[xmlsec] adding DES KW support for xmlsec-mscrypto



commit 1d184051b2fc20065a3b5ed23a7c6a777a8a9505
Author: Aleksey Sanin <aleksey aleksey com>
Date:   Sat May 8 23:45:26 2010 -0700

    adding DES KW support for xmlsec-mscrypto

 ChangeLog                        |    3 +
 TODO                             |    6 +-
 docs/xmlenc.html                 |    2 +-
 include/xmlsec/mscrypto/crypto.h |    9 +
 include/xmlsec/openssl/crypto.h  |    1 +
 src/mscrypto/Makefile.am         |    1 +
 src/mscrypto/crypto.c            |    1 +
 src/mscrypto/digests.c           |    4 +-
 src/mscrypto/kw_aes.c            |   65 ++--
 src/mscrypto/kw_des.c            |  733 ++++++++++++++++++++++++++++++++++++++
 win32/Makefile.msvc              |    2 +
 win32/mycfg.bat                  |    2 +-
 12 files changed, 786 insertions(+), 43 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index dd24235..93a87fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2010-05-09  Aleksey Sanin  <aleksey aleksey com>
+	* Added DES KW support for xmlsec-mscrypto
+
 2010-05-08  Aleksey Sanin  <aleksey aleksey com>
 	* Added AES KW support for xmlsec-mscrypto
 	* Added AES KW support for xmlsec-gnutls
diff --git a/TODO b/TODO
index 08147b0..49899a5 100644
--- a/TODO
+++ b/TODO
@@ -47,7 +47,7 @@ merlin-xmldsig-twenty-three/signature-x509-crt-crl
 
 
 -------------------------------------------------
-* xmlsec-mscrypto (May 08, 2010 using Windows XP SP3)
+* xmlsec-mscrypto (May 09, 2010 using Windows XP SP3)
 -------------------------------------------------
 
 ** Skipped tests due to missing transforms: RIPEMD160, SHA224, DES KW
@@ -59,10 +59,6 @@ aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64
 aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160
 aleksey-xmldsig-01/enveloping-sha224-rsa-sha224
 merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes
-merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes
-01-phaos-xmlenc-3/enc-element-3des-kw-3des
-01-phaos-xmlenc-3/enc-content-aes128-kw-3des
-
 
 ** Failed tests due to no GOST crypto providers on test machine
 
diff --git a/docs/xmlenc.html b/docs/xmlenc.html
index ab1db83..e4ddca2 100644
--- a/docs/xmlenc.html
+++ b/docs/xmlenc.html
@@ -302,7 +302,7 @@ data (including XML document). </div>
     <td valign="top">Y</td>
     <td valign="top">N</td>
     <td valign="top">Y</td>
-    <td valign="top">N</td>
+    <td valign="top">Y</td>
 </tr>
 <tr>
     <td style="width: 40%;" align="left" valign="top">AES-128 Key Wrap (128 bit keys)</td>
diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h
index ad24322..d0d0620 100644
--- a/include/xmlsec/mscrypto/crypto.h
+++ b/include/xmlsec/mscrypto/crypto.h
@@ -416,6 +416,15 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecMSCryptoKeyDataDesGetKlass(void);
         xmlSecMSCryptoTransformDes3CbcGetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformDes3CbcGetKlass(void);
 
+/**
+ * xmlSecMSCryptoTransformKWDes3Id:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecMSCryptoTransformKWDes3Id \
+        xmlSecMSCryptoTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformKWDes3GetKlass(void);
+
 #endif /* XMLSEC_NO_DES */
 
 
diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
index 36087f1..9c8423b 100644
--- a/include/xmlsec/openssl/crypto.h
+++ b/include/xmlsec/openssl/crypto.h
@@ -144,6 +144,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDes3CbcGetKlass(voi
 #define xmlSecOpenSSLTransformKWDes3Id \
         xmlSecOpenSSLTransformKWDes3GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformKWDes3GetKlass(void);
+
 #endif /* XMLSEC_NO_DES */
 
