[xmlsec] xmlsec-mscrypto: don't check key length for hmac because we are using a hack
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] xmlsec-mscrypto: don't check key length for hmac because we are using a hack
- Date: Mon, 26 Apr 2010 23:37:45 +0000 (UTC)
commit b4dc60d3ec55e4f7893ee3d6edd5080d5ca0e96f
Author: Aleksey Sanin <aleksey aleksey com>
Date: Mon Apr 26 16:17:22 2010 -0700
xmlsec-mscrypto: don't check key length for hmac because we are using a hack
include/xmlsec/mscrypto/keysstore.h | 1 +
src/mscrypto/ciphers.c | 1 +
src/mscrypto/hmac.c | 6 ++-
src/mscrypto/symkeys.c | 73 ++++++++++++++++++----------------
4 files changed, 45 insertions(+), 36 deletions(-)
---
diff --git a/include/xmlsec/mscrypto/keysstore.h b/include/xmlsec/mscrypto/keysstore.h
index 867a6f7..1d2db12 100644
--- a/include/xmlsec/mscrypto/keysstore.h
+++ b/include/xmlsec/mscrypto/keysstore.h
@@ -48,6 +48,7 @@ XMLSEC_CRYPTO_EXPORT BOOL xmlSecMSCryptoImportPlainSessionBlob (HC
ALG_ID dwAlgId,
LPBYTE pbKeyMaterial,
DWORD dwKeyMaterial,
+ BOOL bCheckKeyLength,
HCRYPTKEY *hSessionKey);
#ifdef __cplusplus
diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c
index aa34452..1a7bc6b 100644
--- a/src/mscrypto/ciphers.c
+++ b/src/mscrypto/ciphers.c
@@ -664,6 +664,7 @@ xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key)
ctx->algorithmIdentifier,
bufData,
ctx->keySize,
+ TRUE,
&(ctx->cryptKey))) {
xmlSecError(XMLSEC_ERRORS_HERE,
diff --git a/src/mscrypto/hmac.c b/src/mscrypto/hmac.c
index d11fe58..edb3e66 100755
--- a/src/mscrypto/hmac.c
+++ b/src/mscrypto/hmac.c
@@ -388,14 +388,16 @@ xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
*
* HACK!!! HACK!!! HACK!!!
*
- * Using CALG_RC2 instead of CALG_HMAC for the key algorithm
+ * Using CALG_RC2 instead of CALG_HMAC for the key algorithm so we don't want to check key length
*/
if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->provider,
ctx->pubPrivKey,
CALG_RC2,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
- &(ctx->cryptKey)) || (ctx->cryptKey == 0)) {
+ FALSE,
+ &(ctx->cryptKey)
+ ) || (ctx->cryptKey == 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
diff --git a/src/mscrypto/symkeys.c b/src/mscrypto/symkeys.c
index d42144e..ab352af 100644
--- a/src/mscrypto/symkeys.c
+++ b/src/mscrypto/symkeys.c
@@ -592,14 +592,15 @@ done:
BOOL
xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
- DWORD dwKeyMaterial, HCRYPTKEY *hSessionKey) {
+ DWORD dwKeyMaterial, BOOL bCheckKeyLength,
+ HCRYPTKEY *hSessionKey) {
ALG_ID dwPrivKeyAlg;
LPBYTE keyBlob = NULL;
DWORD keyBlobLen, rndBlobSize, dwSize, n;
PUBLICKEYSTRUC* pubKeyStruc;
ALG_ID* algId;
DWORD dwPublicKeySize;
- DWORD dwProvSessionKeySize;
+ DWORD dwProvSessionKeySize = 0;
LPBYTE pbPtr;
DWORD dwFlags;
PROV_ENUMALGS_EX ProvEnum;
@@ -634,39 +635,43 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
goto done;
}
- /* We have to get the key size(including padding) from an HCRYPTKEY handle.
- * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
- */
- if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGenKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d", dwAlgId);
- goto done;
- }
-
- dwSize = sizeof(DWORD);
- if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetKeyParam(KP_KEYLEN)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d", dwAlgId);
- goto done;
- }
- CryptDestroyKey(hTempKey);
- hTempKey = 0;
+ if(bCheckKeyLength) {
+ /* We have to get the key size(including padding) from an HCRYPTKEY handle.
+ * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
+ */
+ if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
- /* Our key is too big, leave */
- if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld",
- dwKeyMaterial, dwProvSessionKeySize);
- goto done;
+ dwSize = sizeof(DWORD);
+ if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam(KP_KEYLEN)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+ CryptDestroyKey(hTempKey);
+ hTempKey = 0;
+
+ /* yell if key is too big */
+ if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld",
+ dwKeyMaterial, dwProvSessionKeySize);
+ goto done;
+ }
+ } else {
+ dwProvSessionKeySize = dwKeyMaterial * 8;
}
/* Get private key's algorithm */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
