Hi Juan
On Nov 9, 2007 2:21 PM, Juan Lang juan.lang@gmail.com wrote:
Hi Vijay,
you forgot aes.c in your patch - please remember to git add it, then commit it along with the rest of the changes.
From what you've sent, your patch looks pretty good so far. A few comments:
@@ -161,6 +162,10 @@ static const PROV_ENUMALGS_EX aProvEnumAlgsEx[4][RSAENH_MAX_ENUMALGS+1] = {CALG_RC2, 40, 40, 56,0, 4,"RC2", 24,"RSA Data Security's RC2"}, {CALG_RC4, 40, 40, 56,0, 4,"RC4", 24,"RSA Data Security's RC4"}, {CALG_DES, 56, 56, 56,0, 4,"DES", 31,"Data Encryption Standard (DES)"},
- {CALG_AES, 128,128, 128,0, 4,"AES",
35,"Advanced Encryption Standard (AES)"},
- {CALG_AES_128, 128,128, 128,0, 8,"AES-128",
39,"Advanced Encryption Standard (AES-128)"},
- {CALG_AES_192, 192,192, 192,0, 8,"AES-192",
39,"Advanced Encryption Standard (AES-192)"},
- {CALG_AES_256, 256,256, 256,0, 8,"AES-256",
39,"Advanced Encryption Standard (AES-256)"},
I'm not sure AES support should be included in every "personality" of rsaenh. Specifically, some cryptographic providers don't support it. Here's a blog that mentions how the MS_ENHANCED_PROV provider doesn't support it, but the MS_ENH_RSA_AES_PROV does: http://sys.cs.rice.edu/~sethn/wordpress/?p=19
I think I'll split the patch into 3 parts 1) basic AES implementation in rsaenh 2) Add AES provider info with registering MS_ENH_RSA_AES_PROV. I have to make aProvEnumAlgsEx[4][RSAENH_MAX_ENUMALGS+1] to aProvEnumAlgsEx[5][RSAENH_MAX_ENUMALGS+1] and add the new algorithms, can you help me what algo's should I add to the new one. Add the registering code for type24 provider. 3) Tests
- if (!result) {
/* rsaenh compiled without OpenSSL */ok(GetLastError()==NTE_BAD_ALGID, "%08x\n", GetLastError());return;- }
Our rsaenh hasn't built against OpenSSL in some time, so this test should be removed from existing tests. You don't need to do that if you don't want, but don't bother adding it to new tests.
- result = CryptEncrypt(hKey, (HCRYPTHASH)NULL, TRUE, 0, pbData, &dwLen, 16);
- ok(result, "%08x\n", GetLastError());
- result = CryptDecrypt(hKey, (HCRYPTHASH)NULL, TRUE, 0, pbData, &dwLen);
- ok(result, "%08x\n", GetLastError());
You should check that the encrypted output matches some expected value, and that the decrypted output matches the plaintext input.
Well, I have tested the decrypted output by putting printf's. I will make sure we have good tests for it. Will send new patch set soon.
Thanks very much for getting this started. --Juan