[xmlsec] implement aes kw for xmlsec-gnutls
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] implement aes kw for xmlsec-gnutls
- Date: Sun, 9 May 2010 02:57:17 +0000 (UTC)
commit 749169e49d4fa545e6a112424087590dd4b49ef7
Author: Aleksey Sanin <aleksey aleksey com>
Date: Sat May 8 19:57:43 2010 -0700
implement aes kw for xmlsec-gnutls
ChangeLog | 1 +
TODO | 20 +-
apps/xmlsec.c | 2 +-
docs/xmlenc.html | 790 ++++++++++++++++------------------------
include/xmlsec/gnutls/crypto.h | 28 ++
src/gnutls/Makefile.am | 1 +
src/gnutls/crypto.c | 3 +
src/gnutls/kw_aes.c | 588 ++++++++++++++++++++++++++++++
src/openssl/kw_aes.c | 114 ++++---
tests/testrun.sh | 3 +
10 files changed, 1009 insertions(+), 541 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 483f5b9..dd24235 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
2010-05-08 Aleksey Sanin <aleksey aleksey com>
* Added AES KW support for xmlsec-mscrypto
+ * Added AES KW support for xmlsec-gnutls
2010-04-30 Aleksey Sanin <aleksey aleksey com>
* Added RSA/OAEP support for xmlsec-mscrypto
diff --git a/TODO b/TODO
index 67dd7f3..08147b0 100644
--- a/TODO
+++ b/TODO
@@ -69,10 +69,10 @@ merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes
aleksey-xmldsig-01/enveloped-gost
-------------------------------------------------
-* xmlsec-gnutls (April 26, 2010 using GnuTLS)
+* xmlsec-gnutls (May 09, 2010 using GnuTLS)
-------------------------------------------------
-** Skipped tests due to missing transforms: RSA, DSA, AES, AES/DES KW,
+** Skipped tests due to missing transforms: RSA, DSA, DES KW,
RSA PKCS/OAEP, X509, GOST
aleksey-xmldsig-01/enveloping-dsa-x509chain
@@ -103,9 +103,6 @@ merlin-xmldsig-twenty-three/signature-x509-ski
merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt
merlin-xmldsig-twenty-three/signature
merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes
-merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128
-merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192
-merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256
merlin-exc-c14n-one/exc-signature
merlin-exc-c14n-one/exc-signature
merlin-c14n-three/signature
@@ -138,14 +135,9 @@ phaos-xmldsig-three/signature-rsa-enveloped-bad-digest-val
phaos-xmldsig-three/signature-rsa-enveloped-bad-sig
phaos-xmldsig-three/signature-rsa-manifest-x509-data-crl
-aleksey-xmlenc-01/enc-des3cbc-aes192-keyname
merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5
merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p
merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes
-merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192
-merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256
-merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128
-merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256
01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5
01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1
01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5
@@ -156,11 +148,3 @@ merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256
01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1
01-phaos-xmlenc-3/enc-element-3des-kw-3des
01-phaos-xmlenc-3/enc-content-aes128-kw-3des
-01-phaos-xmlenc-3/enc-element-aes128-kw-aes128
-01-phaos-xmlenc-3/enc-element-aes128-kw-aes256
-01-phaos-xmlenc-3/enc-content-3des-kw-aes192
-01-phaos-xmlenc-3/enc-content-aes192-kw-aes256
-01-phaos-xmlenc-3/enc-element-aes192-kw-aes192
-01-phaos-xmlenc-3/enc-element-aes256-kw-aes256
-01-phaos-xmlenc-3/enc-text-3des-kw-aes256
-01-phaos-xmlenc-3/enc-text-aes128-kw-aes192
diff --git a/apps/xmlsec.c b/apps/xmlsec.c
index 72d68fa..a1315d7 100644
--- a/apps/xmlsec.c
+++ b/apps/xmlsec.c
@@ -2432,7 +2432,7 @@ xmlSecAppInit(void) {
"this it installed, check shared libraries path (LD_LIBRARY_PATH)\n"
"envornment variable or use \"--crypto\" option to specify different\n"
"crypto engine.\n", xmlsec_crypto);
- return(-1);
+ return(-1);
}
#endif /* !defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
diff --git a/docs/xmlenc.html b/docs/xmlenc.html
index dc5739d..f5235fc 100644
--- a/docs/xmlenc.html
+++ b/docs/xmlenc.html
@@ -60,510 +60,350 @@ data (including XML document). </div>
<p> </p>
<table style="width: 85%;" border="1" cellpadding="2" cellspacing="2"><tbody>
<tr>
-<td style="width: 40%;" align="left" valign="top"><b>Features
-and
-algorithms<br></b></td>
- <td align="left" valign="top"> <b>XMLSec with OpenSSL</b>
- </td>
- <td style="vertical-align: top;"><b>XMLSec with GnuTLS</b></td>
- <td style="vertical-align: top;"> <b>XMLSec with NSS</b>
- </td>
- <td style="vertical-align: top;"> <b>XMLSec with
