[xmlsec] adding DES KW support for xmlsec-mscrypto
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] adding DES KW support for xmlsec-mscrypto
- Date: Sun, 9 May 2010 06:45:40 +0000 (UTC)
commit 1d184051b2fc20065a3b5ed23a7c6a777a8a9505
Author: Aleksey Sanin <aleksey aleksey com>
Date: Sat May 8 23:45:26 2010 -0700
adding DES KW support for xmlsec-mscrypto
ChangeLog | 3 +
TODO | 6 +-
docs/xmlenc.html | 2 +-
include/xmlsec/mscrypto/crypto.h | 9 +
include/xmlsec/openssl/crypto.h | 1 +
src/mscrypto/Makefile.am | 1 +
src/mscrypto/crypto.c | 1 +
src/mscrypto/digests.c | 4 +-
src/mscrypto/kw_aes.c | 65 ++--
src/mscrypto/kw_des.c | 733 ++++++++++++++++++++++++++++++++++++++
win32/Makefile.msvc | 2 +
win32/mycfg.bat | 2 +-
12 files changed, 786 insertions(+), 43 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index dd24235..93a87fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2010-05-09 Aleksey Sanin <aleksey aleksey com>
+ * Added DES KW support for xmlsec-mscrypto
+
2010-05-08 Aleksey Sanin <aleksey aleksey com>
* Added AES KW support for xmlsec-mscrypto
* Added AES KW support for xmlsec-gnutls
diff --git a/TODO b/TODO
index 08147b0..49899a5 100644
--- a/TODO
+++ b/TODO
@@ -47,7 +47,7 @@ merlin-xmldsig-twenty-three/signature-x509-crt-crl
-------------------------------------------------
-* xmlsec-mscrypto (May 08, 2010 using Windows XP SP3)
+* xmlsec-mscrypto (May 09, 2010 using Windows XP SP3)
-------------------------------------------------
** Skipped tests due to missing transforms: RIPEMD160, SHA224, DES KW
@@ -59,10 +59,6 @@ aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64
aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160
aleksey-xmldsig-01/enveloping-sha224-rsa-sha224
merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes
-merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes
-01-phaos-xmlenc-3/enc-element-3des-kw-3des
-01-phaos-xmlenc-3/enc-content-aes128-kw-3des
-
** Failed tests due to no GOST crypto providers on test machine
diff --git a/docs/xmlenc.html b/docs/xmlenc.html
index ab1db83..e4ddca2 100644
--- a/docs/xmlenc.html
+++ b/docs/xmlenc.html
@@ -302,7 +302,7 @@ data (including XML document). </div>
<td valign="top">Y</td>
<td valign="top">N</td>
<td valign="top">Y</td>
- <td valign="top">N</td>
+ <td valign="top">Y</td>
</tr>
<tr>
<td style="width: 40%;" align="left" valign="top">AES-128 Key Wrap (128 bit keys)</td>
diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h
index ad24322..d0d0620 100644
--- a/include/xmlsec/mscrypto/crypto.h
+++ b/include/xmlsec/mscrypto/crypto.h
@@ -416,6 +416,15 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataDesGetKlass(void);
xmlSecMSCryptoTransformDes3CbcGetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformDes3CbcGetKlass(void);
+/**
+ * xmlSecMSCryptoTransformKWDes3Id:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecMSCryptoTransformKWDes3Id \
+ xmlSecMSCryptoTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformKWDes3GetKlass(void);
+
#endif /* XMLSEC_NO_DES */
diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
index 36087f1..9c8423b 100644
--- a/include/xmlsec/openssl/crypto.h
+++ b/include/xmlsec/openssl/crypto.h
@@ -144,6 +144,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDes3CbcGetKlass(voi
#define xmlSecOpenSSLTransformKWDes3Id \
xmlSecOpenSSLTransformKWDes3GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformKWDes3GetKlass(void);
+
#endif /* XMLSEC_NO_DES */
/********************************************************************
diff --git a/src/mscrypto/Makefile.am b/src/mscrypto/Makefile.am
index 05285ec..eaac795 100644
--- a/src/mscrypto/Makefile.am
+++ b/src/mscrypto/Makefile.am
@@ -30,6 +30,7 @@ libxmlsec1_mscrypto_la_SOURCES =\
hmac.c \
keysstore.c \
kw_aes.c \
+ kw_des.c \
kt_rsa.c \
signatures.c \
symkeys.c \
diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c
index adeaff4..4a45ce7 100644
--- a/src/mscrypto/crypto.c
+++ b/src/mscrypto/crypto.c
@@ -129,6 +129,7 @@ xmlSecCryptoGetFunctions_mscrypto(void) {
/******************************* DES ********************************/
#ifndef XMLSEC_NO_DES
gXmlSecMSCryptoFunctions->transformDes3CbcGetKlass = xmlSecMSCryptoTransformDes3CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformKWDes3GetKlass = xmlSecMSCryptoTransformKWDes3GetKlass;
#endif /* XMLSEC_NO_DES */
/******************************* DSA ********************************/
diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c
index b1af700..4d0338a 100644
--- a/src/mscrypto/digests.c
+++ b/src/mscrypto/digests.c
@@ -360,9 +360,9 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform,
if (ret == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptGetHashParam",
+ "CryptGetHashParam(HP_HASHVAL)",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
+ "size=%d", MSCRYPTO_MAX_HASH_SIZE);
return(-1);
}
diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c
index b749b82..c8c1985 100644
--- a/src/mscrypto/kw_aes.c
+++ b/src/mscrypto/kw_aes.c
@@ -73,8 +73,7 @@ struct _xmlSecMSCryptoKWAesCtx {
HCRYPTPROV cryptProvider;
HCRYPTKEY pubPrivKey;
- HCRYPTKEY cryptKey;
- xmlSecBuffer kwKeyBuffer;
+ xmlSecBuffer keyBuffer;
};
/******************************************************************************
@@ -164,7 +163,7 @@ xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
return(-1);
}
- ret = xmlSecBufferInitialize(&ctx->kwKeyBuffer, 0);
+ ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -174,6 +173,7 @@ xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
return(-1);
}
+ /* find provider */
ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
if(ctx->cryptProvider == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -209,9 +209,6 @@ xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecMSCryptoKWAesGetCtx(transform);
xmlSecAssert(ctx != NULL);
- if (ctx->cryptKey) {
- CryptDestroyKey(ctx->cryptKey);
- }
if (ctx->pubPrivKey) {
CryptDestroyKey(ctx->pubPrivKey);
}
@@ -219,7 +216,7 @@ xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
CryptReleaseContext(ctx->cryptProvider, 0);
}
- xmlSecBufferFinalize(&ctx->kwKeyBuffer);
+ xmlSecBufferFinalize(&ctx->keyBuffer);
memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
}
@@ -281,7 +278,7 @@ xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
return(-1);
}
- ret = xmlSecBufferSetData(&(ctx->kwKeyBuffer),
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
xmlSecBufferGetData(buffer),
ctx->keySize);
if(ret < 0) {
@@ -426,6 +423,7 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize,
void * context) {
xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+ HCRYPTKEY cryptKey = 0;
DWORD dwCLen;
xmlSecAssert2(in != NULL, -1);
@@ -434,18 +432,17 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecAssert2(outSize >= inSize, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pubPrivKey != 0, -1);
- xmlSecAssert2(ctx->cryptKey == 0, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&ctx->kwKeyBuffer) == ctx->keySize, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
/* Import this key and get an HCRYPTKEY handle, we do it again and again
to ensure we don't go into CBC mode */
if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
ctx->pubPrivKey,
ctx->algorithmIdentifier,
- xmlSecBufferGetData(&ctx->kwKeyBuffer),
- xmlSecBufferGetSize(&ctx->kwKeyBuffer),
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
TRUE,
- &(ctx->cryptKey))) {
+ &cryptKey)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -454,27 +451,27 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
+ xmlSecAssert2(cryptKey != 0, -1);
/* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
* can be skipped. I hope this will work .... */
- memcpy(out, in, inSize);
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
dwCLen = inSize;
- if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+ if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CryptEncrypt",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
return(-1);
}
/* cleanup */
- if (ctx->cryptKey != 0) {
- CryptDestroyKey(ctx->cryptKey);
- ctx->cryptKey = 0;
- }
-
- return(0);
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
}
static int
@@ -482,6 +479,7 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize,
