[xmlsec] add des kw support for xmlsec-gnutls
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] add des kw support for xmlsec-gnutls
- Date: Sun, 9 May 2010 21:07:00 +0000 (UTC)
commit 34c622606a5df0ef245e16a10710fbd298ebadbd
Author: Aleksey Sanin <aleksey aleksey com>
Date: Sun May 9 12:58:50 2010 -0700
add des kw support for xmlsec-gnutls
ChangeLog | 1 +
TODO | 8 ++------
docs/xmlenc.html | 2 +-
include/xmlsec/gnutls/crypto.h | 9 +++++++++
include/xmlsec/mscrypto/crypto.h | 2 +-
include/xmlsec/nss/crypto.h | 2 +-
include/xmlsec/openssl/crypto.h | 2 +-
src/gnutls/Makefile.am | 1 +
src/gnutls/crypto.c | 1 +
src/gnutls/kw_aes.c | 16 ++++++++--------
src/nss/kw_aes.c | 5 ++---
src/openssl/kw_des.c | 4 ++--
12 files changed, 30 insertions(+), 23 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 93a87fb..ad025af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
2010-05-09 Aleksey Sanin <aleksey aleksey com>
* Added DES KW support for xmlsec-mscrypto
+ * Added DES KW support for xmlsec-gnutls
2010-05-08 Aleksey Sanin <aleksey aleksey com>
* Added AES KW support for xmlsec-mscrypto
diff --git a/TODO b/TODO
index 49899a5..4cef702 100644
--- a/TODO
+++ b/TODO
@@ -50,7 +50,7 @@ merlin-xmldsig-twenty-three/signature-x509-crt-crl
* xmlsec-mscrypto (May 09, 2010 using Windows XP SP3)
-------------------------------------------------
-** Skipped tests due to missing transforms: RIPEMD160, SHA224, DES KW
+** Skipped tests due to missing transforms: RIPEMD160, SHA224
aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160
aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64
@@ -68,8 +68,7 @@ aleksey-xmldsig-01/enveloped-gost
* xmlsec-gnutls (May 09, 2010 using GnuTLS)
-------------------------------------------------
-** Skipped tests due to missing transforms: RSA, DSA, DES KW,
-RSA PKCS/OAEP, X509, GOST
+** Skipped tests due to missing transforms: RSA, DSA, RSA PKCS/OAEP, X509, GOST
aleksey-xmldsig-01/enveloping-dsa-x509chain
aleksey-xmldsig-01/enveloping-rsa-x509chain
@@ -133,7 +132,6 @@ phaos-xmldsig-three/signature-rsa-manifest-x509-data-crl
merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5
merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p
-merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes
01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5
01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1
01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5
@@ -142,5 +140,3 @@ merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes
01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5
01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5
01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1
-01-phaos-xmlenc-3/enc-element-3des-kw-3des
-01-phaos-xmlenc-3/enc-content-aes128-kw-3des
diff --git a/docs/xmlenc.html b/docs/xmlenc.html
index e4ddca2..edd60b3 100644
--- a/docs/xmlenc.html
+++ b/docs/xmlenc.html
@@ -300,7 +300,7 @@ data (including XML document). </div>
<tr>
<td style="width: 40%;" align="left" valign="top">TRIPLEDES Key Wrap</td>
<td valign="top">Y</td>
- <td valign="top">N</td>
+ <td valign="top">Y</td>
<td valign="top">Y</td>
<td valign="top">Y</td>
</tr>
diff --git a/include/xmlsec/gnutls/crypto.h b/include/xmlsec/gnutls/crypto.h
index 8032f20..f7e4efd 100644
--- a/include/xmlsec/gnutls/crypto.h
+++ b/include/xmlsec/gnutls/crypto.h
@@ -134,6 +134,15 @@ XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataDesSet (xmlSecK
xmlSecGnuTLSTransformDes3CbcGetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDes3CbcGetKlass(void);
+/**
+ * xmlSecGnuTLSTransformKWDes3Id:
+ *
+ * The DES3 KW transform klass.
+ */
+#define xmlSecGnuTLSTransformKWDes3Id \
+ xmlSecGnuTLSTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWDes3GetKlass(void);
+
#endif /* XMLSEC_NO_DES */
diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h
index d0d0620..dd8a994 100644
--- a/include/xmlsec/mscrypto/crypto.h
+++ b/include/xmlsec/mscrypto/crypto.h
@@ -419,7 +419,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformDes3CbcGetKlass(vo
/**
* xmlSecMSCryptoTransformKWDes3Id:
*
- * The DES3 CBC cipher transform klass.
+ * The DES3 KW transform klass.
*/
#define xmlSecMSCryptoTransformKWDes3Id \
xmlSecMSCryptoTransformKWDes3GetKlass()
diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h
index f52ba4e..a1c1194 100644
--- a/include/xmlsec/nss/crypto.h
+++ b/include/xmlsec/nss/crypto.h
@@ -150,7 +150,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformDes3CbcGetKlass(void);
/**
* xmlSecNssTransformKWDes3Id:
*
-* The DES3 CBC cipher transform klass.
