diff options
Diffstat (limited to 'src/mscrypto/kt_rsa.c')
-rw-r--r-- | src/mscrypto/kt_rsa.c | 637 |
1 files changed, 208 insertions, 429 deletions
diff --git a/src/mscrypto/kt_rsa.c b/src/mscrypto/kt_rsa.c index 9b4908fa..ec86ac53 100644 --- a/src/mscrypto/kt_rsa.c +++ b/src/mscrypto/kt_rsa.c @@ -1,13 +1,13 @@ -/** +/** * * XMLSec library - * + * * RSA Algorithms support - * + * * This is free software; see Copyright file in the source * distribution for preciese wording. - * - * Copyright (C) 2003 Cordys R&D BV, All rights reserved. + * + * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved. */ #include "globals.h" @@ -29,229 +29,212 @@ #include <xmlsec/mscrypto/crypto.h> #include <xmlsec/mscrypto/certkeys.h> -#include "private.h" /************************************************************************** * * Internal MSCRYPTO RSA PKCS1 CTX * *************************************************************************/ -typedef struct _xmlSecMSCryptoRsaPkcs1OaepCtx xmlSecMSCryptoRsaPkcs1OaepCtx, - *xmlSecMSCryptoRsaPkcs1OaepCtxPtr; -struct _xmlSecMSCryptoRsaPkcs1OaepCtx { - DWORD dwFlags; - xmlSecKeyDataPtr data; - xmlSecBuffer oaepParams; -}; +typedef struct _xmlSecMSCryptoRsaPkcs1Ctx xmlSecMSCryptoRsaPkcs1Ctx, + *xmlSecMSCryptoRsaPkcs1CtxPtr; +struct _xmlSecMSCryptoRsaPkcs1Ctx { + xmlSecKeyDataPtr data; + DWORD typeFlags; +}; /********************************************************************* * * RSA PKCS1 key transport transform * - * xmlSecMSCryptoRsaPkcs1OaepCtx is located after xmlSecTransform + * xmlSecMSCryptoRsaPkcs1Ctx is located after xmlSecTransform * ********************************************************************/ -#define xmlSecMSCryptoRsaPkcs1OaepCtx \ - (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx)) -#define xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform) \ - ((xmlSecMSCryptoRsaPkcs1OaepCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) - -static int xmlSecMSCryptoRsaPkcs1OaepCheckId (xmlSecTransformPtr transform); -static int xmlSecMSCryptoRsaPkcs1OaepInitialize (xmlSecTransformPtr transform); -static void xmlSecMSCryptoRsaPkcs1OaepFinalize (xmlSecTransformPtr transform); -static int xmlSecMSCryptoRsaPkcs1OaepSetKeyReq (xmlSecTransformPtr transform, - xmlSecKeyReqPtr keyReq); -static int xmlSecMSCryptoRsaPkcs1OaepSetKey (xmlSecTransformPtr transform, - xmlSecKeyPtr key); -static int xmlSecMSCryptoRsaPkcs1OaepExecute (xmlSecTransformPtr transform, - int last, - xmlSecTransformCtxPtr transformCtx); -static int xmlSecMSCryptoRsaPkcs1OaepProcess (xmlSecTransformPtr transform, - xmlSecTransformCtxPtr transformCtx); - - -static int -xmlSecMSCryptoRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) { - - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) { - return(1); - } else - - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) { - return(1); - } else - - /* not found */ - { - return(0); - } - - /* just in case */ - return(0); -} - -static int -xmlSecMSCryptoRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) { - xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx; - int ret; - - xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1); - - ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - - /* initialize */ - memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx)); +#define xmlSecMSCryptoRsaPkcs1Size \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoRsaPkcs1Ctx)) +#define xmlSecMSCryptoRsaPkcs1GetCtx(transform) \ + ((xmlSecMSCryptoRsaPkcs1CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int xmlSecMSCryptoRsaPkcs1Initialize (xmlSecTransformPtr transform); +static void xmlSecMSCryptoRsaPkcs1Finalize (xmlSecTransformPtr transform); +static int xmlSecMSCryptoRsaPkcs1SetKeyReq (xmlSecTransformPtr transform, + xmlSecKeyReqPtr keyReq); +static int xmlSecMSCryptoRsaPkcs1SetKey (xmlSecTransformPtr transform, + xmlSecKeyPtr key); +static int xmlSecMSCryptoRsaPkcs1Execute (xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform, + xmlSecTransformCtxPtr transformCtx); - ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } +static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */ + + xmlSecNameRsaPkcs1, /* const xmlChar* name; */ + xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCryptoRsaPkcs1Initialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCryptoRsaPkcs1Finalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCryptoRsaPkcs1SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCryptoRsaPkcs1SetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCryptoRsaPkcs1Execute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) { - ctx->dwFlags = 0; - } else - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) { - ctx->dwFlags = CRYPT_OAEP; - } else +/** + * xmlSecMSCryptoTransformRsaPkcs1GetKlass: + * + * The RSA-PKCS1 key transport transform klass. + * + * Returns: RSA-PKCS1 key transport transform klass. + */ +xmlSecTransformId +xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) { + return(&xmlSecMSCryptoRsaPkcs1Klass); +} - /* not found */ - { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } +static int +xmlSecMSCryptoRsaPkcs1Initialize(xmlSecTransformPtr transform) { + xmlSecMSCryptoRsaPkcs1CtxPtr ctx; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1); - /* done */ + ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1Ctx)); return(0); } -static void -xmlSecMSCryptoRsaPkcs1OaepFinalize(xmlSecTransformPtr transform) { - xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx; +static void +xmlSecMSCryptoRsaPkcs1Finalize(xmlSecTransformPtr transform) { + xmlSecMSCryptoRsaPkcs1CtxPtr ctx; - xmlSecAssert(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform)); - xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx)); + xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size)); - ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform); + ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform); xmlSecAssert(ctx != NULL); - + if (ctx->data != NULL) { - xmlSecKeyDataDestroy(ctx->data); - ctx->data = NULL; + xmlSecKeyDataDestroy(ctx->data); + ctx->data = NULL; } - xmlSecBufferFinalize(&(ctx->oaepParams)); - memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx)); + memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1Ctx)); } -static int -xmlSecMSCryptoRsaPkcs1OaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx; +static int +xmlSecMSCryptoRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecMSCryptoRsaPkcs1CtxPtr ctx; - xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1); xmlSecAssert2(keyReq != NULL, -1); - ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform); + ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform); xmlSecAssert2(ctx != NULL, -1); - keyReq->keyId = xmlSecMSCryptoKeyDataRsaId; + keyReq->keyId = xmlSecMSCryptoKeyDataRsaId; if(transform->operation == xmlSecTransformOperationEncrypt) { keyReq->keyType = xmlSecKeyDataTypePublic; - keyReq->keyUsage = xmlSecKeyUsageEncrypt; + keyReq->keyUsage = xmlSecKeyUsageEncrypt; } else { keyReq->keyType = xmlSecKeyDataTypePrivate; - keyReq->keyUsage = xmlSecKeyUsageDecrypt; - } + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + } return(0); } -static int -xmlSecMSCryptoRsaPkcs1OaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx; - - xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1); +static int +xmlSecMSCryptoRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecMSCryptoRsaPkcs1CtxPtr ctx; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1); - ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform); + ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->data == NULL, -1); ctx->data = xmlSecKeyDataDuplicate(xmlSecKeyGetValue(key)); if(ctx->data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKeyDataDuplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecKeyDataDuplicate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } return(0); } -static int -xmlSecMSCryptoRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx; +static int +xmlSecMSCryptoRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCryptoRsaPkcs1CtxPtr ctx; int ret; - xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1); xmlSecAssert2(transformCtx != NULL, -1); - ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform); + ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform); xmlSecAssert2(ctx != NULL, -1); if(transform->status == xmlSecTransformStatusNone) { transform->status = xmlSecTransformStatusWorking; - } - + } + if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) { - /* just do nothing */ + /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { - ret = xmlSecMSCryptoRsaPkcs1OaepProcess(transform, transformCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoRsaPkcs1OaepProcess", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - transform->status = xmlSecTransformStatusFinished; + ret = xmlSecMSCryptoRsaPkcs1Process(transform, transformCtx); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecMSCryptoRsaPkcs1Process", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusFinished; } else if(transform->status == xmlSecTransformStatusFinished) { - /* the