[xmlsec] make xmlsec-gnutls to call xmlsec-gcrypt directly
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] make xmlsec-gnutls to call xmlsec-gcrypt directly
- Date: Fri, 14 May 2010 02:28:45 +0000 (UTC)
commit 7fa0c1c78ab0704d797477db77b2805cb7499e36
Author: Aleksey Sanin <aleksey aleksey com>
Date: Wed May 12 16:58:58 2010 -0700
make xmlsec-gnutls to call xmlsec-gcrypt directly
Makefile.am | 2 +-
configure.in | 165 +++--
src/gnutls/Makefile.am | 3 +-
src/gnutls/README | 1 +
src/gnutls/asymkeys.c | 1922 ------------------------------------------------
src/gnutls/ciphers.c | 789 +--------------------
src/gnutls/crypto.c | 5 +-
src/gnutls/digests.c | 519 +-------------
src/gnutls/hmac.c | 723 +------------------
src/gnutls/kw_aes.c | 535 +-------------
src/gnutls/kw_des.c | 566 +--------------
src/gnutls/symkeys.c | 335 +--------
xmlsec-gnutls.pc.in | 4 +-
13 files changed, 141 insertions(+), 5428 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index 32fec02..ce79935 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -85,7 +85,7 @@ docs-clean:
docs-man:
@(cd man && $(MAKE) docs)
-check: check-all check-info
+check: check-all check-info
check-all: $(TEST_APP)
@($(PRECHECK_COMMANDS) && \
diff --git a/configure.in b/configure.in
index 1b1147a..1da6bb5 100644
--- a/configure.in
+++ b/configure.in
@@ -792,79 +792,6 @@ AC_SUBST(NSS_MIN_VERSION)
AC_SUBST(NSPR_MIN_VERSION)
AC_SUBST(MOZILLA_MIN_VERSION)
-dnl ==========================================================================
-dnl See if we can find GnuTLS
-dnl ==========================================================================
-GNUTLS_CONFIG="libgnutls-config"
-XMLSEC_NO_GNUTLS="1"
-GNUTLS_MIN_VERSION="2.8.0"
-GNUTLS_VERSION=""
-GNUTLS_CFLAGS=""
-GNUTLS_LIBS=""
-GNUTLS_CRYPTO_LIB="$XMLSEC_PACKAGE-gnutls"
-GNUTLS_FOUND="no"
-AC_ARG_WITH(gnutls, [ --with-gnutls=[PFX] gnutls location])
-if test "z$with_gnutls" = "zno" ; then
- AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION)
- AC_MSG_RESULT(no)
- GNUTLS_FOUND="without"
-elif test "z$with_gnutls" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
- PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_MIN_VERSION,
- [GNUTLS_FOUND=yes],
- [GNUTLS_FOUND=no])
- if test "z$GNUTLS_FOUND" = "zno" ; then
- PKG_CHECK_MODULES(GNUTLS, libgnutls >= $GNUTLS_MIN_VERSION,
- [GNUTLS_FOUND=yes],
- [GNUTLS_FOUND=no])
- fi
-fi
-
-if test "z$GNUTLS_FOUND" = "zno" ; then
- AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION)
- if test "z$with_gnutls" != "z" ; then
- GNUTLS_CONFIG=$with_gnutls/bin/$GNUTLS_CONFIG
- fi
- if ! $GNUTLS_CONFIG --version > /dev/null 2>&1 ; then
- if test "z$with_gnutls" != "z" ; then
- AC_MSG_ERROR(Unable to find gnutls at '$with_gnutls')
- else
- AC_MSG_RESULT(no)
- fi
- else
- vers=`$GNUTLS_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
- minvers=`echo $GNUTLS_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
- if test "$vers" -ge "$minvers" ; then
- GNUTLS_CFLAGS="$GNUTLS_CFLAGS `$GNUTLS_CONFIG --cflags`"
- GNUTLS_LIBS="$GNUTLS_LIBS `$GNUTLS_CONFIG --libs`"
- GNUTLS_FOUND=yes
- else
- AC_MSG_ERROR(You need at least gnutls $GNUTLS_MIN_VERSION for this version of $XMLSEC_PACKAGE)
- fi
- fi
-fi
-
-if test "z$GNUTLS_FOUND" = "zyes" ; then
- XMLSEC_NO_GNUTLS="0"
- GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DXMLSEC_CRYPTO_GNUTLS=1"
-
- dnl first crypto library is default one
- if test "z$XMLSEC_CRYPTO" = "z" ; then
- XMLSEC_CRYPTO="gnutls"
- XMLSEC_CRYPTO_LIB="$GNUTLS_CRYPTO_LIB"
- XMLSEC_CRYPTO_CFLAGS="$GNUTLS_CFLAGS"
- XMLSEC_CRYPTO_LIBS="$GNUTLS_LIBS"
- fi
- XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gnutls"
-else
- XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gnutls"
-fi
-
-AM_CONDITIONAL(XMLSEC_NO_GNUTLS, test "z$XMLSEC_NO_GNUTLS" = "z1")
-AC_SUBST(XMLSEC_NO_GNUTLS)
-AC_SUBST(GNUTLS_CFLAGS)
-AC_SUBST(GNUTLS_LIBS)
-AC_SUBST(GNUTLS_CRYPTO_LIB)
-AC_SUBST(GNUTLS_MIN_VERSION)
dnl ==========================================================================
dnl See if we can find GCrypt
@@ -949,6 +876,86 @@ AC_SUBST(GCRYPT_MIN_VERSION)
dnl ==========================================================================
+dnl See if we can find GnuTLS
+dnl ==========================================================================
+GNUTLS_CONFIG="libgnutls-config"
+XMLSEC_NO_GNUTLS="1"
+GNUTLS_MIN_VERSION="2.8.0"
+GNUTLS_VERSION=""
+GNUTLS_CFLAGS=""
+GNUTLS_LIBS=""
+GNUTLS_CRYPTO_LIB="$XMLSEC_PACKAGE-gnutls"
+GNUTLS_FOUND="no"
+AC_ARG_WITH(gnutls, [ --with-gnutls=[PFX] gnutls location])
+if test "z$with_gnutls" = "zno" ; then
+ AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION)
+ AC_MSG_RESULT(no)
+ GNUTLS_FOUND="without"
+elif test "z$with_gnutls" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+ PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_MIN_VERSION,
+ [GNUTLS_FOUND=yes],
+ [GNUTLS_FOUND=no])
+ if test "z$GNUTLS_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(GNUTLS, libgnutls >= $GNUTLS_MIN_VERSION,
+ [GNUTLS_FOUND=yes],
+ [GNUTLS_FOUND=no])
+ fi
+fi
+
+if test "z$GNUTLS_FOUND" = "zno" ; then
+ AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION)
+ if test "z$with_gnutls" != "z" ; then
+ GNUTLS_CONFIG=$with_gnutls/bin/$GNUTLS_CONFIG
+ fi
+ if ! $GNUTLS_CONFIG --version > /dev/null 2>&1 ; then
+ if test "z$with_gnutls" != "z" ; then
+ AC_MSG_ERROR(Unable to find gnutls at '$with_gnutls')
+ else
+ AC_MSG_RESULT(no)
+ fi
+ else
+ vers=`$GNUTLS_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $GNUTLS_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS `$GNUTLS_CONFIG --cflags`"
+ GNUTLS_LIBS="$GNUTLS_LIBS `$GNUTLS_CONFIG --libs`"
+ GNUTLS_FOUND=yes
+ else
+ AC_MSG_ERROR(You need at least gnutls $GNUTLS_MIN_VERSION for this version of $XMLSEC_PACKAGE)
+ fi
+ fi
+fi
+
+if test "z$GNUTLS_FOUND" = "zyes" ; then
+ XMLSEC_NO_GNUTLS="0"
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DXMLSEC_CRYPTO_GNUTLS=1"
+
+ dnl xmlsec-gnutls is using xmlsec-gcrypt
+ if test "z$GCRYPT_FOUND" != "zyes" ; then
+ AC_MSG_ERROR(xmlsec-gnutls library requires xmlsec-gcrypt library which is disabled or missing)
+ fi
+
+ dnl first crypto library is default one
+ if test "z$XMLSEC_CRYPTO" = "z" ; then
+ XMLSEC_CRYPTO="gnutls"
+ XMLSEC_CRYPTO_LIB="$GNUTLS_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$GNUTLS_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$GNUTLS_LIBS"
+ fi
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gnutls"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gnutls"
+fi
+
+AM_CONDITIONAL(XMLSEC_NO_GNUTLS, test "z$XMLSEC_NO_GNUTLS" = "z1")
+AC_SUBST(XMLSEC_NO_GNUTLS)
+AC_SUBST(GNUTLS_CFLAGS)
+AC_SUBST(GNUTLS_LIBS)
+AC_SUBST(GNUTLS_CRYPTO_LIB)
+AC_SUBST(GNUTLS_MIN_VERSION)
+
+
+dnl ==========================================================================
dnl See if we can find MSCrypto
dnl ==========================================================================
XMLSEC_NO_MSCRYPTO="1"
@@ -1460,17 +1467,17 @@ XMLSEC_OPENSSL_LIBS="-L${libdir} -l$OPENSSL_CRYPTO_LIB $XMLSEC_CORE_LIBS $OPENSS
AC_SUBST(XMLSEC_OPENSSL_CFLAGS)
AC_SUBST(XMLSEC_OPENSSL_LIBS)
-
-XMLSEC_GNUTLS_CFLAGS="$XMLSEC_CORE_CFLAGS $GNUTLS_CFLAGS"
-XMLSEC_GNUTLS_LIBS="-L${libdir} -l$GNUTLS_CRYPTO_LIB $XMLSEC_CORE_LIBS $GNUTLS_LIBS"
-AC_SUBST(XMLSEC_GNUTLS_CFLAGS)
-AC_SUBST(XMLSEC_GNUTLS_LIBS)
-
XMLSEC_GCRYPT_CFLAGS="$XMLSEC_CORE_CFLAGS $GCRYPT_CFLAGS"
XMLSEC_GCRYPT_LIBS="-L${libdir} -l$GCRYPT_CRYPTO_LIB $XMLSEC_CORE_LIBS $GCRYPT_LIBS"
AC_SUBST(XMLSEC_GCRYPT_CFLAGS)
AC_SUBST(XMLSEC_GCRYPT_LIBS)
+# xmlsec-gnutls is using xmlsec-gcrypt
+XMLSEC_GNUTLS_CFLAGS="$XMLSEC_CORE_CFLAGS $GNUTLS_CFLAGS"
+XMLSEC_GNUTLS_LIBS="-L${libdir} -l$GNUTLS_CRYPTO_LIB -l$GCRYPT_CRYPTO_LIB $XMLSEC_CORE_LIBS $GNUTLS_LIBS"
+AC_SUBST(XMLSEC_GNUTLS_CFLAGS)
+AC_SUBST(XMLSEC_GNUTLS_LIBS)
+
XMLSEC_NSS_CFLAGS="$XMLSEC_CORE_CFLAGS $NSS_CFLAGS"
XMLSEC_NSS_LIBS="-L${libdir} -l$NSS_CRYPTO_LIB $XMLSEC_CORE_LIBS $NSS_LIBS"
AC_SUBST(XMLSEC_NSS_CFLAGS)
diff --git a/src/gnutls/Makefile.am b/src/gnutls/Makefile.am
index 4e12161..a96571b 100644
--- a/src/gnutls/Makefile.am
+++ b/src/gnutls/Makefile.am
@@ -27,7 +27,6 @@ libxmlsec1_gnutls_la_SOURCES =\
kw_aes.c \
kw_des.c \
symkeys.c \
- asymkeys.c \
globals.h \
