You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2010/06/29 02:44:28 UTC
svn commit: r958797 [1/2] - in /xml/security/trunk/c: ./
Projects/VC10.0/xsec/xsec_lib/ include/ lib/ src/dsig/ src/enc/
src/enc/OpenSSL/ src/framework/ src/tools/templatesign/ src/utils/
Author: scantor
Date: Tue Jun 29 00:44:27 2010
New Revision: 958797
URL: http://svn.apache.org/viewvc?rev=958797&view=rev
Log:
XML Sig 1.1 KeyInfo extensions and ECDSA classes/impl.
Added:
xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.cpp (with props)
xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.hpp (with props)
xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp (with props)
xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp (with props)
xml/security/trunk/c/src/enc/XSECCryptoKeyEC.hpp (with props)
xml/security/trunk/c/src/enc/XSECCryptoProvider.cpp (with props)
Modified:
xml/security/trunk/c/CHANGELOG.txt
xml/security/trunk/c/Projects/VC10.0/xsec/xsec_lib/xsec_lib.vcxproj
xml/security/trunk/c/configure.ac
xml/security/trunk/c/include/Makefile.am
xml/security/trunk/c/lib/Makefile.am
xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp
xml/security/trunk/c/src/dsig/DSIGConstants.cpp
xml/security/trunk/c/src/dsig/DSIGConstants.hpp
xml/security/trunk/c/src/dsig/DSIGKeyInfo.hpp
xml/security/trunk/c/src/dsig/DSIGKeyInfoList.cpp
xml/security/trunk/c/src/dsig/DSIGKeyInfoList.hpp
xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.cpp
xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.hpp
xml/security/trunk/c/src/dsig/DSIGSignature.cpp
xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp
xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp
xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp
xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp
xml/security/trunk/c/src/enc/XSECCryptoException.cpp
xml/security/trunk/c/src/enc/XSECCryptoException.hpp
xml/security/trunk/c/src/enc/XSECCryptoKey.hpp
xml/security/trunk/c/src/enc/XSECCryptoKeyDSA.hpp
xml/security/trunk/c/src/enc/XSECCryptoKeyRSA.hpp
xml/security/trunk/c/src/enc/XSECCryptoProvider.hpp
xml/security/trunk/c/src/enc/XSECKeyInfoResolverDefault.cpp
xml/security/trunk/c/src/framework/XSECConfig.hpp.in
xml/security/trunk/c/src/framework/XSECEnv.cpp
xml/security/trunk/c/src/framework/XSECEnv.hpp
xml/security/trunk/c/src/framework/XSECW32Config.hpp
xml/security/trunk/c/src/tools/templatesign/templatesign.cpp
xml/security/trunk/c/src/utils/XSECDOMUtils.cpp
xml/security/trunk/c/src/utils/XSECDOMUtils.hpp
Modified: xml/security/trunk/c/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/CHANGELOG.txt?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/CHANGELOG.txt (original)
+++ xml/security/trunk/c/CHANGELOG.txt Tue Jun 29 00:44:27 2010
@@ -13,6 +13,8 @@ Changes since 1.5.1
* Fix for bug#49459, more header guards (SC)
* Expose algorithm URI on Signature and Reference objects (SC)
* White/blacklisting of otherwise registered algorithms (SC)
+* Add selected XML Signature 1.1 KeyInfo extensions (SC)
+* Add elliptic curve signatures via ECDSA (SC)
Changes between 1.5 and 1.5.1
=====================================
Modified: xml/security/trunk/c/Projects/VC10.0/xsec/xsec_lib/xsec_lib.vcxproj
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/Projects/VC10.0/xsec/xsec_lib/xsec_lib.vcxproj?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/Projects/VC10.0/xsec/xsec_lib/xsec_lib.vcxproj (original)
+++ xml/security/trunk/c/Projects/VC10.0/xsec/xsec_lib/xsec_lib.vcxproj Tue Jun 29 00:44:27 2010
@@ -453,6 +453,7 @@ xcopy /I /s /f ..\..\..\..\src\*.hpp ..\
<ClCompile Include="..\..\..\..\src\canon\XSECXMLNSStack.cpp" />
<ClCompile Include="..\..\..\..\src\dsig\DSIGAlgorithmHandlerDefault.cpp" />
<ClCompile Include="..\..\..\..\src\dsig\DSIGConstants.cpp" />
+ <ClCompile Include="..\..\..\..\src\dsig\DSIGKeyInfoDEREncoded.cpp" />
<ClCompile Include="..\..\..\..\src\dsig\DSIGKeyInfoExt.cpp" />
<ClCompile Include="..\..\..\..\src\dsig\DSIGKeyInfoList.cpp" />
<ClCompile Include="..\..\..\..\src\dsig\DSIGKeyInfoMgmtData.cpp" />
@@ -476,8 +477,10 @@ xcopy /I /s /f ..\..\..\..\src\*.hpp ..\
<ClCompile Include="..\..\..\..\src\dsig\DSIGTransformXSL.cpp" />
<ClCompile Include="..\..\..\..\src\dsig\DSIGXPathFilterExpr.cpp" />
<ClCompile Include="..\..\..\..\src\dsig\DSIGXPathHere.cpp" />
+ <ClCompile Include="..\..\..\..\src\enc\OpenSSL\OpenSSLCryptoKeyEC.cpp" />
<ClCompile Include="..\..\..\..\src\enc\XSECCryptoBase64.cpp" />
<ClCompile Include="..\..\..\..\src\enc\XSECCryptoException.cpp" />
+ <ClCompile Include="..\..\..\..\src\enc\XSECCryptoProvider.cpp" />
<ClCompile Include="..\..\..\..\src\enc\XSECCryptoUtils.cpp" />
<ClCompile Include="..\..\..\..\src\enc\XSECCryptoX509.cpp" />
<ClCompile Include="..\..\..\..\src\enc\XSECKeyInfoResolverDefault.cpp" />
@@ -598,6 +601,7 @@ xcopy /I /s /f ..\..\..\..\src\*.hpp ..\
<ClInclude Include="..\..\..\..\src\dsig\DSIGAlgorithmHandlerDefault.hpp" />
<ClInclude Include="..\..\..\..\src\dsig\DSIGConstants.hpp" />
<ClInclude Include="..\..\..\..\src\dsig\DSIGKeyInfo.hpp" />
+ <ClInclude Include="..\..\..\..\src\dsig\DSIGKeyInfoDEREncoded.hpp" />
<ClInclude Include="..\..\..\..\src\dsig\DSIGKeyInfoExt.hpp" />
<ClInclude Include="..\..\..\..\src\dsig\DSIGKeyInfoList.hpp" />
<ClInclude Include="..\..\..\..\src\dsig\DSIGKeyInfoMgmtData.hpp" />
@@ -621,6 +625,8 @@ xcopy /I /s /f ..\..\..\..\src\*.hpp ..\
<ClInclude Include="..\..\..\..\src\dsig\DSIGTransformXSL.hpp" />
<ClInclude Include="..\..\..\..\src\dsig\DSIGXPathFilterExpr.hpp" />
<ClInclude Include="..\..\..\..\src\dsig\DSIGXPathHere.hpp" />
+ <ClInclude Include="..\..\..\..\src\enc\OpenSSL\OpenSSLCryptoKeyEC.hpp" />
+ <ClInclude Include="..\..\..\..\src\enc\XSECCryptoKeyEC.hpp" />
<ClInclude Include="..\..\..\..\src\framework\resource.h" />
<ClInclude Include="..\..\..\..\src\enc\XSECCryptoBase64.hpp" />
<ClInclude Include="..\..\..\..\src\enc\XSECCryptoException.hpp" />
Modified: xml/security/trunk/c/configure.ac
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/configure.ac?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/configure.ac (original)
+++ xml/security/trunk/c/configure.ac Tue Jun 29 00:44:27 2010
@@ -851,6 +851,10 @@ AC_TRY_LINK([#include <openssl/evp.h>],
[AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
[AC_MSG_RESULT([no])])
+AC_CHECK_DECL(EVP_PKEY_set1_EC_KEY,
+ [AC_DEFINE(XSEC_OPENSSL_HAVE_EC)],
+ ,[#include <openssl/evp.h>])
+
AC_CHECK_DECL(EVP_CIPHER_CTX_set_padding,
[AC_DEFINE(XSEC_OPENSSL_CANSET_PADDING)],
,[#include <openssl/evp.h>])
Modified: xml/security/trunk/c/include/Makefile.am
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/include/Makefile.am?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/include/Makefile.am (original)
+++ xml/security/trunk/c/include/Makefile.am Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
#
-# Copyright 2006 The Apache Software Foundation.
+# Copyright 2006-2010 The Apache Software Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,6 +39,7 @@ lib_includes += \
xsec/enc/XSECCryptoKeyHMAC.hpp \
xsec/enc/XSECCryptoX509.hpp \
xsec/enc/XSECCryptoKeyDSA.hpp \
+ xsec/enc/XSECCryptoKeyEC.hpp \
xsec/enc/XSECKeyInfoResolver.hpp \
xsec/enc/XSECCryptoHash.hpp \
xsec/enc/XSECCryptoBase64.hpp \
@@ -61,6 +62,7 @@ lib_includes += \
xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp \
xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp \
xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp \
+ xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp \
xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp \
xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp
@@ -84,6 +86,7 @@ lib_includes += \
xsec/dsig/DSIGKeyInfoX509.hpp \
xsec/dsig/DSIGKeyInfoList.hpp \
xsec/dsig/DSIGKeyInfoValue.hpp \
+ xsec/dsig/DSIGKeyInfoDEREncoded.hpp \
xsec/dsig/DSIGTransformC14n.hpp \
xsec/dsig/DSIGTransformXSL.hpp \
xsec/dsig/DSIGKeyInfo.hpp \
Modified: xml/security/trunk/c/lib/Makefile.am
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/lib/Makefile.am?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/lib/Makefile.am (original)
+++ xml/security/trunk/c/lib/Makefile.am Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
#
-# Copyright 2006 The Apache Software Foundation.
