[xmlsec] added support for GOST implementation
- From: Aleksey Sanin <aleksey src gnome org>
- To: svn-commits-list gnome org
- Subject: [xmlsec] added support for GOST implementation
- Date: Mon, 22 Jun 2009 12:54:10 -0400 (EDT)
commit 167d7d3e77ce23fbddb3461226784e5f33b0edc6
Author: Aleksey Sanin <aleksey aleksey com>
Date: Tue Jun 16 10:18:44 2009 -0700
added support for GOST implementation
ChangeLog | 4 ++++
docs/index.html | 2 ++
docs/news.html | 2 ++
src/mscrypto/certkeys.c | 38 ++++++++++++++++++++++++++++++++------
src/mscrypto/csp_calg.h | 3 ++-
src/mscrypto/digests.c | 3 ++-
src/strings.c | 4 ++--
src/transforms.c | 1 -
8 files changed, 46 insertions(+), 11 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 1377f92..97c4a17 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@
include/xmlsec/version.h: preparation for new 1.2.12 release
2009-06-15 Aleksey Sanin <aleksey aleksey com>
+ * added support for the GOST implemented by Russian Crypto Pro CSP
+ (patch from Dennis Prochko)
+
+2009-06-15 Aleksey Sanin <aleksey aleksey com>
* fixed HMAC vuln with small values of HMAC length
2009-06-13 Aleksey Sanin <aleksey aleksey com>
diff --git a/docs/index.html b/docs/index.html
index 953ac5d..7274dae 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -77,6 +77,8 @@
includes the following changes (see ChangeLog for the complete list of changes):
<ul>
<li>Fixed HMAC vulnerability with small values of HMAC length.</li>
+ <li>Added support for the GOST implemented by Russian Crypto Pro CSP
+ (patch from Dennis Prochko)</li>
<li>Added an option to return the replaced (based on the patch from Frank Gross)</li>
<li>Added new function xmlSecNodeEncodeAndSetContent for encoding
special chars in the node content.</li>
diff --git a/docs/news.html b/docs/news.html
index 5c77903..9e76766 100644
--- a/docs/news.html
+++ b/docs/news.html
@@ -52,6 +52,8 @@
includes the following changes (see ChangeLog for the complete list of changes):
<ul>
<li>Fixed HMAC vulnerability with small values of HMAC length.</li>
+ <li>Added support for the GOST implemented by Russian Crypto Pro CSP
+ (patch from Dennis Prochko)</li>
<li>Added an option to return the replaced (based on the patch from Frank Gross)</li>
<li>Added new function xmlSecNodeEncodeAndSetContent for encoding
special chars in the node content.</li>
diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c
index 7aa153b..6ca9980 100644
--- a/src/mscrypto/certkeys.c
+++ b/src/mscrypto/certkeys.c
@@ -13,6 +13,7 @@
#include <windows.h>
#include <wincrypt.h>
+
#ifndef XMLSEC_NO_GOST
#include "csp_oid.h"
#include "csp_calg.h"
@@ -34,6 +35,13 @@
# include "xmlsec-mingw.h"
#endif
+// GOST CSP don't support keys duplicating, so we use NT4 analogs for these...
+#ifndef XMLSEC_NO_GOST
+#ifndef XMLSEC_MSCRYPTO_NT4
+#define XMLSEC_MSCRYPTO_NT4
+#endif
+#endif
+
#define XMLSEC_CONTAINER_NAME "xmlsec-key-container"
/**************************************************************************
@@ -828,7 +836,9 @@ xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) {
#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_GOST
- if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) || !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001)) {
+ if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) ||
+ !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001) ||
+ !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) {
data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -2490,8 +2500,8 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2001Klass = {
xmlSecNameGOST2001KeyValue,
xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
/* xmlSecKeyDataUsage usage; */
- /*xmlSecHrefGOST2001KeyValue*/NULL, /* const xmlChar* href; */
- /*xmlSecNodeGOST2001KeyValue*/NULL, /* const xmlChar* dataNodeName; */
+ xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */
+ xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */
xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
/* constructors/destructor */
@@ -2536,6 +2546,7 @@ xmlSecMSCryptoKeyDataGost2001GetKlass(void) {
static int
xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
+ HCRYPTPROV tmp_ctx = 0;
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), xmlSecKeyDataTypeUnknown);
@@ -2544,9 +2555,24 @@ xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) {
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
- ctx->providerName = "MagPro CSP";
- ctx->providerType = PROV_MAGPRO_GOST;
-
+ /* GOST Algorithm is provided by several CSP's, so we try to find any installed */
+ if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+ ctx->providerName = "MagPro CSP";
+ ctx->providerType = PROV_MAGPRO_GOST;
+ } else {
+ if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_CRYPTOPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
+ ctx->providerName = "CryptoPro CSP";
+ ctx->providerType = PROV_CRYPTOPRO_GOST;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataGost2001Initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return -1;
+ }
+ }
+ CryptReleaseContext(tmp_ctx, 0);
return(0);
}
diff --git a/src/mscrypto/csp_calg.h b/src/mscrypto/csp_calg.h
index 1704975..139b722 100755
--- a/src/mscrypto/csp_calg.h
+++ b/src/mscrypto/csp_calg.h
@@ -73,9 +73,10 @@
* @{
*/
-
#define PROV_MAGPRO_GOST 501
+#define PROV_CRYPTOPRO_GOST 75
+
/*! @} */
/*! \defgroup PP_MAGPRO PP_MAGPRO
*
diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c
index 5f9a7d6..1a0b0c9 100644
--- a/src/mscrypto/digests.c
+++ b/src/mscrypto/digests.c
@@ -101,6 +101,7 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
/* TODO: Check what provider is best suited here.... */
if (!CryptAcquireContext(&ctx->provider, NULL, 0, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT)) {
+ if (!CryptAcquireContext(&ctx->provider, NULL, 0, PROV_CRYPTOPRO_GOST, CRYPT_VERIFYCONTEXT)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
@@ -108,7 +109,7 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+ }
return(0);
} else
#endif /* XMLSEC_NO_GOST*/
diff --git a/src/strings.c b/src/strings.c
index d1d489d..c849d8b 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -289,8 +289,8 @@ const xmlChar xmlSecHrefKWDes3[] = "http://www.w3.org/2001/04/xmlenc#kw-tripled
*
************************************************************************/
const xmlChar xmlSecNameGOST2001KeyValue[] = "gost2001";
-const xmlChar xmlSecNodeGOST2001KeyValue[] = "GOST3410-2001-KeyValue";
-const xmlChar xmlSecHrefGOST2001KeyValue[] = "http://www.w3.org/2000/09/xmldsig#GOST2001KeyValue";;
+const xmlChar xmlSecNodeGOST2001KeyValue[] = "gostr34102001-gostr3411";
+const xmlChar xmlSecHrefGOST2001KeyValue[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";;
const xmlChar xmlSecNameGost2001GostR3411_94[] = "gostr34102001-gostr3411";
const xmlChar xmlSecHrefGost2001GostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";;
diff --git a/src/transforms.c b/src/transforms.c
index 3505018..3933f6c 100644
--- a/src/transforms.c
+++ b/src/transforms.c
@@ -2521,7 +2521,6 @@ xmlSecTransformIdListFindByHref(xmlSecPtrListPtr list, const xmlChar* href,
if(((usage & transformId->usage) != 0) && (transformId->href != NULL) &&
xmlStrEqual(href, transformId->href)) {
-
return(transformId);
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
