[xmlsec] generalize aes kw
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] generalize aes kw
- Date: Fri, 30 Apr 2010 23:18:38 +0000 (UTC)
commit fd92a5b25e5a403bee53079d1fdf9c405d3ab5e8
Author: Aleksey Sanin <aleksey aleksey com>
Date: Fri Apr 30 16:17:38 2010 -0700
generalize aes kw
src/Makefile.am | 2 +
src/kw_aes_des.c | 210 +++++++++++++++++++++++++++++++++++++
src/kw_aes_des.h | 62 +++++++++++
src/openssl/kw_aes.c | 278 +++++++++++---------------------------------------
win32/Makefile.msvc | 2 +
win32/mycfg.bat | 2 +-
6 files changed, 336 insertions(+), 220 deletions(-)
---
diff --git a/src/Makefile.am b/src/Makefile.am
index e28bb5e..3883ab6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -14,6 +14,7 @@ INCLUDES = \
EXTRA_DIST = \
globals.h \
+ kw_aes_des.h \
skeleton \
mscrypto \
$(XMLSEC_CRYPTO_DISABLED_LIST) \
@@ -38,6 +39,7 @@ libxmlsec1_la_SOURCES = \
keys.c \
keysdata.c \
keysmngr.c \
+ kw_aes_des.c \
list.c \
membuf.c \
nodeset.c \
diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c
new file mode 100644
index 0000000..ae6452e
--- /dev/null
+++ b/src/kw_aes_des.c
@@ -0,0 +1,210 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Implementation of AES/DES Key Transport algorithm
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/errors.h>
+
+#include "kw_aes_des.h"
+
+
+#ifndef XMLSEC_NO_AES
+/********************************************************************
+ *
+ * KT AES
+ *
+ ********************************************************************/
+
+/**
+ * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap:
+ *
+ * Assume that the data to be wrapped consists of N 64-bit data blocks
+ * denoted P(1), P(2), P(3) ... P(N). The result of wrapping will be N+1
+ * 64-bit blocks denoted C(0), C(1), C(2), ... C(N). The key encrypting
+ * key is represented by K. Assume integers i, j, and t and intermediate
+ * 64-bit register A, 128-bit register B, and array of 64-bit quantities
+ * R(1) through R(N).
+ *
+ * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
+ * is the 128-bit quantity with x in the most significant bits and y in the
+ * least significant bits. AES(K)enc(x) is the operation of AES encrypting
+ * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
+ * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
+ * MSB(x) and LSB(y) are the most significant 64 bits and least significant
+ * 64 bits of x and y respectively.
+ *
+ * If N is 1, a single AES operation is performed for wrap or unwrap.
+ * If N>1, then 6*N AES operations are performed for wrap or unwrap.
+ *
+ * The key wrap algorithm is as follows:
+ *
+ * 1. If N is 1:
+ * * B=AES(K)enc(0xA6A6A6A6A6A6A6A6|P(1))
+ * * C(0)=MSB(B)
+ * * C(1)=LSB(B)
+ * If N>1, perform the following steps:
+ * 2. Initialize variables:
+ * * Set A to 0xA6A6A6A6A6A6A6A6
+ * * Fori=1 to N,
+ * R(i)=P(i)
+ * 3. Calculate intermediate values:
+ * * Forj=0 to 5,
+ * o For i=1 to N,
+ * t= i + j*N
+ * B=AES(K)enc(A|R(i))
+ * A=XOR(t,MSB(B))
+ * R(i)=LSB(B)
+ * 4. Output the results:
+ * * Set C(0)=A
+ * * For i=1 to N,
+ * C(i)=R(i)
+ *
+ * The key unwrap algorithm is as follows:
+ *
+ * 1. If N is 1:
+ * * B=AES(K)dec(C(0)|C(1))
+ * * P(1)=LSB(B)
+ * * If MSB(B) is 0xA6A6A6A6A6A6A6A6, return success. Otherwise,
+ * return an integrity check failure error.
+ * If N>1, perform the following steps:
+ * 2. Initialize the variables:
+ * * A=C(0)
+ * * For i=1 to N,
+ * R(i)=C(i)
+ * 3. Calculate intermediate values:
+ * * For j=5 to 0,
+ * o For i=N to 1,
+ * t= i + j*N
+ * B=AES(K)dec(XOR(t,A)|R(i))
+ * A=MSB(B)
+ * R(i)=LSB(B)
+ * 4. Output the results:
+ * * For i=1 to N,
+ * P(i)=R(i)
+ * * If A is 0xA6A6A6A6A6A6A6A6, return success. Otherwise, return
+ * an integrity check failure error.
+ */
+static const xmlSecByte xmlSecKWAesMagicBlock[XMLSEC_KW_AES_MAGIC_BLOCK_SIZE] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
+};
+
+int
+xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
+ xmlSecByte *p;
+ int N, i, j, t;
+ int ret;
+
+ xmlSecAssert2(encryptCallback != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, -1);
+
+ /* prepend magic block */
+ if(in != out) {
+ memcpy(out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
+ } else {
+ memmove(out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
+ }
+ memcpy(out, xmlSecKWAesMagicBlock, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+
+ N = (inSize / 8);
+ if(N == 1) {
+ encryptCallback(out, out, key);
+ } else {
+ for(j = 0; j <= 5; ++j) {
+ for(i = 1; i <= N; ++i) {
+ t = i + (j * N);
+ p = out + i * 8;
+
+ memcpy(block, out, 8);
+ memcpy(block + 8, p, 8);
+
+ encryptCallback(block, block, key);
+ block[7] ^= t;
+ memcpy(out, block, 8);
+ memcpy(p, block + 8, 8);
+ }
+ }
+ }
+
+ return(inSize + 8);
+}
+
+int
+xmlSecKWAesDecode(xmlSecAesBlockDecryptCallback decryptCallback, void *key,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
+ xmlSecByte *p;
+ int N, i, j, t;
+ int ret;
+
+ xmlSecAssert2(decryptCallback != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* copy input */
+ if(in != out) {
+ memcpy(out, in, inSize);
+ }
+
+ N = (inSize / 8) - 1;
+ if(N == 1) {
+ decryptCallback(out, out, key);
+ } else {
+ for(j = 5; j >= 0; --j) {
+ for(i = N; i > 0; --i) {
+ t = i + (j * N);
+ p = out + i * 8;
+
+ memcpy(block, out, 8);
+ memcpy(block + 8, p, 8);
+ block[7] ^= t;
+
+ decryptCallback(block, block, key);
+ memcpy(out, block, 8);
+ memcpy(p, block + 8, 8);
+ }
+ }
+ }
+ /* do not left data in memory */
+ memset(block, 0, sizeof(block));
+
+ /* check the output */
+ if(memcmp(xmlSecKWAesMagicBlock, out, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "bad magic block");
+ return(-1);
+ }
+
+ /* get rid of magic block */
+ memmove(out, out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+ return(inSize - XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+}
+
+#endif /* XMLSEC_NO_AES */
+
diff --git a/src/kw_aes_des.h b/src/kw_aes_des.h
new file mode 100755
index 0000000..d6a7504
--- /dev/null
+++ b/src/kw_aes_des.h
@@ -0,0 +1,62 @@
+/**
+ * XMLSec library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * Implementation of AES/DES Key Transport algorithm
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin, All rights reserved.
+ */
+#ifndef __XMLSEC_KT_AES_DES_H__
+#define __XMLSEC_KT_AES_DES_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_AES
+/********************************************************************
+ *
+ * KT AES
+ *
+ ********************************************************************/
+#define XMLSEC_KW_AES_MAGIC_BLOCK_SIZE 8
+#define XMLSEC_KW_AES_BLOCK_SIZE 16
+#define XMLSEC_KW_AES128_KEY_SIZE 16
+#define XMLSEC_KW_AES192_KEY_SIZE 24
+#define XMLSEC_KW_AES256_KEY_SIZE 32
+
+typedef int (*xmlSecAesBlockEncryptCallback) (const xmlSecByte * in,
+ xmlSecByte * out,
+ void * key);
+typedef int (*xmlSecAesBlockDecryptCallback) (const xmlSecByte * in,
+ xmlSecByte * out,
+ void * key);
+
+
+XMLSEC_EXPORT int
+xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+XMLSEC_EXPORT int
+xmlSecKWAesDecode(xmlSecAesBlockDecryptCallback decryptCallback, void *key,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+#endif /* XMLSEC_NO_AES */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KT_AES_DES_H__ */
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
index 76c6ed0..aa76a29 100644
--- a/src/openssl/kw_aes.c
+++ b/src/openssl/kw_aes.c
@@ -28,11 +28,7 @@
#include <xmlsec/openssl/crypto.h>
-#define XMLSEC_OPENSSL_AES128_KEY_SIZE 16
-#define XMLSEC_OPENSSL_AES192_KEY_SIZE 24
-#define XMLSEC_OPENSSL_AES256_KEY_SIZE 32
-#define XMLSEC_OPENSSL_AES_IV_SIZE 16
-#define XMLSEC_OPENSSL_AES_BLOCK_SIZE 16
+#include "../kw_aes_des.h"
/*********************************************************************
@@ -151,8 +147,6 @@ static xmlSecTransformKlass xmlSecOpenSSLKWAes256Klass = {
NULL, /* void* reserved1; */
};
-#define XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE 8
-
#define xmlSecOpenSSLKWAesCheckId(transform) \
(xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes128Id) || \
xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes192Id) || \
@@ -194,6 +188,27 @@ xmlSecOpenSSLTransformKWAes256GetKlass(void) {
return(&xmlSecOpenSSLKWAes256Klass);
}
+
+static int
+xmlSecOpenSSLAesBlockEncryptCallback(const xmlSecByte * in, xmlSecByte * out, void * key) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ AES_encrypt(in, out, (AES_KEY*)key);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLAesBlockDecryptCallback(const xmlSecByte * in, xmlSecByte * out, void * key) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ AES_decrypt(in, out, (AES_KEY*)key);
+ return(0);
+}
+
static int
xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) {
int ret;
@@ -291,6 +306,7 @@ static int
xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecBufferPtr in, out, key;
xmlSecSize inSize, outSize, keySize, expectedKeySize;
+ AES_KEY aesKey;
int ret;
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
@@ -329,10 +345,10 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
if(transform->operation == xmlSecTransformOperationEncrypt) {
/* the encoded key might be 8 bytes longer plus 8 bytes just in case */
- outSize = inSize + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE +
- XMLSEC_OPENSSL_AES_BLOCK_SIZE;
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
} else {
- outSize = inSize + XMLSEC_OPENSSL_AES_BLOCK_SIZE;
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
}
ret = xmlSecBufferSetMaxSize(out, outSize);
@@ -346,26 +362,48 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
}
if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecOpenSSLKWAesEncode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
+ /* prepare key */
+ ret = AES_set_encrypt_key(xmlSecBufferGetData(key), 8 * keySize, &aesKey);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "AES_set_decrypt_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKWAesEncode(xmlSecOpenSSLAesBlockEncryptCallback, &aesKey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKWAesEncode",
+ "xmlSecKWAesEncode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
outSize = ret;
} else {
- ret = xmlSecOpenSSLKWAesDecode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
+ /* prepare key */
+ ret = AES_set_decrypt_key(xmlSecBufferGetData(key), 8 * keySize, &aesKey);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "AES_set_decrypt_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKWAesDecode(xmlSecOpenSSLAesBlockDecryptCallback, &aesKey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKWAesDecode",
+ "xmlSecKWAesEncode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
@@ -411,212 +449,14 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
static xmlSecSize
xmlSecOpenSSLKWAesGetKeySize(xmlSecTransformPtr transform) {
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes128Id)) {
- return(XMLSEC_OPENSSL_AES128_KEY_SIZE);
+ return(XMLSEC_KW_AES128_KEY_SIZE);
} else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes192Id)) {
- return(XMLSEC_OPENSSL_AES192_KEY_SIZE);
+ return(XMLSEC_KW_AES192_KEY_SIZE);
} else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) {
- return(XMLSEC_OPENSSL_AES256_KEY_SIZE);
+ return(XMLSEC_KW_AES256_KEY_SIZE);
}
return(0);
}
-/**
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap:
- *
- * Assume that the data to be wrapped consists of N 64-bit data blocks
- * denoted P(1), P(2), P(3) ... P(N). The result of wrapping will be N+1
- * 64-bit blocks denoted C(0), C(1), C(2), ... C(N). The key encrypting
- * key is represented by K. Assume integers i, j, and t and intermediate
- * 64-bit register A, 128-bit register B, and array of 64-bit quantities
- * R(1) through R(N).
