1 /* zx.h - Common definitions for zx generated code (encoders, decoders, etc.) 2 * Copyright (c) 2010 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved. 3 * Copyright (c) 2006-2009 Symlabs (symlabs@symlabs.com), All Rights Reserved. 4 * Author: Sampo Kellomaki (sampo@iki.fi) 5 * This is confidential unpublished proprietary source code of the author. 6 * NO WARRANTY, not even implied warranties. Contains trade secrets. 7 * Distribution prohibited unless authorized in writing. 8 * Licensed under Apache License 2.0, see file COPYING. 9 * $Id: zx.h,v 1.45 2009-11-29 12:23:06 sampo Exp $ 10 * 11 * 28.5.2006, created --Sampo 12 * 7.8.2006, renamed from dec.h to zx.h and added comments --Sampo 13 * 26.8.2006, some refactoring for CSE --Sampo 14 * 23.9.2006, mild re-engineering for WO support --Sampo 15 * 23.2.2008, added support for function pointers to malloc(), 16 * realloc(), and free() --Sampo 17 * 27.10.2010, namespace re-engineering --Sampo 18 * 26.10.2014, changed crypto to GCM and OAEP to combat Backwards Compatibility Attacks --Sampo 19 * 18.12.2015, applied patch from soconnor, perceptyx, adding algos --Sampo 20 * 21 * See paper: Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky: "One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography", 2013 http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/ /t/BackwardsCompatibilityAttacks.pdf 22 * 23 * This file is included from various generated grammar files. 24 */ 25 26 #ifndef _zx_h 27 #define _zx_h 28 29 #include <memory.h> 30 #include <string.h> 31 #include <stdarg.h> 32 33 #ifdef USE_OPENSSL 34 #include <openssl/x509.h> 35 #include <openssl/rsa.h> 36 #else 37 #define X509 void 38 #define RSA void 39 #endif 40 41 #ifdef MINGW 42 #include <windows.h> 43 #define pthread_mutex_t CRITICAL_SECTION 44 #define pthread_t DWORD 45 #define fdtype HANDLE 46 #else 47 #include <pthread.h> 48 #define fdtype int 49 #endif 50 51 #ifndef ZXDECL 52 #define ZXDECL 53 #endif 54 55 #ifdef __cplusplus 56 extern "C" { 57 #endif 58 59 struct zx_lock { 60 pthread_mutex_t ptmut; 61 const char* func; /* Remember where we locked to ease debugging. */ 62 int line; 63 pthread_t thr; 64 }; 65 66 /*(s) Namespace management. The context references this table. The array is 67 * terminated by an element with empty URL (url_len == 0). The elements 68 * of the array are the official namespace prefixes derived from 69 * target() directives in the .sg files. The linked list hanging from 70 * n field contains a stack of runtime assigned namespace prefixes. 71 * The empty marker element serves as a root for list holding namespace 72 * prefixes of namespaces not understood by the system. */ 73 74 struct zx_ns_s { 75 /*int name; / * For gperf -P (%pic) string-pool offset when in hash. */ 76 const char* url; /* Needs to be first so gperf (without -P or %pic) works. nul term */ 77 int url_len; /* 0 = end of nstab */ 78 int prefix_len; 79 const char* prefix; /* Always nul terminated (despite prefix_len field) */ 80 struct zx_ns_s* n; /* Next: For holding runtime equivalences as a linked list. */ 81 struct zx_ns_s* master; /* For a runtime equivalence, pointer to the master