Skip to content

C
core
Kaydet (Commit) 71d02f5b authored tarafından Miklos Vajna's avatar Miklos Vajna
Dosyalara gözat
Seçenekler

xmlsecurity windows: implement ODF sign/verify with ECDSA keys 

By making it possible to use libxmlsec's mscng backend instead of the old
mscrypto one which lacks ECDSA support.

make -sr CppunitTest_xmlsecurity_signing SVL_CRYPTO_CNG=1 CPPUNIT_TEST_NAME="SigningTest::testECDSA"

passes with these changes, while it failed in the SVL_CRYPTO_CNG=1 case previously.

Change-Id: Ic23e5af11d271ed84175abe3d5ad008c7cc9e071
Reviewed-on: https://gerrit.libreoffice.org/56370Reviewed-by: 's avatarMiklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins
üst 364c828e
Hide whitespace changes
Inline Side-by-side
Showing with 184 additions and 44 deletions
xmlsecurity/Library_xsec_xmlsec.mk
Dosyayı görüntüle @ 71d02f5b
......@@ -92,6 +92,7 @@ $(eval $(call gb_Library_add_defs,xsec_xmlsec,\
$(eval $(call gb_Library_add_libs,xsec_xmlsec,\
$(call gb_UnpackedTarball_get_dir,xmlsec)/win32/binaries/libxmlsec-mscrypto.lib \
$(call gb_UnpackedTarball_get_dir,xmlsec)/win32/binaries/libxmlsec-mscng.lib \
$(call gb_UnpackedTarball_get_dir,xmlsec)/win32/binaries/libxmlsec.lib \
))
......
xmlsecurity/inc/xmlsec-wrapper.h
Dosyayı görüntüle @ 71d02f5b
......@@ -31,7 +31,6 @@
#include <xmlsec/base64.h>
#include <xmlsec/bn.h>
#include <xmlsec/crypto.h>
#include <xmlsec/errors.h>
#include <xmlsec/io.h>
#include <xmlsec/keysmngr.h>
......@@ -41,6 +40,8 @@
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#ifdef XMLSEC_CRYPTO_NSS
#include <xmlsec/nss/app.h>
#include <xmlsec/nss/crypto.h>
#include <xmlsec/nss/pkikeys.h>
#endif
......
xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx
Dosyayı görüntüle @ 71d02f5b
......@@ -27,6 +27,10 @@
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscrypto/keysstore.h>
#include <xmlsec/mscrypto/x509.h>
#include <xmlsec/mscng/crypto.h>
#include <xmlsec/mscng/keysstore.h>
#include <xmlsec/mscng/x509.h>
#include <svl/cryptosign.hxx>
namespace xmlsecurity
{
......@@ -43,7 +47,10 @@ xmlSecKeysMngrPtr MSCryptoAppliedKeysMngrCreate()
xmlSecKeysMngrPtr keyMngr = nullptr ;
xmlSecKeyStorePtr keyStore = nullptr ;
keyStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId) ;
if (!svl::crypto::isMSCng())
keyStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId) ;
else
keyStore = xmlSecKeyStoreCreate(xmlSecMSCngKeysStoreId);
if (keyStore == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
......@@ -95,16 +102,33 @@ xmlSecKeysMngrPtr MSCryptoAppliedKeysMngrCreate()
/*-
* Initialize crypto library specific data in keys manager
*/
if (xmlSecMSCryptoKeysMngrInit(keyMngr) < 0)
if (!svl::crypto::isMSCng())
{
xmlSecError(XMLSEC_ERRORS_HERE,
nullptr,
"xmlSecMSCryptoKeysMngrInit",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
xmlSecKeysMngrDestroy(keyMngr) ;
return nullptr ;
if (xmlSecMSCryptoKeysMngrInit(keyMngr) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
nullptr,
"xmlSecMSCryptoKeysMngrInit",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
xmlSecKeysMngrDestroy(keyMngr) ;
return nullptr ;
}
}
else
{
if (xmlSecMSCngKeysMngrInit(keyMngr) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
nullptr,
"xmlSecMSCngKeysMngrInit",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeysMngrDestroy(keyMngr);
return nullptr;
}
}
/*-
......@@ -133,7 +157,10 @@ MSCryptoAppliedKeysMngrAdoptKeyStore(
xmlSecAssert2(mngr != nullptr, -1) ;
xmlSecAssert2(keyStore != nullptr, -1) ;
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
