diff options
Diffstat (limited to 'src/kw_aes_des.c')
-rw-r--r-- | src/kw_aes_des.c | 127 |
1 files changed, 43 insertions, 84 deletions
diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c index 7eb74b05..b51c006e 100644 --- a/src/kw_aes_des.c +++ b/src/kw_aes_des.c @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Implementation of AES/DES Key Transport algorithm - * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes_des + * @Short_description: AES/DES Key Transport implementation. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> @@ -16,6 +21,7 @@ #include <libxml/tree.h> #include <xmlsec/xmlsec.h> +#include <xmlsec/buffer.h> #include <xmlsec/errors.h> #include "kw_aes_des.h" @@ -93,11 +99,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 2: calculate sha1 and CMS */ ret = kwDes3Id->sha1(context, in, inSize, sha1, sizeof(sha1)); if((ret < 0) || (ret != sizeof(sha1))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->sha1", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->sha1", NULL); return(-1); } @@ -108,11 +110,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 4: generate random iv */ ret = kwDes3Id->generateRandom(context, iv, sizeof(iv)); if((ret < 0) || (ret != sizeof(iv))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->generateRandom", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->generateRandom", NULL); return(-1); } @@ -122,11 +120,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, out, inSize + XMLSEC_KW_DES3_BLOCK_LENGTH, out, outSize); if((ret < 0) || ((xmlSecSize)ret != inSize + XMLSEC_KW_DES3_BLOCK_LENGTH)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->encrypt", NULL); return(-1); } @@ -138,11 +132,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 7: reverse octets order, result is TEMP3 */ ret = xmlSecKWDes3BufferReverse(out, s); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKWDes3BufferReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("xmlSecKWDes3BufferReverse", NULL); return(-1); } @@ -152,11 +142,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, out, s, out, outSize); if((ret < 0) || ((xmlSecSize)ret != s)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->encrypt", NULL); return(-1); } @@ -170,6 +156,7 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context, xmlSecByte *out, xmlSecSize outSize) { xmlSecByte sha1[XMLSEC_KW_DES3_SHA_DIGEST_LENGTH]; + xmlSecBufferPtr tmp; xmlSecSize s; int ret; @@ -182,42 +169,39 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 2: first decryption with static IV, result is TEMP3 */ + tmp = xmlSecBufferCreate(inSize); + if(tmp == NULL) { + xmlSecInternalError2("xmlSecBufferCreate", NULL, "inSize=%d", (int)inSize); + return(-1); + } + ret = kwDes3Id->decrypt(context, xmlSecKWDes3Iv, sizeof(xmlSecKWDes3Iv), in, inSize, - out, outSize); + xmlSecBufferGetData(tmp), xmlSecBufferGetMaxSize(tmp)); if((ret < 0) || (ret < XMLSEC_KW_DES3_IV_LENGTH)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->decrypt", NULL); + xmlSecBufferDestroy(tmp); return(-1); } s = ret; /* step 3: reverse octets order in TEMP3, result is TEMP2 */ - ret = xmlSecKWDes3BufferReverse(out, s); + ret = xmlSecKWDes3BufferReverse(xmlSecBufferGetData(tmp), s); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKWDes3BufferReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("xmlSecKWDes3BufferReverse", NULL); + xmlSecBufferDestroy(tmp); return(-1); } /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ ret = kwDes3Id->decrypt(context, - out, XMLSEC_KW_DES3_IV_LENGTH, - out + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH, + xmlSecBufferGetData(tmp), XMLSEC_KW_DES3_IV_LENGTH, + xmlSecBufferGetData(tmp) + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH, out, outSize); if((ret < 0) || (ret < XMLSEC_KW_DES3_BLOCK_LENGTH)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->decrypt", NULL); + xmlSecBufferDestroy(tmp); return(-1); } s = ret - XMLSEC_KW_DES3_BLOCK_LENGTH; @@ -227,26 +211,21 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context, out, s, sha1, sizeof(sha1)); if((ret < 0) || (ret != sizeof(sha1))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->sha1", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->sha1", NULL); + xmlSecBufferDestroy(tmp); return(-1); } /* check sha1 */ xmlSecAssert2(XMLSEC_KW_DES3_BLOCK_LENGTH <= sizeof(sha1), -1); if(memcmp(sha1, out + s, XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "SHA1 does not match"); + xmlSecInvalidDataError("SHA1 does not match", NULL); + xmlSecBufferDestroy(tmp); return(-1); } /* done */ + xmlSecBufferDestroy(tmp); return(s); } @@ -285,11 +264,11 @@ xmlSecKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) * 64-bit register A, 128-bit register B, and array of 64-bit quantities * R(1) through R(N). * - * "|" represents concatentation so x|y, where x and y and 64-bit quantities, + * "|" represents concatenation so x|y, where x and y and 64-bit quantities, * is the 128-bit quantity with x in the most significant bits and y in the * least significant bits. AES(K)enc(x) is the operation of AES encrypting * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding - * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y. + * decryption operation. XOR(x,y) is the bitwise exclusive or of x and y. * MSB(x) and LSB(y) are the most significant 64 bits and least significant * 64 bits of x and y respectively. * @@ -378,11 +357,7 @@ xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context, if(N == 1) { ret = kwAesId->encrypt(out, inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, outSize, context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->encrypt", NULL); return(-1); } } else { @@ -396,11 +371,7 @@ xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context, ret = kwAesId->encrypt(block, sizeof(block), block, sizeof(block), context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->encrypt", NULL); return(-1); } block[7] ^= t; @@ -440,11 +411,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context, if(N == 1) { ret = kwAesId->decrypt(out, inSize, out, outSize, context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->decrypt", NULL); return(-1); } } else { @@ -459,11 +426,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context, ret = kwAesId->decrypt(block, sizeof(block), block, sizeof(block), context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->decrypt", NULL); return(-1); } memcpy(out, block, 8); @@ -476,11 +439,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context, /* check the output */ if(memcmp(xmlSecKWAesMagicBlock, out, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "bad magic block"); + xmlSecInvalidDataError("bad magic block", NULL); return(-1); } |