2 * XML Security Library (http://www.aleksey.com/xmlsec).
4 * "XML Digital Signature" implementation
5 * http://www.w3.org/TR/xmldsig-core/
6 * http://www.w3.org/Signature/Overview.html
8 * This is free software; see Copyright file in the source
9 * distribution for preciese wording.
11 * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
13 #ifndef __XMLSEC_XMLDSIG_H__
14 #define __XMLSEC_XMLDSIG_H__
16 #ifndef XMLSEC_NO_XMLDSIG
20 #endif /* __cplusplus */
22 #include <libxml/tree.h>
23 #include <libxml/parser.h>
26 #include <xmlsec/xmlsec.h>
27 #include <xmlsec/list.h>
28 #include <xmlsec/buffer.h>
29 #include <xmlsec/keys.h>
30 #include <xmlsec/keysmngr.h>
31 #include <xmlsec/keyinfo.h>
32 #include <xmlsec/transforms.h>
34 typedef struct _xmlSecDSigReferenceCtx xmlSecDSigReferenceCtx,
35 *xmlSecDSigReferenceCtxPtr;
39 * @xmlSecDSigStatusUnknown: the status is unknow.
40 * @xmlSecDSigStatusSucceeded: the processing succeeded.
41 * @xmlSecDSigStatusInvalid: the processing failed.
43 * XML Digital signature processing status.
46 xmlSecDSigStatusUnknown = 0,
47 xmlSecDSigStatusSucceeded,
48 xmlSecDSigStatusInvalid
51 /**************************************************************************
55 *************************************************************************/
58 * XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS:
60 * If this flag is set then <dsig:Manifests/> nodes will not be processed.
62 #define XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS 0x00000001
65 * XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES:
67 * If this flag is set then pre-digest buffer for <dsig:Reference/> child
68 * of <dsig:KeyInfo/> element will be stored in #xmlSecDSigCtx.
70 #define XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES 0x00000002
73 * XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES:
75 * If this flag is set then pre-digest buffer for <dsig:Reference/> child
76 * of <dsig:Manifest/> element will be stored in #xmlSecDSigCtx.
78 #define XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES 0x00000004
81 * XMLSEC_DSIG_FLAGS_STORE_SIGNATURE:
83 * If this flag is set then pre-signature buffer for <dsig:SignedInfo/>
84 * element processing will be stored in #xmlSecDSigCtx.
86 #define XMLSEC_DSIG_FLAGS_STORE_SIGNATURE 0x00000008
89 * XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK:
91 * If this flag is set then URI ID references are resolved directly
92 * without using XPointers. This allows one to sign/verify Visa3D
93 * documents that don't follow XML, XPointer and XML DSig specifications.
95 #define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK 0x00000010
99 * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries
100 * never touches this).
101 * @flags: the XML Digital Signature processing flags.
102 * @flags2: the XML Digital Signature processing flags.
103 * @keyInfoReadCtx: the reading key context.
104 * @keyInfoWriteCtx: the writing key context (not used for signature verification).
105 * @transformCtx: the <dsig:SignedInfo/> node processing context.
106 * @enabledReferenceUris: the URI types allowed for <dsig:Reference/> node.
107 * @enabledReferenceTransforms: the list of transforms allowed in <dsig:Reference/> node.
108 * @referencePreExecuteCallback:the callback for <dsig:Reference/> node processing.
109 * @defSignMethodId: the default signing method klass.
110 * @defC14NMethodId: the default c14n method klass.
111 * @defDigestMethodId: the default digest method klass.
112 * @signKey: the signature key; application may set #signKey
113 * before calling #xmlSecDSigCtxSign or #xmlSecDSigCtxVerify
115 * @operation: the operation: sign or verify.
116 * @result: the pointer to signature (not valid for signature verificaction).
117 * @status: the <dsig:Signatuire/> procesisng status.
118 * @signMethod: the pointer to signature transform.
119 * @c14nMethod: the pointer to c14n transform.
120 * @preSignMemBufMethod: the pointer to binary buffer right before signature
121 * (valid only if #XMLSEC_DSIG_FLAGS_STORE_SIGNATURE flag is set).
122 * @signValueNode: the pointer to <dsig:SignatureValue/> node.
123 * @id: the pointer to Id attribute of <dsig:Signature/> node.
124 * @signedInfoReferences: the list of references in <dsig:SignedInfo/> node.
125 * @manifestReferences: the list of references in <dsig:Manifest/> nodes.
126 * @reserved0: reserved for the future.
127 * @reserved1: reserved for the future.
129 * XML DSig processing context.