entry. */ 82 struct zx_ns_s* seen; /* Pointer to other "seen" namespaces with same prefix (stack) */ 83 struct zx_ns_s* seen_n; /* Next prefix in seen structure (list) */ 84 struct zx_ns_s* seen_p; /* Previous prefix in seen structure (list) */ 85 struct zx_ns_s* seen_pop; /* Pop list for seen stack (used in the end of an element). */ 86 struct zx_ns_s* inc_n; /* Next link for InclusiveNamespaces */ 87 }; 88 89 /*struct zx_ns_s zx_ns_tab[]; include c/zx-ns.h instead */ 90 91 /* Context tracks the input and namespaces. It is also passed to memory allocator. */ 92 93 struct zx_ctx { 94 const char* bas; /* base is C# keyword :-( */ 95 const char* p; /* Current scan pointer */ 96 const char* lim; 97 struct zx_ns_s* ns_tab; /* Array, such as zx_ns_tab, see zx_prepare_dec_ctx() */ 98 int n_ns; /* Number of entries in ns_tab. */ 99 struct zx_ns_s* unknown_ns; /* Linked list of unknown namespaces. */ 100 /* Namespace prefixes that have been "seen", each prefix is a stack. 101 * We keep these prefixes in a doubly linked list so we can add and 102 * remove in the middle. */ 103 struct zx_ns_s guard_seen_n; 104 struct zx_ns_s guard_seen_p; 105 void* exclude_sig; /* If nonnull, causes specified signature to be 106 * excluded. This is needed to avoid the signature 107 * under verification in the canonicalization. 108 * See zxsig.c:zxsig_validate(). */ 109 struct zx_ns_s* inc_ns_len; /* Derived from InclusiveNamespaces/@PrefixList,length computation phase, */ 110 struct zx_ns_s* inc_ns; /* Encoding phase. See zxsig_validate(). */ 111 /* Allow ZX_ALLOC() layer to be adapted to custom allocators, like Apache pool allocator. */ 112 void* (*malloc_func)(size_t); 113 void* (*realloc_func)(void*, size_t); 114 void (*free_func)(void*); 115 #ifdef USE_PTHREAD 116 struct zx_lock mx; 117 #endif 118 char canon_inopt; /* Shib2 InclusiveNamespaces/@PrefixList kludge and other sundry options. */ 119 char enc_tail_opt; /* In encoding, use non-canon empty tag tail optimization, e.g. <ns:foo/> */ 120 char top1; /* There can only be one top level element, e.g. <e:Envelope> */ 121 char pad3; 122 int zx_errno; /* Outcome of last filesystem operation */ 123 }; 124 125 /* We arrange all structs to start with a common header (16 bytes on 32bit platforms). 126 * This structure works as a binary clean string. When used as (a part of) an 127 * element, the namespace prefix and name of the element form the string. The 128 * token value does not need to be represented as it can be recovered by 129 * performing zx_elem2tok() lookup again. The namespace information is 130 * implicit in the placement of the element in its parent element's struct. */ 131 132 struct zx_str { 133 struct zx_str* n; /* next pointer for compile time construction of data structures */ 134 int tok; /* token number of the ns+tag represented by this struct */ 135 int len; 136 char* s; /* Start of prefix:element in the scan buffer. */ 137 }; 138 139 #define ZX_NEXT(x) ((x)->gg.g.n) 140 141 /* Attributes that are unforeseen (errornous or extensions). */ 142 143 struct zx_attr_s { 144 struct zx_str g; /* value at g.s */ 145 struct zx_ns_s* ns; /* namespace of the attribute */ 