XML Security Library

LibXML2
LibXSLT
OpenSSL

xmldsig

Name

xmldsig -- 

Synopsis


enum        xmlSecDSigStatus;
#define     XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS
#define     XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES
#define     XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES
#define     XMLSEC_DSIG_FLAGS_STORE_SIGNATURE
#define     XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK
struct      xmlSecDSigCtx;
xmlSecDSigCtxPtr xmlSecDSigCtxCreate        (xmlSecKeysMngrPtr keysMngr);
void        xmlSecDSigCtxDestroy            (xmlSecDSigCtxPtr dsigCtx);
int         xmlSecDSigCtxInitialize         (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecKeysMngrPtr keysMngr);
void        xmlSecDSigCtxFinalize           (xmlSecDSigCtxPtr dsigCtx);
int         xmlSecDSigCtxSign               (xmlSecDSigCtxPtr dsigCtx,
                                             xmlNodePtr tmpl);
int         xmlSecDSigCtxVerify             (xmlSecDSigCtxPtr dsigCtx,
                                             xmlNodePtr node);
int         xmlSecDSigCtxEnableReferenceTransform
                                            (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecTransformId transformId);
int         xmlSecDSigCtxEnableSignatureTransform
                                            (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecTransformId transformId);
xmlSecBufferPtr xmlSecDSigCtxGetPreSignBuffer
                                            (xmlSecDSigCtxPtr dsigCtx);
void        xmlSecDSigCtxDebugDump          (xmlSecDSigCtxPtr dsigCtx,
                                             FILE *output);
void        xmlSecDSigCtxDebugXmlDump       (xmlSecDSigCtxPtr dsigCtx,
                                             FILE *output);
enum        xmlSecDSigReferenceOrigin;
struct      xmlSecDSigReferenceCtx;
xmlSecDSigReferenceCtxPtr xmlSecDSigReferenceCtxCreate
                                            (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecDSigReferenceOrigin origin);
void        xmlSecDSigReferenceCtxDestroy   (xmlSecDSigReferenceCtxPtr dsigRefCtx);
int         xmlSecDSigReferenceCtxInitialize
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecDSigReferenceOrigin origin);
void        xmlSecDSigReferenceCtxFinalize  (xmlSecDSigReferenceCtxPtr dsigRefCtx);
int         xmlSecDSigReferenceCtxProcessNode
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             xmlNodePtr node);
xmlSecBufferPtr xmlSecDSigReferenceCtxGetPreDigestBuffer
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx);
void        xmlSecDSigReferenceCtxDebugDump (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             FILE *output);
void        xmlSecDSigReferenceCtxDebugXmlDump
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             FILE *output);
#define     xmlSecDSigReferenceCtxListId
xmlSecPtrListId xmlSecDSigReferenceCtxListGetKlass
                                            (void);

Description

Details

enum xmlSecDSigStatus

typedef enum {
    xmlSecDSigStatusUnknown = 0,
    xmlSecDSigStatusSucceeded,
    xmlSecDSigStatusInvalid
} xmlSecDSigStatus;

XML Digital signature processing status.

xmlSecDSigStatusUnknown

the status is unknow.

xmlSecDSigStatusSucceeded

the processing succeeded.

xmlSecDSigStatusInvalid

the processing failed.


XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS

#define XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS			0x00000001

If this flag is set then <dsig:Manifests/> nodes will not be processed.


XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES

#define XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES		0x00000002

If this flag is set then pre-digest buffer for <dsig:Reference/> child of <dsig:KeyInfo/> element will be stored in xmlSecDSigCtx.


XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES

#define XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES		0x00000004

If this flag is set then pre-digest buffer for <dsig:Reference/> child of <dsig:Manifest/> element will be stored in xmlSecDSigCtx.


XMLSEC_DSIG_FLAGS_STORE_SIGNATURE

#define XMLSEC_DSIG_FLAGS_STORE_SIGNATURE			0x00000008

If this flag is set then pre-signature buffer for <dsig:SignedInfo/> element processing will be stored in xmlSecDSigCtx.


XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK

#define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK			0x00000010

If this flag is set then URI ID references are resolved directly without using XPointers. This allows one to sign/verify Visa3D documents that don't follow XML, XPointer and XML DSig specifications.


struct xmlSecDSigCtx

struct xmlSecDSigCtx {

    /* these data user can set before performing the operation */
    void*			userData;
    unsigned int		flags;
    unsigned int		flags2;
    xmlSecKeyInfoCtx		keyInfoReadCtx;
    xmlSecKeyInfoCtx		keyInfoWriteCtx;
    xmlSecTransformCtx		transformCtx;
    xmlSecTransformUriType	enabledReferenceUris;
    xmlSecPtrListPtr		enabledReferenceTransforms;
    xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback;
    xmlSecTransformId		defSignMethodId;
    xmlSecTransformId		defC14NMethodId;
    xmlSecTransformId		defDigestMethodId;
        
    /* these data are returned */
    xmlSecKeyPtr		signKey;
    xmlSecTransformOperation	operation;
    xmlSecBufferPtr		result;
    xmlSecDSigStatus		status;
    xmlSecTransformPtr		signMethod;
    xmlSecTransformPtr		c14nMethod;
    xmlSecTransformPtr		preSignMemBufMethod;
    xmlNodePtr			signValueNode;
    xmlChar*			id;    
    xmlSecPtrList    		signedInfoReferences;
    xmlSecPtrList		manifestReferences;

    /* reserved for future */
    void*			reserved0;
    void*			reserved1;    
};						

XML DSig processing context.

void *userData

the pointer to user data (xmlsec and xmlsec-crypto libraries never touches this).

unsigned int flags

the XML Digital Signature processing flags.

unsigned int flags2

the XML Digital Signature processing flags.

xmlSecKeyInfoCtx keyInfoReadCtx

the reading key context.

xmlSecKeyInfoCtx keyInfoWriteCtx

the writing key context (not used for signature verification).

xmlSecTransformCtx transformCtx

the <dsig:SignedInfo/> node processing context.

xmlSecTransformUriType enabledReferenceUris

the URI types allowed for <dsig:Reference/> node.

xmlSecPtrListPtr enabledReferenceTransforms

the list of transforms allowed in <dsig:Reference/> node.

xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback

the callback for <dsig:Reference/> node processing.

xmlSecTransformId defSignMethodId

the default signing method klass.

xmlSecTransformId defC14NMethodId

the default c14n method klass.

xmlSecTransformId defDigestMethodId

the default digest method klass.

xmlSecKeyPtr signKey

the signature key; application may set signKey before calling xmlSecDSigCtxSign or xmlSecDSigCtxVerify functions.

xmlSecTransformOperation operation

the operation: sign or verify.

xmlSecBufferPtr result

the pointer to signature (not valid for signature verificaction).

xmlSecDSigStatus status

the <dsig:Signatuire/> procesisng status.

xmlSecTransformPtr signMethod

the pointer to signature transform.

xmlSecTransformPtr c14nMethod

the pointer to c14n transform.

xmlSecTransformPtr preSignMemBufMethod

the pointer to binary buffer right before signature (valid only if XMLSEC_DSIG_FLAGS_STORE_SIGNATURE flag is set).

xmlNodePtr signValueNode

the pointer to <dsig:SignatureValue/> node.

xmlChar *id

the pointer to Id attribute of <dsig:Signature/> node.

xmlSecPtrList signedInfoReferences

the list of references in <dsig:SignedInfo/> node.

xmlSecPtrList manifestReferences

the list of references in <dsig:Manifest/> nodes.

void *reserved0

reserved for the future.

void *reserved1

reserved for the future.


xmlSecDSigCtxCreate ()

xmlSecDSigCtxPtr xmlSecDSigCtxCreate        (xmlSecKeysMngrPtr keysMngr);

Creates <dsig:Signature/> element processing context. The caller is responsible for destroying returend object by calling xmlSecDSigCtxDestroy function.

keysMngr :

the pointer to keys manager.

Returns :

pointer to newly allocated context object or NULL if an error occurs.


xmlSecDSigCtxDestroy ()

void        xmlSecDSigCtxDestroy            (xmlSecDSigCtxPtr dsigCtx);

Destroy context object created with xmlSecDSigCtxCreate function.

dsigCtx :

the pointer to <dsig:Signature/> processing context.


xmlSecDSigCtxInitialize ()

int         xmlSecDSigCtxInitialize         (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecKeysMngrPtr keysMngr);

Initializes <dsig:Signature/> element processing context. The caller is responsible for cleaing up returend object by calling xmlSecDSigCtxFinalize function.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

keysMngr :

the pointer to keys manager.

