[xmlsec] separate gnutls and gcrypt
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] separate gnutls and gcrypt
- Date: Tue, 11 May 2010 04:53:10 +0000 (UTC)
commit cd22c7608c62c03a1a00165ada8ff38e6868cae5
Author: Aleksey Sanin <aleksey aleksey com>
Date: Mon May 10 00:35:54 2010 -0700
separate gnutls and gcrypt
docs/api/sgml/gcrypt/app.sgml | 429 ++++++
docs/api/sgml/gcrypt/crypto.sgml | 589 ++++++++
docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom | 2 +
docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top | 2 +
docs/api/tmpl/gcrypt/app.sgml | 184 +++
docs/api/tmpl/gcrypt/crypto.sgml | 396 +++++
docs/api/xmlsec-gcrypt.sgml | 15 +
include/xmlsec/gcrypt/Makefile.am | 13 +
include/xmlsec/gcrypt/app.h | 96 ++
include/xmlsec/gcrypt/crypto.h | 460 ++++++
include/xmlsec/gcrypt/symbols.h | 104 ++
src/gcrypt/Makefile.am | 51 +
src/gcrypt/README | 9 +
src/gcrypt/app.c | 509 +++++++
src/gcrypt/asymkeys.c | 1922 ++++++++++++++++++++++++
src/gcrypt/ciphers.c | 853 +++++++++++
src/gcrypt/crypto.c | 330 ++++
src/gcrypt/digests.c | 616 ++++++++
src/gcrypt/globals.h | 24 +
src/gcrypt/hmac.c | 824 ++++++++++
src/gcrypt/kw_aes.c | 594 ++++++++
src/gcrypt/kw_des.c | 610 ++++++++
src/gcrypt/symkeys.c | 440 ++++++
xmlsec-gcrypt.pc.in | 11 +
24 files changed, 9083 insertions(+), 0 deletions(-)
---
diff --git a/docs/api/sgml/gcrypt/app.sgml b/docs/api/sgml/gcrypt/app.sgml
new file mode 100644
index 0000000..9596be6
--- /dev/null
+++ b/docs/api/sgml/gcrypt/app.sgml
@@ -0,0 +1,429 @@
+<refentry id="xmlsec-gnutls-app">
+<refmeta>
+<refentrytitle role="top_of_page" id="xmlsec-gnutls-app.top_of_page">app</refentrytitle>
+<manvolnum>3</manvolnum>
+<refmiscinfo>XMLSEC-GNUTLS Library</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+<refname>app</refname>
+<refpurpose>Application functions implementation for GnuTLS.</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv id="xmlsec-gnutls-app.synopsis" role="synopsis">
+<title role="synopsis.title">Synopsis</title>
+
+<synopsis>
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppInit">xmlSecGnuTLSAppInit</link> (const <link linkend="char">char</link> *config);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppShutdown">xmlSecGnuTLSAppShutdown</link> (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppDefaultKeysMngrInit">xmlSecGnuTLSAppDefaultKeysMngrInit</link> (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey">xmlSecGnuTLSAppDefaultKeysMngrAdoptKey</link>
+ (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ <link linkend="xmlSecKey">xmlSecKeyPtr</link> key);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppDefaultKeysMngrLoad">xmlSecGnuTLSAppDefaultKeysMngrLoad</link> (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="char">char</link> *uri);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppDefaultKeysMngrSave">xmlSecGnuTLSAppDefaultKeysMngrSave</link> (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppKeysMngrCertLoad">xmlSecGnuTLSAppKeysMngrCertLoad</link> (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppKeysMngrCertLoadMemory">xmlSecGnuTLSAppKeysMngrCertLoadMemory</link>
+ (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link> <link linkend="xmlSecGnuTLSAppKeyLoad">xmlSecGnuTLSAppKeyLoad</link> (const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link> <link linkend="xmlSecGnuTLSAppKeyLoadMemory">xmlSecGnuTLSAppKeyLoadMemory</link> (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link> <link linkend="xmlSecGnuTLSAppPkcs12Load">xmlSecGnuTLSAppPkcs12Load</link> (const <link linkend="char">char</link> *filename,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="xmlSecKey">xmlSecKeyPtr</link> <link linkend="xmlSecGnuTLSAppPkcs12LoadMemory">xmlSecGnuTLSAppPkcs12LoadMemory</link> (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppKeyCertLoad">xmlSecGnuTLSAppKeyCertLoad</link> (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+ const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSAppKeyCertLoadMemory">xmlSecGnuTLSAppKeyCertLoadMemory</link> (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);
+<link linkend="void">void</link>* <link linkend="xmlSecGnuTLSAppGetDefaultPwdCallback">xmlSecGnuTLSAppGetDefaultPwdCallback</link>
+ (void);
+</synopsis>
+</refsynopsisdiv>
+
+
+
+
+
+
+
+
+
+<refsect1 id="xmlsec-gnutls-app.description" role="desc">
+<title role="desc.title">Description</title>
+<para>
+Application functions implementation for GnuTLS.
+</para>
+</refsect1>
+
+<refsect1 id="xmlsec-gnutls-app.details" role="details">
+<title role="details.title">Details</title>
+<refsect2 id="xmlSecGnuTLSAppInit" role="function">
+<title>xmlSecGnuTLSAppInit ()</title>
+<indexterm zone="xmlSecGnuTLSAppInit"><primary sortas="xmlSecGnuTLSAppInit">xmlSecGnuTLSAppInit</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppInit (const <link linkend="char">char</link> *config);</programlisting>
+<para>
+General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<parameter>xmlSecInit</parameter> function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>config</parameter> :</term>
+<listitem><simpara> the path to GnuTLS configuration (unused).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppShutdown" role="function">
+<title>xmlSecGnuTLSAppShutdown ()</title>
+<indexterm zone="xmlSecGnuTLSAppShutdown"><primary sortas="xmlSecGnuTLSAppShutdown">xmlSecGnuTLSAppShutdown</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppShutdown (void);</programlisting>
+<para>
+General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<parameter>xmlSecShutdown</parameter> function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrInit" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrInit ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrInit"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrInit">xmlSecGnuTLSAppDefaultKeysMngrInit</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppDefaultKeysMngrInit (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);</programlisting>
+<para>
+Initializes <parameter>mngr</parameter> with simple keys store <link linkend="xmlSecSimpleKeysStoreId"><type>xmlSecSimpleKeysStoreId</type></link>
+and a default GnuTLS crypto key data stores.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter> :</term>
+<listitem><simpara> the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrAdoptKey ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey">xmlSecGnuTLSAppDefaultKeysMngrAdoptKey</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppDefaultKeysMngrAdoptKey
+ (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ <link linkend="xmlSecKey">xmlSecKeyPtr</link> key);</programlisting>
+<para>
+Adds <parameter>key</parameter> to the keys manager <parameter>mngr</parameter> created with <link linkend="xmlSecGnuTLSAppDefaultKeysMngrInit"><type>xmlSecGnuTLSAppDefaultKeysMngrInit</type></link>
+function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter> :</term>
+<listitem><simpara> the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>key</parameter> :</term>
+<listitem><simpara> the pointer to key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrLoad" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrLoad"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrLoad">xmlSecGnuTLSAppDefaultKeysMngrLoad</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppDefaultKeysMngrLoad (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="char">char</link> *uri);</programlisting>
+<para>
+Loads XML keys file from <parameter>uri</parameter> to the keys manager <parameter>mngr</parameter> created
+with <link linkend="xmlSecGnuTLSAppDefaultKeysMngrInit"><type>xmlSecGnuTLSAppDefaultKeysMngrInit</type></link> function.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter> :</term>
+<listitem><simpara> the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>uri</parameter> :</term>
+<listitem><simpara> the uri.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppDefaultKeysMngrSave" role="function">
+<title>xmlSecGnuTLSAppDefaultKeysMngrSave ()</title>
+<indexterm zone="xmlSecGnuTLSAppDefaultKeysMngrSave"><primary sortas="xmlSecGnuTLSAppDefaultKeysMngrSave">xmlSecGnuTLSAppDefaultKeysMngrSave</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppDefaultKeysMngrSave (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);</programlisting>
+<para>
+Saves keys from <parameter>mngr</parameter> to XML keys file.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter> :</term>
+<listitem><simpara> the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>filename</parameter> :</term>
+<listitem><simpara> the destination filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>type</parameter> :</term>
+<listitem><simpara> the type of keys to save (public/private/symmetric).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeysMngrCertLoad" role="function">
+<title>xmlSecGnuTLSAppKeysMngrCertLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeysMngrCertLoad"><primary sortas="xmlSecGnuTLSAppKeysMngrCertLoad">xmlSecGnuTLSAppKeysMngrCertLoad</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppKeysMngrCertLoad (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);</programlisting>
+<para>
+Reads cert from <parameter>filename</parameter> and adds to the list of trusted or known
+untrusted certs in <parameter>store</parameter> (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter> :</term>
+<listitem><simpara> the keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>filename</parameter> :</term>
+<listitem><simpara> the certificate file.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter> :</term>
+<listitem><simpara> the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>type</parameter> :</term>
+<listitem><simpara> the flag that indicates is the certificate in <parameter>filename</parameter>
+ trusted or not.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeysMngrCertLoadMemory" role="function">
+<title>xmlSecGnuTLSAppKeysMngrCertLoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeysMngrCertLoadMemory"><primary sortas="xmlSecGnuTLSAppKeysMngrCertLoadMemory">xmlSecGnuTLSAppKeysMngrCertLoadMemory</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppKeysMngrCertLoadMemory
+ (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ <link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link> type);</programlisting>
+<para>
+Reads cert from binary buffer <parameter>data</parameter> and adds to the list of trusted or known
+untrusted certs in <parameter>store</parameter> (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter> :</term>
+<listitem><simpara> the keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>data</parameter> :</term>
+<listitem><simpara> the certificate binary data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter> :</term>
+<listitem><simpara> the certificate binary data size.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter> :</term>
+<listitem><simpara> the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>type</parameter> :</term>
+<listitem><simpara> the flag that indicates is the certificate trusted or not.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyLoad" role="function">
+<title>xmlSecGnuTLSAppKeyLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyLoad"><primary sortas="xmlSecGnuTLSAppKeyLoad">xmlSecGnuTLSAppKeyLoad</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link> xmlSecGnuTLSAppKeyLoad (const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key from the a file (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>filename</parameter> :</term>
+<listitem><simpara> the key filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter> :</term>
+<listitem><simpara> the key file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter> :</term>
+<listitem><simpara> the key file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter> :</term>
+<listitem><simpara> the key password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter> :</term>
+<listitem><simpara> the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyLoadMemory" role="function">
+<title>xmlSecGnuTLSAppKeyLoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyLoadMemory"><primary sortas="xmlSecGnuTLSAppKeyLoadMemory">xmlSecGnuTLSAppKeyLoadMemory</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link> xmlSecGnuTLSAppKeyLoadMemory (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key from the memory buffer (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter> :</term>
+<listitem><simpara> the binary key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter> :</term>
+<listitem><simpara> the size of binary key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter> :</term>
+<listitem><simpara> the key file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter> :</term>
+<listitem><simpara> the key file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter> :</term>
+<listitem><simpara> the key password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter> :</term>
+<listitem><simpara> the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppPkcs12Load" role="function">
+<title>xmlSecGnuTLSAppPkcs12Load ()</title>
+<indexterm zone="xmlSecGnuTLSAppPkcs12Load"><primary sortas="xmlSecGnuTLSAppPkcs12Load">xmlSecGnuTLSAppPkcs12Load</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link> xmlSecGnuTLSAppPkcs12Load (const <link linkend="char">char</link> *filename,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key and all associated certificates from the PKCS12 file
+(not implemented yet).
+For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>filename</parameter> :</term>
+<listitem><simpara> the PKCS12 key filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter> :</term>
+<listitem><simpara> the PKCS12 file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter> :</term>
+<listitem><simpara> the password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter> :</term>
+<listitem><simpara> the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppPkcs12LoadMemory" role="function">
+<title>xmlSecGnuTLSAppPkcs12LoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppPkcs12LoadMemory"><primary sortas="xmlSecGnuTLSAppPkcs12LoadMemory">xmlSecGnuTLSAppPkcs12LoadMemory</primary></indexterm><programlisting><link linkend="xmlSecKey">xmlSecKeyPtr</link> xmlSecGnuTLSAppPkcs12LoadMemory (const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ const <link linkend="char">char</link> *pwd,
+ <link linkend="void">void</link> *pwdCallback,
+ <link linkend="void">void</link> *pwdCallbackCtx);</programlisting>
+<para>
+Reads key and all associated certificates from the PKCS12 data in memory buffer.
