[xmlsec] check the key usage/type in the key match function (attempt to fix bug #728213)

[Aleksey Sanin <aleksey src gnome org>]

commit 1a801f8539b86cdcb6257b24b3f1df0b04800ae0
Author: Aleksey Sanin <aleksey aleksey com>
Date:   Tue May 20 19:41:06 2014 -0700

    check the key usage/type in the key match function (attempt to fix bug #728213)

 src/keys.c |   27 +++++++++++++++++++++++++++
 1 files changed, 27 insertions(+), 0 deletions(-)
---
diff --git a/src/keys.c b/src/keys.c
index 1d2f733..47fa28e 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -456,6 +456,7 @@ xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
  */
 int
 xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
+       xmlSecKeyDataType type;
     xmlSecAssert2(keyReq != NULL, -1);
     xmlSecAssert2(value != NULL, -1);
 
@@ -470,6 +471,32 @@ xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
 
         return(0);
     }
+
+    /* Check Key Type against intended usage */
+    type = xmlSecKeyDataGetType(value);
+    if(type != xmlSecKeyDataTypeUnknown) {
+               if((keyReq->keyUsage & xmlSecKeyUsageSign) != 0) {
+                       if((type & (xmlSecKeyDataTypePrivate | xmlSecKeyDataTypeSymmetric)) == 0) {
+                               return (0);
+                       }
+               }
+               if((keyReq->keyUsage & xmlSecKeyUsageVerify) != 0) {
+                       if((type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate | 
xmlSecKeyDataTypeSymmetric)) == 0) {
+                               return (0);
+                       }
+               }
+               if((keyReq->keyUsage & xmlSecKeyUsageEncrypt) != 0) {
+                       if((type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate | 
xmlSecKeyDataTypeSymmetric)) == 0) {
+                               return (0);
+                       }
+               }
+               if((keyReq->keyUsage & xmlSecKeyUsageDecrypt) != 0) {
+                       if((type & (xmlSecKeyDataTypePrivate | xmlSecKeyDataTypeSymmetric)) == 0) {
+                               return (0);
+                       }
+               }
+    }
+
     return(1);
 }