Returns :

0 on success or a negative value if an error occurs.


xmlSecDSigCtxFinalize ()

void        xmlSecDSigCtxFinalize           (xmlSecDSigCtxPtr dsigCtx);

Cleans up dsigCtx object initialized with xmlSecDSigCtxInitialize function.

dsigCtx :

the pointer to <dsig:Signature/> processing context.


xmlSecDSigCtxSign ()

int         xmlSecDSigCtxSign               (xmlSecDSigCtxPtr dsigCtx,
                                             xmlNodePtr tmpl);

Signs the data as described in tmpl node.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

tmpl :

the pointer to <dsig:Signature/> node with signature template.

Returns :

0 on success or a negative value if an error occurs.


xmlSecDSigCtxVerify ()

int         xmlSecDSigCtxVerify             (xmlSecDSigCtxPtr dsigCtx,
                                             xmlNodePtr node);

Vaidates signature in the node. The verification result is returned in status member of the dsigCtx object.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

node :

the pointer with <dsig:Signature/> node.

Returns :

0 on success (check status member of dsigCtx to get signature verification result) or a negative value if an error occurs.


xmlSecDSigCtxEnableReferenceTransform ()

int         xmlSecDSigCtxEnableReferenceTransform
                                            (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecTransformId transformId);

Enables transformId for <dsig:Reference/> elements processing.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

transformId :

the transform klass.

Returns :

0 on success or a negative value if an error occurs.


xmlSecDSigCtxEnableSignatureTransform ()

int         xmlSecDSigCtxEnableSignatureTransform
                                            (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecTransformId transformId);

Enables transformId for <dsig:SignedInfo/> element processing.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

transformId :

the transform klass.

Returns :

0 on success or a negative value if an error occurs.


xmlSecDSigCtxGetPreSignBuffer ()

xmlSecBufferPtr xmlSecDSigCtxGetPreSignBuffer
                                            (xmlSecDSigCtxPtr dsigCtx);

Gets pointer to the buffer with serialized <dsig:SignedInfo/> element just before signature claculation (valid if and only if XMLSEC_DSIG_FLAGS_STORE_SIGNATURE context flag is set.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

Returns :

0 on success or a negative value if an error occurs.


xmlSecDSigCtxDebugDump ()

void        xmlSecDSigCtxDebugDump          (xmlSecDSigCtxPtr dsigCtx,
                                             FILE *output);

Prints the debug information about dsigCtx to output.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

output :

the pointer to output FILE.


xmlSecDSigCtxDebugXmlDump ()

void        xmlSecDSigCtxDebugXmlDump       (xmlSecDSigCtxPtr dsigCtx,
                                             FILE *output);

Prints the debug information about dsigCtx to output in XML format.

dsigCtx :

the pointer to <dsig:Signature/> processing context.

output :

the pointer to output FILE.


enum xmlSecDSigReferenceOrigin

typedef enum  {
    xmlSecDSigReferenceOriginSignedInfo,
    xmlSecDSigReferenceOriginManifest
} xmlSecDSigReferenceOrigin;

The possible <dsig:Reference/> node locations: in the <dsig:SignedInfo/> node or in the <dsig:Manifest/> node.

xmlSecDSigReferenceOriginSignedInfo

reference in <dsig:SignedInfo> node.

xmlSecDSigReferenceOriginManifest

reference <dsig:Manifest> node.


struct xmlSecDSigReferenceCtx

struct xmlSecDSigReferenceCtx {

    void*			userData;
    xmlSecDSigCtxPtr		dsigCtx;
    xmlSecDSigReferenceOrigin	origin;
    xmlSecTransformCtx		transformCtx;
    xmlSecTransformPtr		digestMethod;

    xmlSecBufferPtr		result;
    xmlSecDSigStatus		status;
    xmlSecTransformPtr		preDigestMemBufMethod;
    xmlChar*			id;
    xmlChar*			uri;
    xmlChar*			type;
    
     /* reserved for future */
    void*			reserved0;
    void*			reserved1;    
};

The <dsig:Reference/> processing context.

void *userData

the pointer to user data (xmlsec and xmlsec-crypto libraries never touches this).

xmlSecDSigCtxPtr dsigCtx

the pointer to "parent" <dsig:Signature/> processing context.

xmlSecDSigReferenceOrigin origin

the signature origin (<dsig:SignedInfo/> or <dsig:Manifest/>).

xmlSecTransformCtx transformCtx

the reference processing transforms context.

xmlSecTransformPtr digestMethod

the pointer to digest transform.

xmlSecBufferPtr result

the pointer to digest result.

xmlSecDSigStatus status

the reference processing status.

xmlSecTransformPtr preDigestMemBufMethod

the pointer to binary buffer right before digest (valid only if either XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flags are set).

