Hi! I have tried to make xmlsec working with GOST crypto algorithms but noticied that they are not working in the mscrypto backend due to some reasons.
I have attached the patch to correct this situation. Also, it provides support for the russian Crypto Pro CSP besides Cryptocom's Mag Pro currently existing in the library. -- With best regards, Dennis Prochko
diff -ruwN libxmlsec1-orig/include/xmlsec/base64.h libxmlsec1-gost/include/xmlsec/base64.h --- libxmlsec1-orig/include/xmlsec/base64.h Tue Dec 23 15:25:38 2008 +++ libxmlsec1-gost/include/xmlsec/base64.h Fri Dec 26 12:05:03 2008 @@ -25,7 +25,12 @@ * * The default maximum base64 encoded line size. */ -#define XMLSEC_BASE64_LINESIZE 64 +// http://tools.ietf.org/html/rfc3548#section-2.1 +// Implementations MUST NOT not add line feeds to base encoded data +// unless the specification referring to this document explicitly +// directs base encoders to add line feeds after a specific number of +// characters. +#define XMLSEC_BASE64_LINESIZE 0xFFFFFFFF /** * Base64 Context diff -ruwN libxmlsec1-orig/src/mscrypto/certkeys.c libxmlsec1-gost/src/mscrypto/certkeys.c --- libxmlsec1-orig/src/mscrypto/certkeys.c Tue Dec 23 15:25:14 2008 +++ libxmlsec1-gost/src/mscrypto/certkeys.c Tue Dec 30 17:00:39 2008 @@ -34,6 +34,11 @@ # include "xmlsec-mingw.h" #endif +// GOST CSP don't support keys duplicating, so we use NT4 analogs for these... +#ifndef XMLSEC_NO_GOST +#define XMLSEC_MSCRYPTO_NT4 +#endif + #define XMLSEC_CONTAINER_NAME "xmlsec-key-container" /************************************************************************** @@ -828,7 +833,9 @@ #endif /* XMLSEC_NO_DSA */ #ifndef XMLSEC_NO_GOST - if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) || !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001)) { + if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) || + !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001) || + !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) { data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -2490,8 +2497,8 @@ xmlSecNameGOST2001KeyValue, xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, /* xmlSecKeyDataUsage usage; */ - /*xmlSecHrefGOST2001KeyValue*/NULL, /* const xmlChar* href; */ - /*xmlSecNodeGOST2001KeyValue*/NULL, /* const xmlChar* dataNodeName; */ + xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */ + xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ /* constructors/destructor */ @@ -2544,9 +2551,25 @@ ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); + /* GOST Algorithm is provided by several CSP's, so we try to find any installed */ + HCRYPTPROV tmp_ctx = NULL; + if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { ctx->providerName = "MagPro CSP"; ctx->providerType = PROV_MAGPRO_GOST; - + } else { + if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_CRYPTOPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { + ctx->providerName = "CryptoPro CSP"; + ctx->providerType = PROV_CRYPTOPRO_GOST; + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoKeyDataGost2001Initialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return -1; + } + } + CryptReleaseContext(tmp_ctx, 0); return(0); } diff -ruwN libxmlsec1-orig/src/mscrypto/csp_calg.h libxmlsec1-gost/src/mscrypto/csp_calg.h --- libxmlsec1-orig/src/mscrypto/csp_calg.h Tue Dec 23 15:25:14 2008 +++ libxmlsec1-gost/src/mscrypto/csp_calg.h Tue Dec 30 15:26:29 2008 @@ -73,8 +73,9 @@ * @{ */ - #define PROV_MAGPRO_GOST 501 + +#define PROV_CRYPTOPRO_GOST 75 /*! @} */ /*! \defgroup PP_MAGPRO PP_MAGPRO diff -ruwN libxmlsec1-orig/src/mscrypto/digests.c libxmlsec1-gost/src/mscrypto/digests.c --- libxmlsec1-orig/src/mscrypto/digests.c Tue Dec 23 15:25:14 2008 +++ libxmlsec1-gost/src/mscrypto/digests.c Tue Dec 30 15:18:25 2008 @@ -101,6 +101,7 @@ /* TODO: Check what provider is best suited here.... */ if (!CryptAcquireContext(&ctx->provider, NULL, 0, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT)) { + if (!CryptAcquireContext(&ctx->provider, NULL, 0, PROV_CRYPTOPRO_GOST, CRYPT_VERIFYCONTEXT)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, @@ -108,7 +109,7 @@ XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - + } return(0); } else #endif /* XMLSEC_NO_GOST*/ diff -ruwN libxmlsec1-orig/src/strings.c libxmlsec1-gost/src/strings.c --- libxmlsec1-orig/src/strings.c Tue Dec 23 15:25:18 2008 +++ libxmlsec1-gost/src/strings.c Fri Dec 26 12:08:19 2008 @@ -289,8 +289,8 @@ * ************************************************************************/ const xmlChar xmlSecNameGOST2001KeyValue[] = "gost2001"; -const xmlChar xmlSecNodeGOST2001KeyValue[] = "GOST3410-2001-KeyValue"; -const xmlChar xmlSecHrefGOST2001KeyValue[] = "http://www.w3.org/2000/09/xmldsig#GOST2001KeyValue";; +const xmlChar xmlSecNodeGOST2001KeyValue[] = "gostr34102001-gostr3411"; +const xmlChar xmlSecHrefGOST2001KeyValue[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";; const xmlChar xmlSecNameGost2001GostR3411_94[] = "gostr34102001-gostr3411"; const xmlChar xmlSecHrefGost2001GostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";; diff -ruwN libxmlsec1-orig/src/transforms.c libxmlsec1-gost/src/transforms.c --- libxmlsec1-orig/src/transforms.c Tue Dec 23 15:25:18 2008 +++ libxmlsec1-gost/src/transforms.c Wed Dec 24 13:10:44 2008 @@ -2521,7 +2521,6 @@ if(((usage & transformId->usage) != 0) && (transformId->href != NULL) && xmlStrEqual(href, transformId->href)) { - return(transformId); } }
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
