[xmlsec] MSCrypto driver, how the crypto works? (ciphers.c)

Aleksey Sanin aleksey at aleksey.com
Tue Apr 22 10:12:29 PDT 2003

>When you have the xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr
>transform, int last, xmlSecTransformCtxPtr transformCtx) function (as
>defined in the Klass file) todo the actual crypto, it calls the:
As you correctly pointed out, this design works for OpenSSL, GnuTLS and 
NSS. In all these
libraries block cipher functions easily map in Init/Update/Final logic. 
I am not familiar
with MSCrypto API but it might happen that you need to use a different 

>I wonder if the Execute (and Update) functions are called multiple times
>depending on the blocksize ? (or is the function always called with the
>full content to be encrypted ?
In OpenSSL/GnuTLS/NSS "Update" might be called multiple times. It might 
happen that
in MSCrypto you have to have whole block of data and you have to collect 
all the data
in the xmlSecTransform::inBuf before encryption/decryption (see key 
wrappers for examples).
However, I would strongly recommend to avoid this as much as possible. 
You never
know the encrypted data size and allocating large memory block can be 

>And when the content is the last piece Execute will probably call the
>xmlSecMSCryptoBlockCipherCtxFinal function ?

>Could someone clarify this a bit ?
The scheme is: Init/Update/Final where Update might be called any number 
of times (including 0).

>Next to that, the MSCrypto CryptEncrypt function only uses one buffer,
>this buffer is the in buffer and overwritten with the result. Another
>parameter will give you the new size of this buffer.
>Probably I need to copy the full content of the inbuffer to the outbuffer
>and encrypt that. Any other suggestions ? (and has this an effect on the
>way the 'last' block is known?)
Yes, this makes sense. The onlly thing is that you need to ensure that 
inBuf has enough space
for ecnryption/decryption result (xmlSecBufferSetMaxSize() should help 
:) ). I am not sure
what do you mean by "last block is known". If MSCrypto supports the 
required padding then
you just need to use the necessary MSCrypto constant. Otherwise you need 
to do padding yourself
(assuming MSCrypto has "no padding" option).

More information about the xmlsec mailing list