if (!svl::crypto::isMSCng())
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
else
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
if (x509Store == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
......@@ -144,14 +171,29 @@ MSCryptoAppliedKeysMngrAdoptKeyStore(
return -1 ;
}
if (xmlSecMSCryptoX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
if (!svl::crypto::isMSCng())
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCryptoX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
return -1 ;
if (xmlSecMSCryptoX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCryptoX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
return -1 ;
}
}
else
{
if (xmlSecMSCngX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCngX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return -1;
}
}
return 0 ;
......@@ -168,7 +210,10 @@ MSCryptoAppliedKeysMngrAdoptTrustedStore(
xmlSecAssert2(mngr != nullptr, -1) ;
xmlSecAssert2(trustedStore != nullptr, -1) ;
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
if (!svl::crypto::isMSCng())
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
else
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
if (x509Store == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
......@@ -179,14 +224,29 @@ MSCryptoAppliedKeysMngrAdoptTrustedStore(
return -1 ;
}
if (xmlSecMSCryptoX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
if (!svl::crypto::isMSCng())
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCryptoX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
return -1 ;
if (xmlSecMSCryptoX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCryptoX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
return -1 ;
}
}
else
{
if (xmlSecMSCngX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCngX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return -1;
}
}
return 0 ;
......@@ -203,7 +263,10 @@ MSCryptoAppliedKeysMngrAdoptUntrustedStore(
xmlSecAssert2(mngr != nullptr, -1) ;
xmlSecAssert2(untrustedStore != nullptr, -1) ;
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
if (!svl::crypto::isMSCng())
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
else
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
if (x509Store == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
......@@ -214,14 +277,29 @@ MSCryptoAppliedKeysMngrAdoptUntrustedStore(
return -1 ;
}
if (xmlSecMSCryptoX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
if (!svl::crypto::isMSCng())
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCryptoX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
return -1 ;
if (xmlSecMSCryptoX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCryptoX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE) ;
return -1 ;
}
}
else
{
if (xmlSecMSCngX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
{
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
"xmlSecMSCngX509StoreAdoptKeyStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return -1;
}
}
return 0 ;
......
xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
Dosyayı görüntüle @ 71d02f5b
......@@ -1056,6 +1056,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hMySystemStore = nullptr;
throw uno::RuntimeException() ;
}
if (svl::crypto::isMSCng())
m_hMySystemStore = nullptr;
}
//Add system root store into the keys manager.
......@@ -1066,6 +1068,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hRootSystemStore = nullptr;
throw uno::RuntimeException() ;
}
if (svl::crypto::isMSCng())
m_hRootSystemStore = nullptr;
}