+For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter> :</term>
+<listitem><simpara> the PKCS12 binary data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter> :</term>
+<listitem><simpara> the PKCS12 binary data size.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwd</parameter> :</term>
+<listitem><simpara> the PKCS12 file password.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallback</parameter> :</term>
+<listitem><simpara> the password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>pwdCallbackCtx</parameter> :</term>
+<listitem><simpara> the user context for password callback.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to the key or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyCertLoad" role="function">
+<title>xmlSecGnuTLSAppKeyCertLoad ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyCertLoad"><primary sortas="xmlSecGnuTLSAppKeyCertLoad">xmlSecGnuTLSAppKeyCertLoad</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppKeyCertLoad (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+ const <link linkend="char">char</link> *filename,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);</programlisting>
+<para>
+Reads the certificate from $<parameter>filename</parameter> and adds it to key
+(not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>key</parameter> :</term>
+<listitem><simpara> the pointer to key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>filename</parameter> :</term>
+<listitem><simpara> the certificate filename.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter> :</term>
+<listitem><simpara> the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppKeyCertLoadMemory" role="function">
+<title>xmlSecGnuTLSAppKeyCertLoadMemory ()</title>
+<indexterm zone="xmlSecGnuTLSAppKeyCertLoadMemory"><primary sortas="xmlSecGnuTLSAppKeyCertLoadMemory">xmlSecGnuTLSAppKeyCertLoadMemory</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSAppKeyCertLoadMemory (<link linkend="xmlSecKey">xmlSecKeyPtr</link> key,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *data,
+ <link linkend="xmlSecSize">xmlSecSize</link> dataSize,
+ <link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link> format);</programlisting>
+<para>
+Reads the certificate from memory buffer and adds it to key (not implemented yet).</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>key</parameter> :</term>
+<listitem><simpara> the pointer to key.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>data</parameter> :</term>
+<listitem><simpara> the certificate binary data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>dataSize</parameter> :</term>
+<listitem><simpara> the certificate binary data size.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>format</parameter> :</term>
+<listitem><simpara> the certificate file format.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSAppGetDefaultPwdCallback" role="function">
+<title>xmlSecGnuTLSAppGetDefaultPwdCallback ()</title>
+<indexterm zone="xmlSecGnuTLSAppGetDefaultPwdCallback"><primary sortas="xmlSecGnuTLSAppGetDefaultPwdCallback">xmlSecGnuTLSAppGetDefaultPwdCallback</primary></indexterm><programlisting><link linkend="void">void</link>* xmlSecGnuTLSAppGetDefaultPwdCallback
+ (void);</programlisting>
+<para>
+Gets default password callback.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> default password callback.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+
+</refsect1>
+
+
+
+
+</refentry>
diff --git a/docs/api/sgml/gcrypt/crypto.sgml b/docs/api/sgml/gcrypt/crypto.sgml
new file mode 100644
index 0000000..025fac9
--- /dev/null
+++ b/docs/api/sgml/gcrypt/crypto.sgml
@@ -0,0 +1,589 @@
+<refentry id="xmlsec-gnutls-crypto">
+<refmeta>
+<refentrytitle role="top_of_page" id="xmlsec-gnutls-crypto.top_of_page">crypto</refentrytitle>
+<manvolnum>3</manvolnum>
+<refmiscinfo>XMLSEC-GNUTLS Library</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+<refname>crypto</refname>
+<refpurpose>Crypto transforms implementation for GnuTLS.</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv id="xmlsec-gnutls-crypto.synopsis" role="synopsis">
+<title role="synopsis.title">Synopsis</title>
+
+<synopsis>
+<link linkend="xmlSecCryptoDLFunctions">xmlSecCryptoDLFunctionsPtr</link> <link linkend="xmlSecCryptoGetFunctions-gnutls">xmlSecCryptoGetFunctions_gnutls</link>
+ (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSInit">xmlSecGnuTLSInit</link> (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSShutdown">xmlSecGnuTLSShutdown</link> (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSKeysMngrInit">xmlSecGnuTLSKeysMngrInit</link> (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSGenerateRandom">xmlSecGnuTLSGenerateRandom</link> (<link linkend="xmlSecBuffer">xmlSecBufferPtr</link> buffer,
+ <link linkend="xmlSecSize">xmlSecSize</link> size);
+#define <link linkend="xmlSecGnuTLSKeyDataAesId">xmlSecGnuTLSKeyDataAesId</link>
+<link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link> <link linkend="xmlSecGnuTLSKeyDataAesGetKlass">xmlSecGnuTLSKeyDataAesGetKlass</link> (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSKeyDataAesSet">xmlSecGnuTLSKeyDataAesSet</link> (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+ <link linkend="xmlSecSize">xmlSecSize</link> bufSize);
+#define <link linkend="xmlSecGnuTLSTransformAes128CbcId">xmlSecGnuTLSTransformAes128CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformAes128CbcGetKlass">xmlSecGnuTLSTransformAes128CbcGetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformAes192CbcId">xmlSecGnuTLSTransformAes192CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformAes192CbcGetKlass">xmlSecGnuTLSTransformAes192CbcGetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformAes256CbcId">xmlSecGnuTLSTransformAes256CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformAes256CbcGetKlass">xmlSecGnuTLSTransformAes256CbcGetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSKeyDataDesId">xmlSecGnuTLSKeyDataDesId</link>
+<link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link> <link linkend="xmlSecGnuTLSKeyDataDesGetKlass">xmlSecGnuTLSKeyDataDesGetKlass</link> (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSKeyDataDesSet">xmlSecGnuTLSKeyDataDesSet</link> (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+ <link linkend="xmlSecSize">xmlSecSize</link> bufSize);
+#define <link linkend="xmlSecGnuTLSTransformDes3CbcId">xmlSecGnuTLSTransformDes3CbcId</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformDes3CbcGetKlass">xmlSecGnuTLSTransformDes3CbcGetKlass</link>
+ (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSHmacGetMinOutputLength">xmlSecGnuTLSHmacGetMinOutputLength</link> (void);
+<link linkend="void">void</link> <link linkend="xmlSecGnuTLSHmacSetMinOutputLength">xmlSecGnuTLSHmacSetMinOutputLength</link> (<link linkend="int">int</link> min_length);
+#define <link linkend="xmlSecGnuTLSKeyDataHmacId">xmlSecGnuTLSKeyDataHmacId</link>
+<link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link> <link linkend="xmlSecGnuTLSKeyDataHmacGetKlass">xmlSecGnuTLSKeyDataHmacGetKlass</link> (void);
+<link linkend="int">int</link> <link linkend="xmlSecGnuTLSKeyDataHmacSet">xmlSecGnuTLSKeyDataHmacSet</link> (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+ <link linkend="xmlSecSize">xmlSecSize</link> bufSize);
+#define <link linkend="xmlSecGnuTLSTransformHmacMd5Id">xmlSecGnuTLSTransformHmacMd5Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformHmacMd5GetKlass">xmlSecGnuTLSTransformHmacMd5GetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformHmacRipemd160Id">xmlSecGnuTLSTransformHmacRipemd160Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformHmacRipemd160GetKlass">xmlSecGnuTLSTransformHmacRipemd160GetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformHmacSha1Id">xmlSecGnuTLSTransformHmacSha1Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformHmacSha1GetKlass">xmlSecGnuTLSTransformHmacSha1GetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformHmacSha256Id">xmlSecGnuTLSTransformHmacSha256Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformHmacSha256GetKlass">xmlSecGnuTLSTransformHmacSha256GetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformHmacSha384Id">xmlSecGnuTLSTransformHmacSha384Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformHmacSha384GetKlass">xmlSecGnuTLSTransformHmacSha384GetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformHmacSha512Id">xmlSecGnuTLSTransformHmacSha512Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformHmacSha512GetKlass">xmlSecGnuTLSTransformHmacSha512GetKlass</link>
+ (void);
+#define <link linkend="xmlSecGnuTLSTransformSha1Id">xmlSecGnuTLSTransformSha1Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformSha1GetKlass">xmlSecGnuTLSTransformSha1GetKlass</link> (void);
+#define <link linkend="xmlSecGnuTLSTransformSha256Id">xmlSecGnuTLSTransformSha256Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformSha256GetKlass">xmlSecGnuTLSTransformSha256GetKlass</link> (void);
+#define <link linkend="xmlSecGnuTLSTransformSha384Id">xmlSecGnuTLSTransformSha384Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformSha384GetKlass">xmlSecGnuTLSTransformSha384GetKlass</link> (void);
+#define <link linkend="xmlSecGnuTLSTransformSha512Id">xmlSecGnuTLSTransformSha512Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformSha512GetKlass">xmlSecGnuTLSTransformSha512GetKlass</link> (void);
+#define <link linkend="xmlSecGnuTLSTransformMd5Id">xmlSecGnuTLSTransformMd5Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformMd5GetKlass">xmlSecGnuTLSTransformMd5GetKlass</link> (void);
+#define <link linkend="xmlSecGnuTLSTransformRipemd160Id">xmlSecGnuTLSTransformRipemd160Id</link>
+<link linkend="xmlSecTransformId">xmlSecTransformId</link> <link linkend="xmlSecGnuTLSTransformRipemd160GetKlass">xmlSecGnuTLSTransformRipemd160GetKlass</link>
+ (void);
+</synopsis>
+</refsynopsisdiv>
+
+
+
+
+
+
+
+
+
+<refsect1 id="xmlsec-gnutls-crypto.description" role="desc">
+<title role="desc.title">Description</title>
+<para>
+Crypto transforms implementation for GnuTLS.
+</para>
+</refsect1>
+
+<refsect1 id="xmlsec-gnutls-crypto.details" role="details">
+<title role="details.title">Details</title>
+<refsect2 id="xmlSecCryptoGetFunctions-gnutls" role="function">
+<title>xmlSecCryptoGetFunctions_gnutls ()</title>
+<indexterm zone="xmlSecCryptoGetFunctions-gnutls"><primary sortas="xmlSecCryptoGetFunctions_gnutls">xmlSecCryptoGetFunctions_gnutls</primary></indexterm><programlisting><link linkend="xmlSecCryptoDLFunctions">xmlSecCryptoDLFunctionsPtr</link> xmlSecCryptoGetFunctions_gnutls
+ (void);</programlisting>
+<para>
+Gets the pointer to xmlsec-gnutls functions table.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the xmlsec-gnutls functions table or NULL if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSInit" role="function">
+<title>xmlSecGnuTLSInit ()</title>
+<indexterm zone="xmlSecGnuTLSInit"><primary sortas="xmlSecGnuTLSInit">xmlSecGnuTLSInit</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSInit (void);</programlisting>
+<para>
+XMLSec library specific crypto engine initialization.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSShutdown" role="function">
+<title>xmlSecGnuTLSShutdown ()</title>
+<indexterm zone="xmlSecGnuTLSShutdown"><primary sortas="xmlSecGnuTLSShutdown">xmlSecGnuTLSShutdown</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSShutdown (void);</programlisting>
+<para>
+XMLSec library specific crypto engine shutdown.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeysMngrInit" role="function">
+<title>xmlSecGnuTLSKeysMngrInit ()</title>
+<indexterm zone="xmlSecGnuTLSKeysMngrInit"><primary sortas="xmlSecGnuTLSKeysMngrInit">xmlSecGnuTLSKeysMngrInit</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSKeysMngrInit (<link linkend="xmlSecKeysMngr">xmlSecKeysMngrPtr</link> mngr);</programlisting>
+<para>
+Adds GnuTLS specific key data stores in keys manager.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>mngr</parameter> :</term>
+<listitem><simpara> the pointer to keys manager.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSGenerateRandom" role="function">
+<title>xmlSecGnuTLSGenerateRandom ()</title>
+<indexterm zone="xmlSecGnuTLSGenerateRandom"><primary sortas="xmlSecGnuTLSGenerateRandom">xmlSecGnuTLSGenerateRandom</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSGenerateRandom (<link linkend="xmlSecBuffer">xmlSecBufferPtr</link> buffer,
+ <link linkend="xmlSecSize">xmlSecSize</link> size);</programlisting>
+<para>
+Generates <parameter>size</parameter> random bytes and puts result in <parameter>buffer</parameter>.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>buffer</parameter> :</term>
+<listitem><simpara> the destination buffer.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>size</parameter> :</term>
+<listitem><simpara> the numer of bytes to generate.
