5 * AES Algorithm support
7 * This is free software; see Copyright file in the source
8 * distribution for preciese wording.
10 * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
13 #ifndef XMLSEC_OPENSSL_096
20 #include <openssl/aes.h>
21 #include <openssl/rand.h>
23 #include <xmlsec/xmlsec.h>
24 #include <xmlsec/xmltree.h>
25 #include <xmlsec/keys.h>
26 #include <xmlsec/transforms.h>
27 #include <xmlsec/errors.h>
29 #include <xmlsec/openssl/crypto.h>
31 #define XMLSEC_OPENSSL_AES128_KEY_SIZE 16
32 #define XMLSEC_OPENSSL_AES192_KEY_SIZE 24
33 #define XMLSEC_OPENSSL_AES256_KEY_SIZE 32
34 #define XMLSEC_OPENSSL_AES_IV_SIZE 16
35 #define XMLSEC_OPENSSL_AES_BLOCK_SIZE 16
38 /*********************************************************************
42 * key (xmlSecBuffer) is located after xmlSecTransform structure
44 ********************************************************************/
45 #define xmlSecOpenSSLKWAesGetKey(transform) \
46 ((xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
47 #define xmlSecOpenSSLKWAesSize \
48 (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
50 static int xmlSecOpenSSLKWAesInitialize (xmlSecTransformPtr transform);
51 static void xmlSecOpenSSLKWAesFinalize (xmlSecTransformPtr transform);
52 static int xmlSecOpenSSLKWAesSetKeyReq (xmlSecTransformPtr transform,
53 xmlSecKeyReqPtr keyReq);
54 static int xmlSecOpenSSLKWAesSetKey (xmlSecTransformPtr transform,
56 static int xmlSecOpenSSLKWAesExecute (xmlSecTransformPtr transform,
58 xmlSecTransformCtxPtr transformCtx);
59 static xmlSecSize xmlSecOpenSSLKWAesGetKeySize (xmlSecTransformPtr transform);
60 static int xmlSecOpenSSLKWAesEncode (const xmlSecByte *key,
66 static int xmlSecOpenSSLKWAesDecode (const xmlSecByte *key,
73 static xmlSecTransformKlass xmlSecOpenSSLKWAes128Klass = {
74 /* klass/object sizes */
75 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
76 xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
78 xmlSecNameKWAes128, /* const xmlChar* name; */
79 xmlSecHrefKWAes128, /* const xmlChar* href; */
80 xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
82 xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
83 xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
84 NULL, /* xmlSecTransformNodeReadMethod readNode; */
85 NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
86 xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
87 xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
88 NULL, /* xmlSecTransformValidateMethod validate; */
89 xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
90 xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
91 xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
92 NULL, /* xmlSecTransformPushXmlMethod pushXml; */
93 NULL, /* xmlSecTransformPopXmlMethod popXml; */
94 xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
96 NULL, /* void* reserved0; */
97 NULL, /* void* reserved1; */
100 static xmlSecTransformKlass xmlSecOpenSSLKWAes192Klass = {
101 /* klass/object sizes */
102 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
103 xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
105 xmlSecNameKWAes192, /* const xmlChar* name; */
106 xmlSecHrefKWAes192, /* const xmlChar* href; */
107 xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
109 xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
110 xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
111 NULL, /* xmlSecTransformNodeReadMethod readNode; */
112 NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
113 xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
114 xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
115 NULL, /* xmlSecTransformValidateMethod validate; */
116 xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
117 xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
118 xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
119 NULL, /* xmlSecTransformPushXmlMethod pushXml; */
120 NULL, /* xmlSecTransformPopXmlMethod popXml; */
121 xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
123 NULL, /* void* reserved0; */
124 NULL, /* void* reserved1; */
127 static xmlSecTransformKlass xmlSecOpenSSLKWAes256Klass = {
128 /* klass/object sizes */
129 sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
130 xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
132 xmlSecNameKWAes256, /* const xmlChar* name; */
133 xmlSecHrefKWAes256, /* const xmlChar* href; */
134 xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
136 xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
137 xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
138 NULL, /* xmlSecTransformNodeReadMethod readNode; */
139 NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
140 xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
141 xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
142 NULL, /* xmlSecTransformValidateMethod validate; */
143 xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
144 xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
145 xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
146 NULL, /* xmlSecTransformPushXmlMethod pushXml; */
147 NULL, /* xmlSecTransformPopXmlMethod popXml; */
148 xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
150 NULL, /* void* reserved0; */
151 NULL, /* void* reserved1; */
154 #define XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE 8
156 #define xmlSecOpenSSLKWAesCheckId(transform) \
157 (xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes128Id) || \
158 xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes192Id) || \
159 xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes256Id))
162 * xmlSecOpenSSLTransformKWAes128GetKlass:
164 * The AES-128 kew wrapper transform klass.
