blautenb 2003/10/03 02:54:46
Modified: c/src/enc XSECCryptoProvider.hpp XSECCryptoSymmetricKey.hpp
c/src/enc/OpenSSL OpenSSLCryptoProvider.cpp
OpenSSLCryptoProvider.hpp
OpenSSLCryptoSymmetricKey.cpp
OpenSSLCryptoSymmetricKey.hpp
c/src/enc/WinCAPI WinCAPICryptoProvider.cpp
WinCAPICryptoProvider.hpp
Log:
Updates to handle creating an EncryptedKey (AES KeyWrap)
Revision Changes Path
1.11 +15 -1 xml-security/c/src/enc/XSECCryptoProvider.hpp
Index: XSECCryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoProvider.hpp,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- XSECCryptoProvider.hpp 31 Aug 2003 12:48:50 -0000 1.10
+++ XSECCryptoProvider.hpp 3 Oct 2003 09:54:46 -0000 1.11
@@ -313,6 +313,20 @@
virtual XSECCryptoSymmetricKey *
keySymmetric(XSECCryptoSymmetricKey::SymmetricKeyType alg) = 0;
+ /**
+ * \brief Obtain some random octets
+ *
+ * For generation of IVs and the like, the library needs to be able
+ * to obtain "random" octets. The library uses this call to the
+ * crypto provider to obtain what it needs.
+ *
+ * @param buffer The buffer to place the random data in
+ * @param numOctets Number of bytes required
+ * @returns Number of bytes obtained.
+ */
+
+ virtual unsigned int getRandom(unsigned char * buffer, unsigned int
numOctets) = 0;
+
//@}
/[EMAIL PROTECTED]/
1.3 +6 -3 xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp
Index: XSECCryptoSymmetricKey.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- XSECCryptoSymmetricKey.hpp 8 Sep 2003 12:07:48 -0000 1.2
+++ XSECCryptoSymmetricKey.hpp 3 Oct 2003 09:54:46 -0000 1.3
@@ -106,7 +106,9 @@
enum SymmetricKeyType {
- KEY_3DES_CBC_192
+ KEY_3DES_CBC_192, /** 192 bit (3-Key)
3DES */
+ KEY_AES_CBC_128, /** 128 bit AES in CBC
mode */
+ KEY_AES_ECB_128 /** 128 bit AES in ECB
mode */
};
@@ -193,12 +195,13 @@
* implementations should assume that the start of the
* cipher text stream will in fact be the IV.
*
+ * @param doPad By default, we perform padding for last block
* @param iv Initialisation Vector to be used. NULL if one is
* not required, or if IV will be set from data stream
* @returns true if the initialisation succeeded.
*/
- virtual bool decryptInit(const unsigned char * iv = NULL) = 0;
+ virtual bool decryptInit(bool doPad = true, const unsigned char * iv =
NULL) = 0;
/**
* \brief Continue an decrypt operation using this key.
1.8 +26 -1 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp
Index: OpenSSLCryptoProvider.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- OpenSSLCryptoProvider.cpp 31 Aug 2003 12:48:50 -0000 1.7
+++ OpenSSLCryptoProvider.cpp 3 Oct 2003 09:54:46 -0000 1.8
@@ -82,6 +82,10 @@
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp>
+#include <xsec/enc/XSECCryptoException.hpp>
+
+#include <openssl/rand.h>
+
OpenSSLCryptoProvider::OpenSSLCryptoProvider() {
OpenSSL_add_all_digests(); // Initialise Openssl
@@ -182,6 +186,27 @@
XSECnew(ret, OpenSSLCryptoSymmetricKey(alg));
return ret;
+
+}
+
+unsigned int OpenSSLCryptoProvider::getRandom(unsigned char * buffer,
unsigned int numOctets) {
+
+ if (RAND_status() != 1) {
+
+ throw XSECCryptoException(XSECCryptoException::GeneralError,
+ "OpenSSLCryptoProvider::getRandom - OpenSSL random not
properly initialised");
+ }
+
+ int res = RAND_bytes(buffer, numOctets);
+
+ if (res == 0) {
+
+ throw XSECCryptoException(XSECCryptoException::GeneralError,
+ "OpenSSLCryptoProvider::getRandom - Error obtaining
random octets");
+
+ }
+
+ return numOctets;
}
1.8 +16 -1 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp
Index: OpenSSLCryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- OpenSSLCryptoProvider.hpp 31 Aug 2003 12:48:50 -0000 1.7
+++ OpenSSLCryptoProvider.hpp 3 Oct 2003 09:54:46 -0000 1.8
@@ -229,6 +229,21 @@
virtual XSECCryptoSymmetricKey *
keySymmetric(XSECCryptoSymmetricKey::SymmetricKeyType alg);
+ /**
+ * \brief Obtain some random octets
+ *
+ * For generation of IVs and the like, the library needs to be able
+ * to obtain "random" octets. The library uses this call to the
+ * crypto provider to obtain what it needs.
