[xmlsec] cleanup kw aes implementation
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] cleanup kw aes implementation
- Date: Sat, 8 May 2010 17:20:24 +0000 (UTC)
commit 07bfa981d8030c697501ef78f39fd1f13d1bfbc4
Author: Aleksey Sanin <aleksey aleksey com>
Date: Sat May 8 10:20:07 2010 -0700
cleanup kw aes implementation
src/kw_aes_des.c | 32 +-
src/kw_aes_des.h | 24 +-
src/mscrypto/Makefile.am | 1 +
src/mscrypto/ciphers.c | 451 +-------------------
src/mscrypto/kw_aes.c | 1110 ++++++++--------------------------------------
src/openssl/kw_aes.c | 345 ++++++++-------
win32/Makefile.msvc | 2 +
7 files changed, 415 insertions(+), 1550 deletions(-)
---
diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c
index 638edd3..924e5e5 100644
--- a/src/kw_aes_des.c
+++ b/src/kw_aes_des.c
@@ -102,7 +102,7 @@ static const xmlSecByte xmlSecKWAesMagicBlock[XMLSEC_KW_AES_MAGIC_BLOCK_SIZE] =
};
int
-xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
+xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context,
const xmlSecByte *in, xmlSecSize inSize,
xmlSecByte *out, xmlSecSize outSize) {
xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
@@ -110,8 +110,10 @@ xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
int N, i, j, t;
int ret;
- xmlSecAssert2(encryptCallback != NULL, -1);
- xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(kwAesId != NULL, -1);
+ xmlSecAssert2(kwAesId->encrypt != NULL, -1);
+ xmlSecAssert2(kwAesId->decrypt != NULL, -1);
+ xmlSecAssert2(context != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
@@ -127,11 +129,11 @@ xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
N = (inSize / 8);
if(N == 1) {
- ret = encryptCallback(out, inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, outSize, key);
+ ret = kwAesId->encrypt(out, inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, outSize, context);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "encryptCallback",
+ "kwAesId->encrypt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
@@ -145,11 +147,11 @@ xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
memcpy(block, out, 8);
memcpy(block + 8, p, 8);
- ret = encryptCallback(block, sizeof(block), block, sizeof(block), key);
+ ret = kwAesId->encrypt(block, sizeof(block), block, sizeof(block), context);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "encryptCallback",
+ "kwAesId->encrypt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
@@ -165,7 +167,7 @@ xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
}
int
-xmlSecKWAesDecode(xmlSecAesBlockDecryptCallback decryptCallback, void *key,
+xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
const xmlSecByte *in, xmlSecSize inSize,
xmlSecByte *out, xmlSecSize outSize) {
xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
@@ -173,8 +175,10 @@ xmlSecKWAesDecode(xmlSecAesBlockDecryptCallback decryptCallback, void *key,
int N, i, j, t;
int ret;
- xmlSecAssert2(decryptCallback != NULL, -1);
- xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(kwAesId != NULL, -1);
+ xmlSecAssert2(kwAesId->encrypt != NULL, -1);
+ xmlSecAssert2(kwAesId->decrypt != NULL, -1);
+ xmlSecAssert2(context != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
@@ -187,11 +191,11 @@ xmlSecKWAesDecode(xmlSecAesBlockDecryptCallback decryptCallback, void *key,
N = (inSize / 8) - 1;
if(N == 1) {
- ret = decryptCallback(out, inSize, out, outSize, key);
+ ret = kwAesId->decrypt(out, inSize, out, outSize, context);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "decryptCallback",
+ "kwAesId->decrypt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
@@ -206,11 +210,11 @@ xmlSecKWAesDecode(xmlSecAesBlockDecryptCallback decryptCallback, void *key,
memcpy(block + 8, p, 8);
block[7] ^= t;
- ret = decryptCallback(block, sizeof(block), block, sizeof(block), key);
+ ret = kwAesId->decrypt(block, sizeof(block), block, sizeof(block), context);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "encryptCallback",
+ "kwAesId->decrypt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
diff --git a/src/kw_aes_des.h b/src/kw_aes_des.h
index 9283a18..f6d7762 100755
--- a/src/kw_aes_des.h
+++ b/src/kw_aes_des.h
@@ -34,25 +34,37 @@ extern "C" {
#define XMLSEC_KW_AES192_KEY_SIZE 24
#define XMLSEC_KW_AES256_KEY_SIZE 32
-typedef int (*xmlSecAesBlockEncryptCallback) (const xmlSecByte * in,
+typedef int (*xmlSecKWAesBlockEncryptMethod) (const xmlSecByte * in,
xmlSecSize inSize,
xmlSecByte * out,
xmlSecSize outSize,
- void * key);
-typedef int (*xmlSecAesBlockDecryptCallback) (const xmlSecByte * in,
+ void * context);
+typedef int (*xmlSecKWAesBlockDecryptMethod) (const xmlSecByte * in,
