Hi Juan
On Nov 9, 2007 2:21 PM, Juan Lang <[EMAIL PROTECTED]> wrote:
> Hi Vijay,
>
> you forgot aes.c in your patch - please remember to git add it, then
> commit it along with the rest of the changes.
>
> From what you've sent, your patch looks pretty good so far. A few comments:
>
> @@ -161,6 +162,10 @@ static const PROV_ENUMALGS_EX
> aProvEnumAlgsEx[4][RSAENH_MAX_ENUMALGS+1] =
> {CALG_RC2, 40, 40, 56,0, 4,"RC2",
> 24,"RSA Data Security's RC2"},
> {CALG_RC4, 40, 40, 56,0, 4,"RC4",
> 24,"RSA Data Security's RC4"},
> {CALG_DES, 56, 56, 56,0, 4,"DES",
> 31,"Data Encryption Standard (DES)"},
> + {CALG_AES, 128,128, 128,0, 4,"AES",
> 35,"Advanced Encryption Standard (AES)"},
> + {CALG_AES_128, 128,128, 128,0, 8,"AES-128",
> 39,"Advanced Encryption Standard (AES-128)"},
> + {CALG_AES_192, 192,192, 192,0, 8,"AES-192",
> 39,"Advanced Encryption Standard (AES-192)"},
> + {CALG_AES_256, 256,256, 256,0, 8,"AES-256",
> 39,"Advanced Encryption Standard (AES-256)"},
>
> I'm not sure AES support should be included in every "personality" of
> rsaenh. Specifically, some cryptographic providers don't support it.
> Here's a blog that mentions how the MS_ENHANCED_PROV provider doesn't
> support it, but the MS_ENH_RSA_AES_PROV does:
> http://sys.cs.rice.edu/~sethn/wordpress/?p=19
I think I'll split the patch into 3 parts
1) basic AES implementation in rsaenh
2) Add AES provider info with registering MS_ENH_RSA_AES_PROV.
I have to make aProvEnumAlgsEx[4][RSAENH_MAX_ENUMALGS+1] to
aProvEnumAlgsEx[5][RSAENH_MAX_ENUMALGS+1]
and add the new algorithms, can you help me what algo's should I add
to the new one.
Add the registering code for type24 provider.
3) Tests
>
> + if (!result) {
> + /* rsaenh compiled without OpenSSL */
> + ok(GetLastError()==NTE_BAD_ALGID, "%08x\n", GetLastError());
> + return;
> + }
>
> Our rsaenh hasn't built against OpenSSL in some time, so this test
> should be removed from existing tests. You don't need to do that if
> you don't want, but don't bother adding it to new tests.
>
> + result = CryptEncrypt(hKey, (HCRYPTHASH)NULL, TRUE, 0, pbData, &dwLen,
> 16);
> + ok(result, "%08x\n", GetLastError());
> +
> + result = CryptDecrypt(hKey, (HCRYPTHASH)NULL, TRUE, 0, pbData, &dwLen);
> + ok(result, "%08x\n", GetLastError());
>
> You should check that the encrypted output matches some expected
> value, and that the decrypted output matches the plaintext input.
Well, I have tested the decrypted output by putting printf's.
I will make sure we have good tests for it.
Will send new patch set soon.
>
> Thanks very much for getting this started.
> --Juan
>