 /********************************************************************
diff --git a/src/mscrypto/Makefile.am b/src/mscrypto/Makefile.am
index 05285ec..eaac795 100644
--- a/src/mscrypto/Makefile.am
+++ b/src/mscrypto/Makefile.am
@@ -30,6 +30,7 @@ libxmlsec1_mscrypto_la_SOURCES =\
 	hmac.c \
 	keysstore.c \
 	kw_aes.c \
+	kw_des.c \
 	kt_rsa.c \
 	signatures.c \
 	symkeys.c \
diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c
index adeaff4..4a45ce7 100644
--- a/src/mscrypto/crypto.c
+++ b/src/mscrypto/crypto.c
@@ -129,6 +129,7 @@ xmlSecCryptoGetFunctions_mscrypto(void) {
     /******************************* DES ********************************/
 #ifndef XMLSEC_NO_DES
     gXmlSecMSCryptoFunctions->transformDes3CbcGetKlass          = xmlSecMSCryptoTransformDes3CbcGetKlass;
+    gXmlSecMSCryptoFunctions->transformKWDes3GetKlass           = xmlSecMSCryptoTransformKWDes3GetKlass;
 #endif /* XMLSEC_NO_DES */
 
     /******************************* DSA ********************************/
diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c
index b1af700..4d0338a 100644
--- a/src/mscrypto/digests.c
+++ b/src/mscrypto/digests.c
@@ -360,9 +360,9 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform,
             if (ret == 0) {
                 xmlSecError(XMLSEC_ERRORS_HERE,
                             xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-                            "CryptGetHashParam",
+                            "CryptGetHashParam(HP_HASHVAL)",
                             XMLSEC_ERRORS_R_XMLSEC_FAILED,
-                            "size=%d", inSize);
+                            "size=%d", MSCRYPTO_MAX_HASH_SIZE);
                 return(-1);
             }
 
diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c
index b749b82..c8c1985 100644
--- a/src/mscrypto/kw_aes.c
+++ b/src/mscrypto/kw_aes.c
@@ -73,8 +73,7 @@ struct _xmlSecMSCryptoKWAesCtx {
 
     HCRYPTPROV                          cryptProvider;
     HCRYPTKEY                           pubPrivKey;
-    HCRYPTKEY                           cryptKey;
-    xmlSecBuffer                        kwKeyBuffer;
+    xmlSecBuffer                        keyBuffer;
 };
 
 /******************************************************************************
@@ -164,7 +163,7 @@ xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
         return(-1);
     }
 
-    ret = xmlSecBufferInitialize(&ctx->kwKeyBuffer, 0);
+    ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0);
     if(ret < 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -174,6 +173,7 @@ xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
         return(-1);
     }
 
+    /* find provider */
     ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
     if(ctx->cryptProvider == 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
@@ -209,9 +209,6 @@ xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
     ctx = xmlSecMSCryptoKWAesGetCtx(transform);
     xmlSecAssert(ctx != NULL);
 
-    if (ctx->cryptKey) {
-        CryptDestroyKey(ctx->cryptKey);
-    }
     if (ctx->pubPrivKey) {
         CryptDestroyKey(ctx->pubPrivKey);
     }
@@ -219,7 +216,7 @@ xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
         CryptReleaseContext(ctx->cryptProvider, 0);
     }
     
-    xmlSecBufferFinalize(&ctx->kwKeyBuffer);
+    xmlSecBufferFinalize(&ctx->keyBuffer);
 
     memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
 }
@@ -281,7 +278,7 @@ xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
         return(-1);
     }
 