+# Copyright 2006-2010 The Apache Software Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -83,6 +83,8 @@ dsig_sources = \
../src/dsig/DSIGReferenceList.cpp \
../src/dsig/DSIGKeyInfoValue.hpp \
../src/dsig/DSIGKeyInfoValue.cpp \
+ ../src/dsig/DSIGKeyInfoDEREncoded.hpp \
+ ../src/dsig/DSIGKeyInfoDEREncoded.cpp \
../src/dsig/DSIGXPathHere.hpp \
../src/dsig/DSIGXPathHere.cpp \
../src/dsig/DSIGAlgorithmHandlerDefault.hpp \
@@ -147,7 +149,9 @@ enc_sources = \
../src/enc/XSCrypt/XSCryptCryptoBase64.hpp \
../src/enc/XSCrypt/XSCryptCryptoBase64.cpp \
../src/enc/XSECCryptoKeyDSA.hpp \
+ ../src/enc/XSECCryptoKeyEC.hpp \
../src/enc/XSECCryptoProvider.hpp \
+ ../src/enc/XSECCryptoProvider.cpp \
../src/enc/XSECKeyInfoResolver.hpp \
../src/enc/XSECCryptoSymmetricKey.hpp \
../src/enc/XSECCryptoException.hpp \
@@ -396,6 +400,7 @@ xkms_sources = \
openssl_sources = \
../src/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp \
../src/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp \
+ ../src/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp \
../src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp \
../src/enc/OpenSSL/OpenSSLCryptoHash.cpp \
../src/enc/OpenSSL/OpenSSLCryptoProvider.hpp \
@@ -407,6 +412,7 @@ openssl_sources = \
../src/enc/OpenSSL/OpenSSLCryptoBase64.cpp \
../src/enc/OpenSSL/OpenSSLCryptoHash.hpp \
../src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp \
+ ../src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp \
../src/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp \
../src/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp \
../src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp \
Modified: xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGAlgorithmHandlerDefault.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2005 The Apache Software Foundation.
+ * Copyright 2003-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -449,6 +449,36 @@ unsigned int DSIGAlgorithmHandlerDefault
break;
+ case (XSECCryptoKey::KEY_EC_PRIVATE) :
+ case (XSECCryptoKey::KEY_EC_PAIR) :
+
+ if (sm != SIGNATURE_ECDSA) {
+
+ throw XSECException(XSECException::AlgorithmMapperError,
+ "Key type does not match <SignedInfo> signature type");
+
+ }
+
+ b64Len = ((XSECCryptoKeyEC *) key)->signBase64SignatureDSA(
+ hash,
+ hashLen,
+ (char *) b64Buf,
+ 1024);
+
+ if (b64Len <= 0) {
+
+ throw XSECException(XSECException::AlgorithmMapperError,
+ "Unknown error occured during an ECDSA Signing operation");
+
+ }
+
+ if (b64Buf[b64Len-1] == '\n')
+ b64Buf[b64Len-1] = '\0';
+ else
+ b64Buf[b64Len] = '\0';
+
+ break;
+
case (XSECCryptoKey::KEY_HMAC) :
if (sm != SIGNATURE_HMAC) {
@@ -563,6 +593,24 @@ bool DSIGAlgorithmHandlerDefault::verify
break;
+ case (XSECCryptoKey::KEY_EC_PUBLIC) :
+ case (XSECCryptoKey::KEY_EC_PAIR) :
+
+ if (sm != SIGNATURE_ECDSA) {
+
+ throw XSECException(XSECException::AlgorithmMapperError,
+ "Key type does not match <SignedInfo> signature type");
+
+ }
+
+ sigVfyRet = ((XSECCryptoKeyEC *) key)->verifyBase64SignatureDSA(
+ hash,
+ hashLen,
+ (char *) sig,
+ (unsigned int) strlen(sig));
+
+ break;
+
case (XSECCryptoKey::KEY_HMAC) :
// Already done - just compare calculated value with read value
Modified: xml/security/trunk/c/src/dsig/DSIGConstants.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGConstants.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGConstants.cpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGConstants.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -46,7 +46,6 @@ XERCES_CPP_NAMESPACE_USE
// Some useful defines
// --------------------------------------------------------------------------------
-/*
static XMLCh s_dsa[] = {
chLatin_d,
@@ -54,7 +53,6 @@ static XMLCh s_dsa[] = {
chLatin_a,
chNull
};
-*/
static XMLCh s_rsa[] = {
@@ -64,6 +62,16 @@ static XMLCh s_rsa[] = {
chNull
};
+static XMLCh s_ecdsa[] = {
+
+ chLatin_e,
+ chLatin_c,
+ chLatin_d,
+ chLatin_s,
+ chLatin_a,
+ chNull
+};
+
static XMLCh s_hmac[] = {
chLatin_h,
@@ -139,20 +147,21 @@ static XMLCh s_md5[] = {
// --------------------------------------------------------------------------------
const XMLCh * DSIGConstants::s_unicodeStrEmpty; // ""
-const XMLCh * DSIGConstants::s_unicodeStrNL; // "\n"
+const XMLCh * DSIGConstants::s_unicodeStrNL; // "\n"
const XMLCh * DSIGConstants::s_unicodeStrXmlns; // "xmlns"
const XMLCh * DSIGConstants::s_unicodeStrURI;
const XMLCh * DSIGConstants::s_unicodeStrAlgorithm;
const XMLCh * DSIGConstants::s_unicodeStrURIDSIG;
+const XMLCh * DSIGConstants::s_unicodeStrURIDSIG11;
const XMLCh * DSIGConstants::s_unicodeStrURIEC;
const XMLCh * DSIGConstants::s_unicodeStrURIXPF;
const XMLCh * DSIGConstants::s_unicodeStrURIXENC;
const XMLCh * DSIGConstants::s_unicodeStrURISIGBASE;
const XMLCh * DSIGConstants::s_unicodeStrURISIGBASEMORE;
-
+const XMLCh * DSIGConstants::s_unicodeStrURISIGBASE11;
const XMLCh * DSIGConstants::s_unicodeStrURIRawX509;
const XMLCh * DSIGConstants::s_unicodeStrURISHA1;
@@ -171,7 +180,9 @@ const XMLCh * DSIGConstants::s_unicodeSt
const XMLCh * DSIGConstants::s_unicodeStrURIC14N11_COM;
const XMLCh * DSIGConstants::s_unicodeStrURIEXC_C14N_NOC;
const XMLCh * DSIGConstants::s_unicodeStrURIEXC_C14N_COM;
+
const XMLCh * DSIGConstants::s_unicodeStrURIDSA_SHA1;
+const XMLCh * DSIGConstants::s_unicodeStrURIDSA_SHA256;
const XMLCh * DSIGConstants::s_unicodeStrURIRSA_MD5;
const XMLCh * DSIGConstants::s_unicodeStrURIRSA_SHA1;
@@ -180,6 +191,11 @@ const XMLCh * DSIGConstants::s_unicodeSt
const XMLCh * DSIGConstants::s_unicodeStrURIRSA_SHA384;
const XMLCh * DSIGConstants::s_unicodeStrURIRSA_SHA512;
+const XMLCh * DSIGConstants::s_unicodeStrURIECDSA_SHA1;
+const XMLCh * DSIGConstants::s_unicodeStrURIECDSA_SHA256;
+const XMLCh * DSIGConstants::s_unicodeStrURIECDSA_SHA384;
+const XMLCh * DSIGConstants::s_unicodeStrURIECDSA_SHA512;
+
const XMLCh * DSIGConstants::s_unicodeStrURIHMAC_SHA1;
const XMLCh * DSIGConstants::s_unicodeStrURIHMAC_SHA224;
const XMLCh * DSIGConstants::s_unicodeStrURIHMAC_SHA256;
@@ -224,12 +240,14 @@ void DSIGConstants::create() {
s_unicodeStrURIRawX509 = XMLString::transcode(URI_ID_RAWX509);
s_unicodeStrURIDSIG = XMLString::transcode(URI_ID_DSIG);
+ s_unicodeStrURIDSIG11 = XMLString::transcode(URI_ID_DSIG11);
s_unicodeStrURIEC = XMLString::transcode(URI_ID_EC);
s_unicodeStrURIXPF = XMLString::transcode(URI_ID_XPF);
s_unicodeStrURIXENC = XMLString::transcode(URI_ID_XENC);
s_unicodeStrURISIGBASE = XMLString::transcode(URI_ID_SIG_BASE);
s_unicodeStrURISIGBASEMORE = XMLString::transcode(URI_ID_SIG_BASEMORE);
+ s_unicodeStrURISIGBASE11 = XMLString::transcode(URI_ID_SIG_BASE11);
s_unicodeStrURISHA1 = XMLString::transcode(URI_ID_SHA1);
s_unicodeStrURISHA224 = XMLString::transcode(URI_ID_SHA224);
@@ -247,7 +265,9 @@ void DSIGConstants::create() {
s_unicodeStrURIC14N11_COM = XMLString::transcode(URI_ID_C14N11_COM);
s_unicodeStrURIEXC_C14N_NOC = XMLString::transcode(URI_ID_EXC_C14N_NOC);
s_unicodeStrURIEXC_C14N_COM = XMLString::transcode(URI_ID_EXC_C14N_COM);
+
s_unicodeStrURIDSA_SHA1 = XMLString::transcode(URI_ID_DSA_SHA1);
+ s_unicodeStrURIDSA_SHA256 = XMLString::transcode(URI_ID_DSA_SHA256);
s_unicodeStrURIRSA_MD5 = XMLString::transcode(URI_ID_RSA_MD5);
s_unicodeStrURIRSA_SHA1 = XMLString::transcode(URI_ID_RSA_SHA1);
@@ -255,11 +275,18 @@ void DSIGConstants::create() {
s_unicodeStrURIRSA_SHA256 = XMLString::transcode(URI_ID_RSA_SHA256);
s_unicodeStrURIRSA_SHA384 = XMLString::transcode(URI_ID_RSA_SHA384);
s_unicodeStrURIRSA_SHA512 = XMLString::transcode(URI_ID_RSA_SHA512);
+
+ s_unicodeStrURIECDSA_SHA1 = XMLString::transcode(URI_ID_ECDSA_SHA1);
+ s_unicodeStrURIECDSA_SHA256 = XMLString::transcode(URI_ID_ECDSA_SHA256);
+ s_unicodeStrURIECDSA_SHA384 = XMLString::transcode(URI_ID_ECDSA_SHA384);
+ s_unicodeStrURIECDSA_SHA512 = XMLString::transcode(URI_ID_ECDSA_SHA512);
+
s_unicodeStrURIHMAC_SHA1 = XMLString::transcode(URI_ID_HMAC_SHA1);
s_unicodeStrURIHMAC_SHA224 = XMLString::transcode(URI_ID_HMAC_SHA224);
s_unicodeStrURIHMAC_SHA256 = XMLString::transcode(URI_ID_HMAC_SHA256);
s_unicodeStrURIHMAC_SHA384 = XMLString::transcode(URI_ID_HMAC_SHA384);