$(NULL)
@@ -35,11 +34,13 @@ if SHAREDLIB_HACK
libxmlsec1_gnutls_la_SOURCES += ../strings.c
endif
+# xmlsec-gnutls library requires xmlsec-gcrypt
libxmlsec1_gnutls_la_LIBADD = \
$(GNUTLS_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
../libxmlsec1.la \
+ ../gcrypt/libxmlsec1-gcrypt.la \
$(NULL)
libxmlsec1_gnutls_la_DEPENDENCIES = \
diff --git a/src/gnutls/README b/src/gnutls/README
index 62e8da5..404aa87 100644
--- a/src/gnutls/README
+++ b/src/gnutls/README
@@ -3,3 +3,4 @@ does not provide direct access to low-level crypto operations (digests,
hmac, aes, des, etc.).
+
diff --git a/src/gnutls/ciphers.c b/src/gnutls/ciphers.c
index dd94b6a..0ea5d6c 100644
--- a/src/gnutls/ciphers.c
+++ b/src/gnutls/ciphers.c
@@ -10,8 +10,6 @@
#include <string.h>
-#include <gcrypt.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -19,706 +17,15 @@
#include <xmlsec/gnutls/crypto.h>
-/**************************************************************************
- *
- * Internal GnuTLS Block cipher CTX
- *
- *****************************************************************************/
-typedef struct _xmlSecGnuTLSBlockCipherCtx xmlSecGnuTLSBlockCipherCtx,
- *xmlSecGnuTLSBlockCipherCtxPtr;
-struct _xmlSecGnuTLSBlockCipherCtx {
- int cipher;
- int mode;
- gcry_cipher_hd_t cipherCtx;
- xmlSecKeyDataId keyId;
- int keyInitialized;
- int ctxInitialized;
-};
-
-static int xmlSecGnuTLSBlockCipherCtxInit (xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSBlockCipherCtxUpdate (xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSBlockCipherCtxFinal (xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int
-xmlSecGnuTLSBlockCipherCtxInit(xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- gcry_err_code_t err;
- int blockLen;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->keyInitialized != 0, -1);
- xmlSecAssert2(ctx->ctxInitialized == 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- /* iv len == block len */
- blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
- xmlSecAssert2(blockLen > 0, -1);
-
- if(encrypt) {
- xmlSecByte* iv;
- xmlSecSize outSize;
-
- /* allocate space for IV */
- outSize = xmlSecBufferGetSize(out);
- ret = xmlSecBufferSetSize(out, outSize + blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + blockLen);
- return(-1);
- }
- iv = xmlSecBufferGetData(out) + outSize;
-
- /* generate and use random iv */
- gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM);
- err = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- } else {
- /* if we don't have enough data, exit and hope that
- * we'll have iv next time */
- if(xmlSecBufferGetSize(in) < (xmlSecSize)blockLen) {
- return(0);
- }
- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
-
- /* set iv */
- err = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- /* and remove from input */
- ret = xmlSecBufferRemoveHead(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
- }
- }
-
- ctx->ctxInitialized = 1;
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherCtxUpdate(xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecSize inSize, inBlocks, outSize;
- int blockLen;
- xmlSecByte* outBuf;
- gcry_err_code_t err;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
- xmlSecAssert2(blockLen > 0, -1);
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
- if(inSize < (xmlSecSize)blockLen) {
- return(0);
- }
-
- if(encrypt) {
- inBlocks = inSize / ((xmlSecSize)blockLen);
- } else {
- /* we want to have the last block in the input buffer
- * for padding check */
- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
- }
- inSize = inBlocks * ((xmlSecSize)blockLen);
-
- /* we write out the input size plus may be one block */
- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize + blockLen);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
-
- if(encrypt) {
- err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- } else {
- err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- }
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherCtxFinal(xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecSize inSize, outSize;
- int blockLen, outLen = 0;
- xmlSecByte* inBuf;
- xmlSecByte* outBuf;
- gcry_err_code_t err;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
- xmlSecAssert2(blockLen > 0, -1);
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
- if(encrypt != 0) {
- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
-
- /* create padding */
- ret = xmlSecBufferSetMaxSize(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
-
- /* create random padding */
- if((xmlSecSize)blockLen > (inSize + 1)) {
- gcry_randomize(inBuf + inSize, blockLen - inSize - 1,
- GCRY_STRONG_RANDOM); /* as usual, we are paranoid */
- }
- inBuf[blockLen - 1] = blockLen - inSize;
- inSize = blockLen;
- } else {
- if(inSize != (xmlSecSize)blockLen) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data=%d;block=%d", inSize, blockLen);
- return(-1);
- }
- }
-
- /* process last block */
- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
-
- if(encrypt) {
- err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- } else {
- err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(err != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- }
-
- if(encrypt == 0) {
- /* check padding */
- if(inSize < outBuf[blockLen - 1]) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "padding=%d;buffer=%d",
- outBuf[blockLen - 1], inSize);
- return(-1);
- }
- outLen = inSize - outBuf[blockLen - 1];
- } else {
- outLen = inSize;
- }
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- return(0);
-}
-
-
-/******************************************************************************
- *
- * Block Cipher transforms
+/**************************************************************************
*
- * xmlSecGnuTLSBlockCipherCtx block is located after xmlSecTransform structure
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
*****************************************************************************/
-#define xmlSecGnuTLSBlockCipherSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSBlockCipherCtx))
-#define xmlSecGnuTLSBlockCipherGetCtx(transform) \
- ((xmlSecGnuTLSBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecGnuTLSBlockCipherInitialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSBlockCipherFinalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecGnuTLSBlockCipherSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecGnuTLSBlockCipherExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSBlockCipherCheckId (xmlSecTransformPtr transform);
-
-
-
-static int
-xmlSecGnuTLSBlockCipherCheckId(xmlSecTransformPtr transform) {
-#ifndef XMLSEC_NO_DES
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformDes3CbcId)) {
- return(1);
- }
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes128CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes192CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes256CbcId)) {
-
- return(1);
- }
-#endif /* XMLSEC_NO_AES */
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherInitialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
- gcry_error_t err;
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
-
-#ifndef XMLSEC_NO_DES
- if(transform->id == xmlSecGnuTLSTransformDes3CbcId) {
- ctx->cipher = GCRY_CIPHER_3DES;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataDesId;
- } else
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(transform->id == xmlSecGnuTLSTransformAes128CbcId) {
- ctx->cipher = GCRY_CIPHER_AES128;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataAesId;
- } else if(transform->id == xmlSecGnuTLSTransformAes192CbcId) {
- ctx->cipher = GCRY_CIPHER_AES192;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataAesId;
- } else if(transform->id == xmlSecGnuTLSTransformAes256CbcId) {
- ctx->cipher = GCRY_CIPHER_AES256;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataAesId;
- } else
-#endif /* XMLSEC_NO_AES */
-
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- err = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_cipher_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- return(0);
-}
-
-static void
-xmlSecGnuTLSBlockCipherFinalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