-    ret = xmlSecBufferSetData(&(ctx->kwKeyBuffer),
+    ret = xmlSecBufferSetData(&(ctx->keyBuffer),
                             xmlSecBufferGetData(buffer),
                             ctx->keySize);
     if(ret < 0) {
@@ -426,6 +423,7 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
                                 xmlSecByte * out, xmlSecSize outSize,
                                 void * context) {
     xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+    HCRYPTKEY cryptKey = 0;
     DWORD dwCLen;
 
     xmlSecAssert2(in != NULL, -1);
@@ -434,18 +432,17 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
     xmlSecAssert2(outSize >= inSize, -1);
     xmlSecAssert2(ctx != NULL, -1);
     xmlSecAssert2(ctx->pubPrivKey != 0, -1);
-    xmlSecAssert2(ctx->cryptKey == 0, -1);
-    xmlSecAssert2(xmlSecBufferGetSize(&ctx->kwKeyBuffer) == ctx->keySize, -1);
+    xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
 
     /* Import this key and get an HCRYPTKEY handle, we do it again and again 
        to ensure we don't go into CBC mode */
     if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
         ctx->pubPrivKey,
         ctx->algorithmIdentifier,
-        xmlSecBufferGetData(&ctx->kwKeyBuffer),
-        xmlSecBufferGetSize(&ctx->kwKeyBuffer),
+        xmlSecBufferGetData(&ctx->keyBuffer),
+        xmlSecBufferGetSize(&ctx->keyBuffer),
         TRUE,
-        &(ctx->cryptKey)))  {
+        &cryptKey))  {
 
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
@@ -454,27 +451,27 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
                     XMLSEC_ERRORS_NO_MESSAGE);
         return(-1);
     }
+    xmlSecAssert2(cryptKey != 0, -1);
 
     /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
      * can be skipped. I hope this will work .... */
-    memcpy(out, in, inSize);
+    if(out != in) {
+        memcpy(out, in, inSize);
+    }
     dwCLen = inSize;
-    if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+    if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
                     "CryptEncrypt",
                     XMLSEC_ERRORS_R_CRYPTO_FAILED,
                     XMLSEC_ERRORS_NO_MESSAGE);
+        CryptDestroyKey(cryptKey);    
         return(-1);
     }
 
     /* cleanup */
-    if (ctx->cryptKey != 0) {
-        CryptDestroyKey(ctx->cryptKey);
-        ctx->cryptKey = 0;
-    }
-
-    return(0);
+    CryptDestroyKey(cryptKey);    
+    return(dwCLen);
 }
 
 static int
@@ -482,6 +479,7 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
                                 xmlSecByte * out, xmlSecSize outSize,
                                 void * context) {
     xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+    HCRYPTKEY cryptKey = 0;
     DWORD dwCLen;
 
     xmlSecAssert2(in != NULL, -1);
@@ -490,18 +488,17 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
     xmlSecAssert2(outSize >= inSize, -1);
     xmlSecAssert2(ctx != NULL, -1);
     xmlSecAssert2(ctx->pubPrivKey != 0, -1);
-    xmlSecAssert2(ctx->cryptKey == 0, -1);
-    xmlSecAssert2(xmlSecBufferGetSize(&ctx->kwKeyBuffer) == ctx->keySize, -1);
+    xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
 
     /* Import this key and get an HCRYPTKEY handle, we do it again and again 
        to ensure we don't go into CBC mode */
     if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
         ctx->pubPrivKey,
         ctx->algorithmIdentifier,
-        xmlSecBufferGetData(&ctx->kwKeyBuffer),
-        xmlSecBufferGetSize(&ctx->kwKeyBuffer),
+        xmlSecBufferGetData(&ctx->keyBuffer),
+        xmlSecBufferGetSize(&ctx->keyBuffer),
         TRUE,
-        &(ctx->cryptKey)))  {
+        &cryptKey))  {
 
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
@@ -510,27 +507,27 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
                     XMLSEC_ERRORS_NO_MESSAGE);
         return(-1);
     }
+    xmlSecAssert2(cryptKey != 0, -1);
 
