[xmlsec] adding support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512 (M
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] adding support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512 (M
- Date: Sat, 19 Jan 2013 01:40:00 +0000 (UTC)
commit b240a19afe8ec982ea973559bd4636422159122b
Author: Aleksey Sanin <aleksey aleksey com>
Date: Fri Jan 18 17:39:48 2013 -0800
adding support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512 (Mak Kolybabi)
include/xmlsec/app.h | 49 ++
include/xmlsec/openssl/crypto.h | 92 ++++
include/xmlsec/openssl/symbols.h | 7 +
include/xmlsec/private.h | 14 +
include/xmlsec/skeleton/symbols.h | 7 +
include/xmlsec/strings.h | 37 ++
src/app.c | 161 ++++++
src/dl.c | 62 +++
src/openssl/crypto.c | 33 ++
src/openssl/evp.c | 290 +++++++++++
src/openssl/signatures.c | 1029 ++++++++++++++++++++++++++++++++++---
src/skeleton/crypto.c | 33 ++
src/strings.c | 36 ++
13 files changed, 1772 insertions(+), 78 deletions(-)
---
diff --git a/include/xmlsec/app.h b/include/xmlsec/app.h
index 7f61ac6..5fe572a 100644
--- a/include/xmlsec/app.h
+++ b/include/xmlsec/app.h
@@ -66,6 +66,13 @@ XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataDesGetKlass
#define xmlSecKeyDataDsaId xmlSecKeyDataDsaGetKlass()
XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataDsaGetKlass (void);
/**
+ * xmlSecKeyDataEcdsaId:
+ *
+ * The ECDSA key klass.
+ */
+#define xmlSecKeyDataEcdsaId xmlSecKeyDataEcdsaGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataEcdsaGetKlass (void);
+/**
* xmlSecKeyDataGost2001Id:
*
* The GOST2001 key klass.
@@ -182,6 +189,48 @@ XMLSEC_EXPORT xmlSecTransformId xmlSecTransformKWDes3GetKlass
*/
#define xmlSecTransformDsaSha1Id xmlSecTransformDsaSha1GetKlass()
XMLSEC_EXPORT xmlSecTransformId xmlSecTransformDsaSha1GetKlass (void);
+/**
+ * xmlSecTransformDsaSha256Id:
+ *
+ * The DSA-SHA256 signature transform klass.
+ */
+#define xmlSecTransformDsaSha256Id xmlSecTransformDsaSha256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformDsaSha256GetKlass (void);
+/**
+ * xmlSecTransformEcdsaSha1Id:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha1Id xmlSecTransformEcdsaSha1GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformEcdsaSha1GetKlass (void);
+/**
+ * xmlSecTransformEcdsaSha224Id:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha224Id xmlSecTransformEcdsaSha224GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformEcdsaSha224GetKlass (void);
+/**
+ * xmlSecTransformEcdsaSha256Id:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha256Id xmlSecTransformEcdsaSha256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformEcdsaSha256GetKlass (void);
+/**
+ * xmlSecTransformEcdsaSha384Id:
+ *
+ * The ECDS-SHA384 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha384Id xmlSecTransformEcdsaSha384GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformEcdsaSha384GetKlass (void);
+/**
+ * xmlSecTransformEcdsaSha512Id:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha512Id xmlSecTransformEcdsaSha512GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformEcdsaSha512GetKlass (void);
/**
* xmlSecTransformGost2001GostR3411_94Id:
diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
index 7ceace3..aec5fb3 100644
--- a/include/xmlsec/openssl/crypto.h
+++ b/include/xmlsec/openssl/crypto.h
@@ -182,10 +182,102 @@ XMLSEC_CRYPTO_EXPORT EVP_PKEY* xmlSecOpenSSLKeyDataDsaGetEvp (xmlSecK
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDsaSha1GetKlass(void);
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecOpenSSLTransformDsaSha256Id:
+ *
+ * The DSA SHA256 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformDsaSha256Id \
+ xmlSecOpenSSLTransformDsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
/********************************************************************
*
+ * ECDSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_ECDSA
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaId:
+ *
+ * The ECDSA key klass.