xmlSecSize inSize,
xmlSecByte * out,
xmlSecSize outSize,
- void * key);
+ void * context);
+struct _xmlSecKWAesKlass {
+ /* callbacks */
+ xmlSecKWAesBlockEncryptMethod encrypt;
+ xmlSecKWAesBlockDecryptMethod decrypt;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+typedef const struct _xmlSecKWAesKlass xmlSecKWAesKlass,
+ *xmlSecKWAesId;
+
XMLSEC_EXPORT int
-xmlSecKWAesEncode(xmlSecAesBlockEncryptCallback encryptCallback, void *key,
+xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *key,
const xmlSecByte *in, xmlSecSize inSize,
xmlSecByte *out, xmlSecSize outSize);
XMLSEC_EXPORT int
-xmlSecKWAesDecode(xmlSecAesBlockDecryptCallback decryptCallback, void *key,
+xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *key,
const xmlSecByte *in, xmlSecSize inSize,
xmlSecByte *out, xmlSecSize outSize);
diff --git a/src/mscrypto/Makefile.am b/src/mscrypto/Makefile.am
index 1099e3f..05285ec 100644
--- a/src/mscrypto/Makefile.am
+++ b/src/mscrypto/Makefile.am
@@ -29,6 +29,7 @@ libxmlsec1_mscrypto_la_SOURCES =\
digests.c \
hmac.c \
keysstore.c \
+ kw_aes.c \
kt_rsa.c \
signatures.c \
symkeys.c \
diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c
index 0aa0fe7..0590cbe 100644
--- a/src/mscrypto/ciphers.c
+++ b/src/mscrypto/ciphers.c
@@ -21,7 +21,6 @@
#include <xmlsec/mscrypto/crypto.h>
-#include "../kw_aes_des.h"
#include "private.h"
@@ -46,7 +45,6 @@ struct _xmlSecMSCryptoBlockCipherCtx {
HCRYPTPROV cryptProvider;
HCRYPTKEY pubPrivKey;
HCRYPTKEY cryptKey;
- xmlSecBuffer kwKeyBuffer; /* used only for KW algorithm - need to reset cryptKey for every operation to avoid CBC mode */
int ctxInitialized;
};
/* function declarations */
@@ -498,13 +496,6 @@ xmlSecMSCryptoBlockCipherCheckId(xmlSecTransformPtr transform) {
return(1);
}
-
- if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes128Id) ||
- xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes192Id) ||
- xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes256Id)) {
-
- return(1);
- }
#endif /* XMLSEC_NO_AES */
return(0);
@@ -523,16 +514,6 @@ xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
- ret = xmlSecBufferInitialize(&ctx->kwKeyBuffer, 0);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
#ifndef XMLSEC_NO_DES
if(transform->id == xmlSecMSCryptoTransformDes3CbcId) {
ctx->algorithmIdentifier = CALG_3DES;
@@ -558,23 +539,7 @@ xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
ctx->keyId = xmlSecMSCryptoKeyDataAesId;
ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
ctx->keySize = 32;
- } else if(transform->id == xmlSecMSCryptoTransformKWAes128Id) {
- ctx->algorithmIdentifier = CALG_AES_128;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
- ctx->keySize = XMLSEC_KW_AES128_KEY_SIZE;
- } else if(transform->id == xmlSecMSCryptoTransformKWAes192Id) {
- ctx->algorithmIdentifier = CALG_AES_192;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
- ctx->keySize = XMLSEC_KW_AES192_KEY_SIZE;
- } else if(transform->id == xmlSecMSCryptoTransformKWAes256Id) {
- ctx->algorithmIdentifier = CALG_AES_256;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
- ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE;
- } else
-
+ } else
#endif /* XMLSEC_NO_AES */
{
@@ -632,8 +597,6 @@ xmlSecMSCryptoBlockCipherFinalize(xmlSecTransformPtr transform) {
CryptReleaseContext(ctx->cryptProvider, 0);
}
- xmlSecBufferFinalize(&ctx->kwKeyBuffer);
-
memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
}
@@ -977,415 +940,3 @@ xmlSecMSCryptoTransformDes3CbcGetKlass(void) {
return(&xmlSecMSCryptoDes3CbcKlass);
}
#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
-static int
-xmlSecMSCryptoAesBlockEncryptCallback(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * key) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx = (xmlSecMSCryptoBlockCipherCtxPtr)key;
- DWORD dwCLen;
-
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->pubPrivKey != 0, -1);
- xmlSecAssert2(ctx->cryptKey == 0, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&ctx->kwKeyBuffer) == ctx->keySize, -1);
-
- /* Import this key and get an HCRYPTKEY handle, we do it again and again
- to ensure we don't go into CBC mode */
- if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
- ctx->pubPrivKey,
- ctx->algorithmIdentifier,
- xmlSecBufferGetData(&ctx->kwKeyBuffer),
- xmlSecBufferGetSize(&ctx->kwKeyBuffer),
- TRUE,
- &(ctx->cryptKey))) {
-
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoImportPlainSessionBlob",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
- * can be skipped. I hope this will work .... */
- memcpy(out, in, inSize);
- dwCLen = inSize;