-MSCrypto</b> </td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">Laxly
-valid
-schema generation of EncryptedData
-/EncryptedKey <br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> Normalized Form C generations. </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">Type,
-MimeType,
-and Encoding <br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top"><b>Features and algorithms</b></td>
+ <td valign="top"><b>XMLSec with OpenSSL</b></td>
+ <td valign="top"><b>XMLSec with GnuTLS</b></td>
+ <td valign="top"><b>XMLSec with NSS</b></td>
+ <td valign="top"><b>XMLSec with MSCrypto</b></td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">CipherReference
-URI derefencing <br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> Transforms </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">Laxly valid schema
+ generation of EncryptedData/EncryptedKey</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+
+<tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>Normalized Form C generations.</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">ds:KeyInfo
- <br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> enc:DHKeyValue </li>
- </ul>
-</td>
- <td align="left" valign="top">N<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">Type, MimeType, and Encoding</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> ds:KeyName </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> ds:RetrievalMethod </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">CipherReference
+ URI derefencing</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">ReferenceList
- <br>
-</td>
- <td align="left" valign="top">N<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>Transforms </li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">EncryptionProperties
- <br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>ds:KeyInfo</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">Satisfactory
-Performance<br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">Required
-Type
-support: Element and Content. <br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>enc:DHKeyValue</li></ul>
+ </td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">Encryption
- <br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> Serialization of XML Element and Content.
- <ol>
-<li> NFC conversion from non-Unicode encodings.
- </li>
- </ol>
-</li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> Encryptor returns EncryptedData structure. </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> Encryptor replaces EncryptedData into source
-document (when Type is Element or Content). </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>ds:KeyName</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> Decryption <br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> The decryptor returns the data and its Type to
-the application (be
-it an octet sequence or key value). </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> If data is Element or Content the decryptor
-return the UTF-8 encoding XML character data. </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">
- <ul>
-<li> If data is Element or Content the decryptor
-replaces the EncryptedData in the source document with the decrypted
-data. </li>
- </ul>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>ds:RetrievalMethod</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">TRIPLEDES<br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">ReferenceList</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">AES-128<br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">EncryptionProperties</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">AES-256<br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">Satisfactory Performance</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top">AES-192<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
-<tr>
-<td style="width: 40%;" align="left" valign="top">RSA-v1.5
-(192 bit keys
-for AES or DES)<br>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">Required Type
+ support: Element and Content.</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> RSA-OAEP (128
-and 256 bit keys for
-AES)<br>
-</td>
- <td valign="top">Y<a href="#rsa-oaep"><sup>(1)</sup></a>
- <br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">Encryption</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> Diffie-Hellman
-Key Agreement<br>
-</td>
- <td valign="top">N<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>Serialization of XML Element and Content
+ (NFC conversion from non-Unicode encodings).
+ </li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> TRIPLEDES Key
-Wrap<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">N</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>Encryptor returns EncryptedData structure. </li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top">AES-128 Key
-Wrap (128 bit keys)<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li> Encryptor replaces EncryptedData into source
+ document (when Type is Element or Content).</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> AES-192 Key Wrap<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">Decryption</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> AES-256 Key
-Wrap (256 bit keys)<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>The decryptor returns the data and its Type to
+ the application (be it an octet sequence or key value).</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> SHA1<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>If data is Element or Content the decryptor
+ return the UTF-8 encoding XML character data.</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> SHA256<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>If data is Element or Content the decryptor
+ replaces the EncryptedData in the source document with the decrypted
+ data.</li></ul>
+ </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> SHA512<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">TRIPLEDES</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> RIPEMD-160<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- <td style="vertical-align: top;">N<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">AES-128</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> XML Digital
-Signature <br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">AES-256</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top"> Decryption
-Transform<br>
-</td>
- <td valign="top">N<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">AES-192</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top">
-<ul>
-<li>XPointer support in <code>Except URI</code>
-</li>
-</ul>
-</td>
- <td valign="top">N<br>
-</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- <td style="vertical-align: top;">N</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">RSA-v1.5 (192 bit keys for AES or DES)</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">
-<a href="http://www.w3.org/TR/xml-c14n";>Canonical XML 1.0</a>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">RSA-OAEP (128 and 256 bit keys for AES)</td>
+ <td valign="top">Y<a href="#rsa-oaep"><sup>(1)</sup></a></td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">
-<a href="http://www.w3.org/TR/xml-exc-c14n";>Exlusive Canonical XML 1.0</a>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">Diffie-Hellman Key Agreement</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
<tr>
-<td style="width: 40%;" align="left" valign="top">
-<a href="http://www.w3.org/TR/xml-c14n11/";>Canonical XML 1.1</a>
-</td>
- <td align="left" valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- <td style="vertical-align: top;">Y<br>
-</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">TRIPLEDES Key Wrap</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+</tr>
<tr>
-<td style="width: 40%;" valign="top">Base64 Encoding<br>
-</td>
- <td valign="top">Y<br>
-</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- <td style="vertical-align: top;">Y</td>
- </tr>
+ <td style="width: 40%;" align="left" valign="top">AES-128 Key Wrap (128 bit keys)</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">AES-192 Key Wrap</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">AES-256 Key Wrap (256 bit keys)</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">SHA1</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">SHA256</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">SHA512</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">RIPEMD-160</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">XML Digital Signature</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">Decryption Transform</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">
+ <ul><li>XPointer support in <code>Except URI</code></li></ul>
+ </td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top"><a href="http://www.w3.org/TR/xml-c14n";>Canonical XML 1.0</a></td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top"><a href="http://www.w3.org/TR/xml-exc-c14n";>Exlusive Canonical XML 1.0</a></td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top"><a href="http://www.w3.org/TR/xml-c14n11/";>Canonical XML 1.1</a></td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+ <td style="width: 40%;" align="left" valign="top">Base64 Encoding</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
</tbody></table>
<div align="left"> <br><a name="rsa-oaep"></a> <sup>(1)</sup> OpenSSL (and XML
Security Library) supports only SHA1 as the digest in the RSA-OAEP key
diff --git a/include/xmlsec/gnutls/crypto.h b/include/xmlsec/gnutls/crypto.h
index d88ab4f..8032f20 100644
--- a/include/xmlsec/gnutls/crypto.h
+++ b/include/xmlsec/gnutls/crypto.h
@@ -77,6 +77,34 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes192CbcGetKlass(v
xmlSecGnuTLSTransformAes256CbcGetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes256CbcGetKlass(void);
+/**
+ * xmlSecGnuTLSTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes128Id \
+ xmlSecGnuTLSTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes192Id \
+ xmlSecGnuTLSTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes256Id \
+ xmlSecGnuTLSTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes256GetKlass(void);
+
+
#endif /* XMLSEC_NO_AES */
/********************************************************************
diff --git a/src/gnutls/Makefile.am b/src/gnutls/Makefile.am
index 9888d44..e66e6e3 100644
--- a/src/gnutls/Makefile.am
+++ b/src/gnutls/Makefile.am
@@ -24,6 +24,7 @@ libxmlsec1_gnutls_la_SOURCES =\
crypto.c \
digests.c \
hmac.c \
+ kw_aes.c \
symkeys.c \
globals.h \
$(NULL)
diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c
index 116184c..c5713a9 100644
--- a/src/gnutls/crypto.c
+++ b/src/gnutls/crypto.c
@@ -86,6 +86,9 @@ xmlSecCryptoGetFunctions_gnutls(void) {
gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass = xmlSecGnuTLSTransformAes128CbcGetKlass;
gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass = xmlSecGnuTLSTransformAes192CbcGetKlass;
gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass = xmlSecGnuTLSTransformAes256CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes128GetKlass = xmlSecGnuTLSTransformKWAes128GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes192GetKlass = xmlSecGnuTLSTransformKWAes192GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes256GetKlass = xmlSecGnuTLSTransformKWAes256GetKlass;
#endif /* XMLSEC_NO_AES */
/******************************* DES ********************************/
diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c
new file mode 100644
index 0000000..0945d64
--- /dev/null
+++ b/src/gnutls/kw_aes.c
@@ -0,0 +1,588 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_AES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+#include "../kw_aes_des.h"
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecGnuTLSKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecGnuTLSKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecGnuTLSKWAesKlass = {
+ /* callbacks */
+ xmlSecGnuTLSKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecGnuTLSKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecGnuTLSKWAesCtx xmlSecGnuTLSKWAesCtx,
+ *xmlSecGnuTLSKWAesCtxPtr;
+struct _xmlSecGnuTLSKWAesCtx {
+ int cipher;
+ int mode;
+ int flags;
+ xmlSecSize blockSize;
+ xmlSecSize keyExpectedSize;
+
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecGnuTLSKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSKWAesCtx))
+#define xmlSecGnuTLSKWAesGetCtx(transform) \
+ ((xmlSecGnuTLSKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGnuTLSKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformKWAes256Id))
+
+static int xmlSecGnuTLSKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGnuTLSKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGnuTLSKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGnuTLSKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes128Id)) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes192Id)) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformKWAes256Id)) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->flags = GCRY_CIPHER_SECURE; /* we are paranoid */
+ ctx->blockSize = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(ctx->blockSize > 0, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSKWAesGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize));
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGnuTLSKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGnuTLSKeyDataAesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGnuTLSKeyDataAesId), -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWAesEncode(&xmlSecGnuTLSKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWAesDecode(&xmlSecGnuTLSKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+static unsigned char g_zero_iv[XMLSEC_KW_AES_BLOCK_SIZE] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+static int
+xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ ret = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ ret = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+static int
+xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ ret = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(ret != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ ret = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes128GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecGnuTLSTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes192GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes256GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes256Klass);
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
index f6d569f..32c47ab 100644
--- a/src/openssl/kw_aes.c
+++ b/src/openssl/kw_aes.c
@@ -61,14 +61,17 @@ static xmlSecKWAesKlass xmlSecOpenSSLKWAesKlass = {
*
* AES KW transforms
*
- * key (xmlSecBuffer) is located after xmlSecTransform structure
- *
********************************************************************/
-#define xmlSecOpenSSLKWAesGetKey(transform) \
- ((xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecOpenSSLKWAesSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
-
+typedef struct _xmlSecOpenSSLKWAesCtx xmlSecOpenSSLKWAesCtx,
+ *xmlSecOpenSSLKWAesCtxPtr;
+struct _xmlSecOpenSSLKWAesCtx {
+ xmlSecBuffer keyBuffer;