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value otherwise.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataAesId" role="macro">
+<title>xmlSecGnuTLSKeyDataAesId</title>
+<indexterm zone="xmlSecGnuTLSKeyDataAesId"><primary sortas="xmlSecGnuTLSKeyDataAesId">xmlSecGnuTLSKeyDataAesId</primary></indexterm><programlisting>#define xmlSecGnuTLSKeyDataAesId</programlisting>
+<para>
+The AES key data klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataAesGetKlass" role="function">
+<title>xmlSecGnuTLSKeyDataAesGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataAesGetKlass"><primary sortas="xmlSecGnuTLSKeyDataAesGetKlass">xmlSecGnuTLSKeyDataAesGetKlass</primary></indexterm><programlisting><link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link> xmlSecGnuTLSKeyDataAesGetKlass (void);</programlisting>
+<para>
+The AES key data klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> AES key data klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataAesSet" role="function">
+<title>xmlSecGnuTLSKeyDataAesSet ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataAesSet"><primary sortas="xmlSecGnuTLSKeyDataAesSet">xmlSecGnuTLSKeyDataAesSet</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSKeyDataAesSet (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+ <link linkend="xmlSecSize">xmlSecSize</link> bufSize);</programlisting>
+<para>
+Sets the value of AES key data.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter> :</term>
+<listitem><simpara> the pointer to AES key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>buf</parameter> :</term>
+<listitem><simpara> the pointer to key value.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>bufSize</parameter> :</term>
+<listitem><simpara> the key value size (in bytes).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes128CbcId" role="macro">
+<title>xmlSecGnuTLSTransformAes128CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformAes128CbcId"><primary sortas="xmlSecGnuTLSTransformAes128CbcId">xmlSecGnuTLSTransformAes128CbcId</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformAes128CbcId</programlisting>
+<para>
+The AES128 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes128CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformAes128CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformAes128CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformAes128CbcGetKlass">xmlSecGnuTLSTransformAes128CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformAes128CbcGetKlass
+ (void);</programlisting>
+<para>
+AES 128 CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to AES 128 CBC encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes192CbcId" role="macro">
+<title>xmlSecGnuTLSTransformAes192CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformAes192CbcId"><primary sortas="xmlSecGnuTLSTransformAes192CbcId">xmlSecGnuTLSTransformAes192CbcId</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformAes192CbcId</programlisting>
+<para>
+The AES192 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes192CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformAes192CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformAes192CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformAes192CbcGetKlass">xmlSecGnuTLSTransformAes192CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformAes192CbcGetKlass
+ (void);</programlisting>
+<para>
+AES 192 CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to AES 192 CBC encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes256CbcId" role="macro">
+<title>xmlSecGnuTLSTransformAes256CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformAes256CbcId"><primary sortas="xmlSecGnuTLSTransformAes256CbcId">xmlSecGnuTLSTransformAes256CbcId</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformAes256CbcId</programlisting>
+<para>
+The AES256 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformAes256CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformAes256CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformAes256CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformAes256CbcGetKlass">xmlSecGnuTLSTransformAes256CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformAes256CbcGetKlass
+ (void);</programlisting>
+<para>
+AES 256 CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to AES 256 CBC encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataDesId" role="macro">
+<title>xmlSecGnuTLSKeyDataDesId</title>
+<indexterm zone="xmlSecGnuTLSKeyDataDesId"><primary sortas="xmlSecGnuTLSKeyDataDesId">xmlSecGnuTLSKeyDataDesId</primary></indexterm><programlisting>#define xmlSecGnuTLSKeyDataDesId</programlisting>
+<para>
+The DES key data klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataDesGetKlass" role="function">
+<title>xmlSecGnuTLSKeyDataDesGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataDesGetKlass"><primary sortas="xmlSecGnuTLSKeyDataDesGetKlass">xmlSecGnuTLSKeyDataDesGetKlass</primary></indexterm><programlisting><link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link> xmlSecGnuTLSKeyDataDesGetKlass (void);</programlisting>
+<para>
+The DES key data klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> DES key data klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataDesSet" role="function">
+<title>xmlSecGnuTLSKeyDataDesSet ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataDesSet"><primary sortas="xmlSecGnuTLSKeyDataDesSet">xmlSecGnuTLSKeyDataDesSet</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSKeyDataDesSet (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+ <link linkend="xmlSecSize">xmlSecSize</link> bufSize);</programlisting>
+<para>
+Sets the value of DES key data.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter> :</term>
+<listitem><simpara> the pointer to DES key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>buf</parameter> :</term>
+<listitem><simpara> the pointer to key value.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>bufSize</parameter> :</term>
+<listitem><simpara> the key value size (in bytes).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformDes3CbcId" role="macro">
+<title>xmlSecGnuTLSTransformDes3CbcId</title>
+<indexterm zone="xmlSecGnuTLSTransformDes3CbcId"><primary sortas="xmlSecGnuTLSTransformDes3CbcId">xmlSecGnuTLSTransformDes3CbcId</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformDes3CbcId</programlisting>
+<para>
+The DES3 CBC cipher transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformDes3CbcGetKlass" role="function">
+<title>xmlSecGnuTLSTransformDes3CbcGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformDes3CbcGetKlass"><primary sortas="xmlSecGnuTLSTransformDes3CbcGetKlass">xmlSecGnuTLSTransformDes3CbcGetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformDes3CbcGetKlass
+ (void);</programlisting>
+<para>
+Triple DES CBC encryption transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to Triple DES encryption transform.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSHmacGetMinOutputLength" role="function">
+<title>xmlSecGnuTLSHmacGetMinOutputLength ()</title>
+<indexterm zone="xmlSecGnuTLSHmacGetMinOutputLength"><primary sortas="xmlSecGnuTLSHmacGetMinOutputLength">xmlSecGnuTLSHmacGetMinOutputLength</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSHmacGetMinOutputLength (void);</programlisting>
+<para>
+Gets the value of min HMAC length.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the min HMAC output length
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSHmacSetMinOutputLength" role="function">
+<title>xmlSecGnuTLSHmacSetMinOutputLength ()</title>
+<indexterm zone="xmlSecGnuTLSHmacSetMinOutputLength"><primary sortas="xmlSecGnuTLSHmacSetMinOutputLength">xmlSecGnuTLSHmacSetMinOutputLength</primary></indexterm><programlisting><link linkend="void">void</link> xmlSecGnuTLSHmacSetMinOutputLength (<link linkend="int">int</link> min_length);</programlisting>
+<para>
+Sets the min HMAC output length</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>min_length</parameter> :</term>
+<listitem><simpara> the new min length
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataHmacId" role="macro">
+<title>xmlSecGnuTLSKeyDataHmacId</title>
+<indexterm zone="xmlSecGnuTLSKeyDataHmacId"><primary sortas="xmlSecGnuTLSKeyDataHmacId">xmlSecGnuTLSKeyDataHmacId</primary></indexterm><programlisting>#define xmlSecGnuTLSKeyDataHmacId</programlisting>
+<para>
+The HMAC key klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataHmacGetKlass" role="function">
+<title>xmlSecGnuTLSKeyDataHmacGetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataHmacGetKlass"><primary sortas="xmlSecGnuTLSKeyDataHmacGetKlass">xmlSecGnuTLSKeyDataHmacGetKlass</primary></indexterm><programlisting><link linkend="xmlSecKeyDataId">xmlSecKeyDataId</link> xmlSecGnuTLSKeyDataHmacGetKlass (void);</programlisting>
+<para>
+The HMAC key data klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> HMAC key data klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSKeyDataHmacSet" role="function">
+<title>xmlSecGnuTLSKeyDataHmacSet ()</title>
+<indexterm zone="xmlSecGnuTLSKeyDataHmacSet"><primary sortas="xmlSecGnuTLSKeyDataHmacSet">xmlSecGnuTLSKeyDataHmacSet</primary></indexterm><programlisting><link linkend="int">int</link> xmlSecGnuTLSKeyDataHmacSet (<link linkend="xmlSecKeyData">xmlSecKeyDataPtr</link> data,
+ const <link linkend="xmlSecByte">xmlSecByte</link> *buf,
+ <link linkend="xmlSecSize">xmlSecSize</link> bufSize);</programlisting>
+<para>
+Sets the value of HMAC key data.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><parameter>data</parameter> :</term>
+<listitem><simpara> the pointer to HMAC key data.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>buf</parameter> :</term>
+<listitem><simpara> the pointer to key value.
+</simpara></listitem></varlistentry>
+<varlistentry><term><parameter>bufSize</parameter> :</term>
+<listitem><simpara> the key value size (in bytes).
+</simpara></listitem></varlistentry>
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> 0 on success or a negative value if an error occurs.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacMd5Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacMd5Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacMd5Id"><primary sortas="xmlSecGnuTLSTransformHmacMd5Id">xmlSecGnuTLSTransformHmacMd5Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformHmacMd5Id</programlisting>
+<para>
+The HMAC with MD5 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacMd5GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacMd5GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacMd5GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacMd5GetKlass">xmlSecGnuTLSTransformHmacMd5GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformHmacMd5GetKlass
+ (void);</programlisting>
+<para>
+The HMAC-MD5 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the HMAC-MD5 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacRipemd160Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacRipemd160Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacRipemd160Id"><primary sortas="xmlSecGnuTLSTransformHmacRipemd160Id">xmlSecGnuTLSTransformHmacRipemd160Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformHmacRipemd160Id</programlisting>
+<para>
+The HMAC with RipeMD160 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacRipemd160GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacRipemd160GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacRipemd160GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacRipemd160GetKlass">xmlSecGnuTLSTransformHmacRipemd160GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformHmacRipemd160GetKlass
+ (void);</programlisting>
+<para>
+The HMAC-RIPEMD160 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the HMAC-RIPEMD160 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha1Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha1Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha1Id"><primary sortas="xmlSecGnuTLSTransformHmacSha1Id">xmlSecGnuTLSTransformHmacSha1Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformHmacSha1Id</programlisting>
+<para>
+The HMAC with SHA1 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha1GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha1GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha1GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha1GetKlass">xmlSecGnuTLSTransformHmacSha1GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformHmacSha1GetKlass
+ (void);</programlisting>
+<para>
+The HMAC-SHA1 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the HMAC-SHA1 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha256Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha256Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha256Id"><primary sortas="xmlSecGnuTLSTransformHmacSha256Id">xmlSecGnuTLSTransformHmacSha256Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformHmacSha256Id</programlisting>
+<para>
+The HMAC with SHA256 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha256GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha256GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha256GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha256GetKlass">xmlSecGnuTLSTransformHmacSha256GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformHmacSha256GetKlass
+ (void);</programlisting>
+<para>
+The HMAC-SHA256 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the HMAC-SHA256 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha384Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha384Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha384Id"><primary sortas="xmlSecGnuTLSTransformHmacSha384Id">xmlSecGnuTLSTransformHmacSha384Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformHmacSha384Id</programlisting>
+<para>
+The HMAC with SHA384 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha384GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha384GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha384GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha384GetKlass">xmlSecGnuTLSTransformHmacSha384GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformHmacSha384GetKlass
+ (void);</programlisting>
+<para>
+The HMAC-SHA384 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the HMAC-SHA384 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha512Id" role="macro">
+<title>xmlSecGnuTLSTransformHmacSha512Id</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha512Id"><primary sortas="xmlSecGnuTLSTransformHmacSha512Id">xmlSecGnuTLSTransformHmacSha512Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformHmacSha512Id</programlisting>
+<para>
+The HMAC with SHA512 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformHmacSha512GetKlass" role="function">
+<title>xmlSecGnuTLSTransformHmacSha512GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformHmacSha512GetKlass"><primary sortas="xmlSecGnuTLSTransformHmacSha512GetKlass">xmlSecGnuTLSTransformHmacSha512GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformHmacSha512GetKlass
+ (void);</programlisting>
+<para>
+The HMAC-SHA512 transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> the HMAC-SHA512 transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha1Id" role="macro">
+<title>xmlSecGnuTLSTransformSha1Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha1Id"><primary sortas="xmlSecGnuTLSTransformSha1Id">xmlSecGnuTLSTransformSha1Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformSha1Id</programlisting>
+<para>
+The HMAC with SHA1 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha1GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha1GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha1GetKlass"><primary sortas="xmlSecGnuTLSTransformSha1GetKlass">xmlSecGnuTLSTransformSha1GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformSha1GetKlass (void);</programlisting>
+<para>
+SHA-1 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to SHA-1 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha256Id" role="macro">
+<title>xmlSecGnuTLSTransformSha256Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha256Id"><primary sortas="xmlSecGnuTLSTransformSha256Id">xmlSecGnuTLSTransformSha256Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformSha256Id</programlisting>
+<para>
+The HMAC with SHA256 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha256GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha256GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha256GetKlass"><primary sortas="xmlSecGnuTLSTransformSha256GetKlass">xmlSecGnuTLSTransformSha256GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformSha256GetKlass (void);</programlisting>
+<para>
+SHA256 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to SHA256 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha384Id" role="macro">
+<title>xmlSecGnuTLSTransformSha384Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha384Id"><primary sortas="xmlSecGnuTLSTransformSha384Id">xmlSecGnuTLSTransformSha384Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformSha384Id</programlisting>
+<para>
+The HMAC with SHA384 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha384GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha384GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha384GetKlass"><primary sortas="xmlSecGnuTLSTransformSha384GetKlass">xmlSecGnuTLSTransformSha384GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformSha384GetKlass (void);</programlisting>
+<para>
+SHA384 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to SHA384 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha512Id" role="macro">
+<title>xmlSecGnuTLSTransformSha512Id</title>
+<indexterm zone="xmlSecGnuTLSTransformSha512Id"><primary sortas="xmlSecGnuTLSTransformSha512Id">xmlSecGnuTLSTransformSha512Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformSha512Id</programlisting>
+<para>
+The HMAC with SHA512 signature transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformSha512GetKlass" role="function">
+<title>xmlSecGnuTLSTransformSha512GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformSha512GetKlass"><primary sortas="xmlSecGnuTLSTransformSha512GetKlass">xmlSecGnuTLSTransformSha512GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformSha512GetKlass (void);</programlisting>
+<para>
+SHA512 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to SHA512 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformMd5Id" role="macro">
+<title>xmlSecGnuTLSTransformMd5Id</title>
+<indexterm zone="xmlSecGnuTLSTransformMd5Id"><primary sortas="xmlSecGnuTLSTransformMd5Id">xmlSecGnuTLSTransformMd5Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformMd5Id</programlisting>
+<para>
+The MD5 digest transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformMd5GetKlass" role="function">
+<title>xmlSecGnuTLSTransformMd5GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformMd5GetKlass"><primary sortas="xmlSecGnuTLSTransformMd5GetKlass">xmlSecGnuTLSTransformMd5GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformMd5GetKlass (void);</programlisting>
+<para>
+MD5 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to MD5 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformRipemd160Id" role="macro">
+<title>xmlSecGnuTLSTransformRipemd160Id</title>
+<indexterm zone="xmlSecGnuTLSTransformRipemd160Id"><primary sortas="xmlSecGnuTLSTransformRipemd160Id">xmlSecGnuTLSTransformRipemd160Id</primary></indexterm><programlisting>#define xmlSecGnuTLSTransformRipemd160Id</programlisting>
+<para>
+The RIPEMD160 digest transform klass.</para>
+<para>
+</para></refsect2>
+<refsect2 id="xmlSecGnuTLSTransformRipemd160GetKlass" role="function">
+<title>xmlSecGnuTLSTransformRipemd160GetKlass ()</title>
+<indexterm zone="xmlSecGnuTLSTransformRipemd160GetKlass"><primary sortas="xmlSecGnuTLSTransformRipemd160GetKlass">xmlSecGnuTLSTransformRipemd160GetKlass</primary></indexterm><programlisting><link linkend="xmlSecTransformId">xmlSecTransformId</link> xmlSecGnuTLSTransformRipemd160GetKlass
+ (void);</programlisting>
+<para>
+RIPEMD160 digest transform klass.</para>
+<para>
+</para><variablelist role="params">
+<varlistentry><term><emphasis>Returns</emphasis> :</term><listitem><simpara> pointer to RIPEMD160 digest transform klass.
