[xmlsec] xmlsec-mscrypto: don't check key length for hmac because we are using a hack



commit b4dc60d3ec55e4f7893ee3d6edd5080d5ca0e96f
Author: Aleksey Sanin <aleksey aleksey com>
Date:   Mon Apr 26 16:17:22 2010 -0700

    xmlsec-mscrypto: don't check key length for hmac because we are using a hack

 include/xmlsec/mscrypto/keysstore.h |    1 +
 src/mscrypto/ciphers.c              |    1 +
 src/mscrypto/hmac.c                 |    6 ++-
 src/mscrypto/symkeys.c              |   73 ++++++++++++++++++----------------
 4 files changed, 45 insertions(+), 36 deletions(-)
---
diff --git a/include/xmlsec/mscrypto/keysstore.h b/include/xmlsec/mscrypto/keysstore.h
index 867a6f7..1d2db12 100644
--- a/include/xmlsec/mscrypto/keysstore.h
+++ b/include/xmlsec/mscrypto/keysstore.h
@@ -48,6 +48,7 @@ XMLSEC_CRYPTO_EXPORT BOOL               xmlSecMSCryptoImportPlainSessionBlob (HC
                                                                          ALG_ID dwAlgId,
                                                                          LPBYTE pbKeyMaterial,
                                                                          DWORD dwKeyMaterial,
+                                                                         BOOL bCheckKeyLength,
                                                                          HCRYPTKEY *hSessionKey);
 
 #ifdef __cplusplus
diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c
index aa34452..1a7bc6b 100644
--- a/src/mscrypto/ciphers.c
+++ b/src/mscrypto/ciphers.c
@@ -664,6 +664,7 @@ xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key)
         ctx->algorithmIdentifier,
         bufData,
         ctx->keySize,
+        TRUE,
         &(ctx->cryptKey)))  {
 
         xmlSecError(XMLSEC_ERRORS_HERE,
diff --git a/src/mscrypto/hmac.c b/src/mscrypto/hmac.c
index d11fe58..edb3e66 100755
--- a/src/mscrypto/hmac.c
+++ b/src/mscrypto/hmac.c
@@ -388,14 +388,16 @@ xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
      * 
      * HACK!!! HACK!!! HACK!!! 
      * 
-     * Using CALG_RC2 instead of CALG_HMAC for the key algorithm
+     * Using CALG_RC2 instead of CALG_HMAC for the key algorithm so we don't want to check key length
      */
     if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->provider,
         ctx->pubPrivKey,
         CALG_RC2,
         xmlSecBufferGetData(buffer),
         xmlSecBufferGetSize(buffer),
-        &(ctx->cryptKey)) || (ctx->cryptKey == 0))  {
+        FALSE,
+        &(ctx->cryptKey)
+        ) || (ctx->cryptKey == 0))  {
 
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
diff --git a/src/mscrypto/symkeys.c b/src/mscrypto/symkeys.c
index d42144e..ab352af 100644
--- a/src/mscrypto/symkeys.c
+++ b/src/mscrypto/symkeys.c
@@ -592,14 +592,15 @@ done:
 BOOL
 xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
                                      ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
-                                     DWORD dwKeyMaterial, HCRYPTKEY *hSessionKey) {
+                                     DWORD dwKeyMaterial, BOOL bCheckKeyLength,
+                                     HCRYPTKEY *hSessionKey) {
     ALG_ID dwPrivKeyAlg;
     LPBYTE keyBlob = NULL;
     DWORD keyBlobLen, rndBlobSize, dwSize, n;
     PUBLICKEYSTRUC* pubKeyStruc;
     ALG_ID* algId;
     DWORD dwPublicKeySize;
-    DWORD dwProvSessionKeySize;
+    DWORD dwProvSessionKeySize = 0;
     LPBYTE pbPtr;
     DWORD dwFlags;
     PROV_ENUMALGS_EX ProvEnum;
@@ -634,39 +635,43 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
         goto done;
     }
 
-    /* We have to get the key size(including padding) from an HCRYPTKEY handle.
-     * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
-     */
-    if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
-        xmlSecError(XMLSEC_ERRORS_HERE,
-                    NULL,
-                    "CryptGenKey",
-                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-                    "algId=%d", dwAlgId);
-        goto done;
-    }
-
-    dwSize = sizeof(DWORD);
-    if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
-        xmlSecError(XMLSEC_ERRORS_HERE,
-                    NULL,
-                    "CryptGetKeyParam(KP_KEYLEN)",
-                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-                    "algId=%d", dwAlgId);
-        goto done;
-    }
-    CryptDestroyKey(hTempKey);
-    hTempKey = 0;
+    if(bCheckKeyLength) {
+        /* We have to get the key size(including padding) from an HCRYPTKEY handle.
+         * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
+         */
+        if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "CryptGenKey",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "algId=%d", dwAlgId);
+            goto done;
+        }
 
-    /* Our key is too big, leave */
-    if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
-        xmlSecError(XMLSEC_ERRORS_HERE,
-                    NULL,
-                    NULL,
-                    XMLSEC_ERRORS_R_INVALID_SIZE,
-                    "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld",
-                    dwKeyMaterial, dwProvSessionKeySize);
-        goto done;
+        dwSize = sizeof(DWORD);
+        if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "CryptGetKeyParam(KP_KEYLEN)",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        "algId=%d", dwAlgId);
+            goto done;
+        }
+        CryptDestroyKey(hTempKey);
+        hTempKey = 0;
+
+        /* yell if key is too big */
+        if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        NULL,
+                        XMLSEC_ERRORS_R_INVALID_SIZE,
+                        "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld",
+                        dwKeyMaterial, dwProvSessionKeySize);
+            goto done;
+        }
+    } else {
+        dwProvSessionKeySize = dwKeyMaterial * 8;
     }
 
     /* Get private key's algorithm */



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]