166 * Returns: AES-128 kew wrapper transform klass.
169 xmlSecOpenSSLTransformKWAes128GetKlass(void) {
170 return(&xmlSecOpenSSLKWAes128Klass);
174 * xmlSecOpenSSLTransformKWAes192GetKlass:
176 * The AES-192 kew wrapper transform klass.
178 * Returns: AES-192 kew wrapper transform klass.
181 xmlSecOpenSSLTransformKWAes192GetKlass(void) {
182 return(&xmlSecOpenSSLKWAes192Klass);
186 * xmlSecOpenSSLTransformKWAes256GetKlass:
188 * The AES-256 kew wrapper transform klass.
190 * Returns: AES-256 kew wrapper transform klass.
193 xmlSecOpenSSLTransformKWAes256GetKlass(void) {
194 return(&xmlSecOpenSSLKWAes256Klass);
198 xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) {
201 xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
202 xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
204 ret = xmlSecBufferInitialize(xmlSecOpenSSLKWAesGetKey(transform), 0);
206 xmlSecError(XMLSEC_ERRORS_HERE,
207 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
208 "xmlSecOpenSSLKWAesGetKey",
209 XMLSEC_ERRORS_R_XMLSEC_FAILED,
210 XMLSEC_ERRORS_NO_MESSAGE);
218 xmlSecOpenSSLKWAesFinalize(xmlSecTransformPtr transform) {
219 xmlSecAssert(xmlSecOpenSSLKWAesCheckId(transform));
220 xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize));
222 if(xmlSecOpenSSLKWAesGetKey(transform) != NULL) {
223 xmlSecBufferFinalize(xmlSecOpenSSLKWAesGetKey(transform));
228 xmlSecOpenSSLKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
229 xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
230 xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
231 xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
232 xmlSecAssert2(keyReq != NULL, -1);
234 keyReq->keyId = xmlSecOpenSSLKeyDataAesId;
235 keyReq->keyType = xmlSecKeyDataTypeSymmetric;
236 if(transform->operation == xmlSecTransformOperationEncrypt) {
237 keyReq->keyUsage = xmlSecKeyUsageEncrypt;
239 keyReq->keyUsage = xmlSecKeyUsageDecrypt;
241 keyReq->keyBitsSize = 8 * xmlSecOpenSSLKWAesGetKeySize(transform);
247 xmlSecOpenSSLKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
248 xmlSecBufferPtr buffer;
250 xmlSecSize expectedKeySize;
253 xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
254 xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
255 xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
256 xmlSecAssert2(xmlSecOpenSSLKWAesGetKey(transform) != NULL, -1);
257 xmlSecAssert2(key != NULL, -1);
258 xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataAesId), -1);
260 buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
261 xmlSecAssert2(buffer != NULL, -1);
263 keySize = xmlSecBufferGetSize(buffer);
264 expectedKeySize = xmlSecOpenSSLKWAesGetKeySize(transform);
265 if(keySize < expectedKeySize) {
266 xmlSecError(XMLSEC_ERRORS_HERE,
267 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
269 XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
270 "key=%d;expected=%d",
271 keySize, expectedKeySize);
275 ret = xmlSecBufferSetData(xmlSecOpenSSLKWAesGetKey(transform),
276 xmlSecBufferGetData(buffer),
279 xmlSecError(XMLSEC_ERRORS_HERE,
280 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
281 "xmlSecBufferSetData",
282 XMLSEC_ERRORS_R_XMLSEC_FAILED,
283 "expected-size=%d", expectedKeySize);
291 xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
292 xmlSecBufferPtr in, out, key;
293 xmlSecSize inSize, outSize, keySize, expectedKeySize;
296 xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
297 xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
298 xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
299 xmlSecAssert2(transformCtx != NULL, -1);
301 key = xmlSecOpenSSLKWAesGetKey(transform);
302 xmlSecAssert2(key != NULL, -1);
304 keySize = xmlSecBufferGetSize(key);
305 expectedKeySize = xmlSecOpenSSLKWAesGetKeySize(transform);
306 xmlSecAssert2(keySize == expectedKeySize, -1);
308 in = &(transform->inBuf);
309 out = &(transform->outBuf);
310 inSize = xmlSecBufferGetSize(in);
311 outSize = xmlSecBufferGetSize(out);
312 xmlSecAssert2(outSize == 0, -1);