+</simpara></listitem></varlistentry>
+</variablelist></refsect2>
+
+</refsect1>
+
+
+
+
+</refentry>
diff --git a/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom
new file mode 100644
index 0000000..2f589ee
--- /dev/null
+++ b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.bottom
@@ -0,0 +1,2 @@
+ &xmlsec-gnutls-app;
+ &xmlsec-gnutls-crypto;
diff --git a/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top
new file mode 100644
index 0000000..7e275a7
--- /dev/null
+++ b/docs/api/sgml/gcrypt/xmlsec-gcrypt-doc.top
@@ -0,0 +1,2 @@
+<!ENTITY xmlsec-gnutls-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-gnutls-crypto SYSTEM "sgml/crypto.sgml">
diff --git a/docs/api/tmpl/gcrypt/app.sgml b/docs/api/tmpl/gcrypt/app.sgml
new file mode 100644
index 0000000..68fdfcc
--- /dev/null
+++ b/docs/api/tmpl/gcrypt/app.sgml
@@ -0,0 +1,184 @@
+<!-- ##### SECTION Title ##### -->
+app
+
+<!-- ##### SECTION Short_Description ##### -->
+Application functions implementation for GnuTLS.
+
+<!-- ##### SECTION Long_Description ##### -->
+<para>
+Application functions implementation for GnuTLS.
+</para>
+
+<!-- ##### SECTION See_Also ##### -->
+<para>
+
+</para>
+
+<!-- ##### SECTION Stability_Level ##### -->
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppInit ##### -->
+<para>
+
+</para>
+
+ config:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppShutdown ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrInit ##### -->
+<para>
+
+</para>
+
+ mngr:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrAdoptKey ##### -->
+<para>
+
+</para>
+
+ mngr:
+ key:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrLoad ##### -->
+<para>
+
+</para>
+
+ mngr:
+ uri:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppDefaultKeysMngrSave ##### -->
+<para>
+
+</para>
+
+ mngr:
+ filename:
+ type:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeysMngrCertLoad ##### -->
+<para>
+
+</para>
+
+ mngr:
+ filename:
+ format:
+ type:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeysMngrCertLoadMemory ##### -->
+<para>
+
+</para>
+
+ mngr:
+ data:
+ dataSize:
+ format:
+ type:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyLoad ##### -->
+<para>
+
+</para>
+
+ filename:
+ format:
+ pwd:
+ pwdCallback:
+ pwdCallbackCtx:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyLoadMemory ##### -->
+<para>
+
+</para>
+
+ data:
+ dataSize:
+ format:
+ pwd:
+ pwdCallback:
+ pwdCallbackCtx:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppPkcs12Load ##### -->
+<para>
+
+</para>
+
+ filename:
+ pwd:
+ pwdCallback:
+ pwdCallbackCtx:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppPkcs12LoadMemory ##### -->
+<para>
+
+</para>
+
+ data:
+ dataSize:
+ pwd:
+ pwdCallback:
+ pwdCallbackCtx:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyCertLoad ##### -->
+<para>
+
+</para>
+
+ key:
+ filename:
+ format:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppKeyCertLoadMemory ##### -->
+<para>
+
+</para>
+
+ key:
+ data:
+ dataSize:
+ format:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSAppGetDefaultPwdCallback ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
diff --git a/docs/api/tmpl/gcrypt/crypto.sgml b/docs/api/tmpl/gcrypt/crypto.sgml
new file mode 100644
index 0000000..a2d210d
--- /dev/null
+++ b/docs/api/tmpl/gcrypt/crypto.sgml
@@ -0,0 +1,396 @@
+<!-- ##### SECTION Title ##### -->
+crypto
+
+<!-- ##### SECTION Short_Description ##### -->
+Crypto transforms implementation for GnuTLS.
+
+<!-- ##### SECTION Long_Description ##### -->
+<para>
+Crypto transforms implementation for GnuTLS.
+</para>
+
+<!-- ##### SECTION See_Also ##### -->
+<para>
+
+</para>
+
+<!-- ##### SECTION Stability_Level ##### -->
+
+
+<!-- ##### FUNCTION xmlSecCryptoGetFunctions_gnutls ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSInit ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSShutdown ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeysMngrInit ##### -->
+<para>
+
+</para>
+
+ mngr:
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSGenerateRandom ##### -->
+<para>
+
+</para>
+
+ buffer:
+ size:
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSKeyDataAesId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataAesGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataAesSet ##### -->
+<para>
+
+</para>
+
+ data:
+ buf:
+ bufSize:
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformAes128CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformAes128CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformAes192CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformAes192CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformAes256CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformAes256CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSKeyDataDesId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataDesGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataDesSet ##### -->
+<para>
+
+</para>
+
+ data:
+ buf:
+ bufSize:
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformDes3CbcId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformDes3CbcGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSHmacGetMinOutputLength ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSHmacSetMinOutputLength ##### -->
+<para>
+
+</para>
+
+ min_length:
+
+
+<!-- ##### MACRO xmlSecGnuTLSKeyDataHmacId ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataHmacGetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSKeyDataHmacSet ##### -->
+<para>
+
+</para>
+
+ data:
+ buf:
+ bufSize:
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacMd5Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacMd5GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacRipemd160Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacRipemd160GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha1Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha1GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha256Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha256GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha384Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha384GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformHmacSha512Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformHmacSha512GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha1Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha1GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha256Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha256GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha384Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha384GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformSha512Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformSha512GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformMd5Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformMd5GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
+<!-- ##### MACRO xmlSecGnuTLSTransformRipemd160Id ##### -->
+<para>
+
+</para>
+
+
+
+<!-- ##### FUNCTION xmlSecGnuTLSTransformRipemd160GetKlass ##### -->
+<para>
+
+</para>
+
+ Returns:
+
+
diff --git a/docs/api/tmpl/gcrypt/xmlsec-gcrypt-unused.sgml b/docs/api/tmpl/gcrypt/xmlsec-gcrypt-unused.sgml
new file mode 100644
index 0000000..e69de29
diff --git a/docs/api/xmlsec-gcrypt.sgml b/docs/api/xmlsec-gcrypt.sgml
new file mode 100644
index 0000000..b5c2bf2
--- /dev/null
+++ b/docs/api/xmlsec-gcrypt.sgml
@@ -0,0 +1,15 @@
+<!doctype book PUBLIC "-//DavenPort//DTD DocBook V3.0//EN" [
+<!ENTITY xmlsec-gnutls-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-gnutls-crypto SYSTEM "sgml/crypto.sgml">
+]>
+<book id="index">
+ <bookinfo>
+ <title>[Insert name here] Reference Manual</title>
+ </bookinfo>
+
+ <chapter>
+ <title>[Insert title here]</title>
+ &xmlsec-gnutls-app;
+ &xmlsec-gnutls-crypto;
+ </chapter>
+</book>
diff --git a/include/xmlsec/gcrypt/Makefile.am b/include/xmlsec/gcrypt/Makefile.am
new file mode 100644
index 0000000..45b03d6
--- /dev/null
+++ b/include/xmlsec/gcrypt/Makefile.am
@@ -0,0 +1,13 @@
+NULL =
+
+xmlsecgnutlsincdir = $(includedir)/xmlsec1/xmlsec/gnutls
+
+xmlsecgnutlsinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecgnutlsincdir)
+
diff --git a/include/xmlsec/gcrypt/app.h b/include/xmlsec/gcrypt/app.h
new file mode 100644
index 0000000..4a2f3e1
--- /dev/null
+++ b/include/xmlsec/gcrypt/app.h
@@ -0,0 +1,96 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GNUTLS_APP_H__
+#define __XMLSEC_GNUTLS_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppInit (const char* config);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppShutdown (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrAdoptKey (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeysMngrCertLoadMemory (xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppKeyLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppPkcs12Load (const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppPkcs12LoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeyCertLoadMemory (xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+XMLSEC_CRYPTO_EXPORT void* xmlSecGnuTLSAppGetDefaultPwdCallback (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_APP_H__ */
+
diff --git a/include/xmlsec/gcrypt/crypto.h b/include/xmlsec/gcrypt/crypto.h
new file mode 100644
index 0000000..107ee0d
--- /dev/null
+++ b/include/xmlsec/gcrypt/crypto.h
@@ -0,0 +1,460 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GNUTLS_CRYPTO_H__
+#define __XMLSEC_GNUTLS_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_gnutls(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSInit (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSShutdown (void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSGenerateRandom (xmlSecBufferPtr buffer,
+ xmlSecSize size);
+
+
+/********************************************************************
+ *
+ * AES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecGnuTLSKeyDataAesId:
+ *
+ * The AES key data klass.
+ */
+#define xmlSecGnuTLSKeyDataAesId \
+ xmlSecGnuTLSKeyDataAesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataAesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataAesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+/**
+ * xmlSecGnuTLSTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes128CbcId \
+ xmlSecGnuTLSTransformAes128CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes128CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes192CbcId \
+ xmlSecGnuTLSTransformAes192CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes192CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes256CbcId \
+ xmlSecGnuTLSTransformAes256CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes256CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes128Id \
+ xmlSecGnuTLSTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes192Id \
+ xmlSecGnuTLSTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes256Id \
+ xmlSecGnuTLSTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes256GetKlass(void);
+
+
+#endif /* XMLSEC_NO_AES */
+
+/********************************************************************
+ *
+ * DES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecGnuTLSKeyDataDesId:
+ *
+ * The DES key data klass.
+ */
+#define xmlSecGnuTLSKeyDataDesId \
+ xmlSecGnuTLSKeyDataDesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataDesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataDesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+/**
+ * xmlSecGnuTLSTransformDes3CbcId:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformDes3CbcId \
+ xmlSecGnuTLSTransformDes3CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDes3CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWDes3Id:
+ *
+ * The DES3 KW transform klass.