     /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
      * can be skipped. I hope this will work .... */
-    memcpy(out, in, inSize);
+    if(out != in) {
+        memcpy(out, in, inSize);
+    }
     dwCLen = inSize;
-    if(!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+    if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
                     "CryptEncrypt",
                     XMLSEC_ERRORS_R_CRYPTO_FAILED,
                     XMLSEC_ERRORS_NO_MESSAGE);
+        CryptDestroyKey(cryptKey);
         return(-1);
     }
 
     /* cleanup */
-    if (ctx->cryptKey != 0) {
-        CryptDestroyKey(ctx->cryptKey);
-        ctx->cryptKey = 0;
-    }
-
-    return(0);
+    CryptDestroyKey(cryptKey);
+    return(dwCLen);
 }
 
 /*********************************************************************
diff --git a/src/mscrypto/kw_des.c b/src/mscrypto/kw_des.c
new file mode 100644
index 0000000..1a9c288
--- /dev/null
+++ b/src/mscrypto/kw_des.c
@@ -0,0 +1,733 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey aleksey com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+
+#include "../kw_aes_des.h"
+#include "private.h"
+
+#if defined(__MINGW32__)
+#  include "xmlsec-mingw.h"
+#endif
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int       xmlSecMSCryptoKWDes3GenerateRandom               (void * context,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+static int       xmlSecMSCryptoKWDes3Sha1                         (void * context,
+                                                                 const xmlSecByte * in, 
+                                                                 xmlSecSize inSize, 
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+static int      xmlSecMSCryptoKWDes3BlockEncrypt                  (void * context,
+                                                                 const xmlSecByte * iv, 
+                                                                 xmlSecSize ivSize,
+                                                                 const xmlSecByte * in, 
+                                                                 xmlSecSize inSize,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+static int      xmlSecMSCryptoKWDes3BlockDecrypt                  (void * context,
+                                                                 const xmlSecByte * iv, 
+                                                                 xmlSecSize ivSize,
+                                                                 const xmlSecByte * in, 
+                                                                 xmlSecSize inSize,
+                                                                 xmlSecByte * out, 
+                                                                 xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecMSCryptoKWDes3ImplKlass = {
+    /* callbacks */
+    xmlSecMSCryptoKWDes3GenerateRandom,       /* xmlSecKWDes3GenerateRandomMethod     generateRandom; */
+    xmlSecMSCryptoKWDes3Sha1,                 /* xmlSecKWDes3Sha1Method               sha1; */
+    xmlSecMSCryptoKWDes3BlockEncrypt,         /* xmlSecKWDes3BlockEncryptMethod       encrypt; */
+    xmlSecMSCryptoKWDes3BlockDecrypt,         /* xmlSecKWDes3BlockDecryptMethod       decrypt; */
+
+    /* for the future */
+    NULL,                                   /* void*                               reserved0; */
+    NULL,                                   /* void*                               reserved1; */
+}; 
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecMSCryptoKWDes3Ctx              xmlSecMSCryptoKWDes3Ctx,
+                                                  *xmlSecMSCryptoKWDes3CtxPtr;
+struct _xmlSecMSCryptoKWDes3Ctx {
+    ALG_ID                              desAlgorithmIdentifier;
+    const xmlSecMSCryptoProviderInfo  * desProviders;
+    ALG_ID                              sha1AlgorithmIdentifier;
+    const xmlSecMSCryptoProviderInfo  * sha1Providers;
+    xmlSecKeyDataId                     keyId;
+    xmlSecSize                          keySize;
+
+    HCRYPTPROV                          desCryptProvider;
+    HCRYPTPROV                          sha1CryptProvider;
+    HCRYPTKEY                           pubPrivKey;
+    xmlSecBuffer                        keyBuffer;
+};
+#define xmlSecMSCryptoKWDes3Size     \
+    (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoKWDes3Ctx))
+#define xmlSecMSCryptoKWDes3GetCtx(transform) \
+    ((xmlSecMSCryptoKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int      xmlSecMSCryptoKWDes3Initialize                   (xmlSecTransformPtr transform);
+static void     xmlSecMSCryptoKWDes3Finalize                     (xmlSecTransformPtr transform);