+* The DES3 KW transform klass.
*/
#define xmlSecNssTransformKWDes3Id \
xmlSecNssTransformKWDes3GetKlass()
diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
index 9c8423b..78f907a 100644
--- a/include/xmlsec/openssl/crypto.h
+++ b/include/xmlsec/openssl/crypto.h
@@ -139,7 +139,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDes3CbcGetKlass(voi
/**
* xmlSecOpenSSLTransformKWDes3Id:
*
- * The DES3 CBC cipher transform klass.
+ * The DES3 KW transform klass.
*/
#define xmlSecOpenSSLTransformKWDes3Id \
xmlSecOpenSSLTransformKWDes3GetKlass()
diff --git a/src/gnutls/Makefile.am b/src/gnutls/Makefile.am
index e66e6e3..19750a7 100644
--- a/src/gnutls/Makefile.am
+++ b/src/gnutls/Makefile.am
@@ -25,6 +25,7 @@ libxmlsec1_gnutls_la_SOURCES =\
digests.c \
hmac.c \
kw_aes.c \
+ kw_des.c \
symkeys.c \
globals.h \
$(NULL)
diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c
index c5713a9..e56b190 100644
--- a/src/gnutls/crypto.c
+++ b/src/gnutls/crypto.c
@@ -94,6 +94,7 @@ xmlSecCryptoGetFunctions_gnutls(void) {
/******************************* DES ********************************/
#ifndef XMLSEC_NO_DES
gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass = xmlSecGnuTLSTransformDes3CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWDes3GetKlass = xmlSecGnuTLSTransformKWDes3GetKlass;
#endif /* XMLSEC_NO_DES */
/******************************* HMAC ********************************/
diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c
index 0ca23cc..b47eec4 100644
--- a/src/gnutls/kw_aes.c
+++ b/src/gnutls/kw_aes.c
@@ -473,7 +473,7 @@ xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
void * context) {
xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
gcry_cipher_hd_t cipherCtx;
- int ret;
+ gpg_err_code_t ret;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
@@ -494,7 +494,7 @@ xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
ret = gcry_cipher_setkey(cipherCtx,
xmlSecBufferGetData(&ctx->keyBuffer),
xmlSecBufferGetSize(&ctx->keyBuffer));
- if(ret != 0) {
+ if(ret != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_setkey",
@@ -505,7 +505,7 @@ xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
/* use zero IV and CBC mode to ensure we get result as-is */
ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
- if(ret != 0) {
+ if(ret != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_setiv",
@@ -515,7 +515,7 @@ xmlSecGnuTLSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
}
ret = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
- if(ret != 0) {
+ if(ret != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_encrypt",
@@ -535,7 +535,7 @@ xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
void * context) {
xmlSecGnuTLSKWAesCtxPtr ctx = (xmlSecGnuTLSKWAesCtxPtr)context;
gcry_cipher_hd_t cipherCtx;
- int ret;
+ gpg_err_code_t ret;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
@@ -556,7 +556,7 @@ xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
ret = gcry_cipher_setkey(cipherCtx,
xmlSecBufferGetData(&ctx->keyBuffer),
xmlSecBufferGetSize(&ctx->keyBuffer));
- if(ret != 0) {
+ if(ret != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_setkey",
@@ -567,7 +567,7 @@ xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
/* use zero IV and CBC mode to ensure we get result as-is */
ret = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
- if(ret != 0) {
+ if(ret != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_setiv",
@@ -577,7 +577,7 @@ xmlSecGnuTLSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
}
ret = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
- if(ret != 0) {
+ if(ret != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_decrypt",
diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c
index 6150553..0438e30 100644
--- a/src/nss/kw_aes.c
+++ b/src/nss/kw_aes.c
@@ -351,7 +351,6 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
xmlSecNssKWAesCtxPtr ctx;
xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize, keySize;
- PK11SymKey *aeskey = NULL;
int ret;
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
@@ -614,8 +613,8 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int en
unsigned int tmp2_outlen;
int ret = -1;
- xmlSecAssert(in != NULL);
- xmlSecAssert(out != NULL);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
cipherMech = CKM_AES_ECB;
SecParam = PK11_ParamFromIV(cipherMech, NULL);
diff --git a/src/openssl/kw_des.c b/src/openssl/kw_des.c
index 63af05a..a03fd14 100644
--- a/src/openssl/kw_des.c
+++ b/src/openssl/kw_des.c
@@ -7,7 +7,7 @@
* This is free software; see Copyright file in the source
* distribution for preciese wording.
*
- * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ * Copyright (C) 2002-2010 Aleksey Sanin <aleksey aleksey com>
*/
#ifndef XMLSEC_NO_DES
#include "globals.h"
@@ -372,6 +372,7 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo
"status=%d", transform->status);
return(-1);
}
+
return(0);
}
@@ -400,7 +401,6 @@ xmlSecOpenSSLKWDes3Sha1(void * context,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
return(SHA_DIGEST_LENGTH);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