s_unicodeStrURIHMAC_SHA512 = XMLString::transcode(URI_ID_HMAC_SHA512);
+
s_unicodeStrURIXMLNS = XMLString::transcode(URI_ID_XMLNS);
s_unicodeStrURIMANIFEST = XMLString::transcode(URI_ID_MANIFEST);
@@ -279,8 +306,7 @@ void DSIGConstants::create() {
s_unicodeStrPROVOpenSSL = XMLString::transcode(PROV_OPENSSL);
s_unicodeStrPROVWinCAPI = XMLString::transcode(PROV_WINCAPI);
- s_unicodeStrPROVNSS = XMLString::transcode(PROV_NSS);
-
+ s_unicodeStrPROVNSS = XMLString::transcode(PROV_NSS);
}
@@ -296,12 +322,14 @@ void DSIGConstants::destroy() {
XSEC_RELEASE_XMLCH(s_unicodeStrURIRawX509);
XSEC_RELEASE_XMLCH(s_unicodeStrURIDSIG);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURIDSIG11);
XSEC_RELEASE_XMLCH(s_unicodeStrURIEC);
XSEC_RELEASE_XMLCH(s_unicodeStrURIXPF);
XSEC_RELEASE_XMLCH(s_unicodeStrURIXENC);
XSEC_RELEASE_XMLCH(s_unicodeStrURISIGBASE);
XSEC_RELEASE_XMLCH(s_unicodeStrURISIGBASEMORE);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURISIGBASE11);
XSEC_RELEASE_XMLCH(s_unicodeStrURISHA1);
XSEC_RELEASE_XMLCH(s_unicodeStrURISHA224);
@@ -320,12 +348,17 @@ void DSIGConstants::destroy() {
XSEC_RELEASE_XMLCH(s_unicodeStrURIEXC_C14N_NOC);
XSEC_RELEASE_XMLCH(s_unicodeStrURIEXC_C14N_COM);
XSEC_RELEASE_XMLCH(s_unicodeStrURIDSA_SHA1);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURIDSA_SHA256);
XSEC_RELEASE_XMLCH(s_unicodeStrURIRSA_MD5);
XSEC_RELEASE_XMLCH(s_unicodeStrURIRSA_SHA1);
XSEC_RELEASE_XMLCH(s_unicodeStrURIRSA_SHA224);
XSEC_RELEASE_XMLCH(s_unicodeStrURIRSA_SHA256);
XSEC_RELEASE_XMLCH(s_unicodeStrURIRSA_SHA384);
XSEC_RELEASE_XMLCH(s_unicodeStrURIRSA_SHA512);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURIECDSA_SHA1);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURIECDSA_SHA256);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURIECDSA_SHA384);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURIECDSA_SHA512);
XSEC_RELEASE_XMLCH(s_unicodeStrURIHMAC_SHA1);
XSEC_RELEASE_XMLCH(s_unicodeStrURIHMAC_SHA224);
XSEC_RELEASE_XMLCH(s_unicodeStrURIHMAC_SHA256);
@@ -440,7 +473,7 @@ bool XSECmapURIToSignatureMethods(const
if (XMLString::compareNString(URI, DSIGConstants::s_unicodeStrURISIGBASEMORE, cnt) == 0) {
- // Have an "new" algorithm
+ // Have a "new" algorithm
if (XMLString::compareNString(&URI[cnt], s_hmac, 4) == 0) {
// Some kind of HMAC
@@ -452,17 +485,37 @@ bool XSECmapURIToSignatureMethods(const
return getHashMethod(&(URI[cnt+5]), hm);
}
-
- if (XMLString::compareNString(&URI[cnt], s_rsa, 3) == 0) {
+ else if (XMLString::compareNString(&URI[cnt], s_rsa, 3) == 0) {
sm = SIGNATURE_RSA;
if (URI[cnt+3] != chDash)
return false;
return getHashMethod(&(URI[cnt+4]), hm);
}
+ else if (XMLString::compareNString(&URI[cnt], s_ecdsa, 5) == 0) {
+
+ sm = SIGNATURE_ECDSA;
+ if (URI[cnt+5] != chDash)
+ return false;
+ return getHashMethod(&(URI[cnt+6]), hm);
+ }
}
+ cnt = XMLString::stringLen(DSIGConstants::s_unicodeStrURISIGBASE11);
+
+ if (XMLString::compareNString(URI, DSIGConstants::s_unicodeStrURISIGBASE11, cnt) == 0) {
+
+ if (XMLString::compareNString(&URI[cnt], s_dsa, 3) == 0) {
+
+ sm = SIGNATURE_DSA;
+ if (URI[cnt+3] != chDash)
+ return false;
+ return getHashMethod(&(URI[cnt+4]), hm);
+ }
+
+ }
+
sm = SIGNATURE_NONE;
hm = HASH_NONE;
return false;
Modified: xml/security/trunk/c/src/dsig/DSIGConstants.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGConstants.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGConstants.hpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGConstants.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -38,6 +38,7 @@ XSEC_USING_XERCES(XMLString);
// Name Spaces
#define URI_ID_DSIG "http://www.w3.org/2000/09/xmldsig#"
+#define URI_ID_DSIG11 "http://www.w3.org/2009/xmldsig11#"
#define URI_ID_EC "http://www.w3.org/2001/10/xml-exc-c14n#"
// Also used as algorithm ID for XPATH_FILTER
#define URI_ID_XPF "http://www.w3.org/2002/06/xmldsig-filter2"
@@ -88,7 +89,9 @@ XSEC_USING_XERCES(XMLString);
#define URI_ID_SIG_BASE "http://www.w3.org/2000/09/xmldsig#"
#define URI_ID_SIG_BASEMORE "http://www.w3.org/2001/04/xmldsig-more#"
+#define URI_ID_SIG_BASE11 "http://www.w3.org/2009/xmldsig11#"
#define URI_ID_SIG_DSA "dsa"
+#define URI_ID_SIG_ECDSA "ecdsa"
#define URI_ID_SIG_HMAC "hmac"
#define URI_ID_SIG_SHA1 "sha1"
#define URI_ID_SIG_SHA224 "sha224"
@@ -99,6 +102,7 @@ XSEC_USING_XERCES(XMLString);
#define URI_ID_SIG_MD5 "md5"
#define URI_ID_DSA_SHA1 "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
+#define URI_ID_DSA_SHA256 "http://www.w3.org/2009/xmldsig11#dsa-sha256"
#define URI_ID_HMAC_SHA1 "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
#define URI_ID_HMAC_SHA224 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
#define URI_ID_HMAC_SHA256 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
@@ -110,6 +114,10 @@ XSEC_USING_XERCES(XMLString);
#define URI_ID_RSA_SHA384 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
#define URI_ID_RSA_SHA512 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
#define URI_ID_RSA_MD5 "http://www.w3.org/2001/04/xmldsig-more#rsa-md5"
+#define URI_ID_ECDSA_SHA1 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"
+#define URI_ID_ECDSA_SHA256 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"
+#define URI_ID_ECDSA_SHA384 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"
+#define URI_ID_ECDSA_SHA512 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"
// Encryption defines
#define URI_ID_XENC_ELEMENT "http://www.w3.org/2001/04/xmlenc#Element"
@@ -145,7 +153,8 @@ enum signatureMethod {
SIGNATURE_NONE = 0, // No method defined
SIGNATURE_DSA = 1, // DSA
SIGNATURE_HMAC = 2, // Hash MAC
- SIGNATURE_RSA = 3 // RSA
+ SIGNATURE_RSA = 3, // RSA
+ SIGNATURE_ECDSA = 4 // ECDSA
};
@@ -248,8 +257,10 @@ bool canonicalizationMethod2URI(safeBuff
inline
bool signatureHashMethod2URI(safeBuffer &uri, signatureMethod sm, hashMethod hm) {
- if (hm < HASH_MD5)
+ if (hm < HASH_MD5 && sm != SIGNATURE_ECDSA)
uri = URI_ID_SIG_BASE;
+ else if (hm == HASH_SHA256 && sm == SIGNATURE_DSA)
+ uri = URI_ID_SIG_BASE11;
else
uri = URI_ID_SIG_BASEMORE;
@@ -270,6 +281,11 @@ bool signatureHashMethod2URI(safeBuffer
uri.sbStrcatIn(URI_ID_SIG_RSA);
break;
+ case (SIGNATURE_ECDSA) :
+
+ uri.sbStrcatIn(URI_ID_SIG_ECDSA);
+ break;
+
default :
return false;
@@ -440,7 +456,7 @@ public:
// General strings
static const XMLCh * s_unicodeStrEmpty; // ""
- static const XMLCh * s_unicodeStrNL; // "\n"
+ static const XMLCh * s_unicodeStrNL; // "\n"
static const XMLCh * s_unicodeStrXmlns; // "xmlns"
static const XMLCh * s_unicodeStrURI; // "URI"
@@ -449,12 +465,14 @@ public:
// URI_IDs
static const XMLCh * s_unicodeStrURIDSIG;
+ static const XMLCh * s_unicodeStrURIDSIG11;
static const XMLCh * s_unicodeStrURIEC;
static const XMLCh * s_unicodeStrURIXPF;
static const XMLCh * s_unicodeStrURIXENC;
static const XMLCh * s_unicodeStrURISIGBASE;
static const XMLCh * s_unicodeStrURISIGBASEMORE;
+ static const XMLCh * s_unicodeStrURISIGBASE11;
static const XMLCh * s_unicodeStrURIRawX509;
static const XMLCh * s_unicodeStrURISHA1;
@@ -473,7 +491,9 @@ public:
static const XMLCh * s_unicodeStrURIC14N11_COM;
static const XMLCh * s_unicodeStrURIEXC_C14N_NOC;
static const XMLCh * s_unicodeStrURIEXC_C14N_COM;
+
static const XMLCh * s_unicodeStrURIDSA_SHA1;
+ static const XMLCh * s_unicodeStrURIDSA_SHA256;
static const XMLCh * s_unicodeStrURIRSA_MD5;
static const XMLCh * s_unicodeStrURIRSA_SHA1;
@@ -482,6 +502,11 @@ public:
static const XMLCh * s_unicodeStrURIRSA_SHA384;
static const XMLCh * s_unicodeStrURIRSA_SHA512;
+ static const XMLCh * s_unicodeStrURIECDSA_SHA1;
+ static const XMLCh * s_unicodeStrURIECDSA_SHA256;
+ static const XMLCh * s_unicodeStrURIECDSA_SHA384;
+ static const XMLCh * s_unicodeStrURIECDSA_SHA512;
+
static const XMLCh * s_unicodeStrURIHMAC_SHA1;
static const XMLCh * s_unicodeStrURIHMAC_SHA224;
static const XMLCh * s_unicodeStrURIHMAC_SHA256;
@@ -509,7 +534,7 @@ public:
// Internal Crypto Providers
static const XMLCh * s_unicodeStrPROVOpenSSL;
static const XMLCh * s_unicodeStrPROVWinCAPI;
- static const XMLCh * s_unicodeStrPROVNSS;
+ static const XMLCh * s_unicodeStrPROVNSS;
DSIGConstants();
Modified: xml/security/trunk/c/src/dsig/DSIGKeyInfo.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGKeyInfo.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGKeyInfo.hpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGKeyInfo.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2009 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -73,14 +73,16 @@ public:
enum keyInfoType {
KEYINFO_EXTENSION = 0, // Extension type unknown to library
KEYINFO_NOTSET = 1, // Empty key type
- KEYINFO_X509 = 2, // X509 Certificate (with embedded key)
+ KEYINFO_X509 = 2, // X.509 Certificate-Related Data
KEYINFO_VALUE_DSA = 3, // DSA Key
- KEYINFO_VALUE_RSA = 4,
- KEYINFO_NAME = 5, // A name of a key (application dependant)
- KEYINFO_PGPDATA = 6, // A PGP key
- KEYINFO_SPKIDATA = 7,
+ KEYINFO_VALUE_RSA = 4, // RSA Key
+ KEYINFO_NAME = 5, // Name of a key (application dependant)
+ KEYINFO_PGPDATA = 6, // PGP Key
+ KEYINFO_SPKIDATA = 7, // SPKI Key
KEYINFO_MGMTDATA = 8, // Management data
- KEYINFO_ENCRYPTEDKEY = 9 // XML Encryption - Encrypted Key
+ KEYINFO_ENCRYPTEDKEY = 9, // XML Encryption - Encrypted Key
+ KEYINFO_VALUE_EC = 10, // ECC Key
+ KEYINFO_DERENCODED = 11 // DER-Encoded Key
};
public:
Added: xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.cpp?rev=958797&view=auto
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.cpp (added)
+++ xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.cpp Tue Jun 29 00:44:27 2010
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2010 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * XSEC
+ *
+ * DSIGKeyInfoDEREncoded := DER-encoded key information
+ *
+ * Author(s): Scott Cantor
+ *
+ * $Id:$
+ *
+ */
+
+#include <xsec/dsig/DSIGKeyInfoDEREncoded.hpp>
+#include <xsec/framework/XSECError.hpp>
+#include <xsec/utils/XSECDOMUtils.hpp>
+#include <xsec/dsig/DSIGSignature.hpp>
+#include <xsec/framework/XSECEnv.hpp>
+
+#include <xercesc/util/Janitor.hpp>
+
+XERCES_CPP_NAMESPACE_USE
+
+// --------------------------------------------------------------------------------
+// Constructors and Destructors
+// --------------------------------------------------------------------------------
+
+
+DSIGKeyInfoDEREncoded::DSIGKeyInfoDEREncoded(const XSECEnv * env, DOMNode *nameNode) :
+DSIGKeyInfo(env),
+mp_data(NULL),
+mp_dataTextNode(0) {
+
+ mp_keyInfoDOMNode = nameNode;
+
+}
+
+
+DSIGKeyInfoDEREncoded::DSIGKeyInfoDEREncoded(const XSECEnv * env) :
+DSIGKeyInfo(env),
+mp_data(NULL),
+mp_dataTextNode(0) {
+
+ mp_keyInfoDOMNode = 0;
+
+}
+
+
+DSIGKeyInfoDEREncoded::~DSIGKeyInfoDEREncoded() {
+
+
+};
+
+// --------------------------------------------------------------------------------
+// Load and Get functions
+// --------------------------------------------------------------------------------
+
+
+void DSIGKeyInfoDEREncoded::load(void) {
+
+ // Assuming we have a valid DOM_Node to start with, load the signing key so that it can
+ // be used later on
+
+ if (mp_keyInfoDOMNode == NULL) {
+
+ // Attempt to load an empty element
+ throw XSECException(XSECException::KeyInfoError,
+ "DSIGKeyInfoDEREncoded::load - called on empty DOM");
+
+ }
+
+ if (!strEquals(getDSIG11LocalName(mp_keyInfoDOMNode), "DEREncodedKeyValue")) {
+
+ throw XSECException(XSECException::KeyInfoError,
+ "DSIGKeyInfoDEREncoded::load - called on non <ds11::DEREncodedKeyValue> node");
+
+ }
+
+ // Now find the text node containing the name
+
+ DOMNode *tmpElt = findFirstChildOfType(mp_keyInfoDOMNode, DOMNode::TEXT_NODE);
+
+ if (tmpElt != 0) {
+
+ mp_dataTextNode = tmpElt;
+ mp_data = tmpElt->getNodeValue();
+
+ }
+
+ else {
+
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "DSIGKeyInfoDEREncoded::load - Expected TEXT node as child to <ds11::DEREncodedKeyValue> element");
+
+ }
+
+}
+
+// --------------------------------------------------------------------------------
+// Create and Set functions
+// --------------------------------------------------------------------------------
+
+DOMElement * DSIGKeyInfoDEREncoded::createBlankDEREncoded(const XMLCh * data) {
+
+ // Create the DOM Structure
+
+ safeBuffer str;
+ DOMDocument *doc = mp_env->getParentDocument();
+ const XMLCh * prefix = mp_env->getDSIG11NSPrefix();
+
+ makeQName(str, prefix, "DEREncodedKeyValue");
+
+ DOMElement *ret = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG11, str.rawXMLChBuffer());
+ mp_keyInfoDOMNode = ret;
+
+ // Check whether to encode prior to adding
+ mp_dataTextNode = doc->createTextNode(data);
+
+ ret->appendChild(mp_dataTextNode);
+
+ mp_data = mp_dataTextNode->getNodeValue();
+
+ return ret;
+
+}
+
+void DSIGKeyInfoDEREncoded::setData(const XMLCh * data) {
+
+ if (mp_dataTextNode == 0) {
+
+ // Attempt to set an empty element
+ throw XSECException(XSECException::KeyInfoError,
+ "DSIGKeyInfoDEREncoded::setData() called prior to load() or createBlank()");
+
+ }
+
+ mp_dataTextNode->setNodeValue(data);
+ mp_data = mp_dataTextNode->getNodeValue();
+
+}
+
Propchange: xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.cpp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.cpp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.hpp?rev=958797&view=auto
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.hpp (added)
+++ xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.hpp Tue Jun 29 00:44:27 2010
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2010 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * XSEC
+ *
+ * DSIGKeyInfoDEREncoded := DEREncodedKeyValue - used for conveying DER-encoded keys
+ *
+ * Author(s): Scott Cantor
+ *
+ * $Id:$
+ *
+ */
+
+#ifndef DSIGKEYINFODERENCODED_INCLUDE
+#define DSIGKEYINFODERENCODED_INCLUDE
+
+#include <xsec/dsig/DSIGKeyInfo.hpp>
+#include <xsec/utils/XSECPlatformUtils.hpp>
+
+XSEC_DECLARE_XERCES_CLASS(DOMElement);
+
+/**
+ * @ingroup pubsig
+ */
+
+/**
+ * @brief The class for \<ds11::DEREncodedKeyValue\> nodes in a KeyInfo list.
+ *
+ * Class for holding DER-encoded key information.
+ *
+ */
+
+
+
+class DSIG_EXPORT DSIGKeyInfoDEREncoded : public DSIGKeyInfo {
+
+public:
+
+ /** @name Constructors and Destructors */
+ //@{
+
+ /**
+ * \brief Constructor used when XML exists.
+ *
+ * This constructor is used by other user interface classes to load
+ * an existing DOM structure into the Name element.
+ *
+ * @param env Environment operating within.
+ * @param nameNode DOMNode to load information from
+ */
+
+ DSIGKeyInfoDEREncoded(const XSECEnv * env, XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *nameNode);
+
+ /**
+ * \brief Constructor used when XML needs to be created.
+ *
+ * This constructor is used by interface objects to
+ * create a DSIGKeyInfoName object that can then be used
+ * to create the required XML.
+ *
+ * @param env Operating environment
+ */
+
+ DSIGKeyInfoDEREncoded(const XSECEnv * env);
+
+ /**
+ * \brief Destructor
+ */
+
+ virtual ~DSIGKeyInfoDEREncoded();
+
+ //@}
+
+ /** @name Load and Get functions */
+ //@{
+
+ /**
+ * \brief Load an existing XML structure into this object.
+ */
+
+ virtual void load(void);
+
+ /**
+ * \brief Get key name - unimplemented for DEREncodedKeyValue
+ */
+
+ virtual const XMLCh * getKeyName(void) const {return NULL;}
+
+ /**
+ * \brief Get the key data
+ *
+ * Returns a pointer to the buffer containing the data string.
+ *
+ * @returns A pointer to the XMLCh buffer containing the data
+ */
+
+ virtual const XMLCh * getData(void) const {return mp_data;};
+
+ //@}
+
+ /**@name Create and set functions */
+ //@{
+
+ /**
+ * \brief Create a new DEREncodedKeyValue element in the current document.
+ *
+ * Creates a new DEREncodedKeyValue element and sets the data with the string
+ * passed in.
+ *
+ * @param data Value to set the DEREncodedKeyValue to
+ * @returns The newly created DOMElement with the structure underneath.
+ */
+
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * createBlankDEREncoded(const XMLCh * data);
+
+ /**
+ * \brief Set the value of the DEREncodedKeyValue to a new string.
+ *
+ * Uses the passed in string to set a new value in the DOM structure.
+ *
+ * @param data Value to set in DEREncodedKeyValue
+ */
+
+ void setData(const XMLCh * data);
+
+ //@}
+
+ /** @name Information Functions */
+ //@{
+
+ /**
+ * \brief Return type of this KeyInfo element
+ */
+
+ virtual keyInfoType getKeyInfoType(void) const {return DSIGKeyInfo::KEYINFO_DERENCODED;}
+
+ //@}
+
+private:
+
+ DSIGKeyInfoDEREncoded(); // Non-implemented constructor
+
+ const XMLCh * mp_data; // The Data stored in the XML file
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
+ * mp_dataTextNode; // Text node containing the name
+
+};
+
+
+
+#endif /* #define DSIGKEYINFODERENCODED_INCLUDE */
+
Propchange: xml/security/trunk/c/src/dsig/DSIGKeyInfoDEREncoded.hpp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: xml/security/trunk/c/src/dsig/DSIGKeyInfoList.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGKeyInfoList.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGKeyInfoList.cpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGKeyInfoList.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -30,6 +30,7 @@
#include <xsec/dsig/DSIGKeyInfoX509.hpp>
#include <xsec/dsig/DSIGKeyInfoName.hpp>
#include <xsec/dsig/DSIGKeyInfoValue.hpp>
+#include <xsec/dsig/DSIGKeyInfoDEREncoded.hpp>
#include <xsec/dsig/DSIGKeyInfoPGPData.hpp>
#include <xsec/dsig/DSIGKeyInfoSPKIData.hpp>
#include <xsec/dsig/DSIGKeyInfoMgmtData.hpp>
@@ -165,6 +166,12 @@ bool DSIGKeyInfoList::addXMLKeyInfo(DOMN
XSECnew(k, DSIGKeyInfoMgmtData(mp_env, ki));
}
+
+ else if (strEquals(getDSIG11LocalName(ki), "DEREncodedKeyValue")) {
+
+ XSECnew(k, DSIGKeyInfoDEREncoded(mp_env, ki));
+
+ }
else if (strEquals(getXENCLocalName(ki), "EncryptedKey")) {
@@ -582,6 +589,28 @@ DSIGKeyInfoMgmtData * DSIGKeyInfoList::a
}
+DSIGKeyInfoDEREncoded * DSIGKeyInfoList::appendDEREncoded(const XMLCh * data) {
+
+ if (mp_keyInfoNode == NULL) {
+
+ throw XSECException(XSECException::KeyInfoError,
+ "KeyInfoList - Attempt to create DEREncodedKeyValue before creating KeyInfo");
+
+ }
+
+ DSIGKeyInfoDEREncoded * d;
+
+ XSECnew(d, DSIGKeyInfoDEREncoded(mp_env));
+
+ mp_keyInfoNode->appendChild(d->createBlankDEREncoded(data));
+ mp_env->doPrettyPrint(mp_keyInfoNode);
+
+ addKeyInfo(d);
+
+ return d;
+
+}
+
// --------------------------------------------------------------------------------
// Some helper functions
// --------------------------------------------------------------------------------
@@ -591,7 +620,7 @@ void DSIGKeyInfoList::addAndInsertKeyInf
if (mp_keyInfoNode == NULL) {
throw XSECException(XSECException::KeyInfoError,
- "KeyInfoList - Attempt to create MgmtData before creating KeyInfo");
+ "KeyInfoList - Attempt to create child before creating KeyInfo");
}
Modified: xml/security/trunk/c/src/dsig/DSIGKeyInfoList.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGKeyInfoList.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGKeyInfoList.hpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGKeyInfoList.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -41,6 +41,7 @@
// Forward definitions
class DSIGKeyInfoValue;
+class DSIGKeyInfoDEREncoded;
class DSIGKeyInfoX509;
class DSIGKeyInfoName;
class DSIGKeyInfoPGPData;
@@ -278,6 +279,19 @@ public:
const XMLCh * exponent);
/**
+ * \brief Append an EC KeyValue element
+ *
+ * Add a new KeyInfo element for an EC Value
+ *
+ * @param curveName URI (generally urn:oid:...) that identifies the curve
+ * @param keyValue Base64 encoded public key
+ * @returns A pointer to the created object.
+ */
+
+ DSIGKeyInfoValue * appendECKeyValue(const XMLCh * curveName,
+ const XMLCh * keyValue);
+
+ /**
* \brief Append a X509Data element.
*
* Add a new KeyInfo element for X509 data.
@@ -337,6 +351,17 @@ public:
DSIGKeyInfoMgmtData * appendMgmtData(const XMLCh * data);
+ /**
+ * \brief Append a DEREncodedKeyValue element
+ *
+ * Add a new KeyInfo element for a DEREncodedKeyValue
+ *
+ * @param data The data to set in the DEREncodedKeyValue element
+ * @returns A pointer to the created object
+ */
+
+ DSIGKeyInfoDEREncoded * appendDEREncoded(const XMLCh * data);
+
//@}
private:
Modified: xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.cpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -40,6 +40,8 @@ mp_GTextNode(0),
mp_YTextNode(0),
mp_modulusTextNode(0),
mp_exponentTextNode(0),
+mp_namedCurveElementNode(0),
+mp_ecPublicKeyTextNode(0),
m_keyInfoType(KEYINFO_NOTSET) {
mp_keyInfoDOMNode = valueNode;
@@ -53,6 +55,8 @@ mp_GTextNode(0),
mp_YTextNode(0),
mp_modulusTextNode(0),
mp_exponentTextNode(0),
+mp_namedCurveElementNode(0),
+mp_ecPublicKeyTextNode(0),
m_keyInfoType(KEYINFO_NOTSET) {
mp_keyInfoDOMNode = NULL;
@@ -177,6 +181,41 @@ void DSIGKeyInfoValue::load(void) {
}
+ else if (strEquals(getDSIG11LocalName(child), "ECKeyValue")) {
+
+ m_keyInfoType = KEYINFO_VALUE_EC;
+
+ p = findFirstChildOfType(child, DOMNode::ELEMENT_NODE);
+ if (p == 0 || !strEquals(getDSIG11LocalName(p), "NamedCurve")) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "Expected <NamedCurve> node beneath <ECKeyValue> (<ECParameters> not supported)");
+ }
+
+ mp_namedCurveElementNode = p;
+
+ p = p->getNextSibling();
+
+ while (p != 0 && p->getNodeType() != DOMNode::ELEMENT_NODE)
+ p = p->getNextSibling();
+
+ if (p == 0 || !strEquals(getDSIG11LocalName(p), "PublicKey")) {
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "Expected <PublicKey> node beneath <ECKeyValue>");
+ }
+
+ val = findFirstChildOfType(p, DOMNode::TEXT_NODE);
+
+ if (val == 0) {
+
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "Expected a text node beneath <PublicKey>");
+
+ }
+
+ mp_ecPublicKeyTextNode = val;
+
+ }
+
else {
throw XSECException(XSECException::UnknownKeyValue);
@@ -222,6 +261,42 @@ const XMLCh * DSIGKeyInfoValue::getRSAEx
}
// --------------------------------------------------------------------------------
+// Get EC Values
+// --------------------------------------------------------------------------------
+
+const XMLCh* DSIGKeyInfoValue::getECNamedCurve(void) const {
+
+ if (m_keyInfoType != KEYINFO_VALUE_EC) {
+
+ throw XSECException(XSECException::KeyInfoError,
+ "Attempt to Get an EC NamedCurve from a non-ECValue KeyValue node");
+
+ }
+
+ if (mp_namedCurveElementNode != NULL)
+ return static_cast<DOMElement*>(mp_namedCurveElementNode)->getAttributeNS(NULL, DSIGConstants::s_unicodeStrURI);
+
+ return NULL;
+
+}
+
+const XMLCh * DSIGKeyInfoValue::getECPublicKey(void) const {
+
+ if (m_keyInfoType != KEYINFO_VALUE_EC) {
+
+ throw XSECException(XSECException::KeyInfoError,
+ "Attempt to Get an EC PublicKey from a non-ECValue KeyValue node");
+
+ }
+
+ if (mp_ecPublicKeyTextNode != NULL)
+ return mp_ecPublicKeyTextNode->getNodeValue();
+
+ return NULL;
+
+}
+
+// --------------------------------------------------------------------------------
// Create and manipulate DSA Values
// --------------------------------------------------------------------------------
@@ -291,7 +366,7 @@ void DSIGKeyInfoValue::setDSAP(const XML
if (m_keyInfoType != KEYINFO_VALUE_DSA) {
throw XSECException(XSECException::KeyInfoError,
- "Attempt to set a DSA value in a non-DSAValue KeyValue node");
+ "Attempt to set a DSA value in a non-DSA KeyValue node");
}
@@ -304,7 +379,7 @@ void DSIGKeyInfoValue::setDSAQ(const XML
if (m_keyInfoType != KEYINFO_VALUE_DSA) {
throw XSECException(XSECException::KeyInfoError,
- "Attempt to set a DSA value in a non-DSAValue KeyValue node");
+ "Attempt to set a DSA value in a non-DSA KeyValue node");
}
@@ -317,7 +392,7 @@ void DSIGKeyInfoValue::setDSAG(const XML
if (m_keyInfoType != KEYINFO_VALUE_DSA) {
throw XSECException(XSECException::KeyInfoError,
- "Attempt to set a DSA value in a non-DSAValue KeyValue node");
+ "Attempt to set a DSA value in a non-DSA KeyValue node");
}
@@ -330,7 +405,7 @@ void DSIGKeyInfoValue::setDSAY(const XML
if (m_keyInfoType != KEYINFO_VALUE_DSA) {
throw XSECException(XSECException::KeyInfoError,
- "Attempt to set a DSA value in a non-DSAValue KeyValue node");
+ "Attempt to set a DSA value in a non-DSA KeyValue node");
}
@@ -392,7 +467,7 @@ void DSIGKeyInfoValue::setRSAModulus(con
if (m_keyInfoType != KEYINFO_VALUE_RSA) {
throw XSECException(XSECException::KeyInfoError,
- "Attempt to set an RSA Modulus from a non-RSAValue KeyValue node");
+ "Attempt to set an RSA Modulus from a non-RSA KeyValue node");
}
@@ -405,7 +480,7 @@ void DSIGKeyInfoValue::setRSAExponent(co
if (m_keyInfoType != KEYINFO_VALUE_RSA) {
throw XSECException(XSECException::KeyInfoError,
- "Attempt to set an RSA Exponent from a non-RSAValue KeyValue node");
+ "Attempt to set an RSA Exponent from a non-RSA KeyValue node");
}
@@ -413,6 +488,74 @@ void DSIGKeyInfoValue::setRSAExponent(co
}
+DOMElement* DSIGKeyInfoValue::createBlankECKeyValue(const XMLCh * curveName, const XMLCh * publicKey) {
+
+ // Set our type
+
+ m_keyInfoType = KEYINFO_VALUE_EC;
+
+ // Create the DOM Structure
+
+ safeBuffer str;
+ DOMDocument *doc = mp_env->getParentDocument();
+ const XMLCh * prefix = mp_env->getDSIGNSPrefix();
+ const XMLCh * prefix11 = mp_env->getDSIG11NSPrefix();
+
+ makeQName(str, prefix, "KeyValue");
+
+ DOMElement *ret = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
+ mp_keyInfoDOMNode = ret;
+
+ makeQName(str, prefix11, "ECKeyValue");
+ DOMElement * ec = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG11, str.rawXMLChBuffer());
+ mp_env->doPrettyPrint(ret);
+ ret->appendChild(ec);
+ mp_env->doPrettyPrint(ec);
+ mp_env->doPrettyPrint(ret);
+
+ // Now create the value children
+
+ makeQName(str, prefix11, "NamedCurve");
+ DOMElement * v = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG11, str.rawXMLChBuffer());
+ mp_namedCurveElementNode = v;
+ ec->appendChild(v);
+ mp_env->doPrettyPrint(ec);
+ v->setAttributeNS(NULL, DSIGConstants::s_unicodeStrURI, curveName);
+
+ makeQName(str, prefix11, "PublicKey");
+ v = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG11, str.rawXMLChBuffer());
+ mp_ecPublicKeyTextNode = doc->createTextNode(publicKey);
+ ec->appendChild(v);
+ mp_env->doPrettyPrint(ec);
+ v->appendChild(mp_ecPublicKeyTextNode);
+
+ return ret;
+
+}
+
+void DSIGKeyInfoValue::setECNamedCurve(const XMLCh* curveName) {
+ if (m_keyInfoType != KEYINFO_VALUE_EC) {
+
+ throw XSECException(XSECException::KeyInfoError,
+ "Attempt to set an EC NamedCurve from a non-EC KeyValue node");
+
+ }
+
+ static_cast<DOMElement*>(mp_namedCurveElementNode)->setAttributeNS(NULL, DSIGConstants::s_unicodeStrURI, curveName);
+}
+
+void DSIGKeyInfoValue::setECPublicKey(const XMLCh* publicKey) {
+
+ if (m_keyInfoType != KEYINFO_VALUE_EC) {
+
+ throw XSECException(XSECException::KeyInfoError,
+ "Attempt to set an EC PublicKey from a non-EC KeyValue node");
+
+ }
+
+ mp_ecPublicKeyTextNode->setNodeValue(publicKey);
+}
+
// --------------------------------------------------------------------------------
// Other interface functions
// --------------------------------------------------------------------------------
Modified: xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.hpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGKeyInfoValue.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -156,7 +156,23 @@ public:
const XMLCh * getRSAExponent(void) const;
- //@}
+ /**
+ * \brief Get NamedCurve URI
+ *
+ * @returns A pointer to the EC NamedCurve URI
+ */
+
+ const XMLCh * getECNamedCurve(void) const;
+
+ /**
+ * \brief Get EC Public Key
+ *
+ * @returns A pointer to the buffer containing the EC public key
+ */
+
+ const XMLCh * getECPublicKey(void) const;
+
+ //@}
/** @name DSA Create and set functions */
//@{
@@ -224,11 +240,11 @@ public:
/**
* \brief Create a blank RSA KeyValue
*
- * Create a new RSA Value object and associated DOM structures.
+ * Create a new RSAKeyValue object and associated DOM structures.
*
* @param modulus Base64 encoded value of Modulus to set
* @param exponent Base64 encoded value of the Exponent to set
- * @returns The DOM structure of the RSAValue that has been created
+ * @returns The DOM structure of the RSAKeyValue that has been created
*/
XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *
@@ -257,6 +273,45 @@ public:
//@}
+ /** @name EC Create and Set functions */
+ //@{
+
+ /**
+ * \brief Create a blank EC KeyValue
+ *
+ * Create a new ECKeyValue object and associated DOM structures.
+ *
+ * @param curveName URI of NamedCurve to set
+ * @param publicKey Base64 encoded key value to set
+ * @returns The DOM structure of the ECKeyValue that has been created
+ */
+
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *
+ createBlankECKeyValue(const XMLCh * curveName,
+ const XMLCh * publicKey);
+
+ /**
+ * \brief Set the NamedCurve URI
+ *
+ * Set the URI of the NamedCurve within the element.
+ *
+ * @param curveName URI of NamedCurve to set
+ */
+
+ void setECNamedCurve(const XMLCh * curveName);
+
+ /**
+ * \brief Set the public key
+ *
+ * Set the base64 encoded public key
+ *
+ * @param publicKey Base64 encoded public key to set
+ */
+
+ void setECPublicKey(const XMLCh * publicKey);
+
+ //@}
+
/** @name Information Functions */
//@{
@@ -294,6 +349,11 @@ private:
XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_modulusTextNode;
XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_exponentTextNode;
+ // EC
+
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_namedCurveElementNode;
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_ecPublicKeyTextNode;
+
// General
keyInfoType m_keyInfoType;
Modified: xml/security/trunk/c/src/dsig/DSIGSignature.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/dsig/DSIGSignature.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/dsig/DSIGSignature.cpp (original)
+++ xml/security/trunk/c/src/dsig/DSIGSignature.cpp Tue Jun 29 00:44:27 2010
@@ -80,8 +80,16 @@ void DSIGSignature::Initialise(void) {
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA256, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA384, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA512, def);
- XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIDSA_SHA1, def);
- XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA1, def);
+
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIDSA_SHA1, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIDSA_SHA256, def);
+
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIECDSA_SHA1, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIECDSA_SHA256, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIECDSA_SHA384, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIECDSA_SHA512, def);
+
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA1, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA224, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA256, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA384, def);
Modified: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp (original)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -33,6 +33,10 @@
#include <xsec/enc/XSECCryptoUtils.hpp>
#include <xsec/framework/XSECError.hpp>
+#include <xercesc/util/Janitor.hpp>
+
+XSEC_USING_XERCES(ArrayJanitor);
+
#include <openssl/dsa.h>
OpenSSLCryptoKeyDSA::OpenSSLCryptoKeyDSA() : mp_dsaKey(NULL) {
@@ -157,19 +161,23 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
"OpenSSL:DSA - Attempt to validate signature with empty key");
}
+ char * cleanedBase64Signature;
+ unsigned int cleanedBase64SignatureLen = 0;
+
+ cleanedBase64Signature =
+ XSECCryptoBase64::cleanBuffer(base64Signature, sigLen, cleanedBase64SignatureLen);
+ ArrayJanitor<char> j_cleanedBase64Signature(cleanedBase64Signature);
+
unsigned char sigVal[512];
int sigValLen;
- int err;
EVP_ENCODE_CTX m_dctx;
- int rc;
-
EVP_DecodeInit(&m_dctx);
- rc = EVP_DecodeUpdate(&m_dctx,
+ int rc = EVP_DecodeUpdate(&m_dctx,
sigVal,
&sigValLen,
- (unsigned char *) base64Signature,
- sigLen);
+ (unsigned char *) cleanedBase64Signature,
+ cleanedBase64SignatureLen);
if (rc < 0) {
@@ -218,15 +226,9 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
BN_free(R);
BN_free(S);
- unsigned char sigValTranslatedBuf[256];
- unsigned char * sigValTranslated = sigValTranslatedBuf;
- int sigValTranslatedLen;
-
- sigValTranslatedLen = i2d_DSA_SIG(dsa_sig, &sigValTranslated);
-
// Now we have a signature and a key - lets check
- err = DSA_do_verify(hashBuf, hashLen, dsa_sig, mp_dsaKey);
+ int err = DSA_do_verify(hashBuf, hashLen, dsa_sig, mp_dsaKey);
DSA_SIG_free(dsa_sig);
Added: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp?rev=958797&view=auto
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp (added)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp Tue Jun 29 00:44:27 2010
@@ -0,0 +1,304 @@
+/*
+ * Copyright 2002-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * XSEC
+ *
+ * OpenSSLCryptoKeyEC := EC Keys
+ *
+ * Author(s): Scott Cantor
+ *
+ * $Id:$
+ *
+ */
+#include <xsec/framework/XSECDefs.hpp>
+#if defined (HAVE_OPENSSL) && defined (XSEC_OPENSSL_HAVE_EC)
+
+#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
+#include <xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp>
+#include <xsec/enc/OpenSSL/OpenSSLCryptoProvider.hpp>
+#include <xsec/enc/XSECCryptoException.hpp>
+#include <xsec/enc/XSECCryptoUtils.hpp>
+#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
+#include <xsec/framework/XSECError.hpp>
+#include <xsec/utils/XSECPlatformUtils.hpp>
+
+#include <xercesc/util/Janitor.hpp>
+
+XSEC_USING_XERCES(Janitor);
+XSEC_USING_XERCES(ArrayJanitor);
+
+
+#include <openssl/ecdsa.h>
+
+OpenSSLCryptoKeyEC::OpenSSLCryptoKeyEC() : mp_ecKey(NULL) {
+};
+
+OpenSSLCryptoKeyEC::~OpenSSLCryptoKeyEC() {
+
+
+ // If we have a EC_KEY, delete it
+ // OpenSSL will ensure the memory holding any private key is freed.
+
+ if (mp_ecKey)
+ EC_KEY_free(mp_ecKey);
+
+};
+
+// Generic key functions
+
+XSECCryptoKey::KeyType OpenSSLCryptoKeyEC::getKeyType() const {
+
+ // Find out what we have
+ if (mp_ecKey == NULL)
+ return KEY_NONE;
+
+ if (EC_KEY_get0_private_key(mp_ecKey) && EC_KEY_get0_public_key(mp_ecKey))
+ return KEY_EC_PAIR;
+
+ if (EC_KEY_get0_private_key(mp_ecKey))
+ return KEY_EC_PRIVATE;
+
+ if (EC_KEY_get0_public_key(mp_ecKey))
+ return KEY_EC_PUBLIC;
+
+ return KEY_NONE;
+
+}
+
+void OpenSSLCryptoKeyEC::loadPublicKeyBase64(const char* curveName, const char * buf, unsigned int len) {
+
+ if (mp_ecKey) {
+ EC_KEY_free(mp_ecKey);
+ mp_ecKey = NULL;
+ }
+
+ EC_KEY* key = EC_KEY_new_by_curve_name(static_cast<OpenSSLCryptoProvider*>(XSECPlatformUtils::g_cryptoProvider)->curveNameToNID(curveName));
+
+ int bufLen = len;
+ unsigned char * outBuf;
+ XSECnew(outBuf, unsigned char[len + 1]);
+ ArrayJanitor<unsigned char> j_outBuf(outBuf);
+
+ XSCryptCryptoBase64 *b64;
+ XSECnew(b64, XSCryptCryptoBase64);
+ Janitor<XSCryptCryptoBase64> j_b64(b64);
+
+ b64->decodeInit();
+ bufLen = b64->decode((unsigned char *) buf, len, outBuf, len);
+ bufLen += b64->decodeFinish(&outBuf[bufLen], len-bufLen);
+
+ if (bufLen > 0) {
+ if (o2i_ECPublicKey(&key, (const unsigned char **) &outBuf, bufLen) == NULL) {
+ EC_KEY_free(key);
+ key = NULL;
+ }
+ }
+
+ if (key == NULL) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error translating Base64 octets into OpenSSL EC_KEY structure");
+
+ }
+
+ mp_ecKey = key;
+}
+
+
+// "Hidden" OpenSSL functions
+
+OpenSSLCryptoKeyEC::OpenSSLCryptoKeyEC(EVP_PKEY *k) {
+
+ // Create a new key to be loaded as we go
+
+ if (k == NULL || k->type != EVP_PKEY_EC)
+ return; // Nothing to do with us
+
+ mp_ecKey = EC_KEY_dup(k->pkey.ec);
+}
+
+// --------------------------------------------------------------------------------
+// Verify a signature encoded as a Base64 string
+// --------------------------------------------------------------------------------
+
+bool OpenSSLCryptoKeyEC::verifyBase64SignatureDSA(unsigned char * hashBuf,
+ unsigned int hashLen,
+ char * base64Signature,
+ unsigned int sigLen) {
+
+ // Use the currently loaded key to validate the Base64 encoded signature
+
+ if (mp_ecKey == NULL) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Attempt to validate signature with empty key");
+ }
