[xmlsec] minor cleanups and comments
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] minor cleanups and comments
- Date: Sun, 9 May 2010 21:06:55 +0000 (UTC)
commit 9be760cb341dd7d9a296fa4ad20ddf440ee534ea
Author: Aleksey Sanin <aleksey aleksey com>
Date: Sun May 9 11:50:59 2010 -0700
minor cleanups and comments
src/gnutls/kw_aes.c | 242 +++++++++++++++++++++++++------------------------
src/mscrypto/kw_aes.c | 4 +-
src/mscrypto/kw_des.c | 208 +++++++++++++++++++++---------------------
src/nss/kw_aes.c | 179 ++++++++++++++++++++----------------
src/openssl/kw_aes.c | 62 +++++++------
5 files changed, 363 insertions(+), 332 deletions(-)
---
diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c
index 0945d64..0ca23cc 100644
--- a/src/gnutls/kw_aes.c
+++ b/src/gnutls/kw_aes.c
@@ -341,6 +341,130 @@ xmlSecGnuTLSKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform
return(0);
}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes128GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecGnuTLSTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes192GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecGnuTLSKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes256GetKlass(void) {
+ return(&xmlSecGnuTLSKWAes256Klass);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
static unsigned char g_zero_iv[XMLSEC_KW_AES_BLOCK_SIZE] =
{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
static int
@@ -467,122 +591,4 @@ xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
return(ctx->blockSize);
}
-static xmlSecTransformKlass xmlSecGnuTLSKWAes128Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes128, /* const xmlChar* name; */
- xmlSecHrefKWAes128, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecGnuTLSTransformKWAes128GetKlass:
- *
- * The AES-128 kew wrapper transform klass.
- *
- * Returns: AES-128 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformKWAes128GetKlass(void) {
- return(&xmlSecGnuTLSKWAes128Klass);
-}
-
-static xmlSecTransformKlass xmlSecGnuTLSKWAes192Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes192, /* const xmlChar* name; */
- xmlSecHrefKWAes192, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-
-/**
- * xmlSecGnuTLSTransformKWAes192GetKlass:
- *
- * The AES-192 kew wrapper transform klass.
- *
- * Returns: AES-192 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformKWAes192GetKlass(void) {
- return(&xmlSecGnuTLSKWAes192Klass);
-}
-
-static xmlSecTransformKlass xmlSecGnuTLSKWAes256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes256, /* const xmlChar* name; */
- xmlSecHrefKWAes256, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecGnuTLSTransformKWAes256GetKlass:
- *
- * The AES-256 kew wrapper transform klass.
- *
- * Returns: AES-256 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformKWAes256GetKlass(void) {
- return(&xmlSecGnuTLSKWAes256Klass);
-}
-
#endif /* XMLSEC_NO_AES */
diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c
index c8c1985..c9c8344 100644
--- a/src/mscrypto/kw_aes.c
+++ b/src/mscrypto/kw_aes.c
@@ -415,10 +415,10 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo
/*********************************************************************
*
- * AES KW callbacks
+ * AES KW implementation
*
********************************************************************/
-static int
+static int
xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize,
void * context) {
diff --git a/src/mscrypto/kw_des.c b/src/mscrypto/kw_des.c
index 1a9c288..47e0671 100644
--- a/src/mscrypto/kw_des.c
+++ b/src/mscrypto/kw_des.c
@@ -159,14 +159,14 @@ static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
{ MS_ENHANCED_PROV, PROV_RSA_FULL },
{ NULL, 0 }
};
-static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
- { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
- { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
- { MS_STRONG_PROV, PROV_RSA_FULL },
- { MS_ENHANCED_PROV, PROV_RSA_FULL },
- { MS_DEF_PROV, PROV_RSA_FULL },
- { NULL, 0 }
-};
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
static int
@@ -485,52 +485,52 @@ xmlSecMSCryptoKWDes3Sha1(void * context,
xmlSecAssert2(outSize > 0, -1);
/* create */
- ret = CryptCreateHash(ctx->sha1CryptProvider,
- ctx->sha1AlgorithmIdentifier,
- 0,
- 0,
- &mscHash);
- if((ret == 0) || (mscHash == 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptCreateHash",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = CryptCreateHash(ctx->sha1CryptProvider,
+ ctx->sha1AlgorithmIdentifier,
+ 0,
+ 0,
+ &mscHash);
+ if((ret == 0) || (mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
/* hash */
- ret = CryptHashData(mscHash,
- in,
- inSize,
- 0);
- if(ret == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptHashData",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", inSize);
- CryptDestroyHash(mscHash);
- return(-1);
- }
-
- /* get results */
- retLen = outSize;
- ret = CryptGetHashParam(mscHash,
- HP_HASHVAL,
- out,
- &retLen,
- 0);
- if (ret == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetHashParam(HP_HASHVAL)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- CryptDestroyHash(mscHash);
- return(-1);
- }
-
+ ret = CryptHashData(mscHash,
+ in,
+ inSize,
+ 0);
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
+ /* get results */
+ retLen = outSize;
+ ret = CryptGetHashParam(mscHash,
+ HP_HASHVAL,
+ out,
+ &retLen,
+ 0);
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetHashParam(HP_HASHVAL)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
/* done */
CryptDestroyHash(mscHash);
return(retLen);
@@ -548,14 +548,14 @@ xmlSecMSCryptoKWDes3GenerateRandom(void * context,
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize > 0, -1);
- if(!CryptGenRandom(ctx->desCryptProvider, outSize, out)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGenRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "len=%d", outSize);
- return(-1);
- }
+ if(!CryptGenRandom(ctx->desCryptProvider, outSize, out)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%d", outSize);
+ return(-1);
+ }
return((int)outSize);
}
@@ -599,29 +599,29 @@ xmlSecMSCryptoKWDes3BlockEncrypt(void * context,
}
xmlSecAssert2(cryptKey != 0, -1);
- /* iv len == block len */
- dwBlockLenLen = sizeof(DWORD);
- if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CryptDestroyKey(cryptKey);
- return(-1);
- }
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
/* set IV */
- if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ivSize=%d, dwBlockLen=%d",
- ivSize, dwBlockLen / 8);
- CryptDestroyKey(cryptKey);
- return(-1);
- }
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
/* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
* can be skipped. I hope this will work .... */
@@ -635,7 +635,7 @@ xmlSecMSCryptoKWDes3BlockEncrypt(void * context,
"CryptEncrypt",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- CryptDestroyKey(cryptKey);
+ CryptDestroyKey(cryptKey);
return(-1);
}
@@ -683,29 +683,29 @@ xmlSecMSCryptoKWDes3BlockDecrypt(void * context,
}
xmlSecAssert2(cryptKey != 0, -1);
- /* iv len == block len */
- dwBlockLenLen = sizeof(DWORD);
- if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CryptDestroyKey(cryptKey);
- return(-1);
- }
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
/* set IV */
- if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ivSize=%d, dwBlockLen=%d",
- ivSize, dwBlockLen / 8);
- CryptDestroyKey(cryptKey);
