blautenb 2003/11/03 21:22:17
Modified: c/src/dsig DSIGConstants.cpp DSIGConstants.hpp
c/src/enc XSECCryptoBase64.hpp XSECCryptoException.hpp
XSECCryptoKeyRSA.hpp
c/src/enc/OpenSSL OpenSSLCryptoBase64.cpp
OpenSSLCryptoBase64.hpp OpenSSLCryptoKeyRSA.cpp
OpenSSLCryptoKeyRSA.hpp OpenSSLCryptoProvider.cpp
c/src/enc/WinCAPI WinCAPICryptoKeyRSA.cpp
WinCAPICryptoKeyRSA.hpp
c/src/enc/XSCrypt XSCryptCryptoBase64.cpp
XSCryptCryptoBase64.hpp
c/src/tools/cipher MerlinFiveInteropResolver.cpp cipher.cpp
c/src/tools/xtest xtest.cpp
c/src/xenc XENCEncryptionMethod.hpp
c/src/xenc/impl XENCAlgorithmHandlerDefault.cpp
XENCCipherImpl.cpp XENCEncryptedTypeImpl.cpp
XENCEncryptionMethodImpl.cpp
XENCEncryptionMethodImpl.hpp
Log:
Support for OAEP and OAEP with params
Revision Changes Path
1.17 +5 -2 xml-security/c/src/dsig/DSIGConstants.cpp
Index: DSIGConstants.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.cpp,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- DSIGConstants.cpp 2 Nov 2003 23:11:30 -0000 1.16
+++ DSIGConstants.cpp 4 Nov 2003 05:22:16 -0000 1.17
@@ -100,6 +100,7 @@
const XMLCh * DSIGConstants::s_unicodeStrURIHMAC_SHA1;
const XMLCh * DSIGConstants::s_unicodeStrURIXMLNS;
const XMLCh * DSIGConstants::s_unicodeStrURIMANIFEST;
+
const XMLCh * DSIGConstants::s_unicodeStrURI3DES_CBC;
const XMLCh * DSIGConstants::s_unicodeStrURIAES128_CBC;
const XMLCh * DSIGConstants::s_unicodeStrURIAES192_CBC;
@@ -109,6 +110,7 @@
const XMLCh * DSIGConstants::s_unicodeStrURIKW_AES256;
const XMLCh * DSIGConstants::s_unicodeStrURIKW_3DES;
const XMLCh * DSIGConstants::s_unicodeStrURIRSA_1_5;
+const XMLCh * DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1;
const XMLCh * DSIGConstants::s_unicodeStrURIXENC_ELEMENT;
const XMLCh * DSIGConstants::s_unicodeStrURIXENC_CONTENT;
@@ -160,6 +162,7 @@
s_unicodeStrURIKW_AES256 = XMLString::transcode(URI_ID_KW_AES256);
s_unicodeStrURIKW_3DES = XMLString::transcode(URI_ID_KW_3DES);
s_unicodeStrURIRSA_1_5 = XMLString::transcode(URI_ID_RSA_1_5);
+ s_unicodeStrURIRSA_OAEP_MGFP1 =
XMLString::transcode(URI_ID_RSA_OAEP_MGFP1);
s_unicodeStrURIXENC_ELEMENT = XMLString::transcode(URI_ID_XENC_ELEMENT);
s_unicodeStrURIXENC_CONTENT = XMLString::transcode(URI_ID_XENC_CONTENT);
@@ -209,7 +212,7 @@
delete[] (XMLCh *) s_unicodeStrURIKW_AES256;
delete[] (XMLCh *) s_unicodeStrURIKW_3DES;
delete[] (XMLCh *) s_unicodeStrURIRSA_1_5;
-
+ delete[] (XMLCh *) s_unicodeStrURIRSA_OAEP_MGFP1;
delete[] (XMLCh *) s_unicodeStrURIXENC_ELEMENT;
delete[] (XMLCh *) s_unicodeStrURIXENC_CONTENT;
1.19 +11 -3 xml-security/c/src/dsig/DSIGConstants.hpp
Index: DSIGConstants.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.hpp,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- DSIGConstants.hpp 2 Nov 2003 23:11:30 -0000 1.18
+++ DSIGConstants.hpp 4 Nov 2003 05:22:16 -0000 1.19
@@ -104,7 +104,8 @@
#define URI_ID_KW_3DES
"http://www.w3.org/2001/04/xmlenc#kw-tripledes";
// Key Transport algorithms
-#define URI_ID_RSA_1_5
"http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+#define URI_ID_RSA_1_5
"http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+#define URI_ID_RSA_OAEP_MGFP1
"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
// Transforms
@@ -205,7 +206,8 @@
ENCRYPT_KW_AES192 = 6, //
KeyWrap - AES192
ENCRYPT_KW_AES256 = 7, //
KeyWrap - AES256
ENCRYPT_KW_3DES = 8,
- ENCRYPT_RSA_15 = 9
// RSA with PKCS 1.5 padding
+ ENCRYPT_RSA_15 = 9, // RSA
with PKCS 1.5 padding
+ ENCRYPT_RSA_OAEP_MGFP1 = 10 // RSA with OAEP
};
@@ -369,6 +371,11 @@
uri = URI_ID_RSA_1_5;
break;
+ case (ENCRYPT_RSA_OAEP_MGFP1) :
+
+ uri = URI_ID_RSA_OAEP_MGFP1;
+ break;
+
default:
return false;
@@ -429,6 +436,7 @@
static const XMLCh * s_unicodeStrURIKW_AES256;
static const XMLCh * s_unicodeStrURIKW_3DES;
static const XMLCh * s_unicodeStrURIRSA_1_5;
+ static const XMLCh * s_unicodeStrURIRSA_OAEP_MGFP1;
static const XMLCh * s_unicodeStrURIXENC_ELEMENT;
static const XMLCh * s_unicodeStrURIXENC_CONTENT;
1.6 +3 -3 xml-security/c/src/enc/XSECCryptoBase64.hpp
Index: XSECCryptoBase64.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoBase64.hpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- XSECCryptoBase64.hpp 5 Jul 2003 10:30:32 -0000 1.5
+++ XSECCryptoBase64.hpp 4 Nov 2003 05:22:16 -0000 1.6
@@ -139,7 +139,7 @@
* @returns The number of bytes placed in the outData buffer.