146 int name_len; 147 char* name; 148 }; 149 150 //#define ZX_ANY_AT(x) ((struct zx_any_attr_s*)(x)) 151 152 /* Simple elements, base type for complex elements. */ 153 154 struct zx_elem_s { 155 struct zx_str g; /* Common fields for all nodes */ 156 struct zx_elem_s* kids; /* root of wo list representing child elements */ 157 struct zx_attr_s* attr; /* list of attributes */ 158 struct zx_ns_s* ns; /* namespace of the element */ 159 struct zx_ns_s* xmlns; /* xmlns declarations (for inc_ns processing) */ 160 }; 161 162 #define ZX_ELEM_EXT struct zx_elem_s gg; /* Used in generated data types */ 163 164 struct zx_elem_s* zx_new_elem(struct zx_ctx* c, struct zx_elem_s* father, int tok); 165 struct zx_elem_s* zx_new_str_elem(struct zx_ctx* c, struct zx_elem_s* father, int tok, struct zx_str* ss); 166 struct zx_elem_s* zx_ref_len_elem(struct zx_ctx* c, struct zx_elem_s* father, int tok, int len, const char* s); 167 struct zx_elem_s* zx_ref_elem(struct zx_ctx* c, struct zx_elem_s* father, int tok, const char* s); 168 struct zx_elem_s* zx_dup_len_elem(struct zx_ctx* c, struct zx_elem_s* father, int tok, int len, const char* s); 169 struct zx_elem_s* zx_dup_elem(struct zx_ctx* c, struct zx_elem_s* father, int tok, const char* s); 170 171 struct zx_attr_s* zx_ref_len_attr(struct zx_ctx* c, struct zx_elem_s* father, int tok, int len, const char* s); 172 struct zx_attr_s* zx_ref_attr(struct zx_ctx* c, struct zx_elem_s* father, int tok, const char* s); 173 struct zx_attr_s* zx_new_len_attr(struct zx_ctx* c, struct zx_elem_s* father, int tok, int len); 174 struct zx_attr_s* zx_dup_len_attr(struct zx_ctx* c, struct zx_elem_s* father, int tok, int len, const char* s); 175 struct zx_attr_s* zx_dup_attr(struct zx_ctx* c, struct zx_elem_s* father, int tok, const char* s); 176 struct zx_attr_s* zx_attrf(struct zx_ctx* c, struct zx_elem_s* father, int tok, const char* f, ...); 177 178 struct zx_str* zx_ref_str(struct zx_ctx* c, const char* s); /* ref points to underlying data */ 179 struct zx_str* zx_ref_len_str(struct zx_ctx* c, int len, const char* s); 180 struct zx_str* zx_new_len_str(struct zx_ctx* c, int len); 181 struct zx_str* zx_dup_len_str(struct zx_ctx* c, int len, const char* s); 182 struct zx_str* zx_dup_str(struct zx_ctx* c, const char* s); /* data is new memory */ 183 struct zx_str* zx_dup_zx_str(struct zx_ctx* c, struct zx_str* ss); /* data is new memory */ 184 struct zx_str* zx_strf(struct zx_ctx* c, const char* f, ...); /* data is new memory */ 185 186 char* zx_alloc_sprintf(struct zx_ctx* c, int* retlen, const char* f, ...); 187 void zx_str_free(struct zx_ctx* c, struct zx_str* ss); /* free both ss->s and ss */ 188 char* zx_str_to_c(struct zx_ctx* c, struct zx_str* ss); 189 void zx_str_conv(struct zx_str* ss, int* out_len, char** out_s); /* SWIG typemap friendly */ 190 int zx_str_cmp(struct zx_str* a, struct zx_str* b); 191 int zx_str_ends_in(struct zx_str* ss, int len, const char* suffix); 192 #define ZX_STR_EQ(ss, cstr) ((ss) && (cstr) && (ss)->s && (ss)->len == strlen(cstr) && !memcmp((cstr), (ss)->s, (ss)->len)) 193 #define ZX_STR_ENDS_IN_CONST(ss, suffix) zx_str_ends_in((ss), sizeof(suffix)-1, (suffix)) 194 195 #define ZX_ELEM_S(e) ((struct zx_elem_s*)(e)) 196 #define ZX_SIMPLE_ELEM_CHK(e) ((e) && ZX_ELEM_S(e)->kids && ZX_ELEM_S(e)->kids->g.tok == ZX_TOK_DATA && ZX_ELEM_S(e)->kids->g.len && ZX_ELEM_S(e)->kids->g.s && ZX_ELEM_S(e)->kids->g.s[0]) 197 #define ZX_CONTENT_EQ_CONST(e, c) ((e) && ZX_ELEM_S(e)->kids && ZX_ELEM_S(e)->kids->g.tok == ZX_TOK_DATA && ZX_ELEM_S(e)->kids->g.len == sizeof(c)-1 && !memcmp(ZX_ELEM_S(e)->kids->g.s, (c), sizeof(c)-1)) 198 #define ZX_GET_CONTENT(e) ((e) && ZX_ELEM_S(e)->kids && ZX_ELEM_S(e)->kids->g.tok == ZX_TOK_DATA ? &ZX_ELEM_S(e)->kids->g : 0) 199 #define ZX_GET_CONTENT_LEN(e) ((e) && ZX_ELEM_S(e)->kids && ZX_ELEM_S(e)->kids->g.tok == ZX_TOK_DATA ? ZX_ELEM_S(e)->kids->g.len : 0) 200 #define ZX_GET_CONTENT_S(e) ((e) && ZX_ELEM_S(e)->kids && ZX_ELEM_S(e)->kids->g.tok == ZX_TOK_DATA ? ZX_ELEM_S(e)->kids->g.s : 0) 201 202 char* zx_memmem(const char* haystack, int haystack_len, const char* needle, int needle_len); 203 void* zx_alloc(struct zx_ctx* c, int size); 204 void* zx_zalloc(struct zx_ctx* c, int size); 205 void* zx_free(struct zx_ctx* c, void* p); 206 char* zx_dup_cstr(struct zx_ctx* c, const char* str); 207 char* zx_dup_len_cstr(struct zx_ctx* c, int len, const char* str); 208 #define ZX_ALLOC(c, size) zx_alloc((c), (size)) 209 #define ZX_ZALLOC(c, typ) ((typ*)zx_zalloc((c), sizeof(typ))) 210 #define ZX_DUPALLOC(c, typ, n, o) (n) = (typ*)zx_alloc((c), sizeof(typ)); memcpy((n), (o), sizeof(typ)) 211 #define ZX_FREE(c, p) zx_free((c), (p)) 212 213 void zx_reset_ns_ctx(struct zx_ctx* ctx); 214 void zx_reset_ctx(struct zx_ctx* ctx); 215 struct zx_ctx* zx_init_ctx(); /* from malloc(3) */ 216 void zx_free_ctx(struct zx_ctx* ctx); /* Wrapper for free(3C). */ 217 218 /* N.B. All string scanning assumes buffer is terminated with C string style nul byte. */ 219 /*#define ZX_SKIP_WS_P(c,p,x) MB for (; ONE_OF_4(*(p), ' ', '\n', '\r', '\t'); ++(p)) ; if (!*(p)) return x; ME*/ 220 #define ZX_SKIP_WS_P(c,p,x) MB p += strspn((p)," \n\r\t"); if (!*(p)) return x; ME 221 #define ZX_SKIP_WS(c,x) ZX_SKIP_WS_P((c),(c)->p,x) 222 #define ZX_LOOK_FOR_P(c,ch,p) MB char* pp = memchr((p), (ch), (c)->lim - (p)); if (!pp) goto look_for_not_found; else (p) = pp; ME 223 #define ZX_LOOK_FOR(c,ch) ZX_LOOK_FOR_P((c),(ch),(c)->p) 224 225 #define ZX_OUT_CH(p, ch) (*((p)++) = (ch)) 226 #define ZX_OUT_MEM(p, mem, len) MB memcpy((p), (mem), (len)); (p) += (len); ME 227 #define ZX_OUT_STR(p, str) ZX_OUT_MEM(p, ((struct zx_str*)(x))->s, ((struct zx_str*)(x))->len) 228 229 #define ZX_OUT_TAG(p, tag) ZX_OUT_MEM(p, tag, sizeof(tag)-1) 230 #define ZX_OUT_CLOSE_TAG(p, tag) ZX_OUT_MEM(p, tag, sizeof(tag)-1) 231 #if 1 232 #define ZX_LEN_SIMPLE_TAG(tok, len, ns) (1 + ((tok == ZX_TOK_TOK_NOT_FOUND && ns && ns->prefix_len)?ns->prefix_len+1:0) + len) 233 #define ZX_OUT_SIMPLE_TAG(p, tok, tag, len, ns) MB ZX_OUT_CH(p, '<'); if (tok == ZX_TOK_TOK_NOT_FOUND && ns && ns->prefix_len) { ZX_OUT_MEM(p, ns->prefix, ns->prefix_len); ZX_OUT_CH(p, ':'); } ZX_OUT_MEM(p, tag, len); ME 234 #define ZX_OUT_SIMPLE_CLOSE_TAG(p, tok, tag, len, ns) MB ZX_OUT_CH(p, '<'); ZX_OUT_CH(p, '/'); if (tok == ZX_TOK_TOK_NOT_FOUND && ns && ns->prefix_len) { ZX_OUT_MEM(p, ns->prefix, ns->prefix_len); ZX_OUT_CH(p, ':'); } ZX_OUT_MEM(p, tag, len); ZX_OUT_CH(p, '>'); ME 235 #else 236 #define ZX_OUT_SIMPLE_TAG(p, tag, len, ns) MB ZX_OUT_CH(p, '<'); if (0&&ns) { ZX_OUT_MEM(p, ns->prefix, ns->prefix_len); ZX_OUT_CH(p, ':'); } ZX_OUT_MEM(p, tag, len); ME 237 #define ZX_OUT_SIMPLE_CLOSE_TAG(p, tag, len, ns) MB ZX_OUT_CH(p, '<'); ZX_OUT_CH(p, '/'); if (0&&ns) { ZX_OUT_MEM(p, ns->prefix, ns->prefix_len); ZX_OUT_CH(p, ':'); } ZX_OUT_MEM(p, tag, len); ZX_OUT_CH(p, '>'); ME 238 #endif 239 240 /* Special token values. */ 241 #define ZX_TOK_NO_ATTR (-7) /* 0xfff9 65529 */ 242 #define ZX_TOK_ATTR_ERR (-6) 243 #define ZX_TOK_XMLNS (-4) 244 #define ZX_TOK_DATA 0x0000fffd /* Decimal 65533: string data between elements */ 245 #define ZX_TOK_ATTR_NOT_FOUND 0x0000fffe 246 #define ZX_TOK_TOK_NOT_FOUND 0x0000ffff 247 #define ZX_TOK_NS_NOT_FOUND 0x00ff0000 248 #define ZX_TOK_NOT_FOUND 0x00ffffff /* Decimal 16777215: common among payload elements */ 249 #define ZX_TOK_TOK_MASK 0x0000ffff 250 #define ZX_TOK_NS_MASK 0x00ff0000 251 #define ZX_TOK_NS_SHIFT 16 252 #define ZX_TOK_FLAGS_MASK 0xff000000 253 254 #define zx_xml_lang_ATTR (zx_xml_NS|zx_lang_ATTR) 255 #define zx_wsu_Id_ATTR (zx_wsu_NS|zx_Id_ATTR) 256 #define zx_e_actor_ATTR (zx_e_NS|zx_actor_ATTR) 257 #define zx_e_mustUnderstand_ATTR (zx_e_NS|zx_mustUnderstand_ATTR) 258 259 struct zx_at_tok { const char* name; }; 260 261 /* Element descriptor. These are statically initialized in c/zx-elems.c */ 262 263 struct zx_el_desc { 264 struct zx_el_desc* n; 265 int tok; 266 int siz; /* max struct size to help allocation */ 267 int (*at_dec)(struct zx_ctx* c,struct zx_elem_s* x); /* funcptr to attr decode switch */ 268 int (*el_dec)(struct zx_ctx* c,struct zx_elem_s* x); /* funcptr to elem decode switch */ 269 int el_order[]; /* Ordered list of tags that should appear as kids. */ 270 }; 271 272 /* Node of zx_el_tab[] which is indexed by tok number, see c/zx-elems.c */ 273 274 struct zx_el_tok { 275 const char* name; 276 struct zx_el_desc* n; 277 }; 278 279 /*struct zx_el_tok* zx_elem2tok(register const char *str, register unsigned int len);*/ 280 /*struct zx_note_s* zx_clone_any(struct zx_ctx* c, struct zx_note_s* n, int dup_strs); TBD */ 281 /*void zx_free_any(struct zx_ctx* c, struct zx_note_s* n, int free_strs); TBD */ 282 283 int zx_date_time_to_secs(const char* dt); 284 int write2_or_append_lock_c_path(const char* c_path, int len1, const char* data1, int len2, const char* data2, const char* which, int seeky, int flag); 285 int zx_report_openssl_err(const char* logkey); 286 287 #if 0 288 void zx_fix_any_elem_dec(struct zx_ctx* c, struct zx_elem_s* x, const char* nam, int namlen); 289 int zx_is_ns_prefix(struct zx_ns_s* ns, int len, const char* prefix); 290 #endif 291 int zx_dump_ns_tab(struct zx_ctx* c, int flags); 292 struct zx_ns_s* zx_prefix_seen(struct zx_ctx* c, int len, const char* prefix); 293 struct zx_ns_s* zx_prefix_seen_whine(struct zx_ctx* c, int len, const char* prefix, const char* logkey, int mk_dummy_ns); 294 struct zx_ns_s* zx_scan_xmlns(struct zx_ctx* c); 295 void zx_see_elem_ns(struct zx_ctx* c, struct zx_ns_s** pop_seen, struct zx_elem_s* el); 296 void zx_pop_seen(struct zx_ns_s* ns); 297 int zx_format_parse_error(struct zx_ctx* ctx, char* buf, int siz, char* logkey); 298 299 /* zxcrypto.c - Glue to OpenSSL low level */ 300 301 #define ZX_SYMKEY_LEN 20 /* size of sha1 */ 302 char* zx_hmac_sha256(struct zx_ctx* c, int key_len, const char* key, int data_len, const char* data, char* md, int* md_len); 303 int zx_raw_raw_digest2(struct zx_ctx* c, char* mdbuf, const EVP_MD* evp_digest, int len, const char* s, int len2, const char* s2); 304 int zx_raw_digest2(struct zx_ctx* c, char* mdbuf, const char* algo, int len, const char* s, int len2, const char* s2); 305 struct zx_str* zx_raw_cipher(struct zx_ctx* c, const char* algo, int encflag, struct zx_str* key, int len, const char* s, int iv_len, const char* iv); 306 struct zx_str* zx_rsa_pub_enc(struct zx_ctx* c, struct zx_str* plain, RSA* rsa_pkey, int pad); 307 struct zx_str* zx_rsa_pub_dec(struct zx_ctx* c, struct zx_str* ciphered, RSA* rsa_pkey, int pad); 308 struct zx_str* zx_rsa_priv_dec(struct zx_ctx* c, struct zx_str* ciphered, RSA* rsa_pkey, int pad); 309 struct zx_str* zx_rsa_priv_enc(struct zx_ctx* c, struct zx_str* plain, RSA* rsa_pkey, int pad); 310 RSA* zx_get_rsa_pub_from_cert(X509* cert, char* logkey); 311 void zx_rand(char* buf, int n_bytes); 312 char* zx_md5_crypt(const char* pw, const char* salt, char* buf); 313 314 /* Common Subexpression Elimination (CSE) for generated code. */ 315 316 #define ZX_ORD_INS_ATTR(b,f,k) (zx_ord_ins_at(&(b)->gg,((b)->f=(k)))) 317 #define ZX_ADD_KID(b,f,k) (zx_add_kid(&(b)->gg,(struct zx_elem_s*)((b)->f=(k)))) 318 319 /* zxlib.c */ 320 321 struct zx_elem_s* zx_add_kid(struct zx_elem_s* father, struct zx_elem_s* kid); 322 struct zx_elem_s* zx_add_kid_before(struct zx_elem_s* father, int before, struct zx_elem_s* kid); 323 struct zx_elem_s* zx_add_kid_after_sa_Issuer(struct zx_elem_s* father, struct zx_elem_s* kid); 324 struct zx_elem_s* zx_replace_kid(struct zx_elem_s* father, struct zx_elem_s* kid); 325 void zx_add_content(struct zx_ctx* c, struct zx_elem_s* x, struct zx_str* cont); 326 struct zx_attr_s* zx_ord_ins_at(struct zx_elem_s* x, struct zx_attr_s* in_at); 327 void zx_reverse_elem_lists(struct zx_elem_s* x); 328 int zx_len_xmlns_if_not_seen(struct zx_ctx* c, struct zx_ns_s* ns, struct zx_ns_s** pop_seen); 329 void zx_add_xmlns_if_not_seen(struct zx_ctx* c, struct zx_ns_s* ns, struct zx_ns_s** pop_seen); 330 char* zx_enc_seen(char* p, struct zx_ns_s* ns); 331 int zx_LEN_WO_any_elem(struct zx_ctx* c, struct zx_elem_s* x); 332 char* zx_ENC_WO_any_elem(struct zx_ctx* c, struct zx_elem_s* x, char* p); 333 struct zx_str* zx_EASY_ENC_elem(struct zx_ctx* c, struct zx_elem_s* x); 334 void zx_free_attr(struct zx_ctx* c, struct zx_attr_s* attr, int free_strs); 335 void zx_free_elem(struct zx_ctx* c, struct zx_elem_s* x, int free_strs); 336 337 #ifdef ZX_ENA_AUX 338 void zx_dup_attr(struct zx_ctx* c, struct zx_str* attr); 339 struct zx_str* zx_clone_attr(struct zx_ctx* c, struct zx_str* attr); 340 struct zx_elem_s* zx_clone_elem_common(struct zx_ctx* c, struct zx_elem_s* x, int size, int dup_strs); 341 void zx_dup_strs_common(struct zx_ctx* c, struct zx_elem_s* x); 342 int zx_walk_so_unknown_attributes(struct zx_ctx* c, struct zx_elem_s* x, void* ctx, int (*callback)(struct zx_node_s* node, void* ctx)); 343 int zx_walk_so_unknown_elems_and_content(struct zx_ctx* c, struct zx_elem_s* x, void* ctx, int (*callback)(struct zx_node_s* node, void* ctx)); 344 struct zx_elem_s* zx_deep_clone_elems(struct zx_ctx* c, struct zx_elem_s* x, int dup_strs); 345 int zx_walk_so_elems(struct zx_ctx* c, struct zx_elem_s* se, void* ctx, int (*callback)(struct zx_node_s* node, void* ctx)); 346 void zx_dup_strs_elems(struct zx_ctx* c, struct zx_elem_s* se); 347 #endif 348 349 void zx_xml_parse_err(struct zx_ctx* c, char quote, const char* func, const char* msg); 350 void zx_xml_parse_dbg(struct zx_ctx* c, char quote, const char* func, const char* msg); 351 struct zx_ns_s* zx_xmlns_detected(struct zx_ctx* c, struct zx_elem_s* x, const char* data); 352 353 int zx_in_inc_ns(struct zx_ctx* c, struct zx_ns_s* new_ns); 354 struct zx_el_tok* zx_get_el_tok(struct zx_elem_s* x); 355 356 void zx_prepare_dec_ctx(struct zx_ctx* c, struct zx_ns_s* ns_tab, int n_ns, const char* start, const char* lim); 357 struct zx_root_s* zx_dec_zx_root(struct zx_ctx* c, int len, const char* start, const char* func); 358 void zx_DEC_elem(struct zx_ctx* c, struct zx_elem_s* x); 359 struct zx_el_desc* zx_el_desc_lookup(int tok); 360 361 #define SIG_ALGO_RSA_SHA1_URLENC "http://www.w3.org/2000/09/xmldsig%23rsa-sha1" 362 #define SIG_ALGO_RSA_SHA224_URLENC "http://www.w3.org/2001/04/xmldsig-more%23rsa-sha224" 363 #define SIG_ALGO_RSA_SHA256_URLENC "http://www.w3.org/2001/04/xmldsig-more%23rsa-sha256" 364 #define SIG_ALGO_RSA_SHA384_URLENC "http://www.w3.org/2001/04/xmldsig-more%23rsa-sha384" 365 #define SIG_ALGO_RSA_SHA512_URLENC "http://www.w3.org/2001/04/xmldsig-more%23rsa-sha512" 366 #define SIG_ALGO_DSA_SHA1_URLENC "http://www.w3.org/2000/09/xmldsig%23dsa-sha1" 367 #define SIG_ALGO_DSA_SHA224_URLENC "http://www.w3.org/2001/04/xmldsig-more%23dsa-sha224" 368 #define SIG_ALGO_DSA_SHA256_URLENC "http://www.w3.org/2001/04/xmldsig-more%23dsa-sha256" 369 #define SIG_ALGO_DSA_SHA384_URLENC "http://www.w3.org/2001/04/xmldsig-more%23dsa-sha384" 370 #define SIG_ALGO_DSA_SHA512_URLENC "http://www.w3.org/2001/04/xmldsig-more%23dsa-sha512" 371 #define SIG_ALGO_ECDSA_SHA1_URLENC "http://www.w3.org/2001/04/xmldsig-more%23ecdsa-sha1" 372 #define SIG_ALGO_ECDSA_SHA224_URLENC "http://www.w3.org/2001/04/xmldsig-more%23ecdsa-sha224" 373 #define SIG_ALGO_ECDSA_SHA256_URLENC "http://www.w3.org/2001/04/xmldsig-more%23ecdsa-sha256" 374 #define SIG_ALGO_ECDSA_SHA384_URLENC "http://www.w3.org/2001/04/xmldsig-more%23ecdsa-sha384" 375 #define SIG_ALGO_ECDSA_SHA512_URLENC "http://www.w3.org/2001/04/xmldsig-more%23ecdsa-sha512" 376 377 #define SIG_ALGO_RSA_SHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1" 378 #define SIG_ALGO_RSA_SHA224 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224" 379 #define SIG_ALGO_RSA_SHA256 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" 380 #define SIG_ALGO_RSA_SHA384 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" 381 #define