MOZ:moz NSS:nss OPENSSL:openssl PYTHON:python3 REDLAND:redland XPDF:xpdf ZLIB:zlib external solenv soltools NULL
+tb tail_build : CPPUNIT:cppunit EXPAT:expat FONTCONFIG:fontconfig ICU:icu LIBPNG:libpng LIBXML2:libxml2 LIBXSLT:libxslt MOZ:moz NSS:nss OPENSSL:openssl REDLAND:redland XPDF:xpdf ZLIB:zlib external solenv soltools NULL
tb tail_build\prj nmake - all tb_prj NULL
commit ec6af4194e80f5f0b2e46ca59802ff397a2a4a24
Author: Peter Foley <pefoley2 at verizon.net>
Date: Thu Nov 29 20:50:15 2012 -0500
convert libxmlsec to gbuild
Change-Id: Id0ad4e1c8e3e1ac03c625fb77b70fe0aa8ddfcdc
diff --git a/Module_tail_build.mk b/Module_tail_build.mk
index f499dcb..e0664bb 100644
--- a/Module_tail_build.mk
+++ b/Module_tail_build.mk
@@ -107,6 +107,7 @@ $(eval $(call gb_Module_add_moduledirs,tail_end,\
libwpd \
libwpg \
libwps \
+ libxmlsec \
lingucomponent \
linguistic \
lotuswordpro \
diff --git a/RepositoryModule_ooo.mk b/RepositoryModule_ooo.mk
index 30182fc..f860317 100644
--- a/RepositoryModule_ooo.mk
+++ b/RepositoryModule_ooo.mk
@@ -116,6 +116,7 @@ $(eval $(call gb_Module_add_moduledirs,ooo,\
libwpd \
libwpg \
libwps \
+ libxmlsec \
lingucomponent \
linguistic \
lotuswordpro \
diff --git a/libxmlsec/ExternalPackage_xmlsec.mk b/libxmlsec/ExternalPackage_xmlsec.mk
new file mode 100644
index 0000000..a553159
--- /dev/null
+++ b/libxmlsec/ExternalPackage_xmlsec.mk
@@ -0,0 +1,32 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_ExternalPackage_ExternalPackage,xmlsec,xmlsec))
+
+$(eval $(call gb_ExternalPackage_use_external_project,xmlsec,xmlsec))
+
+ifeq ($(OS),WNT)
+ifeq ($(COM),GCC)
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.dll.a,src/nss/.libs/libxmlsec1-nss.dll.a))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.dll,src/nss/.libs/libxmlsec1-nss.dll))
+else
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec-mscrypto.lib,win32/binaries/libxmlsec-mscrypto.lib))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec.lib,win32/binaries/libxmlsec.lib))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,bin/libxmlsec-mscrypto.dll,win32/binaries/libxmlsec-mscrypto.dll))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,bin/libxmlsec.dll,win32/binaries/libxmlsec.dll))
+endif
+else ifeq ($(OS),ANDROID)
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.a,src/.libs/libxmlsec1.a))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1-openssl.a,src/openssl/.libs/libxmlsec1-openssl.a))
+else
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1.a,src/.libs/libxmlsec1.a))
+$(eval $(call gb_ExternalPackage_add_file,xmlsec,lib/libxmlsec1-nss.a,src/nss/.libs/libxmlsec1-nss.a))
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/ExternalProject_xmlsec.mk b/libxmlsec/ExternalProject_xmlsec.mk
new file mode 100644
index 0000000..5b310e6
--- /dev/null
+++ b/libxmlsec/ExternalProject_xmlsec.mk
@@ -0,0 +1,63 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_ExternalProject_ExternalProject,xmlsec))
+
+$(eval $(call gb_ExternalProject_use_unpacked,xmlsec,xmlsec))
+
+$(eval $(call gb_ExternalProject_register_targets,xmlsec,\
+ build \
+))
+
+ifeq ($(OS),WNT)
+
+ifeq ($(COM),GCC)
+$(call gb_ExternalProject_get_state_target,xmlsec,build) :
+ cd $(EXTERNAL_WORKDIR) \
+ && autoreconf \
+ && ./configure --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) \
+ --without-libxslt --without-openssl --without-gnutls --disable-crypto-dl \
+ $(if $(filter NO,$(SYSTEM_NSS)),--disable-pkgconfig) \
+ CC="$(CC) -mthreads $(if $(filter YES,$(MINGW_SHARED_GCCLIB)),-shared-libgcc)" \
+ LDFLAGS="-Wl,--no-undefined $(ILIB:;= -L)" \
+ LIBS="$(if $(filter YES,$(MINGW_SHARED_GXXLIB)),$(MINGW_SHARED__LIBSTDCPP))"
+ $(MAKE) \
+ && touch $@
+
+else
+$(call gb_ExternalProject_get_state_target,xmlsec,build) :
+ cd $(EXTERNAL_WORKDIR)/win32 \
+ && cscript configure.js crypto=mscrypto xslt=no iconv=no static=no \
+ $(if $(filter-out full,$(PRODUCT)),debug=yes) \
+ && unset MAKEFLAGS \
+ && LIB="$(ILIB)" nmake \
+ && touch $@
+endif
+
+else
+
+$(call gb_ExternalProject_get_state_target,xmlsec,build) :
+ cd $(EXTERNAL_WORKDIR) \
+ && autoreconf \
+ && $(if $(filter MACOSX,$(OS)),ACLOCAL="aclocal -I $(EXTERNAL_WORKDIR)/m4/mac") \
+ ./configure \
+ --with-pic --disable-shared --disable-crypto-dl --without-libxslt --without-gnutls \
+ $(if $(filter ANDROID,$(OS)),--with-openssl=$(OUTDIR),--without-openssl) \
+ $(if $(filter MACOSX,$(OS)),--prefix=/@.__________________________________________________OOO) \
+ $(if $(filter NO,$(SYSTEM_NSS))$(filter MACOSX,$(OS)),--disable-pkgconfig) \
+ $(if $(filter YES,$(CROSS_COMPILING)),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \
+ $(if $(SYSBASE),CFLAGS="-I$(SYSBASE)/usr/include" \
+ LDFLAGS="-L$(SYSBASE)/usr/lib $(if $(filter-out LINUX FREEBSD,$(OS)),,-Wl,-z,origin -Wl,-rpath,'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib')",\
+ $(if $(filter-out MACOSX,$(OS)),,LDFLAGS="-Wl,-dylib_file, at executable_path/libnssutil3.dylib:$(OUTDIR)/lib/libnssutil3.dylib")) \
+ && $(MAKE) \
+ && touch $@
+
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/Makefile b/libxmlsec/Makefile
new file mode 100644
index 0000000..ccb1c85
--- /dev/null
+++ b/libxmlsec/Makefile
@@ -0,0 +1,7 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+
+module_directory:=$(dir $(realpath $(firstword $(MAKEFILE_LIST))))
+
+include $(module_directory)/../solenv/gbuild/partial_build.mk
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/Module_libxmlsec.mk b/libxmlsec/Module_libxmlsec.mk
new file mode 100644
