blautenb 2003/10/28 01:33:18
Modified: c/src/enc XSECCryptoSymmetricKey.hpp
c/src/enc/OpenSSL OpenSSLCryptoSymmetricKey.cpp
OpenSSLCryptoSymmetricKey.hpp
c/src/enc/WinCAPI WinCAPICryptoSymmetricKey.cpp
WinCAPICryptoSymmetricKey.hpp
c/src/tools/cipher MerlinFiveInteropResolver.cpp cipher.cpp
c/src/tools/xtest xtest.cpp
c/src/xenc/impl XENCAlgorithmHandlerDefault.cpp
Log:
Decouple symmetric mode from key type
Revision Changes Path
1.7 +23 -10 xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp
Index: XSECCryptoSymmetricKey.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- XSECCryptoSymmetricKey.hpp 19 Oct 2003 12:50:35 -0000 1.6
+++ XSECCryptoSymmetricKey.hpp 28 Oct 2003 09:33:17 -0000 1.7
@@ -107,13 +107,18 @@
enum SymmetricKeyType {
KEY_NONE,
- KEY_3DES_CBC_192, /** 192 bit (3-Key)
3DES */
- KEY_AES_CBC_128, /** 128 bit AES in CBC
mode */
- KEY_AES_CBC_192, /** 192 bit AES in CBC
mode */
- KEY_AES_CBC_256, /** 256 bit AES in CBC
mode */
- KEY_AES_ECB_128, /** 128 bit AES in ECB
mode */
- KEY_AES_ECB_192, /** 192 bit AES in ECB
mode */
- KEY_AES_ECB_256 /** 256 bit AES in ECB
mode */
+ KEY_3DES_192, /** 192 bit (3-Key) 3DES */
+ KEY_AES_128, /** 128 bit AES */
+ KEY_AES_192, /** 192 bit AES */
+ KEY_AES_256 /** 256 bit AES */
+
+ };
+
+ enum SymmetricKeyMode {
+
+ MODE_NONE, /** An error
condition */
+ MODE_ECB, /** Electronic
Code Book */
+ MODE_CBC /** Cipher
Block Chaining */
};
@@ -201,12 +206,16 @@
* cipher text stream will in fact be the IV.
*
* @param doPad By default, we perform padding for last block
+ * @param mode mode selection (Currently ECB or CBC mode only).
+ * Default is CBC
* @param iv Initialisation Vector to be used. NULL if one is
* not required, or if IV will be set from data stream
* @returns true if the initialisation succeeded.
*/
- virtual bool decryptInit(bool doPad = true, const unsigned char * iv =
NULL) = 0;
+ virtual bool decryptInit(bool doPad = true,
+ SymmetricKeyMode mode
= MODE_CBC,
+ const unsigned char *
iv = NULL) = 0;
/**
* \brief Continue an decrypt operation using this key.
@@ -260,12 +269,16 @@
* implementations are required to generate one.
*
* @param doPad By default, we perform padding for last block
+ * @param mode What mode to handle blocks (Currently CBC or ECB)
+ * Default is CBC.
* @param iv Initialisation Vector to be used. NULL if one is
* not required, or if IV is to be generated
* @returns true if the initialisation succeeded.
*/
- virtual bool encryptInit(bool doPad = true, const unsigned char * iv =
NULL) = 0;
+ virtual bool encryptInit(bool doPad = true,
+ SymmetricKeyMode mode
= MODE_CBC,
+ const unsigned char *
iv = NULL) = 0;
/**
* \brief Continue an encryption operation using this key.