-
- xmlSecAssert(xmlSecGnuTLSBlockCipherCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize));
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- if(ctx->cipherCtx != NULL) {
- gcry_cipher_close(ctx->cipherCtx);
- }
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
-}
-
-static int
-xmlSecGnuTLSBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
-
- keyReq->keyId = ctx->keyId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
-
- keyReq->keyBitsSize = 8 * gcry_cipher_get_algo_keylen(ctx->cipher);
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
- xmlSecBufferPtr buffer;
- xmlSecSize keySize;
- gcry_err_code_t err;
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
- xmlSecAssert2(key != NULL, -1);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->keyInitialized == 0, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
-
- keySize = gcry_cipher_get_algo_keylen(ctx->cipher);
- xmlSecAssert2(keySize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
-
- if(xmlSecBufferGetSize(buffer) < keySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=%d;expected=%d",
- xmlSecBufferGetSize(buffer), keySize);
- return(-1);
- }
-
- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
- err = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_cipher_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- ctx->keyInitialized = 1;
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
- xmlSecBufferPtr in, out;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if(transform->status == xmlSecTransformStatusWorking) {
- if(ctx->ctxInitialized == 0) {
- ret = xmlSecGnuTLSBlockCipherCtxInit(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecGnuTLSBlockCipherCtxInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- if((ctx->ctxInitialized == 0) && (last != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "not enough data to initialize transform");
- return(-1);
- }
- if(ctx->ctxInitialized != 0) {
- ret = xmlSecGnuTLSBlockCipherCtxUpdate(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecGnuTLSBlockCipherCtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- if(last) {
- ret = xmlSecGnuTLSBlockCipherCtxFinal(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecGnuTLSBlockCipherCtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
- } else if(transform->status == xmlSecTransformStatusNone) {
- /* the only way we can get here is if there is no enough data in the input */
- xmlSecAssert2(last == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
-
- return(0);
-}
-
+#include <xmlsec/gcrypt/crypto.h>
#ifndef XMLSEC_NO_AES
-/*********************************************************************
- *
- * AES CBC cipher transforms
- *
- ********************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSAes128CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes128Cbc, /* const xmlChar* name; */
- xmlSecHrefAes128Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
/**
* xmlSecGnuTLSTransformAes128CbcGetKlass:
@@ -729,36 +36,9 @@ static xmlSecTransformKlass xmlSecGnuTLSAes128CbcKlass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformAes128CbcGetKlass(void) {
- return(&xmlSecGnuTLSAes128CbcKlass);
+ return (xmlSecGCryptTransformAes128CbcGetKlass());
}
-static xmlSecTransformKlass xmlSecGnuTLSAes192CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes192Cbc, /* const xmlChar* name; */
- xmlSecHrefAes192Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformAes192CbcGetKlass:
*
@@ -768,36 +48,9 @@ static xmlSecTransformKlass xmlSecGnuTLSAes192CbcKlass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformAes192CbcGetKlass(void) {
- return(&xmlSecGnuTLSAes192CbcKlass);
+ return (xmlSecGCryptTransformAes192CbcGetKlass());
}
-static xmlSecTransformKlass xmlSecGnuTLSAes256CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformAes256CbcGetKlass:
*
@@ -807,39 +60,11 @@ static xmlSecTransformKlass xmlSecGnuTLSAes256CbcKlass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformAes256CbcGetKlass(void) {
- return(&xmlSecGnuTLSAes256CbcKlass);
+ return (xmlSecGCryptTransformAes256CbcGetKlass());
}
-
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_DES
-static xmlSecTransformKlass xmlSecGnuTLSDes3CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameDes3Cbc, /* const xmlChar* name; */
- xmlSecHrefDes3Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformDes3CbcGetKlass:
*
@@ -849,7 +74,7 @@ static xmlSecTransformKlass xmlSecGnuTLSDes3CbcKlass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformDes3CbcGetKlass(void) {
- return(&xmlSecGnuTLSDes3CbcKlass);
+ return (xmlSecGCryptTransformDes3CbcGetKlass());
}
#endif /* XMLSEC_NO_DES */
diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c
index c4e3be8..77107fa 100644
--- a/src/gnutls/crypto.c
+++ b/src/gnutls/crypto.c
@@ -64,18 +64,21 @@ xmlSecCryptoGetFunctions_gnutls(void) {
gXmlSecGnuTLSFunctions->keyDataDesGetKlass = xmlSecGnuTLSKeyDataDesGetKlass;
#endif /* XMLSEC_NO_DES */
+#ifdef ALEKSEY_TODO
#ifndef XMLSEC_NO_DSA
gXmlSecGnuTLSFunctions->keyDataDsaGetKlass = xmlSecGnuTLSKeyDataDsaGetKlass;
#endif /* XMLSEC_NO_DSA */
+#endif /* ALEKSEY_TODO */
#ifndef XMLSEC_NO_HMAC
gXmlSecGnuTLSFunctions->keyDataHmacGetKlass = xmlSecGnuTLSKeyDataHmacGetKlass;
#endif /* XMLSEC_NO_HMAC */
+#ifdef ALEKSEY_TODO
#ifndef XMLSEC_NO_RSA
gXmlSecGnuTLSFunctions->keyDataRsaGetKlass = xmlSecGnuTLSKeyDataRsaGetKlass;
#endif /* XMLSEC_NO_RSA */
-
+#endif /* ALEKSEY_TODO */
/********************************************************************
*
diff --git a/src/gnutls/digests.c b/src/gnutls/digests.c
index b18c130..2df2070 100644
--- a/src/gnutls/digests.c
+++ b/src/gnutls/digests.c
@@ -10,8 +10,6 @@
#include <string.h>
-#include <gcrypt.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -20,346 +18,14 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
-#define XMLSEC_GNUTLS_MAX_DIGEST_SIZE 256
-
/**************************************************************************
*
- * Internal GNUTLS Digest CTX
- *
- *****************************************************************************/
-typedef struct _xmlSecGnuTLSDigestCtx xmlSecGnuTLSDigestCtx, *xmlSecGnuTLSDigestCtxPtr;
-struct _xmlSecGnuTLSDigestCtx {
- int digest;
- gcry_md_hd_t digestCtx;
- xmlSecByte dgst[XMLSEC_GNUTLS_MAX_DIGEST_SIZE];
- xmlSecSize dgstSize; /* dgst size in bytes */
-};
-
-/******************************************************************************
- *
- * Digest transforms
- *
- * xmlSecGnuTLSDigestCtx is located after xmlSecTransform
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
*****************************************************************************/
-#define xmlSecGnuTLSDigestSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSDigestCtx))
-#define xmlSecGnuTLSDigestGetCtx(transform) \
- ((xmlSecGnuTLSDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecGnuTLSDigestInitialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSDigestFinalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSDigestVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSDigestExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSDigestCheckId (xmlSecTransformPtr transform);
-
-static int
-xmlSecGnuTLSDigestCheckId(xmlSecTransformPtr transform) {
+#include <xmlsec/gcrypt/crypto.h>
#ifndef XMLSEC_NO_SHA1
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha256Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha384Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha512Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA512 */
-
-#ifndef XMLSEC_NO_MD5
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformMd5Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_RIPEMD160
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformRipemd160Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_RIPEMD160 */
-
- /* not found */
- {
- return(0);
- }
-
- /* just in case */
- return(0);
-}
-
-static int
-xmlSecGnuTLSDigestInitialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSDigestCtxPtr ctx;
- gcry_error_t err;
-
- xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- /* initialize context */
- memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
-