index 0000000..3e51e4a
--- /dev/null
+++ b/libxmlsec/Module_libxmlsec.mk
@@ -0,0 +1,20 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_Module_Module,libxmlsec))
+
+ifneq ($(filter-out ANDROID IOS,$(OS)),)
+$(eval $(call gb_Module_add_targets,libxmlsec,\
+ UnpackedTarball_xmlsec \
+ ExternalPackage_xmlsec \
+ ExternalProject_xmlsec \
+))
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/UnpackedTarball_xmlsec.mk b/libxmlsec/UnpackedTarball_xmlsec.mk
new file mode 100644
index 0000000..6f8e4d0
--- /dev/null
+++ b/libxmlsec/UnpackedTarball_xmlsec.mk
@@ -0,0 +1,50 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
+
+$(eval $(call gb_UnpackedTarball_set_tarball,xmlsec,$(LIBXMLSEC_TARBALL)))
+
+$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
+ libxmlsec/xmlsec1-configure.patch \
+ libxmlsec/xmlsec1-configure-libxml-libxslt.patch \
+ libxmlsec/xmlsec1-olderlibxml2.patch \
+ libxmlsec/xmlsec1-nssdisablecallbacks.patch \
+ libxmlsec/xmlsec1-nssmangleciphers.patch \
+ libxmlsec/xmlsec1-noverify.patch \
+ libxmlsec/xmlsec1-mingw-keymgr-mscrypto.patch \
+ libxmlsec/xmlsec1-vc.patch \
+ libxmlsec/xmlsec1-1.2.14_fix_extern_c.patch \
+ libxmlsec/xmlsec1-android.patch \
+ libxmlsec/xmlsec1-1.2.14-ansi.patch \
+ libxmlsec/xmlsec1-customkeymanage.patch \
+))
+
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/mscrypto/akmngr.h,libxmlsec/include/akmngr_mscrypto.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/mscrypto/akmngr.c,libxmlsec/src/akmngr_mscrypto.c))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/akmngr.h,libxmlsec/include/akmngr_nss.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/ciphers.h,libxmlsec/include/ciphers.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,include/xmlsec/nss/tokens.h,libxmlsec/include/tokens.h))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/akmngr.c,libxmlsec/src/akmngr_nss.c))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/keywrapers.c,libxmlsec/src/keywrapers.c))
+$(eval $(call gb_UnpackedTarball_add_file,xmlsec,src/nss/tokens.c,libxmlsec/src/tokens.c))
+
+ifeq ($(OS)$(COM),WNTGCC)
+$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
+ libxmlsec/xmlsec1-mingw32.patch \
+))
+endif
+
+ifeq ($(OS)$(CPU),MACOSXP)
+$(eval $(call gb_UnpackedTarball_add_patches,xmlsec,\
+ libxmlsec/xmlsec1-1.2.14_old_automake.patch \
+))
+endif
+
+# vim: set noet sw=4 ts=4:
diff --git a/libxmlsec/include/akmngr_mscrypto.h b/libxmlsec/include/akmngr_mscrypto.h
new file mode 100644
index 0000000..57ba811
--- /dev/null
+++ b/libxmlsec/include/akmngr_mscrypto.h
@@ -0,0 +1,72 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright ..........................
+ */
+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
+#define __XMLSEC_MSCRYPTO_AKMNGR_H__
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
+xmlSecMSCryptoAppliedKeysMngrCreate(
+ HCERTSTORE keyStore ,
+ HCERTSTORE certStore
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY symKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY pubKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY priKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE keyStore
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE trustedStore
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE untrustedStore
+) ;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
+
+
+
diff --git a/libxmlsec/include/akmngr_nss.h b/libxmlsec/include/akmngr_nss.h
new file mode 100644
index 0000000..a6b8830
--- /dev/null
+++ b/libxmlsec/include/akmngr_nss.h
@@ -0,0 +1,57 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright ..........................
+ */
+#ifndef __XMLSEC_NSS_AKMNGR_H__
+#define __XMLSEC_NSS_AKMNGR_H__
+
+#include <nss.h>
+#include <nspr.h>
+#include <pk11func.h>
+#include <cert.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
+xmlSecNssAppliedKeysMngrCreate(
+ PK11SlotInfo** slots,
+ int cSlots,
+ CERTCertDBHandle* handler
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ PK11SymKey* symKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPublicKey* pubKey
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPrivateKey* priKey
+) ;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
+
+
+
diff --git a/libxmlsec/include/ciphers.h b/libxmlsec/include/ciphers.h
new file mode 100644
index 0000000..8088614
--- /dev/null
+++ b/libxmlsec/include/ciphers.h
@@ -0,0 +1,36 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright ..........................
+ */
+#ifndef __XMLSEC_NSS_CIPHERS_H__
+#define __XMLSEC_NSS_CIPHERS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
+ PK11SymKey* symkey ) ;
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
+
+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
+
+
+
diff --git a/libxmlsec/include/tokens.h b/libxmlsec/include/tokens.h
new file mode 100644
index 0000000..c7c0fa1
--- /dev/null
+++ b/libxmlsec/include/tokens.h
@@ -0,0 +1,183 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Contributor(s): _____________________________
+ *
+ */
+#ifndef __XMLSEC_NSS_TOKENS_H__
+#define __XMLSEC_NSS_TOKENS_H__
+
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/list.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/**
+ * xmlSecNssKeySlotListId
+ *
+ * The crypto mechanism list klass
+ */
+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
+
+/*******************************************
+ * KeySlot interfaces
+ *******************************************/
+/**
+ * Internal NSS key slot data
+ * @mechanismList: the mechanisms that the slot bound with.
