summaryrefslogtreecommitdiff
path: root/src/kw_aes_des.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/kw_aes_des.c')
-rw-r--r--src/kw_aes_des.c127
1 files changed, 43 insertions, 84 deletions
diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c
index 7eb74b05..b51c006e 100644
--- a/src/kw_aes_des.c
+++ b/src/kw_aes_des.c
@@ -1,13 +1,18 @@
-/**
+/*
* XML Security Library (http://www.aleksey.com/xmlsec).
*
- * Implementation of AES/DES Key Transport algorithm
- *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
*
* Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
*/
+/**
+ * SECTION:kw_aes_des
+ * @Short_description: AES/DES Key Transport implementation.
+ * @Stability: Private
+ *
+ */
+
#include "globals.h"
#include <stdlib.h>
@@ -16,6 +21,7 @@
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
#include <xmlsec/errors.h>
#include "kw_aes_des.h"
@@ -93,11 +99,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
/* step 2: calculate sha1 and CMS */
ret = kwDes3Id->sha1(context, in, inSize, sha1, sizeof(sha1));
if((ret < 0) || (ret != sizeof(sha1))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwDes3Id->sha1",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("kwDes3Id->sha1", NULL);
return(-1);
}
@@ -108,11 +110,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
/* step 4: generate random iv */
ret = kwDes3Id->generateRandom(context, iv, sizeof(iv));
if((ret < 0) || (ret != sizeof(iv))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwDes3Id->generateRandom",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("kwDes3Id->generateRandom", NULL);
return(-1);
}
@@ -122,11 +120,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
out, inSize + XMLSEC_KW_DES3_BLOCK_LENGTH,
out, outSize);
if((ret < 0) || ((xmlSecSize)ret != inSize + XMLSEC_KW_DES3_BLOCK_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwDes3Id->encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("kwDes3Id->encrypt", NULL);
return(-1);
}
@@ -138,11 +132,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
/* step 7: reverse octets order, result is TEMP3 */
ret = xmlSecKWDes3BufferReverse(out, s);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("xmlSecKWDes3BufferReverse", NULL);
return(-1);
}
@@ -152,11 +142,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
out, s,
out, outSize);
if((ret < 0) || ((xmlSecSize)ret != s)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwDes3Id->encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("kwDes3Id->encrypt", NULL);
return(-1);
}
@@ -170,6 +156,7 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context,
xmlSecByte *out, xmlSecSize outSize)
{
xmlSecByte sha1[XMLSEC_KW_DES3_SHA_DIGEST_LENGTH];
+ xmlSecBufferPtr tmp;
xmlSecSize s;
int ret;
@@ -182,42 +169,39 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context,
/* step 2: first decryption with static IV, result is TEMP3 */
+ tmp = xmlSecBufferCreate(inSize);
+ if(tmp == NULL) {
+ xmlSecInternalError2("xmlSecBufferCreate", NULL, "inSize=%d", (int)inSize);
+ return(-1);
+ }
+
ret = kwDes3Id->decrypt(context,
xmlSecKWDes3Iv, sizeof(xmlSecKWDes3Iv),
in, inSize,
- out, outSize);
+ xmlSecBufferGetData(tmp), xmlSecBufferGetMaxSize(tmp));
if((ret < 0) || (ret < XMLSEC_KW_DES3_IV_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwDes3Id->decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("kwDes3Id->decrypt", NULL);
+ xmlSecBufferDestroy(tmp);
return(-1);
}
s = ret;
/* step 3: reverse octets order in TEMP3, result is TEMP2 */
- ret = xmlSecKWDes3BufferReverse(out, s);
+ ret = xmlSecKWDes3BufferReverse(xmlSecBufferGetData(tmp), s);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("xmlSecKWDes3BufferReverse", NULL);
+ xmlSecBufferDestroy(tmp);
return(-1);
}
/* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
ret = kwDes3Id->decrypt(context,
- out, XMLSEC_KW_DES3_IV_LENGTH,
- out + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH,
+ xmlSecBufferGetData(tmp), XMLSEC_KW_DES3_IV_LENGTH,
+ xmlSecBufferGetData(tmp) + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH,
out, outSize);
if((ret < 0) || (ret < XMLSEC_KW_DES3_BLOCK_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwDes3Id->decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("kwDes3Id->decrypt", NULL);
+ xmlSecBufferDestroy(tmp);
return(-1);
}
s = ret - XMLSEC_KW_DES3_BLOCK_LENGTH;
@@ -227,26 +211,21 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context,
out, s,
sha1, sizeof(sha1));
if((ret < 0) || (ret != sizeof(sha1))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwDes3Id->sha1",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ret=%d", ret);
+ xmlSecInternalError("kwDes3Id->sha1", NULL);
+ xmlSecBufferDestroy(tmp);
return(-1);
}
/* check sha1 */
xmlSecAssert2(XMLSEC_KW_DES3_BLOCK_LENGTH <= sizeof(sha1), -1);
if(memcmp(sha1, out + s, XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "SHA1 does not match");
+ xmlSecInvalidDataError("SHA1 does not match", NULL);
+ xmlSecBufferDestroy(tmp);
return(-1);
}
/* done */
+ xmlSecBufferDestroy(tmp);
return(s);
}
@@ -285,11 +264,11 @@ xmlSecKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size)
* 64-bit register A, 128-bit register B, and array of 64-bit quantities
* R(1) through R(N).
*
- * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
+ * "|" represents concatenation so x|y, where x and y and 64-bit quantities,
* is the 128-bit quantity with x in the most significant bits and y in the
* least significant bits. AES(K)enc(x) is the operation of AES encrypting
* the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
- * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
+ * decryption operation. XOR(x,y) is the bitwise exclusive or of x and y.
* MSB(x) and LSB(y) are the most significant 64 bits and least significant
* 64 bits of x and y respectively.
*
@@ -378,11 +357,7 @@ xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context,
if(N == 1) {
ret = kwAesId->encrypt(out, inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, outSize, context);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwAesId->encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("kwAesId->encrypt", NULL);
return(-1);
}
} else {
@@ -396,11 +371,7 @@ xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context,
ret = kwAesId->encrypt(block, sizeof(block), block, sizeof(block), context);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwAesId->encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("kwAesId->encrypt", NULL);
return(-1);
}
block[7] ^= t;
@@ -440,11 +411,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
if(N == 1) {
ret = kwAesId->decrypt(out, inSize, out, outSize, context);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwAesId->decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("kwAesId->decrypt", NULL);
return(-1);
}
} else {
@@ -459,11 +426,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
ret = kwAesId->decrypt(block, sizeof(block), block, sizeof(block), context);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "kwAesId->decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("kwAesId->decrypt", NULL);
return(-1);
}
memcpy(out, block, 8);
@@ -476,11 +439,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
/* check the output */
if(memcmp(xmlSecKWAesMagicBlock, out, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "bad magic block");
+ xmlSecInvalidDataError("bad magic block", NULL);
return(-1);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-04 11:31:42 +0000