-#ifndef XMLSEC_NO_SHA1
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
- ctx->digest = GCRY_MD_SHA1;
- } else
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha256Id)) {
- ctx->digest = GCRY_MD_SHA256;
- } else
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha384Id)) {
- ctx->digest = GCRY_MD_SHA384;
- } else
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha512Id)) {
- ctx->digest = GCRY_MD_SHA512;
- } else
-#endif /* XMLSEC_NO_SHA512 */
-
-#ifndef XMLSEC_NO_MD5
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformMd5Id)) {
- ctx->digest = GCRY_MD_MD5;
- } else
-#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_RIPEMD160
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformRipemd160Id)) {
- ctx->digest = GCRY_MD_RMD160;
- } else
-#endif /* XMLSEC_NO_RIPEMD160 */
-
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- return(0);
-}
-
-static void
-xmlSecGnuTLSDigestFinalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSDigestCtxPtr ctx;
-
- xmlSecAssert(xmlSecGnuTLSDigestCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize));
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- if(ctx->digestCtx != NULL) {
- gcry_md_close(ctx->digestCtx);
- }
- memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
-}
-
-static int
-xmlSecGnuTLSDigestVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSDigestCtxPtr ctx;
-
- xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
- xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
- xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
- xmlSecAssert2(data != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-
- if(dataSize != ctx->dgstSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest sizes are different (data=%d, dgst=%d)",
- dataSize, ctx->dgstSize);
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- if(memcmp(ctx->dgst, data, dataSize) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- transform->status = xmlSecTransformStatusOk;
- return(0);
-}
-
-static int
-xmlSecGnuTLSDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSDigestCtxPtr ctx;
- xmlSecBufferPtr in, out;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- xmlSecByte* buf;
-
- /* get the final digest */
- gcry_md_final(ctx->digestCtx);
- buf = gcry_md_read(ctx->digestCtx, ctx->digest);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_read",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* copy it to our internal buffer */
- ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
- xmlSecAssert2(ctx->dgstSize > 0, -1);
- xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
- memcpy(ctx->dgst, buf, ctx->dgstSize);
-
- /* and to the output if needed */
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ctx->dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
-
- return(0);
-}
-
-#ifndef XMLSEC_NO_SHA1
-/******************************************************************************
- *
- * SHA1 Digest transforms
- *
- *****************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSSha1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
-
- /* data */
- xmlSecNameSha1, /* const xmlChar* name; */
- xmlSecHrefSha1, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- /* methods */
- xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformSha1GetKlass:
*
@@ -369,46 +35,12 @@ static xmlSecTransformKlass xmlSecGnuTLSSha1Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformSha1GetKlass(void) {
- return(&xmlSecGnuTLSSha1Klass);
+ return (xmlSecGCryptTransformSha1GetKlass());
}
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA256
-/******************************************************************************
- *
- * SHA256 Digest transforms
- *
- *****************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSSha256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
-
- /* data */
- xmlSecNameSha256, /* const xmlChar* name; */
- xmlSecHrefSha256, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- /* methods */
- xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformSha256GetKlass:
*
@@ -418,45 +50,11 @@ static xmlSecTransformKlass xmlSecGnuTLSSha256Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformSha256GetKlass(void) {
- return(&xmlSecGnuTLSSha256Klass);
+ return (xmlSecGCryptTransformSha256GetKlass());
}
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
-/******************************************************************************
- *
- * SHA384 Digest transforms
- *
- *****************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSSha384Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
-
- /* data */
- xmlSecNameSha384, /* const xmlChar* name; */
- xmlSecHrefSha384, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- /* methods */
- xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformSha384GetKlass:
*
@@ -466,45 +64,11 @@ static xmlSecTransformKlass xmlSecGnuTLSSha384Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformSha384GetKlass(void) {
- return(&xmlSecGnuTLSSha384Klass);
+ return (xmlSecGCryptTransformSha384GetKlass());
}
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
-/******************************************************************************
- *
- * SHA512 Digest transforms
- *
- *****************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSSha512Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
-
- /* data */
- xmlSecNameSha512, /* const xmlChar* name; */
- xmlSecHrefSha512, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- /* methods */
- xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformSha512GetKlass:
*
@@ -514,44 +78,11 @@ static xmlSecTransformKlass xmlSecGnuTLSSha512Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformSha512GetKlass(void) {
- return(&xmlSecGnuTLSSha512Klass);
+ return (xmlSecGCryptTransformSha512GetKlass());
}
#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_MD5
-/******************************************************************************
- *
- * MD5 Digest transforms
- *
- *****************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSMd5Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
-
- /* data */
- xmlSecNameMd5, /* const xmlChar* name; */
- xmlSecHrefMd5, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- /* methods */
- xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
/**
* xmlSecGnuTLSTransformMd5GetKlass:
@@ -562,45 +93,11 @@ static xmlSecTransformKlass xmlSecGnuTLSMd5Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformMd5GetKlass(void) {
- return(&xmlSecGnuTLSMd5Klass);
+ return (xmlSecGCryptTransformMd5GetKlass());
}
#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_RIPEMD160
-/******************************************************************************
- *
- * RIPEMD160 Digest transforms
- *
- *****************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSRipemd160Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
-
- /* data */
- xmlSecNameRipemd160, /* const xmlChar* name; */
- xmlSecHrefRipemd160, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- /* methods */
- xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformRipemd160GetKlass:
*
@@ -610,6 +107,6 @@ static xmlSecTransformKlass xmlSecGnuTLSRipemd160Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformRipemd160GetKlass(void) {
- return(&xmlSecGnuTLSRipemd160Klass);
+ return (xmlSecGCryptTransformRipemd160GetKlass());
}
#endif /* XMLSEC_NO_RIPEMD160 */
diff --git a/src/gnutls/hmac.c b/src/gnutls/hmac.c
index 89bc227..126487c 100644
--- a/src/gnutls/hmac.c
+++ b/src/gnutls/hmac.c
@@ -11,8 +11,6 @@
#include <string.h>
-#include <gcrypt.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
@@ -22,559 +20,14 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
-/* sizes in bits */
-#define XMLSEC_GNUTLS_MIN_HMAC_SIZE 80
-#define XMLSEC_GNUTLS_MAX_HMAC_SIZE (128 * 8)
-
/**************************************************************************
*
- * Configuration
- *
- *****************************************************************************/
-static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE;
-
-/**
- * xmlSecGnuTLSHmacGetMinOutputLength:
- *
- * Gets the value of min HMAC length.