*/
- virtual unsigned int decode(unsigned char * inData,
+ virtual unsigned int decode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength) = 0;
@@ -196,7 +196,7 @@
*/
- virtual unsigned int encode(unsigned char * inData,
+ virtual unsigned int encode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength) = 0;
1.8 +3 -2 xml-security/c/src/enc/XSECCryptoException.hpp
Index: XSECCryptoException.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoException.hpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- XSECCryptoException.hpp 31 Aug 2003 12:48:50 -0000 1.7
+++ XSECCryptoException.hpp 4 Nov 2003 05:22:16 -0000 1.8
@@ -129,7 +129,8 @@
DSAError = 6,
// DSA Error
RSAError = 7,
// RSA Error
SymmetricError = 8,
- UnknownError = 9
// Must be last!
+ UnsupportedError = 9, //
Called function is not supported
+ UnknownError = 10 // Must
be last!
};
1.7 +40 -13 xml-security/c/src/enc/XSECCryptoKeyRSA.hpp
Index: XSECCryptoKeyRSA.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoKeyRSA.hpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- XSECCryptoKeyRSA.hpp 19 Oct 2003 10:57:54 -0000 1.6
+++ XSECCryptoKeyRSA.hpp 4 Nov 2003 05:22:16 -0000 1.7
@@ -99,7 +99,7 @@
PAD_NONE = 0, /** No padding (Illegal
for all enc ops) */
PAD_PKCS_1_5 = 1, /** PKCS 1.5 padding */
- PAD_OAEP = 2 /** OAEP */
+ PAD_OAEP_MGFP1 = 2 /** OAEP using MGFP1 as
mask function */
};
@@ -138,6 +138,38 @@
//@{
/**
+ * \brief Set the OAEPparams string
+ *
+ * By default, the library expects crypto implementations to perform
+ * OAEP padding with no params. This call allows the library (or user)
+ * to set a params value prior to an encrypt/decrypt operation.
+ *
+ * @param params buffer containing the params data. Pass in NULL to
clear any
+ * old paramters.
+ * @param paramsLen number of bytes in buffer to use. Pass in 0 to
clear any
+ * old parameters.
+ */
+
+ virtual void setOAEPparams(unsigned char * params, unsigned int
paramsLen) = 0;
+
+ /**
+ * \brief Get OAEPparams Length
+ *
+ * @returns the number of bytes of the OAEPparams buffer (assuming it
has been set)
+ */
+
+ virtual unsigned int getOAEPparamsLen(void) = 0;
+
+ /**
+ * \brief Get the OAEPparams
+ *
+ * @returns a pointer to the (crypto object owned) buffer holding the
OAEPparams
+ * or NULL if no params are held
+ */
+
+ virtual const unsigned char * getOAEPparams(void) = 0;
+
+ /**
* \brief Verify a SHA1 PKCS1 encoded signature
*
* The library will call this function to validate an RSA signature
@@ -190,9 +222,8 @@
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hm Hash Method for OAEP encryption
- * @param OAEPParam OAEP Parameter String (NULL if none)
- * @param OEAPParamLen Length of OAEPParam string
+ * @param hm Hash Method for OAEP encryption (OAEPParams should be
+ * set using setOAEPparams()
*/
virtual unsigned int privateDecrypt(const unsigned char * inBuf,
@@ -200,9 +231,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen) = 0;
+ hashMethod hm)
= 0;
/**
* \brief Encrypt using a public key
@@ -216,8 +245,8 @@
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
* @param hm Hash Method for OAEP encryption
- * @param OAEPParam OAEP Parameter String (NULL if none)
- * @param OEAPParamLen Length of OAEPParam string
+ * @param hm Hash Method for OAEP encryption (OAEPParams should be
+ * set using setOAEPparams()
*/
virtual unsigned int publicEncrypt(const unsigned char * inBuf,
@@ -225,9 +254,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen) = 0;
+ hashMethod hm)
= 0;
/**
* \brief Obtain the length of an RSA key
1.5 +4 -4 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoBase64.cpp
Index: OpenSSLCryptoBase64.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoBase64.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- OpenSSLCryptoBase64.cpp 5 Jul 2003 10:30:33 -0000 1.4
+++ OpenSSLCryptoBase64.cpp 4 Nov 2003 05:22:16 -0000 1.5
@@ -88,7 +88,7 @@
}
-unsigned int OpenSSLCryptoBase64::decode(unsigned char * inData,
+unsigned int OpenSSLCryptoBase64::decode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength) {
@@ -106,7 +106,7 @@
rc = EVP_DecodeUpdate(&m_dctx,
outData,
&outLen,
- inData,
+ (unsigned char *) inData,
inLength);
if (rc < 0) {
@@ -149,7 +149,7 @@
}
-unsigned int OpenSSLCryptoBase64::encode(unsigned char * inData,
+unsigned int OpenSSLCryptoBase64::encode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength) {
@@ -166,7 +166,7 @@
EVP_EncodeUpdate(&m_ectx,
outData,
&outLen,
- inData,
+ (unsigned char *) inData,
inLength);
if (outLen > (int) outLength) {
1.6 +3 -3 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoBase64.hpp
Index: OpenSSLCryptoBase64.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoBase64.hpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- OpenSSLCryptoBase64.hpp 5 Jul 2003 10:30:33 -0000 1.5
+++ OpenSSLCryptoBase64.hpp 4 Nov 2003 05:22:16 -0000 1.6
@@ -140,7 +140,7 @@
* @returns The number of bytes placed in the outData buffer.
