[xmlsec] MS Crypto API support

Aleksey Sanin aleksey@aleksey.com
Tue, 08 Apr 2003 07:14:23 -0700


olger wrote:

>I have created the mscrypto includes and source files based on the GnuTLS
>and found a few references missing during linkage. It seems that these are
>part of the symbols.h file but that one is not included in one of the
>'driver' c files (the files in the mscrypto src directory).
>I included the file in app.c to get this working but am wondering how it
>should be done.
>
There is a trick here. There is a mapping for xmlsec -<crypto> functions 
to simplify
application development. Say, we have xmlSecNssInit() function. In 
include/xmlsec/nss/symbols.h
it is mapped to xmlSecCryptoInit() and application can use same code for 
all crypto engines.

>Next to that, the crypto.h file (common include file) needs the additional
>mscrypto includes and I have added these to the file. (and found the
>symbols.h include over here..... maybe this is the way the symbols are
>automatically included when mscrypto is build...)
>  
>
Yes. It's the way to autmaticaly resolve xmlSecCrypto... names for 
application.
The application need to have one of the defines:
    XMLSEC_CRYPTO_OPENSSL
    XMLSEC_CRYPTO_NSS
    XMLSEC_CRYPTO_GNUTLS
    ....
and include include/xmlsec/crypto.h file. It does all the magic of 
mapping xmlSecCrypto.. functions.

>And the Makefile.msvc needs an additional configuration to include the
>mscrypto. 
>
Correct. You probably need to check the win32/configure.js file too. You 
should mention
mscrypto as an option for crypto library selection.

>I copied all NSS references and renamed the NSS to MSCRYPTO.
>All of this together seems to compile and link.
>  
>
Congratulations!

>In order to start with the actual implementation, what should be the order
>to go ?
>  
>
Next step is to implement initialization/shutdown functions. There are 2 
levels of init/shutdown
functions in xmlsec-crypto library:
       xmlSecCryptoInit  ()       - initializes xmlsec-crypto library 
(registeres key data and transforms,
                                                   for example); 
application MUST call this function.
       xmlSecAppCryptoInit () - default crypto lobrary initialization 
for xmlsec command line  utility;
                                                   application MAY call 
this function to initialize crypto library or do it
                                                   by itself.

After this I would suggest to try to implement a couple simple 
transforms that give you an ability
to verify a first signature. SHA1 and HMAC-SHA1 (and HMAC key data)  are 
very good candidates.
Check OpenSSL/GnuTLS/NSS code for examples (again, it's 
copy/paste/rename :) ).


If you and your company/university/... are ok with sharing your work 
with others then I would be
happy to add your changes to the main XML Security Library tree. The XML 
Sec code is licensed
under MIT license (basicaly, do whatever you want but don't complain).


Aleksey