void * context) {
xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+ HCRYPTKEY cryptKey = 0;
DWORD dwCLen;
xmlSecAssert2(in != NULL, -1);
@@ -490,18 +488,17 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecAssert2(outSize >= inSize, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pubPrivKey != 0, -1);
- xmlSecAssert2(ctx->cryptKey == 0, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&ctx->kwKeyBuffer) == ctx->keySize, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
/* Import this key and get an HCRYPTKEY handle, we do it again and again
to ensure we don't go into CBC mode */
if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
ctx->pubPrivKey,
ctx->algorithmIdentifier,
- xmlSecBufferGetData(&ctx->kwKeyBuffer),
- xmlSecBufferGetSize(&ctx->kwKeyBuffer),
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
TRUE,
- &(ctx->cryptKey))) {
+ &cryptKey)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -510,27 +507,27 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
+ xmlSecAssert2(cryptKey != 0, -1);
/* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
* can be skipped. I hope this will work .... */
- memcpy(out, in, inSize);
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
dwCLen = inSize;
- if(!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+ if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CryptEncrypt",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
return(-1);
}
/* cleanup */
- if (ctx->cryptKey != 0) {
- CryptDestroyKey(ctx->cryptKey);
- ctx->cryptKey = 0;
- }
-
- return(0);
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
}
/*********************************************************************
diff --git a/src/mscrypto/kw_des.c b/src/mscrypto/kw_des.c
new file mode 100644
index 0000000..1a9c288
--- /dev/null
+++ b/src/mscrypto/kw_des.c
@@ -0,0 +1,733 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+
+#include "../kw_aes_des.h"
+#include "private.h"
+
+#if defined(__MINGW32__)
+# include "xmlsec-mingw.h"
+#endif
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecMSCryptoKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecMSCryptoKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecMSCryptoKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecMSCryptoKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecMSCryptoKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecMSCryptoKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecMSCryptoKWDes3Ctx xmlSecMSCryptoKWDes3Ctx,
+ *xmlSecMSCryptoKWDes3CtxPtr;
+struct _xmlSecMSCryptoKWDes3Ctx {
+ ALG_ID desAlgorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * desProviders;
+ ALG_ID sha1AlgorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * sha1Providers;
+ xmlSecKeyDataId keyId;
+ xmlSecSize keySize;
+
+ HCRYPTPROV desCryptProvider;
+ HCRYPTPROV sha1CryptProvider;
+ HCRYPTKEY pubPrivKey;
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecMSCryptoKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoKWDes3Ctx))
+#define xmlSecMSCryptoKWDes3GetCtx(transform) \
+ ((xmlSecMSCryptoKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecMSCryptoKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWDes3GetKlass(void) {
+ return(&xmlSecMSCryptoKWDes3Klass);
+}
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+
+static int
+xmlSecMSCryptoKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+
+ if(transform->id == xmlSecMSCryptoTransformKWDes3Id) {
+ ctx->desAlgorithmIdentifier = CALG_3DES;
+ ctx->desProviders = xmlSecMSCryptoProviderInfo_Des;
+ ctx->sha1AlgorithmIdentifier = CALG_SHA1;
+ ctx->sha1Providers = xmlSecMSCryptoProviderInfo_Sha1;
+ ctx->keyId = xmlSecMSCryptoKeyDataDesId;
+ ctx->keySize = XMLSEC_KW_DES3_KEY_LENGTH;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* find providers */
+ ctx->desCryptProvider = xmlSecMSCryptoFindProvider(ctx->desProviders, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->desCryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider(des)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ ctx->sha1CryptProvider = xmlSecMSCryptoFindProvider(ctx->sha1Providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->sha1CryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider(sha1)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->desCryptProvider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size));