*/
- virtual unsigned int decode(unsigned char * inData,
+ virtual unsigned int decode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength);
@@ -190,7 +190,7 @@
* @returns The number of bytes placed in the outData buffer.
*/
- virtual unsigned int encode(unsigned char * inData,
+ virtual unsigned int encode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength);
1.10 +139 -9 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
Index: OpenSSLCryptoKeyRSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- OpenSSLCryptoKeyRSA.cpp 3 Nov 2003 06:55:45 -0000 1.9
+++ OpenSSLCryptoKeyRSA.cpp 4 Nov 2003 05:22:16 -0000 1.10
@@ -92,7 +92,9 @@
int sha1OIDLen = 15;
-OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA() {
+OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA() :
+mp_oaepParams(NULL),
+m_oaepParamsLen(0) {
// Create a new key to be loaded as we go
@@ -107,8 +109,39 @@
if (mp_rsaKey)
RSA_free(mp_rsaKey);
+ if (mp_oaepParams != NULL)
+ delete[] mp_oaepParams;
+
};
+void OpenSSLCryptoKeyRSA::setOAEPparams(unsigned char * params, unsigned int
paramsLen) {
+
+ if (mp_oaepParams != NULL) {
+ delete[] mp_oaepParams;
+ }
+
+ m_oaepParamsLen = paramsLen;
+ if (params != NULL) {
+ XSECnew(mp_oaepParams, unsigned char[paramsLen]);
+ memcpy(mp_oaepParams, params, paramsLen);
+ }
+ else
+ mp_oaepParams = NULL;
+
+}
+
+unsigned int OpenSSLCryptoKeyRSA::getOAEPparamsLen(void) {
+
+ return m_oaepParamsLen;
+
+}
+
+const unsigned char * OpenSSLCryptoKeyRSA::getOAEPparams(void) {
+
+ return mp_oaepParams;
+
+}
+
// Generic key functions
XSECCryptoKey::KeyType OpenSSLCryptoKeyRSA::getKeyType() {
@@ -154,6 +187,9 @@
// Create a new key to be loaded as we go
+ mp_oaepParams = NULL;
+ m_oaepParamsLen = 0;
+
mp_rsaKey = RSA_new();
if (k == NULL || k->type != EVP_PKEY_RSA)
@@ -370,9 +406,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen) {
+ hashMethod hm)
{
// Perform a decrypt
if (mp_rsaKey == NULL) {
@@ -402,6 +436,49 @@
break;
+ case XSECCryptoKeyRSA::PAD_OAEP_MGFP1 :
+ {
+
+ unsigned char * tBuf;
+ int num = RSA_size(mp_rsaKey);
+ XSECnew(tBuf, unsigned char[inLength]);
+ ArrayJanitor<unsigned char> j_tBuf(tBuf);
+
+ decryptSize = RSA_private_decrypt(inLength,
+ inBuf,
+ tBuf,
+ mp_rsaKey,
+ RSA_NO_PADDING);
+ if (decryptSize < 0) {
+
+ throw
XSECCryptoException(XSECCryptoException::RSAError,
+ "OpenSSL:RSA privateKeyDecrypt - Error
doing raw decrypt of RSA encrypted data");
+
+ }
+
+ // Clear out the "0"s at the front
+ int i;
+ for (i = 0; i < num && tBuf[i] == 0; ++i)
+ --decryptSize;
+
+ decryptSize = RSA_padding_check_PKCS1_OAEP(plainBuf,
+
maxOutLength,
+
&tBuf[i],
+
decryptSize,
+
num,
+
mp_oaepParams,
+
m_oaepParamsLen);
+
+ if (decryptSize < 0) {
+
+ throw
XSECCryptoException(XSECCryptoException::RSAError,
+ "OpenSSL:RSA privateKeyDecrypt - Error
removing OAEPadding");
+
+ }
+
+ }
+ break;
+
default :
throw XSECCryptoException(XSECCryptoException::RSAError,
@@ -423,9 +500,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen) {
+ hashMethod hm)
{
// Perform an encrypt
if (mp_rsaKey == NULL) {
@@ -449,12 +524,57 @@
if (encryptSize < 0) {
throw XSECCryptoException(XSECCryptoException::RSAError,
- "OpenSSL:RSA publicKeyDecrypt - Error
performing PKCS1_5 padded RSA encrypt");
+ "OpenSSL:RSA publicKeyEncrypt - Error
performing PKCS1_5 padded RSA encrypt");
}
break;
+ case XSECCryptoKeyRSA::PAD_OAEP_MGFP1 :
+ {
+
+ unsigned char * tBuf;
+ unsigned int num = RSA_size(mp_rsaKey);
+ if (maxOutLength < num) {
+ throw
XSECCryptoException(XSECCryptoException::RSAError,
+ "OpenSSL:RSA publicKeyEncrypt - Not
enough space in cipherBuf");
+ }
+
+ XSECnew(tBuf, unsigned char[num]);
+ ArrayJanitor<unsigned char> j_tBuf(tBuf);
+
+ // First add the padding
+
+ encryptSize = RSA_padding_add_PKCS1_OAEP(tBuf,
+
num,
+
inBuf,
+
inLength,
+
mp_oaepParams,
+
m_oaepParamsLen);
+
+ if (encryptSize <= 0) {
+
+ throw
XSECCryptoException(XSECCryptoException::RSAError,
+ "OpenSSL:RSA publicKeyEncrypt - Error
adding OAEPadding");
+
+ }
+
+ encryptSize = RSA_public_encrypt(num,
+ tBuf,
+ cipherBuf,
+ mp_rsaKey,
+ RSA_NO_PADDING);
+
+
+ if (encryptSize < 0) {
+
+ throw
XSECCryptoException(XSECCryptoException::RSAError,
+ "OpenSSL:RSA publicKeyEncrypt - Error
encrypting padded data");
+
+ }
+ }
+ break;
+
default :
throw XSECCryptoException(XSECCryptoException::RSAError,
@@ -492,6 +612,16 @@
ret->m_keyType = m_keyType;
ret->mp_rsaKey = RSA_new();
+
+ if (mp_oaepParams != NULL) {
+ XSECnew(ret->mp_oaepParams, unsigned char[m_oaepParamsLen]);
+ memcpy(ret->mp_oaepParams, mp_oaepParams, m_oaepParamsLen);
+ ret->m_oaepParamsLen = m_oaepParamsLen;
+ }
+ else {
+ ret->mp_oaepParams = NULL;
+ ret->m_oaepParamsLen = 0;
+ }
// Duplicate parameters
1.8 +45 -13 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp
Index: OpenSSLCryptoKeyRSA.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- OpenSSLCryptoKeyRSA.hpp 19 Oct 2003 10:57:54 -0000 1.7
+++ OpenSSLCryptoKeyRSA.hpp 4 Nov 2003 05:22:16 -0000 1.8
@@ -132,6 +132,38 @@
//@{
/**
+ * \brief Set the OAEPparams string
+ *
+ * By default, the library expects crypto implementations to perform
+ * OAEP padding with no params. This call allows the library (or user)
+ * to set a params value prior to an encrypt/decrypt operation.