314 if(transform->status == xmlSecTransformStatusNone) {
315 transform->status = xmlSecTransformStatusWorking;
318 if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
319 /* just do nothing */
320 } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
321 if((inSize % 8) != 0) {
322 xmlSecError(XMLSEC_ERRORS_HERE,
323 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
325 XMLSEC_ERRORS_R_INVALID_SIZE,
326 "size=%d(not 8 bytes aligned)", inSize);
330 if(transform->operation == xmlSecTransformOperationEncrypt) {
331 /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
332 outSize = inSize + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE +
333 XMLSEC_OPENSSL_AES_BLOCK_SIZE;
335 outSize = inSize + XMLSEC_OPENSSL_AES_BLOCK_SIZE;
338 ret = xmlSecBufferSetMaxSize(out, outSize);
340 xmlSecError(XMLSEC_ERRORS_HERE,
341 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
342 "xmlSecBufferSetMaxSize",
343 XMLSEC_ERRORS_R_XMLSEC_FAILED,
344 "outSize=%d", outSize);
348 if(transform->operation == xmlSecTransformOperationEncrypt) {
349 ret = xmlSecOpenSSLKWAesEncode(xmlSecBufferGetData(key), keySize,
350 xmlSecBufferGetData(in), inSize,
351 xmlSecBufferGetData(out), outSize);
353 xmlSecError(XMLSEC_ERRORS_HERE,
354 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
355 "xmlSecOpenSSLKWAesEncode",
356 XMLSEC_ERRORS_R_XMLSEC_FAILED,
357 XMLSEC_ERRORS_NO_MESSAGE);
362 ret = xmlSecOpenSSLKWAesDecode(xmlSecBufferGetData(key), keySize,
363 xmlSecBufferGetData(in), inSize,
364 xmlSecBufferGetData(out), outSize);
366 xmlSecError(XMLSEC_ERRORS_HERE,
367 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
368 "xmlSecOpenSSLKWAesDecode",
369 XMLSEC_ERRORS_R_XMLSEC_FAILED,
370 XMLSEC_ERRORS_NO_MESSAGE);
376 ret = xmlSecBufferSetSize(out, outSize);
378 xmlSecError(XMLSEC_ERRORS_HERE,
379 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
380 "xmlSecBufferSetSize",
381 XMLSEC_ERRORS_R_XMLSEC_FAILED,
382 "outSize=%d", outSize);
386 ret = xmlSecBufferRemoveHead(in, inSize);
388 xmlSecError(XMLSEC_ERRORS_HERE,
389 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
390 "xmlSecBufferRemoveHead",
391 XMLSEC_ERRORS_R_XMLSEC_FAILED,
396 transform->status = xmlSecTransformStatusFinished;
397 } else if(transform->status == xmlSecTransformStatusFinished) {
398 /* the only way we can get here is if there is no input */
399 xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
401 xmlSecError(XMLSEC_ERRORS_HERE,
402 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
404 XMLSEC_ERRORS_R_INVALID_STATUS,
405 "status=%d", transform->status);
412 xmlSecOpenSSLKWAesGetKeySize(xmlSecTransformPtr transform) {
413 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes128Id)) {
414 return(XMLSEC_OPENSSL_AES128_KEY_SIZE);
415 } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes192Id)) {
416 return(XMLSEC_OPENSSL_AES192_KEY_SIZE);
417 } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) {
418 return(XMLSEC_OPENSSL_AES256_KEY_SIZE);
424 * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap:
426 * Assume that the data to be wrapped consists of N 64-bit data blocks
427 * denoted P(1), P(2), P(3) ... P(N). The result of wrapping will be N+1
428 * 64-bit blocks denoted C(0), C(1), C(2), ... C(N). The key encrypting
429 * key is represented by K. Assume integers i, j, and t and intermediate
430 * 64-bit register A, 128-bit register B, and array of 64-bit quantities
433 * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
434 * is the 128-bit quantity with x in the most significant bits and y in the
435 * least significant bits. AES(K)enc(x) is the operation of AES encrypting
436 * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
437 * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
438 * MSB(x) and LSB(y) are the most significant 64 bits and least significant
439 * 64 bits of x and y respectively.
441 * If N is 1, a single AES operation is performed for wrap or unwrap.
442 * If N>1, then 6*N AES operations are performed for wrap or unwrap.