+ */
+#define xmlSecGnuTLSTransformKWDes3Id \
+ xmlSecGnuTLSTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWDes3GetKlass(void);
+
+#endif /* XMLSEC_NO_DES */
+
+/********************************************************************
+ *
+ * DSA transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DSA
+#include <gcrypt.h>
+
+/**
+ * xmlSecGnuTLSKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecGnuTLSKeyDataDsaId \
+ xmlSecGnuTLSKeyDataDsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataDsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataDsaAdoptKey (xmlSecKeyDataPtr data,
+ gcry_sexp_t dsa_key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataDsaAdoptKeyPair (xmlSecKeyDataPtr data,
+ gcry_sexp_t pub_key,
+ gcry_sexp_t priv_key);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGnuTLSKeyDataDsaGetPublicKey (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGnuTLSKeyDataDsaGetPrivateKey (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformDsaSha1Id:
+ *
+ * The DSA SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformDsaSha1Id \
+ xmlSecGnuTLSTransformDsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+
+
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void xmlSecGnuTLSHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecGnuTLSKeyDataHmacId:
+ *
+ * The HMAC key klass.
+ */
+#define xmlSecGnuTLSKeyDataHmacId \
+ xmlSecGnuTLSKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataHmacGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataHmacSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacMd5Id \
+ xmlSecGnuTLSTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacMd5GetKlass(void);
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformHmacRipemd160Id:
+ *
+ * The HMAC with RipeMD160 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacRipemd160Id \
+ xmlSecGnuTLSTransformHmacRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha1Id \
+ xmlSecGnuTLSTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha256Id \
+ xmlSecGnuTLSTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha384Id \
+ xmlSecGnuTLSTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha512Id \
+ xmlSecGnuTLSTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+/********************************************************************
+ *
+ * RSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RSA
+#include <gcrypt.h>
+
+/**
+ * xmlSecGnuTLSKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecGnuTLSKeyDataRsaId \
+ xmlSecGnuTLSKeyDataRsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataRsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataRsaAdoptKey (xmlSecKeyDataPtr data,
+ gcry_sexp_t rsa_key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataRsaAdoptKeyPair (xmlSecKeyDataPtr data,
+ gcry_sexp_t pub_key,
+ gcry_sexp_t priv_key);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGnuTLSKeyDataRsaGetPublicKey (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGnuTLSKeyDataRsaGetPrivateKey (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaMd5Id \
+ xmlSecGnuTLSTransformRsaMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRsaRipemd160Id:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaRipemd160Id \
+ xmlSecGnuTLSTransformRsaRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha1Id \
+ xmlSecGnuTLSTransformRsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha256Id \
+ xmlSecGnuTLSTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha384Id \
+ xmlSecGnuTLSTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha512Id \
+ xmlSecGnuTLSTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+/********************************************************************
+ *
+ * SHA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha1Id \
+ xmlSecGnuTLSTransformSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha256Id \
+ xmlSecGnuTLSTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha384Id \
+ xmlSecGnuTLSTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha512Id \
+ xmlSecGnuTLSTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/********************************************************************
+ *
+ * Md5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecGnuTLSTransformMd5Id \
+ xmlSecGnuTLSTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+
+/********************************************************************
+ *
+ * RipeMD160 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRipemd160Id:
+ *
+ * The RIPEMD160 digest transform klass.
+ */
+#define xmlSecGnuTLSTransformRipemd160Id \
+ xmlSecGnuTLSTransformRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_CRYPTO_H__ */
+
+#define __XMLSEC_GNUTLS_CRYPTO_H__
diff --git a/include/xmlsec/gcrypt/symbols.h b/include/xmlsec/gcrypt/symbols.h
new file mode 100644
index 0000000..818035d
--- /dev/null
+++ b/include/xmlsec/gcrypt/symbols.h
@@ -0,0 +1,104 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GNUTLS_SYMBOLS_H__
+#define __XMLSEC_GNUTLS_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_GNUTLS
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit xmlSecGnuTLSInit
+#define xmlSecCryptoShutdown xmlSecGnuTLSShutdown
+
+#define xmlSecCryptoKeysMngrInit xmlSecGnuTLSKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId xmlSecGnuTLSKeyDataAesId
+#define xmlSecKeyDataDesId xmlSecGnuTLSKeyDataDesId
+#define xmlSecKeyDataDsaId xmlSecGnuTLSKeyDataDsaId
+#define xmlSecKeyDataHmacId xmlSecGnuTLSKeyDataHmacId
+#define xmlSecKeyDataRsaId xmlSecGnuTLSKeyDataRsaId
+#define xmlSecKeyDataX509Id xmlSecGnuTLSKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId xmlSecGnuTLSKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId xmlSecGnuTLSX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId xmlSecGnuTLSTransformAes128CbcId
+#define xmlSecTransformAes192CbcId xmlSecGnuTLSTransformAes192CbcId
+#define xmlSecTransformAes256CbcId xmlSecGnuTLSTransformAes256CbcId
+#define xmlSecTransformKWAes128Id xmlSecGnuTLSTransformKWAes128Id
+#define xmlSecTransformKWAes192Id xmlSecGnuTLSTransformKWAes192Id
+#define xmlSecTransformKWAes256Id xmlSecGnuTLSTransformKWAes256Id
+#define xmlSecTransformDes3CbcId xmlSecGnuTLSTransformDes3CbcId
+#define xmlSecTransformKWDes3Id xmlSecGnuTLSTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id xmlSecGnuTLSTransformDsaSha1Id
+#define xmlSecTransformHmacMd5Id xmlSecGnuTLSTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id xmlSecGnuTLSTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id xmlSecGnuTLSTransformHmacSha1Id
+#define xmlSecTransformRipemd160Id xmlSecGnuTLSTransformRipemd160Id
+#define xmlSecTransformRsaSha1Id xmlSecGnuTLSTransformRsaSha1Id
+#define xmlSecTransformRsaPkcs1Id xmlSecGnuTLSTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId xmlSecGnuTLSTransformRsaOaepId
+#define xmlSecTransformSha1Id xmlSecGnuTLSTransformSha1Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit xmlSecGnuTLSAppInit
+#define xmlSecCryptoAppShutdown xmlSecGnuTLSAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit xmlSecGnuTLSAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey xmlSecGnuTLSAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad xmlSecGnuTLSAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave xmlSecGnuTLSAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad xmlSecGnuTLSAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory xmlSecGnuTLSAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad xmlSecGnuTLSAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load xmlSecGnuTLSAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad xmlSecGnuTLSAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory xmlSecGnuTLSAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory xmlSecGnuTLSAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory xmlSecGnuTLSAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback xmlSecGnuTLSAppGetDefaultPwdCallback
+
+#endif /* XMLSEC_CRYPTO_GNUTLS */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_CRYPTO_H__ */
+
+#define __XMLSEC_GNUTLS_CRYPTO_H__
diff --git a/src/gcrypt/Makefile.am b/src/gcrypt/Makefile.am
new file mode 100644
index 0000000..4e12161
--- /dev/null
+++ b/src/gcrypt/Makefile.am
@@ -0,0 +1,51 @@
+NULL =
+
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-gnutls.la \
+ $(NULL)
+
+libxmlsec1_gnutls_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE \" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(GNUTLS_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_gnutls_la_SOURCES =\
+ app.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ kw_aes.c \
+ kw_des.c \
+ symkeys.c \
+ asymkeys.c \
+ globals.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_gnutls_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_gnutls_la_LIBADD = \
+ $(GNUTLS_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_gnutls_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_gnutls_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/gcrypt/README b/src/gcrypt/README
new file mode 100644
index 0000000..23f7d8a
--- /dev/null
+++ b/src/gcrypt/README
@@ -0,0 +1,9 @@
+The xmlsec-gnutls implementation is really limited and is not ready
+for production use. The only supported crypto transforms are:
+
+ - HMAC
+ - Tripple DES
+ - AES [128|192|256]
+ - SHA1
+
+
diff --git a/src/gcrypt/app.c b/src/gcrypt/app.c
new file mode 100644
index 0000000..264a489
--- /dev/null
+++ b/src/gcrypt/app.c
@@ -0,0 +1,509 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+/**
+ * xmlSecGnuTLSAppInit:
+ * @config: the path to GnuTLS configuration (unused).
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppInit(const char* config ATTRIBUTE_UNUSED) {
+ int ret;
+
+ ret = gnutls_global_init();
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_global_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppShutdown(void) {
+ gnutls_global_deinit();
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+
+ if (format == xmlSecKeyDataFormatPkcs12) {
+ return (xmlSecGnuTLSAppPkcs12Load(filename, pwd, pwdCallback,
+ pwdCallbackCtx));
+ }
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyLoadMemory:
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the memory buffer (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format, const char *pwd,
+ void* pwdCallback, void* pwdCallbackCtx) {
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ if (format == xmlSecKeyDataFormatPkcs12) {
+ return (xmlSecGnuTLSAppPkcs12LoadMemory(data, dataSize, pwd,
+ pwdCallback, pwdCallbackCtx));
+ }
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+#ifndef XMLSEC_NO_X509
+/**
+ * xmlSecGnuTLSAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $ filename and adds it to key
+ * (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGnuTLSAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file
+ * (not implemented yet).
+ * For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12Load(const char *filename,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(filename != NULL, NULL);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecGnuTLSAppPkcs12LoadMemory:
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in memory buffer.
+ * For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecGnuTLSAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGnuTLSAppKeysMngrCertLoadMemory:
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from binary buffer @data and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default GnuTLS crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* create simple keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecGnuTLSKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* TODO */
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecGnuTLSAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecGnuTLSAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecGnuTLSAppGetDefaultPwdCallback(void) {
+ return(NULL);
+}
+
diff --git a/src/gcrypt/asymkeys.c b/src/gcrypt/asymkeys.c
new file mode 100644
index 0000000..992374b
--- /dev/null
+++ b/src/gcrypt/asymkeys.c
@@ -0,0 +1,1922 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * Helpers
+ *
+ *************************************************************************/
+static gcry_sexp_t xmlSecGnuTLSAsymSExpDup (gcry_sexp_t sexp);
+
+
+/**************************************************************************
+ *
+ * Internal GnuTLS asym key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecGnuTLSAsymKeyDataCtx xmlSecGnuTLSAsymKeyDataCtx,
+ *xmlSecGnuTLSAsymKeyDataCtxPtr;
+struct _xmlSecGnuTLSAsymKeyDataCtx {
+ gcry_sexp_t pub_key;
+ gcry_sexp_t priv_key;
+};
+
+/******************************************************************************
+ *
+ * Asym key (dsa/rsa)
+ *
+ * xmlSecGnuTLSAsymKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSAsymKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecGnuTLSAsymKeyDataCtx))
+#define xmlSecGnuTLSAsymKeyDataGetCtx(data) \
+ ((xmlSecGnuTLSAsymKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecGnuTLSAsymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSAsymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGnuTLSAsymKeyDataFinalize (xmlSecKeyDataPtr data);
+
+static int xmlSecGnuTLSAsymKeyDataAdoptKey (xmlSecKeyDataPtr data,
+ gcry_sexp_t key_pair);
+static int xmlSecGnuTLSAsymKeyDataAdoptKeyPair (xmlSecKeyDataPtr data,
+ gcry_sexp_t pub_key,
+ gcry_sexp_t priv_key);
+static gcry_sexp_t xmlSecGnuTLSAsymKeyDataGetPublicKey (xmlSecKeyDataPtr data);
+static gcry_sexp_t xmlSecGnuTLSAsymKeyDataGetPrivateKey (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSAsymKeyDataGenerate (xmlSecKeyDataPtr data,
+ const char * alg,
+ xmlSecSize key_size);
+static xmlSecKeyDataType xmlSecGnuTLSAsymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGnuTLSAsymKeyDataGetSize (xmlSecKeyDataPtr data);
+
+
+static int
+xmlSecGnuTLSAsymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSAsymKeyDataCtx));
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctxDst;
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctxSrc;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecGnuTLSAsymKeyDataSize), -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecGnuTLSAsymKeyDataSize), -1);
+
+ ctxDst = xmlSecGnuTLSAsymKeyDataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxDst->pub_key == NULL, -1);
+ xmlSecAssert2(ctxDst->priv_key == NULL, -1);
+
+ ctxSrc = xmlSecGnuTLSAsymKeyDataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ if(ctxSrc->pub_key != NULL) {
+ ctxDst->pub_key = xmlSecGnuTLSAsymSExpDup(ctxSrc->pub_key);
+ if(ctxDst->pub_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecGnuTLSAsymSExpDup(pub_key)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(ctxSrc->priv_key != NULL) {
+ ctxDst->priv_key = xmlSecGnuTLSAsymSExpDup(ctxSrc->priv_key);
+ if(ctxDst->priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecGnuTLSAsymSExpDup(priv_key)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSAsymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize));
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pub_key != NULL) {
+ gcry_sexp_release(ctx->pub_key);
+ }
+ if(ctx->priv_key != NULL) {
+ gcry_sexp_release(ctx->priv_key);
+ }
+ memset(ctx, 0, sizeof(xmlSecGnuTLSAsymKeyDataCtx));
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t key_pair) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ int res = -1;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+ xmlSecAssert2(key_pair != NULL, -1);
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* split the key pair, public part should be always present, private might
+ not be present */
+ pub_key = gcry_sexp_find_token(key_pair, "public-key", 0);
+ if(pub_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(public-key)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ priv_key = gcry_sexp_find_token(key_pair, "private-key", 0);
+
+ /* assign */
+ if(xmlSecGnuTLSAsymKeyDataAdoptKeyPair(data, pub_key, priv_key) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAsymKeyDataAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* data owns it now */
+ priv_key = NULL; /* data owns it now */
+
+ /* success */
+ res = 0;
+
+done:
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ /* done */
+ return(res);