xmlChar *id

the <dsig:Reference/> node ID attribute.

xmlChar *uri

the <dsig:Reference/> node URI attribute.

xmlChar *type

the <dsig:Reference/> node Type attribute.

void *reserved0

reserved for the future.

void *reserved1

reserved for the future.


xmlSecDSigReferenceCtxCreate ()

xmlSecDSigReferenceCtxPtr xmlSecDSigReferenceCtxCreate
                                            (xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecDSigReferenceOrigin origin);

Creates new <dsig:Reference/> element processing context. Caller is responsible for destroying the returned context by calling xmlSecDSigReferenceCtxDestroy function.

dsigCtx :

the pointer to parent <dsig:Signature/> node processing context.

origin :

the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).

Returns :

pointer to newly created context or NULL if an error occurs.


xmlSecDSigReferenceCtxDestroy ()

void        xmlSecDSigReferenceCtxDestroy   (xmlSecDSigReferenceCtxPtr dsigRefCtx);

Destroy context object created with xmlSecDSigReferenceCtxCreate function.

dsigRefCtx :

the pointer to <dsig:Reference/> element processing context.


xmlSecDSigReferenceCtxInitialize ()

int         xmlSecDSigReferenceCtxInitialize
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             xmlSecDSigCtxPtr dsigCtx,
                                             xmlSecDSigReferenceOrigin origin);

Initializes new <dsig:Reference/> element processing context. Caller is responsible for cleaning up the returned context by calling xmlSecDSigReferenceCtxFinalize function.

dsigRefCtx :

the pointer to <dsig:Reference/> element processing context.

dsigCtx :

the pointer to parent <dsig:Signature/> node processing context.

origin :

the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).

Returns :

0 on succes or aa negative value otherwise.


xmlSecDSigReferenceCtxFinalize ()

void        xmlSecDSigReferenceCtxFinalize  (xmlSecDSigReferenceCtxPtr dsigRefCtx);

Cleans up context object created with xmlSecDSigReferenceCtxInitialize function.

dsigRefCtx :

the pointer to <dsig:Reference/> element processing context.


xmlSecDSigReferenceCtxProcessNode ()

int         xmlSecDSigReferenceCtxProcessNode
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             xmlNodePtr node);

The Reference Element (http://www.w3.org/TR/xmldsig-core/sec-Reference)

Reference is an element that may occur one or more times. It specifies a digest algorithm and digest value, and optionally an identifier of the object being signed, the type of the object, and/or a list of transforms to be applied prior to digesting. The identification (URI) and transforms describe how the digested content (i.e., the input to the digest method) was created. The Type attribute facilitates the processing of referenced data. For example, while this specification makes no requirements over external data, an application may wish to signal that the referent is a Manifest. An optional ID attribute permits a Reference to be referenced from elsewhere.

dsigRefCtx :

the pointer to <dsig:Reference/> element processing context.

node :

the pointer to <dsig:Reference/> node.

Returns :

0 on succes or aa negative value otherwise.


xmlSecDSigReferenceCtxGetPreDigestBuffer ()

xmlSecBufferPtr xmlSecDSigReferenceCtxGetPreDigestBuffer
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx);

Gets the results of <dsig:Reference/> node processing just before digesting (valid only if XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flas of signature context is set).

dsigRefCtx :

the pointer to <dsig:Reference/> element processing context.

Returns :

pointer to the buffer or NULL if an error occurs.


xmlSecDSigReferenceCtxDebugDump ()

void        xmlSecDSigReferenceCtxDebugDump (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             FILE *output);

Prints debug information about dsigRefCtx to output.

dsigRefCtx :

the pointer to <dsig:Reference/> element processing context.

output :

the pointer to output FILE.


xmlSecDSigReferenceCtxDebugXmlDump ()

void        xmlSecDSigReferenceCtxDebugXmlDump
                                            (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                             FILE *output);

Prints debug information about dsigRefCtx to output in output format.

dsigRefCtx :

the pointer to <dsig:Reference/> element processing context.

output :

the pointer to output FILE.


xmlSecDSigReferenceCtxListId

#define     xmlSecDSigReferenceCtxListId

The references list klass.


xmlSecDSigReferenceCtxListGetKlass ()

xmlSecPtrListId xmlSecDSigReferenceCtxListGetKlass
                                            (void);

The <dsig:Reference/> element processing contexts list klass.

Returns :

<dsig:Reference/> element processing context list klass.



Aleksey Sanin