+ *
+ * @param buffer The buffer to place the random data in
+ * @param numOctets Number of bytes required
+ * @returns Number of bytes obtained.
+ */
+
+ virtual unsigned int getRandom(unsigned char * buffer, unsigned int
numOctets);
+
+
//@}
/[EMAIL PROTECTED]/
1.4 +98 -8
xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
Index: OpenSSLCryptoSymmetricKey.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- OpenSSLCryptoSymmetricKey.cpp 11 Sep 2003 11:43:07 -0000 1.3
+++ OpenSSLCryptoSymmetricKey.cpp 3 Oct 2003 09:54:46 -0000 1.4
@@ -76,6 +76,8 @@
#include <string.h>
+#include <openssl/rand.h>
+
//
--------------------------------------------------------------------------------
// Constructors and Destructors
//
--------------------------------------------------------------------------------
@@ -183,6 +185,46 @@
break;
+ case (XSECCryptoSymmetricKey::KEY_AES_CBC_128) :
+
+ // An AES key
+
+ if (iv == NULL) {
+
+ return 0; // Cannot initialise without an IV
+
+ }
+
+ EVP_CIPHER_CTX_init(&m_ctx);
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
+ // Turn off padding
+ EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+
+ // That means we have to handle padding, so we always hold back
+ // 8 bytes of data.
+ m_blockSize = 8;
+ m_bytesInLastBlock = 0;
+
+ return 8; // AES uses a 64 bit IV
+
+ break;
+
+ case (XSECCryptoSymmetricKey::KEY_AES_ECB_128) :
+
+ // An AES key
+
+ EVP_CIPHER_CTX_init(&m_ctx);
+ EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ // Turn off padding
+ EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+
+ m_blockSize = 0;
+ m_bytesInLastBlock = 0;
+
+ return 0; // ECB - no key
+
+ break;
+
default :
// Cannot do this without an IV
@@ -195,10 +237,10 @@
}
-bool OpenSSLCryptoSymmetricKey::decryptInit(const unsigned char * iv) {
+bool OpenSSLCryptoSymmetricKey::decryptInit(bool doPad, const unsigned char
* iv) {
+ m_doPad = doPad;
decryptCtxInit(iv);
-
return true;
}
@@ -231,8 +273,8 @@
}
- // Store the last block
- if (m_blockSize > 0 && outl >= m_blockSize) {
+ // Store the last block if we are padding
+ if (m_doPad && m_blockSize > 0 && outl >= m_blockSize) {
// Output will always be *at least* the blocksize
@@ -273,7 +315,7 @@
}
// Calculate any padding issues
- if (m_bytesInLastBlock == m_blockSize) {
+ if (m_doPad && m_bytesInLastBlock == m_blockSize) {
outl = m_blockSize - m_lastBlock[m_blockSize - 1];
@@ -313,9 +355,10 @@
// Set up the context according to the required cipher type
const unsigned char * usedIV;
- const unsigned char tstIV[] = "abcdefghijklmnopqrstuvwxyz";
+ unsigned char genIV[256];
// Tell the library that the IV still has to be sent
+
m_ivSent = false;
switch (m_keyType) {
@@ -326,7 +369,13 @@
if (iv == NULL) {
- usedIV = tstIV;
+ bool res = ((RAND_status() == 1) && (RAND_bytes(genIV,
256) == 1));
+ if (res == false) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error
generating random IV");
+ }
+
+ usedIV = genIV;
//return 0; // Cannot initialise without an IV
}
@@ -346,6 +395,47 @@
break;
+ case (XSECCryptoSymmetricKey::KEY_AES_CBC_128) :
+
+ // An AES key
+
+ if (iv == NULL) {
+
+ bool res = ((RAND_status() == 1) && (RAND_bytes(genIV,
256) == 1));