444 * The key wrap algorithm is as follows:
447 * * B=AES(K)enc(0xA6A6A6A6A6A6A6A6|P(1))
450 * If N>1, perform the following steps:
451 * 2. Initialize variables:
452 * * Set A to 0xA6A6A6A6A6A6A6A6
455 * 3. Calculate intermediate values:
459 * B=AES(K)enc(A|R(i))
462 * 4. Output the results:
467 * The key unwrap algorithm is as follows:
470 * * B=AES(K)dec(C(0)|C(1))
472 * * If MSB(B) is 0xA6A6A6A6A6A6A6A6, return success. Otherwise,
473 * return an integrity check failure error.
474 * If N>1, perform the following steps:
475 * 2. Initialize the variables:
479 * 3. Calculate intermediate values:
483 * B=AES(K)dec(XOR(t,A)|R(i))
486 * 4. Output the results:
489 * * If A is 0xA6A6A6A6A6A6A6A6, return success. Otherwise, return
490 * an integrity check failure error.
492 static const xmlSecByte xmlSecOpenSSLKWAesMagicBlock[XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE] = {
493 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
497 xmlSecOpenSSLKWAesEncode(const xmlSecByte *key, xmlSecSize keySize,
498 const xmlSecByte *in, xmlSecSize inSize,
499 xmlSecByte *out, xmlSecSize outSize) {
501 xmlSecByte block[XMLSEC_OPENSSL_AES_BLOCK_SIZE];
506 xmlSecAssert2(key != NULL, -1);
507 xmlSecAssert2(keySize > 0, -1);
508 xmlSecAssert2(in != NULL, -1);
509 xmlSecAssert2(inSize > 0, -1);
510 xmlSecAssert2(out != NULL, -1);
511 xmlSecAssert2(outSize >= inSize + 8, -1);
513 ret = AES_set_encrypt_key(key, 8 * keySize, &aesKey);
515 xmlSecError(XMLSEC_ERRORS_HERE,
517 "AES_set_encrypt_key",
518 XMLSEC_ERRORS_R_CRYPTO_FAILED,
519 XMLSEC_ERRORS_NO_MESSAGE);
523 /* prepend magic block */
525 memcpy(out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
527 memmove(out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
529 memcpy(out, xmlSecOpenSSLKWAesMagicBlock, XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
533 AES_encrypt(out, out, &aesKey);
535 for(j = 0; j <= 5; ++j) {
536 for(i = 1; i <= N; ++i) {
540 memcpy(block, out, 8);
541 memcpy(block + 8, p, 8);
543 AES_encrypt(block, block, &aesKey);
545 memcpy(out, block, 8);
546 memcpy(p, block + 8, 8);
555 xmlSecOpenSSLKWAesDecode(const xmlSecByte *key, xmlSecSize keySize,
556 const xmlSecByte *in, xmlSecSize inSize,
557 xmlSecByte *out, xmlSecSize outSize) {
559 xmlSecByte block[XMLSEC_OPENSSL_AES_BLOCK_SIZE];
564 xmlSecAssert2(key != NULL, -1);
565 xmlSecAssert2(keySize > 0, -1);
566 xmlSecAssert2(in != NULL, -1);
567 xmlSecAssert2(inSize > 0, -1);
568 xmlSecAssert2(out != NULL, -1);
569 xmlSecAssert2(outSize >= inSize, -1);
571 ret = AES_set_decrypt_key(key, 8 * keySize, &aesKey);
573 xmlSecError(XMLSEC_ERRORS_HERE,
575 "AES_set_decrypt_key",
576 XMLSEC_ERRORS_R_CRYPTO_FAILED,
577 XMLSEC_ERRORS_NO_MESSAGE);
583 memcpy(out, in, inSize);
586 N = (inSize / 8) - 1;
588 AES_decrypt(out, out, &aesKey);
590 for(j = 5; j >= 0; --j) {
591 for(i = N; i > 0; --i) {
595 memcpy(block, out, 8);
596 memcpy(block + 8, p, 8);
599 AES_decrypt(block, block, &aesKey);
600 memcpy(out, block, 8);
601 memcpy(p, block + 8, 8);
605 /* do not left data in memory */
606 memset(block, 0, sizeof(block));
608 if(memcmp(xmlSecOpenSSLKWAesMagicBlock, out, XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
609 xmlSecError(XMLSEC_ERRORS_HERE,
612 XMLSEC_ERRORS_R_INVALID_DATA,
617 memmove(out, out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
618 return(inSize - XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
621 #endif /* XMLSEC_OPENSSL_096 */
622 #endif /* XMLSEC_NO_AES */