[xmlsec] MSCrypto driver, how the crypto works? (ciphers.c)
Aleksey Sanin
aleksey at aleksey.com
Tue Apr 22 10:12:29 PDT 2003
>When you have the xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr
>transform, int last, xmlSecTransformCtxPtr transformCtx) function (as
>defined in the Klass file) todo the actual crypto, it calls the:
>xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr
>
As you correctly pointed out, this design works for OpenSSL, GnuTLS and
NSS. In all these
libraries block cipher functions easily map in Init/Update/Final logic.
I am not familiar
with MSCrypto API but it might happen that you need to use a different
approach.
>I wonder if the Execute (and Update) functions are called multiple times
>depending on the blocksize ? (or is the function always called with the
>full content to be encrypted ?
>
In OpenSSL/GnuTLS/NSS "Update" might be called multiple times. It might
happen that
in MSCrypto you have to have whole block of data and you have to collect
all the data
in the xmlSecTransform::inBuf before encryption/decryption (see key
wrappers for examples).
However, I would strongly recommend to avoid this as much as possible.
You never
know the encrypted data size and allocating large memory block can be
un-desirable.
>And when the content is the last piece Execute will probably call the
>xmlSecMSCryptoBlockCipherCtxFinal function ?
>
>
Yes.
>Could someone clarify this a bit ?
>
>
The scheme is: Init/Update/Final where Update might be called any number
of times (including 0).
>Next to that, the MSCrypto CryptEncrypt function only uses one buffer,
>this buffer is the in buffer and overwritten with the result. Another
>parameter will give you the new size of this buffer.
>Probably I need to copy the full content of the inbuffer to the outbuffer
>and encrypt that. Any other suggestions ? (and has this an effect on the
>way the 'last' block is known?)
>
>
Yes, this makes sense. The onlly thing is that you need to ensure that
inBuf has enough space
for ecnryption/decryption result (xmlSecBufferSetMaxSize() should help
:) ). I am not sure
what do you mean by "last block is known". If MSCrypto supports the
required padding then
you just need to use the necessary MSCrypto constant. Otherwise you need
to do padding yourself
(assuming MSCrypto has "no padding" option).
More information about the xmlsec
mailing list