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+ xmlSecAssert2(pub_key != NULL, -1); /* public key should present always */
+/*
+ aleksey - we don't set optional parameters for RSA keys (p, k, u) and
+ because of that we can't actually test the key
+
+ xmlSecAssert2(((priv_key == NULL) || (gcry_pk_testkey(priv_key) == GPG_ERR_NO_ERROR)), -1);
+*/
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* release prev values and assign new ones */
+ if(ctx->pub_key != NULL) {
+ gcry_sexp_release(ctx->pub_key);
+ }
+ if(ctx->priv_key != NULL) {
+ gcry_sexp_release(ctx->priv_key);
+ }
+
+ ctx->pub_key = pub_key;
+ ctx->priv_key = priv_key;
+
+ /* done */
+ return(0);
+}
+
+static gcry_sexp_t
+xmlSecGnuTLSAsymKeyDataGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), NULL);
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->pub_key);
+}
+
+static gcry_sexp_t
+xmlSecGnuTLSAsymKeyDataGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), NULL);
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->priv_key);
+}
+
+static int
+xmlSecGnuTLSAsymKeyDataGenerate(xmlSecKeyDataPtr data, const char * alg, xmlSecSize key_size) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+ gcry_sexp_t key_spec = NULL;
+ gcry_sexp_t key_pair = NULL;
+ gcry_error_t err;
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), -1);
+ xmlSecAssert2(alg != NULL, -1);
+ xmlSecAssert2(key_size > 0, -1);
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ err = gcry_sexp_build(&key_spec, NULL,
+ "(genkey (%s (nbits %d)(transient-key)))",
+ alg, (int)key_size);
+ if((err != GPG_ERR_NO_ERROR) || (key_spec == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(genkey)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "err=%d", (int)err);
+ goto done;
+ }
+
+ err = gcry_pk_genkey(&key_pair, key_spec);
+ if((err != GPG_ERR_NO_ERROR) || (key_pair == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_genkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "err=%d", (int)err);
+ goto done;
+ }
+
+ ret = xmlSecGnuTLSAsymKeyDataAdoptKey(data, key_pair);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAsymKeyDataAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", (int)ret);
+ goto done;
+ }
+ key_pair = NULL; /* now owned by data */
+
+ /* success */
+ res = 0;
+
+done:
+ if(key_spec != NULL) {
+ gcry_sexp_release(key_spec);
+ }
+ if(key_pair != NULL) {
+ gcry_sexp_release(key_pair);
+ }
+
+ return(res);
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSAsymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown);
+
+ if((ctx->priv_key != NULL) && (ctx->pub_key != NULL)) {
+ return (xmlSecKeyDataTypePrivate);
+ } else if(ctx->pub_key != NULL) {
+ return (xmlSecKeyDataTypePublic);
+ }
+
+ return (xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGnuTLSAsymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGnuTLSAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecGnuTLSAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ /* use pub key since it is more often you have it than not */
+ return (ctx->pub_key != NULL) ? gcry_pk_get_nbits(ctx->pub_key) : 0;
+}
+
+/******************************************************************************
+ *
+ * helper functions
+ *
+ *****************************************************************************/
+static gcry_sexp_t
+xmlSecGnuTLSAsymSExpDup(gcry_sexp_t pKey) {
+ gcry_sexp_t res = NULL;
+ xmlSecByte *buf = NULL;
+ gcry_error_t ret;
+ size_t size;
+
+ xmlSecAssert2(pKey != NULL, NULL);
+
+ size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ if(size == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_sprint",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ buf = (xmlSecByte *)xmlMalloc(size);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)size);
+ goto done;
+ }
+
+ size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, buf, size);
+ if(size == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_sprint",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", (int)size);
+ goto done;
+ }
+
+ ret = gcry_sexp_new(&res, buf, size, 1);
+ if((ret != GPG_ERR_NO_ERROR) || (res == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", (int)ret);
+ goto done;
+ }
+
+done:
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+ return (res);
+}
+
+/**
+ * xmlSecGnuTLSNodeGetMpiValue:
+ * @cur: the poitner to an XML node.
+ *
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * to a BIGNUM. If no BIGNUM buffer provided then a new
+ * BIGNUM is created (caller is responsible for freeing it).
+ *
+ * Returns: a pointer to MPI produced from CryptoBinary string
+ * or NULL if an error occurs.
+ */
+static gcry_mpi_t
+xmlSecGnuTLSNodeGetMpiValue(const xmlNodePtr cur) {
+ xmlSecBuffer buf;
+ gcry_mpi_t res = NULL;
+ gcry_error_t err;
+ int ret;
+
+ xmlSecAssert2(cur != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buf, 128);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ err = gcry_mpi_scan(&res, GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(&buf),
+ xmlSecBufferGetSize(&buf),
+ NULL);
+ if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "err=%d", (int)err);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlSecBufferFinalize(&buf);
+ return(res);
+}
+
+/**
+ * xmlSecGnuTLSNodeSetMpiValue:
+ * @cur: the pointer to an XML node.
+ * @a: the mpi value
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGnuTLSNodeSetMpiValue(xmlNodePtr cur, const gcry_mpi_t a, int addLineBreaks) {
+ xmlSecBuffer buf;
+ gcry_error_t err;
+ size_t written = 0;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "err=%d", (int)err);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&buf, written + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", (int)written + 1);
+ return(-1);
+ }
+
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(&buf),
+ xmlSecBufferGetMaxSize(&buf),
+ &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "err=%d,size=%d",
+ (int)err, (int)xmlSecBufferGetMaxSize(&buf));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetSize(&buf, written);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "written=%d", (int)written);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ } else {
+ xmlNodeSetContent(cur, xmlSecStringEmpty);
+ }
+
+ ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ xmlSecBufferFinalize(&buf);
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSNodeSetSExpTokValue:
+ * @cur: the pointer to an XML node.
+ * @sexp: the sexp
+ * @tok: the token
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGnuTLSNodeSetSExpTokValue(xmlNodePtr cur, const gcry_sexp_t sexp,
+ const char * tok, int addLineBreaks)
+{
+ gcry_sexp_t val = NULL;
+ gcry_mpi_t mpi = NULL;
+ int res = -1;
+
+ xmlSecAssert2(cur != NULL, -1);
+ xmlSecAssert2(sexp != NULL, -1);
+ xmlSecAssert2(tok != NULL, -1);
+
+ val = gcry_sexp_find_token(sexp, tok, 0);
+ if(val == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "tok=%s",
+ xmlSecErrorsSafeString(tok));
+ goto done;
+ }
+
+ mpi = gcry_sexp_nth_mpi(val, 1, GCRYMPI_FMT_USG);
+ if(mpi == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "tok=%s",
+ xmlSecErrorsSafeString(tok));
+ goto done;
+ }
+
+ /* almost done */
+ res = xmlSecGnuTLSNodeSetMpiValue(cur, mpi, addLineBreaks);
+
+done:
+ if(mpi != NULL) {
+ gcry_mpi_release(mpi);
+ }
+ if(val != NULL) {
+ gcry_sexp_release(val);
+ }
+
+ return(res);
+}
+
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
+ * * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ * <sequence>
+ * <sequence minOccurs="0">
+ * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="Q" type="ds:CryptoBinary"/>
+ * </sequence>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ * <sequence minOccurs="0">
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ * <!ELEMENT P (#PCDATA) >
+ * <!ELEMENT Q (#PCDATA) >
+ * <!ELEMENT G (#PCDATA) >
+ * <!ELEMENT Y (#PCDATA) >
+ * <!ELEMENT J (#PCDATA) >
+ * <!ELEMENT Seed (#PCDATA) >
+ * <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int xmlSecGnuTLSKeyDataDsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGnuTLSKeyDataDsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataDsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataDsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGnuTLSKeyDataDsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGnuTLSKeyDataDsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGnuTLSKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGnuTLSKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGnuTLSAsymKeyDataSize,
+
+ /* data */
+ xmlSecNameDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataDsaGetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataDsaKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptKey:
+ * @data: the pointer to DSA key data.
+ * @dsa_key: the pointer to GnuTLS DSA key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t dsa_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(dsa_key != NULL, -1);
+
+ return xmlSecGnuTLSAsymKeyDataAdoptKey(data, dsa_key);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptKeyPair:
+ * @data: the pointer to DSA key data.
+ * @pub_key: the pointer to GnuTLS DSA pub key.
+ * @priv_key: the pointer to GnuTLS DSA priv key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(pub_key != NULL, -1);
+
+ return xmlSecGnuTLSAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetPublicKey:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the GnuTLS DSA public key from DSA key data.
+ *
+ * Returns: pointer to GnuTLS public DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataDsaGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), NULL);
+ return xmlSecGnuTLSAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetPrivateKey:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the GnuTLS DSA private key from DSA key data.
+ *
+ * Returns: pointer to GnuTLS private DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataDsaGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), NULL);
+ return xmlSecGnuTLSAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+
+ return(xmlSecGnuTLSAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGnuTLSKeyDataDsaId), -1);
+
+ return(xmlSecGnuTLSAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGnuTLSKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId));
+
+ xmlSecGnuTLSAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ return xmlSecGnuTLSAsymKeyDataGenerate(data, "dsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+
+ return xmlSecGnuTLSAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGnuTLSKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), 0);
+
+ return xmlSecGnuTLSAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGnuTLSKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecGnuTLSKeyDataDsaGetSize(data));
+}
+
+static void
+xmlSecGnuTLSKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecGnuTLSKeyDataDsaGetSize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaXmlRead(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx)
+{
+ xmlNodePtr cur;
+ xmlSecKeyDataPtr data = NULL;
+ gcry_mpi_t p = NULL;
+ gcry_mpi_t q = NULL;
+ gcry_mpi_t g = NULL;
+ gcry_mpi_t x = NULL;
+ gcry_mpi_t y = NULL;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ gcry_error_t err;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ p = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(p == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ q = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(q == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ g = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(g == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * we are not sure exactly what do we read */
+ x = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(x == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is Y node. */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ y = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(y == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* todo: add support for J */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for seed */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for pgencounter */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+
+ /* construct pub/priv key pairs */
+ err = gcry_sexp_build(&pub_key, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ p, q, g, y);
+ if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(public)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ if(x != NULL) {
+ err = gcry_sexp_build(&priv_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))",
+ p, q, g, x, y);
+ if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(private)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ /* create key data */
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGnuTLSKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataDsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* pub_key is owned by data now */
+ priv_key = NULL; /* priv_key is owned by data now */
+
+ /* set key */
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL; /* data is owned by key now */
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(p != NULL) {
+ gcry_mpi_release(p);
+ }
+
+ if(q != NULL) {
+ gcry_mpi_release(q);
+ }
+
+ if(g != NULL) {
+ gcry_mpi_release(g);
+ }
+
+ if(x != NULL) {
+ gcry_mpi_release(x);
+ }
+
+ if(y != NULL) {
+ gcry_mpi_release(y);
+ }
+
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ return(res);
+}
+
+static int
+xmlSecGnuTLSKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ gcry_sexp_t pub_priv_key;
+ gcry_sexp_t dsa = NULL;
+ int private = 0;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* find the private or public key */
+ pub_priv_key = xmlSecGnuTLSKeyDataDsaGetPrivateKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ pub_priv_key = xmlSecGnuTLSKeyDataDsaGetPublicKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataDsaGetPublicKey()",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ } else {
+ private = 1;
+ }
+
+ dsa = gcry_sexp_find_token(pub_priv_key, "dsa", 0);
+ if(dsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "gcry_sexp_find_token(dsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* first is P node */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "p", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+
+ /* next is Q node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "q", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+
+ /* next is G node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "g", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+
+ /* next is X node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+ cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "x", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ }
+
+ /* next is Y node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, dsa, "y", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ if(dsa != NULL) {
+ gcry_sexp_release(dsa);
+ }
+
+ return(res);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ * <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ * jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * </Modulus>
+ * <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ * <sequence>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Exponent" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an PrivateExponent element is added
+ * to the end
+ *
+ *************************************************************************/
+
+static int xmlSecGnuTLSKeyDataRsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGnuTLSKeyDataRsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataRsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataRsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataRsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGnuTLSKeyDataRsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGnuTLSKeyDataRsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGnuTLSKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGnuTLSKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataRsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGnuTLSAsymKeyDataSize,
+
+ /* data */
+ xmlSecNameRSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetKlass:
+ *
+ * The GnuTLS RSA key data klass.