//Add system trusted store into the keys manager.
......@@ -1076,6 +1080,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hTrustSystemStore = nullptr;
throw uno::RuntimeException() ;
}
if (svl::crypto::isMSCng())
m_hTrustSystemStore = nullptr;
}
//Add system CA store into the keys manager.
......@@ -1086,6 +1092,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hCaSystemStore = nullptr;
throw uno::RuntimeException() ;
}
if (svl::crypto::isMSCng())
m_hCaSystemStore = nullptr;
}
}
......
xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
Dosyayı görüntüle @ 71d02f5b
......@@ -24,10 +24,12 @@
#include <xmlsec-wrapper.h>
#include <xmlsec/mscrypto/app.h>
#include <xmlsec/mscng/app.h>
#include <com/sun/star/xml/crypto/SecurityEnvironment.hpp>
#include <com/sun/star/xml/crypto/XMLSecurityContext.hpp>
#include <cppuhelper/supportsservice.hxx>
#include <o3tl/char16_t2wchar_t.hxx>
#include <svl/cryptosign.hxx>
using namespace com::sun::star;
namespace cssl = com::sun::star::lang;
......@@ -69,7 +71,10 @@ uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
n_hStoreHandle = nullptr ;
}
xmlSecMSCryptoAppInit( n_pCertStore ) ;
if (!svl::crypto::isMSCng())
xmlSecMSCryptoAppInit( n_pCertStore ) ;
else
xmlSecMSCngAppInit(n_pCertStore);
try {
/* Build Security Environment */
......@@ -85,7 +90,10 @@ uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
}
xmlSecMSCryptoAppShutdown() ;
if (!svl::crypto::isMSCng())
xmlSecMSCryptoAppShutdown() ;
else
xmlSecMSCngAppShutdown();
return nullptr;
}
......@@ -112,7 +120,10 @@ uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
}
xmlSecMSCryptoAppShutdown() ;
if (!svl::crypto::isMSCng())
xmlSecMSCryptoAppShutdown() ;
else
xmlSecMSCngAppShutdown();
return nullptr;
}
}
......@@ -143,7 +154,10 @@ void SAL_CALL SEInitializer_MSCryptImpl::freeSecurityContext( const uno::Referen
}
*/
xmlSecMSCryptoAppShutdown() ;
if (!svl::crypto::isMSCng())
xmlSecMSCryptoAppShutdown() ;
else
xmlSecMSCngAppShutdown();
}
/* XServiceInfo */
......
xmlsecurity/source/xmlsec/xmlsec_init.cxx
Dosyayı görüntüle @ 71d02f5b
......@@ -13,6 +13,13 @@
#include <xmlsec/xmlstreamio.hxx>
#include <xmlsec-wrapper.h>
#include <svl/cryptosign.hxx>
#ifdef XMLSEC_CRYPTO_MSCRYPTO
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscng/crypto.h>
#else
#include <xmlsec/nss/crypto.h>
#endif
using namespace css::uno;
......@@ -24,14 +31,38 @@ XSECXMLSEC_DLLPUBLIC void initXmlSec()
}
//Init xmlsec crypto engine library
if( xmlSecCryptoInit() < 0 ) {
xmlSecShutdown() ;
throw RuntimeException() ;
#ifdef XMLSEC_CRYPTO_MSCRYPTO
if (!svl::crypto::isMSCng())
{
if( xmlSecMSCryptoInit() < 0 ) {
xmlSecShutdown() ;
throw RuntimeException() ;
}
}
else
{
if( xmlSecMSCngInit() < 0 ) {
xmlSecShutdown();
throw RuntimeException();
}
}
#else
if( xmlSecNssInit() < 0 ) {
xmlSecShutdown();
throw RuntimeException();
}
#endif
//Enable external stream handlers
if( xmlEnableStreamInputCallbacks() < 0 ) {
xmlSecCryptoShutdown() ;
#ifdef XMLSEC_CRYPTO_MSCRYPTO
if (!svl::crypto::isMSCng())
xmlSecMSCryptoShutdown();
else
xmlSecMSCngShutdown();
#else
xmlSecNssShutdown();
#endif
xmlSecShutdown() ;
throw RuntimeException() ;
}
......@@ -40,7 +71,14 @@ XSECXMLSEC_DLLPUBLIC void initXmlSec()
XSECXMLSEC_DLLPUBLIC void deInitXmlSec()
{
xmlDisableStreamInputCallbacks();
xmlSecCryptoShutdown();
#ifdef XMLSEC_CRYPTO_MSCRYPTO
if (!svl::crypto::isMSCng())
xmlSecMSCryptoShutdown();
else
xmlSecMSCngShutdown();
#else
xmlSecNssShutdown();
#endif
xmlSecShutdown();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment