include/xmlsec/xmldsig.h

   1 /**
   2  * XML Security Library (http://www.aleksey.com/xmlsec).
   3  *
   4  * "XML Digital Signature" implementation
   5  *  http://www.w3.org/TR/xmldsig-core/
   6  *  http://www.w3.org/Signature/Overview.html
   7  *
   8  * This is free software; see Copyright file in the source
   9  * distribution for preciese wording.
  10  *
  11  * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
  12  */
  13 #ifndef __XMLSEC_XMLDSIG_H__
  14 #define __XMLSEC_XMLDSIG_H__
  15
  16 #ifndef XMLSEC_NO_XMLDSIG
  17
  18 #ifdef __cplusplus
  19 extern "C" {
  20 #endif /* __cplusplus */
  21
  22 #include <libxml/tree.h>
  23 #include <libxml/parser.h>
  24
  25
  26 #include <xmlsec/xmlsec.h>
  27 #include <xmlsec/list.h>
  28 #include <xmlsec/buffer.h>
  29 #include <xmlsec/keys.h>
  30 #include <xmlsec/keysmngr.h>
  31 #include <xmlsec/keyinfo.h>
  32 #include <xmlsec/transforms.h>
  33
  34 typedef struct _xmlSecDSigReferenceCtx          xmlSecDSigReferenceCtx,
  35                                                 *xmlSecDSigReferenceCtxPtr;
  36
  37 /**
  38  * xmlSecDSigStatus:
  39  * @xmlSecDSigStatusUnknown:    the status is unknow.
  40  * @xmlSecDSigStatusSucceeded:  the processing succeeded.
  41  * @xmlSecDSigStatusInvalid:    the processing failed.
  42  *
  43  * XML Digital signature processing status.
  44  */
  45 typedef enum {
  46     xmlSecDSigStatusUnknown = 0,
  47     xmlSecDSigStatusSucceeded,
  48     xmlSecDSigStatusInvalid
  49 } xmlSecDSigStatus;
  50
  51 /**************************************************************************
  52  *
  53  * xmlSecDSigCtx
  54  *
  55  *************************************************************************/
  56
  57 /**
  58  * XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS:
  59  *
  60  * If this flag is set then <dsig:Manifests/> nodes will not be processed.
  61  */
  62 #define XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS                      0x00000001
  63
  64 /**
  65  * XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES:
  66  *
  67  * If this flag is set then pre-digest buffer for <dsig:Reference/> child
  68  * of <dsig:KeyInfo/> element will be stored in #xmlSecDSigCtx.
  69  */
  70 #define XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES           0x00000002
  71
  72 /**
  73  * XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES:
  74  *
  75  * If this flag is set then pre-digest buffer for <dsig:Reference/> child
  76  * of <dsig:Manifest/> element will be stored in #xmlSecDSigCtx.
  77  */
  78 #define XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES             0x00000004
  79
  80 /**
  81  * XMLSEC_DSIG_FLAGS_STORE_SIGNATURE:
  82  *
  83  * If this flag is set then pre-signature buffer for <dsig:SignedInfo/>
  84  * element processing will be stored in #xmlSecDSigCtx.
  85  */
  86 #define XMLSEC_DSIG_FLAGS_STORE_SIGNATURE                       0x00000008
  87
  88 /**
  89  * XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK:
  90  *
  91  * If this flag is set then URI ID references are resolved directly
  92  * without using XPointers. This allows one to sign/verify Visa3D
  93  * documents that don't follow XML, XPointer and XML DSig specifications.
  94  */
  95 #define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK                       0x00000010
  96
  97 /**
  98  * xmlSecDSigCtx:
  99  * @userData:                   the pointer to user data (xmlsec and xmlsec-crypto libraries
 100  *                              never touches this).
 101  * @flags:                      the XML Digital Signature processing flags.
 102  * @flags2:                     the XML Digital Signature processing flags.
 103  * @keyInfoReadCtx:             the reading key context.
 104  * @keyInfoWriteCtx:            the writing key context (not used for signature verification).
 105  * @transformCtx:               the <dsig:SignedInfo/> node processing context.
 106  * @enabledReferenceUris:       the URI types allowed for <dsig:Reference/> node.
 107  * @enabledReferenceTransforms: the list of transforms allowed in <dsig:Reference/> node.
 108  * @referencePreExecuteCallback:the callback for <dsig:Reference/> node processing.
 109  * @defSignMethodId:            the default signing method klass.
 110  * @defC14NMethodId:            the default c14n method klass.
 111  * @defDigestMethodId:          the default digest method klass.
 112  * @signKey:                    the signature key; application may set #signKey
 113  *                              before calling #xmlSecDSigCtxSign or #xmlSecDSigCtxVerify
 114  *                              functions.
 115  * @operation:                  the operation: sign or verify.
 116  * @result:                     the pointer to signature (not valid for signature verificaction).
 117  * @status:                     the <dsig:Signatuire/> procesisng status.
 118  * @signMethod:                 the pointer to signature transform.
 119  * @c14nMethod:                 the pointer to c14n transform.
 120  * @preSignMemBufMethod:        the pointer to binary buffer right before signature
 121  *                              (valid only if #XMLSEC_DSIG_FLAGS_STORE_SIGNATURE flag is set).
 122  * @signValueNode:              the pointer to <dsig:SignatureValue/> node.
 123  * @id:                         the pointer to Id attribute of <dsig:Signature/> node.
 124  * @signedInfoReferences:       the list of references in <dsig:SignedInfo/> node.
 125  * @manifestReferences:         the list of references in <dsig:Manifest/> nodes.
 126  * @reserved0:                  reserved for the future.
 127  * @reserved1:                  reserved for the future.
 128  *
 129  * XML DSig processing context.
 130  */
 131 struct _xmlSecDSigCtx {
 132     /* these data user can set before performing the operation */
 133     void*                       userData;
 134     unsigned int                flags;
 135     unsigned int                flags2;
 136     xmlSecKeyInfoCtx            keyInfoReadCtx;
 137     xmlSecKeyInfoCtx            keyInfoWriteCtx;
 138     xmlSecTransformCtx          transformCtx;
 139     xmlSecTransformUriType      enabledReferenceUris;
 140     xmlSecPtrListPtr            enabledReferenceTransforms;
 141     xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback;
 142     xmlSecTransformId           defSignMethodId;
 143     xmlSecTransformId           defC14NMethodId;
 144     xmlSecTransformId           defDigestMethodId;
 145
 146     /* these data are returned */
 147     xmlSecKeyPtr                signKey;
 148     xmlSecTransformOperation    operation;
 149     xmlSecBufferPtr             result;
 150     xmlSecDSigStatus            status;
 151     xmlSecTransformPtr          signMethod;
 152     xmlSecTransformPtr          c14nMethod;
 153     xmlSecTransformPtr          preSignMemBufMethod;
 154     xmlNodePtr                  signValueNode;
 155     xmlChar*                    id;
 156     xmlSecPtrList               signedInfoReferences;
 157     xmlSecPtrList               manifestReferences;
 158
 159     /* reserved for future */
 160     void*                       reserved0;
 161     void*                       reserved1;
 162 };
 163
 164 /* constructor/destructor */
 165 XMLSEC_EXPORT xmlSecDSigCtxPtr  xmlSecDSigCtxCreate             (xmlSecKeysMngrPtr keysMngr);
 166 XMLSEC_EXPORT void              xmlSecDSigCtxDestroy            (xmlSecDSigCtxPtr dsigCtx);
 167 XMLSEC_EXPORT int               xmlSecDSigCtxInitialize         (xmlSecDSigCtxPtr dsigCtx,
 168                                                                  xmlSecKeysMngrPtr keysMngr);
 169 XMLSEC_EXPORT void              xmlSecDSigCtxFinalize           (xmlSecDSigCtxPtr dsigCtx);
 170 XMLSEC_EXPORT int               xmlSecDSigCtxSign               (xmlSecDSigCtxPtr dsigCtx,
 171                                                                  xmlNodePtr tmpl);
 172 XMLSEC_EXPORT int               xmlSecDSigCtxVerify             (xmlSecDSigCtxPtr dsigCtx,
 173                                                                  xmlNodePtr node);
 174 XMLSEC_EXPORT int               xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx,
 175                                                                 xmlSecTransformId transformId);
 176 XMLSEC_EXPORT int               xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx,
 177                                                                 xmlSecTransformId transformId);
 178 XMLSEC_EXPORT xmlSecBufferPtr   xmlSecDSigCtxGetPreSignBuffer   (xmlSecDSigCtxPtr dsigCtx);
 179 XMLSEC_EXPORT void              xmlSecDSigCtxDebugDump          (xmlSecDSigCtxPtr dsigCtx,
 180                                                                  FILE* output);
 181 XMLSEC_EXPORT void              xmlSecDSigCtxDebugXmlDump       (xmlSecDSigCtxPtr dsigCtx,
 182                                                                  FILE* output);
 183
 184
 185 /**************************************************************************
 186  *
 187  * xmlSecDSigReferenceCtx
 188  *
 189  *************************************************************************/
 190 /**
 191  * xmlSecDSigReferenceOrigin:
 192  * @xmlSecDSigReferenceOriginSignedInfo:reference in <dsig:SignedInfo> node.
 193  * @xmlSecDSigReferenceOriginManifest:  reference <dsig:Manifest> node.
 194  *
 195  * The possible <dsig:Reference/> node locations: in the <dsig:SignedInfo/>
 196  * node or in the <dsig:Manifest/> node.
 197  */
 198 typedef enum  {
 199     xmlSecDSigReferenceOriginSignedInfo,
 200     xmlSecDSigReferenceOriginManifest
 201 } xmlSecDSigReferenceOrigin;
 202
 203 /**
 204  * xmlSecDSigReferenceCtx:
 205  * @userData:                   the pointer to user data (xmlsec and xmlsec-crypto libraries
 206  *                              never touches this).
 207  * @dsigCtx:                    the pointer to "parent" <dsig:Signature/> processing context.
 208  * @origin:                     the signature origin (<dsig:SignedInfo/> or <dsig:Manifest/>).
 209  * @transformCtx:               the reference processing transforms context.
 210  * @digestMethod:               the pointer to digest transform.
 211  * @result:                     the pointer to digest result.
 212  * @status:                     the reference processing status.
 213  * @preDigestMemBufMethod:      the pointer to binary buffer right before digest
 214  *                              (valid only if either
 215  *                              #XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or
 216  *                              #XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flags are set).
 217  * @id:                         the <dsig:Reference/> node ID attribute.
 218  * @uri:                        the <dsig:Reference/> node URI attribute.
 219  * @type:                       the <dsig:Reference/> node Type attribute.
 220  * @reserved0:                  reserved for the future.
 221  * @reserved1:                  reserved for the future.
 222  *
 223  * The <dsig:Reference/> processing context.
 224  */
 225 struct _xmlSecDSigReferenceCtx {
 226     void*                       userData;
 227     xmlSecDSigCtxPtr            dsigCtx;
 228     xmlSecDSigReferenceOrigin   origin;
 229     xmlSecTransformCtx          transformCtx;
 230     xmlSecTransformPtr          digestMethod;
 231
 232     xmlSecBufferPtr             result;
 233     xmlSecDSigStatus            status;
 234     xmlSecTransformPtr          preDigestMemBufMethod;
 235     xmlChar*                    id;
 236     xmlChar*                    uri;
 237     xmlChar*                    type;
 238
 239      /* reserved for future */
 240     void*                       reserved0;
 241     void*                       reserved1;
 242 };
 243
 244 XMLSEC_EXPORT xmlSecDSigReferenceCtxPtr xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx,
 245                                                                 xmlSecDSigReferenceOrigin origin);
 246 XMLSEC_EXPORT void              xmlSecDSigReferenceCtxDestroy   (xmlSecDSigReferenceCtxPtr dsigRefCtx);
 247 XMLSEC_EXPORT int               xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx,
 248                                                                 xmlSecDSigCtxPtr dsigCtx,
 249                                                                 xmlSecDSigReferenceOrigin origin);
 250 XMLSEC_EXPORT void              xmlSecDSigReferenceCtxFinalize  (xmlSecDSigReferenceCtxPtr dsigRefCtx);
 251 XMLSEC_EXPORT int               xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx,
 252                                                                   xmlNodePtr node);
 253 XMLSEC_EXPORT xmlSecBufferPtr   xmlSecDSigReferenceCtxGetPreDigestBuffer
 254                                                                 (xmlSecDSigReferenceCtxPtr dsigRefCtx);
 255 XMLSEC_EXPORT void              xmlSecDSigReferenceCtxDebugDump (xmlSecDSigReferenceCtxPtr dsigRefCtx,
 256                                                                  FILE* output);
 257 XMLSEC_EXPORT void              xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx,
 258                                                                  FILE* output);
 259
 260 /**************************************************************************
 261  *
 262  * xmlSecDSigReferenceCtxListKlass
 263  *
 264  *************************************************************************/
 265 /**
 266  * xmlSecDSigReferenceCtxListId:
 267  *
 268  * The references list klass.
 269  */
 270 #define xmlSecDSigReferenceCtxListId \
 271         xmlSecDSigReferenceCtxListGetKlass()
 272 XMLSEC_EXPORT xmlSecPtrListId   xmlSecDSigReferenceCtxListGetKlass(void);
 273
 274 #ifdef __cplusplus
 275 }
 276 #endif /* __cplusplus */
 277
 278 #endif /* XMLSEC_NO_XMLDSIG */
 279
 280 #endif /* __XMLSEC_XMLDSIG_H__ */
 281