- return(-1);
- }
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
/* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
* can be skipped. I hope this will work .... */
@@ -719,7 +719,7 @@ xmlSecMSCryptoKWDes3BlockDecrypt(void * context,
"CryptEncrypt",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- CryptDestroyKey(cryptKey);
+ CryptDestroyKey(cryptKey);
return(-1);
}
diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c
index a38475b..6150553 100644
--- a/src/nss/kw_aes.c
+++ b/src/nss/kw_aes.c
@@ -79,13 +79,23 @@ static int xmlSecNssAesOp (PK11SymKey *aes
*
* AES KW transforms
*
- * key (xmlSecBuffer) is located after xmlSecTransform structure
- *
********************************************************************/
-#define xmlSecNssKWAesGetKey(transform) \
- ((xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecNssKWAesSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
+typedef struct _xmlSecNssKWAesCtx xmlSecNssKWAesCtx,
+ *xmlSecNssKWAesCtxPtr;
+struct _xmlSecNssKWAesCtx {
+ xmlSecBuffer keyBuffer;
+ xmlSecSize keyExpectedSize;
+};
+#define xmlSecNssKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssKWAesCtx))
+#define xmlSecNssKWAesGetCtx(transform) \
+ ((xmlSecNssKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+#define xmlSecNssKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes256Id))
+
static int xmlSecNssKWAesInitialize (xmlSecTransformPtr transform);
static void xmlSecNssKWAesFinalize (xmlSecTransformPtr transform);
@@ -96,14 +106,6 @@ static int xmlSecNssKWAesSetKey (xmlSecTransformPtr tran
static int xmlSecNssKWAesExecute (xmlSecTransformPtr transform,
int last,
xmlSecTransformCtxPtr transformCtx);
-static xmlSecSize xmlSecNssKWAesGetKeySize (xmlSecTransformPtr transform);
-static int xmlSecNssKWAesOp (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte* in,
- xmlSecSize inSize,
- xmlSecByte* out,
- xmlSecSize outSize,
- int enc);
static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
/* klass/object sizes */
@@ -132,6 +134,18 @@ static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
NULL, /* void* reserved1; */
};
+/**
+ * xmlSecNssTransformKWAes128GetKlass:
+ *
+ * The AES-128 key wrapper transform klass.
+ *
+ * Returns: AES-128 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes128GetKlass(void) {
+ return(&xmlSecNssKWAes128Klass);
+}
+
static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
/* klass/object sizes */
sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
@@ -159,6 +173,18 @@ static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
NULL, /* void* reserved1; */
};
+/**
+ * xmlSecNssTransformKWAes192GetKlass:
+ *
+ * The AES-192 key wrapper transform klass.
+ *
+ * Returns: AES-192 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes192GetKlass(void) {
+ return(&xmlSecNssKWAes192Klass);
+}
+
static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
/* klass/object sizes */
sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
@@ -186,35 +212,6 @@ static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
NULL, /* void* reserved1; */
};
-#define xmlSecNssKWAesCheckId(transform) \
- (xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes128Id) || \
- xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes192Id) || \
- xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes256Id))
-
-/**
- * xmlSecNssTransformKWAes128GetKlass:
- *
- * The AES-128 key wrapper transform klass.
- *
- * Returns: AES-128 key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecNssTransformKWAes128GetKlass(void) {
- return(&xmlSecNssKWAes128Klass);
-}
-
-/**
- * xmlSecNssTransformKWAes192GetKlass:
- *
- * The AES-192 key wrapper transform klass.
- *
- * Returns: AES-192 key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecNssTransformKWAes192GetKlass(void) {
- return(&xmlSecNssKWAes192Klass);
-}
-
/**
* xmlSecNssTransformKWAes256GetKlass:
*
@@ -229,12 +226,31 @@ xmlSecNssTransformKWAes256GetKlass(void) {
static int
xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssKWAesCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
- ret = xmlSecBufferInitialize(xmlSecNssKWAesGetKey(transform), 0);
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -249,21 +265,29 @@ xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) {
static void
xmlSecNssKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssKWAesCtxPtr ctx;
+
xmlSecAssert(xmlSecNssKWAesCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize));
- if(xmlSecNssKWAesGetKey(transform) != NULL) {
- xmlSecBufferFinalize(xmlSecNssKWAesGetKey(transform));
- }
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
}
static int
xmlSecNssKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKWAesCtxPtr ctx;
+
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
keyReq->keyId = xmlSecNssKeyDataAesId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
@@ -271,49 +295,51 @@ xmlSecNssKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
} else {
keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
- keyReq->keyBitsSize = 8 * xmlSecNssKWAesGetKeySize(transform);
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
return(0);
}
static int
xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
- xmlSecSize expectedKeySize;
int ret;
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
- xmlSecAssert2(xmlSecNssKWAesGetKey(transform) != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataAesId), -1);
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
- expectedKeySize = xmlSecNssKWAesGetKeySize(transform);
- if(keySize < expectedKeySize) {
+ if(keySize < ctx->keyExpectedSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key=%d;expected=%d",
- keySize, expectedKeySize);
+ keySize, ctx->keyExpectedSize);
return(-1);
}
- ret = xmlSecBufferSetData(xmlSecNssKWAesGetKey(transform),
- xmlSecBufferGetData(buffer),
- expectedKeySize);
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected-size=%d", expectedKeySize);
+ "expected-size=%d",
+ ctx->keyExpectedSize);
return(-1);
}
@@ -322,8 +348,9 @@ xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
static int
xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecBufferPtr in, out, key;
- xmlSecSize inSize, outSize, keySize, expectedKeySize;
+ xmlSecNssKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
PK11SymKey *aeskey = NULL;
int ret;
@@ -332,12 +359,11 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- key = xmlSecNssKWAesGetKey(transform);
- xmlSecAssert2(key != NULL, -1);
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
- keySize = xmlSecBufferGetSize(key);
- expectedKeySize = xmlSecNssKWAesGetKeySize(transform);
- xmlSecAssert2(keySize == expectedKeySize, -1);
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
in = &(transform->inBuf);
out = &(transform->outBuf);
@@ -383,7 +409,7 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
PK11SymKey *aeskey = NULL;
/* create key */
- aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(key), keySize, 1); /* encrypt */
+ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 1); /* encrypt */
if(aeskey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -401,7 +427,7 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssKWAesOp",
+ "xmlSecKWAesEncode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
PK11_FreeSymKey(aeskey);
@@ -414,7 +440,7 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
PK11SymKey *aeskey = NULL;
/* create key */
- aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(key), keySize, 0); /* decrypt */
+ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 0); /* decrypt */
if(aeskey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -431,7 +457,7 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssKWAesOp",
+ "xmlSecKWAesDecode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
PK11_FreeSymKey(aeskey);
@@ -477,18 +503,11 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
return(0);
}
-static xmlSecSize
-xmlSecNssKWAesGetKeySize(xmlSecTransformPtr transform) {
- if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
- return(XMLSEC_KW_AES128_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
- return(XMLSEC_KW_AES192_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
- return(XMLSEC_KW_AES256_KEY_SIZE);
- }
- return(0);
-}
-
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
static int
xmlSecNSSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize,
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
index 32c47ab..573fb98 100644
--- a/src/openssl/kw_aes.c
+++ b/src/openssl/kw_aes.c
@@ -357,34 +357,6 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
return(0);
}
-static int
-xmlSecOpenSSLKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * context) {
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(context != NULL, -1);
-
- AES_encrypt(in, out, (AES_KEY*)context);
- return(AES_BLOCK_SIZE);
-}
-
-static int
-xmlSecOpenSSLKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize,
- void * context) {
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
- xmlSecAssert2(context != NULL, -1);
-
- AES_decrypt(in, out, (AES_KEY*)context);
- return(AES_BLOCK_SIZE);
-}
-
static xmlSecTransformKlass xmlSecOpenSSLKWAes128Klass = {
/* klass/object sizes */
sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
@@ -503,5 +475,39 @@ xmlSecOpenSSLTransformKWAes256GetKlass(void) {
return(&xmlSecOpenSSLKWAes256Klass);
}
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecOpenSSLKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
+
+ AES_encrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
+}
+
+static int
+xmlSecOpenSSLKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
+
+ AES_decrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
+}
+
+
#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