+ xmlSecSize keyExpectedSize;
+};
+#define xmlSecOpenSSLKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLKWAesCtx))
+#define xmlSecOpenSSLKWAesGetCtx(transform) \
+ ((xmlSecOpenSSLKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
#define xmlSecOpenSSLKWAesCheckId(transform) \
(xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes128Id) || \
xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes192Id) || \
@@ -83,18 +86,34 @@ static int xmlSecOpenSSLKWAesSetKey (xmlSecTransform
static int xmlSecOpenSSLKWAesExecute (xmlSecTransformPtr transform,
int last,
xmlSecTransformCtxPtr transformCtx);
-static xmlSecSize xmlSecOpenSSLKWAesGetKeySize (xmlSecTransformPtr transform);
-
-
static int
xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
- ret = xmlSecBufferInitialize(xmlSecOpenSSLKWAesGetKey(transform), 0);
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes128Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes192Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -109,71 +128,81 @@ xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) {
static void
xmlSecOpenSSLKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+
xmlSecAssert(xmlSecOpenSSLKWAesCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize));
- if(xmlSecOpenSSLKWAesGetKey(transform) != NULL) {
- xmlSecBufferFinalize(xmlSecOpenSSLKWAesGetKey(transform));
- }
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
}
static int
xmlSecOpenSSLKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
- keyReq->keyId = xmlSecOpenSSLKeyDataAesId;
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataAesId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
- keyReq->keyBitsSize = 8 * xmlSecOpenSSLKWAesGetKeySize(transform);
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
return(0);
}
static int
xmlSecOpenSSLKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
- xmlSecSize expectedKeySize;
int ret;
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
- xmlSecAssert2(xmlSecOpenSSLKWAesGetKey(transform) != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataAesId), -1);
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
- expectedKeySize = xmlSecOpenSSLKWAesGetKeySize(transform);
- if(keySize < expectedKeySize) {
+ if(keySize < ctx->keyExpectedSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key=%d;expected=%d",
- keySize, expectedKeySize);
+ keySize, ctx->keyExpectedSize);
return(-1);
}
- ret = xmlSecBufferSetData(xmlSecOpenSSLKWAesGetKey(transform),
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
xmlSecBufferGetData(buffer),
- expectedKeySize);
+ ctx->keyExpectedSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected-size=%d", expectedKeySize);
+ "expected-size=%d",
+ ctx->keyExpectedSize);
return(-1);
}
@@ -182,8 +211,9 @@ xmlSecOpenSSLKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
static int
xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecBufferPtr in, out, key;
- xmlSecSize inSize, outSize, keySize, expectedKeySize;
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
AES_KEY aesKey;
int ret;
@@ -192,12 +222,11 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- key = xmlSecOpenSSLKWAesGetKey(transform);
- xmlSecAssert2(key != NULL, -1);
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
- keySize = xmlSecBufferGetSize(key);
- expectedKeySize = xmlSecOpenSSLKWAesGetKeySize(transform);
- xmlSecAssert2(keySize == expectedKeySize, -1);
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
in = &(transform->inBuf);
out = &(transform->outBuf);
@@ -241,7 +270,9 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
if(transform->operation == xmlSecTransformOperationEncrypt) {
/* prepare key */
- ret = AES_set_encrypt_key(xmlSecBufferGetData(key), 8 * keySize, &aesKey);
+ ret = AES_set_encrypt_key(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ 8 * keySize,
+ &aesKey);
if(ret != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -265,7 +296,9 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
outSize = ret;
} else {
/* prepare key */
- ret = AES_set_decrypt_key(xmlSecBufferGetData(key), 8 * keySize, &aesKey);
+ ret = AES_set_decrypt_key(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ 8 * keySize,
+ &aesKey);
if(ret != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -324,20 +357,7 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
return(0);
}
-static xmlSecSize
-xmlSecOpenSSLKWAesGetKeySize(xmlSecTransformPtr transform) {
- if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes128Id)) {
- return(XMLSEC_KW_AES128_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes192Id)) {
- return(XMLSEC_KW_AES192_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) {
- return(XMLSEC_KW_AES256_KEY_SIZE);
- }
- return(0);
-}
-
-
-static int
+static int
xmlSecOpenSSLKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize,
void * context) {
diff --git a/tests/testrun.sh b/tests/testrun.sh
index ead2fb5..70345e4 100755
--- a/tests/testrun.sh
+++ b/tests/testrun.sh
@@ -72,6 +72,9 @@ fi
#
crypto_config=$TMPFOLDER/xmlsec-crypto-config
keysfile=$crypto_config/keys.xml
+if [ "z$crypto" == "zdefault" -a "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then
+ crypto="$XMLSEC_DEFAULT_CRYPTO"
+fi
if [ "z$crypto" != "z" -a "z$crypto" != "zdefault" ] ; then
xmlsec_params="$xmlsec_params --crypto $crypto"
fi
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
