Hi Aleksey,
I tried to inter-op my xml encryption implementation with xml-sec. But
it didn't work. :( I followed the specification but seems there is a
problem with padding.
For example if I'm using 3-DES (block size=8)a buffer of size 64 to
call EVP_CipherUpdate and my plain text is of length let's say 117,
In this case I've to pad before my second call to EVP_CipherUpdate. Right?
If so what should be the size of the pad for the last block?
Is it 11 (=N*64-117) OR 3 (=n*8 - 117)?
As I understood according to the specification
(http://www.w3.org/TR/xmlenc-core/ ) this should be 3.
So I should have a suffix of XX3, where X can be any value.
Then I have another problem.
This padding will fill-up from places 126-128. How should I fill places
from 117 to 126?
Also to disable the default padding in openssl I used
EVP_CIPHER_CTX_set_padding(&ctx, 0);
Is there any thing I have to do beyond this. Like setting certain
parameters in the EVP_CIPHER_CTX.
Thanks,
Kaushalye
PS:
I checked your implementation, and according to that I did the same hack
for openssl.
I calculated the padlen as padLen = EVP_CIPHER_block_size(ctx->cipher) -
ctx.buf_len.
But I always get 0 for ctx.buf_len :(
Aleksey Sanin wrote:
But why is it limited only for OPENSSL 0.9.6? Does that mean versions
after 0.9.6 have the support for padding specified in XML Encryption
specification.
Other way around :) With OpenSSL 0.9.6 there is no way to support
padding specified in XML Encryption specification. For older version
of OpenSSL, everything is fine and there is full compatibility
with XML Encryption spec.
Moreover is your padding compatible with other crypto libraries such
as Bouncy Castle Crypto API?
Well, if it supports the padding from XML Encryption specification
then "yes".
Aleksey
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