+ */
+#define xmlSecOpenSSLKeyDataEcdsaId \
+ xmlSecOpenSSLKeyDataEcdsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataEcdsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa (xmlSecKeyDataPtr data,
+ EC_KEY* ecdsa);
+XMLSEC_CRYPTO_EXPORT EC_KEY* xmlSecOpenSSLKeyDataEcdsaGetEcdsa (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataEcdsaAdoptEvp (xmlSecKeyDataPtr data,
+ EVP_PKEY* pKey);
+XMLSEC_CRYPTO_EXPORT EVP_PKEY* xmlSecOpenSSLKeyDataEcdsaGetEvp (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecOpenSSLTransformEcdsaSha1Id:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha1Id \
+ xmlSecOpenSSLTransformEcdsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/**
+ * xmlSecOpenSSLTransformEcdsaSha224Id:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha224Id \
+ xmlSecOpenSSLTransformEcdsaSha224GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha224GetKlass(void);
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecOpenSSLTransformEcdsaSha256Id:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha256Id \
+ xmlSecOpenSSLTransformEcdsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecOpenSSLTransformEcdsaSha384Id:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha384Id \
+ xmlSecOpenSSLTransformEcdsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecOpenSSLTransformEcdsaSha512Id:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha512Id \
+ xmlSecOpenSSLTransformEcdsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
+/********************************************************************
+ *
* GOST2001 transform
*
*******************************************************************/
diff --git a/include/xmlsec/openssl/symbols.h b/include/xmlsec/openssl/symbols.h
index 9fb9153..15ae9b9 100644
--- a/include/xmlsec/openssl/symbols.h
+++ b/include/xmlsec/openssl/symbols.h
@@ -37,6 +37,7 @@ extern "C" {
#define xmlSecKeyDataAesId xmlSecOpenSSLKeyDataAesId
#define xmlSecKeyDataDesId xmlSecOpenSSLKeyDataDesId
#define xmlSecKeyDataDsaId xmlSecOpenSSLKeyDataDsaId
+#define xmlSecKeyDataEcdsaId xmlSecOpenSSLKeyDataEcdsaId
#define xmlSecKeyDataHmacId xmlSecOpenSSLKeyDataHmacId
#define xmlSecKeyDataRsaId xmlSecOpenSSLKeyDataRsaId
#define xmlSecKeyDataX509Id xmlSecOpenSSLKeyDataX509Id
@@ -63,6 +64,12 @@ extern "C" {
#define xmlSecTransformDes3CbcId xmlSecOpenSSLTransformDes3CbcId
#define xmlSecTransformKWDes3Id xmlSecOpenSSLTransformKWDes3Id
#define xmlSecTransformDsaSha1Id xmlSecOpenSSLTransformDsaSha1Id
+#define xmlSecTransformDsaSha256Id xmlSecOpenSSLTransformDsaSha256Id
+#define xmlSecTransformEcdsaSha1Id xmlSecOpenSSLTransformEcdsaSha1Id
+#define xmlSecTransformEcdsaSha224Id xmlSecOpenSSLTransformEcdsaSha224Id
+#define xmlSecTransformEcdsaSha256Id xmlSecOpenSSLTransformEcdsaSha256Id
+#define xmlSecTransformEcdsaSha384Id xmlSecOpenSSLTransformEcdsaSha384Id
+#define xmlSecTransformEcdsaSha512Id xmlSecOpenSSLTransformEcdsaSha512Id
#define xmlSecTransformHmacMd5Id xmlSecOpenSSLTransformHmacMd5Id
#define xmlSecTransformHmacRipemd160Id xmlSecOpenSSLTransformHmacRipemd160Id
#define xmlSecTransformHmacSha1Id xmlSecOpenSSLTransformHmacSha1Id
diff --git a/include/xmlsec/private.h b/include/xmlsec/private.h
index 3e3bbc9..74e6de1 100644
--- a/include/xmlsec/private.h
+++ b/include/xmlsec/private.h
@@ -334,6 +334,7 @@ typedef int (*xmlSecCryptoAppKeyCertLoadMemoryMethod)(xmlSec
* @keyDataAesGetKlass: the method to get pointer to AES key data klass.
* @keyDataDesGetKlass: the method to get pointer to DES key data klass.
* @keyDataDsaGetKlass: the method to get pointer to DSA key data klass.
+ * @keyDataEcdsaGetKlass: the method to get pointer to ECDSA key data klass.
* @keyDataGost2001GetKlass: the method to get pointer to GOST 2001 key data klass.
* @keyDataHmacGetKlass: the method to get pointer to HMAC key data klass.
* @keyDataRsaGetKlass: the method to get pointer to RSA key data klass.
@@ -349,6 +350,12 @@ typedef int (*xmlSecCryptoAppKeyCertLoadMemoryMethod)(xmlSec
* @transformDes3CbcGetKlass: the method to get pointer to Triple DES encryption transform.
* @transformKWDes3GetKlass: the method to get pointer to Triple DES key wrapper transform.
* @transformDsaSha1GetKlass: the method to get pointer to DSA-SHA1 signature transform.
+ * @transformDsaSha256GetKlass: the method to get pointer to DSA-SHA256 signature transform.
+ * @transformEcdsaSha1GetKlass: the method to get pointer to ECDSA-SHA1 signature transform.
+ * @transformEcdsaSha224GetKlass: the method to get pointer to ECDSA-SHA224 signature transform.
+ * @transformEcdsaSha256GetKlass: the method to get pointer to ECDSA-SHA256 signature transform.
+ * @transformEcdsaSha384GetKlass: the method to get pointer to ECDSA-SHA384 signature transform.
+ * @transformEcdsaSha512GetKlass: the method to get pointer to ECDSA-SHA512 signature transform.
* @transformGost2001GostR3411_94GetKlass: the method to get pointer to GOST2001 transform.
* @transformHmacMd5GetKlass: the method to get pointer to HMAC-MD5 transform.
* @transformHmacRipemd160GetKlass: the method to get pointer to HMAC-RIPEMD160 transform.