- if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptEncrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* cleanup */
- if (ctx->cryptKey != 0) {
- CryptDestroyKey(ctx->cryptKey);
- ctx->cryptKey = 0;
- }
-
- return(0);
-}
-
-static int
-xmlSecMSCryptoAesBlockDecryptCallback(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * key) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx = (xmlSecMSCryptoBlockCipherCtxPtr)key;
- DWORD dwCLen;
-
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->pubPrivKey != 0, -1);
- xmlSecAssert2(ctx->cryptKey == 0, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&ctx->kwKeyBuffer) == ctx->keySize, -1);
-
- /* Import this key and get an HCRYPTKEY handle, we do it again and again
- to ensure we don't go into CBC mode */
- if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
- ctx->pubPrivKey,
- ctx->algorithmIdentifier,
- xmlSecBufferGetData(&ctx->kwKeyBuffer),
- xmlSecBufferGetSize(&ctx->kwKeyBuffer),
- TRUE,
- &(ctx->cryptKey))) {
-
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoImportPlainSessionBlob",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
- * can be skipped. I hope this will work .... */
- memcpy(out, in, inSize);
- dwCLen = inSize;
- if(!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, out, &dwCLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptEncrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* cleanup */
- if (ctx->cryptKey != 0) {
- CryptDestroyKey(ctx->cryptKey);
- ctx->cryptKey = 0;
- }
-
- return(0);
-}
-
-static int
-xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
- xmlSecBufferPtr buffer;
- xmlSecSize keySize;
- int ret;
-
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataAesId), -1);
-
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
-
- keySize = xmlSecBufferGetSize(buffer);
- if(keySize < ctx->keySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key=%d;expected=%d",
- keySize, ctx->keySize);
- return(-1);
- }
-
- ret = xmlSecBufferSetData(&(ctx->kwKeyBuffer),
- xmlSecBufferGetData(buffer),
- ctx->keySize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected-size=%d",
- ctx->keySize);
- return(-1);
- }
-
- return(0);
-}
-
-static int
-xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
- xmlSecBufferPtr in, out;
- xmlSecSize inSize, outSize;
- int ret;
-
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
- } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % 8) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d(not 8 bytes aligned)", inSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
- outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
- XMLSEC_KW_AES_BLOCK_SIZE;
- } else {
- outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecKWAesEncode(xmlSecMSCryptoAesBlockEncryptCallback, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWAesEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecKWAesDecode(xmlSecMSCryptoAesBlockDecryptCallback, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWAesEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "inSize%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
- return(0);
-}
-
-/*********************************************************************
- *
- * AES KW cipher transforms
- *
- ********************************************************************/
-
-/*
- * The AES-128 kew wrapper transform klass.
- */
-static xmlSecTransformKlass xmlSecMSCryptoKWAes128Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes128, /* const xmlChar* name; */
- xmlSecHrefKWAes128, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecMSCryptoTransformKWAes128GetKlass:
- *
- * The AES-128 kew wrapper transform klass.
- *
- * Returns: AES-128 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformKWAes128GetKlass(void) {
- return(&xmlSecMSCryptoKWAes128Klass);
-}
-
-
-/*
- * The AES-192 kew wrapper transform klass.
- */
-static xmlSecTransformKlass xmlSecMSCryptoKWAes192Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes192, /* const xmlChar* name; */
- xmlSecHrefKWAes192, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecMSCryptoTransformKWAes192GetKlass:
- *
- * The AES-192 kew wrapper transform klass.
- *
- * Returns: AES-192 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformKWAes192GetKlass(void) {
- return(&xmlSecMSCryptoKWAes192Klass);
-}
-
-/*
- * The AES-256 kew wrapper transform klass.
- */
-static xmlSecTransformKlass xmlSecMSCryptoKWAes256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes256, /* const xmlChar* name; */
- xmlSecHrefKWAes256, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecMSCryptoTransformKWAes256GetKlass:
- *
- * The AES-256 kew wrapper transform klass.
- *
- * Returns: AES-256 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformKWAes256GetKlass(void) {
- return(&xmlSecMSCryptoKWAes256Klass);
-}
-
-#endif /* XMLSEC_NO_AES */
diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c
index 0aa0fe7..e949804 100644
--- a/src/mscrypto/kw_aes.c
+++ b/src/mscrypto/kw_aes.c
@@ -24,20 +24,48 @@
#include "../kw_aes_des.h"
#include "private.h"
-
#if defined(__MINGW32__)
# include "xmlsec-mingw.h"
#endif
+#ifndef XMLSEC_NO_AES
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecMSCryptoKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * cb_ctx);
+static int xmlSecMSCryptoKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * cb_ctx);
+
+/* klass for KW AES operation */
+static xmlSecKWAesKlass xmlSecMSCryptoKWAesKlass = {
+ /* callbacks */
+ xmlSecMSCryptoKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecMSCryptoKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
/**************************************************************************
*
- * Internal MSCrypto Block cipher CTX
+ * Internal MSCrypto KW AES cipher CTX
*
*****************************************************************************/
-typedef struct _xmlSecMSCryptoBlockCipherCtx xmlSecMSCryptoBlockCipherCtx,
- *xmlSecMSCryptoBlockCipherCtxPtr;
-struct _xmlSecMSCryptoBlockCipherCtx {
+typedef struct _xmlSecMSCryptoKWAesCtx xmlSecMSCryptoKWAesCtx,
+ *xmlSecMSCryptoKWAesCtxPtr;
+struct _xmlSecMSCryptoKWAesCtx {
ALG_ID algorithmIdentifier;
const xmlSecMSCryptoProviderInfo * providers;
xmlSecKeyDataId keyId;
@@ -46,419 +74,32 @@ struct _xmlSecMSCryptoBlockCipherCtx {
HCRYPTPROV cryptProvider;
HCRYPTKEY pubPrivKey;
HCRYPTKEY cryptKey;
- xmlSecBuffer kwKeyBuffer; /* used only for KW algorithm - need to reset cryptKey for every operation to avoid CBC mode */
- int ctxInitialized;
+ xmlSecBuffer kwKeyBuffer;
};
-/* function declarations */
-static int xmlSecMSCryptoBlockCipherCtxUpdate (xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-
-
-static int
-xmlSecMSCryptoBlockCipherCtxInit(xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- int blockLen;
- int ret;
- DWORD dwBlockLen, dwBlockLenLen;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cryptKey != 0, -1);
- xmlSecAssert2(ctx->ctxInitialized == 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- /* iv len == block len */
- dwBlockLenLen = sizeof(DWORD);
- if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- blockLen = dwBlockLen / 8;
- xmlSecAssert2(blockLen > 0, -1);
- if(encrypt) {
- unsigned char* iv;
- size_t outSize;
-
- /* allocate space for IV */
- outSize = xmlSecBufferGetSize(out);
- ret = xmlSecBufferSetSize(out, outSize + blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + blockLen);
- return(-1);
- }
- iv = xmlSecBufferGetData(out) + outSize;
-
- /* generate and use random iv */
- if(!CryptGenRandom(ctx->cryptProvider, blockLen, iv)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGenRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "len=%d", blockLen);
- return(-1);
- }
-
- if(!CryptSetKeyParam(ctx->cryptKey, KP_IV, iv, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- /* if we don't have enough data, exit and hope that
- * we'll have iv next time */
- if(xmlSecBufferGetSize(in) < (size_t)blockLen) {
- return(0);
- }
- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
-
- /* set iv */
- if (!CryptSetKeyParam(ctx->cryptKey, KP_IV, xmlSecBufferGetData(in), 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* and remove from input */
- ret = xmlSecBufferRemoveHead(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
-
- }
- }
-
- ctx->ctxInitialized = 1;
- return(0);
-}
-
-static int
-xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- size_t inSize, inBlocks, outSize;
- int blockLen;
- unsigned char* outBuf;
- unsigned char* inBuf;
- int ret;
- DWORD dwBlockLen, dwBlockLenLen, dwCLen;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- dwBlockLenLen = sizeof(DWORD);
- if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- blockLen = dwBlockLen / 8;
- xmlSecAssert2(blockLen > 0, -1);
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
- if(inSize < (size_t)blockLen) {
- return(0);
- }
-
- if(encrypt) {
- inBlocks = inSize / ((size_t)blockLen);
- } else {
- /* we want to have the last block in the input buffer
- * for padding check */
- inBlocks = (inSize - 1) / ((size_t)blockLen);
- }
- inSize = inBlocks * ((size_t)blockLen);
-
- /* we write out the input size plus may be one block */
- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize + blockLen);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
- inBuf = xmlSecBufferGetData(in);
- xmlSecAssert2(inBuf != NULL, -1);
-
- memcpy(outBuf, inBuf, inSize);
- dwCLen = inSize;
- if(encrypt) {
- if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEncrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyDecrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- /* Check if we really have de/encrypted the numbers of bytes that we requested */
- if (dwCLen != inSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEn/Decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%ld", dwCLen);
- return(-1);
- }
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- return(0);
-}
-
-static int
-xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- size_t inSize, outSize;
- int blockLen, outLen = 0;
- unsigned char* inBuf;
- unsigned char* outBuf;
- int ret;
- DWORD dwBlockLen, dwBlockLenLen, dwCLen;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- dwBlockLenLen = sizeof(DWORD);
- if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- blockLen = dwBlockLen / 8;
- xmlSecAssert2(blockLen > 0, -1);
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
- if(encrypt != 0) {
- xmlSecAssert2(inSize < (size_t)blockLen, -1);
-
- /* create padding */
- ret = xmlSecBufferSetMaxSize(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
-
- /* create random padding */
- if((size_t)blockLen > (inSize + 1)) {
- if (!CryptGenRandom(ctx->cryptProvider, blockLen - inSize - 1, inBuf + inSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGenRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- inBuf[blockLen - 1] = blockLen - inSize;
- inSize = blockLen;
- } else {
- if(inSize != (size_t)blockLen) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data=%d;block=%d", inSize, blockLen);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
- }
-
- /* process last block */
- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
- memcpy(outBuf, inBuf, inSize);
-
- dwCLen = inSize;
- if(encrypt) {
- /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
- * can be skipped. I hope this will work .... */
- if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEncrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptDecrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- /* Check if we really have de/encrypted the numbers of bytes that we requested */
- if (dwCLen != inSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEn/Decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%ld", dwCLen);
- return(-1);
- }
-
- if(encrypt == 0) {
- /* check padding */
- if(inSize < outBuf[blockLen - 1]) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "padding=%d;buffer=%d",
- outBuf[blockLen - 1], inSize);
- return(-1);
- }
- outLen = inSize - outBuf[blockLen - 1];
- } else {
- outLen = inSize;
- }
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- return(0);
-}
/******************************************************************************
*
- * Block Cipher transforms
+ * KW AES transforms
*
- * xmlSecMSCryptoBlockCipherCtx block is located after xmlSecTransform structure
+ * xmlSecMSCryptoKWAesCtx block is located after xmlSecTransform structure
*
*****************************************************************************/
-#define xmlSecMSCryptoBlockCipherSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoBlockCipherCtx))
-#define xmlSecMSCryptoBlockCipherGetCtx(transform) \
- ((xmlSecMSCryptoBlockCipherCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecMSCryptoKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoKWAesCtx))
+#define xmlSecMSCryptoKWAesGetCtx(transform) \
+ ((xmlSecMSCryptoKWAesCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoKWAesCheckId (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoBlockCipherInitialize (xmlSecTransformPtr transform);
-static void xmlSecMSCryptoBlockCipherFinalize (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecMSCryptoBlockCipherSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecMSCryptoBlockCipherExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecMSCryptoBlockCipherCheckId (xmlSecTransformPtr transform);
@@ -467,37 +108,14 @@ static int xmlSecMSCryptoBlockCipherCheckId (xmlSecTransformPtr tran
*
* MUST END with { NULL, 0 } !!!
*/
-#ifndef XMLSEC_NO_DES
-static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
- { MS_STRONG_PROV, PROV_RSA_FULL },
- { MS_ENHANCED_PROV, PROV_RSA_FULL },
- { NULL, 0 }
-};
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Aes[] = {
{ XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
{ XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
{ NULL, 0 }
};
-#endif /* XMLSEC_NO_AES */
static int
-xmlSecMSCryptoBlockCipherCheckId(xmlSecTransformPtr transform) {
-#ifndef XMLSEC_NO_DES
- if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDes3CbcId)) {
- return(1);
- }
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformAes128CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformAes192CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformAes256CbcId)) {
-
- return(1);
- }
+xmlSecMSCryptoKWAesCheckId(xmlSecTransformPtr transform) {
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes128Id) ||
xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes192Id) ||
@@ -505,60 +123,24 @@ xmlSecMSCryptoBlockCipherCheckId(xmlSecTransformPtr transform) {
return(1);
}
-#endif /* XMLSEC_NO_AES */
return(0);
}
static int
-xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
+xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
int ret;
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
-
- ret = xmlSecBufferInitialize(&ctx->kwKeyBuffer, 0);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
-#ifndef XMLSEC_NO_DES
- if(transform->id == xmlSecMSCryptoTransformDes3CbcId) {
- ctx->algorithmIdentifier = CALG_3DES;
- ctx->keyId = xmlSecMSCryptoKeyDataDesId;
- ctx->providers = xmlSecMSCryptoProviderInfo_Des;
- ctx->keySize = 24;
- } else
-#endif /* XMLSEC_NO_DES */
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
-#ifndef XMLSEC_NO_AES
- if(transform->id == xmlSecMSCryptoTransformAes128CbcId) {
- ctx->algorithmIdentifier = CALG_AES_128;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
- ctx->keySize = 16;
- } else if(transform->id == xmlSecMSCryptoTransformAes192CbcId) {
- ctx->algorithmIdentifier = CALG_AES_192;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
- ctx->keySize = 24;
- } else if(transform->id == xmlSecMSCryptoTransformAes256CbcId) {
- ctx->algorithmIdentifier = CALG_AES_256;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
- ctx->keySize = 32;
- } else if(transform->id == xmlSecMSCryptoTransformKWAes128Id) {
+ if(transform->id == xmlSecMSCryptoTransformKWAes128Id) {
ctx->algorithmIdentifier = CALG_AES_128;
ctx->keyId = xmlSecMSCryptoKeyDataAesId;
ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
@@ -573,11 +155,7 @@ xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
ctx->keyId = xmlSecMSCryptoKeyDataAesId;
ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE;
- } else
-
-#endif /* XMLSEC_NO_AES */
-
- {
+ } else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
@@ -586,6 +164,16 @@ xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
return(-1);
}
+ ret = xmlSecBufferInitialize(&ctx->kwKeyBuffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
if(ctx->cryptProvider == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -608,18 +196,17 @@ xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
return(-1);
}
- ctx->ctxInitialized = 0;
return(0);
}
static void
-xmlSecMSCryptoBlockCipherFinalize(xmlSecTransformPtr transform) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
+xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
- xmlSecAssert(xmlSecMSCryptoBlockCipherCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize));
+ xmlSecAssert(xmlSecMSCryptoKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize));
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
xmlSecAssert(ctx != NULL);
if (ctx->cryptKey) {
@@ -634,19 +221,19 @@ xmlSecMSCryptoBlockCipherFinalize(xmlSecTransformPtr transform) {
xmlSecBufferFinalize(&ctx->kwKeyBuffer);
- memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
}
static int
-xmlSecMSCryptoBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
+xmlSecMSCryptoKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->cryptProvider != 0, -1);
@@ -662,55 +249,48 @@ xmlSecMSCryptoBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPt
return(0);
}
+
+
static int
-xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
+xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
- BYTE* bufData;
+ xmlSecSize keySize;
+ int ret;
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataAesId), -1);
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cryptKey == 0, -1);
- xmlSecAssert2(ctx->pubPrivKey != 0, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
- xmlSecAssert2(ctx->keySize > 0, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
- if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keySize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=%d;expected=%d",
- xmlSecBufferGetSize(buffer), ctx->keySize);
+ "key=%d;expected=%d",
+ keySize, ctx->keySize);
return(-1);
}
- bufData = xmlSecBufferGetData(buffer);
- xmlSecAssert2(bufData != NULL, -1);
-
- /* Import this key and get an HCRYPTKEY handle */
- if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
- ctx->pubPrivKey,
- ctx->algorithmIdentifier,
- bufData,
- ctx->keySize,
- TRUE,
- &(ctx->cryptKey))) {
-
+ ret = xmlSecBufferSetData(&(ctx->kwKeyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keySize);
+ if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoImportPlainSessionBlob",
+ "xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ "expected-size=%d",
+ ctx->keySize);
return(-1);
}
@@ -718,87 +298,112 @@ xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key)
}
static int
-xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
+xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
int ret;
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
in = &(transform->inBuf);
out = &(transform->outBuf);
-
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
if(transform->status == xmlSecTransformStatusNone) {
transform->status = xmlSecTransformStatusWorking;
}
- if(transform->status == xmlSecTransformStatusWorking) {
- if(ctx->ctxInitialized == 0) {
- ret = xmlSecMSCryptoBlockCipherCtxInit(ctx,
- in,
- out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform),
- transformCtx);
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoBlockCipherCtxInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
}
- if((ctx->ctxInitialized == 0) && (last != 0)) {
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "not enough data to initialize transform");
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
return(-1);
}
- if(ctx->ctxInitialized != 0) {
- ret = xmlSecMSCryptoBlockCipherCtxUpdate(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWAesEncode(&xmlSecMSCryptoKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoBlockCipherCtxUpdate",
+ "xmlSecKWAesEncode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- }
-
- if(last) {
- ret = xmlSecMSCryptoBlockCipherCtxFinal(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
-
+ outSize = ret;
+ } else {
+ ret = xmlSecKWAesDecode(&xmlSecMSCryptoKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoBlockCipherCtxFinal",
+ "xmlSecKWAesEncode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- transform->status = xmlSecTransformStatusFinished;
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
}
+
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
/* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
- } else if(transform->status == xmlSecTransformStatusNone) {
- /* the only way we can get here is if there is no enough data in the input */
- xmlSecAssert2(last == 0, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -807,183 +412,20 @@ xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecT
"status=%d", transform->status);
return(-1);
}
-
return(0);
}
-#ifndef XMLSEC_NO_AES
+
/*********************************************************************
*
- * AES CBC cipher transforms
+ * AES KW callbacks
*
********************************************************************/
-static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes128Cbc, /* const xmlChar* name; */
- xmlSecHrefAes128Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecMSCryptoTransformAes128CbcGetKlass:
- *
- * AES 128 CBC encryption transform klass.
- *
- * Returns: pointer to AES 128 CBC encryption transform.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformAes128CbcGetKlass(void) {
- return(&xmlSecMSCryptoAes128CbcKlass);
-}
-
-static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes192Cbc, /* const xmlChar* name; */
- xmlSecHrefAes192Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecMSCryptoTransformAes192CbcGetKlass:
- *
- * AES 192 CBC encryption transform klass.
- *
- * Returns: pointer to AES 192 CBC encryption transform.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformAes192CbcGetKlass(void) {
- return(&xmlSecMSCryptoAes192CbcKlass);
-}
-
-static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecMSCryptoTransformAes256CbcGetKlass:
- *
- * AES 256 CBC encryption transform klass.