+ *
+ * Returns: pointer to GnuTLS RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataRsaGetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataRsaKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptKey:
+ * @data: the pointer to RSA key data.
+ * @rsa_key: the pointer to GnuTLS RSA key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t rsa_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(rsa_key != NULL, -1);
+
+ return xmlSecGnuTLSAsymKeyDataAdoptKey(data, rsa_key);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptKeyPair:
+ * @data: the pointer to RSA key data.
+ * @pub_key: the pointer to GnuTLS RSA pub key.
+ * @priv_key: the pointer to GnuTLS RSA priv key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(pub_key != NULL, -1);
+
+ return xmlSecGnuTLSAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetPublicKey:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the GnuTLS RSA public key from RSA key data.
+ *
+ * Returns: pointer to GnuTLS public RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataRsaGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), NULL);
+ return xmlSecGnuTLSAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetPrivateKey:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the GnuTLS RSA private key from RSA key data.
+ *
+ * Returns: pointer to GnuTLS private RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGnuTLSKeyDataRsaGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), NULL);
+ return xmlSecGnuTLSAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+
+ return(xmlSecGnuTLSAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGnuTLSKeyDataRsaId), -1);
+
+ return(xmlSecGnuTLSAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGnuTLSKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId));
+
+ xmlSecGnuTLSAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ return xmlSecGnuTLSAsymKeyDataGenerate(data, "rsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+
+ return xmlSecGnuTLSAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGnuTLSKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), 0);
+
+ return xmlSecGnuTLSAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGnuTLSKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecGnuTLSKeyDataRsaGetSize(data));
+}
+
+static void
+xmlSecGnuTLSKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecGnuTLSKeyDataRsaGetSize(data));
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ xmlSecKeyDataPtr data = NULL;
+ gcry_mpi_t n = NULL;
+ gcry_mpi_t e = NULL;
+ gcry_mpi_t d = NULL;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ gcry_error_t err;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ goto done;
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is Modulus node. It is REQUIRED */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ n = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(n == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Exponent node. It is REQUIRED */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ e = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(e == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+ /* next is PrivateExponent node. It is REQUIRED for private key */
+ d = xmlSecGnuTLSNodeGetMpiValue(cur);
+ if(d == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ goto done;
+ }
+
+ /* construct pub/priv key pairs */
+ err = gcry_sexp_build(&pub_key, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ n, e);
+ if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(public)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ if(d != NULL) {
+ err = gcry_sexp_build(&priv_key, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)))",
+ n, e, d);
+ if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(private)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+
+ /* create key data */
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGnuTLSKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataRsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* pub_key is owned by data now */
+ priv_key = NULL; /* priv_key is owned by data now */
+
+ /* set key */
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL; /* data is owned by key now */
+
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(n != NULL) {
+ gcry_mpi_release(n);
+ }
+
+ if(e != NULL) {
+ gcry_mpi_release(e);
+ }
+
+ if(d != NULL) {
+ gcry_mpi_release(d);
+ }
+
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ return(res);
+
+}
+
+static int
+xmlSecGnuTLSKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ gcry_sexp_t pub_priv_key;
+ gcry_sexp_t rsa = NULL;
+ int private = 0;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* find the private or public key */
+ pub_priv_key = xmlSecGnuTLSKeyDataRsaGetPrivateKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ pub_priv_key = xmlSecGnuTLSKeyDataRsaGetPublicKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataRsaGetPublicKey()",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ } else {
+ private = 1;
+ }
+
+ rsa = gcry_sexp_find_token(pub_priv_key, "rsa", 0);
+ if(rsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "gcry_sexp_find_token(rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* first is Modulus node */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, rsa, "n", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+
+ /* next is Exponent node. */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, rsa, "e", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+
+ /* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+ cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ ret = xmlSecGnuTLSNodeSetSExpTokValue(cur, rsa, "d", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ if(rsa != NULL) {
+ gcry_sexp_release(rsa);
+ }
+
+ return(res);
+}
+
+#endif /* XMLSEC_NO_RSA */
diff --git a/src/gcrypt/ciphers.c b/src/gcrypt/ciphers.c
new file mode 100644
index 0000000..a137ac8
--- /dev/null
+++ b/src/gcrypt/ciphers.c
@@ -0,0 +1,853 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * Internal GnuTLS Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSBlockCipherCtx xmlSecGnuTLSBlockCipherCtx,
+ *xmlSecGnuTLSBlockCipherCtxPtr;
+struct _xmlSecGnuTLSBlockCipherCtx {
+ int cipher;
+ int mode;
+ gcry_cipher_hd_t cipherCtx;
+ xmlSecKeyDataId keyId;
+ int keyInitialized;
+ int ctxInitialized;
+};
+
+static int xmlSecGnuTLSBlockCipherCtxInit (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSBlockCipherCtxUpdate (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSBlockCipherCtxFinal (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
+xmlSecGnuTLSBlockCipherCtxInit(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ int blockLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* iv len == block len */
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ if(encrypt) {
+ xmlSecByte* iv;
+ xmlSecSize outSize;
+
+ /* allocate space for IV */
+ outSize = xmlSecBufferGetSize(out);
+ ret = xmlSecBufferSetSize(out, outSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + blockLen);
+ return(-1);
+ }
+ iv = xmlSecBufferGetData(out) + outSize;
+
+ /* generate and use random iv */
+ gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM);
+ ret = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ } else {
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)blockLen) {
+ return(0);
+ }
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+
+ /* set iv */
+ ret = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ }
+
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherCtxUpdate(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, inBlocks, outSize;
+ int blockLen;
+ xmlSecByte* outBuf;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(inSize < (xmlSecSize)blockLen) {
+ return(0);
+ }
+
+ if(encrypt) {
+ inBlocks = inSize / ((xmlSecSize)blockLen);
+ } else {
+ /* we want to have the last block in the input buffer
+ * for padding check */
+ inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+ }
+ inSize = inBlocks * ((xmlSecSize)blockLen);
+
+ /* we write out the input size plus may be one block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ } else {
+ ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherCtxFinal(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, outSize;
+ int blockLen, outLen = 0;
+ xmlSecByte* inBuf;
+ xmlSecByte* outBuf;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(encrypt != 0) {
+ xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+
+ /* create padding */
+ ret = xmlSecBufferSetMaxSize(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+ /* create random padding */
+ if((xmlSecSize)blockLen > (inSize + 1)) {
+ gcry_randomize(inBuf + inSize, blockLen - inSize - 1,
+ GCRY_STRONG_RANDOM); /* as usual, we are paranoid */
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
+ } else {
+ if(inSize != (xmlSecSize)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
+ }
+
+ /* process last block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ } else {
+ ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ }
+
+ if(encrypt == 0) {
+ /* check padding */
+ if(inSize < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], inSize);
+ return(-1);
+ }
+ outLen = inSize - outBuf[blockLen - 1];
+ } else {
+ outLen = inSize;
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * Block Cipher transforms
+ *
+ * xmlSecGnuTLSBlockCipherCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSBlockCipherSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSBlockCipherCtx))
+#define xmlSecGnuTLSBlockCipherGetCtx(transform) \
+ ((xmlSecGnuTLSBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGnuTLSBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGnuTLSBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGnuTLSBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+static int
+xmlSecGnuTLSBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformDes3CbcId)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes128CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes192CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes256CbcId)) {
+
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+ gpg_err_code_t ret;
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+ if(transform->id == xmlSecGnuTLSTransformDes3CbcId) {
+ ctx->cipher = GCRY_CIPHER_3DES;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataDesId;
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(transform->id == xmlSecGnuTLSTransformAes128CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataAesId;
+ } else if(transform->id == xmlSecGnuTLSTransformAes192CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataAesId;
+ } else if(transform->id == xmlSecGnuTLSTransformAes256CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataAesId;
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecGnuTLSBlockCipherFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSBlockCipherCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize));
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->cipherCtx != NULL) {
+ gcry_cipher_close(ctx->cipherCtx);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
+}
+
+static int
+xmlSecGnuTLSBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = 8 * gcry_cipher_get_algo_keylen(ctx->cipher);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyInitialized == 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ keySize = gcry_cipher_get_algo_keylen(ctx->cipher);
+ xmlSecAssert2(keySize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) < keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), keySize);
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+ ret = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ ctx->keyInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecGnuTLSBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecGnuTLSBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecGnuTLSBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else if(transform->status == xmlSecTransformStatusNone) {
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSAes128CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes128CbcGetKlass(void) {
+ return(&xmlSecGnuTLSAes128CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSAes192CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes192CbcGetKlass(void) {
+ return(&xmlSecGnuTLSAes192CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSAes256CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes256CbcGetKlass(void) {
+ return(&xmlSecGnuTLSAes256CbcKlass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+static xmlSecTransformKlass xmlSecGnuTLSDes3CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformDes3CbcGetKlass(void) {
+ return(&xmlSecGnuTLSDes3CbcKlass);
+}
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c
new file mode 100644
index 0000000..3687c65
--- /dev/null
+++ b/src/gcrypt/crypto.c
@@ -0,0 +1,330 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecGnuTLSFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_gnutls:
+ *
+ * Gets the pointer to xmlsec-gnutls functions table.