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if (ctx->desCryptProvider) {
+ CryptReleaseContext(ctx->desCryptProvider, 0);
+ }
+ if (ctx->sha1CryptProvider) {
+ CryptReleaseContext(ctx->sha1CryptProvider, 0);
+ }
+
+ xmlSecBufferFinalize(&ctx->keyBuffer);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecMSCryptoKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDesId), -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecMSCryptoKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ HCRYPTHASH mscHash = 0;
+ DWORD retLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->sha1CryptProvider != 0, -1);
+ xmlSecAssert2(ctx->sha1AlgorithmIdentifier != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ /* create */
+ ret = CryptCreateHash(ctx->sha1CryptProvider,
+ ctx->sha1AlgorithmIdentifier,
+ 0,
+ 0,
+ &mscHash);
+ if((ret == 0) || (mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* hash */
+ ret = CryptHashData(mscHash,
+ in,
+ inSize,
+ 0);
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
+ /* get results */
+ retLen = outSize;
+ ret = CryptGetHashParam(mscHash,
+ HP_HASHVAL,
+ out,
+ &retLen,
+ 0);
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetHashParam(HP_HASHVAL)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
+ /* done */
+ CryptDestroyHash(mscHash);
+ return(retLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize)
+{
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->desCryptProvider != 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ if(!CryptGenRandom(ctx->desCryptProvider, outSize, out)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%d", outSize);
+ return(-1);
+ }
+
+ return((int)outSize);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+ HCRYPTKEY cryptKey = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+ ctx->pubPrivKey,
+ ctx->desAlgorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* set IV */
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+ HCRYPTKEY cryptKey = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+ ctx->pubPrivKey,
+ ctx->desAlgorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* set IV */
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
index 1208ae8..b1d8869 100644
--- a/win32/Makefile.msvc
+++ b/win32/Makefile.msvc
@@ -269,6 +269,7 @@ XMLSEC_MSCRYPTO_OBJS = \
$(XMLSEC_MSCRYPTO_INTDIR)\symkeys.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\kt_rsa.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\kw_aes.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\kw_des.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\strings.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\signatures.obj \
$(XMLSEC_MSCRYPTO_INTDIR)\certkeys.obj \
@@ -284,6 +285,7 @@ XMLSEC_MSCRYPTO_OBJS_A = \
$(XMLSEC_MSCRYPTO_INTDIR_A)\symkeys.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\kt_rsa.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\kw_aes.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\kw_des.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\strings.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\signatures.obj \
$(XMLSEC_MSCRYPTO_INTDIR_A)\certkeys.obj \
diff --git a/win32/mycfg.bat b/win32/mycfg.bat
index b1ec8ad..9af468e 100644
--- a/win32/mycfg.bat
+++ b/win32/mycfg.bat
@@ -11,7 +11,7 @@ REM
SET PREFIX=C:\cygwin\home\local
SET XMLSEC_INCLUDE=%PREFIX%\include;%PREFIX%\include\mozilla;%PREFIX%\include\mozilla\nspr;%PREFIX%\include\mozilla\nss;%MSSDK_INCLUDE%
SET XMLSEC_LIB=%PREFIX%\lib;%MSSDK_LIB%
-SET XMLSEC_OPTIONS=static=no iconv=no debug=yes xslt=yes crypto=openssl unicode=yes
+SET XMLSEC_OPTIONS=static=no iconv=no debug=yes xslt=yes crypto=mscrypto,openssl unicode=yes
del /F Makefile configure.txt
cscript configure.js prefix=%PREFIX% %XMLSEC_OPTIONS% include=%XMLSEC_INCLUDE% lib=%XMLSEC_LIB%
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]