- *
- * Returns: pointer to AES 256 CBC encryption transform.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformAes256CbcGetKlass(void) {
- return(&xmlSecMSCryptoAes256CbcKlass);
-}
-
-#endif /* XMLSEC_NO_AES */
-
-
-#ifndef XMLSEC_NO_DES
-static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* size_t klassSize */
- xmlSecMSCryptoBlockCipherSize, /* size_t objSize */
-
- xmlSecNameDes3Cbc, /* const xmlChar* name; */
- xmlSecHrefDes3Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod,/* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecMSCryptoTransformDes3CbcGetKlass:
- *
- * Triple DES CBC encryption transform klass.
- *
- * Returns: pointer to Triple DES encryption transform.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformDes3CbcGetKlass(void) {
- return(&xmlSecMSCryptoDes3CbcKlass);
-}
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
static int
-xmlSecMSCryptoAesBlockEncryptCallback(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * key) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx = (xmlSecMSCryptoBlockCipherCtxPtr)key;
+xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
DWORD dwCLen;
xmlSecAssert2(in != NULL, -1);
@@ -1036,10 +478,10 @@ xmlSecMSCryptoAesBlockEncryptCallback(const xmlSecByte * in, xmlSecSize inSize,
}
static int
-xmlSecMSCryptoAesBlockDecryptCallback(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * key) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx = (xmlSecMSCryptoBlockCipherCtxPtr)key;
+xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
DWORD dwCLen;
xmlSecAssert2(in != NULL, -1);
@@ -1091,170 +533,6 @@ xmlSecMSCryptoAesBlockDecryptCallback(const xmlSecByte * in, xmlSecSize inSize,
return(0);
}
-static int
-xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
- xmlSecBufferPtr buffer;
- xmlSecSize keySize;
- int ret;
-
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataAesId), -1);
-
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
-
- keySize = xmlSecBufferGetSize(buffer);
- if(keySize < ctx->keySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key=%d;expected=%d",
- keySize, ctx->keySize);
- return(-1);
- }
-
- ret = xmlSecBufferSetData(&(ctx->kwKeyBuffer),
- xmlSecBufferGetData(buffer),
- ctx->keySize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected-size=%d",
- ctx->keySize);
- return(-1);
- }
-
- return(0);
-}
-
-static int
-xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecMSCryptoBlockCipherCtxPtr ctx;
- xmlSecBufferPtr in, out;
- xmlSecSize inSize, outSize;
- int ret;
-
- xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
- } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % 8) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d(not 8 bytes aligned)", inSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
- outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
- XMLSEC_KW_AES_BLOCK_SIZE;
- } else {
- outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecKWAesEncode(xmlSecMSCryptoAesBlockEncryptCallback, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWAesEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecKWAesDecode(xmlSecMSCryptoAesBlockDecryptCallback, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWAesEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "inSize%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
- return(0);
-}
-
/*********************************************************************
*
* AES KW cipher transforms
@@ -1267,17 +545,17 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo
static xmlSecTransformKlass xmlSecMSCryptoKWAes128Klass = {
/* klass/object sizes */
sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
xmlSecNameKWAes128, /* const xmlChar* name; */
xmlSecHrefKWAes128, /* const xmlChar* href; */
xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
NULL, /* xmlSecTransformNodeReadMethod readNode; */
NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
NULL, /* xmlSecTransformValidateMethod validate; */
xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
@@ -1310,17 +588,17 @@ xmlSecMSCryptoTransformKWAes128GetKlass(void) {
static xmlSecTransformKlass xmlSecMSCryptoKWAes192Klass = {
/* klass/object sizes */
sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
xmlSecNameKWAes192, /* const xmlChar* name; */
xmlSecHrefKWAes192, /* const xmlChar* href; */
xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
NULL, /* xmlSecTransformNodeReadMethod readNode; */
NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
NULL, /* xmlSecTransformValidateMethod validate; */
xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
@@ -1352,17 +630,17 @@ xmlSecMSCryptoTransformKWAes192GetKlass(void) {
static xmlSecTransformKlass xmlSecMSCryptoKWAes256Klass = {
/* klass/object sizes */
sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
xmlSecNameKWAes256, /* const xmlChar* name; */
xmlSecHrefKWAes256, /* const xmlChar* href; */
xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
NULL, /* xmlSecTransformNodeReadMethod readNode; */
NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
NULL, /* xmlSecTransformValidateMethod validate; */
xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
index 69e99af..948a0ea 100644
--- a/src/openssl/kw_aes.c
+++ b/src/openssl/kw_aes.c
@@ -33,6 +33,32 @@
/*********************************************************************
*
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecOpenSSLKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecOpenSSLKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecOpenSSLKWAesKlass = {
+ /* callbacks */
+ xmlSecOpenSSLKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecOpenSSLKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+
+/*********************************************************************