@@ -402,6 +409,7 @@ struct _xmlSecCryptoDLFunctions {
xmlSecCryptoKeyDataGetKlassMethod keyDataAesGetKlass;
xmlSecCryptoKeyDataGetKlassMethod keyDataDesGetKlass;
xmlSecCryptoKeyDataGetKlassMethod keyDataDsaGetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataEcdsaGetKlass;
xmlSecCryptoKeyDataGetKlassMethod keyDataGost2001GetKlass;
xmlSecCryptoKeyDataGetKlassMethod keyDataHmacGetKlass;
xmlSecCryptoKeyDataGetKlassMethod keyDataRsaGetKlass;
@@ -421,6 +429,12 @@ struct _xmlSecCryptoDLFunctions {
xmlSecCryptoTransformGetKlassMethod transformDes3CbcGetKlass;
xmlSecCryptoTransformGetKlassMethod transformKWDes3GetKlass;
xmlSecCryptoTransformGetKlassMethod transformDsaSha1GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformDsaSha256GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformEcdsaSha1GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformEcdsaSha224GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformEcdsaSha256GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformEcdsaSha384GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformEcdsaSha512GetKlass;
xmlSecCryptoTransformGetKlassMethod transformGost2001GostR3411_94GetKlass;
xmlSecCryptoTransformGetKlassMethod transformHmacMd5GetKlass;
xmlSecCryptoTransformGetKlassMethod transformHmacRipemd160GetKlass;
diff --git a/include/xmlsec/skeleton/symbols.h b/include/xmlsec/skeleton/symbols.h
index 7be57a4..9902d3f 100644
--- a/include/xmlsec/skeleton/symbols.h
+++ b/include/xmlsec/skeleton/symbols.h
@@ -37,6 +37,7 @@ extern "C" {
#define xmlSecKeyDataAesId xmlSecSkeletonKeyDataAesId
#define xmlSecKeyDataDesId xmlSecSkeletonKeyDataDesId
#define xmlSecKeyDataDsaId xmlSecSkeletonKeyDataDsaId
+#define xmlSecKeyDataEcdsaId xmlSecSkeletonKeyDataEcdsaId
#define xmlSecKeyDataHmacId xmlSecSkeletonKeyDataHmacId
#define xmlSecKeyDataRsaId xmlSecSkeletonKeyDataRsaId
#define xmlSecKeyDataX509Id xmlSecSkeletonKeyDataX509Id
@@ -63,6 +64,12 @@ extern "C" {
#define xmlSecTransformDes3CbcId xmlSecSkeletonTransformDes3CbcId
#define xmlSecTransformKWDes3Id xmlSecSkeletonTransformKWDes3Id
#define xmlSecTransformDsaSha1Id xmlSecSkeletonTransformDsaSha1Id
+#define xmlSecTransformDsaSha256Id xmlSecSkeletonTransformDsaSha256Id
+#define xmlSecTransformEcdsaSha1Id xmlSecSkeletonTransformEcdsaSha1Id
+#define xmlSecTransformEcdsaSha224Id xmlSecSkeletonTransformEcdsaSha224Id
+#define xmlSecTransformEcdsaSha256Id xmlSecSkeletonTransformEcdsaSha256Id
+#define xmlSecTransformEcdsaSha384Id xmlSecSkeletonTransformEcdsaSha384Id
+#define xmlSecTransformEcdsaSha512Id xmlSecSkeletonTransformEcdsaSha512Id
#define xmlSecTransformHmacMd5Id xmlSecSkeletonTransformHmacMd5Id
#define xmlSecTransformHmacRipemd160Id xmlSecSkeletonTransformHmacRipemd160Id
#define xmlSecTransformHmacSha1Id xmlSecSkeletonTransformHmacSha1Id
diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h
index 98650bf..5e3f6a1 100644
--- a/include/xmlsec/strings.h
+++ b/include/xmlsec/strings.h
@@ -318,6 +318,43 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAPgenCounter[];
XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDsaSha1[];
XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDsaSha1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDsaSha256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDsaSha256[];
+
+/*************************************************************************
+ *
+ * ECDSA strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameECDSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefECDSAKeyValue[];
+
+/* XXX-MAK: More constants will be needed later. */
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAP[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAQ[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAG[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAJ[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAX[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAY[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSASeed[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAPgenCounter[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha1[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha224[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha224[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha256[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha384[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha384[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha512[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha512[];
+
/*************************************************************************
*
* GOST2001 strings
diff --git a/src/app.c b/src/app.c
index 925c24b..55f5453 100644
--- a/src/app.c
+++ b/src/app.c
@@ -174,6 +174,29 @@ xmlSecKeyDataDsaGetKlass(void) {
}
/**
+ * xmlSecKeyDataEcdsaGetKlass:
+ *
+ * The ECDSA key data klass.
+ *
+ * Returns: ECDSA key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the ECDSA key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataEcdsaGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataEcdsaGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataEcdsaId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataEcdsaGetKlass());
+}
+
+/**
* xmlSecKeyDataGost2001GetKlass:
*
* The GOST2001 key data klass.