+ *
+ * @param params buffer containing the params data. Pass in NULL to
clear any
+ * old paramters.
+ * @param paramsLen number of bytes in buffer to use. Pass in 0 to
clear any
+ * old parameters.
+ */
+
+ virtual void setOAEPparams(unsigned char * params, unsigned int
paramsLen);
+
+ /**
+ * \brief Get OAEPparams Length
+ *
+ * @returns the number of bytes of the OAEPparams buffer (assuming it
has been set)
+ */
+
+ virtual unsigned int getOAEPparamsLen(void);
+
+ /**
+ * \brief Get the OAEPparams
+ *
+ * @returns a pointer to the (crypto object owned) buffer holding the
OAEPparams
+ * or NULL if no params are held
+ */
+
+ virtual const unsigned char * getOAEPparams(void);
+
+ /**
* \brief Verify a SHA1 PKCS1 encoded signature
*
* The library will call this function to validate an RSA signature
@@ -181,9 +213,8 @@
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hm Hash Method for OAEP encryption
- * @param OAEPParam OAEP Parameter String (NULL if none)
- * @param OEAPParamLen Length of OAEPParam string
+ * @param hm Hash Method for OAEP encryption (OAEPParams should be
+ * set using setOAEPparams()
*/
virtual unsigned int privateDecrypt(const unsigned char * inBuf,
@@ -191,9 +222,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen);
+ hashMethod hm);
/**
@@ -207,9 +236,8 @@
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hm Hash Method for OAEP encryption
- * @param OAEPParam OAEP Parameter String (NULL if none)
- * @param OEAPParamLen Length of OAEPParam string
+ * @param hm Hash Method for OAEP encryption (OAEPParams should be
+ * set using setOAEPparams()
*/
virtual unsigned int publicEncrypt(const unsigned char * inBuf,
@@ -217,9 +245,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen);
+ hashMethod hm);
/**
* \brief Obtain the length of an RSA key
@@ -268,6 +294,10 @@
/**
* \brief Constructor to create the object around an existing OpenSSL
RSA
* key
+ *
+ * @param k The key to copy
+ * @note The object takes a copy of the original key, and will not
delete k on
+ * completion. This must be done by the caller.
*/
OpenSSLCryptoKeyRSA(EVP_PKEY *k);
@@ -278,6 +308,8 @@
XSECCryptoKey::KeyType m_keyType;
RSA *
mp_rsaKey;
+ unsigned char * mp_oaepParams;
+ unsigned int m_oaepParamsLen;
};
1.10 +12 -3 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp
Index: OpenSSLCryptoProvider.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- OpenSSLCryptoProvider.cpp 3 Nov 2003 06:55:45 -0000 1.9
+++ OpenSSLCryptoProvider.cpp 4 Nov 2003 05:22:16 -0000 1.10
@@ -85,16 +85,25 @@
#include <xsec/enc/XSECCryptoException.hpp>
#include <openssl/rand.h>
+#include <openssl/err.h>
OpenSSLCryptoProvider::OpenSSLCryptoProvider() {
OpenSSL_add_all_digests(); // Initialise Openssl
- SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ //SSLeay_add_all_algorithms();
}
-OpenSSLCryptoProvider::~OpenSSLCryptoProvider() {}
+OpenSSLCryptoProvider::~OpenSSLCryptoProvider() {
+
+ EVP_cleanup();
+ ERR_free_strings();
+
+}
+
const XMLCh * OpenSSLCryptoProvider::getProviderName() {
1.6 +73 -7 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp
Index: WinCAPICryptoKeyRSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- WinCAPICryptoKeyRSA.cpp 3 Nov 2003 06:55:45 -0000 1.5
+++ WinCAPICryptoKeyRSA.cpp 4 Nov 2003 05:22:17 -0000 1.6
@@ -78,6 +78,10 @@
XSEC_USING_XERCES(ArrayJanitor);
+#if !defined (CRYPT_OAEP)
+# define CRYPT_OAEP 0x00000040
+# define KP_OAEP_PARAMS 36
+#endif
WinCAPICryptoKeyRSA::WinCAPICryptoKeyRSA(HCRYPTPROV prov) {
@@ -173,6 +177,32 @@
}
//
--------------------------------------------------------------------------------
+// OAEP parameters handling
+//
--------------------------------------------------------------------------------
+
+
+void WinCAPICryptoKeyRSA::setOAEPparams(unsigned char * params, unsigned int
paramsLen) {
+
+ if (params != NULL && paramsLen != 0)
+ throw XSECCryptoException(XSECCryptoException::UnsupportedError,
+ "WinCAPI::setOAEPParams - OAEP parameters are not
supported by Windows Crypto API");
+
+}
+
+unsigned int WinCAPICryptoKeyRSA::getOAEPparamsLen(void) {
+
+ return 0;
+
+}
+
+const unsigned char * WinCAPICryptoKeyRSA::getOAEPparams(void) {
+
+ return NULL;
+
+}
+
+
+//
--------------------------------------------------------------------------------
// Load key from parameters
//
--------------------------------------------------------------------------------
@@ -509,9 +539,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen) {
+ hashMethod hm)
{
// Perform a decrypt
if (m_key == 0) {
@@ -541,6 +569,23 @@
break;
+ case XSECCryptoKeyRSA::PAD_OAEP_MGFP1 :
+
+ if (!CryptDecrypt(m_key,
+ 0,
+ TRUE,
+ CRYPT_OAEP,
+ plainBuf,
+ &decryptSize)) {
+
+ throw XSECCryptoException(XSECCryptoException::RSAError,
+ "WinCAPI:RSA privateKeyDecrypt - Error
Decrypting PKCS1_5 padded RSA encrypt");
+
+ }
+
+ break;
+
+
default :
throw XSECCryptoException(XSECCryptoException::RSAError,
@@ -562,9 +607,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen) {
+ hashMethod hm)
{
// Perform an encrypt
if (m_key == 0) {