1.9 +144 -138
xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
Index: OpenSSLCryptoSymmetricKey.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- OpenSSLCryptoSymmetricKey.cpp 25 Oct 2003 10:31:49 -0000 1.8
+++ OpenSSLCryptoSymmetricKey.cpp 28 Oct 2003 09:33:17 -0000 1.9
@@ -86,6 +86,7 @@
OpenSSLCryptoSymmetricKey::OpenSSLCryptoSymmetricKey(XSECCryptoSymmetricKey::SymmetricKeyType
type) :
m_keyType(type),
+m_keyMode(MODE_CBC),
m_keyBuf(""),
m_keyLen(0),
m_initialised(false) {
@@ -123,6 +124,7 @@
OpenSSLCryptoSymmetricKey * ret;
XSECnew(ret, OpenSSLCryptoSymmetricKey(m_keyType));
+ ret->m_keyMode = m_keyMode;
ret->m_keyLen = m_keyLen;
ret->m_keyBuf = m_keyBuf;
@@ -164,104 +166,101 @@
switch (m_keyType) {
- case (XSECCryptoSymmetricKey::KEY_3DES_CBC_192) :
+ case (XSECCryptoSymmetricKey::KEY_3DES_192) :
// A 3DES key
- if (iv == NULL) {
+ if (m_keyMode == MODE_CBC) {
- return 0; // Cannot initialise without an IV
+ if (iv == NULL) {
+ return 0; // Cannot initialise without an
IV
+
+ }
+
+ EVP_DecryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
+ m_ivSize = 8;
+ }
+ else {
+ EVP_DecryptInit_ex(&m_ctx, EVP_des_ede3_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ m_ivSize = 0;
}
- EVP_DecryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
m_blockSize = 8;
- m_ivSize = 8;
-
break;
- case (XSECCryptoSymmetricKey::KEY_AES_CBC_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
// An AES key
- if (iv == NULL) {
+ if (m_keyMode == MODE_CBC) {
+
+ if (iv == NULL) {
- return 0; // Cannot initialise without an IV
+ return 0; // Cannot initialise without an
IV
+
+ }
+
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
}
+ else {
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
- m_blockSize = 16;
- m_ivSize = 16;
+ }
+ m_blockSize = 16;
break;
- case (XSECCryptoSymmetricKey::KEY_AES_CBC_192) :
+ case (XSECCryptoSymmetricKey::KEY_AES_192) :
// An AES key
- if (iv == NULL) {
+ if (m_keyMode == MODE_CBC) {
- return 0; // Cannot initialise without an IV
+ if (iv == NULL) {
- }
-
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
-
- m_blockSize = 16;
- m_ivSize = 16;
-
- break;
+ return 0; // Cannot initialise without an
IV
- case (XSECCryptoSymmetricKey::KEY_AES_CBC_256) :
+ }
- // An AES key
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
- if (iv == NULL) {
+ }
+ else {
- return 0; // Cannot initialise without an IV
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
}
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
-
m_blockSize = 16;
- m_ivSize = 16;
-
break;
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_256) :
// An AES key
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ if (m_keyMode == MODE_CBC) {
- m_blockSize = 16;
- m_ivSize = 0;
+ if (iv == NULL) {
- break;
-
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_192) :
+ return 0; // Cannot initialise without an
IV
- // An AES key
+ }
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
- m_blockSize = 16;
- m_ivSize = 0;
+ }
+ else {
- break;
-
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_256) :
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
- // An AES key
+ }
- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
m_blockSize = 16;
- m_ivSize = 0;
break;
@@ -273,6 +272,9 @@
}
+ // Setup ivSize
+ m_ivSize = (m_keyMode == MODE_CBC ? m_blockSize : 0);
+
// Reset some parameters
m_initialised = true;
m_bytesInLastBlock = 0;
@@ -285,9 +287,12 @@
}