+ * @slot: the pkcs slot
+ *
+ * This context is located after xmlSecPtrList
+ */
+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
+
+struct _xmlSecNssKeySlot {
+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
+ PK11SlotInfo* slot ;
+} ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotSetMechList(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE_PTR mechanismList
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotEnableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotDisableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) ;
+
+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
+xmlSecNssKeySlotGetMechList(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotSetSlot(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotInitialize(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) ;
+
+XMLSEC_CRYPTO_EXPORT void
+xmlSecNssKeySlotFinalize(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
+xmlSecNssKeySlotGetSlot(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
+xmlSecNssKeySlotCreate() ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotCopy(
+ xmlSecNssKeySlotPtr newKeySlot ,
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
+xmlSecNssKeySlotDuplicate(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT void
+xmlSecNssKeySlotDestroy(
+ xmlSecNssKeySlotPtr keySlot
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotBindMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) ;
+
+XMLSEC_CRYPTO_EXPORT int
+xmlSecNssKeySlotSupportMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) ;
+
+
+/************************************************************************
+ * PKCS#11 crypto token interfaces
+ *
+ * A PKCS#11 slot repository will be defined internally. From the
+ * repository, a user can specify a particular slot for a certain crypto
+ * mechanism.
+ *
+ * In some situation, some cryptographic operation should act in a user
+ * designated devices. The interfaces defined here provide the way. If
+ * the user do not initialize the repository distinctly, the interfaces
+ * use the default functions provided by NSS itself.
+ *
+ ************************************************************************/
+/**
+ * Initialize NSS pkcs#11 slot repository
+ *
+ * Returns 0 if success or -1 if an error occurs.
+ */
+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
+
+/**
+ * Shutdown and destroy NSS pkcs#11 slot repository
+ */
+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
+
+/**
+ * Get PKCS#11 slot handler
+ * @type the mechanism that the slot must support.
+ *
+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
+ *
+ * Notes: The returned handler must be destroied distinctly.
+ */
+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
+
+/**
+ * Adopt a pkcs#11 slot with a mechanism into the repository
+ * @slot: the pkcs#11 slot.
+ * @mech: the mechanism.
+ *
+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
+ * this mechanism only can perform on the @slot.
+ *
+ * Returns 0 if success or -1 if an error occurs.
+ */
+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_TOKENS_H__ */
+
+
diff --git a/libxmlsec/makefile.mk b/libxmlsec/makefile.mk
deleted file mode 100644
index c21668a..0000000
--- a/libxmlsec/makefile.mk
+++ /dev/null
@@ -1,249 +0,0 @@
-#*************************************************************************
-#
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# Copyright 2000, 2010 Oracle and/or its affiliates.
-#
-# OpenOffice.org - a multi-platform office productivity suite
-#
-# This file is part of OpenOffice.org.
-#
-# OpenOffice.org is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Lesser General Public License version 3
-# only, as published by the Free Software Foundation.
-#
-# OpenOffice.org is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Lesser General Public License version 3 for more details
-# (a copy is included in the LICENSE file that accompanied this code).
-#
-# You should have received a copy of the GNU Lesser General Public License
-# version 3 along with OpenOffice.org. If not, see
-# <http://www.openoffice.org/license.html>
-# for a copy of the LGPLv3 License.
-#
-#*************************************************************************
-
-PRJ=.
-
-PRJNAME=xmlsec1
-TARGET=so_xmlsec1
-EXTERNAL_WARNINGS_NOT_ERRORS := TRUE
-
-# --- Settings -----------------------------------------------------
-
-.INCLUDE : settings.mk
-
-.IF "$(OS)" == "ANDROID" || "$(OS)" == "IOS"
- at all:
- @echo "FIXME: XMLSec module not buildable yet on this platform"
-.ENDIF
-
-# --- Files --------------------------------------------------------
-
-XMLSEC1VERSION=1.2.14
-
-TARFILE_NAME=$(PRJNAME)-$(XMLSEC1VERSION)
-TARFILE_MD5=1f24ab1d39f4a51faf22244c94a6203f
-
-#xmlsec1-configure.patch: Set up the build. Straightforward configuration
-#xmlsec1-configure-libxml-libxslt.patch: empty "$with_libxml" prepends /bin :-(
-#xmlsec1-olderlibxml2.patch: Allow build against older libxml2, for macosx
-#xmlsec1-nssdisablecallbacks.patch: Disable use of smime3 so don't need to package it
-#xmlsec1-customkeymanage.patch: Could we do this alternatively outside xmlsec
-#xmlsec1-nssmangleciphers.patch: Dubious, do we still need this ?
-#xmlsec1-noverify.patch: As per readme.txt.
-#xmlsec1-mingw32.patch: Mingw32 support.