131 struct _xmlSecDSigCtx {
132 /* these data user can set before performing the operation */
136 xmlSecKeyInfoCtx keyInfoReadCtx;
137 xmlSecKeyInfoCtx keyInfoWriteCtx;
138 xmlSecTransformCtx transformCtx;
139 xmlSecTransformUriType enabledReferenceUris;
140 xmlSecPtrListPtr enabledReferenceTransforms;
141 xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback;
142 xmlSecTransformId defSignMethodId;
143 xmlSecTransformId defC14NMethodId;
144 xmlSecTransformId defDigestMethodId;
146 /* these data are returned */
147 xmlSecKeyPtr signKey;
148 xmlSecTransformOperation operation;
149 xmlSecBufferPtr result;
150 xmlSecDSigStatus status;
151 xmlSecTransformPtr signMethod;
152 xmlSecTransformPtr c14nMethod;
153 xmlSecTransformPtr preSignMemBufMethod;
154 xmlNodePtr signValueNode;
156 xmlSecPtrList signedInfoReferences;
157 xmlSecPtrList manifestReferences;
159 /* reserved for future */
164 /* constructor/destructor */
165 XMLSEC_EXPORT xmlSecDSigCtxPtr xmlSecDSigCtxCreate (xmlSecKeysMngrPtr keysMngr);
166 XMLSEC_EXPORT void xmlSecDSigCtxDestroy (xmlSecDSigCtxPtr dsigCtx);
167 XMLSEC_EXPORT int xmlSecDSigCtxInitialize (xmlSecDSigCtxPtr dsigCtx,
168 xmlSecKeysMngrPtr keysMngr);
169 XMLSEC_EXPORT void xmlSecDSigCtxFinalize (xmlSecDSigCtxPtr dsigCtx);
170 XMLSEC_EXPORT int xmlSecDSigCtxSign (xmlSecDSigCtxPtr dsigCtx,
172 XMLSEC_EXPORT int xmlSecDSigCtxVerify (xmlSecDSigCtxPtr dsigCtx,
174 XMLSEC_EXPORT int xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx,
175 xmlSecTransformId transformId);
176 XMLSEC_EXPORT int xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx,
177 xmlSecTransformId transformId);
178 XMLSEC_EXPORT xmlSecBufferPtr xmlSecDSigCtxGetPreSignBuffer (xmlSecDSigCtxPtr dsigCtx);
179 XMLSEC_EXPORT void xmlSecDSigCtxDebugDump (xmlSecDSigCtxPtr dsigCtx,
181 XMLSEC_EXPORT void xmlSecDSigCtxDebugXmlDump (xmlSecDSigCtxPtr dsigCtx,
185 /**************************************************************************
187 * xmlSecDSigReferenceCtx
189 *************************************************************************/
191 * xmlSecDSigReferenceOrigin:
192 * @xmlSecDSigReferenceOriginSignedInfo:reference in <dsig:SignedInfo> node.
193 * @xmlSecDSigReferenceOriginManifest: reference <dsig:Manifest> node.
195 * The possible <dsig:Reference/> node locations: in the <dsig:SignedInfo/>
196 * node or in the <dsig:Manifest/> node.
199 xmlSecDSigReferenceOriginSignedInfo,
200 xmlSecDSigReferenceOriginManifest
201 } xmlSecDSigReferenceOrigin;
204 * xmlSecDSigReferenceCtx:
205 * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries
206 * never touches this).
207 * @dsigCtx: the pointer to "parent" <dsig:Signature/> processing context.
208 * @origin: the signature origin (<dsig:SignedInfo/> or <dsig:Manifest/>).
209 * @transformCtx: the reference processing transforms context.
210 * @digestMethod: the pointer to digest transform.
211 * @result: the pointer to digest result.
212 * @status: the reference processing status.
213 * @preDigestMemBufMethod: the pointer to binary buffer right before digest
214 * (valid only if either
215 * #XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or
216 * #XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flags are set).
217 * @id: the <dsig:Reference/> node ID attribute.
218 * @uri: the <dsig:Reference/> node URI attribute.
219 * @type: the <dsig:Reference/> node Type attribute.
220 * @reserved0: reserved for the future.
221 * @reserved1: reserved for the future.
223 * The <dsig:Reference/> processing context.
225 struct _xmlSecDSigReferenceCtx {
227 xmlSecDSigCtxPtr dsigCtx;
228 xmlSecDSigReferenceOrigin origin;
229 xmlSecTransformCtx transformCtx;
230 xmlSecTransformPtr digestMethod;
232 xmlSecBufferPtr result;
233 xmlSecDSigStatus status;
234 xmlSecTransformPtr preDigestMemBufMethod;
239 /* reserved for future */
244 XMLSEC_EXPORT xmlSecDSigReferenceCtxPtr xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx,
245 xmlSecDSigReferenceOrigin origin);
246 XMLSEC_EXPORT void xmlSecDSigReferenceCtxDestroy (xmlSecDSigReferenceCtxPtr dsigRefCtx);
247 XMLSEC_EXPORT int xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx,
248 xmlSecDSigCtxPtr dsigCtx,
249 xmlSecDSigReferenceOrigin origin);
250 XMLSEC_EXPORT void xmlSecDSigReferenceCtxFinalize (xmlSecDSigReferenceCtxPtr dsigRefCtx);
251 XMLSEC_EXPORT int xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx,
253 XMLSEC_EXPORT xmlSecBufferPtr xmlSecDSigReferenceCtxGetPreDigestBuffer
254 (xmlSecDSigReferenceCtxPtr dsigRefCtx);
255 XMLSEC_EXPORT void xmlSecDSigReferenceCtxDebugDump (xmlSecDSigReferenceCtxPtr dsigRefCtx,
257 XMLSEC_EXPORT void xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx,
260 /**************************************************************************
262 * xmlSecDSigReferenceCtxListKlass
264 *************************************************************************/
266 * xmlSecDSigReferenceCtxListId:
268 * The references list klass.
270 #define xmlSecDSigReferenceCtxListId \
271 xmlSecDSigReferenceCtxListGetKlass()
272 XMLSEC_EXPORT xmlSecPtrListId xmlSecDSigReferenceCtxListGetKlass(void);
276 #endif /* __cplusplus */
278 #endif /* XMLSEC_NO_XMLDSIG */
280 #endif /* __XMLSEC_XMLDSIG_H__ */