- *
- * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
- * is the 128-bit quantity with x in the most significant bits and y in the
- * least significant bits. AES(K)enc(x) is the operation of AES encrypting
- * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
- * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
- * MSB(x) and LSB(y) are the most significant 64 bits and least significant
- * 64 bits of x and y respectively.
- *
- * If N is 1, a single AES operation is performed for wrap or unwrap.
- * If N>1, then 6*N AES operations are performed for wrap or unwrap.
- *
- * The key wrap algorithm is as follows:
- *
- * 1. If N is 1:
- * * B=AES(K)enc(0xA6A6A6A6A6A6A6A6|P(1))
- * * C(0)=MSB(B)
- * * C(1)=LSB(B)
- * If N>1, perform the following steps:
- * 2. Initialize variables:
- * * Set A to 0xA6A6A6A6A6A6A6A6
- * * Fori=1 to N,
- * R(i)=P(i)
- * 3. Calculate intermediate values:
- * * Forj=0 to 5,
- * o For i=1 to N,
- * t= i + j*N
- * B=AES(K)enc(A|R(i))
- * A=XOR(t,MSB(B))
- * R(i)=LSB(B)
- * 4. Output the results:
- * * Set C(0)=A
- * * For i=1 to N,
- * C(i)=R(i)
- *
- * The key unwrap algorithm is as follows:
- *
- * 1. If N is 1:
- * * B=AES(K)dec(C(0)|C(1))
- * * P(1)=LSB(B)
- * * If MSB(B) is 0xA6A6A6A6A6A6A6A6, return success. Otherwise,
- * return an integrity check failure error.
- * If N>1, perform the following steps:
- * 2. Initialize the variables:
- * * A=C(0)
- * * For i=1 to N,
- * R(i)=C(i)
- * 3. Calculate intermediate values:
- * * For j=5 to 0,
- * o For i=N to 1,
- * t= i + j*N
- * B=AES(K)dec(XOR(t,A)|R(i))
- * A=MSB(B)
- * R(i)=LSB(B)
- * 4. Output the results:
- * * For i=1 to N,
- * P(i)=R(i)
- * * If A is 0xA6A6A6A6A6A6A6A6, return success. Otherwise, return
- * an integrity check failure error.