-#xmlsec1-mingw-customkeymanage-addmscrypto.patch: builds the custom keymanager on mingw
-#xmlsec1-vc.path: support for Visual C++ 10
-#xmlsec1-1.2.14-ansi.patch: otherwise, at least MacPorts autoreconf (GNU
-# Autoconf) 2.69 fails with "configure.in:50: error: automatic de-ANSI-fication
-# support has been removed" (cf. upstream <http://git.gnome.org/browse/xmlsec/
-# commit/?id=6a4968bc33f83aaf61efc0a80333350ce9c372f5> "error in macro
-# AM_C_PROTOTYPES (Roumen)")
-PATCH_FILES=\
- xmlsec1-configure.patch \
- xmlsec1-configure-libxml-libxslt.patch \
- xmlsec1-olderlibxml2.patch \
- xmlsec1-nssdisablecallbacks.patch \
- xmlsec1-customkeymanage.patch \
- xmlsec1-nssmangleciphers.patch \
- xmlsec1-noverify.patch \
- xmlsec1-mingw-keymgr-mscrypto.patch \
- xmlsec1-vc10.patch \
- xmlsec1-1.2.14_fix_extern_c.patch \
- xmlsec1-android.patch \
- xmlsec1-1.2.14-ansi.patch \
- xmlsec1-oldlibtool.patch
-
-.IF "$(GUI)$(COM)"=="WNTGCC"
- PATCH_FILES+=xmlsec1-mingw32.patch
-.ENDIF
-
-.IF "$(OS)$(CPU)"=="MACOSXP"
-PATCH_FILES+=xmlsec1-1.2.14_old_automake.patch
-EXTRA_LINKFLAGS+=-Wl,-dylib_file, at executable_path/libnssutil3.dylib:$(SOLARLIBDIR)/libnssutil3.dylib
-.ENDIF
-
-ADDITIONAL_FILES= \
- include/xmlsec/mscrypto/akmngr.h \
- src/mscrypto/akmngr.c \
- include/xmlsec/nss/akmngr.h \
- include/xmlsec/nss/ciphers.h \
- include/xmlsec/nss/tokens.h \
- src/nss/akmngr.c \
- src/nss/keywrapers.c \
- src/nss/tokens.c
-
-.IF "$(GUI)"=="WNT"
-CRYPTOLIB=mscrypto
-.ELSE
-CRYPTOLIB=nss
-.ENDIF
-
-.IF "$(OS)"=="WNT"
-.IF "$(COM)"=="GCC"
-xmlsec_CC=$(CC) -mthreads
-.IF "$(MINGW_SHARED_GCCLIB)"=="YES"
-xmlsec_CC+=-shared-libgcc
-.ENDIF
-xmlsec_LIBS=
-.IF "$(MINGW_SHARED_GXXLIB)"=="YES"
-xmlsec_LIBS+=$(MINGW_SHARED_LIBSTDCPP)
-.ENDIF
-CONF_ILIB=
-.IF "$(ILIB)" != ""
-CONF_ILIB=-L$(ILIB:s/;/ -L/)
-.ENDIF
-
-CONFIGURE_DIR=
-CONFIGURE_ACTION=autoreconf; ./configure
-
-BUILD_AND_HOST=--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM) MINGW_SYSROOT=$(MINGW_SYSROOT) OBJDUMP="$(OBJDUMP)"
-
-CONFIGURE_FLAGS=--with-libxslt=no --with-openssl=no --with-gnutls=no --disable-crypto-dl $(BUILD_AND_HOST) CC="$(xmlsec_CC)" LDFLAGS="-Wl,--no-undefined $(CONF_ILIB)" LIBS="$(xmlsec_LIBS)" LIBXML2LIB="$(LIBXML2LIB)" ZLIB3RDLIB=$(ZLIB3RDLIB)
-
-.IF "$(SYSTEM_NSS)" != "YES"
-CONFIGURE_FLAGS+=--enable-pkgconfig=no
-.ENDIF
-BUILD_ACTION=$(GNUMAKE) -j$(GMAKE_MODULE_PARALLELISM)
-BUILD_DIR=$(CONFIGURE_DIR)
-
-.ELSE # "$(COM)"!="GCC"
-
-CONFIGURE_DIR=win32
-CONFIGURE_ACTION=cscript configure.js
-.IF "$(product)"!="full" && "$(CCNUMVER)" >= "001399999999"
-CONFIGURE_FLAGS=crypto=$(CRYPTOLIB) debug=yes xslt=no iconv=no static=no include=$(BASEINC) lib=$(BASELIB)
-.ELSE
-CONFIGURE_FLAGS=crypto=$(CRYPTOLIB) xslt=no iconv=no static=no include=$(BASEINC) lib=$(BASELIB)
-.ENDIF
-BUILD_ACTION=nmake
-BUILD_DIR=$(CONFIGURE_DIR)
-.ENDIF # "$(COM)"=="GCC"
-
-.ELSE # "$(OS)"!="WNT"
-
-.IF "$(GUI)"=="UNX"
-
-.IF "$(COM)"=="C52" && "$(CPU)"=="U"
-xmlsec_CFLAGS+=-m64
-.ENDIF
-
-.IF "$(SYSBASE)"!=""
-xmlsec_CFLAGS+=-I$(SYSBASE)/usr/include
-.IF "$(COMNAME)"=="sunpro5"
-xmlsec_CFLAGS+=$(C_RESTRICTIONFLAGS)
-.ENDIF # "$(COMNAME)"=="sunpro5"
-.IF "$(EXTRA_CFLAGS)"!=""
-xmlsec_CFLAGS+=$(EXTRA_CFLAGS)
-xmlsec_CPPFLAGS+=$(EXTRA_CFLAGS)
-.ENDIF # "$(EXTRA_CFLAGS)"!=""
-xmlsec_LDFLAGS+=-L$(SYSBASE)/usr/lib
-.ELIF "$(OS)"=="MACOSX" # "$(SYSBASE)"!=""
-xmlsec_CPPFLAGS+=$(EXTRA_CDEFS)
-.ENDIF
-
-.IF "$(OS)$(COM)"=="LINUXGCC" || "$(OS)$(COM)"=="FREEBSDGCC"
-xmlsec_LDFLAGS+=-Wl,-z,origin -Wl,-rpath,'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib'
-.ENDIF # "$(OS)$(COM)"=="LINUXGCC" || "$(OS)$(COM)"=="FREEBSDGCC"
-.IF "$(OS)$(COM)"=="SOLARISC52"
-xmlsec_LDFLAGS+=-Wl,-R'$$$$ORIGIN:$$$$ORIGIN/../ure-link/lib'
-.ENDIF # "$(OS)$(COM)"=="SOLARISC52"
-
-LDFLAGS:=$(xmlsec_LDFLAGS)
-.EXPORT: LDFLAGS
-
-.ENDIF
-CONFIGURE_DIR=
-CONFIGURE_ACTION=autoreconf; ./configure ADDCFLAGS="$(xmlsec_CFLAGS)" CPPFLAGS="$(xmlsec_CPPFLAGS)"
-
-.IF "$(OS)" == "MACOSX"
-.IF "$(ACLOCAL)" == ""
-ACLOCAL=aclocal
-.ENDIF
-CONFIGURE_ACTION:=ACLOCAL="$(ACLOCAL) -I $(SRCDIR)/m4/mac" $(CONFIGURE_ACTION)
-.ENDIF
-
-CONFIGURE_FLAGS=--with-pic --disable-shared --disable-crypto-dl --with-libxslt=no --with-gnutls=no LIBXML2LIB="$(LIBXML2LIB)"
-
-.IF "$(CROSS_COMPILING)"=="YES"
-CONFIGURE_FLAGS+= --build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)
-.ENDIF
-
-.IF "$(OS)" == "ANDROID"
-CONFIGURE_FLAGS+=--with-openssl=$(SOLARVER)/$(INPATH)
-.ELSE
-CONFIGURE_FLAGS+=--with-openssl=no
-.ENDIF
-
-.IF "$(OS)" == "MACOSX"
-CONFIGURE_FLAGS += \
- --prefix=/@.__________________________________________________$(EXTRPATH)
-.END
-
-# system-mozilla needs pkgconfig to get the information about nss
-# FIXME: This also will enable pkg-config usage for libxml2. It *seems*
-# that the internal headers still are used when they are there but....