-bool OpenSSLCryptoSymmetricKey::decryptInit(bool doPad, const unsigned char
* iv) {
+bool OpenSSLCryptoSymmetricKey::decryptInit(bool doPad,
+
SymmetricKeyMode mode,
+
const unsigned char * iv) {
m_doPad = doPad;
+ m_keyMode = mode;
m_initialised = false;
decryptCtxInit(iv);
return true;
@@ -398,12 +403,15 @@
// Encrypt
//
--------------------------------------------------------------------------------
-bool OpenSSLCryptoSymmetricKey::encryptInit(bool doPad, const unsigned char
* iv) {
+bool OpenSSLCryptoSymmetricKey::encryptInit(bool doPad,
+
SymmetricKeyMode mode,
+
const unsigned char * iv) {
if (m_initialised == true)
return true;
m_doPad = doPad;
+ m_keyMode = mode;
if (m_keyLen == 0) {
@@ -427,149 +435,147 @@
switch (m_keyType) {
- case (XSECCryptoSymmetricKey::KEY_3DES_CBC_192) :
+ case (XSECCryptoSymmetricKey::KEY_3DES_192) :
// A 3DES key
- if (iv == NULL) {
-
- bool res = ((RAND_status() == 1) && (RAND_bytes(genIV,
8) == 1));
- if (res == false) {
- throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error
generating random IV");
- }
-
- usedIV = genIV;
-
- }
- else
- usedIV = iv;
-
- EVP_EncryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
- m_blockSize = 8;
- m_ivSize = 8;
- memcpy(m_lastBlock, usedIV, m_ivSize);
-
- break;
+ if (m_keyMode == MODE_CBC) {
- case (XSECCryptoSymmetricKey::KEY_AES_CBC_128) :
+ if (iv == NULL) {
+
+ bool res = ((RAND_status() == 1) &&
(RAND_bytes(genIV, 8) == 1));
+ if (res == false) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error
generating random IV");
+ }
- // An AES key
+ usedIV = genIV;
- if (iv == NULL) {
-
- bool res = ((RAND_status() == 1) && (RAND_bytes(genIV,
16) == 1));
- if (res == false) {
- throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error
generating random IV");
}
+ else
+ usedIV = iv;
- usedIV = genIV;
+ EVP_EncryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
}
- else
- usedIV = iv;
+ else {
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(&m_ctx, EVP_des_ede3_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ }
- m_blockSize = 16;
- m_ivSize = 16;
- memcpy(m_lastBlock, usedIV, m_ivSize);
+ m_blockSize = 8;
break;
- case (XSECCryptoSymmetricKey::KEY_AES_CBC_192) :
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
// An AES key
- if (iv == NULL) {
-
- bool res = ((RAND_status() == 1) && (RAND_bytes(genIV,
16) == 1));
- if (res == false) {
- throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error
generating random IV");
- }
+ if (m_keyMode == MODE_CBC) {
+
+ if (iv == NULL) {
+
+ bool res = ((RAND_status() == 1) &&
(RAND_bytes(genIV, 16) == 1));
+ if (res == false) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error
generating random IV");
+ }
- usedIV = genIV;
+ usedIV = genIV;
+ }
+ else
+ usedIV = iv;
+
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
}
- else
- usedIV = iv;
+ else {
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
- m_blockSize = 16;
- m_ivSize = 16;
- memcpy(m_lastBlock, usedIV, m_ivSize);
+ }
+ m_blockSize = 16;
break;
- case (XSECCryptoSymmetricKey::KEY_AES_CBC_256) :
+ case (XSECCryptoSymmetricKey::KEY_AES_192) :
// An AES key
- if (iv == NULL) {
-
- bool res = ((RAND_status() == 1) && (RAND_bytes(genIV,
16) == 1));
- if (res == false) {
- throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error
generating random IV");
+ if (m_keyMode == MODE_CBC) {
+
+ if (iv == NULL) {
+
+ bool res = ((RAND_status() == 1) &&
(RAND_bytes(genIV, 16) == 1));