@@ -596,6 +639,29 @@
throw XSECCryptoException(XSECCryptoException::RSAError,
"WinCAPI:RSA publicKeyEncrypt - Error
performing PKCS1_5 padded RSA encrypt");
+
+ }
+
+ break;
+
+ case XSECCryptoKeyRSA::PAD_OAEP_MGFP1 :
+
+ if (!CryptEncrypt(m_key,
+ 0, /* No
Hash */
+ TRUE, /* Is
Final */
+ CRYPT_OAEP,
+ cipherBuf,
+ &encryptSize,
+ maxOutLength)) {
+
+ throw XSECCryptoException(XSECCryptoException::RSAError,
+ "WinCAPI:RSA publicKeyEncrypt - Error
performing encrypt");
+ }
+
+ if (encryptSize <= 0) {
+
+ throw XSECCryptoException(XSECCryptoException::RSAError,
+ "WinCAPI:RSA publicKeyEncrypt - Error
performing OAEP RSA encrypt");
}
1.7 +47 -13 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp
Index: WinCAPICryptoKeyRSA.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- WinCAPICryptoKeyRSA.hpp 3 Nov 2003 06:55:45 -0000 1.6
+++ WinCAPICryptoKeyRSA.hpp 4 Nov 2003 05:22:17 -0000 1.7
@@ -175,6 +175,46 @@
//@{
/**
+ * \brief Set the OAEPparams string
+ *
+ * By default, the library expects crypto implementations to perform
+ * OAEP padding with no params. This call allows the library (or user)
+ * to set a params value prior to an encrypt/decrypt operation.
+ *
+ * @param params buffer containing the params data. Pass in NULL to
clear any
+ * old paramters.
+ * @param paramsLen number of bytes in buffer to use. Pass in 0 to
clear any
+ * old parameters.
+ * @note The Microsoft Crypto RSA_AES and RSA_FULL providers do not
support
+ * the ability to set OAEP parameters, so this will throw an
+ * XSECCryptoException::UnsupportedError, unless the passed in paramters
+ * are NULL and 0 (to clear).
+ */
+
+ virtual void setOAEPparams(unsigned char * params, unsigned int
paramsLen);
+
+ /**
+ * \brief Get OAEPparams Length
+ *
+ * @returns the number of bytes of the OAEPparams buffer (assuming it
has been set)
+ * @note The Microsoft Crypto RSA_AES and RSA_FULL providers do not
support
+ * the ability to set OAEP parameters, so this will always return 0
+ */
+
+ virtual unsigned int getOAEPparamsLen(void);
+
+ /**
+ * \brief Get the OAEPparams
+ *
+ * @returns a pointer to the (crypto object owned) buffer holding the
OAEPparams
+ * or NULL if no params are held
+ * @note The Microsoft Crypto RSA_AES and RSA_FULL providers do not
support
+ * the ability to set OAEP parameters, so this will always return NULL
+ */
+
+ virtual const unsigned char * getOAEPparams(void);
+
+ /**
* \brief Verify a SHA1 PKCS1 encoded signature
*
* The library will call this function to validate an RSA signature
@@ -224,9 +264,8 @@
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hm Hash Method for OAEP encryption
- * @param OAEPParam OAEP Parameter String (NULL if none)
- * @param OEAPParamLen Length of OAEPParam string
+ * @param hm Hash Method for OAEP encryption (OAEPParams should be
+ * set using setOAEPparams()
*/
virtual unsigned int privateDecrypt(const unsigned char * inBuf,
@@ -234,9 +273,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen);
+ hashMethod hm);
/**
* \brief Encrypt using a public key
@@ -249,9 +286,8 @@
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hm Hash Method for OAEP encryption
- * @param OAEPParam OAEP Parameter String (NULL if none)
- * @param OEAPParamLen Length of OAEPParam string
+ * @param hm Hash Method for OAEP encryption (OAEPParams should be
+ * set using setOAEPparams()
*/
virtual unsigned int publicEncrypt(const unsigned char * inBuf,
@@ -259,9 +295,7 @@
unsigned int
inLength,
unsigned int
maxOutLength,
PaddingType
padding,
- hashMethod hm,
- const unsigned
char * OEAPParam,
- unsigned int
OAPEParamLen);
+ hashMethod hm);
/**
* \brief Obtain the length of an RSA key
1.3 +4 -4 xml-security/c/src/enc/XSCrypt/XSCryptCryptoBase64.cpp
Index: XSCryptCryptoBase64.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSCrypt/XSCryptCryptoBase64.cpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- XSCryptCryptoBase64.cpp 5 Jul 2003 10:30:34 -0000 1.2
+++ XSCryptCryptoBase64.cpp 4 Nov 2003 05:22:17 -0000 1.3
@@ -118,7 +118,7 @@
}
-void XSCryptCryptoBase64::canonicaliseInput(unsigned char *inData,
+void XSCryptCryptoBase64::canonicaliseInput(const unsigned char *inData,
unsigned int inLength) {
// Canonicalise the input buffer into m_inputBuffer
@@ -159,7 +159,7 @@
}
-unsigned int XSCryptCryptoBase64::decode(unsigned char * inData,
+unsigned int XSCryptCryptoBase64::decode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength) {
@@ -335,7 +335,7 @@
}
-unsigned int XSCryptCryptoBase64::encode(unsigned char * inData,
+unsigned int XSCryptCryptoBase64::encode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength) {
1.4 +4 -4 xml-security/c/src/enc/XSCrypt/XSCryptCryptoBase64.hpp
Index: XSCryptCryptoBase64.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSCrypt/XSCryptCryptoBase64.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XSCryptCryptoBase64.hpp 5 Jul 2003 10:30:34 -0000 1.3
+++ XSCryptCryptoBase64.hpp 4 Nov 2003 05:22:17 -0000 1.4
@@ -122,7 +122,7 @@
* @returns The number of bytes placed in the outData buffer.