-# (and that pkg-config is allowed to fail...)
-# I have no real good idea how to get mozilla (nss) pkg-config'ed and libxml2
-# not... We need mozilla-nss pkg-config'ed since we can *not* just use
-# --with-nss or parse -pkg-config --libs / cflags mozilla-nss since
-# the lib may a) be in /usr/lib (Debian) and be not in $with_nss/include
-# $with_nss/lib.
-.IF "$(SYSTEM_NSS)" != "YES" || "$(OS)" == "MACOSX"
-CONFIGURE_FLAGS+=--enable-pkgconfig=no
-.ENDIF
-BUILD_ACTION=$(GNUMAKE) -j$(EXTMAXPROCESS)
-BUILD_DIR=$(CONFIGURE_DIR)
-.ENDIF
-
-
-OUTDIR2INC=include/xmlsec
-
-.IF "$(OS)"=="WNT"
-.IF "$(COM)"=="GCC"
-OUT2LIB+=src/.libs/libxmlsec1.dll.a src/nss/.libs/libxmlsec1-nss.dll.a
-OUT2BIN+=src/.libs/libxmlsec1.dll src/nss/.libs/libxmlsec1-nss.dll
-.IF "$(CROSS_COMPILING)" != "YES"
-OUT2LIB+=src/mscrypto/.libs/libxmlsec1-mscrypto.dll.a
-OUT2BIN+=src/mscrypto/.libs/libxmlsec1-mscrypto.dll
-.ENDIF
-.ELSE
-OUT2LIB+=win32/binaries/*.lib
-OUT2BIN+=win32/binaries/*.dll
-.ENDIF
-.ELIF "$(OS)" == "ANDROID"
-OUT2LIB+=src/.libs/libxmlsec1.a src/openssl/.libs/libxmlsec1-openssl.a
-.ELSE
-OUT2LIB+=src/.libs/libxmlsec1.a src/nss/.libs/libxmlsec1-nss.a
-.ENDIF
-
-# --- Targets ------------------------------------------------------
-
-.INCLUDE : set_ext.mk
-.INCLUDE : target.mk
-.INCLUDE : tg_ext.mk
-
-
diff --git a/libxmlsec/prj/d.lst b/libxmlsec/prj/d.lst
index 21896b5..e69de29 100644
--- a/libxmlsec/prj/d.lst
+++ b/libxmlsec/prj/d.lst
@@ -1,9 +0,0 @@
-mkdir: %_DEST%\inc\external\xmlsec
-mkdir: %_DEST%\inc\external\xmlsec\nss
-mkdir: %_DEST%\inc\external\xmlsec\mscrypto
-..\%__SRC%\inc\xmlsec\*.h %_DEST%\inc\external\xmlsec\*.h
-..\%__SRC%\inc\xmlsec\nss\*.h %_DEST%\inc\external\xmlsec\nss\*.h
-..\%__SRC%\inc\xmlsec\mscrypto\*.h %_DEST%\inc\external\xmlsec\mscrypto\*.h
-..\%__SRC%\lib\lib*.a %_DEST%\lib
-..\%__SRC%\lib\*.lib %_DEST%\lib
-..\%__SRC%\bin\*.dll %_DEST%\bin
diff --git a/libxmlsec/prj/dmake b/libxmlsec/prj/dmake
deleted file mode 100644
index e69de29..0000000
diff --git a/libxmlsec/src/akmngr_mscrypto.c b/libxmlsec/src/akmngr_mscrypto.c
new file mode 100644
index 0000000..af9eef4
--- /dev/null
+++ b/libxmlsec/src/akmngr_mscrypto.c
@@ -0,0 +1,237 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright.........................
+ */
+#include "globals.h"
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/keysstore.h>
+#include <xmlsec/mscrypto/akmngr.h>
+#include <xmlsec/mscrypto/x509.h>
+
+/**
+ * xmlSecMSCryptoAppliedKeysMngrCreate:
+ * @hKeyStore: the pointer to key store.
+ * @hCertStore: the pointer to certificate database.
+ *
+ * Create and load key store and certificate database into keys manager
+ *
+ * Returns keys manager pointer on success or NULL otherwise.
+ */
+xmlSecKeysMngrPtr
+xmlSecMSCryptoAppliedKeysMngrCreate(
+ HCERTSTORE hKeyStore ,
+ HCERTSTORE hCertStore
+) {
+ xmlSecKeyDataStorePtr certStore = NULL ;
+ xmlSecKeysMngrPtr keyMngr = NULL ;
+ xmlSecKeyStorePtr keyStore = NULL ;
+
+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyStoreCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return NULL ;
+ }
+
+ /*-
+ * At present, MS Crypto engine do not provide a way to setup a key store.
+ */
+ if( keyStore != NULL ) {
+ /*TODO: binding key store.*/
+ }
+
+ keyMngr = xmlSecKeysMngrCreate() ;
+ if( keyMngr == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Add key store to manager, from now on keys manager destroys the store if
+ * needed
+ */
+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Initialize crypto library specific data in keys manager
+ */
+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecMSCryptoKeysMngrInit" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Set certificate databse to X509 key data store
+ */
+ /*-
+ * At present, MS Crypto engine do not provide a way to setup a cert store.
+ */
+
+ /*-
+ * Set the getKey callback
+ */
+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
+
+ return keyMngr ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY symKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY pubKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY priKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE keyStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( keyStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE trustedStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE untrustedStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+
diff --git a/libxmlsec/src/akmngr_nss.c b/libxmlsec/src/akmngr_nss.c
new file mode 100644
index 0000000..0eddf86
--- /dev/null
+++ b/libxmlsec/src/akmngr_nss.c
@@ -0,0 +1,384 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright.........................