@@ -529,6 +552,144 @@ xmlSecTransformDsaSha1GetKlass(void) {
}
/**
+ * xmlSecTransformDsaSha256GetKlass:
+ *
+ * The DSA-SHA256 signature transform klass.
+ *
+ * Returns: DSA-SHA256 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformDsaSha256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDsaSha256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformDsaSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformDsaSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha1GetKlass:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ *
+ * Returns: ECDSA-SHA1 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha1GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha1GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha1GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha224GetKlass:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ *
+ * Returns: ECDSA-SHA224 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha224GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha224GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha224GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha256GetKlass:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ *
+ * Returns: ECDSA-SHA256 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha384GetKlass:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ *
+ * Returns: ECDSA-SHA384 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha384GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha384GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha384GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha512GetKlass:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ *
+ * Returns: ECDSA-SHA512 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha512GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha512GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha512GetKlass());
+}
+
+/**
* xmlSecTransformGost2001GostR3411_94GetKlass:
*
* The GOST2001-GOSTR3411_94 signature transform klass.
diff --git a/src/dl.c b/src/dl.c
index 6e8a56a..5ffc2ff 100644
--- a/src/dl.c
+++ b/src/dl.c
@@ -634,6 +634,14 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
+ if((functions->keyDataEcdsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataEcdsaGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataEcdsaGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->keyDataGost2001GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGost2001GetKlass()) < 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())),
@@ -771,6 +779,60 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti
return(-1);
}
+ if((functions->transformDsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha1GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha224GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha384GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha512GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
if((functions->transformHmacMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacMd5GetKlass()) < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacMd5GetKlass())),
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index d141a5c..eba1a32 100644
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -74,6 +74,10 @@ xmlSecCryptoGetFunctions_openssl(void) {
gXmlSecOpenSSLFunctions->keyDataDsaGetKlass = xmlSecOpenSSLKeyDataDsaGetKlass;
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+ gXmlSecOpenSSLFunctions->keyDataEcdsaGetKlass = xmlSecOpenSSLKeyDataEcdsaGetKlass;
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_GOST
gXmlSecOpenSSLFunctions->keyDataGost2001GetKlass = xmlSecOpenSSLKeyDataGost2001GetKlass;
#endif /* XMLSEC_NO_GOST*/
@@ -129,8 +133,37 @@ xmlSecCryptoGetFunctions_openssl(void) {
gXmlSecOpenSSLFunctions->transformDsaSha1GetKlass = xmlSecOpenSSLTransformDsaSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformDsaSha256GetKlass = xmlSecOpenSSLTransformDsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+ /******************************* ECDSA ********************************/
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformEcdsaSha1GetKlass = xmlSecOpenSSLTransformEcdsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecOpenSSLFunctions->transformEcdsaSha224GetKlass = xmlSecOpenSSLTransformEcdsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformEcdsaSha256GetKlass = xmlSecOpenSSLTransformEcdsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecOpenSSLFunctions->transformEcdsaSha384GetKlass = xmlSecOpenSSLTransformEcdsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecOpenSSLFunctions->transformEcdsaSha512GetKlass = xmlSecOpenSSLTransformEcdsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
/******************************* GOST ********************************/
#ifndef XMLSEC_NO_GOST
gXmlSecOpenSSLFunctions->transformGost2001GostR3411_94GetKlass = xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass;
diff --git a/src/openssl/evp.c b/src/openssl/evp.c
index a23de38..54218a4 100644
--- a/src/openssl/evp.c
+++ b/src/openssl/evp.c
@@ -237,6 +237,19 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) {
}
break;
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+ case EVP_PKEY_EC:
+ data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataEcdsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLKeyDataEcdsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_ECDSA */
#ifndef XMLSEC_NO_GOST
case NID_id_GostR3410_2001:
data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGost2001Id);
@@ -997,6 +1010,283 @@ xmlSecOpenSSLKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+/**************************************************************************
+ *
+ * ECDSA XML key representation processing.
+ *
+ * http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7802
+ *
+ * RFC 4050 [RFC4050] describes a possible <dsig:KeyValue> representation
+ * for an ECDSA key. The representation and processing instructions
+ * described in [RFC4050] are not completely compatible with [XMLDSIG-11];
+ * therefore, ECDSA keys SHOULD NOT be provided through a <dsig:KeyValue>
+ * element.
+ *
+ *************************************************************************/
+static int xmlSecOpenSSLKeyDataEcdsaInitialize(xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataEcdsaFinalize(xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataEcdsaXmlRead(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataEcdsaXmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataEcdsaGenerate(xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataEcdsaGetType(xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataEcdsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecOpenSSLEvpKeyDataSize,
+
+ /* data */
+ xmlSecNameECDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefECDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeECDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLKeyDataEcdsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataEcdsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataEcdsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLKeyDataEcdsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLKeyDataEcdsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLKeyDataEcdsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataEcdsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetKlass:
+ *
+ * The ECDSA key data klass.
+ *
+ * Returns: pointer to ECDSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataEcdsaGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataEcdsaKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa:
+ * @data: the pointer to ECDSA key data.
+ * @ecdsa: the pointer to OpenSSL ECDSA key.
+ *
+ * Sets the value of ECDSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa(xmlSecKeyDataPtr data, EC_KEY* ecdsa) {
+ EVP_PKEY* pKey = NULL;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+ /* construct new EVP_PKEY */
+ if(ecdsa != NULL) {
+ pKey = EVP_PKEY_new();
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = EVP_PKEY_assign_EC_KEY(pKey, ecdsa);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_assign_EC_KEY",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecOpenSSLKeyDataEcdsaAdoptEvp(data, pKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataEcdsaAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(pKey != NULL) {
+ EVP_PKEY_free(pKey);
+ }
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetEcdsa:
+ * @data: the pointer to ECDSA key data.
+ *
+ * Gets the OpenSSL ECDSA key from ECDSA key data.
+ *
+ * Returns: pointer to OpenSSL ECDSA key or NULL if an error occurs.
+ */
+EC_KEY*
+xmlSecOpenSSLKeyDataEcdsaGetEcdsa(xmlSecKeyDataPtr data) {
+ EVP_PKEY* pKey;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), NULL);
+
+ pKey = xmlSecOpenSSLKeyDataEcdsaGetEvp(data);
+ xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_EC), NULL);
+
+ return((pKey != NULL) ? pKey->pkey.ec : (EC_KEY*)NULL);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaAdoptEvp:
+ * @data: the pointer to ECDSA key data.
+ * @pKey: the pointer to OpenSSL EVP key.
+ *
+ * Sets the ECDSA key data value to OpenSSL EVP key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataEcdsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+ xmlSecAssert2(pKey != NULL, -1);
+ xmlSecAssert2(pKey->type == EVP_PKEY_EC, -1);
+
+ return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey));
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetEvp:
+ * @data: the pointer to ECDSA key data.
+ *
+ * Gets the OpenSSL EVP key from ECDSA key data.
+ *
+ * Returns: pointer to OpenSSL EVP key or NULL if an error occurs.
+ */
+EVP_PKEY*
+xmlSecOpenSSLKeyDataEcdsaGetEvp(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), NULL);
+
+ return(xmlSecOpenSSLEvpKeyDataGetEvp(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataEcdsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataInitialize(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataEcdsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+
+ xmlSecOpenSSLEvpKeyDataFinalize(data);
+}
+
+static xmlSecKeyDataType
+xmlSecOpenSSLKeyDataEcdsaGetType(xmlSecKeyDataPtr data ATTRIBUTE_UNUSED) {
+ /* XXX-MAK: Fix this. */
+ return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+}
+
+static xmlSecSize
+xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) {
+ const EC_GROUP *group;
+ const EC_KEY *ecdsa;
+ BIGNUM order;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), 0);
+
+ ecdsa = xmlSecOpenSSLKeyDataEcdsaGetEcdsa(data);
+ if((ecdsa == NULL)) {
+ return(0);
+ }
+
+ group = EC_KEY_get0_group(ecdsa);
+ if(group == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_KEY_get0_group",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ if(EC_GROUP_get_order(group, &order, NULL) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_GROUP_get_order",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ return(BN_num_bytes(&order));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== ecdsa key: size = %d\n",
+ xmlSecOpenSSLKeyDataEcdsaGetSize(data));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<ECDSAKeyValue size=\"%d\" />\n",
+ xmlSecOpenSSLKeyDataEcdsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_RSA
/**************************************************************************
*
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 1fc4ff3..8a47ef7 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -23,10 +23,45 @@
#include <xmlsec/openssl/evp.h>
#ifndef XMLSEC_NO_DSA
-#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE 40
+
+#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE (20 * 2)
+
+#ifndef XMLSEC_NO_SHA1
static const EVP_MD *xmlSecOpenSSLDsaSha1Evp (void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+static const EVP_MD *xmlSecOpenSSLDsaSha256Evp (void);
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+
+#define XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE ((512 / 8) * 2)
+
+#ifndef XMLSEC_NO_SHA1
+static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp (void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp (void);
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp (void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp (void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp (void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
/**************************************************************************
*
@@ -79,8 +114,48 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) {
} else
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_RSA
#ifndef XMLSEC_NO_MD5
@@ -161,8 +236,54 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) {
} else
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) {
+ ctx->digest = xmlSecOpenSSLDsaSha256Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataDsaId;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha1Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha224Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha256Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha384Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha512Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_RSA
#ifndef XMLSEC_NO_MD5
@@ -497,6 +618,11 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
}
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+ if(signSize < XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE) {
+ signSize = XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE;
+ }
+#endif /* XMLSEC_NO_ECDSA */
ret = xmlSecBufferSetMaxSize(out, signSize);
if(ret < 0) {
@@ -547,58 +673,11 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
}
#ifndef XMLSEC_NO_DSA
-
-#ifndef XMLSEC_NO_SHA1
-/****************************************************************************
- *
- * DSA-SHA1 signature transform
- *
- ***************************************************************************/
-
-static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameDsaSha1, /* const xmlChar* name; */
- xmlSecHrefDsaSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecOpenSSLTransformDsaSha1GetKlass:
- *
- * The DSA-SHA1 signature transform klass.