+ if (res == false) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error
generating random IV");
+ }
+
+ usedIV = genIV;
+ //return 0; // Cannot initialise without an IV
+
+ }
+ else
+ usedIV = iv;
+
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
+
+ m_blockSize = 16;
+ m_ivSize = 16;
+ memcpy(m_lastBlock, usedIV, m_ivSize);
+ m_bytesInLastBlock = 0;
+
+ break;
+
+ case (XSECCryptoSymmetricKey::KEY_AES_ECB_128) :
+
+ // An AES key
+
+ EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+ EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+
+ m_blockSize = 16;
+ m_ivSize = 0;
+ m_bytesInLastBlock = 0;
+
+ break;
+
default :
// Cannot do this without an IV
1.3 +4 -3
xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
Index: OpenSSLCryptoSymmetricKey.hpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- OpenSSLCryptoSymmetricKey.hpp 8 Sep 2003 12:07:48 -0000 1.2
+++ OpenSSLCryptoSymmetricKey.hpp 3 Oct 2003 09:54:46 -0000 1.3
@@ -175,12 +175,13 @@
* Callers can pass in an IV. If one is not provided,
* then it is assumed that the algorithm will not require one.
*
+ * @param doPad By default, we perform padding for last block
* @param iv Initialisation Vector to be used. NULL if one is
* not required.
* @returns true if the initialisation succeeded.
*/
- virtual bool decryptInit(const unsigned char * iv = NULL);
+ virtual bool decryptInit(bool doPad = true, const unsigned char * iv =
NULL);
/**
* \brief Continue an decrypt operation using this key.
@@ -321,7 +322,7 @@
int
m_ivSize;
int
m_bytesInLastBlock;
bool m_ivSent;
// Has the IV been put in the stream
-
+ bool m_doPad;
// Do we pad last block?
};
1.6 +9 -1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp
Index: WinCAPICryptoProvider.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- WinCAPICryptoProvider.cpp 28 Sep 2003 12:30:26 -0000 1.5
+++ WinCAPICryptoProvider.cpp 3 Oct 2003 09:54:46 -0000 1.6
@@ -219,6 +219,14 @@
}
+unsigned int WinCAPICryptoProvider::getRandom(unsigned char * buffer,
unsigned int numOctets) {
+
+ throw XSECException(XSECException::InternalError,
+ "WinCAPICryptoProvider() - Random generation not yet
supported");
+
+}
+
+
//
--------------------------------------------------------------------------------
// Translate a Base64 number to a Windows (little endian) integer
1.7 +16 -1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.hpp
Index: WinCAPICryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoProvider.hpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- WinCAPICryptoProvider.hpp 28 Sep 2003 12:30:26 -0000 1.6
+++ WinCAPICryptoProvider.hpp 3 Oct 2003 09:54:46 -0000 1.7
@@ -317,6 +317,21 @@
virtual XSECCryptoSymmetricKey *
keySymmetric(XSECCryptoSymmetricKey::SymmetricKeyType alg);
+ /**
+ * \brief Obtain some random octets
+ *
+ * For generation of IVs and the like, the library needs to be able
+ * to obtain "random" octets. The library uses this call to the
+ * crypto provider to obtain what it needs.
+ *
+ * @param buffer The buffer to place the random data in
+ * @param numOctets Number of bytes required
+ * @returns Number of bytes obtained.
+ */
+
+ virtual unsigned int getRandom(unsigned char * buffer, unsigned int
numOctets);
+
+
//@}
private:
