[xmlsec] Padding in xmlsec
Kaushalye Kapuruge
kaushalye at wso2.com
Mon Dec 18 23:04:40 PST 2006
Hi Aleksey,
I tried to inter-op my xml encryption implementation with xml-sec. But
it didn't work. :( I followed the specification but seems there is a
problem with padding.
For example if I'm using 3-DES (block size=8)a buffer of size 64 to
call EVP_CipherUpdate and my plain text is of length let's say 117,
In this case I've to pad before my second call to EVP_CipherUpdate. Right?
If so what should be the size of the pad for the last block?
Is it 11 (=N*64-117) OR 3 (=n*8 - 117)?
As I understood according to the specification
(http://www.w3.org/TR/xmlenc-core/ ) this should be 3.
So I should have a suffix of XX3, where X can be any value.
Then I have another problem.
This padding will fill-up from places 126-128. How should I fill places
from 117 to 126?
Also to disable the default padding in openssl I used
EVP_CIPHER_CTX_set_padding(&ctx, 0);
Is there any thing I have to do beyond this. Like setting certain
parameters in the EVP_CIPHER_CTX.
Thanks,
Kaushalye
PS:
I checked your implementation, and according to that I did the same hack
for openssl.
I calculated the padlen as padLen = EVP_CIPHER_block_size(ctx->cipher) -
ctx.buf_len.
But I always get 0 for ctx.buf_len :(
Aleksey Sanin wrote:
>> But why is it limited only for OPENSSL 0.9.6? Does that mean versions
>> after 0.9.6 have the support for padding specified in XML Encryption
>> specification.
>
> Other way around :) With OpenSSL 0.9.6 there is no way to support
> padding specified in XML Encryption specification. For older version
> of OpenSSL, everything is fine and there is full compatibility
> with XML Encryption spec.
>
>> Moreover is your padding compatible with other crypto libraries such
>> as Bouncy Castle Crypto API?
>
> Well, if it supports the padding from XML Encryption specification
> then "yes".
>
> Aleksey
>
>
>
More information about the xmlsec
mailing list