- *
- * Returns: DSA-SHA1 signature transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
- return(&xmlSecOpenSSLDsaSha1Klass);
-}
-
/****************************************************************************
*
- * DSA-SHA1 EVP
+ * DSA EVP
*
- * XMLDSig specifies dsa signature packing not supported by OpenSSL so
+ * XMLDSig specifies DSA signature packing not supported by OpenSSL so
* we created our own EVP_MD.
*
* http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
@@ -620,28 +699,8 @@ xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
* <SignatureValue>i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA==</SignatureValue>
*
***************************************************************************/
-#ifndef XMLSEC_OPENSSL_096
-static int
-xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
-{
- return SHA1_Init(ctx->md_data);
-}
-
-static int
-xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
- return SHA1_Update(ctx->md_data,data,count);
-}
-
-static int
-xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
-{
- return SHA1_Final(md,ctx->md_data);
-}
-#endif /* XMLSEC_OPENSSL_096 */
-
static int
-xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
+xmlSecOpenSSLDsaEvpSign(int type ATTRIBUTE_UNUSED,
const unsigned char *dgst, unsigned int dlen,
unsigned char *sig, unsigned int *siglen, void *dsa) {
DSA_SIG *s;
@@ -657,7 +716,6 @@ xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
sSize = BN_num_bytes(s->s);
if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
(sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
-
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
@@ -678,7 +736,7 @@ xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
}
static int
-xmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,
+xmlSecOpenSSLDsaEvpVerify(int type ATTRIBUTE_UNUSED,
const unsigned char *dgst, unsigned int dgst_len,
const unsigned char *sigbuf, unsigned int siglen,
void *dsa) {
@@ -719,7 +777,73 @@ err:
return(ret);
}
-static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
+ return(&xmlSecOpenSSLDsaSha1Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLDsaSha1MdEvp = {
NID_dsaWithSHA,
NID_dsaWithSHA,
SHA_DIGEST_LENGTH,
@@ -735,8 +859,8 @@ static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
SHA1_Update,
SHA1_Final,
#endif /* XMLSEC_OPENSSL_096 */
- xmlSecOpenSSLDsaSha1EvpSign,
- xmlSecOpenSSLDsaSha1EvpVerify,
+ xmlSecOpenSSLDsaEvpSign,
+ xmlSecOpenSSLDsaEvpVerify,
{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
SHA_CBLOCK,
sizeof(EVP_MD *)+sizeof(SHA_CTX),
@@ -744,11 +868,760 @@ static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void)
{
- return(&xmlSecOpenSSLDsaMdEvp);
+ return(&xmlSecOpenSSLDsaSha1MdEvp);
}
+
#endif /* XMLSEC_NO_SHA1 */
-#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * DSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLDsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha256, /* const xmlChar* name; */
+ xmlSecHrefDsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDsaSha256GetKlass:
+ *
+ * The DSA-SHA256 signature transform klass.
+ *
+ * Returns: DSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDsaSha256GetKlass(void) {
+ return(&xmlSecOpenSSLDsaSha256Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLDsaSha256EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA256_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLDsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA256_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLDsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA256_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLDsaSha256MdEvp = {
+ NID_dsa_with_SHA256,
+ NID_dsa_with_SHA256,
+ SHA256_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLDsaSha256EvpInit,
+ xmlSecOpenSSLDsaSha256EvpUpdate,
+ xmlSecOpenSSLDsaSha256EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA256_Init,
+ SHA256_Update,
+ SHA256_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLDsaEvpSign,
+ xmlSecOpenSSLDsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLDsaSha256Evp(void)
+{
+ return(&xmlSecOpenSSLDsaSha256MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_ECDSA
+/****************************************************************************
+ *
+ * ECDSA EVP
+ *
+ * NIST-IR-7802 (TMSAD) specifies ECDSA signature packing not supported by
+ * OpenSSL so we created our own EVP_MD.
+ *
+ * http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7802
+ *
+ * The ECDSA algorithm signature is a pair of integers referred to as (r, s).
+ * The <dsig:SignatureValue> consists of the base64 [RFC2045] encoding of the
+ * concatenation of two octet-streams that respectively result from the
+ * octet-encoding of the values r and s, in that order. Integer to
+ * octet-stream conversion MUST be done according to the I2OSP operation
+ * defined in Section 4.1 of RFC 3447 [PKCS1] with the xLen parameter equal
+ * to the size of the base point order of the curve in bytes (32 for the
+ * P-256 curve).