only way we can get here is if there is no input */ - xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_STATUS, + "status=%d", transform->status); return(-1); } return(0); } -static int -xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) { - xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx; +static int +xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCryptoRsaPkcs1CtxPtr ctx; xmlSecBufferPtr in, out; xmlSecSize inSize, outSize; xmlSecSize keySize; @@ -260,29 +243,29 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC DWORD dwInLen; DWORD dwBufLen; DWORD dwOutLen; - xmlSecByte * outBuf; - xmlSecByte * inBuf; + BYTE * outBuf; + BYTE * inBuf; int i; - xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1); xmlSecAssert2(transformCtx != NULL, -1); - ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform); + ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->data != NULL, -1); - + keySize = xmlSecKeyDataGetSize(ctx->data) / 8; xmlSecAssert2(keySize > 0, -1); - + in = &(transform->inBuf); out = &(transform->outBuf); - + inSize = xmlSecBufferGetSize(in); - outSize = xmlSecBufferGetSize(out); + outSize = xmlSecBufferGetSize(out); xmlSecAssert2(outSize == 0, -1); - + /* the encoded size is equal to the keys size so we could not * process more than that */ if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) { @@ -300,11 +283,11 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC "%d when expected %d", inSize, keySize); return(-1); } - - outSize = keySize; + + outSize = keySize; ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferSetMaxSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, @@ -313,64 +296,42 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC } if(transform->operation == xmlSecTransformOperationEncrypt) { - if(inSize > outSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "inSize=%d;outSize=%d", - inSize, outSize); - return(-1); - } - - ret = xmlSecBufferSetData(out, xmlSecBufferGetData(in), inSize); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); - return(-1); - } + BYTE ch; + + if(inSize > outSize) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_SIZE, + "inSize=%d;outSize=%d", + inSize, outSize); + return(-1); + } + + ret = xmlSecBufferSetData(out, xmlSecBufferGetData(in), inSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferSetData", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", inSize); + return(-1); + } dwInLen = inSize; dwBufLen = outSize; - if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic))) { - xmlSecError(XMLSEC_ERRORS_HERE, + if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic))) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecMSCryptoKeyDataGetKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return (-1); - } - - outBuf = xmlSecBufferGetData(out); - xmlSecAssert2(outBuf != NULL, -1); - - /* set OAEP parameter for the key - * - * aleksey: I don't understand how this would work in multi-threaded - * environment or when key can be re-used multiple times - */ - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId) && xmlSecBufferGetSize(&(ctx->oaepParams)) > 0) { - CRYPT_DATA_BLOB oaepParams; - - memset(&oaepParams, 0, sizeof(oaepParams)); - oaepParams.pbData = xmlSecBufferGetData(&(ctx->oaepParams)); - oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams)); - - if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return (-1); - } - } - - /* encrypt */ - if (!CryptEncrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwInLen, dwBufLen)) { + } + + outBuf = xmlSecBufferGetData(out); + xmlSecAssert2(outBuf != NULL, -1); + if (!CryptEncrypt(hKey, 0, TRUE, 0, outBuf, &dwInLen, dwBufLen)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "CryptEncrypt", @@ -379,54 +340,39 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC return (-1); } - /* The output of CryptEncrypt is in little-endian format, so we have to convert to - * big-endian first. - */ - ConvertEndianInPlace(outBuf, outSize); + /* The output of CryptEncrypt is in little-endian format, so we have to convert to + * big-endian first. + */ + for(i = 0; i < outSize / 2; i++) { + ch = outBuf[i]; + outBuf[i] = outBuf[outSize - (i + 1)]; + outBuf[outSize - (i + 1)] = ch; + } } else { - dwOutLen = inSize; - - /* The input of CryptDecrypt is expected to be little-endian, - * so we have to convert from big-endian to little endian. - */ - inBuf = xmlSecBufferGetData(in); - outBuf = xmlSecBufferGetData(out); - ConvertEndian(inBuf, outBuf, inSize); - - if (0 == (hKey = xmlSecMSCryptoKeyDataGetDecryptKey(ctx->data))) { - xmlSecError(XMLSEC_ERRORS_HERE, + dwOutLen = inSize; + + /* The input of CryptDecrypt is expected to be little-endian, + * so we have to convert from big-endian to little endian. + */ + inBuf = xmlSecBufferGetData(in); + outBuf = xmlSecBufferGetData(out); + + xmlSecAssert2(inBuf != 0, -1); + xmlSecAssert2(outBuf != 0, -1); + for (i = 0; i < inSize; i++) { + outBuf[i] = inBuf[inSize - (i + 1)]; + } + + if (0 == (hKey = xmlSecMSCryptoKeyDataGetDecryptKey(ctx->data))) { + xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecMSCryptoKeyDataGetKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return (-1); - } - - /* set OAEP parameter for the key - * - * aleksey: I don't understand how this would work in multi-threaded - * environment or when key can be re-used multiple times - */ - if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId) && xmlSecBufferGetSize(&(ctx->oaepParams)) > 0) { - CRYPT_DATA_BLOB oaepParams; - - memset(&oaepParams, 0, sizeof(oaepParams)); - oaepParams.pbData = xmlSecBufferGetData(&(ctx->oaepParams)); - oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams)); - - if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return (-1); - } - } - - /* decrypt */ - if (!CryptDecrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwOutLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, + } + if (!CryptDecrypt(hKey, 0, TRUE, 0, outBuf, &dwOutLen)) { + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "CryptDecrypt", XMLSEC_ERRORS_R_CRYPTO_FAILED, @@ -439,9 +385,9 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", + "xmlSecBufferSetSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", outSize); return(-1); @@ -449,7 +395,7 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferRemoveHead", XMLSEC_ERRORS_R_XMLSEC_FAILED, @@ -460,172 +406,5 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC return(0); } - -/********************************************************************** - * - * RSA/PKCS1 transform - * - **********************************************************************/ -static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */ - - xmlSecNameRsaPkcs1, /* const xmlChar* name; */ - xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - - -/** - * xmlSecMSCryptoTransformRsaPkcs1GetKlass: - * - * The RSA-PKCS1 key transport transform klass. - * - * Returns: RSA-PKCS1 key transport transform klass. - */ -xmlSecTransformId -xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) { - return(&xmlSecMSCryptoRsaPkcs1Klass); -} - - - -/********************************************************************** - * - * RSA/OAEP transform - * - **********************************************************************/ -static int xmlSecMSCryptoRsaOaepNodeRead (xmlSecTransformPtr transform, - xmlNodePtr node, - xmlSecTransformCtxPtr transformCtx); - -static xmlSecTransformKlass xmlSecMSCryptoRsaOaepKlass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */ - - xmlSecNameRsaOaep, /* const xmlChar* name; */ - xmlSecHrefRsaOaep, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - xmlSecMSCryptoRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - - -/** - * xmlSecMSCryptoTransformRsaOaepGetKlass: - * - * The RSA-OAEP key transport transform klass. - * - * Returns: RSA-OAEP key transport transform klass. - */ -xmlSecTransformId -xmlSecMSCryptoTransformRsaOaepGetKlass(void) { - return(&xmlSecMSCryptoRsaOaepKlass); -} - -static int -xmlSecMSCryptoRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { - xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx; - xmlNodePtr cur; - int ret; - - xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); - - ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1); - - cur = xmlSecGetNextElementNode(node->children); - while(cur != NULL) { - if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) { - ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) { - xmlChar* algorithm; - - /* Algorithm attribute is required */ - algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm); - if(algorithm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - return(-1); - } - - /* for now we support only sha1 */ - if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(algorithm), - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "digest algorithm is not supported for rsa/oaep"); - xmlFree(algorithm); - return(-1); - } - xmlFree(algorithm); - } else { - /* not found */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* next node */ - cur = xmlSecGetNextElementNode(cur->next); - } - - return(0); -} - #endif /* XMLSEC_NO_RSA */ |