+ if (res == false) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error
generating random IV");
+ }
+
+ usedIV = genIV;
+
}
+ else
+ usedIV = iv;
- usedIV = genIV;
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
}
- else
- usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
+ else {
- m_blockSize = 16;
- m_ivSize = 16;
- memcpy(m_lastBlock, usedIV, m_ivSize);
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ }
+ m_blockSize = 16;
break;
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_256) :
// An AES key
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
-
- m_blockSize = 16;
- m_ivSize = 0;
-
- break;
-
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_192) :
+ if (m_keyMode == MODE_CBC) {
+ if (iv == NULL) {
+
+ bool res = ((RAND_status() == 1) &&
(RAND_bytes(genIV, 16) == 1));
+ if (res == false) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error
generating random IV");
+ }
- // An AES key
+ usedIV = genIV;
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ }
+ else
+ usedIV = iv;
- m_blockSize = 16;
- m_ivSize = 0;
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
- break;
-
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_256) :
+ }
+ else {
- // An AES key
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ }
m_blockSize = 16;
- m_ivSize = 0;
-
break;
-
+
default :
- // Cannot do this without an IV
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Unknown key type");
}
+
+ // Clear up any read padding
+
+ if (m_keyMode == MODE_CBC) {
+ m_ivSize = m_blockSize;
+ memcpy(m_lastBlock, usedIV, m_ivSize);
+ }
+ else
+ m_ivSize = 0;
// Setup padding
if (m_doPad) {
1.7 +14 -5
xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
Index: OpenSSLCryptoSymmetricKey.hpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- OpenSSLCryptoSymmetricKey.hpp 19 Oct 2003 10:57:54 -0000 1.6
+++ OpenSSLCryptoSymmetricKey.hpp 28 Oct 2003 09:33:17 -0000 1.7
@@ -175,15 +175,20 @@
*
* Setup the key to get ready for a decryption session.
* Callers can pass in an IV. If one is not provided,
- * then it is assumed that the algorithm will not require one.
+ * but the algorithm requires one (e.g. 3DES_CBC), then
+ * implementations should assume that the start of the
+ * cipher text stream will in fact be the IV.
*
* @param doPad By default, we perform padding for last block
+ * @param mode mode selection (Currently ECB or CBC mode only)
* @param iv Initialisation Vector to be used. NULL if one is
- * not required.
+ * not required, or if IV will be set from data stream
* @returns true if the initialisation succeeded.
*/
- virtual bool decryptInit(bool doPad = true, const unsigned char * iv =
NULL);
+ virtual bool decryptInit(bool doPad = true,
+ SymmetricKeyMode mode
= MODE_CBC,
+ const unsigned char *
iv = NULL);
/**
* \brief Continue an decrypt operation using this key.
@@ -245,12 +250,15 @@
* implementations are required to generate one.
*
* @param doPad By default, we perform padding for last block
+ * @param mode What mode to handle blocks (Currently CBC or ECB)
* @param iv Initialisation Vector to be used. NULL if one is
* not required, or if IV is to be generated
* @returns true if the initialisation succeeded.
*/
- virtual bool encryptInit(bool doPad = true, const unsigned char * iv =
NULL);
+ virtual bool encryptInit(bool doPad = true,
+ SymmetricKeyMode mode
= MODE_CBC,
+ const unsigned char *
iv = NULL);
/**
* \brief Continue an encryption operation using this key.