+ *
+ ***************************************************************************/
+static int
+xmlSecOpenSSLEcdsaEvpSign(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dlen,
+ unsigned char *sig, unsigned int *siglen, void *ecdsa) {
+ int rSize, sSize, xLen;
+ const EC_GROUP *group;
+ BIGNUM order;
+ ECDSA_SIG *s;
+
+ s = ECDSA_do_sign(dgst, dlen, ecdsa);
+ if(s == NULL) {
+ *siglen=0;
+ return(0);
+ }
+
+ group = EC_KEY_get0_group(ecdsa);
+ if(group == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_KEY_get0_group",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ECDSA_SIG_free(s);
+ return(0);
+ }
+
+ if(EC_GROUP_get_order(group, &order, NULL) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_GROUP_get_order",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ECDSA_SIG_free(s);
+ return(0);
+ }
+
+ xLen = BN_num_bytes(&order);
+ if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "xLen=%d > %d",
+ xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2);
+ ECDSA_SIG_free(s);
+ return(0);
+ }
+
+ rSize = BN_num_bytes(s->r);
+ sSize = BN_num_bytes(s->s);
+ if((rSize > xLen) || (sSize > xLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size(r)=%d or size(s)=%d > %d",
+ rSize, sSize, xLen);
+ ECDSA_SIG_free(s);
+ return(0);
+ }
+
+ memset(sig, 0, xLen * 2);
+ BN_bn2bin(s->r, sig + xLen - rSize);
+ BN_bn2bin(s->s, sig + (xLen * 2) - sSize);
+ *siglen = xLen * 2;
+
+ ECDSA_SIG_free(s);
+ return(1);
+}
+
+static int
+xmlSecOpenSSLEcdsaEvpVerify(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dgst_len,
+ const unsigned char *sigbuf, unsigned int siglen,
+ void *ecdsa) {
+ const EC_GROUP *group;
+ unsigned int xLen;
+ BIGNUM order;
+ ECDSA_SIG *s;
+ int ret = -1;
+
+ s = ECDSA_SIG_new();
+ if (s == NULL) {
+ return(ret);
+ }
+
+ group = EC_KEY_get0_group(ecdsa);
+ if(group == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_KEY_get0_group",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto err;
+ }
+
+ if(EC_GROUP_get_order(group, &order, NULL) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_GROUP_get_order",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto err;
+ }
+
+ xLen = BN_num_bytes(&order);
+ if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "xLen=%d > %d",
+ xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2);
+ goto err;
+ }
+
+ if(siglen != xLen * 2) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "invalid length %d (%d expected)",
+ siglen, xLen * 2);
+ goto err;
+ }
+
+ s->r = BN_bin2bn(sigbuf, xLen, NULL);
+ s->s = BN_bin2bn(sigbuf + xLen, xLen, NULL);
+ if((s->r == NULL) || (s->s == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto err;
+ }
+
+ ret = ECDSA_do_verify(dgst, dgst_len, s, ecdsa);
+
+err:
+ ECDSA_SIG_free(s);
+ return(ret);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * ECDSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha1, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha1GetKlass:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ *
+ * Returns: ECDSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha1GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha1Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha1EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha1MdEvp = {
+ NID_ecdsa_with_SHA1,
+ NID_ecdsa_with_SHA1,
+ SHA_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha1EvpInit,
+ xmlSecOpenSSLEcdsaSha1EvpUpdate,
+ xmlSecOpenSSLEcdsaSha1EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA1_Init,
+ SHA1_Update,
+ SHA1_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA1,0,0,0},
+ SHA_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha1MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/****************************************************************************
+ *
+ * ECDSA-SHA224 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha224, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha224GetKlass:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ *
+ * Returns: ECDSA-SHA224 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha224GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha224Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha224EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA224_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha224EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA224_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha224EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA224_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha224MdEvp = {
+ NID_ecdsa_with_SHA224,
+ NID_ecdsa_with_SHA224,
+ SHA224_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha224EvpInit,
+ xmlSecOpenSSLEcdsaSha224EvpUpdate,
+ xmlSecOpenSSLEcdsaSha224EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA224_Init,
+ SHA224_Update,
+ SHA224_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA224,0,0,0,0},
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha224MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * ECDSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha256, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha256GetKlass:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ *
+ * Returns: ECDSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha256GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha256Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha256EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA256_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA256_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA256_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha256MdEvp = {
+ NID_ecdsa_with_SHA256,
+ NID_ecdsa_with_SHA256,
+ SHA256_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha256EvpInit,
+ xmlSecOpenSSLEcdsaSha256EvpUpdate,
+ xmlSecOpenSSLEcdsaSha256EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA256_Init,
+ SHA256_Update,
+ SHA256_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA256,0,0,0,0},
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha256MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * ECDSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha384, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha384GetKlass:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ *
+ * Returns: ECDSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha384GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha384Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha384EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA384_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha384EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA384_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha384EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA384_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha384MdEvp = {
+ NID_ecdsa_with_SHA384,
+ NID_ecdsa_with_SHA384,
+ SHA384_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha384EvpInit,
+ xmlSecOpenSSLEcdsaSha384EvpUpdate,
+ xmlSecOpenSSLEcdsaSha384EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA384_Init,
+ SHA384_Update,
+ SHA384_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA384,0,0,0,0},
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha384MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * ECDSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha512, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha512GetKlass:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ *
+ * Returns: ECDSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha512GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha512Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha512EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA512_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha512EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA512_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha512EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA512_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha512MdEvp = {
+ NID_ecdsa_with_SHA512,
+ NID_ecdsa_with_SHA512,
+ SHA512_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha512EvpInit,
+ xmlSecOpenSSLEcdsaSha512EvpUpdate,
+ xmlSecOpenSSLEcdsaSha512EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA512_Init,
+ SHA512_Update,
+ SHA512_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA512,0,0,0,0},
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha512MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
#ifndef XMLSEC_NO_RSA
diff --git a/src/skeleton/crypto.c b/src/skeleton/crypto.c
index f52d4ac..3be2064 100644
--- a/src/skeleton/crypto.c
+++ b/src/skeleton/crypto.c
@@ -68,6 +68,10 @@ xmlSecCryptoGetFunctions_skeleton(void) {
gXmlSecSkeletonFunctions->keyDataDsaGetKlass = xmlSecSkeletonKeyDataDsaGetKlass;
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+ gXmlSecSkeletonFunctions->keyDataEcdsaGetKlass = xmlSecSkeletonKeyDataEcdsaGetKlass;
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_GOST
gXmlSecSkeletonFunctions->keyDataGost2001GetKlass = xmlSecSkeletonKeyDataGost2001GetKlass;
#endif /* XMLSEC_NO_GOST */
@@ -123,8 +127,37 @@ xmlSecCryptoGetFunctions_skeleton(void) {
gXmlSecSkeletonFunctions->transformDsaSha1GetKlass = xmlSecSkeletonTransformDsaSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecSkeletonFunctions->transformDsaSha256GetKlass = xmlSecSkeletonTransformDsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+ /******************************* ECDSA ********************************/
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformEcdsaSha1GetKlass = xmlSecSkeletonTransformEcdsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecSkeletonFunctions->transformEcdsaSha224GetKlass = xmlSecSkeletonTransformEcdsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecSkeletonFunctions->transformEcdsaSha256GetKlass = xmlSecSkeletonTransformEcdsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecSkeletonFunctions->transformEcdsaSha384GetKlass = xmlSecSkeletonTransformEcdsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecSkeletonFunctions->transformEcdsaSha512GetKlass = xmlSecSkeletonTransformEcdsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
/******************************* GOST ********************************/
#ifndef XMLSEC_NO_GOST
gXmlSecSkeletonFunctions->transformGost2001GostR3411_94GetKlass = xmlSecSkeletonTransformGost2001GostR3411_94GetKlass;
diff --git a/src/strings.c b/src/strings.c
index 99ee316..f746f4d 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -322,6 +322,42 @@ const xmlChar xmlSecNodeDSAPgenCounter[] = "PgenCounter";
const xmlChar xmlSecNameDsaSha1[] = "dsa-sha1";
const xmlChar xmlSecHrefDsaSha1[] = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";;
+const xmlChar xmlSecNameDsaSha256[] = "dsa-sha256";
+const xmlChar xmlSecHrefDsaSha256[] = "http://www.w3.org/2009/xmldsig11#dsa-sha256";;
+
+/*************************************************************************
+ *
+ * ECDSA strings
+ *
+ ************************************************************************/
+/* XXX-MAK: More constants will be needed later. */
+const xmlChar xmlSecNameECDSAKeyValue[] = "ecdsa";
+const xmlChar xmlSecNodeECDSAKeyValue[] = "ECDSAKeyValue";
+const xmlChar xmlSecHrefECDSAKeyValue[] = "http://scap.nist.gov/specifications/tmsad/#resource-1.0";;
+const xmlChar xmlSecNodeECDSAP[] = "P";
+const xmlChar xmlSecNodeECDSAQ[] = "Q";
+const xmlChar xmlSecNodeECDSAG[] = "G";
+const xmlChar xmlSecNodeECDSAJ[] = "J";
+const xmlChar xmlSecNodeECDSAX[] = "X";
+const xmlChar xmlSecNodeECDSAY[] = "Y";
+const xmlChar xmlSecNodeECDSASeed[] = "Seed";
+const xmlChar xmlSecNodeECDSAPgenCounter[] = "PgenCounter";
+
+const xmlChar xmlSecNameEcdsaSha1[] = "ecdsa-sha1";
+const xmlChar xmlSecHrefEcdsaSha1[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";;
+
+const xmlChar xmlSecNameEcdsaSha224[] = "ecdsa-sha224";
+const xmlChar xmlSecHrefEcdsaSha224[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";;
+
+const xmlChar xmlSecNameEcdsaSha256[] = "ecdsa-sha256";
+const xmlChar xmlSecHrefEcdsaSha256[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";;
+
+const xmlChar xmlSecNameEcdsaSha384[] = "ecdsa-sha384";
+const xmlChar xmlSecHrefEcdsaSha384[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";;
+
+const xmlChar xmlSecNameEcdsaSha512[] = "ecdsa-sha512";
+const xmlChar xmlSecHrefEcdsaSha512[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";;
+
/*************************************************************************
*
* EncryptedKey
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
