|
1 /** |
|
2 * XML Security Library (http://www.aleksey.com/xmlsec). |
|
3 * |
|
4 * "XML Digital Signature" implementation |
|
5 * http://www.w3.org/TR/xmldsig-core/ |
|
6 * http://www.w3.org/Signature/Overview.html |
|
7 * |
|
8 * This is free software; see Copyright file in the source |
|
9 * distribution for preciese wording. |
|
10 * |
|
11 * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> |
|
12 * Portion Copyright © 2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. |
|
13 */ |
|
14 #ifndef __XMLSEC_XMLDSIG_H__ |
|
15 #define __XMLSEC_XMLDSIG_H__ |
|
16 #include "xmlsec_config.h" |
|
17 #ifndef XMLSEC_NO_XMLDSIG |
|
18 |
|
19 #ifdef __cplusplus |
|
20 extern "C" { |
|
21 #endif /* __cplusplus */ |
|
22 |
|
23 #include <libxml2_tree.h> |
|
24 #include <libxml2_parser.h> |
|
25 |
|
26 #include "xmlsec_xmlsec.h" |
|
27 #include "xmlsec_list.h" |
|
28 #include "xmlsec_buffer.h" |
|
29 #include "xmlsec_keys.h" |
|
30 #include "xmlsec_keysmngr.h" |
|
31 #include "xmlsec_keyinfo.h" |
|
32 #include "xmlsec_transforms.h" |
|
33 |
|
34 typedef struct _xmlSecDSigReferenceCtx xmlSecDSigReferenceCtx, |
|
35 *xmlSecDSigReferenceCtxPtr; |
|
36 |
|
37 /** |
|
38 * xmlSecDSigStatus: |
|
39 * @xmlSecDSigStatusUnknown: the status is unknow. |
|
40 * @xmlSecDSigStatusSucceeded: the processing succeeded. |
|
41 * @xmlSecDSigStatusInvalid: the processing failed. |
|
42 * |
|
43 * XML Digital signature processing status. |
|
44 */ |
|
45 typedef enum { |
|
46 xmlSecDSigStatusUnknown = 0, |
|
47 xmlSecDSigStatusSucceeded, |
|
48 xmlSecDSigStatusInvalid |
|
49 } xmlSecDSigStatus; |
|
50 |
|
51 /************************************************************************** |
|
52 * |
|
53 * xmlSecDSigCtx |
|
54 * |
|
55 *************************************************************************/ |
|
56 |
|
57 /** |
|
58 * XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS: |
|
59 * |
|
60 * If this flag is set then <dsig:Manifests/> nodes will not be processed. |
|
61 */ |
|
62 #define XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS 0x00000001 |
|
63 |
|
64 /** |
|
65 * XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES: |
|
66 * |
|
67 * If this flag is set then pre-digest buffer for <dsig:Reference/> child |
|
68 * of <dsig:KeyInfo/> element will be stored in #xmlSecDSigCtx. |
|
69 */ |
|
70 #define XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES 0x00000002 |
|
71 |
|
72 /** |
|
73 * XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES: |
|
74 * |
|
75 * If this flag is set then pre-digest buffer for <dsig:Reference/> child |
|
76 * of <dsig:Manifest/> element will be stored in #xmlSecDSigCtx. |
|
77 */ |
|
78 #define XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES 0x00000004 |
|
79 |
|
80 /** |
|
81 * XMLSEC_DSIG_FLAGS_STORE_SIGNATURE: |
|
82 * |
|
83 * If this flag is set then pre-signature buffer for <dsig:SignedInfo/> |
|
84 * element processing will be stored in #xmlSecDSigCtx. |
|
85 */ |
|
86 #define XMLSEC_DSIG_FLAGS_STORE_SIGNATURE 0x00000008 |
|
87 |
|
88 /** |
|
89 * XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK: |
|
90 * |
|
91 * If this flag is set then URI ID references are resolved directly |
|
92 * without using XPointers. This allows one to sign/verify Visa3D |
|
93 * documents that don't follow XML, XPointer and XML DSig specifications. |
|
94 */ |
|
95 #define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK 0x00000010 |
|
96 |
|
97 /** |
|
98 * xmlSecDSigCtx: |
|
99 * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries |
|
100 * never touches this). |
|
101 * @flags: the XML Digital Signature processing flags. |
|
102 * @flags2: the XML Digital Signature processing flags. |
|
103 * @keyInfoReadCtx: the reading key context. |
|
104 * @keyInfoWriteCtx: the writing key context (not used for signature verification). |
|
105 * @transformCtx: the <dsig:SignedInfo/> node processing context. |
|
