summaryrefslogtreecommitdiff
path: root/src/gcrypt/kw_des.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gcrypt/kw_des.c')
-rw-r--r--src/gcrypt/kw_des.c607
1 files changed, 0 insertions, 607 deletions
diff --git a/src/gcrypt/kw_des.c b/src/gcrypt/kw_des.c
deleted file mode 100644
index b93eb9f5..00000000
--- a/src/gcrypt/kw_des.c
+++ /dev/null
@@ -1,607 +0,0 @@
-/**
- *
- * XMLSec library
- *
- * DES Algorithm support
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#ifndef XMLSEC_NO_DES
-#include "globals.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <gcrypt.h>
-
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/gcrypt/crypto.h>
-
-#include "../kw_aes_des.h"
-
-/*********************************************************************
- *
- * DES KW implementation
- *
- *********************************************************************/
-static int xmlSecGCryptKWDes3GenerateRandom (void * context,
- xmlSecByte * out,
- xmlSecSize outSize);
-static int xmlSecGCryptKWDes3Sha1 (void * context,
- const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize);
-static int xmlSecGCryptKWDes3BlockEncrypt (void * context,
- const xmlSecByte * iv,
- xmlSecSize ivSize,
- const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize);
-static int xmlSecGCryptKWDes3BlockDecrypt (void * context,
- const xmlSecByte * iv,
- xmlSecSize ivSize,
- const xmlSecByte * in,
- xmlSecSize inSize,
- xmlSecByte * out,
- xmlSecSize outSize);
-
-static xmlSecKWDes3Klass xmlSecGCryptKWDes3ImplKlass = {
- /* callbacks */
- xmlSecGCryptKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
- xmlSecGCryptKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
- xmlSecGCryptKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
- xmlSecGCryptKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
-
- /* for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-static int xmlSecGCryptKWDes3Encrypt (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *iv,
- xmlSecSize ivSize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize,
- int enc);
-
-
-/*********************************************************************
- *
- * Triple DES Key Wrap transform
- *
- * key (xmlSecBuffer) is located after xmlSecTransform structure
- *
- ********************************************************************/
-typedef struct _xmlSecGCryptKWDes3Ctx xmlSecGCryptKWDes3Ctx,
- *xmlSecGCryptKWDes3CtxPtr;
-struct _xmlSecGCryptKWDes3Ctx {
- xmlSecBuffer keyBuffer;
-};
-#define xmlSecGCryptKWDes3Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptKWDes3Ctx))
-#define xmlSecGCryptKWDes3GetCtx(transform) \
- ((xmlSecGCryptKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecGCryptKWDes3Initialize (xmlSecTransformPtr transform);
-static void xmlSecGCryptKWDes3Finalize (xmlSecTransformPtr transform);
-static int xmlSecGCryptKWDes3SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecGCryptKWDes3SetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecGCryptKWDes3Execute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static xmlSecTransformKlass xmlSecGCryptKWDes3Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGCryptKWDes3Size, /* xmlSecSize objSize */
-
- xmlSecNameKWDes3, /* const xmlChar* name; */
- xmlSecHrefKWDes3, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGCryptKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGCryptKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGCryptKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGCryptKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGCryptKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecGCryptTransformKWDes3GetKlass:
- *
- * The Triple DES key wrapper transform klass.