- */
-static const xmlSecByte xmlSecOpenSSLKWAesMagicBlock[XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE] = {
- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
-};
-
-static int
-xmlSecOpenSSLKWAesEncode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- AES_KEY aesKey;
- xmlSecByte block[XMLSEC_OPENSSL_AES_BLOCK_SIZE];
- xmlSecByte *p;
- int N, i, j, t;
- int ret;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize > 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize + 8, -1);
-
- ret = AES_set_encrypt_key(key, 8 * keySize, &aesKey);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "AES_set_encrypt_key",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* prepend magic block */
- if(in != out) {
- memcpy(out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
- } else {
- memmove(out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
- }
- memcpy(out, xmlSecOpenSSLKWAesMagicBlock, XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
-
- N = (inSize / 8);
- if(N == 1) {
- AES_encrypt(out, out, &aesKey);
- } else {
- for(j = 0; j <= 5; ++j) {
- for(i = 1; i <= N; ++i) {
- t = i + (j * N);
- p = out + i * 8;
-
- memcpy(block, out, 8);
- memcpy(block + 8, p, 8);
-
- AES_encrypt(block, block, &aesKey);
- block[7] ^= t;
- memcpy(out, block, 8);
- memcpy(p, block + 8, 8);
- }
- }
- }
-
- return(inSize + 8);
-}
-
-static int
-xmlSecOpenSSLKWAesDecode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- AES_KEY aesKey;
- xmlSecByte block[XMLSEC_OPENSSL_AES_BLOCK_SIZE];
- xmlSecByte *p;
- int N, i, j, t;
- int ret;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize > 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- ret = AES_set_decrypt_key(key, 8 * keySize, &aesKey);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "AES_set_decrypt_key",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* copy input */
- if(in != out) {
- memcpy(out, in, inSize);
- }
-
- N = (inSize / 8) - 1;
- if(N == 1) {
- AES_decrypt(out, out, &aesKey);
- } else {
- for(j = 5; j >= 0; --j) {
- for(i = N; i > 0; --i) {
- t = i + (j * N);
- p = out + i * 8;
-
- memcpy(block, out, 8);
- memcpy(block + 8, p, 8);
- block[7] ^= t;
-
- AES_decrypt(block, block, &aesKey);
- memcpy(out, block, 8);
- memcpy(p, block + 8, 8);
- }
- }
- }
- /* do not left data in memory */
- memset(block, 0, sizeof(block));
-
- if(memcmp(xmlSecOpenSSLKWAesMagicBlock, out, XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "bad magic block");
- return(-1);
- }
-
- memmove(out, out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
- return(inSize - XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
-}
-
#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
index 65e256d..327337b 100644
--- a/win32/Makefile.msvc
+++ b/win32/Makefile.msvc
@@ -143,6 +143,7 @@ XMLSEC_OBJS = \
$(XMLSEC_INTDIR)\keys.obj \
$(XMLSEC_INTDIR)\keysdata.obj \
$(XMLSEC_INTDIR)\keysmngr.obj \
+ $(XMLSEC_INTDIR)\kw_aes_des.obj \
$(XMLSEC_INTDIR)\list.obj \
$(XMLSEC_INTDIR)\membuf.obj \
$(XMLSEC_INTDIR)\nodeset.obj \
@@ -173,6 +174,7 @@ XMLSEC_OBJS_A = \
$(XMLSEC_INTDIR_A)\keys.obj \
$(XMLSEC_INTDIR_A)\keysdata.obj \
$(XMLSEC_INTDIR_A)\keysmngr.obj \
+ $(XMLSEC_INTDIR_A)\kw_aes_des.obj \
$(XMLSEC_INTDIR_A)\list.obj \
$(XMLSEC_INTDIR_A)\membuf.obj \
$(XMLSEC_INTDIR_A)\nodeset.obj \
diff --git a/win32/mycfg.bat b/win32/mycfg.bat
index 9af468e..b1ec8ad 100644
--- a/win32/mycfg.bat
+++ b/win32/mycfg.bat
@@ -11,7 +11,7 @@ REM
SET PREFIX=C:\cygwin\home\local
SET XMLSEC_INCLUDE=%PREFIX%\include;%PREFIX%\include\mozilla;%PREFIX%\include\mozilla\nspr;%PREFIX%\include\mozilla\nss;%MSSDK_INCLUDE%
SET XMLSEC_LIB=%PREFIX%\lib;%MSSDK_LIB%
-SET XMLSEC_OPTIONS=static=no iconv=no debug=yes xslt=yes crypto=mscrypto,openssl unicode=yes
+SET XMLSEC_OPTIONS=static=no iconv=no debug=yes xslt=yes crypto=openssl unicode=yes
del /F Makefile configure.txt
cscript configure.js prefix=%PREFIX% %XMLSEC_OPTIONS% include=%XMLSEC_INCLUDE% lib=%XMLSEC_LIB%
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