106 * @enabledReferenceUris: the URI types allowed for <dsig:Reference/> node. |
|
107 * @enabledReferenceTransforms: the list of transforms allowed in <dsig:Reference/> node. |
|
108 * @referencePreExecuteCallback:the callback for <dsig:Reference/> node processing. |
|
109 * @defSignMethodId: the default signing method klass. |
|
110 * @defC14NMethodId: the default c14n method klass. |
|
111 * @defDigestMethodId: the default digest method klass. |
|
112 * @signKey: the signature key; application may set #signKey |
|
113 * before calling #xmlSecDSigCtxSign or #xmlSecDSigCtxVerify |
|
114 * functions. |
|
115 * @operation: the operation: sign or verify. |
|
116 * @result: the pointer to signature (not valid for signature verificaction). |
|
117 * @status: the <dsig:Signatuire/> procesisng status. |
|
118 * @signMethod: the pointer to signature transform. |
|
119 * @c14nMethod: the pointer to c14n transform. |
|
120 * @preSignMemBufMethod: the pointer to binary buffer right before signature |
|
121 * (valid only if #XMLSEC_DSIG_FLAGS_STORE_SIGNATURE flag is set). |
|
122 * @signValueNode: the pointer to <dsig:SignatureValue/> node. |
|
123 * @id: the pointer to Id attribute of <dsig:Signature/> node. |
|
124 * @signedInfoReferences: the list of references in <dsig:SignedInfo/> node. |
|
125 * @manifestReferences: the list of references in <dsig:Manifest/> nodes. |
|
126 * @reserved0: reserved for the future. |
|
127 * @reserved1: reserved for the future. |
|
128 * |
|
129 * XML DSig processing context. |
|
130 */ |
|
131 struct _xmlSecDSigCtx { |
|
132 /* these data user can set before performing the operation */ |
|
133 void* userData; |
|
134 unsigned int flags; |
|
135 unsigned int flags2; |
|
136 xmlSecKeyInfoCtx keyInfoReadCtx; |
|
137 xmlSecKeyInfoCtx keyInfoWriteCtx; |
|
138 xmlSecTransformCtx transformCtx; |
|
139 xmlSecTransformUriType enabledReferenceUris; |
|
140 xmlSecPtrListPtr enabledReferenceTransforms; |
|
141 xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback; |
|
142 xmlSecTransformId defSignMethodId; |
|
143 xmlSecTransformId defC14NMethodId; |
|
144 xmlSecTransformId defDigestMethodId; |
|
145 |
|
146 /* these data are returned */ |
|
147 xmlSecKeyPtr signKey; |
|
148 xmlSecTransformOperation operation; |
|
149 xmlSecBufferPtr result; |
|
150 xmlSecDSigStatus status; |
|
151 xmlSecTransformPtr signMethod; |
|
152 xmlSecTransformPtr c14nMethod; |
|
153 xmlSecTransformPtr preSignMemBufMethod; |
|
154 xmlNodePtr signValueNode; |
|
155 xmlChar* id; |
|
156 xmlSecPtrList signedInfoReferences; |
|
157 xmlSecPtrList manifestReferences; |
|
158 |
|
159 /* reserved for future */ |
|
160 void* reserved0; |
|
161 void* reserved1; |
|
162 }; |
|
163 |
|
164 /* constructor/destructor */ |
|
165 XMLSEC_EXPORT xmlSecDSigCtxPtr xmlSecDSigCtxCreate (xmlSecKeysMngrPtr keysMngr); |
|
166 XMLSEC_EXPORT void xmlSecDSigCtxDestroy (xmlSecDSigCtxPtr dsigCtx); |
|
167 XMLSEC_EXPORT int xmlSecDSigCtxInitialize (xmlSecDSigCtxPtr dsigCtx, |
|
168 xmlSecKeysMngrPtr keysMngr); |
|
169 XMLSEC_EXPORT void xmlSecDSigCtxFinalize (xmlSecDSigCtxPtr dsigCtx); |
|
170 XMLSEC_EXPORT int xmlSecDSigCtxSign (xmlSecDSigCtxPtr dsigCtx, |
|
171 xmlNodePtr tmpl); |
|
172 XMLSEC_EXPORT int xmlSecDSigCtxVerify (xmlSecDSigCtxPtr dsigCtx, |
|
173 xmlNodePtr node); |
|
174 XMLSEC_EXPORT int xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx, |
|
175 xmlSecTransformId transformId); |
|
176 XMLSEC_EXPORT int xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx, |
|
177 xmlSecTransformId transformId); |
|
178 XMLSEC_EXPORT xmlSecBufferPtr xmlSecDSigCtxGetPreSignBuffer (xmlSecDSigCtxPtr dsigCtx); |
|
179 XMLSEC_EXPORT void xmlSecDSigCtxDebugDump (xmlSecDSigCtxPtr dsigCtx, |
|
180 FILE* output); |
|
181 XMLSEC_EXPORT void xmlSecDSigCtxDebugXmlDump (xmlSecDSigCtxPtr dsigCtx, |
|
182 FILE* output); |
|
183 |
|
184 |
|
185 /************************************************************************** |
|
186 * |
|
187 * xmlSecDSigReferenceCtx |