- *
- * Returns: Triple DES key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGCryptTransformKWDes3GetKlass(void) {
- return(&xmlSecGCryptKWDes3Klass);
-}
-
-static int
-xmlSecGCryptKWDes3Initialize(xmlSecTransformPtr transform) {
- xmlSecGCryptKWDes3CtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
-
- ctx = xmlSecGCryptKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
-}
-
-static void
-xmlSecGCryptKWDes3Finalize(xmlSecTransformPtr transform) {
- xmlSecGCryptKWDes3CtxPtr ctx;
-
- xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size));
-
- ctx = xmlSecGCryptKWDes3GetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- xmlSecBufferFinalize(&(ctx->keyBuffer));
-}
-
-static int
-xmlSecGCryptKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecGCryptKWDes3CtxPtr ctx;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- ctx = xmlSecGCryptKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keyReq->keyId = xmlSecGCryptKeyDataDesId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage= xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage= xmlSecKeyUsageDecrypt;
- }
- keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
- return(0);
-}
-
-static int
-xmlSecGCryptKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecGCryptKWDes3CtxPtr ctx;
- xmlSecBufferPtr buffer;
- xmlSecSize keySize;
- int ret;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataDesId), -1);
-
- ctx = xmlSecGCryptKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
-
- keySize = xmlSecBufferGetSize(buffer);
- if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key length %d is not enough (%d expected)",
- keySize, XMLSEC_KW_DES3_KEY_LENGTH);
- return(-1);
- }
-
- ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
- return(-1);
- }
-
- return(0);
-}
-
-static int
-xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGCryptKWDes3CtxPtr ctx;
- xmlSecBufferPtr in, out;
- xmlSecSize inSize, outSize, keySize;
- int ret;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGCryptKWDes3GetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
- xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
- } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d bytes - not %d bytes aligned",
- inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 16 bytes longer plus one block just in case */
- outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
- XMLSEC_KW_DES3_BLOCK_LENGTH +
- XMLSEC_KW_DES3_BLOCK_LENGTH;
- } else {
- /* just in case, add a block */
- outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecKWDes3Encode(&xmlSecGCryptKWDes3ImplKlass, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWDes3Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecKWDes3Decode(&xmlSecGCryptKWDes3ImplKlass, ctx,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKWDes3Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
- return(0);
-}
-
-/*********************************************************************
- *
- * DES KW implementation
- *
- *********************************************************************/
-static int
-xmlSecGCryptKWDes3Sha1(void * context,
- const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
- gcry_md_hd_t digestCtx;
- unsigned char * res;
- unsigned int len;
- gcry_error_t err;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize > 0, -1);
-
- len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
- xmlSecAssert2(outSize >= len, -1);
-
- err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_md_open(GCRY_MD_SHA1)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- gcry_md_write(digestCtx, in, inSize);
-
- err = gcry_md_final(digestCtx);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_md_final",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GCRYPT_REPORT_ERROR(err));
- gcry_md_close(digestCtx);
- return(-1);
- }
-
- res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_md_read(GCRY_MD_SHA1)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gcry_md_close(digestCtx);
- return(-1);
- }
-
- /* done */
- xmlSecAssert2(outSize >= len, -1);
- memcpy(out, res, len);
- gcry_md_close(digestCtx);
- return(len);
-}
-
-static int
-xmlSecGCryptKWDes3GenerateRandom(void * context,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize > 0, -1);
-
- gcry_randomize(out, outSize, GCRY_STRONG_RANDOM);
- return((int)outSize);
-}
-
-static int
-xmlSecGCryptKWDes3BlockEncrypt(void * context,
- const xmlSecByte * iv, xmlSecSize ivSize,
- const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
- xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- ret = xmlSecGCryptKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
- XMLSEC_KW_DES3_KEY_LENGTH,
- iv, XMLSEC_KW_DES3_IV_LENGTH,
- in, inSize,
- out, outSize,
- 1); /* encrypt */
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(ret);
-}
-
-static int
-xmlSecGCryptKWDes3BlockDecrypt(void * context,
- const xmlSecByte * iv, xmlSecSize ivSize,
- const xmlSecByte * in, xmlSecSize inSize,
- xmlSecByte * out, xmlSecSize outSize) {
- xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
- xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
- xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- ret = xmlSecGCryptKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
- XMLSEC_KW_DES3_KEY_LENGTH,
- iv, XMLSEC_KW_DES3_IV_LENGTH,
- in, inSize,
- out, outSize,
- 0); /* decrypt */
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(ret);
-}
-
-static int
-xmlSecGCryptKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *iv, xmlSecSize ivSize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize,
- int enc) {
- size_t key_len = gcry_cipher_get_algo_keylen(GCRY_CIPHER_3DES);
- size_t block_len = gcry_cipher_get_algo_blklen(GCRY_CIPHER_3DES);
- gcry_cipher_hd_t cipherCtx;
- gcry_error_t err;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize >= key_len, -1);
- xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize >= block_len, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- err = gcry_cipher_open(&cipherCtx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); /* we are paranoid */
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_open(GCRY_CIPHER_3DES)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_setkey(cipherCtx, key, keySize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- err = gcry_cipher_setiv(cipherCtx, iv, ivSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GCRYPT_REPORT_ERROR(err));
- return(-1);
- }
-
- if(enc) {
- err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GCRYPT_REPORT_ERROR(err));
- gcry_cipher_close(cipherCtx);
- return(-1);
- }
- } else {
- err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
- if(err != GPG_ERR_NO_ERROR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_cipher_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GCRYPT_REPORT_ERROR(err));
- gcry_cipher_close(cipherCtx);
- return(-1);
- }
- }
-
- /* done */
- gcry_cipher_close(cipherCtx);
- return((int)inSize); /* out size == in size */
-}
-
-
-#endif /* XMLSEC_NO_DES */
-