+ */
+#include "globals.h"
+
+#include <nspr.h>
+#include <nss.h>
+#include <pk11func.h>
+#include <cert.h>
+#include <keyhi.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/tokens.h>
+#include <xmlsec/nss/akmngr.h>
+#include <xmlsec/nss/pkikeys.h>
+#include <xmlsec/nss/ciphers.h>
+#include <xmlsec/nss/keysstore.h>
+
+/**
+ * xmlSecNssAppliedKeysMngrCreate:
+ * @slot: array of pointers to NSS PKCS#11 slot information.
+ * @cSlots: number of slots in the array
+ * @handler: the pointer to NSS certificate database.
+ *
+ * Create and load NSS crypto slot and certificate database into keys manager
+ *
+ * Returns keys manager pointer on success or NULL otherwise.
+ */
+xmlSecKeysMngrPtr
+xmlSecNssAppliedKeysMngrCreate(
+ PK11SlotInfo** slots,
+ int cSlots,
+ CERTCertDBHandle* handler
+) {
+ xmlSecKeyDataStorePtr certStore = NULL ;
+ xmlSecKeysMngrPtr keyMngr = NULL ;
+ xmlSecKeyStorePtr keyStore = NULL ;
+ int islot = 0;
+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyStoreCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return NULL ;
+ }
+
+ for (islot = 0; islot < cSlots; islot++)
+ {
+ xmlSecNssKeySlotPtr keySlot ;
+
+ /* Create a key slot */
+ keySlot = xmlSecNssKeySlotCreate() ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeySlotCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /* Set slot */
+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeySlotSetSlot" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return NULL ;
+ }
+
+ /* Adopt keySlot */
+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeysStoreAdoptKeySlot" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return NULL ;
+ }
+ }
+
+ keyMngr = xmlSecKeysMngrCreate() ;
+ if( keyMngr == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Add key store to manager, from now on keys manager destroys the store if
+ * needed
+ */
+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Initialize crypto library specific data in keys manager
+ */
+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Set certificate databse to X509 key data store
+ */
+ /**
+ * Because Tej's implementation of certDB use the default DB, so I ignore
+ * the certDB handler at present. I'll modify the cert store sources to
+ * accept particular certDB instead of default ones.
+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
+ if( certStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+ */
+
+ /*-
+ * Set the getKey callback
+ */
+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
+
+ return keyMngr ;
+}
+
+int
+xmlSecNssAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ PK11SymKey* symKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( symKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
+int
+xmlSecNssAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPublicKey* pubKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( pubKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssPKIAdoptKey" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
+int
+xmlSecNssAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPrivateKey* priKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( priKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssPKIAdoptKey" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
diff --git a/libxmlsec/src/keywrapers.c b/libxmlsec/src/keywrapers.c
new file mode 100644
index 0000000..6066724
--- /dev/null
+++ b/libxmlsec/src/keywrapers.c
@@ -0,0 +1,1213 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright .................................
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+#include <hasht.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/ciphers.h>
+
+#define XMLSEC_NSS_AES128_KEY_SIZE 16
+#define XMLSEC_NSS_AES192_KEY_SIZE 24
+#define XMLSEC_NSS_AES256_KEY_SIZE 32
+#define XMLSEC_NSS_DES3_KEY_SIZE 24
+#define XMLSEC_NSS_DES3_KEY_LENGTH 24
+#define XMLSEC_NSS_DES3_IV_LENGTH 8
+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
+
+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
+};
+
+/*********************************************************************
+ *
+ * key wrap transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
+
+#define xmlSecNssKeyWrapSize \
+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
+
+#define xmlSecNssKeyWrapGetCtx( transform ) \
+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+
+struct _xmlSecNssKeyWrapCtx {
+ CK_MECHANISM_TYPE cipher ;
+ PK11SymKey* symkey ;
+ xmlSecKeyDataId keyId ;
+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
+} ;
+
+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
+
+static int
+xmlSecNssKeyWrapCheckId(
+ xmlSecTransformPtr transform
+) {
+ #ifndef XMLSEC_NO_DES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+ return(1);
+ }
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
+
+ return(1);
+ }
+ #endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static xmlSecSize
+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+ return(XMLSEC_NSS_DES3_KEY_SIZE);
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
+ return(XMLSEC_NSS_AES128_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
+ return(XMLSEC_NSS_AES192_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ return(XMLSEC_NSS_AES256_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ return(XMLSEC_NSS_AES256_KEY_SIZE);
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1)
+ return(0);
+}
+
+
+static int
+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyWrapCtxPtr context ;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ #ifndef XMLSEC_NO_DES
+ if( transform->id == xmlSecNssTransformKWDes3Id ) {
+ context->cipher = CKM_DES3_CBC ;
+ context->keyId = xmlSecNssKeyDataDesId ;
+ } else
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( transform->id == xmlSecNssTransformKWAes128Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( transform->id == xmlSecNssTransformKWAes192Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( transform->id == xmlSecNssTransformKWAes256Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ #endif /* XMLSEC_NO_AES */
+
+
+ if( 1 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->symkey = NULL ;
+ context->material = NULL ;
+
+ return(0);
+}
+
+static void
+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyWrapCtxPtr context ;
+
+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert( context != NULL ) ;
+
+ if( context->symkey != NULL ) {
+ PK11_FreeSymKey( context->symkey ) ;
+ context->symkey = NULL ;
+ }
+
+ if( context->material != NULL ) {
+ xmlSecBufferDestroy(context->material);
+ context->material = NULL ;
+ }
+}
+
+static int
+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKeyWrapCtxPtr context ;
+ xmlSecSize cipherSize = 0 ;
+
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ keyReq->keyId = context->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKeyWrapCtxPtr context = NULL ;
+ xmlSecKeyDataPtr keyData = NULL ;
+ PK11SymKey* symkey = NULL ;
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+
+ keyData = xmlSecKeyGetValue( key ) ;
+ if( keyData == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+ "xmlSecKeyGetValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssSymKeyDataGetKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->symkey = symkey ;
+
+ return(0) ;
+}
+
+/**
+ * key wrap transform
+ */
+static int
+xmlSecNssKeyWrapCtxInit(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecSize blockSize ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ if( ctx->material != NULL ) {
+ xmlSecBufferDestroy( ctx->material ) ;
+ ctx->material = NULL ;
+ }
+
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ ctx->material = xmlSecBufferCreate( blockSize ) ;
+ if( ctx->material == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* read raw key material into context */
+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetData" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * key wrap transform update
+ */
+static int
+xmlSecNssKeyWrapCtxUpdate(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
+ xmlSecSize s;
+ xmlSecSize i;
+ xmlSecByte c;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ s = size / 2;
+ --size;
+ for(i = 0; i < s; ++i) {
+ c = buf[i];
+ buf[i] = buf[size - i];
+ buf[size - i] = c;
+ }
+ return(0);
+}
+
+static xmlSecByte *