- *
- * Returns: the min HMAC output length
- */
-int xmlSecGnuTLSHmacGetMinOutputLength(void)
-{
- return g_xmlsec_gnutls_hmac_min_length;
-}
-
-/**
- * xmlSecGnuTLSHmacSetMinOutputLength:
- * @min_length: the new min length
- *
- * Sets the min HMAC output length
- */
-void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
-{
- g_xmlsec_gnutls_hmac_min_length = min_length;
-}
-
-/**************************************************************************
- *
- * Internal GNUTLS HMAC CTX
- *
- *****************************************************************************/
-typedef struct _xmlSecGnuTLSHmacCtx xmlSecGnuTLSHmacCtx, *xmlSecGnuTLSHmacCtxPtr;
-struct _xmlSecGnuTLSHmacCtx {
- int digest;
- gcry_md_hd_t digestCtx;
- xmlSecByte dgst[XMLSEC_GNUTLS_MAX_HMAC_SIZE / 8];
- xmlSecSize dgstSize; /* dgst size in bits */
-};
-
-/******************************************************************************
- *
- * HMAC transforms
- *
- * xmlSecGnuTLSHmacCtx is located after xmlSecTransform
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
*****************************************************************************/
-#define xmlSecGnuTLSHmacGetCtx(transform) \
- ((xmlSecGnuTLSHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecGnuTLSHmacSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSHmacCtx))
-
-static int xmlSecGnuTLSHmacCheckId (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSHmacInitialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSHmacFinalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSHmacNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSHmacSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecGnuTLSHmacSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecGnuTLSHmacVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSHmacExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-
-static int
-xmlSecGnuTLSHmacCheckId(xmlSecTransformPtr transform) {
-
-#ifndef XMLSEC_NO_SHA1
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha256Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha384Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha512Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_SHA512 */
-
-#ifndef XMLSEC_NO_RIPEMD160
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_RIPEMD160 */
-
-#ifndef XMLSEC_NO_MD5
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
- return(1);
- } else
-#endif /* XMLSEC_NO_MD5 */
-
- /* not found */
- {
- return(0);
- }
-
- /* just in case */
- return(0);
-}
-
-
-static int
-xmlSecGnuTLSHmacInitialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSHmacCtxPtr ctx;
- gcry_error_t err;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
-
-#ifndef XMLSEC_NO_SHA1
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
- ctx->digest = GCRY_MD_SHA1;
- } else
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha256Id)) {
- ctx->digest = GCRY_MD_SHA256;
- } else
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha384Id)) {
- ctx->digest = GCRY_MD_SHA384;
- } else
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha512Id)) {
- ctx->digest = GCRY_MD_SHA512;
- } else
-#endif /* XMLSEC_NO_SHA512 */
-
-#ifndef XMLSEC_NO_RIPEMD160
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
- ctx->digest = GCRY_MD_RMD160;
- } else
-#endif /* XMLSEC_NO_RIPEMD160 */
-
-#ifndef XMLSEC_NO_MD5
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
- ctx->digest = GCRY_MD_MD5;
- } else
-#endif /* XMLSEC_NO_MD5 */
-
- /* not found */
- {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* open context */
- err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- return(0);
-}
-
-static void
-xmlSecGnuTLSHmacFinalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSHmacCtxPtr ctx;
-
- xmlSecAssert(xmlSecGnuTLSHmacCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize));
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- if(ctx->digestCtx != NULL) {
- gcry_md_close(ctx->digestCtx);
- }
- memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
-}
-
-/**
- * xmlSecGnuTLSHmacNodeRead:
- *
- * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
- *
- * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
- * as a parameter; if the parameter is not specified then all the bits of the
- * hash are output. An example of an HMAC SignatureMethod element:
- * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";>
- * <HMACOutputLength>128</HMACOutputLength>
- * </SignatureMethod>
- *
- * Schema Definition:
- *
- * <simpleType name="HMACOutputLengthType">
- * <restriction base="integer"/>
- * </simpleType>
- *
- * DTD:
- *
- * <!ELEMENT HMACOutputLength (#PCDATA)>
- */
-static int
-xmlSecGnuTLSHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlNodePtr cur;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- cur = xmlSecGetNextElementNode(node->children);
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
- xmlChar *content;
-
- content = xmlNodeGetContent(cur);
- if(content != NULL) {
- ctx->dgstSize = atoi((char*)content);
- xmlFree(content);
- }
-
- /* Ensure that HMAC length is greater than min specified.
- Otherwise, an attacker can set this lenght to 0 or very
- small value
- */
- if((int)ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "HMAC output length is too small");
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
- if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "no nodes expected");
- return(-1);
- }
- return(0);
-}
-
-
-static int
-xmlSecGnuTLSHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecGnuTLSHmacCtxPtr ctx;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(keyReq != NULL, -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keyReq->keyId = xmlSecGnuTLSKeyDataHmacId;
- keyReq->keyType= xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationSign) {
- keyReq->keyUsage = xmlSecKeyUsageSign;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageVerify;
- }
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlSecKeyDataPtr value;
- xmlSecBufferPtr buffer;
- gcry_err_code_t err;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(key != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
-
- value = xmlSecKeyGetValue(key);
- xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGnuTLSKeyDataHmacId), -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
- xmlSecAssert2(buffer != NULL, -1);
-
- if(xmlSecBufferGetSize(buffer) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key is empty");
- return(-1);
- }
-
- err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
- xmlSecBufferGetSize(buffer));
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
- return(0);
-}
-
-static int
-xmlSecGnuTLSHmacVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
- static xmlSecByte last_byte_masks[] =
- { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
-
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlSecByte mask;
-
- xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
- xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
- xmlSecAssert2(data != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-
- /* compare the digest size in bytes */
- if(dataSize != ((ctx->dgstSize + 7) / 8)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "data=%d;dgst=%d",
- dataSize, ((ctx->dgstSize + 7) / 8));
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- /* we check the last byte separatelly */
- xmlSecAssert2(dataSize > 0, -1);
- mask = last_byte_masks[ctx->dgstSize % 8];
- if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match (last byte)");
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- /* now check the rest of the digest */
- if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- transform->status = xmlSecTransformStatusOk;
- return(0);
-}
-
-static int
-xmlSecGnuTLSHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlSecBufferPtr in, out;
- xmlSecByte* dgst;
- xmlSecSize dgstSize;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- /* get the final digest */
- gcry_md_final(ctx->digestCtx);
- dgst = gcry_md_read(ctx->digestCtx, ctx->digest);
- if(dgst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_read",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* copy it to our internal buffer */
- dgstSize = gcry_md_get_algo_dlen(ctx->digest);
- xmlSecAssert2(dgstSize > 0, -1);
- xmlSecAssert2(dgstSize <= sizeof(ctx->dgst), -1);
- memcpy(ctx->dgst, dgst, dgstSize);
-
- /* check/set the result digest size */
- if(ctx->dgstSize == 0) {
- ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
- } else if(ctx->dgstSize <= 8 * dgstSize) {
- dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "result-bits=%d;required-bits=%d",
- 8 * dgstSize, ctx->dgstSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "size=%d", transform->status);
- return(-1);
- }
-
- return(0);
-}
+#include <xmlsec/gcrypt/crypto.h>
#ifndef XMLSEC_NO_SHA1
-/******************************************************************************
- *
- * HMAC SHA1
- *
- ******************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSHmacSha1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha1, /* const xmlChar* name; */
- xmlSecHrefHmacSha1, /* const xmlChar *href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformHmacSha1GetKlass:
*
@@ -584,43 +37,11 @@ static xmlSecTransformKlass xmlSecGnuTLSHmacSha1Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
- return(&xmlSecGnuTLSHmacSha1Klass);
+ return (xmlSecGCryptTransformHmacSha1GetKlass());
}
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA256
-/******************************************************************************
- *
- * HMAC SHA256
- *
- ******************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSHmacSha256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha256, /* const xmlChar* name; */
- xmlSecHrefHmacSha256, /* const xmlChar *href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformHmacSha256GetKlass:
*
@@ -630,43 +51,11 @@ static xmlSecTransformKlass xmlSecGnuTLSHmacSha256Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformHmacSha256GetKlass(void) {
- return(&xmlSecGnuTLSHmacSha256Klass);
+ return (xmlSecGCryptTransformHmacSha256GetKlass());
}
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
-/******************************************************************************
- *
- * HMAC SHA384
- *
- ******************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSHmacSha384Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha384, /* const xmlChar* name; */
- xmlSecHrefHmacSha384, /* const xmlChar *href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformHmacSha384GetKlass:
*
@@ -676,43 +65,11 @@ static xmlSecTransformKlass xmlSecGnuTLSHmacSha384Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformHmacSha384GetKlass(void) {
- return(&xmlSecGnuTLSHmacSha384Klass);
+ return (xmlSecGCryptTransformHmacSha384GetKlass());
}
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
-/******************************************************************************
- *
- * HMAC SHA512
- *
- ******************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSHmacSha512Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha512, /* const xmlChar* name; */
- xmlSecHrefHmacSha512, /* const xmlChar *href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformHmacSha512GetKlass:
*
@@ -722,44 +79,12 @@ static xmlSecTransformKlass xmlSecGnuTLSHmacSha512Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformHmacSha512GetKlass(void) {
- return(&xmlSecGnuTLSHmacSha512Klass);
+ return (xmlSecGCryptTransformHmacSha512GetKlass());
}
#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_RIPEMD160
-/******************************************************************************
- *
- * HMAC Ripemd160
- *
- ******************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSHmacRipemd160Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacRipemd160, /* const xmlChar* name; */
- xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformHmacRipemd160GetKlass:
*
@@ -769,43 +94,11 @@ static xmlSecTransformKlass xmlSecGnuTLSHmacRipemd160Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformHmacRipemd160GetKlass(void) {
- return(&xmlSecGnuTLSHmacRipemd160Klass);
+ return (xmlSecGCryptTransformHmacRipemd160GetKlass());
}
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_MD5
-/******************************************************************************
- *
- * HMAC MD5
- *
- ******************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSHmacMd5Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacMd5, /* const xmlChar* name; */
- xmlSecHrefHmacMd5, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformHmacMd5GetKlass:
*
@@ -815,7 +108,7 @@ static xmlSecTransformKlass xmlSecGnuTLSHmacMd5Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformHmacMd5GetKlass(void) {
- return(&xmlSecGnuTLSHmacMd5Klass);
+ return (xmlSecGCryptTransformHmacMd5GetKlass());
}
#endif /* XMLSEC_NO_MD5 */
diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c
index 78baf6d..63f8a6b 100644
--- a/src/gnutls/kw_aes.c
+++ b/src/gnutls/kw_aes.c
@@ -16,8 +16,6 @@
#include <stdio.h>
#include <string.h>
-#include <gcrypt.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
@@ -26,347 +24,14 @@
#include <xmlsec/gnutls/crypto.h>
-#include "../kw_aes_des.h"
-
-
-/*********************************************************************
- *
- * AES KW implementation
- *
- *********************************************************************/
-static int xmlSecGnuTLSKWAesBlockEncrypt (const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize,
- void * context);
-static int xmlSecGnuTLSKWAesBlockDecrypt (const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize,
- void * context);
-static xmlSecKWAesKlass xmlSecGnuTLSKWAesKlass = {
- /* callbacks */
- xmlSecGnuTLSKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
- xmlSecGnuTLSKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
-
- /* for the future */
- NULL, /* void* reserved0; */
- NULL /* void* reserved1; */
-};
-
-
-/*********************************************************************
+/**************************************************************************
*
- * AES KW transforms
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
- ********************************************************************/
-typedef struct _xmlSecGnuTLSKWAesCtx xmlSecGnuTLSKWAesCtx,
- *xmlSecGnuTLSKWAesCtxPtr;
-struct _xmlSecGnuTLSKWAesCtx {
- int cipher;
- int mode;
- int flags;
- xmlSecSize blockSize;
- xmlSecSize keyExpectedSize;
-
- xmlSecBuffer keyBuffer;
-};
-#define xmlSecGnuTLSKWAesSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSKWAesCtx))
-#define xmlSecGnuTLSKWAesGetCtx(transform) \
- ((xmlSecGnuTLSKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecGnuTLSKWAesCheckId(transform) \
- (xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes128Id) || \
- xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes192Id) || \
- xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes256Id))
-
-static int xmlSecGnuTLSKWAesInitialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSKWAesFinalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSKWAesSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecGnuTLSKWAesSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecGnuTLSKWAesExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-
-static int
-xmlSecGnuTLSKWAesInitialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSKWAesCtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
-
- ctx = xmlSecGnuTLSKWAesGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes128Id)) {
- ctx->cipher = GCRY_CIPHER_AES128;
- ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
- } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes192Id)) {
- ctx->cipher = GCRY_CIPHER_AES192;
- ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
- } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes256Id)) {
- ctx->cipher = GCRY_CIPHER_AES256;
- ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->flags = GCRY_CIPHER_SECURE; /* we are paranoid */
- ctx->blockSize = gcry_cipher_get_algo_blklen(ctx->cipher);
- xmlSecAssert2(ctx->blockSize > 0, -1);
-
- ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecGnuTLSKWAesGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
-}
-
-static void
-xmlSecGnuTLSKWAesFinalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSKWAesCtxPtr ctx;
-
- xmlSecAssert(xmlSecGnuTLSKWAesCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize));
-
- ctx = xmlSecGnuTLSKWAesGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- xmlSecBufferFinalize(&(ctx->keyBuffer));
-}
-
-static int
-xmlSecGnuTLSKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecGnuTLSKWAesCtxPtr ctx;
-
- xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- ctx = xmlSecGnuTLSKWAesGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keyReq->keyId = xmlSecGnuTLSKeyDataAesId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
- keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecGnuTLSKWAesCtxPtr ctx;
- xmlSecBufferPtr buffer;
- xmlSecSize keySize;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataAesId), -1);
-
- ctx = xmlSecGnuTLSKWAesGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
-
- keySize = xmlSecBufferGetSize(buffer);
- if(keySize < ctx->keyExpectedSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key=%d;expected=%d",
- keySize, ctx->keyExpectedSize);
- return(-1);
- }
-
- ret = xmlSecBufferSetData(&(ctx->keyBuffer),
- xmlSecBufferGetData(buffer),
- ctx->keyExpectedSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected-size=%d",
- ctx->keyExpectedSize);
- return(-1);
- }
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSKWAesCtxPtr ctx;
- xmlSecBufferPtr in, out;
- xmlSecSize inSize, outSize, keySize;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSKWAesGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
- xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
- in = &(transform->inBuf);
- out = &(transform->outBuf);
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
- xmlSecAssert2(outSize == 0, -1);
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
- } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % 8) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d(not 8 bytes aligned)", inSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
- outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
- XMLSEC_KW_AES_BLOCK_SIZE;
- } else {
- outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecKWAesEncode(&xmlSecGnuTLSKWAesKlass, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWAesEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecKWAesDecode(&xmlSecGnuTLSKWAesKlass, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWAesEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "inSize%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
- return(0);
-}
-
-
-static xmlSecTransformKlass xmlSecGnuTLSKWAes128Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes128, /* const xmlChar* name; */
- xmlSecHrefKWAes128, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
/**
* xmlSecGnuTLSTransformKWAes128GetKlass:
@@ -377,37 +42,9 @@ static xmlSecTransformKlass xmlSecGnuTLSKWAes128Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformKWAes128GetKlass(void) {
- return(&xmlSecGnuTLSKWAes128Klass);
+ return(xmlSecGCryptTransformKWAes128GetKlass());
}
-static xmlSecTransformKlass xmlSecGnuTLSKWAes192Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes192, /* const xmlChar* name; */
- xmlSecHrefKWAes192, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-
/**
* xmlSecGnuTLSTransformKWAes192GetKlass:
*