@@ -316,6 +324,7 @@
// Private variables
SymmetricKeyType m_keyType;
+ SymmetricKeyMode m_keyMode;
EVP_CIPHER_CTX m_ctx;
// OpenSSL Cipher Context structure
safeBuffer m_keyBuf;
// Holder of the key
unsigned int m_keyLen;
1.3 +58 -39
xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp
Index: WinCAPICryptoSymmetricKey.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WinCAPICryptoSymmetricKey.cpp 15 Oct 2003 07:54:54 -0000 1.2
+++ WinCAPICryptoSymmetricKey.cpp 28 Oct 2003 09:33:18 -0000 1.3
@@ -88,6 +88,7 @@
HCRYPTPROV prov,
XSECCryptoSymmetricKey::SymmetricKeyType type) :
m_keyType(type),
+m_keyMode(MODE_ECB),
m_keyBuf(""),
m_initialised(false),
m_doPad(true),
@@ -192,45 +193,55 @@
}
+ int ret = 0;
+
// Set up the context according to the required cipher type
DWORD cryptMode;
switch (m_keyType) {
- case (XSECCryptoSymmetricKey::KEY_3DES_CBC_192) :
+ case (XSECCryptoSymmetricKey::KEY_3DES_192) :
// A 3DES CBC key
- if (iv == NULL) {
+ if (m_keyMode == MODE_CBC) {
+
+ if (iv == NULL) {
- return 0; // Cannot initialise without an IV
+ return 0; // Cannot initialise without an
IV
- }
+ }
- if (!CryptSetKeyParam(m_k, KP_IV, (unsigned char *) iv, 0)) {
+ if (!CryptSetKeyParam(m_k, KP_IV, (unsigned char *) iv,
0)) {
- throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "WinCAPI:SymmetricKey - Error setting IV");
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "WinCAPI:SymmetricKey - Error setting IV");
+ }
+
+ ret = 8;
}
m_blockSize = 8;
m_bytesInLastBlock = 0;
m_initialised = true;
- return 8; // 3DEC_CBC uses a 64 bit IV
-
break;
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
- // An 128bit AES key in ECB mode
+ // An 128bit AES key
- cryptMode = CRYPT_MODE_ECB;
+ if (m_keyMode == MODE_ECB)
+ cryptMode = CRYPT_MODE_ECB;
+ else {
+ cryptMode = CRYPT_MODE_CBC;
+ ret = 16;
+ }
if (!CryptSetKeyParam(m_k, KP_MODE, (BYTE *) (&cryptMode), 0)) {
throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "WinCAPI:SymmetricKey - Error setting IV");
+ "WinCAPI:SymmetricKey - Error setting cipher mode");
}
@@ -238,8 +249,6 @@
m_bytesInLastBlock = 0;
m_initialised = true;
- return 8; // 3DEC_CBC uses a 64 bit IV
-
break;
default :
@@ -250,14 +259,17 @@
}
- return 0;
+ return ret;
}
-bool WinCAPICryptoSymmetricKey::decryptInit(bool doPad, const unsigned char
* iv) {
+bool WinCAPICryptoSymmetricKey::decryptInit(bool doPad,
+
SymmetricKeyMode mode,
+
const unsigned char * iv) {
m_initialised = false;
m_doPad = doPad;
+ m_keyMode = mode;
decryptCtxInit(iv);
return true;
@@ -376,30 +388,34 @@
switch (m_keyType) {
- case (XSECCryptoSymmetricKey::KEY_3DES_CBC_192) :
+ case (XSECCryptoSymmetricKey::KEY_3DES_192) :
// A 3DES key
- if (iv == NULL) {
-
- BOOL res = CryptGenRandom(m_p, 256, genIV);
- if (res == FALSE) {
- throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "WinCAPI:SymmetricKey - Error
generating random IV");
- }
+ if (m_keyMode == MODE_CBC) {
- usedIV = genIV;
- //return 0; // Cannot initialise without an IV
+ if (iv == NULL) {
+
+ BOOL res = CryptGenRandom(m_p, 256, genIV);
+ if (res == FALSE) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "WinCAPI:SymmetricKey - Error
generating random IV");
+ }
- }
- else
- usedIV = iv;
+ usedIV = genIV;
+ //return 0; // Cannot initialise without an
IV
- // Set the IV parameter
- if (!CryptSetKeyParam(m_k, KP_IV, (unsigned char *) usedIV, 0))
{
+ }
+ else
+ usedIV = iv;
- throw
XSECCryptoException(XSECCryptoException::SymmetricError,
- "WinCAPI:SymmetricKey - Error setting IV");
+ // Set the IV parameter
+ if (!CryptSetKeyParam(m_k, KP_IV, (unsigned char *)
usedIV, 0)) {
+
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "WinCAPI:SymmetricKey - Error setting IV");