SIG_ALGO_RSA_SHA512 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" 382 #define SIG_ALGO_DSA_SHA1 "http://www.w3.org/2000/09/xmldsig#dsa-sha1" 383 #define SIG_ALGO_DSA_SHA224 "http://www.w3.org/2009/xmldsig11#dsa-sha224" 384 #define SIG_ALGO_DSA_SHA256 "http://www.w3.org/2009/xmldsig11#dsa-sha256" 385 #define SIG_ALGO_DSA_SHA384 "http://www.w3.org/2009/xmldsig11#dsa-sha384" 386 #define SIG_ALGO_DSA_SHA512 "http://www.w3.org/2009/xmldsig11#dsa-sha512" 387 #define SIG_ALGO_ECDSA_SHA1 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" 388 #define SIG_ALGO_ECDSA_SHA224 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224" 389 #define SIG_ALGO_ECDSA_SHA256 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" 390 #define SIG_ALGO_ECDSA_SHA384 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" 391 #define SIG_ALGO_ECDSA_SHA512 "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" 392 393 #define DIGEST_ALGO_SHA1 "http://www.w3.org/2000/09/xmldsig#sha1" 394 #define DIGEST_ALGO_SHA224 "http://www.w3.org/2001/04/xmldsig-more#sha224" 395 #define DIGEST_ALGO_SHA256 "http://www.w3.org/2001/04/xmlenc#sha256" 396 #define DIGEST_ALGO_SHA384 "http://www.w3.org/2001/04/xmldsig-more#sha384" 397 #define DIGEST_ALGO_SHA512 "http://www.w3.org/2001/04/xmlenc#sha512" 398 399 #define SIG_ALGO SIG_ALGO_RSA_SHA1 400 #define SIG_ALGO_URLENC SIG_ALGO_RSA_SHA1_URLENC 401 #define SIG_SIZE 1024 /* Maximum size of the base64 encoded signature, for buffer allocation */ 402 #define DIGEST_ALGO DIGEST_ALGO_SHA1 403 #define CANON_ALGO "http://www.w3.org/2001/10/xml-exc-c14n#" 404 #define ENVELOPED_ALGO "http://www.w3.org/2000/09/xmldsig#enveloped-signature" 405 #define ENC_ALGO_TRIPLEDES_CBC "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" 406 #define ENC_ALGO_AES128_CBC "http://www.w3.org/2001/04/xmlenc#aes128-cbc" 407 #define ENC_ALGO_AES192_CBC "http://www.w3.org/2001/04/xmlenc#aes192-cbc" 408 #define ENC_ALGO_AES256_CBC "http://www.w3.org/2001/04/xmlenc#aes256-cbc" 409 #define ENC_ALGO_AES256_GCM "http://www.w3.org/2001/04/xmlenc11#aes256-gcm" 410 /* #define ENC_ALGO ENC_ALGO_AES128_CBC unsafe, see Backwards Compatibility Attacks */ 411 #define ENC_ALGO ENC_ALGO_AES256_GCM 412 413 /* The ENC_KEYTRAN_ALGO setting must agree with setting in zxenc_pubkey_enc() 414 * See paper: Tibor Jager, Kenneth G. Paterson, Juraj Somorovsky: "One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography", 2013 http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/ /t/BackwardsCompatibilityAttacks.pdf 415 */ 416 417 #define ENC_KEYTRAN_RSA_1_5 "http://www.w3.org/2001/04/xmlenc#rsa-1_5" 418 #define ENC_KEYTRAN_RSA_OAEP "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" 419 /*#define ENC_KEYTRAN_ALGO ENC_KEYTRAN_RSA_1_5 IBM in 2007 needed this, but it is vulnearable to attacks */ 420 #define ENC_KEYTRAN_ALGO ENC_KEYTRAN_RSA_OAEP 421 422 #define ENC_ENCKEY_METH "http://www.w3.org/2001/04/xmlenc#EncryptedKey" 423 #define ENC_TYPE_ELEMENT "http://www.w3.org/2001/04/xmlenc#Element" 424 #define ENC_TYPE_CONTENT "http://www.w3.org/2001/04/xmlenc#Content" 425 426 #ifdef __cplusplus 427 } // extern "C" 428 #endif 429 430 #endif 431