[xmlsec] xmlSecTransformRsaPkcs1
Aleksey Sanin
aleksey at aleksey.com
Sun Aug 10 17:44:54 PDT 2003
> ...changing transforms engine itself seems like a big problem for me.
To be precise, the changes would look like this:
0) Add a new pushKey/popKey methods to xmlSecTransformKlass (where
are two "reserved" pointers thus it won't break ABI compatibility).
Also add
all the functions to support new "key" input type:
xmlSecTransformPushKey
xmlSecTransformPopKey
xmlSecTransformCtxExecuteKey
...
1) Modify the code in transforms.c to deal with this new
input/output type:
xmlSecTransformDefaultGetDataType
xmlSecTransformCtxPrepare
xmlSecTransformCtx*Execute
xmlSecTransformPump
...
In some of these functions you might need to transform keys to binary
data if needed. I understand that NSS would not support this but it
might
be required in some cases it might be required. Thus, there should be
code to do this (probably using xmlSecKeyDataBinWrite).
BTW, there is a good question of how to pass around the information
about the expected key id (decryption case). Probably somewhere in
xmlSecKeyInfoCtx or xmlSecTransformCtx.
2) Add new xmlSecEncCtxKeyEncrypt/xmlSecEncCtxKeyDecrypt to
xmlenc.c
3) Modify code in xmlSecKeyDataEncryptedKeyXmlRead and
xmlSecKeyDataEncryptedKeyXmlWrite to use these new functions
instead of xmlSecKeyDataBinWrite + xmlSecEncCtxBinaryEncrypt.
4) Finaly, implement these new popKey/pushKey methods for RSA-PKCS
transport for NSS. Of course this would mean that xmlsec-nss would not
support RSA-PKCS for data encryption.
This does not look like these change would break API or ABI compatibility
(thanks to "reserved" items :) ). But this sounds like a significant
change and
I would estimate the full patch with -u option to be around 3000-4000 lines.
Aleksey
More information about the xmlsec
mailing list