*/
- virtual unsigned int decode(unsigned char * inData,
+ virtual unsigned int decode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength);
@@ -166,7 +166,7 @@
* @returns The number of bytes placed in the outData buffer.
*/
- virtual unsigned int encode(unsigned char * inData,
+ virtual unsigned int encode(const unsigned char * inData,
unsigned int
inLength,
unsigned char *
outData,
unsigned int
outLength);
@@ -210,7 +210,7 @@
unsigned int m_charCount; // How many
characters in current line?
// Private functions
- void canonicaliseInput(unsigned char *inData, unsigned int inLength);
+ void canonicaliseInput(const unsigned char *inData, unsigned int
inLength);
};
1.8 +3 -1
xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.cpp
Index: MerlinFiveInteropResolver.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/tools/cipher/MerlinFiveInteropResolver.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- MerlinFiveInteropResolver.cpp 3 Nov 2003 06:55:45 -0000 1.7
+++ MerlinFiveInteropResolver.cpp 4 Nov 2003 05:22:17 -0000 1.8
@@ -326,6 +326,8 @@
EVP_PKEY * pk = EVP_PKCS82PKEY(p8inf);
OpenSSLCryptoKeyRSA * k = new
OpenSSLCryptoKeyRSA(pk);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ BIO_free_all(rsaFile);
return k;
//d2i_PKCS8PrivateKey_bio(rsaFile, NULL, NULL, NULL);
1.10 +9 -3 xml-security/c/src/tools/cipher/cipher.cpp
Index: cipher.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/cipher/cipher.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- cipher.cpp 28 Oct 2003 09:33:18 -0000 1.9
+++ cipher.cpp 4 Nov 2003 05:22:17 -0000 1.10
@@ -661,6 +661,7 @@
}
else {
XSECBinTXFMInputStream * bis =
cipher->decryptToBinInputStream(static_cast<DOMElement *>(n));
+ Janitor<XSECBinTXFMInputStream> j_bis(bis);
XMLByte buf[1024];
unsigned int read = bis->readBytes(buf, 1023);
@@ -668,7 +669,6 @@
formatTarget->writeChars(buf, read,
NULL);
read = bis->readBytes(buf, 1023);
}
- delete bis;
}
}
else {
@@ -728,6 +728,7 @@
DOMImplementation *impl =
DOMImplementationRegistry::getDOMImplementation(core);
DOMWriter *theSerializer =
((DOMImplementationLS*)impl)->createDOMWriter();
+ Janitor<DOMWriter> j_theSerializer(theSerializer);
theSerializer->setEncoding(MAKE_UNICODE_STRING("UTF-8"));
if
(theSerializer->canSetFeature(XMLUni::fgDOMWRTFormatPrettyPrint, false))
@@ -737,7 +738,6 @@
cout << endl;
- delete theSerializer;
}
}
@@ -747,12 +747,18 @@
<< msg << endl;
delete [] msg;
errorsOccured = true;
+ if (formatTarget != NULL)
+ delete formatTarget;
+ doc->release();
return 2;
}
catch (XSECCryptoException &e) {
cerr << "An error occured during encryption/decryption
operation\n Message: "
<< e.getMsg() << endl;
errorsOccured = true;
+ if (formatTarget != NULL)
+ delete formatTarget;
+ doc->release();
#if defined (HAVE_OPENSSL)
ERR_load_crypto_strings();
1.31 +21 -3 xml-security/c/src/tools/xtest/xtest.cpp
Index: xtest.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/xtest/xtest.cpp,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- xtest.cpp 3 Nov 2003 07:00:50 -0000 1.30
+++ xtest.cpp 4 Nov 2003 05:22:17 -0000 1.31
@@ -269,6 +269,8 @@
chForwardSlash, chLatin_p, chLatin_n, chLatin_g, chNull
};
+unsigned char s_tstOAEPparams[] = "12345678";
+
//
--------------------------------------------------------------------------------
// Some test keys
//
--------------------------------------------------------------------------------
@@ -932,11 +934,21 @@
OpenSSLCryptoKeyRSA * k = new OpenSSLCryptoKeyRSA(pk);
+ unitTestKeyEncrypt(impl, k, ENCRYPT_RSA_15);
+
+ cerr << "RSA OAEP key wrap... ";
+ k = new OpenSSLCryptoKeyRSA(pk);
+ unitTestKeyEncrypt(impl, k, ENCRYPT_RSA_OAEP_MGFP1);
+
+ cerr << "RSA OAEP key wrap + params... ";
+ k = new OpenSSLCryptoKeyRSA(pk);
+ k->setOAEPparams(s_tstOAEPparams, strlen((char *)
s_tstOAEPparams));
+
+ unitTestKeyEncrypt(impl, k, ENCRYPT_RSA_OAEP_MGFP1);
+
BIO_free(bioMem);
EVP_PKEY_free(pk);
- unitTestKeyEncrypt(impl, k, ENCRYPT_RSA_15);
-
#endif
#if defined (HAVE_OPENSSL) && defined (HAVE_WINCAPI)
@@ -948,8 +960,14 @@
// Use the internal key
WinCAPICryptoProvider *cp = dynamic_cast<WinCAPICryptoProvider
*>(XSECPlatformUtils::g_cryptoProvider);
HCRYPTPROV p = cp->getApacheKeyStore();
+
WinCAPICryptoKeyRSA * rsaKey = new WinCAPICryptoKeyRSA(p,
AT_KEYEXCHANGE, true);
unitTestKeyEncrypt(impl, rsaKey, ENCRYPT_RSA_15);
+
+ cerr << "RSA OAEP key wrap... ";
+ rsaKey = new WinCAPICryptoKeyRSA(p, AT_KEYEXCHANGE, true);
+ unitTestKeyEncrypt(impl, rsaKey, ENCRYPT_RSA_OAEP_MGFP1);