+
+ char * cleanedBase64Signature;
+ unsigned int cleanedBase64SignatureLen = 0;
+
+ cleanedBase64Signature =
+ XSECCryptoBase64::cleanBuffer(base64Signature, sigLen, cleanedBase64SignatureLen);
+ ArrayJanitor<char> j_cleanedBase64Signature(cleanedBase64Signature);
+
+ unsigned char sigVal[512];
+ int sigValLen;
+
+ EVP_ENCODE_CTX m_dctx;
+ EVP_DecodeInit(&m_dctx);
+ int rc = EVP_DecodeUpdate(&m_dctx,
+ sigVal,
+ &sigValLen,
+ (unsigned char *) cleanedBase64Signature,
+ cleanedBase64SignatureLen);
+
+ if (rc < 0) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error during Base64 Decode");
+ }
+ int t = 0;
+
+ EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
+
+ sigValLen += t;
+
+ if (sigValLen <= 0 || sigValLen % 2 != 0) {
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Signature length was odd");
+ }
+
+ // Translate to BNs by splitting in half, and thence to ECDSA_SIG
+
+ ECDSA_SIG * dsa_sig = ECDSA_SIG_new();
+ dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL);
+ dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL);
+
+ // Now we have a signature and a key - lets check
+
+ int err = ECDSA_do_verify(hashBuf, hashLen, dsa_sig, mp_ecKey);
+
+ ECDSA_SIG_free(dsa_sig);
+
+ if (err < 0) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error validating signature");
+ }
+
+ return (err == 1);
+
+}
+
+// --------------------------------------------------------------------------------
+// Sign and encode result as a Base64 string
+// --------------------------------------------------------------------------------
+
+
+unsigned int OpenSSLCryptoKeyEC::signBase64SignatureDSA(unsigned char * hashBuf,
+ unsigned int hashLen,
+ char * base64SignatureBuf,
+ unsigned int base64SignatureBufLen) {
+
+ // Sign a pre-calculated hash using this key
+
+ if (mp_ecKey == NULL) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Attempt to sign data with empty key");
+ }
+
+ ECDSA_SIG * dsa_sig;
+
+ dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey);
+
+ if (dsa_sig == NULL) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error signing data");
+
+ }
+
+ // Now turn the signature into a base64 string
+
+ unsigned char rawSigBuf[256];
+ unsigned int rawLen;
+
+ rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf);
+
+ if (rawLen <= 0) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error converting signature to raw buffer");
+
+ }
+
+ unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]);
+
+ if (rawLenS <= 0) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error converting signature to raw buffer");
+
+ }
+
+ rawLen += rawLenS;
+
+ // Now convert to Base 64
+
+ BIO * b64 = BIO_new(BIO_f_base64());
+ BIO * bmem = BIO_new(BIO_s_mem());
+
+ BIO_set_mem_eof_return(bmem, 0);
+ b64 = BIO_push(b64, bmem);
+
+ // Translate signature to Base64
+
+ BIO_write(b64, rawSigBuf, rawLen);
+ BIO_flush(b64);
+
+ unsigned int sigValLen = BIO_read(bmem, base64SignatureBuf, base64SignatureBufLen);
+
+ BIO_free_all(b64);
+
+ if (sigValLen <= 0) {
+
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error base64 encoding signature");
+ }
+
+ return sigValLen;
+
+}
+
+
+
+XSECCryptoKey * OpenSSLCryptoKeyEC::clone() const {
+
+ OpenSSLCryptoKeyEC * ret;
+
+ XSECnew(ret, OpenSSLCryptoKeyEC);
+
+ ret->m_keyType = m_keyType;
+ if (mp_ecKey)
+ ret->mp_ecKey = EC_KEY_dup(mp_ecKey);
+
+ return ret;
+
+}
+
+#endif /* HAVE_OPENSSL */
Propchange: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp?rev=958797&view=auto
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp (added)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp Tue Jun 29 00:44:27 2010
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2002-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * XSEC
+ *
+ * OpenSSLCryptoKeyEC := EC Keys
+ *
+ * Author(s): Scott Cantor
+ *
+ * $Id:$
+ *
+ */
+
+#ifndef OPENSSLCRYPTOKEYEC_INCLUDE
+#define OPENSSLCRYPTOKEYEC_INCLUDE
+
+#include <xsec/enc/XSECCryptoKeyEC.hpp>
+
+#if defined (HAVE_OPENSSL) && defined(XSEC_OPENSSL_HAVE_EC)
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+
+/**
+ * \ingroup opensslcrypto
+ */
+
+/**
+ * \brief OpenSSL implementation class for EC keys.
+ *
+ * The library uses classes derived from this to process EC keys.
+ */
+
+
+class DSIG_EXPORT OpenSSLCryptoKeyEC : public XSECCryptoKeyEC {
+
+public :
+
+ /** @name Constructors and Destructors */
+ //@{
+
+ OpenSSLCryptoKeyEC();
+
+ /**
+ * \brief Destructor
+ *
+ * Will call the OpenSSL function to destroy the EC key - which will
+ * also overwrite any Private keys
+ */
+
+ virtual ~OpenSSLCryptoKeyEC();
+
+ //@}
+
+ /** @name Required Key Interface methods */
+ //@{
+
+ /**
+ * \brief Return the type of this key.
+ *
+ * Allows the caller (and library) to determine whether this is a
+ * public key, private key or a key pair
+ */
+
+ virtual XSECCryptoKey::KeyType getKeyType() const;
+
+ /**
+ *\brief Return the OpenSSL string identifier
+ */
+
+ virtual const XMLCh * getProviderName() const {return DSIGConstants::s_unicodeStrPROVOpenSSL;}
+
+ /**
+ * \brief Replicate key
+ */
+
+ virtual XSECCryptoKey * clone() const;
+
+ //@}
+
+ /** @name Required EC methods */
+ //@{
+
+ /**
+ * \brief Create an EC-DSA signature
+ *
+ * Sign the buffer using the internal private key. Will throw an ECError
+ * if the key is not set, or is not a private key.
+ *
+ * @param hashBuf Buffer containing the pre-calculated (binary) digest
+ * @param hashLen Number of bytes of hash in the hashBuf
+ * @param base64SignatureBuf Buffer to place the base64 encoded result
+ * in.
+ * @param base64SignatureBufLen Implementations need to ensure they do
+ * not write more bytes than this into the buffer
+ */
+
+ virtual unsigned int signBase64SignatureDSA(unsigned char * hashBuf,
+ unsigned int hashLen,
+ char * base64SignatureBuf,
+ unsigned int base64SignatureBufLen);
+
+ /**
+ * \brief Verify an EC-DSA signature
+ *
+ * The library will call this function to validate a signature
+ *
+ * @param hashBuf Buffer containing the pre-calculated (binary) digest
+ * @param hashLen Length of the data in the digest buffer
+ * @param base64Signature Buffer containing the Base64 encoded signature
+ * @param sigLen Length of the data in the signature buffer
+ * @returns true if the signature was valid, false otherwise
+ */
+
+
+ virtual bool verifyBase64SignatureDSA(unsigned char * hashBuf,
+ unsigned int hashLen,
+ char * base64Signature,
+ unsigned int sigLen);
+
+ //@}
+
+ /** @name Optional Interface methods
+ *
+ * Have been fully implemented in the OpenSSL interface to allow interop
+ * testing to occur.
+ *
+ */
+ //@{
+
+ virtual void loadPublicKeyBase64(const char* curveName,
+ const char* b64,
+ unsigned int len);
+
+ //@}
+
+ /** @name OpenSSL Specific functions */
+ //@{
+
+ /**
+ * \brief Library specific constructor
+ *
+ * Used to create a new key around an OpenSSL EVP_PKEY object
+ * holding an EC key
+ */
+
+ OpenSSLCryptoKeyEC(EVP_PKEY *k);
+
+ /**
+ * \brief Get OpenSSL EC_KEY structure
+ */
+
+ EC_KEY * getOpenSSLEC(void) {return mp_ecKey;}
+
+ /**
+ * \brief Get OpenSSL EC_KEY structure
+ */
+
+ const EC_KEY * getOpenSSLEC(void) const {return mp_ecKey;}
+
+ //@}
+ //@}
+
+
+private:
+
+ XSECCryptoKey::KeyType m_keyType;
+ EC_KEY * mp_ecKey;
+
+};
+
+#endif /* HAVE_OPENSSL */
+#endif /* XSECCRYPTOKEYEC_INCLUDE */
Propchange: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp (original)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -83,7 +83,7 @@ public :
/** @name Mandatory RSA interface methods
*
- * These classes are required by the library.
+ * These methods are required by the library.
*/
//@{
Modified: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp (original)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -36,6 +36,7 @@
#include <xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
+#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp>
@@ -44,8 +45,14 @@
#include <xsec/enc/XSECCryptoException.hpp>
+#include <xercesc/util/Janitor.hpp>
+
+XSEC_USING_XERCES(ArrayJanitor);
+XSEC_USING_XERCES(Janitor);
+
#include <openssl/rand.h>
#include <openssl/err.h>
+#include <openssl/obj_mac.h>
OpenSSLCryptoProvider::OpenSSLCryptoProvider() {
@@ -54,6 +61,80 @@ OpenSSLCryptoProvider::OpenSSLCryptoProv
//SSLeay_add_all_algorithms();
+ // Populate curve names.