+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize)
+{
+ PK11Context *context = NULL;
+ SECStatus s;
+ xmlSecByte *digest = NULL;
+ unsigned int len;
+
+ xmlSecAssert2(in != NULL, NULL);
+ xmlSecAssert2(out != NULL, NULL);
+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
+
+ /* Create a context for hashing (digesting) */
+ context = PK11_CreateDigestContext(SEC_OID_SHA1);
+ if (context == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestBegin(context);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestOp(context, in, inSize);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestFinal(context, out, &len, outSize);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+ xmlSecAssert2(len == SHA1_LENGTH, NULL);
+
+ digest = out;
+
+done:
+ if (context != NULL) {
+ PK11_DestroyContext(context, PR_TRUE);
+ }
+ return (digest);
+}
+
+static int
+xmlSecNssKWDes3Encrypt(
+ PK11SymKey* symKey ,
+ CK_MECHANISM_TYPE cipherMech ,
+ const xmlSecByte* iv ,
+ xmlSecSize ivSize ,
+ const xmlSecByte* in ,
+ xmlSecSize inSize ,
+ xmlSecByte* out ,
+ xmlSecSize outSize ,
+ int enc
+) {
+ PK11Context* EncContext = NULL;
+ SECItem ivItem ;
+ SECItem* secParam = NULL ;
+ int tmp1_outlen;
+ unsigned int tmp2_outlen;
+ int result_len = -1;
+ SECStatus rv;
+
+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( symKey != NULL , -1 ) ;
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Prepare IV */
+ ivItem.data = ( unsigned char* )iv ;
+ ivItem.len = ivSize ;
+
+ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
+ if (secParam == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ EncContext = PK11_CreateContextBySymKey(cipherMech,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
+ symKey, secParam);
+ if (EncContext == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ tmp1_outlen = tmp2_outlen = 0;
+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
+ (unsigned char *)in, inSize);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
+ &tmp2_outlen, outSize-tmp1_outlen);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ result_len = tmp1_outlen + tmp2_outlen;
+
+done:
+ if (secParam) {
+ SECITEM_FreeItem(secParam, PR_TRUE);
+ }
+ if (EncContext) {
+ PK11_DestroyContext(EncContext, PR_TRUE);
+ }
+
+ return(result_len);
+}
+
+static int
+xmlSecNssKeyWrapDesOp(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ int encrypt ,
+ xmlSecBufferPtr result
+) {
+ xmlSecByte sha1[SHA1_LENGTH];
+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
+ xmlSecByte* in;
+ xmlSecSize inSize;
+ xmlSecByte* out;
+ xmlSecSize outSize;
+ xmlSecSize s;
+ int ret;
+ SECStatus status;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( result != NULL , -1 ) ;
+
+ in = xmlSecBufferGetData(ctx->material);
+ inSize = xmlSecBufferGetSize(ctx->material) ;
+ out = xmlSecBufferGetData(result);
+ outSize = xmlSecBufferGetMaxSize(result) ;
+ if( encrypt ) {
+ /* step 2: calculate sha1 and CMS */
+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssComputeSHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 3: construct WKCKS */
+ memcpy(out, in, inSize);
+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
+
+ /* step 4: generate random iv */
+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ return(-1);
+ }
+
+ /* step 5: first encryption, result is TEMP1 */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
+ out, outSize, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 6: construct TEMP2=IV || TEMP1 */
+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
+ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
+
+ /* step 7: reverse octets order, result is TEMP3 */
+ ret = xmlSecNssKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 8: second encryption with static IV */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ out, s,
+ out, outSize, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret;
+
+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ /* step 2: first decryption with static IV, result is TEMP3 */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize, 0);
+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret;
+
+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
+ ret = xmlSecNssKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ out, XMLSEC_NSS_DES3_IV_LENGTH,
+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
+ out, outSize, 0);
+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
+
+ /* steps 6 and 7: calculate SHA1 and validate it */
+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssComputeSHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "SHA1 does not match");
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapAesOp(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ int encrypt ,
+ xmlSecBufferPtr result
+) {
+ PK11Context* cipherCtx = NULL;
+ SECItem ivItem ;
+ SECItem* secParam = NULL ;
+ xmlSecSize inSize ;
+ xmlSecSize inBlocks ;
+ int blockSize ;
+ int midSize ;
+ int finSize ;
+ xmlSecByte* out ;
+ xmlSecSize outSize;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( result != NULL , -1 ) ;
+
+ /* Do not set any IV */
+ memset(&ivItem, 0, sizeof(ivItem));
+
+ /* Get block size */
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inSize = xmlSecBufferGetSize( ctx->material ) ;
+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetMaxSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Get Param for context initialization */
+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ParamFromIV" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
+ if( cipherCtx == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_CreateContextBySymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
+ return(-1);
+ }
+
+ out = xmlSecBufferGetData(result) ;
+ outSize = xmlSecBufferGetMaxSize(result) ;
+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_CipherOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_DigestFinal" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return 0 ;
+}
+
+/**
+ * Block cipher transform final
+ */
+static int
+xmlSecNssKeyWrapCtxFinal(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ PK11SymKey* targetKey ;
+ xmlSecSize blockSize ;
+ xmlSecBufferPtr result ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Now we get all of the key materail */
+ /* from now on we will wrap or unwrap the key */
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ result = xmlSecBufferCreate( blockSize ) ;
+ if( result == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ switch( ctx->cipher ) {
+ case CKM_DES3_CBC :
+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssKeyWrapDesOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ break ;
+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
+ case CKM_AES_CBC :
+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssKeyWrapAesOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ break ;
+ }
+
+ /* Write output */
+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ xmlSecBufferDestroy(result);
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssKeyWrapCtxPtr context = NULL ;
+ xmlSecBufferPtr inBuf, outBuf ;
+ int operation ;
+ int rtv ;
+
+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inBuf = &( transform->inBuf ) ;
+ outBuf = &( transform->outBuf ) ;
+
+ if( transform->status == xmlSecTransformStatusNone ) {
+ transform->status = xmlSecTransformStatusWorking ;
+ }
+
+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+ if( transform->status == xmlSecTransformStatusWorking ) {
+ if( context->material == NULL ) {
+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxInit" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( context->material == NULL && last != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "No enough data to intialize transform" ) ;
+ return(-1);
+ }
+
+ if( context->material != NULL ) {
+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxUpdate" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( last ) {
+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxFinal" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished ;
+ }
+ } else if( transform->status == xmlSecTransformStatusFinished ) {
+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+ } else {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWAes128GetKlass:
+ *
+ * The AES-128 key wrapper transform klass.