+static int      xmlSecMSCryptoKWDes3SetKeyReq                    (xmlSecTransformPtr transform,
+                                                                 xmlSecKeyReqPtr keyReq);
+static int      xmlSecMSCryptoKWDes3SetKey                       (xmlSecTransformPtr transform,
+                                                                 xmlSecKeyPtr key);
+static int      xmlSecMSCryptoKWDes3Execute                      (xmlSecTransformPtr transform,
+                                                                 int last,
+                                                                 xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecMSCryptoKWDes3Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecMSCryptoKWDes3Size,                   /* xmlSecSize objSize */
+
+    xmlSecNameKWDes3,                           /* const xmlChar* name; */
+    xmlSecHrefKWDes3,                           /* const xmlChar* href; */
+    xmlSecTransformUsageEncryptionMethod,       /* xmlSecAlgorithmUsage usage; */
+
+    xmlSecMSCryptoKWDes3Initialize,             /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecMSCryptoKWDes3Finalize,               /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecMSCryptoKWDes3SetKeyReq,              /* xmlSecTransformSetKeyMethod setKeyReq; */
+    xmlSecMSCryptoKWDes3SetKey,                 /* xmlSecTransformSetKeyMethod setKey; */
+    NULL,                                       /* xmlSecTransformValidateMethod validate; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecMSCryptoKWDes3Execute,                /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWDes3GetKlass(void) {
+    return(&xmlSecMSCryptoKWDes3Klass);
+}
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
+    { MS_STRONG_PROV,               PROV_RSA_FULL },
+    { MS_ENHANCED_PROV,             PROV_RSA_FULL },
+    { NULL, 0 }
+};
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
+    { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV,                PROV_RSA_AES},
+    { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE,      PROV_RSA_AES },
+    { MS_STRONG_PROV,                                   PROV_RSA_FULL },
+    { MS_ENHANCED_PROV,                                 PROV_RSA_FULL },
+    { MS_DEF_PROV,                                      PROV_RSA_FULL },
+    { NULL, 0 }
+};
+
+
+static int
+xmlSecMSCryptoKWDes3Initialize(xmlSecTransformPtr transform) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx;
+    int ret;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+
+    ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+
+    if(transform->id == xmlSecMSCryptoTransformKWDes3Id) {
+        ctx->desAlgorithmIdentifier  = CALG_3DES;
+        ctx->desProviders            = xmlSecMSCryptoProviderInfo_Des;
+        ctx->sha1AlgorithmIdentifier = CALG_SHA1;
+        ctx->sha1Providers           = xmlSecMSCryptoProviderInfo_Sha1;
+        ctx->keyId                   = xmlSecMSCryptoKeyDataDesId;
+        ctx->keySize                 = XMLSEC_KW_DES3_KEY_LENGTH;
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+            NULL,
+            XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+            XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecBufferInitialize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    /* find providers */
+    ctx->desCryptProvider = xmlSecMSCryptoFindProvider(ctx->desProviders, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+    if(ctx->desCryptProvider == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecMSCryptoFindProvider(des)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+
+        return(-1);
+    }
+
+    ctx->sha1CryptProvider = xmlSecMSCryptoFindProvider(ctx->sha1Providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+    if(ctx->sha1CryptProvider == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecMSCryptoFindProvider(sha1)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+
+        return(-1);
+    }
+
+    /* Create dummy key to be able to import plain session keys */
+    if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->desCryptProvider, &(ctx->pubPrivKey))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecMSCryptoCreatePrivateExponentOneKey",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+
+        return(-1);
+    }
+
+    return(0);
+}
+
+static void
+xmlSecMSCryptoKWDes3Finalize(xmlSecTransformPtr transform) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+    xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id));
+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size));
+
+    ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+    xmlSecAssert(ctx != NULL);
+
+    if (ctx->pubPrivKey) {
+        CryptDestroyKey(ctx->pubPrivKey);
+    }
+    if (ctx->desCryptProvider) {
+        CryptReleaseContext(ctx->desCryptProvider, 0);
+    }
+    if (ctx->sha1CryptProvider) {
+        CryptReleaseContext(ctx->sha1CryptProvider, 0);
+    }
+    
+    xmlSecBufferFinalize(&ctx->keyBuffer);
+
+    memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKeyReq(xmlSecTransformPtr transform,  xmlSecKeyReqPtr keyReq) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+    xmlSecAssert2(keyReq != NULL, -1);
+
+    ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    keyReq->keyId       = xmlSecMSCryptoKeyDataDesId;
+    keyReq->keyType     = xmlSecKeyDataTypeSymmetric;
+    if(transform->operation == xmlSecTransformOperationEncrypt) {
+        keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+    } else {
+        keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+    }
+    keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+    return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx;
+    xmlSecBufferPtr buffer;
+    xmlSecSize keySize;
+    int ret;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+    xmlSecAssert2(key != NULL, -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDesId), -1);
+
+    ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+    xmlSecAssert2(buffer != NULL, -1);
+
+    keySize = xmlSecBufferGetSize(buffer);
+    if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+                    "key length %d is not enough (%d expected)",
+                    keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+        return(-1);
+    }
+
+    ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "xmlSecBufferSetData",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+        return(-1);
+    }
+
+    return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx;
+    xmlSecBufferPtr in, out;
+    xmlSecSize inSize, outSize, keySize;
+    int ret;
+
+    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+
+    ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+    xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+    in = &(transform->inBuf);
+    out = &(transform->outBuf);
+    inSize = xmlSecBufferGetSize(in);
+    outSize = xmlSecBufferGetSize(out);
+    xmlSecAssert2(outSize == 0, -1);
+
+    if(transform->status == xmlSecTransformStatusNone) {
+        transform->status = xmlSecTransformStatusWorking;
+    }
+
+    if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+        /* just do nothing */
+    } else  if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+        if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        NULL,
+                        XMLSEC_ERRORS_R_INVALID_SIZE,
+                        "%d bytes - not %d bytes aligned",
+                        inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+            return(-1);
+        }
+
+        if(transform->operation == xmlSecTransformOperationEncrypt) {
+            /* the encoded key might be 16 bytes longer plus one block just in case */
+            outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+                               XMLSEC_KW_DES3_BLOCK_LENGTH +
+                               XMLSEC_KW_DES3_BLOCK_LENGTH;
+        } else {
+            /* just in case, add a block */
+            outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+        }
+
+        ret = xmlSecBufferSetMaxSize(out, outSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferSetMaxSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", outSize);
+            return(-1);
+        }
+
+        if(transform->operation == xmlSecTransformOperationEncrypt) {
+            ret = xmlSecKWDes3Encode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+                                    xmlSecBufferGetData(in), inSize,
+                                    xmlSecBufferGetData(out), outSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecKWDes3Encode",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "key=%d,in=%d,out=%d",
+                            keySize, inSize, outSize);
+                return(-1);
+            }
+            outSize = ret;
+        } else {
+            ret = xmlSecKWDes3Decode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+                                    xmlSecBufferGetData(in), inSize,
+                                    xmlSecBufferGetData(out), outSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecKWDes3Decode",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "key=%d,in=%d,out=%d",
+                            keySize, inSize, outSize);
+                return(-1);
+            }
+            outSize = ret;
+        }
+
+        ret = xmlSecBufferSetSize(out, outSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferSetSize",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", outSize);
+            return(-1);
+        }
+
+        ret = xmlSecBufferRemoveHead(in, inSize);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                        "xmlSecBufferRemoveHead",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "size=%d", inSize);
+            return(-1);
+        }
+
+        transform->status = xmlSecTransformStatusFinished;
+    } else if(transform->status == xmlSecTransformStatusFinished) {
+        /* the only way we can get here is if there is no input */
+        xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_STATUS,
+                    "status=%d", transform->status);
+        return(-1);
+    }
+    return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecMSCryptoKWDes3Sha1(void * context,
+                       const xmlSecByte * in, xmlSecSize inSize, 
+                       xmlSecByte * out, xmlSecSize outSize) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+    HCRYPTHASH mscHash = 0;
+    DWORD retLen;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->sha1CryptProvider != 0, -1);
+    xmlSecAssert2(ctx->sha1AlgorithmIdentifier != 0, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize > 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize > 0, -1);
+
+    /* create */
+    ret = CryptCreateHash(ctx->sha1CryptProvider,
+        ctx->sha1AlgorithmIdentifier,
+        0,
+        0,
+        &mscHash);
+    if((ret == 0) || (mscHash == 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptCreateHash",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    /* hash */
+    ret = CryptHashData(mscHash,
+        in, 
+        inSize,
+        0);
+    if(ret == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptHashData",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "size=%d", inSize);
+        CryptDestroyHash(mscHash);
+        return(-1);
+    }
+
+    /* get results */
+    retLen = outSize;
+    ret = CryptGetHashParam(mscHash,
+        HP_HASHVAL,
+        out,
+        &retLen,
+        0);
+    if (ret == 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptGetHashParam(HP_HASHVAL)",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", outSize);
+        CryptDestroyHash(mscHash);
+        return(-1);
+    }
+
+    /* done */
+    CryptDestroyHash(mscHash);
+    return(retLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3GenerateRandom(void * context,
+                                   xmlSecByte * out, xmlSecSize outSize) 
+{
+    xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->desCryptProvider != 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize > 0, -1);
+
+    if(!CryptGenRandom(ctx->desCryptProvider, outSize, out)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptGenRandom",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "len=%d", outSize);
+        return(-1);
+    }
+
+    return((int)outSize);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockEncrypt(void * context,
+                               const xmlSecByte * iv, xmlSecSize ivSize,
+                               const xmlSecByte * in, xmlSecSize inSize,
+                               xmlSecByte * out, xmlSecSize outSize) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+    DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+    HCRYPTKEY cryptKey = 0;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+    xmlSecAssert2(iv != NULL, -1);
+    xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize >= 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize >= inSize, -1);
+
+    /* Import this key and get an HCRYPTKEY handle, we do it again and again 
+       to ensure we don't go into CBC mode */
+    if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+        ctx->pubPrivKey,
+        ctx->desAlgorithmIdentifier,
+        xmlSecBufferGetData(&ctx->keyBuffer),
+        xmlSecBufferGetSize(&ctx->keyBuffer),
+        TRUE,
+        &cryptKey))  {
+
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecMSCryptoImportPlainSessionBlob",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    xmlSecAssert2(cryptKey != 0, -1);
+
+    /* iv len == block len */
+    dwBlockLenLen = sizeof(DWORD);
+    if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptGetKeyParam",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        CryptDestroyKey(cryptKey);
+        return(-1);
+    }
+
+    /* set IV */
+    if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptSetKeyParam",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ivSize=%d, dwBlockLen=%d", 
+                    ivSize, dwBlockLen / 8);
+        CryptDestroyKey(cryptKey);
+        return(-1);
+    }
+
+    /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+     * can be skipped. I hope this will work .... */
+    if(out != in) {
+        memcpy(out, in, inSize);
+    }
+    dwCLen = inSize;
+    if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptEncrypt",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        CryptDestroyKey(cryptKey);
+        return(-1);
+    }
+
+    /* cleanup */
+    CryptDestroyKey(cryptKey);
+    return(dwCLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockDecrypt(void * context,
+                               const xmlSecByte * iv, xmlSecSize ivSize,
+                               const xmlSecByte * in, xmlSecSize inSize,
+                               xmlSecByte * out, xmlSecSize outSize) {
+    xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+    DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+    HCRYPTKEY cryptKey = 0;
+    int ret;
+
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+    xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+    xmlSecAssert2(iv != NULL, -1);
+    xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+    xmlSecAssert2(in != NULL, -1);
+    xmlSecAssert2(inSize >= 0, -1);
+    xmlSecAssert2(out != NULL, -1);
+    xmlSecAssert2(outSize >= inSize, -1);
+
+    /* Import this key and get an HCRYPTKEY handle, we do it again and again 
+       to ensure we don't go into CBC mode */
+    if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+        ctx->pubPrivKey,
+        ctx->desAlgorithmIdentifier,
+        xmlSecBufferGetData(&ctx->keyBuffer),
+        xmlSecBufferGetSize(&ctx->keyBuffer),
+        TRUE,
+        &cryptKey))  {
+
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecMSCryptoImportPlainSessionBlob",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    xmlSecAssert2(cryptKey != 0, -1);
+
+    /* iv len == block len */
+    dwBlockLenLen = sizeof(DWORD);
+    if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptGetKeyParam",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        CryptDestroyKey(cryptKey);
+        return(-1);
+    }
+
+    /* set IV */
+    if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptSetKeyParam",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    "ivSize=%d, dwBlockLen=%d", 
+                    ivSize, dwBlockLen / 8);
+        CryptDestroyKey(cryptKey);
+        return(-1);
+    }
+
+    /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+     * can be skipped. I hope this will work .... */
+    if(out != in) {
+        memcpy(out, in, inSize);
+    }
+    dwCLen = inSize;
+    if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "CryptEncrypt",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        CryptDestroyKey(cryptKey);
+        return(-1);
+    }
+
+    /* cleanup */
+    CryptDestroyKey(cryptKey);
+    return(dwCLen);
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
index 1208ae8..b1d8869 100644
--- a/win32/Makefile.msvc
+++ b/win32/Makefile.msvc
@@ -269,6 +269,7 @@ XMLSEC_MSCRYPTO_OBJS = \
 	$(XMLSEC_MSCRYPTO_INTDIR)\symkeys.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\kt_rsa.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\kw_aes.obj \
+	$(XMLSEC_MSCRYPTO_INTDIR)\kw_des.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\strings.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\signatures.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\certkeys.obj \
@@ -284,6 +285,7 @@ XMLSEC_MSCRYPTO_OBJS_A = \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\symkeys.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\kt_rsa.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\kw_aes.obj \
+	$(XMLSEC_MSCRYPTO_INTDIR_A)\kw_des.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\strings.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\signatures.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\certkeys.obj \
diff --git a/win32/mycfg.bat b/win32/mycfg.bat
index b1ec8ad..9af468e 100644
--- a/win32/mycfg.bat
+++ b/win32/mycfg.bat
@@ -11,7 +11,7 @@ REM
 SET PREFIX=C:\cygwin\home\local
 SET XMLSEC_INCLUDE=%PREFIX%\include;%PREFIX%\include\mozilla;%PREFIX%\include\mozilla\nspr;%PREFIX%\include\mozilla\nss;%MSSDK_INCLUDE%
 SET XMLSEC_LIB=%PREFIX%\lib;%MSSDK_LIB%
-SET XMLSEC_OPTIONS=static=no iconv=no debug=yes xslt=yes crypto=openssl unicode=yes
+SET XMLSEC_OPTIONS=static=no iconv=no debug=yes xslt=yes crypto=mscrypto,openssl unicode=yes
 
 del /F Makefile configure.txt
 cscript configure.js prefix=%PREFIX% %XMLSEC_OPTIONS% include=%XMLSEC_INCLUDE% lib=%XMLSEC_LIB% 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]