+
+ }
}
@@ -410,7 +426,7 @@
break;
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
// An AES key
@@ -429,9 +445,12 @@
}
}
-bool WinCAPICryptoSymmetricKey::encryptInit(bool doPad, const unsigned char
* iv) {
+bool WinCAPICryptoSymmetricKey::encryptInit(bool doPad,
+
SymmetricKeyMode mode,
+
const unsigned char * iv) {
m_doPad = doPad;
+ m_keyMode = mode;
m_initialised = false;
encryptCtxInit(iv);
return true;
@@ -629,11 +648,11 @@
switch (type) {
- case (XSECCryptoSymmetricKey::KEY_3DES_CBC_192) :
+ case (XSECCryptoSymmetricKey::KEY_3DES_192) :
blobHeader->aiKeyAlg = CALG_3DES;
expectedLength = 24;
break;
- case (XSECCryptoSymmetricKey::KEY_AES_ECB_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
blobHeader->aiKeyAlg = CALG_AES_128;
expectedLength = 16;
break;
1.3 +14 -5
xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp
Index: WinCAPICryptoSymmetricKey.hpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WinCAPICryptoSymmetricKey.hpp 15 Oct 2003 07:54:54 -0000 1.2
+++ WinCAPICryptoSymmetricKey.hpp 28 Oct 2003 09:33:18 -0000 1.3
@@ -182,15 +182,20 @@
*
* Setup the key to get ready for a decryption session.
* Callers can pass in an IV. If one is not provided,
- * then it is assumed that the algorithm will not require one.
+ * but the algorithm requires one (e.g. 3DES_CBC), then
+ * implementations should assume that the start of the
+ * cipher text stream will in fact be the IV.
*
* @param doPad By default, we perform padding for last block
+ * @param mode mode selection (Currently ECB or CBC mode only)
* @param iv Initialisation Vector to be used. NULL if one is
- * not required.
+ * not required, or if IV will be set from data stream
* @returns true if the initialisation succeeded.
*/
- virtual bool decryptInit(bool doPad = true, const unsigned char * iv =
NULL);
+ virtual bool decryptInit(bool doPad = true,
+ SymmetricKeyMode mode
= MODE_CBC,
+ const unsigned char *
iv = NULL);
/**
* \brief Continue an decrypt operation using this key.
@@ -252,12 +257,15 @@
* implementations are required to generate one.
*
* @param doPad By default, we perform padding for last block
+ * @param mode What mode to handle blocks (Currently CBC or ECB)
* @param iv Initialisation Vector to be used. NULL if one is
* not required, or if IV is to be generated
* @returns true if the initialisation succeeded.
*/
- virtual bool encryptInit(bool doPad = true, const unsigned char * iv =
NULL);
+ virtual bool encryptInit(bool doPad = true,
+ SymmetricKeyMode mode
= MODE_CBC,
+ const unsigned char *
iv = NULL);
/**
* \brief Continue an encryption operation using this key.
@@ -351,6 +359,7 @@
// Private variables
SymmetricKeyType m_keyType;
+ SymmetricKeyMode m_keyMode;
// ECB or CBC
safeBuffer m_keyBuf;
// Holder of the key
unsigned int m_keyLen;
bool m_initialised;
1.6 +5 -5
xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.cpp
Index: MerlinFiveInteropResolver.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- MerlinFiveInteropResolver.cpp 20 Oct 2003 11:05:37 -0000 1.5
+++ MerlinFiveInteropResolver.cpp 28 Oct 2003 09:33:18 -0000 1.6
@@ -252,7 +252,7 @@
if (strEquals(s_bobName, name)) {
XSECCryptoSymmetricKey * k =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
try {
k->setKey((unsigned char *) s_bobKey,
strlen(s_bobKey));
} catch (...) {
@@ -263,7 +263,7 @@
}
if (strEquals(s_jobName, name)) {
XSECCryptoSymmetricKey * k =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
try {
k->setKey((unsigned char *) s_jobKey,
strlen(s_jobKey));
} catch(...) {
@@ -274,7 +274,7 @@
}
if (strEquals(s_jebName, name)) {
XSECCryptoSymmetricKey * k =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_192);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
try {
k->setKey((unsigned char *) s_jebKey,
strlen(s_jebKey));
} catch(...) {
@@ -285,7 +285,7 @@
}
if (strEquals(s_jedName, name)) {
XSECCryptoSymmetricKey * k =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_256);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
try {
k->setKey((unsigned char *) s_jedKey,
strlen(s_jedKey));
} catch(...) {
1.9 +6 -9 xml-security/c/src/tools/cipher/cipher.cpp
Index: cipher.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/cipher/cipher.cpp,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- cipher.cpp 25 Oct 2003 10:51:22 -0000 1.8
+++ cipher.cpp 28 Oct 2003 09:33:18 -0000 1.9
@@ -336,39 +336,36 @@
switch(argv[paramCount][4]) {
case '\0' :
keyLen = 24;
- loadKeyAs =
XSECCryptoSymmetricKey::KEY_3DES_CBC_192;
+ loadKeyAs =
XSECCryptoSymmetricKey::KEY_3DES_192;
keyAlg = ENCRYPT_3DES_CBC;
break;
case '2' :
keyLen = 16;
+ loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_128;
if (isKEK) {
- loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_ECB_128;
kekAlg = ENCRYPT_KW_AES128;
}
else {
- loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_CBC_128;
keyAlg = ENCRYPT_AES128_CBC;
}
break;
case '9' :
keyLen = 24;
+ loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_192;
if (isKEK) {
- loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_ECB_192;
kekAlg = ENCRYPT_KW_AES192;
}
else {
- loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_CBC_192;
keyAlg = ENCRYPT_AES192_CBC;
}
break;
case '5' :
keyLen = 32;
+ loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_256;
if (isKEK) {
- loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_ECB_256;
kekAlg = ENCRYPT_KW_AES256;
}
else {
- loadKeyAs =
XSECCryptoSymmetricKey::KEY_AES_CBC_256;
keyAlg = ENCRYPT_AES256_CBC;
}
break;
@@ -682,7 +679,7 @@
if (kek != NULL && key == NULL) {
XSECPlatformUtils::g_cryptoProvider->getRandom(keyBuf, 24);
XSECCryptoSymmetricKey * k =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
k->setKey(keyBuf, 24);
cipher->setKey(k);
keyAlg = ENCRYPT_3DES_CBC;
1.27 +7 -7 xml-security/c/src/tools/xtest/xtest.cpp
Index: xtest.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/xtest/xtest.cpp,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- xtest.cpp 26 Oct 2003 11:33:13 -0000 1.26
+++ xtest.cpp 28 Oct 2003 09:33:18 -0000 1.27
@@ -913,21 +913,21 @@
cerr << "AES 128 key wrap... ";
XSECCryptoSymmetricKey * ks =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
ks->setKey((unsigned char *) s_keyStr, 16);
unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES128);
cerr << "AES 192 key wrap... ";
- ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_192);
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
ks->setKey((unsigned char *) s_keyStr, 24);
unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES192);
cerr << "AES 256 key wrap... ";
- ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_256);
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
ks->setKey((unsigned char *) s_keyStr, 32);
unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES256);
@@ -980,7 +980,7 @@
// Set a key
XSECCryptoSymmetricKey * k =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
k->setKey((unsigned char *) randomBuffer, 24);
cipher->setKey(k);
@@ -1015,7 +1015,7 @@
cerr << "Encrypting symmetric key ... " << endl;
XSECCryptoSymmetricKey * kek =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
kek->setKey((unsigned char *) s_keyStr, 16);
cipher->setKEK(kek);
@@ -1035,7 +1035,7 @@
XENCCipher * cipher2 = prov.newCipher(doc);
XSECCryptoSymmetricKey * k2 =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_ECB_128);
