[xmlsec] Troubles using XMLSec with Smart Cards

Hårek Ryeng haarek.ryeng@welldiagnostics.com
Wed, 23 Jul 2003 22:30:47 +0200


This is a multi-part message in MIME format.

------=_NextPart_000_000D_01C3516A.133AF500
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I=92m trying to sign an enveloped XML-document with XMLSec using a
SmartCard.=20
In order to do so I=92ve overloaded the default crypto engine with my =
own
( handling Smart Card communication).
=20
To create the signature template:
xmlSecTmplSignatureCreate(doc, xmlSecTransformInclC14NId,
xmlSecTransformRsaSha1Id, NULL);
=20
xmlSecTransformRsaSha1Id is thus the hashing algorithm for the signature
value calculation (behind the scenes in xmlSecDSigCtxSign () ).=20
=20
In the overloaded
RSA_private_encrypt(int len, const unsigned char *from,  unsigned char
*to, RSA *rsa, int padding)
=20
Xmlsec asks to get 35 bytes encrypted (len=3D35). Normally this would be
no problem (even if it is much for a hash value), but my crypto engine
only handles up to 20 bytes/160 bits at the moment. The cause of the
limitation is outside of my source code, so it is out of my reach
(binary dynamic library)=85
=20
Any suggestions on how to get xmlsec to ask for less bytes to be signed?
=20
=20
W | H=E5rek Ryeng, Senior System Developer
E | Well Diagnostics AS, Forskningsparken, 9291 Troms=F8
L | Tel: +47 77 75 76 79 (70), Cell: +47 970 05 022, Fax: +47 77 75 76
99
L |  <http://www.welldiagnostics.com/> http://www.welldiagnostics.com/
<http://www.welldiagnostics.com/>=20
=20

------=_NextPart_000_000D_01C3516A.133AF500
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">


<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C3516A.0FEC6640">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0cm;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
span.EpostStil17
	{mso-style-type:personal-compose;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:windowtext;}
span.SpellE
	{mso-style-name:"";
	mso-spl-e:yes;}
span.GramE
	{mso-style-name:"";
	mso-gram-e:yes;}
@page Section1
	{size:595.3pt 841.9pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;
	mso-header-margin:35.4pt;
	mso-footer-margin:35.4pt;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */=20
 table.MsoNormalTable
	{mso-style-name:"Vanlig tabell";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
	mso-para-margin:0cm;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=3DNO-BOK link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:35.4pt'>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>I&#8217;m trying to =
sign an enveloped
<span class=3DSpellE>XML</span>-document with <span =
class=3DSpellE>XMLSec</span>
using a <span class=3DSpellE>SmartCard</span>. =
<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>In order to do so =
I&#8217;ve
overloaded the default crypto engine with my own <span class=3DGramE>( =
handling</span>
Smart Card communication).<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></span=
></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>To create the =
signature template:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><span class=3DSpellE><span class=3DGramE><font =
size=3D2
face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;
mso-ansi-language:EN-GB'>xmlSecTmplSignatureCreate</span></font></span></=
span><span
class=3DGramE><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;
font-family:Arial;mso-ansi-language:EN-GB'>(</span></font></span><font =
size=3D2
face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;
mso-ansi-language:EN-GB'>doc, xmlSecTransformInclC14NId,
xmlSecTransformRsaSha1Id, NULL);<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></span=
></font></p>

<p class=3DMsoNormal><span class=3DGramE><font size=3D2 =
face=3DArial><span lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>xmlS=
ecTransformRsaSha1Id</span></font></span><font
size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;
mso-ansi-language:EN-GB'> is thus the hashing algorithm for the =
signature value
calculation (behind the scenes in <span =
class=3DSpellE>xmlSecDSigCtxSign</span> ()
). <o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></span=
></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>In the =
overloaded<o:p></o:p></span></font></p>

<p class=3DMsoNormal><span class=3DSpellE><font size=3D2 =
face=3DArial><span lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>RSA_=
private_<span
class=3DGramE>encrypt</span></span></font></span><span =
class=3DGramE><font size=3D2
face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;
mso-ansi-language:EN-GB'>(</span></font></span><span =
class=3DSpellE><font size=3D2
face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;
mso-ansi-language:EN-GB'>int</span></font></span><font size=3D2 =
face=3DArial><span
lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-GB'> =
<span
class=3DSpellE>len</span>, const unsigned char *from,<span =
style=3D'mso-tab-count:
1'>=A0 </span>unsigned char *to, <span class=3DSpellE>RSA</span> *<span
class=3DSpellE>rsa</span>, <span class=3DSpellE>int</span> =
padding)<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></span=
></font></p>

<p class=3DMsoNormal><span class=3DSpellE><font size=3D2 =
face=3DArial><span lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>Xmls=
ec</span></font></span><font
size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:10.0pt;font-family:Arial;
mso-ansi-language:EN-GB'> asks to get 35 bytes encrypted (<span =
class=3DSpellE>len</span>=3D35).
Normally this would be no problem (even if it is much for a hash value), =
but my
crypto engine only handles up to 20 bytes/160 bits at the moment. The =
cause of
the limitation is outside of my source code, so it is out of my reach =
(binary dynamic
library)&#8230;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></span=
></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'>Any suggestions on how =
to get
<span class=3DSpellE>xmlsec</span> to ask for less <span =
class=3DGramE>bytes</span>
to be signed?<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></span=
></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-GB =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></span=
></font></p>

<p class=3DMsoNormal><font size=3D2 face=3D"Courier New"><span =
lang=3DEN-GB
style=3D'font-size:10.0pt;font-family:"Courier =
New";mso-ansi-language:EN-GB;
mso-no-proof:yes'>W | H=E5rek Ryeng, Senior System Developer<br>
E | Well Diagnostics AS, Forskningsparken, 9291 Troms=F8<br>
L | Tel: +47 77 75 76 79 (70), Cell: +47 970 05 022, Fax: +47 77 75 76 =
99<br>
L | </span></font><span style=3D'mso-no-proof:yes'><a
href=3D"http://www.welldiagnostics.com/"><font size=3D2 face=3D"Courier =
New"><span
lang=3DEN-GB style=3D'font-size:10.0pt;font-family:"Courier =
New";mso-ansi-language:
EN-GB'>http://www.welldiagnostics.com/</span></font></a><a
href=3D"http://www.welldiagnostics.com/"></a></span><span lang=3DEN-GB
style=3D'mso-ansi-language:EN-GB'><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
lang=3DEN-GB
style=3D'font-size:12.0pt;mso-ansi-language:EN-GB'><o:p>&nbsp;</o:p></spa=
n></font></p>

</div>

</body>

</html>

------=_NextPart_000_000D_01C3516A.133AF500--