+ m_namedCurveMap["urn:oid:1.3.132.0.6"] = NID_secp112r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.7"] = NID_secp112r2;
+ m_namedCurveMap["urn:oid:1.3.132.0.28"] = NID_secp128r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.29"] = NID_secp128r2;
+ m_namedCurveMap["urn:oid:1.3.132.0.9"] = NID_secp160k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.8"] = NID_secp160r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.30"] = NID_secp160r2;
+ m_namedCurveMap["urn:oid:1.3.132.0.31"] = NID_secp192k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.32"] = NID_secp224k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.33"] = NID_secp224r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.10"] = NID_secp256k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.34"] = NID_secp384r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.35"] = NID_secp521r1;
+
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.1.1"] = NID_X9_62_prime192v1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.1.2"] = NID_X9_62_prime192v2;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.1.3"] = NID_X9_62_prime192v3;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.1.4"] = NID_X9_62_prime239v1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.1.5"] = NID_X9_62_prime239v2;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.1.6"] = NID_X9_62_prime239v3;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.1.7"] = NID_X9_62_prime256v1;
+
+ m_namedCurveMap["urn:oid:1.3.132.0.4"] = NID_sect113r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.5"] = NID_sect113r2;
+ m_namedCurveMap["urn:oid:1.3.132.0.22"] = NID_sect131r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.23"] = NID_sect131r2;
+ m_namedCurveMap["urn:oid:1.3.132.0.1"] = NID_sect163k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.2"] = NID_sect163r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.15"] = NID_sect163r2;
+ m_namedCurveMap["urn:oid:1.3.132.0.24"] = NID_sect193r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.25"] = NID_sect193r2;
+ m_namedCurveMap["urn:oid:1.3.132.0.26"] = NID_sect233k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.27"] = NID_sect233r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.3"] = NID_sect239k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.16"] = NID_sect283k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.17"] = NID_sect283r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.36"] = NID_sect409k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.37"] = NID_sect409r1;
+ m_namedCurveMap["urn:oid:1.3.132.0.38"] = NID_sect571k1;
+ m_namedCurveMap["urn:oid:1.3.132.0.39"] = NID_sect571r1;
+
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.1"] = NID_X9_62_c2pnb163v1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.2"] = NID_X9_62_c2pnb163v2;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.3"] = NID_X9_62_c2pnb163v3;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.4"] = NID_X9_62_c2pnb176v1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.5"] = NID_X9_62_c2tnb191v1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.6"] = NID_X9_62_c2tnb191v2;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.7"] = NID_X9_62_c2tnb191v3;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.8"] = NID_X9_62_c2onb191v4;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.9"] = NID_X9_62_c2onb191v5;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.10"] = NID_X9_62_c2pnb208w1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.11"] = NID_X9_62_c2tnb239v1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.12"] = NID_X9_62_c2tnb239v2;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.13"] = NID_X9_62_c2tnb239v3;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.14"] = NID_X9_62_c2onb239v4;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.15"] = NID_X9_62_c2onb239v5;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.16"] = NID_X9_62_c2pnb272w1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.17"] = NID_X9_62_c2pnb304w1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.18"] = NID_X9_62_c2tnb359v1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.19"] = NID_X9_62_c2pnb368w1;
+ m_namedCurveMap["urn:oid:1.2.840.10045.3.0.20"] = NID_X9_62_c2tnb431r1;
+
+ m_namedCurveMap["urn:oid:2.23.43.1.4.1"] = NID_wap_wsg_idm_ecid_wtls1;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.3"] = NID_wap_wsg_idm_ecid_wtls3;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.4"] = NID_wap_wsg_idm_ecid_wtls4;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.5"] = NID_wap_wsg_idm_ecid_wtls5;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.6"] = NID_wap_wsg_idm_ecid_wtls6;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.7"] = NID_wap_wsg_idm_ecid_wtls7;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.8"] = NID_wap_wsg_idm_ecid_wtls8;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.9"] = NID_wap_wsg_idm_ecid_wtls9;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.10"] = NID_wap_wsg_idm_ecid_wtls10;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.11"] = NID_wap_wsg_idm_ecid_wtls11;
+ m_namedCurveMap["urn:oid:2.23.43.1.4.12"] = NID_wap_wsg_idm_ecid_wtls12;
}
@@ -70,6 +151,15 @@ OpenSSLCryptoProvider::~OpenSSLCryptoPro
ERR_remove_state(0);
}
+int OpenSSLCryptoProvider::curveNameToNID(const char* curveName) const {
+
+ std::map<std::string,int>::const_iterator i = m_namedCurveMap.find(curveName);
+ if (i == m_namedCurveMap.end())
+ throw XSECCryptoException(XSECCryptoException::UnsupportedError,
+ "OpenSSLCryptoProvider::curveNameToNID - curve name not recognized");
+ return i->second;
+
+}
const XMLCh * OpenSSLCryptoProvider::getProviderName() const {
@@ -186,6 +276,16 @@ XSECCryptoKeyDSA * OpenSSLCryptoProvider
}
+XSECCryptoKeyEC * OpenSSLCryptoProvider::keyEC() const {
+
+ OpenSSLCryptoKeyEC * ret;
+
+ XSECnew(ret, OpenSSLCryptoKeyEC());
+
+ return ret;
+
+}
+
XSECCryptoKeyRSA * OpenSSLCryptoProvider::keyRSA() const {
OpenSSLCryptoKeyRSA * ret;
@@ -196,6 +296,72 @@ XSECCryptoKeyRSA * OpenSSLCryptoProvider
}
+XSECCryptoKey* OpenSSLCryptoProvider::keyDER(const char* buf, unsigned long len, bool base64) const {
+
+ EVP_PKEY* pkey = NULL;
+
+ if (base64) {
+ int bufLen = len;
+ unsigned char * outBuf;
+ XSECnew(outBuf, unsigned char[len + 1]);
+ ArrayJanitor<unsigned char> j_outBuf(outBuf);
+
+ /* Had to move to our own Base64 decoder because it handles non-wrapped b64
+ better. Grrr. */
+
+ XSCryptCryptoBase64 *b64;
+ XSECnew(b64, XSCryptCryptoBase64);
+ Janitor<XSCryptCryptoBase64> j_b64(b64);
+
+ b64->decodeInit();
+ bufLen = b64->decode((unsigned char *) buf, len, outBuf, len);
+ bufLen += b64->decodeFinish(&outBuf[bufLen], len-bufLen);
+
+ BIO* b = BIO_new_mem_buf((void*)outBuf, bufLen);
+ pkey = d2i_PUBKEY_bio(b, NULL);
+ BIO_free(b);
+
+ }
+ else {
+
+ BIO* b = BIO_new_mem_buf((void*)buf, len);
+ pkey = d2i_PUBKEY_bio(b, NULL);
+ BIO_free(b);
+
+ }
+
+ if (pkey) {
+ XSECCryptoKey* ret = NULL;
+ try {
+ switch (pkey->type) {
+ case EVP_PKEY_RSA:
+ ret = new OpenSSLCryptoKeyRSA(pkey);
+ break;
+
+ case EVP_PKEY_DSA:
+ ret = new OpenSSLCryptoKeyDSA(pkey);
+ break;
+
+#if defined(XSEC_OPENSSL_HAVE_EC)
+ case EVP_PKEY_EC:
+ ret = new OpenSSLCryptoKeyEC(pkey);
+ break;
+#endif
+ }
+ }
+ catch (XSECCryptoException&) {
+ EVP_PKEY_free(pkey);
+ throw;
+ }
+
+ EVP_PKEY_free(pkey);
+ return ret;
+ }
+
+ throw XSECCryptoException(XSECCryptoException::UnsupportedError,
+ "OpenSSLCryptoProvider::keyDER - Error decoding public key");
+}
+
XSECCryptoX509 * OpenSSLCryptoProvider::X509() const {
Modified: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp (original)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,6 +31,9 @@
#include <xsec/framework/XSECDefs.hpp>
#include <xsec/enc/XSECCryptoProvider.hpp>
+#include <map>
+#include <string>
+
#if defined (HAVE_OPENSSL)
/**
@@ -49,6 +52,7 @@
class DSIG_EXPORT OpenSSLCryptoProvider : public XSECCryptoProvider {
+ std::map<std::string,int> m_namedCurveMap;
public :
@@ -202,6 +206,31 @@ public :
virtual XSECCryptoKeyRSA * keyRSA() const;
/**
+ * \brief Return an EC key implementation object.
+ *
+ * Call used by the library to obtain an OpenSSL EC key object.
+ *
+ * @returns Pointer to the new EC key
+ * @see OpenSSLCryptoKeyEC
+ */
+
+ virtual XSECCryptoKeyEC * keyEC() const;
+
+ /**
+ * \brief Return a key implementation object based on DER-encoded input.
+ *
+ * Call used by the library to obtain a key object from a DER-encoded key.
+ *
+ * @param buf DER-encoded data
+ * @param buflen length of data
+ * @param base64 true iff data is base64-encoded
+ * @returns Pointer to the new key
+ * @see XSECCryptoKey
+ */
+
+ virtual XSECCryptoKey * keyDER(const char* buf, unsigned long buflen, bool base64) const;
+
+ /**
* \brief Return an X509 implementation object.
*
* Call used by the library to obtain an object that can work
@@ -257,6 +286,15 @@ public :
virtual unsigned int getRandom(unsigned char * buffer, unsigned int numOctets) const;
+ /**
+ * \brief Map a curve name (in URI form) to a curve NID.
+ *
+ * Maps a URI identifying a named curve to a library identifier.
+ *
+ * @param curveName the URI identifying the curve
+ * @returns the corresponding NID
+ */
+ int curveNameToNID(const char* curveName) const;
//@}
Modified: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp (original)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -32,6 +32,7 @@
#include <xsec/framework/XSECError.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
+#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
@@ -199,6 +200,13 @@ XSECCryptoKey::KeyType OpenSSLCryptoX509
ret = XSECCryptoKey::KEY_RSA_PUBLIC;
break;
+#if defined(XSEC_OPENSSL_HAVE_EC)
+ case EVP_PKEY_EC :
+
+ ret = XSECCryptoKey::KEY_EC_PUBLIC;
+ break;
+#endif
+
default :
ret = XSECCryptoKey::KEY_NONE;
@@ -242,6 +250,13 @@ XSECCryptoKey * OpenSSLCryptoX509::clone
ret = new OpenSSLCryptoKeyRSA(pkey);
break;
+#if defined(XSEC_OPENSSL_HAVE_EC)
+ case EVP_PKEY_EC :
+
+ ret = new OpenSSLCryptoKeyEC(pkey);
+ break;
+#endif
+
default :
ret = NULL;
Modified: xml/security/trunk/c/src/enc/XSECCryptoException.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/XSECCryptoException.cpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/XSECCryptoException.cpp (original)
+++ xml/security/trunk/c/src/enc/XSECCryptoException.cpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -41,6 +41,7 @@ extern const char * XSECCryptoExceptionS
"DSA Error",
"RSA Error",
"Symmetric Error",
+ "EC Error",
"Unsupported Algorithm"
};
Modified: xml/security/trunk/c/src/enc/XSECCryptoException.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/XSECCryptoException.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/XSECCryptoException.hpp (original)
+++ xml/security/trunk/c/src/enc/XSECCryptoException.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -88,7 +88,8 @@ public:
SymmetricError = 8,
UnsupportedError = 9, // Called function is not supported
UnsupportedAlgorithm = 10,
- UnknownError = 11 // Must be last!
+ ECError = 11,
+ UnknownError = 12 // Must be last!
};
Modified: xml/security/trunk/c/src/enc/XSECCryptoKey.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/XSECCryptoKey.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/XSECCryptoKey.hpp (original)
+++ xml/security/trunk/c/src/enc/XSECCryptoKey.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -70,7 +70,10 @@ public :
KEY_RSA_PRIVATE,
KEY_RSA_PAIR,
KEY_HMAC,
- KEY_SYMMETRIC
+ KEY_SYMMETRIC,
+ KEY_EC_PUBLIC,
+ KEY_EC_PRIVATE,
+ KEY_EC_PAIR
};
Modified: xml/security/trunk/c/src/enc/XSECCryptoKeyDSA.hpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/XSECCryptoKeyDSA.hpp?rev=958797&r1=958796&r2=958797&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/XSECCryptoKeyDSA.hpp (original)
+++ xml/security/trunk/c/src/enc/XSECCryptoKeyDSA.hpp Tue Jun 29 00:44:27 2010
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2005 The Apache Software Foundation.
+ * Copyright 2002-2010 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -74,7 +74,7 @@ public :
/** @name Mandatory DSA interface methods
*
- * These classes are required by the library.
+ * These methods are required by the library.
*/
//@{