+ *
* AES KW transforms
*
* key (xmlSecBuffer) is located after xmlSecTransform structure
@@ -43,6 +69,11 @@
#define xmlSecOpenSSLKWAesSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
+#define xmlSecOpenSSLKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes256Id))
+
static int xmlSecOpenSSLKWAesInitialize (xmlSecTransformPtr transform);
static void xmlSecOpenSSLKWAesFinalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLKWAesSetKeyReq (xmlSecTransformPtr transform,
@@ -52,170 +83,9 @@ static int xmlSecOpenSSLKWAesSetKey (xmlSecTransform
static int xmlSecOpenSSLKWAesExecute (xmlSecTransformPtr transform,
int last,
xmlSecTransformCtxPtr transformCtx);
-static xmlSecSize xmlSecOpenSSLKWAesGetKeySize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLKWAesEncode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte* in,
- xmlSecSize inSize,
- xmlSecByte* out,
- xmlSecSize outSize);
-static int xmlSecOpenSSLKWAesDecode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte* in,
- xmlSecSize inSize,
- xmlSecByte* out,
- xmlSecSize outSize);
-
-static xmlSecTransformKlass xmlSecOpenSSLKWAes128Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes128, /* const xmlChar* name; */
- xmlSecHrefKWAes128, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-static xmlSecTransformKlass xmlSecOpenSSLKWAes192Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes192, /* const xmlChar* name; */
- xmlSecHrefKWAes192, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-static xmlSecTransformKlass xmlSecOpenSSLKWAes256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes256, /* const xmlChar* name; */
- xmlSecHrefKWAes256, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-#define xmlSecOpenSSLKWAesCheckId(transform) \
- (xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes128Id) || \
- xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes192Id) || \
- xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes256Id))
-
-/**
- * xmlSecOpenSSLTransformKWAes128GetKlass:
- *
- * The AES-128 kew wrapper transform klass.
- *
- * Returns: AES-128 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformKWAes128GetKlass(void) {
- return(&xmlSecOpenSSLKWAes128Klass);
-}
-
-/**
- * xmlSecOpenSSLTransformKWAes192GetKlass:
- *
- * The AES-192 kew wrapper transform klass.
- *
- * Returns: AES-192 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformKWAes192GetKlass(void) {
- return(&xmlSecOpenSSLKWAes192Klass);
-}
-
-/**
- * xmlSecOpenSSLTransformKWAes256GetKlass:
- *
- * The AES-256 kew wrapper transform klass.
- *
- * Returns: AES-256 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformKWAes256GetKlass(void) {
- return(&xmlSecOpenSSLKWAes256Klass);
-}
-
-
-static int
-xmlSecOpenSSLAesBlockEncryptCallback(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * key) {
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(key != NULL, -1);
-
- AES_encrypt(in, out, (AES_KEY*)key);
- return(AES_BLOCK_SIZE);
-}
+static xmlSecSize xmlSecOpenSSLKWAesGetKeySize (xmlSecTransformPtr transform);
-static int
-xmlSecOpenSSLAesBlockDecryptCallback(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * key) {
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(key != NULL, -1);
- AES_decrypt(in, out, (AES_KEY*)key);
- return(AES_BLOCK_SIZE);
-}
static int
xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) {
@@ -381,7 +251,7 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
return(-1);
}
- ret = xmlSecKWAesEncode(xmlSecOpenSSLAesBlockEncryptCallback, &aesKey,
+ ret = xmlSecKWAesEncode(&xmlSecOpenSSLKWAesKlass, &aesKey,
xmlSecBufferGetData(in), inSize,
xmlSecBufferGetData(out), outSize);
if(ret < 0) {
@@ -405,7 +275,7 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
return(-1);
}
- ret = xmlSecKWAesDecode(xmlSecOpenSSLAesBlockDecryptCallback, &aesKey,
+ ret = xmlSecKWAesDecode(&xmlSecOpenSSLKWAesKlass, &aesKey,
xmlSecBufferGetData(in), inSize,
xmlSecBufferGetData(out), outSize);
if(ret < 0) {
@@ -466,5 +336,152 @@ xmlSecOpenSSLKWAesGetKeySize(xmlSecTransformPtr transform) {
return(0);
}
+
+static int
+xmlSecOpenSSLKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
+
+ AES_encrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
+}
+
+static int
+xmlSecOpenSSLKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
+
+ AES_decrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes128GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecOpenSSLTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes192GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes256GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes256Klass);
+}
+
#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
index 327337b..1208ae8 100644
--- a/win32/Makefile.msvc
+++ b/win32/Makefile.msvc
@@ -268,6 +268,7 @@ XMLSEC_MSCRYPTO_OBJS = \
$(XMLSEC_MSCRYPTO_INTDIR)\hmac.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\symkeys.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\kt_rsa.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\kw_aes.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\strings.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\signatures.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\certkeys.obj \
@@ -282,6 +283,7 @@ XMLSEC_MSCRYPTO_OBJS_A = \
$(XMLSEC_MSCRYPTO_INTDIR_A)\hmac.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\symkeys.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\kt_rsa.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\kw_aes.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\strings.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\signatures.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\certkeys.obj \
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