|
188 * |
|
189 *************************************************************************/ |
|
190 /** |
|
191 * xmlSecDSigReferenceOrigin: |
|
192 * @xmlSecDSigReferenceOriginSignedInfo:reference in <dsig:SignedInfo> node. |
|
193 * @xmlSecDSigReferenceOriginManifest: reference <dsig:Manifest> node. |
|
194 * |
|
195 * The possible <dsig:Reference/> node locations: in the <dsig:SignedInfo/> |
|
196 * node or in the <dsig:Manifest/> node. |
|
197 */ |
|
198 typedef enum { |
|
199 xmlSecDSigReferenceOriginSignedInfo, |
|
200 xmlSecDSigReferenceOriginManifest |
|
201 } xmlSecDSigReferenceOrigin; |
|
202 |
|
203 /** |
|
204 * xmlSecDSigReferenceCtx: |
|
205 * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries |
|
206 * never touches this). |
|
207 * @dsigCtx: the pointer to "parent" <dsig:Signature/> processing context. |
|
208 * @origin: the signature origin (<dsig:SignedInfo/> or <dsig:Manifest/>). |
|
209 * @transformCtx: the reference processing transforms context. |
|
210 * @digestMethod: the pointer to digest transform. |
|
211 * @result: the pointer to digest result. |
|
212 * @status: the reference processing status. |
|
213 * @preDigestMemBufMethod: the pointer to binary buffer right before digest |
|
214 * (valid only if either |
|
215 * #XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or |
|
216 * #XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flags are set). |
|
217 * @id: the <dsig:Reference/> node ID attribute. |
|
218 * @uri: the <dsig:Reference/> node URI attribute. |
|
219 * @type: the <dsig:Reference/> node Type attribute. |
|
220 * @reserved0: reserved for the future. |
|
221 * @reserved1: reserved for the future. |
|
222 * |
|
223 * The <dsig:Reference/> processing context. |
|
224 */ |
|
225 struct _xmlSecDSigReferenceCtx { |
|
226 void* userData; |
|
227 xmlSecDSigCtxPtr dsigCtx; |
|
228 xmlSecDSigReferenceOrigin origin; |
|
229 xmlSecTransformCtx transformCtx; |
|
230 xmlSecTransformPtr digestMethod; |
|
231 |
|
232 xmlSecBufferPtr result; |
|
233 xmlSecDSigStatus status; |
|
234 xmlSecTransformPtr preDigestMemBufMethod; |
|
235 xmlChar* id; |
|
236 xmlChar* uri; |
|
237 xmlChar* type; |
|
238 |
|
239 /* reserved for future */ |
|
240 void* reserved0; |
|
241 void* reserved1; |
|
242 }; |
|
243 |
|
244 XMLSEC_EXPORT xmlSecDSigReferenceCtxPtr xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx, |
|
245 xmlSecDSigReferenceOrigin origin); |
|
246 XMLSEC_EXPORT void xmlSecDSigReferenceCtxDestroy (xmlSecDSigReferenceCtxPtr dsigRefCtx); |
|
247 XMLSEC_EXPORT int xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx, |
|
248 xmlSecDSigCtxPtr dsigCtx, |
|
249 xmlSecDSigReferenceOrigin origin); |
|
250 XMLSEC_EXPORT void xmlSecDSigReferenceCtxFinalize (xmlSecDSigReferenceCtxPtr dsigRefCtx); |
|
251 XMLSEC_EXPORT int xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, |
|
252 xmlNodePtr node); |
|
253 XMLSEC_EXPORT xmlSecBufferPtr xmlSecDSigReferenceCtxGetPreDigestBuffer |
|
254 (xmlSecDSigReferenceCtxPtr dsigRefCtx); |
|
255 XMLSEC_EXPORT void xmlSecDSigReferenceCtxDebugDump (xmlSecDSigReferenceCtxPtr dsigRefCtx, |
|
256 FILE* output); |
|
257 XMLSEC_EXPORT void xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, |
|
258 FILE* output); |
|
259 |
|
260 /************************************************************************** |
|
261 * |
|
262 * xmlSecDSigReferenceCtxListKlass |
|
263 * |
|
264 *************************************************************************/ |
|
265 /** |
|
266 * xmlSecDSigReferenceCtxListId: |
|
267 * |
|
268 * The references list klass. |
|
269 */ |
|
270 #define xmlSecDSigReferenceCtxListId \ |
|
271 xmlSecDSigReferenceCtxListGetKlass() |
|
272 XMLSEC_EXPORT xmlSecPtrListId xmlSecDSigReferenceCtxListGetKlass(void); |
|
273 |
|
274 #ifdef __cplusplus |
|
275 } |
|
276 #endif /* __cplusplus */ |
|
277 |
|
278 #endif /* XMLSEC_NO_XMLDSIG */ |
|
279 |
|
280 #endif /* __XMLSEC_XMLDSIG_H__ */ |
|
281 |