@@ -417,36 +54,9 @@ static xmlSecTransformKlass xmlSecGnuTLSKWAes192Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformKWAes192GetKlass(void) {
- return(&xmlSecGnuTLSKWAes192Klass);
+ return(xmlSecGCryptTransformKWAes192GetKlass());
}
-static xmlSecTransformKlass xmlSecGnuTLSKWAes256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes256, /* const xmlChar* name; */
- xmlSecHrefKWAes256, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformKWAes256GetKlass:
*
@@ -456,138 +66,7 @@ static xmlSecTransformKlass xmlSecGnuTLSKWAes256Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformKWAes256GetKlass(void) {
- return(&xmlSecGnuTLSKWAes256Klass);
-}
-
-/*********************************************************************
- *
- * AES KW implementation
- *
- *********************************************************************/
-static unsigned char g_zero_iv[XMLSEC_KW_AES_BLOCK_SIZE] =
- { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
-static int
-xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * context) {
- xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
- gcry_cipher_hd_t cipherCtx;
- gcry_error_t err;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= ctx->blockSize, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= ctx->blockSize, -1);
-
- err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_setkey(cipherCtx,
- xmlSecBufferGetData(&ctx->keyBuffer),
- xmlSecBufferGetSize(&ctx->keyBuffer));
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- /* use zero IV and CBC mode to ensure we get result as-is */
- err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- gcry_cipher_close(cipherCtx);
- return(-1);
- }
- gcry_cipher_close(cipherCtx);
-
- return(ctx->blockSize);
-}
-
-static int
-xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * context) {
- xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
- gcry_cipher_hd_t cipherCtx;
- gcry_error_t err;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= ctx->blockSize, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= ctx->blockSize, -1);
-
- err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_setkey(cipherCtx,
- xmlSecBufferGetData(&ctx->keyBuffer),
- xmlSecBufferGetSize(&ctx->keyBuffer));
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- /* use zero IV and CBC mode to ensure we get result as-is */
- err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- gcry_cipher_close(cipherCtx);
- return(-1);
- }
- gcry_cipher_close(cipherCtx);
-
- return(ctx->blockSize);
+ return(xmlSecGCryptTransformKWAes256GetKlass());
}
#endif /* XMLSEC_NO_AES */
diff --git a/src/gnutls/kw_des.c b/src/gnutls/kw_des.c
index c46e5d9..5d2a2e5 100644
--- a/src/gnutls/kw_des.c
+++ b/src/gnutls/kw_des.c
@@ -27,111 +27,13 @@
#include <xmlsec/gnutls/crypto.h>
-#include "../kw_aes_des.h"
-
-/*********************************************************************
+/**************************************************************************
*
- * DES KW implementation
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
- *********************************************************************/
-static int xmlSecGnuTLSKWDes3GenerateRandom (void * context,
- xmlSecByte * out,
- xmlSecSize outSize);
-static int xmlSecGnuTLSKWDes3Sha1 (void * context,
- const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize);
-static int xmlSecGnuTLSKWDes3BlockEncrypt (void * context,
- const xmlSecByte * iv,
- xmlSecSize ivSize,
- const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize);
-static int xmlSecGnuTLSKWDes3BlockDecrypt (void * context,
- const xmlSecByte * iv,
- xmlSecSize ivSize,
- const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize);
-
-static xmlSecKWDes3Klass xmlSecGnuTLSKWDes3ImplKlass = {
- /* callbacks */
- xmlSecGnuTLSKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
- xmlSecGnuTLSKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
- xmlSecGnuTLSKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
- xmlSecGnuTLSKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
-
- /* for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-static int xmlSecGnuTLSKWDes3Encrypt (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *iv,
- xmlSecSize ivSize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize,
- int enc);
-
-
-/*********************************************************************
- *
- * Triple DES Key Wrap transform
- *
- * key (xmlSecBuffer) is located after xmlSecTransform structure
- *
- ********************************************************************/
-typedef struct _xmlSecGnuTLSKWDes3Ctx xmlSecGnuTLSKWDes3Ctx,
- *xmlSecGnuTLSKWDes3CtxPtr;
-struct _xmlSecGnuTLSKWDes3Ctx {
- xmlSecBuffer keyBuffer;
-};
-#define xmlSecGnuTLSKWDes3Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSKWDes3Ctx))
-#define xmlSecGnuTLSKWDes3GetCtx(transform) \
- ((xmlSecGnuTLSKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecGnuTLSKWDes3Initialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSKWDes3Finalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSKWDes3SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecGnuTLSKWDes3SetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecGnuTLSKWDes3Execute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static xmlSecTransformKlass xmlSecGnuTLSKWDes3Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSKWDes3Size, /* xmlSecSize objSize */
-
- xmlSecNameKWDes3, /* const xmlChar* name; */
- xmlSecHrefKWDes3, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
- xmlSecGnuTLSKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
/**
* xmlSecGnuTLSTransformKWDes3GetKlass:
@@ -142,466 +44,8 @@ static xmlSecTransformKlass xmlSecGnuTLSKWDes3Klass = {
*/
xmlSecTransformId
xmlSecGnuTLSTransformKWDes3GetKlass(void) {
- return(&xmlSecGnuTLSKWDes3Klass);
-}
-
-static int
-xmlSecGnuTLSKWDes3Initialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSKWDes3CtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
-
- ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
-}
-
-static void
-xmlSecGnuTLSKWDes3Finalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSKWDes3CtxPtr ctx;
-
- xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size));
-
- ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- xmlSecBufferFinalize(&(ctx->keyBuffer));
+ return(xmlSecGCryptTransformKWDes3GetKlass());
}
-static int
-xmlSecGnuTLSKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecGnuTLSKWDes3CtxPtr ctx;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keyReq->keyId = xmlSecGnuTLSKeyDataDesId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage= xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage= xmlSecKeyUsageDecrypt;
- }
- keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
- return(0);
-}
-
-static int
-xmlSecGnuTLSKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecGnuTLSKWDes3CtxPtr ctx;
- xmlSecBufferPtr buffer;
- xmlSecSize keySize;
- int ret;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataDesId), -1);
-
- ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
-
- keySize = xmlSecBufferGetSize(buffer);
- if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key length %d is not enough (%d expected)",
- keySize, XMLSEC_KW_DES3_KEY_LENGTH);
- return(-1);
- }
-
- ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
- return(-1);
- }
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSKWDes3CtxPtr ctx;
- xmlSecBufferPtr in, out;
- xmlSecSize inSize, outSize, keySize;
- int ret;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWDes3Id), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWDes3Size), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
- xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
- } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d bytes - not %d bytes aligned",
- inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 16 bytes longer plus one block just in case */
- outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
- XMLSEC_KW_DES3_BLOCK_LENGTH +
- XMLSEC_KW_DES3_BLOCK_LENGTH;
- } else {
- /* just in case, add a block */
- outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecKWDes3Encode(&xmlSecGnuTLSKWDes3ImplKlass, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWDes3Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecKWDes3Decode(&xmlSecGnuTLSKWDes3ImplKlass, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWDes3Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
- return(0);
-}
-
-/*********************************************************************
- *
- * DES KW implementation
- *
- *********************************************************************/
-static int
-xmlSecGnuTLSKWDes3Sha1(void * context,
- const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
- gcry_md_hd_t digestCtx;
- unsigned char * res;
- unsigned int len;
- gcry_error_t err;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize > 0, -1);
-
- len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
- xmlSecAssert2(outSize >= len, -1);
-
- err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_md_open(GCRY_MD_SHA1)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- gcry_md_write(digestCtx, in, inSize);
-
- err = gcry_md_final(digestCtx);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_md_final",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- gcry_md_close(digestCtx);
- return(-1);
- }
-
- res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_md_read(GCRY_MD_SHA1)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gcry_md_close(digestCtx);
- return(-1);
- }
-
- /* done */
- xmlSecAssert2(outSize >= len, -1);
- memcpy(out, res, len);
- gcry_md_close(digestCtx);
- return(len);
-}
-
-static int
-xmlSecGnuTLSKWDes3GenerateRandom(void * context,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize > 0, -1);
-
- gcry_randomize(out, outSize, GCRY_STRONG_RANDOM);
- return((int)outSize);
-}