+ *
+ * Returns AES-128 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes128GetKlass(void) {
+ return(&xmlSecNssKWAes128Klass);
+}
+
+/**
+ * xmlSecNssTransformKWAes192GetKlass:
+ *
+ * The AES-192 key wrapper transform klass.
+ *
+ * Returns AES-192 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes192GetKlass(void) {
+ return(&xmlSecNssKWAes192Klass);
+}
+
+/**
+ *
+ * The AES-256 key wrapper transform klass.
+ *
+ * Returns AES-256 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes256GetKlass(void) {
+ return(&xmlSecNssKWAes256Klass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+
+#ifndef XMLSEC_NO_DES
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWDes3GetKlass(void) {
+ return(&xmlSecNssKWDes3Klass);
+}
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/libxmlsec/src/tokens.c b/libxmlsec/src/tokens.c
new file mode 100644
index 0000000..8f2a4f8
--- /dev/null
+++ b/libxmlsec/src/tokens.c
@@ -0,0 +1,548 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright..................................
+ *
+ * Contributor(s): _____________________________
+ *
+ */
+
+/**
+ * In order to ensure that particular crypto operation is performed on
+ * particular crypto device, a subclass of xmlSecList is used to store slot and
+ * mechanism information.
+ *
+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
+ * this mechanism only can perform on the slot; otherwise, it can perform on
+ * every eligibl slot in the list.
+ *
+ * When try to find a slot for a particular mechanism, the slot bound with
+ * avaliable mechanism will be looked up firstly.
+ */
+#include "globals.h"
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/list.h>
+
+#include <xmlsec/nss/tokens.h>
+
+int
+xmlSecNssKeySlotSetMechList(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE_PTR mechanismList
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( keySlot->mechanismList != CK_NULL_PTR ) {
+ xmlFree( keySlot->mechanismList ) ;
+
+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( keySlot->mechanismList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ for( ; counter >= 0 ; counter -- )
+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
+ }
+
+ return( 0 );
+}
+
+int
+xmlSecNssKeySlotEnableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) {
+ int counter ;
+ CK_MECHANISM_TYPE_PTR newList ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( mechanism != CKM_INVALID_MECHANISM ) {
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( newList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
+ *( newList + counter ) = mechanism ;
+ for( counter -= 1 ; counter >= 0 ; counter -- )
+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
+
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = newList ;
+ }
+
+ return(0);
+}
+
+int
+xmlSecNssKeySlotDisableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ if( *( keySlot->mechanismList + counter ) == mechanism ) {
+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
+ }
+
+ break ;
+ }
+ }
+
+ return(0);
+}
+
+CK_MECHANISM_TYPE_PTR
+xmlSecNssKeySlotGetMechList(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ if( keySlot != NULL )
+ return keySlot->mechanismList ;
+ else
+ return NULL ;
+}
+
+int
+xmlSecNssKeySlotSetSlot(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) {
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( slot != NULL && keySlot->slot != slot ) {
+ if( keySlot->slot != NULL )
+ PK11_FreeSlot( keySlot->slot ) ;
+
+ if( keySlot->mechanismList != NULL ) {
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = NULL ;
+ }
+
+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ return(0);
+}
+
+int
+xmlSecNssKeySlotInitialize(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) {
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
+
+ if( slot != NULL ) {
+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ return(0);
+}
+
+void
+xmlSecNssKeySlotFinalize(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+
+ if( keySlot->mechanismList != NULL ) {
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = NULL ;
+ }
+
+ if( keySlot->slot != NULL ) {
+ PK11_FreeSlot( keySlot->slot ) ;
+ keySlot->slot = NULL ;
+ }
+
+}
+
+PK11SlotInfo*
+xmlSecNssKeySlotGetSlot(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ if( keySlot != NULL )
+ return keySlot->slot ;
+ else
+ return NULL ;
+}
+
+xmlSecNssKeySlotPtr
+xmlSecNssKeySlotCreate() {
+ xmlSecNssKeySlotPtr keySlot ;
+
+ /* Allocates a new xmlSecNssKeySlot and fill the fields */
+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
+
+ return( keySlot ) ;
+}
+
+int
+xmlSecNssKeySlotCopy(
+ xmlSecNssKeySlotPtr newKeySlot ,
+ xmlSecNssKeySlotPtr keySlot
+) {
+ CK_MECHANISM_TYPE_PTR mech ;
+ int counter ;
+
+ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
+ if( newKeySlot->slot != NULL )
+ PK11_FreeSlot( newKeySlot->slot ) ;
+
+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
+ }
+
+ if( keySlot->mechanismList != CK_NULL_PTR ) {
+ xmlFree( newKeySlot->mechanismList ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( newKeySlot->mechanismList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ for( ; counter >= 0 ; counter -- )
+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
+ }
+
+ return( 0 );
+}
+
+xmlSecNssKeySlotPtr
+xmlSecNssKeySlotDuplicate(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecNssKeySlotPtr newKeySlot ;
+ int ret ;
+
+ xmlSecAssert2( keySlot != NULL , NULL ) ;
+
+ newKeySlot = xmlSecNssKeySlotCreate() ;
+ if( newKeySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+
+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+
+ return( newKeySlot );
+}
+
+void
+xmlSecNssKeySlotDestroy(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+
+ if( keySlot->mechanismList != NULL )
+ xmlFree( keySlot->mechanismList ) ;
+
+ if( keySlot->slot != NULL )
+ PK11_FreeSlot( keySlot->slot ) ;
+
+ xmlFree( keySlot ) ;
+}
+
+int
+xmlSecNssKeySlotBindMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , 0 ) ;
+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ if( *( keySlot->mechanismList + counter ) == type )
+ return(1) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
... etc. - the rest is truncated
More information about the Libreoffice-commits
mailing list