+
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
k2->setKey((unsigned char *) s_keyStr, 16);
cipher2->setKEK(k2);
1.6 +17 -20
xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp
Index: XENCAlgorithmHandlerDefault.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- XENCAlgorithmHandlerDefault.cpp 19 Oct 2003 12:50:35 -0000 1.5
+++ XENCAlgorithmHandlerDefault.cpp 28 Oct 2003 09:33:18 -0000 1.6
@@ -151,21 +151,18 @@
switch (skt) {
- case XSECCryptoSymmetricKey::KEY_3DES_CBC_192 :
+ case XSECCryptoSymmetricKey::KEY_3DES_192 :
keyOK = strEquals(uri,
DSIGConstants::s_unicodeStrURI3DES_CBC);
break;
- case XSECCryptoSymmetricKey::KEY_AES_ECB_128 :
- case XSECCryptoSymmetricKey::KEY_AES_CBC_128 :
+ case XSECCryptoSymmetricKey::KEY_AES_128 :
isSymmetricKeyWrap = strEquals(uri,
DSIGConstants::s_unicodeStrURIKW_AES128);
keyOK = isSymmetricKeyWrap || strEquals(uri,
DSIGConstants::s_unicodeStrURIAES128_CBC);
break;
- case XSECCryptoSymmetricKey::KEY_AES_ECB_192 :
- case XSECCryptoSymmetricKey::KEY_AES_CBC_192 :
+ case XSECCryptoSymmetricKey::KEY_AES_192 :
isSymmetricKeyWrap = strEquals(uri,
DSIGConstants::s_unicodeStrURIKW_AES192);
keyOK = isSymmetricKeyWrap || strEquals(uri,
DSIGConstants::s_unicodeStrURIAES192_CBC);
break;
- case XSECCryptoSymmetricKey::KEY_AES_ECB_256 :
- case XSECCryptoSymmetricKey::KEY_AES_CBC_256 :
+ case XSECCryptoSymmetricKey::KEY_AES_256 :
isSymmetricKeyWrap = strEquals(uri,
DSIGConstants::s_unicodeStrURIKW_AES256);
keyOK = isSymmetricKeyWrap || strEquals(uri,
DSIGConstants::s_unicodeStrURIAES256_CBC);
break;
@@ -236,7 +233,7 @@
aesBuf[7] ^= ((n * j) + i);
// do decrypt
- sk->decryptInit(false); // No padding
+ sk->decryptInit(false,
XSECCryptoSymmetricKey::MODE_ECB); // No padding
int sz = sk->decrypt(aesBuf, aesOutBuf, 16, 16);
sz += sk->decryptFinish(&aesOutBuf[sz], 16 - sz);
@@ -312,7 +309,7 @@
memcpy(&aesBuf[8], &buf[8 * i], 8);
// do encrypt
- sk->encryptInit(false);
+ sk->encryptInit(false,
XSECCryptoSymmetricKey::MODE_ECB);
int sz = sk->encrypt(aesBuf, aesOutBuf, 16, 32);
sz += sk->encryptFinish(&aesOutBuf[sz], 32 - sz);
@@ -557,9 +554,9 @@
if (isKeyWrap == true) {
- if (skt == XSECCryptoSymmetricKey::KEY_AES_ECB_128 ||
- skt == XSECCryptoSymmetricKey::KEY_AES_ECB_192 ||
- skt == XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
+ if (skt == XSECCryptoSymmetricKey::KEY_AES_128 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_192 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_256) {
return unwrapKeyAES(cipherText, key, result);
@@ -716,9 +713,9 @@
if (isKeyWrap == true) {
- if (skt == XSECCryptoSymmetricKey::KEY_AES_ECB_128 ||
- skt == XSECCryptoSymmetricKey::KEY_AES_ECB_192 ||
- skt == XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
+ if (skt == XSECCryptoSymmetricKey::KEY_AES_128 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_192 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_256) {
return wrapKeyAES(plainText, key, result);
@@ -763,16 +760,16 @@
XSECCryptoSymmetricKey * sk = NULL;
if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
- sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
}
else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
- sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_128);
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
}
else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
- sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_192);
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
}
else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
- sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_256);
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
}
if (sk != NULL) {