-
-static int
-xmlSecGnuTLSKWDes3BlockEncrypt(void * context,
- const xmlSecByte * iv, xmlSecSize ivSize,
- const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
- xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- ret = xmlSecGnuTLSKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
- XMLSEC_KW_DES3_KEY_LENGTH,
- iv, XMLSEC_KW_DES3_IV_LENGTH,
- in, inSize,
- out, outSize,
- 1); /* encrypt */
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(ret);
-}
-
-static int
-xmlSecGnuTLSKWDes3BlockDecrypt(void * context,
- const xmlSecByte * iv, xmlSecSize ivSize,
- const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGnuTLSKWDes3CtxPtr ctx = (xmlSecGnuTLSKWDes3CtxPtr)context;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
- xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- ret = xmlSecGnuTLSKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
- XMLSEC_KW_DES3_KEY_LENGTH,
- iv, XMLSEC_KW_DES3_IV_LENGTH,
- in, inSize,
- out, outSize,
- 0); /* decrypt */
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(ret);
-}
-
-static int
-xmlSecGnuTLSKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *iv, xmlSecSize ivSize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize,
- int enc) {
- size_t key_len = gcry_cipher_get_algo_keylen(GCRY_CIPHER_3DES);
- size_t block_len = gcry_cipher_get_algo_blklen(GCRY_CIPHER_3DES);
- gcry_cipher_hd_t cipherCtx;
- gcry_error_t err;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize >= key_len, -1);
- xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize >= block_len, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- err = gcry_cipher_open(&cipherCtx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); /* we are paranoid */
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_open(GCRY_CIPHER_3DES)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_setkey(cipherCtx, key, keySize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_setiv(cipherCtx, iv, ivSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- if(enc) {
- err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- gcry_cipher_close(cipherCtx);
- return(-1);
- }
- } else {
- err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err));
- gcry_cipher_close(cipherCtx);
- return(-1);
- }
- }
-
- /* done */
- gcry_cipher_close(cipherCtx);
- return((int)inSize); /* out size == in size */
-}
-
-
#endif /* XMLSEC_NO_DES */
diff --git a/src/gnutls/symkeys.c b/src/gnutls/symkeys.c
index d2ea284..b1521d6 100644
--- a/src/gnutls/symkeys.c
+++ b/src/gnutls/symkeys.c
@@ -24,219 +24,16 @@
#include <xmlsec/gnutls/crypto.h>
-/*****************************************************************************
- *
- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
- *
- ****************************************************************************/
-static int xmlSecGnuTLSSymKeyDataInitialize (xmlSecKeyDataPtr data);
-static int xmlSecGnuTLSSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecGnuTLSSymKeyDataFinalize (xmlSecKeyDataPtr data);
-static int xmlSecGnuTLSSymKeyDataXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataBinWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlSecByte** buf,
- xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecGnuTLSSymKeyDataGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecGnuTLSSymKeyDataGetSize (xmlSecKeyDataPtr data);
-static void xmlSecGnuTLSSymKeyDataDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecGnuTLSSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-static int xmlSecGnuTLSSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
-
-#define xmlSecGnuTLSSymKeyDataCheckId(data) \
- (xmlSecKeyDataIsValid((data)) && \
- xmlSecGnuTLSSymKeyDataKlassCheck((data)->id))
-
-static int
-xmlSecGnuTLSSymKeyDataInitialize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
-
- return(xmlSecKeyDataBinaryValueInitialize(data));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(dst), -1);
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(src), -1);
- xmlSecAssert2(dst->id == src->id, -1);
-
- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-}
-
-static void
-xmlSecGnuTLSSymKeyDataFinalize(xmlSecKeyDataPtr data) {
- xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueFinalize(data);
-}
-
-static int
-xmlSecGnuTLSSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
- xmlSecAssert2(sizeBits > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecGnuTLSGenerateRandom(buffer, (sizeBits + 7) / 8));
-}
-
-static xmlSecKeyDataType
-xmlSecGnuTLSSymKeyDataGetType(xmlSecKeyDataPtr data) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
-
- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
-}
-
-static xmlSecSize
-xmlSecGnuTLSSymKeyDataGetSize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), 0);
-
- return(xmlSecKeyDataBinaryValueGetSize(data));
-}
-
-static void
-xmlSecGnuTLSSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugDump(data, output);
-}
-
-static void
-xmlSecGnuTLSSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
-}
-
-static int
-xmlSecGnuTLSSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
-#ifndef XMLSEC_NO_DES
- if(klass == xmlSecGnuTLSKeyDataDesId) {
- return(1);
- }
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(klass == xmlSecGnuTLSKeyDataAesId) {
- return(1);
- }
-#endif /* XMLSEC_NO_AES */
-
-#ifndef XMLSEC_NO_HMAC
- if(klass == xmlSecGnuTLSKeyDataHmacId) {
- return(1);
- }
-#endif /* XMLSEC_NO_HMAC */
-
- return(0);
-}
-
-#ifndef XMLSEC_NO_AES
/**************************************************************************
*
- * <xmlsec:AESKeyValue> processing
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
- *************************************************************************/
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataAesKlass = {
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
- /* data */
- xmlSecNameAESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefAESKeyValue, /* const xmlChar* href; */
- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
- /* constructors/destructor */
- xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
- xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
+#ifndef XMLSEC_NO_AES
/**
* xmlSecGnuTLSKeyDataAesGetKlass:
*
@@ -246,7 +43,7 @@ static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataAesKlass = {
*/
xmlSecKeyDataId
xmlSecGnuTLSKeyDataAesGetKlass(void) {
- return(&xmlSecGnuTLSKeyDataAesKlass);
+ return (xmlSecGCryptKeyDataAesGetKlass());
}
/**
@@ -261,63 +58,11 @@ xmlSecGnuTLSKeyDataAesGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataAesId), -1);
- xmlSecAssert2(buf != NULL, -1);
- xmlSecAssert2(bufSize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecBufferSetData(buffer, buf, bufSize));
+ return (xmlSecGCryptKeyDataAesSet(data, buf, bufSize));
}
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_DES
-/**************************************************************************
- *
- * <xmlsec:DESKeyValue> processing
- *
- *************************************************************************/
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDesKlass = {
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
-
- /* data */
- xmlSecNameDESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDESKeyValue, /* const xmlChar* href; */
- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
- xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
- xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSKeyDataDesGetKlass:
*
@@ -327,7 +72,7 @@ static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDesKlass = {
*/
xmlSecKeyDataId
xmlSecGnuTLSKeyDataDesGetKlass(void) {
- return(&xmlSecGnuTLSKeyDataDesKlass);
+ return (xmlSecGCryptKeyDataDesGetKlass());
}
/**
@@ -342,63 +87,12 @@ xmlSecGnuTLSKeyDataDesGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDesId), -1);
- xmlSecAssert2(buf != NULL, -1);
- xmlSecAssert2(bufSize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecBufferSetData(buffer, buf, bufSize));
+ return (xmlSecGCryptKeyDataDesSet(data, buf, bufSize));
}
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_HMAC
-/**************************************************************************
- *
- * <xmlsec:HMACKeyValue> processing
- *
- *************************************************************************/
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataHmacKlass = {
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
-
- /* data */
- xmlSecNameHMACKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
- xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
- xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
- xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
/**
* xmlSecGnuTLSKeyDataHmacGetKlass:
@@ -409,7 +103,7 @@ static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataHmacKlass = {
*/
xmlSecKeyDataId
xmlSecGnuTLSKeyDataHmacGetKlass(void) {
- return(&xmlSecGnuTLSKeyDataHmacKlass);
+ return (xmlSecGCryptKeyDataHmacGetKlass());
}
/**
@@ -424,16 +118,7 @@ xmlSecGnuTLSKeyDataHmacGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataHmacId), -1);
- xmlSecAssert2(buf != NULL, -1);
- xmlSecAssert2(bufSize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecBufferSetData(buffer, buf, bufSize));
+ return (xmlSecGCryptKeyDataHmacSet(data, buf, bufSize));
}
#endif /* XMLSEC_NO_HMAC */
diff --git a/xmlsec-gnutls.pc.in b/xmlsec-gnutls.pc.in
index e2c50a0..0c1faee 100644
--- a/xmlsec-gnutls.pc.in
+++ b/xmlsec-gnutls.pc.in
@@ -6,6 +6,6 @@ includedir= includedir@
Name: xmlsec1-gnutls
Version: @VERSION@
Description: XML Security Library implements XML Signature and XML Encryption standards
-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
Cflags: -DXMLSEC_CRYPTO=\\\"gnutls\\\" @XMLSEC_GNUTLS_CFLAGS@
-Libs: @XMLSEC_GNUTLS_LIBS@
+Libs: @XMLSEC_GNUTLS_LIBS@
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