+ *
+ * Returns: the xmlsec-gnutls functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_gnutls(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecGnuTLSFunctions != NULL) {
+ return(gXmlSecGnuTLSFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecGnuTLSFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecGnuTLSFunctions->cryptoInit = xmlSecGnuTLSInit;
+ gXmlSecGnuTLSFunctions->cryptoShutdown = xmlSecGnuTLSShutdown;
+ gXmlSecGnuTLSFunctions->cryptoKeysMngrInit = xmlSecGnuTLSKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->keyDataAesGetKlass = xmlSecGnuTLSKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->keyDataDesGetKlass = xmlSecGnuTLSKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecGnuTLSFunctions->keyDataDsaGetKlass = xmlSecGnuTLSKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecGnuTLSFunctions->keyDataHmacGetKlass = xmlSecGnuTLSKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecGnuTLSFunctions->keyDataRsaGetKlass = xmlSecGnuTLSKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass = xmlSecGnuTLSTransformAes128CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass = xmlSecGnuTLSTransformAes192CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass = xmlSecGnuTLSTransformAes256CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes128GetKlass = xmlSecGnuTLSTransformKWAes128GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes192GetKlass = xmlSecGnuTLSTransformKWAes192GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes256GetKlass = xmlSecGnuTLSTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass = xmlSecGnuTLSTransformDes3CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWDes3GetKlass = xmlSecGnuTLSTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifdef ALEKSEY_TODO
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformDsaSha1GetKlass = xmlSecGnuTLSTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#endif /* ALEKSEY_TODO */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformHmacMd5GetKlass = xmlSecGnuTLSTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformHmacRipemd160GetKlass = xmlSecGnuTLSTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformHmacSha1GetKlass = xmlSecGnuTLSTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformHmacSha256GetKlass = xmlSecGnuTLSTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformHmacSha384GetKlass = xmlSecGnuTLSTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformHmacSha512GetKlass = xmlSecGnuTLSTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformMd5GetKlass = xmlSecGnuTLSTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformRipemd160GetKlass = xmlSecGnuTLSTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /******************************* RSA ********************************/
+#ifdef ALEKSEY_TODO
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformRsaMd5GetKlass = xmlSecGnuTLSTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformRsaRipemd160GetKlass = xmlSecGnuTLSTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformRsaSha1GetKlass = xmlSecGnuTLSTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecGnuTLSFunctions->transformRsaSha224GetKlass = xmlSecGnuTLSTransformRsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformRsaSha256GetKlass = xmlSecGnuTLSTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformRsaSha384GetKlass = xmlSecGnuTLSTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformRsaSha512GetKlass = xmlSecGnuTLSTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ gXmlSecGnuTLSFunctions->transformRsaPkcs1GetKlass = xmlSecGnuTLSTransformRsaPkcs1GetKlass;
+ gXmlSecGnuTLSFunctions->transformRsaOaepGetKlass = xmlSecGnuTLSTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+#endif /* ALEKSEY_TODO */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformSha1GetKlass = xmlSecGnuTLSTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformSha256GetKlass = xmlSecGnuTLSTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformSha384GetKlass = xmlSecGnuTLSTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformSha512GetKlass = xmlSecGnuTLSTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecGnuTLSFunctions->cryptoAppInit = xmlSecGnuTLSAppInit;
+ gXmlSecGnuTLSFunctions->cryptoAppShutdown = xmlSecGnuTLSAppShutdown;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGnuTLSAppDefaultKeysMngrInit;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGnuTLSAppDefaultKeysMngrAdoptKey;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGnuTLSAppDefaultKeysMngrLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGnuTLSAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecGnuTLSFunctions->cryptoAppKeysMngrCertLoad = xmlSecGnuTLSAppKeysMngrCertLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppPkcs12Load = xmlSecGnuTLSAppPkcs12Load;
+ gXmlSecGnuTLSFunctions->cryptoAppKeyCertLoad = xmlSecGnuTLSAppKeyCertLoad;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecGnuTLSFunctions->cryptoAppKeyLoad = xmlSecGnuTLSAppKeyLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGnuTLSAppGetDefaultPwdCallback();
+
+ return(gXmlSecGnuTLSFunctions);
+}
+
+
+/**
+ * xmlSecGnuTLSInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gnutls()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSShutdown(void) {
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds GnuTLS specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* TODO: add key data stores */
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSGenerateRandom:
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ ret = xmlSecBufferSetSize(buffer, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ /* get random data */
+ gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
+ return(0);
+}
diff --git a/src/gcrypt/digests.c b/src/gcrypt/digests.c
new file mode 100644
index 0000000..c43cd08
--- /dev/null
+++ b/src/gcrypt/digests.c
@@ -0,0 +1,616 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+#define XMLSEC_GNUTLS_MAX_DIGEST_SIZE 256
+
+/**************************************************************************
+ *
+ * Internal GNUTLS Digest CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSDigestCtx xmlSecGnuTLSDigestCtx, *xmlSecGnuTLSDigestCtxPtr;
+struct _xmlSecGnuTLSDigestCtx {
+ int digest;
+ gcry_md_hd_t digestCtx;
+ xmlSecByte dgst[XMLSEC_GNUTLS_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
+
+/******************************************************************************
+ *
+ * Digest transforms
+ *
+ * xmlSecGnuTLSDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSDigestCtx))
+#define xmlSecGnuTLSDigestGetCtx(transform) \
+ ((xmlSecGnuTLSDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGnuTLSDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSDigestCheckId (xmlSecTransformPtr transform);
+
+static int
+xmlSecGnuTLSDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+static int
+xmlSecGnuTLSDigestInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+ gpg_err_code_t ret;
+
+ xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecGnuTLSDigestFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSDigestCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize));
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
+}
+
+static int
+xmlSecGnuTLSDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ if(dataSize != ctx->dgstSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest sizes are different (data=%d, dgst=%d)",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ if(memcmp(ctx->dgst, data, dataSize) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ xmlSecByte* buf;
+
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, buf, ctx->dgstSize);
+
+ /* and to the output if needed */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha1GetKlass(void) {
+ return(&xmlSecGnuTLSSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha256GetKlass(void) {
+ return(&xmlSecGnuTLSSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha384GetKlass(void) {
+ return(&xmlSecGnuTLSSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha512GetKlass(void) {
+ return(&xmlSecGnuTLSSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformMd5GetKlass(void) {
+ return(&xmlSecGnuTLSMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * RIPEMD160 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformRipemd160GetKlass:
+ *
+ * RIPEMD160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD160 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRipemd160GetKlass(void) {
+ return(&xmlSecGnuTLSRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
diff --git a/src/gcrypt/globals.h b/src/gcrypt/globals.h
new file mode 100644
index 0000000..770b6db
--- /dev/null
+++ b/src/gcrypt/globals.h
@@ -0,0 +1,24 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/gcrypt/hmac.c b/src/gcrypt/hmac.c
new file mode 100644
index 0000000..f965b8d
--- /dev/null
+++ b/src/gcrypt/hmac.c
@@ -0,0 +1,824 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+/* sizes in bits */
+#define XMLSEC_GNUTLS_MIN_HMAC_SIZE 80
+#define XMLSEC_GNUTLS_MAX_HMAC_SIZE (128 * 8)
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecGnuTLSHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecGnuTLSHmacGetMinOutputLength(void)
+{
+ return g_xmlsec_gnutls_hmac_min_length;
+}
+
+/**
+ * xmlSecGnuTLSHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_gnutls_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
+ * Internal GNUTLS HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSHmacCtx xmlSecGnuTLSHmacCtx, *xmlSecGnuTLSHmacCtxPtr;
+struct _xmlSecGnuTLSHmacCtx {
+ int digest;
+ gcry_md_hd_t digestCtx;
+ xmlSecByte dgst[XMLSEC_GNUTLS_MAX_HMAC_SIZE / 8];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
+
+/******************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecGnuTLSHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSHmacGetCtx(transform) \
+ ((xmlSecGnuTLSHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGnuTLSHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSHmacCtx))
+
+static int xmlSecGnuTLSHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGnuTLSHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGnuTLSHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGnuTLSHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+
+static int
+xmlSecGnuTLSHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ gpg_err_code_t ret;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* open context */
+ ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize));
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
+}
+
+/**
+ * xmlSecGnuTLSHmacNodeRead:
+ *
+ * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ *
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * Schema Definition:
+ *
+ * <simpleType name="HMACOutputLengthType">
+ * <restriction base="integer"/>
+ * </simpleType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT HMACOutputLength (#PCDATA)>
+ */
+static int
+xmlSecGnuTLSHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this lenght to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ return(-1);
+ }
+ return(0);
+}
+
+
+static int
+xmlSecGnuTLSHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGnuTLSKeyDataHmacId;
+ keyReq->keyType= xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGnuTLSKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key is empty");
+ return(-1);
+ }
+
+ ret = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer));
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecByte* dgst;
+ xmlSecSize dgstSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ dgst = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(dgst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, dgst, dgstSize);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= 8 * dgstSize) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "size=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
+ return(&xmlSecGnuTLSHmacSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha256GetKlass(void) {
+ return(&xmlSecGnuTLSHmacSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha384GetKlass(void) {
+ return(&xmlSecGnuTLSHmacSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha512GetKlass(void) {
+ return(&xmlSecGnuTLSHmacSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * HMAC Ripemd160
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacRipemd160GetKlass(void) {
+ return(&xmlSecGnuTLSHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacMd5GetKlass(void) {
+ return(&xmlSecGnuTLSHmacMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+
+#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gcrypt/kw_aes.c b/src/gcrypt/kw_aes.c
new file mode 100644
index 0000000..b47eec4
--- /dev/null
+++ b/src/gcrypt/kw_aes.c
@@ -0,0 +1,594 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_AES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+#include "../kw_aes_des.h"
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecGnuTLSKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecGnuTLSKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecGnuTLSKWAesKlass = {
+ /* callbacks */
+ xmlSecGnuTLSKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecGnuTLSKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecGnuTLSKWAesCtx xmlSecGnuTLSKWAesCtx,
+ *xmlSecGnuTLSKWAesCtxPtr;
+struct _xmlSecGnuTLSKWAesCtx {
+ int cipher;
+ int mode;
+ int flags;
+ xmlSecSize blockSize;
+ xmlSecSize keyExpectedSize;
+
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecGnuTLSKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSKWAesCtx))
+#define xmlSecGnuTLSKWAesGetCtx(transform) \
+ ((xmlSecGnuTLSKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGnuTLSKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes256Id))
+
+static int xmlSecGnuTLSKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGnuTLSKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGnuTLSKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGnuTLSKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes128Id)) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes192Id)) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes256Id)) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->flags = GCRY_CIPHER_SECURE; /* we are paranoid */
+ ctx->blockSize = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(ctx->blockSize > 0, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSKWAesGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize));
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGnuTLSKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGnuTLSKeyDataAesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataAesId), -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWAesEncode(&xmlSecGnuTLSKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWAesDecode(&xmlSecGnuTLSKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes128GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecGnuTLSTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes192GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes256GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes256Klass);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static unsigned char g_zero_iv[XMLSEC_KW_AES_BLOCK_SIZE] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+static int
+xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ gpg_err_code_t ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ ret = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ ret = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+static int
+xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ gpg_err_code_t ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ ret = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ ret = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/gcrypt/kw_des.c b/src/gcrypt/kw_des.c
new file mode 100644
index 0000000..d6af1ef
--- /dev/null
+++ b/src/gcrypt/kw_des.c
@@ -0,0 +1,610 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+#include "../kw_aes_des.h"
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecGnuTLSKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGnuTLSKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGnuTLSKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGnuTLSKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecGnuTLSKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecGnuTLSKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecGnuTLSKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecGnuTLSKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecGnuTLSKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecGnuTLSKWDes3Encrypt (const xmlSecByte *key,
+ xmlSecSize keySize,
+ const xmlSecByte *iv,
+ xmlSecSize ivSize,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize,
+ int enc);
+
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecGnuTLSKWDes3Ctx xmlSecGnuTLSKWDes3Ctx,
+ *xmlSecGnuTLSKWDes3CtxPtr;
+struct _xmlSecGnuTLSKWDes3Ctx {
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecGnuTLSKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSKWDes3Ctx))
+#define xmlSecGnuTLSKWDes3GetCtx(transform) \
+ ((xmlSecGnuTLSKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGnuTLSKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGnuTLSKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGnuTLSKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecGnuTLSKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWDes3GetKlass(void) {
+ return(&xmlSecGnuTLSKWDes3Klass);
+}
+
+static int
+xmlSecGnuTLSKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+
+ ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size));
+
+ ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGnuTLSKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGnuTLSKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataDesId), -1);
+
+ ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecGnuTLSKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecGnuTLSKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecGnuTLSKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+ gcry_md_hd_t digestCtx;
+ unsigned char * res;
+ unsigned int len;
+ gpg_err_code_t ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ xmlSecAssert2(outSize >= len, -1);
+
+ ret = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_open(GCRY_MD_SHA1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ gcry_md_write(digestCtx, in, inSize);
+
+ ret = gcry_md_final(digestCtx);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_final",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_md_close(digestCtx);
+ return(-1);
+ }
+
+ res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_read(GCRY_MD_SHA1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_md_close(digestCtx);
+ return(-1);
+ }
+
+ /* done */
+ xmlSecAssert2(outSize >= len, -1);
+ memcpy(out, res, len);
+ gcry_md_close(digestCtx);
+ return(len);
+}
+
+static int
+xmlSecGnuTLSKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ gcry_randomize(out, outSize, GCRY_STRONG_RANDOM);
+ return((int)outSize);
+}
+
+static int
+xmlSecGnuTLSKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecGnuTLSKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 1); /* encrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(ret);
+}
+
+static int
+xmlSecGnuTLSKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecGnuTLSKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 0); /* decrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(ret);
+}
+
+static int
+xmlSecGnuTLSKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
+ const xmlSecByte *iv, xmlSecSize ivSize,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize,
+ int enc) {
+ size_t key_len = gcry_cipher_get_algo_keylen(GCRY_CIPHER_3DES);
+ size_t block_len = gcry_cipher_get_algo_blklen(GCRY_CIPHER_3DES);
+ gcry_cipher_hd_t cipherCtx;
+ gpg_err_code_t ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keySize >= key_len, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= block_len, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = gcry_cipher_open(&cipherCtx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open(GCRY_CIPHER_3DES)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = gcry_cipher_setkey(cipherCtx, key, keySize);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "keySize=%d,ret=%d",
+ keySize, ret);
+ return(-1);
+ }
+
+ ret = gcry_cipher_setiv(cipherCtx, iv, ivSize);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d,ret=%d",
+ ivSize, ret);
+ return(-1);
+ }
+
+ if(enc) {
+ ret = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ } else {
+ ret = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ }
+
+ /* done */
+ gcry_cipher_close(cipherCtx);
+ return((int)inSize); /* out size == in size */
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/symkeys.c b/src/gcrypt/symkeys.c
new file mode 100644
index 0000000..d2ea284
--- /dev/null
+++ b/src/gcrypt/symkeys.c
@@ -0,0 +1,440 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int xmlSecGnuTLSSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGnuTLSSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGnuTLSSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGnuTLSSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGnuTLSSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGnuTLSSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecGnuTLSSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+#define xmlSecGnuTLSSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecGnuTLSSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecGnuTLSSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecGnuTLSSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecGnuTLSSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecGnuTLSGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGnuTLSSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecGnuTLSSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecGnuTLSSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecGnuTLSSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecGnuTLSKeyDataDesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(klass == xmlSecGnuTLSKeyDataAesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecGnuTLSKeyDataHmacId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_HMAC */
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+/**************************************************************************
+ *
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataAesGetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataAesKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataAesSet:
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataAesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataDesGetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataDesKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDesSet:
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataHmacGetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataHmacKlass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/xmlsec-gcrypt.pc.in b/xmlsec-gcrypt.pc.in
new file mode 100644
index 0000000..e2c50a0
--- /dev/null
+++ b/xmlsec-gcrypt.pc.in
@@ -0,0 +1,11 @@
+prefix= prefix@
+exec_prefix= exec_prefix@
+libdir= libdir@
+includedir= includedir@
+
+Name: xmlsec1-gnutls
+Version: @VERSION@
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
+Cflags: -DXMLSEC_CRYPTO=\\\"gnutls\\\" @XMLSEC_GNUTLS_CFLAGS@
+Libs: @XMLSEC_GNUTLS_LIBS@
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]