+
#endif
1.4 +50 -1 xml-security/c/src/xenc/XENCEncryptionMethod.hpp
Index: XENCEncryptionMethod.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/XENCEncryptionMethod.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XENCEncryptionMethod.hpp 17 Sep 2003 10:10:21 -0000 1.3
+++ XENCEncryptionMethod.hpp 4 Nov 2003 05:22:17 -0000 1.4
@@ -115,6 +115,28 @@
virtual const XMLCh * getAlgorithm(void) = 0;
/**
+ * \brief Get the digest method URI
+ *
+ * Return the Algorithm URI represtenting the Digest Method for those
+ * encryption algorithms that require it (such as RSA with OAEP padding)
+ *
+ * @returns the URI representing the digest method algorithm
+ */
+
+ virtual const XMLCh * getDigestMethod(void) = 0;
+
+ /**
+ * \brief Get the value of the OAEPparams string
+ *
+ * The OAEP RSA padding method allows a user to set an optional
+ * params string (that will be used as input to the Digest algorithm).
+ *
+ * @returns The string (base64 encoded value) representing the OAEP
params
+ */
+
+ virtual const XMLCh * getOAEPparams(void) = 0;
+
+ /**
* \brief Get the DOM Node of this structure
*
* @returns the DOM Node representing the <EncryptionMethod> element
@@ -124,6 +146,33 @@
//@}
+
+ /** @name Setter Methods */
+ //@{
+
+ /**
+ * \brief Set the value of the DigestMethod
+ *
+ * Sets the DigestMethod element's Algorithm attribute to the passed in
+ * value - should be a URI string
+ *
+ * @param method String to set in the Algorithm attribute. Will create
a
+ * \<DigestMethod\> element if one does not already exist
+ */
+
+ virtual void setDigestMethod(const XMLCh * method) = 0;
+
+ /**
+ * \brief Set the value of the OAEPparams string
+ *
+ * Sets the OAEPparams element's Text node child to the passed in
+ * value - should be a base64 encoded value
+ *
+ * @param params String to set in the OAEPparams text node. Will
create a
+ * \<OAEPparams\> element if one does not already exist
+ */
+
+ virtual void setOAEPparams(const XMLCh * params) = 0;
private:
1.8 +102 -11
xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp
Index: XENCAlgorithmHandlerDefault.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- XENCAlgorithmHandlerDefault.cpp 2 Nov 2003 23:11:30 -0000 1.7
+++ XENCAlgorithmHandlerDefault.cpp 4 Nov 2003 05:22:17 -0000 1.8
@@ -140,7 +140,8 @@
case XSECCryptoKey::KEY_RSA_PAIR :
case XSECCryptoKey::KEY_RSA_PRIVATE :
- keyOK = strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_1_5);
+ keyOK = strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_1_5) ||
+ strEquals(uri,
DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1);
break;
case XSECCryptoKey::KEY_SYMMETRIC :
@@ -613,17 +614,66 @@
bytesRead = b->readBytes(buf, 1024);
}
+ unsigned int decryptLen;
- // Do decrypt
- unsigned int decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
+ // Now we find out what kind of padding
+ if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIRSA_1_5)) {
+
+ // Do decrypt
+ decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
decBuf,
offset,
rsa->getLength(),
XSECCryptoKeyRSA::PAD_PKCS_1_5,
-
HASH_NONE,
-
NULL,
-
0);
+
HASH_NONE);
+ }
+ else if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1)) {
+ if (!strEquals(encryptionMethod->getDigestMethod(),
DSIGConstants::s_unicodeStrURISHA1)) {
+ throw XSECException(XSECException::CipherError,
+
"XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer - Currently only SHA-1
is supported for OAEP");
+ }
+
+ // Read out any OAEP params
+ unsigned char * oaepParamsBuf = NULL;
+ const XMLCh * oaepParams = encryptionMethod->getOAEPparams();
+ unsigned int sz = 0;
+ if (oaepParams != NULL) {
+
+ char * oaepParamsStr = XMLString::transcode(oaepParams);
+ ArrayJanitor<char> j_oaepParamsStr(oaepParamsStr);
+
+ unsigned int bufLen = strlen(oaepParamsStr);
+ oaepParamsBuf = new unsigned char[bufLen];
+ ArrayJanitor<unsigned char>
j_oaepParamsBuf(oaepParamsBuf);
+
+ XSECCryptoBase64 * b64 =
+ XSECPlatformUtils::g_cryptoProvider->base64();
+ Janitor<XSECCryptoBase64> j_b64(b64);
+
+ b64->decodeInit();
+ sz = b64->decode((unsigned char *) oaepParamsStr,
bufLen, oaepParamsBuf, bufLen);
+ sz += b64->decodeFinish(&oaepParamsBuf[sz], bufLen -
sz);
+
+ rsa->setOAEPparams(oaepParamsBuf, sz);
+
+ }
+ else
+ rsa->setOAEPparams(NULL, 0);
+
+ decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
+
decBuf,
+
offset,
+
rsa->getLength(),
+
XSECCryptoKeyRSA::PAD_OAEP_MGFP1,
+
HASH_SHA1);
+
+ }
+
+ else {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer
- Unknown padding type");
+ }
// Copy to output
result.sbMemcpyIn(decBuf, decryptLen);
@@ -767,16 +817,57 @@
bytesRead = b->readBytes(buf, 1024);
}
+ unsigned int encryptLen;
// Do decrypt
- unsigned int encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
+ if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIRSA_1_5)) {
+ encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
encBuf,
offset,
rsa->getLength(),
XSECCryptoKeyRSA::PAD_PKCS_1_5,
-
HASH_NONE,
-
NULL,
-
0);
+
HASH_NONE);
+ }
+
+ else if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1)) {
+
+
encryptionMethod->setDigestMethod(DSIGConstants::s_unicodeStrURISHA1);
+
+ // Check for OAEP params
+ int oaepParamsLen = rsa->getOAEPparamsLen();
+ if (oaepParamsLen > 0) {
+ unsigned char * oaepParamsB64;
+ XSECnew(oaepParamsB64, unsigned char[oaepParamsLen *
2]);
+ ArrayJanitor<unsigned char>
j_oaepParamsB64(oaepParamsB64);
+
+ XSECCryptoBase64 * b64 =
+ XSECPlatformUtils::g_cryptoProvider->base64();
+ Janitor<XSECCryptoBase64> j_b64(b64);
+
+ b64->encodeInit();
+ int sz = b64->encode(rsa->getOAEPparams(),
oaepParamsLen, oaepParamsB64, oaepParamsLen *2);
+ sz += b64->encodeFinish(&oaepParamsB64[sz],
(oaepParamsLen * 2) - sz);
+ oaepParamsB64[sz] = '\0';
+
+ XMLCh * xBuf = XMLString::transcode((char *)
oaepParamsB64);
+ ArrayJanitor<XMLCh> j_xBuf(xBuf);
+
+ encryptionMethod->setOAEPparams(xBuf);
+
+ }
+
+ encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
+
encBuf,
+
offset,
+
rsa->getLength(),
+
XSECCryptoKeyRSA::PAD_OAEP_MGFP1,
+
HASH_SHA1);
+
+ }
+ else {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer
- Unknown padding type");
+ }
// Now need to base64 encode
XSECCryptoBase64 * b64 =
1.13 +2 -1 xml-security/c/src/xenc/impl/XENCCipherImpl.cpp
Index: XENCCipherImpl.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherImpl.cpp,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- XENCCipherImpl.cpp 2 Nov 2003 23:11:30 -0000 1.12
+++ XENCCipherImpl.cpp 4 Nov 2003 05:22:17 -0000 1.13
@@ -193,6 +193,7 @@
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_AES256,
def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_3DES,
def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_1_5,
def);
+
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1,
def);
}
1.10 +2 -2 xml-security/c/src/xenc/impl/XENCEncryptedTypeImpl.cpp
Index: XENCEncryptedTypeImpl.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCEncryptedTypeImpl.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- XENCEncryptedTypeImpl.cpp 26 Oct 2003 11:33:13 -0000 1.9
+++ XENCEncryptedTypeImpl.cpp 4 Nov 2003 05:22:17 -0000 1.10
@@ -337,7 +337,7 @@
XSECnew(mp_encryptionMethod, XENCEncryptionMethodImpl(mp_env));
DOMNode * encryptionMethodNode =
-
mp_encryptionMethod->createBlankEncryptedType(algorithm);
+
mp_encryptionMethod->createBlankEncryptedMethod(algorithm);
ret->appendChild(encryptionMethodNode);
1.2 +203 -4 xml-security/c/src/xenc/impl/XENCEncryptionMethodImpl.cpp
Index: XENCEncryptionMethodImpl.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/xenc/impl/XENCEncryptionMethodImpl.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- XENCEncryptionMethodImpl.cpp 15 Sep 2003 11:52:35 -0000 1.1
+++ XENCEncryptionMethodImpl.cpp 4 Nov 2003 05:22:17 -0000 1.2
@@ -103,6 +103,38 @@
chNull,
};
+static XMLCh s_DigestMethod[] = {
+
+ chLatin_D,
+ chLatin_i,
+ chLatin_g,
+ chLatin_e,
+ chLatin_s,
+ chLatin_t,
+ chLatin_M,
+ chLatin_e,
+ chLatin_t,
+ chLatin_h,
+ chLatin_o,
+ chLatin_d,
+ chNull
+};
+
+static XMLCh s_OAEPparams [] = {
+
+ chLatin_O,
+ chLatin_A,
+ chLatin_E,
+ chLatin_P,
+ chLatin_p,
+ chLatin_a,
+ chLatin_r,
+ chLatin_a,
+ chLatin_m,
+ chLatin_s,
+ chNull
+};
+
//
--------------------------------------------------------------------------------
// Constructors and Destructors
//
--------------------------------------------------------------------------------
@@ -110,7 +142,9 @@
XENCEncryptionMethodImpl::XENCEncryptionMethodImpl(const XSECEnv * env) :
mp_env(env),
mp_encryptionMethodNode(NULL),
-mp_algorithm(NULL) {
+mp_algorithm(NULL),
+mp_digestAlgorithmAttributeNode(NULL),
+mp_oaepParamsTextNode(NULL) {
}
@@ -119,7 +153,9 @@
DOMNode * node) :
mp_env(env),
mp_encryptionMethodNode(node),
-mp_algorithm(NULL) {
+mp_algorithm(NULL),
+mp_digestAlgorithmAttributeNode(NULL),
+mp_oaepParamsTextNode(NULL) {
}
@@ -173,13 +209,48 @@
}
+ // Check for known children
+ DOMNode * c = findFirstChildOfType(mp_encryptionMethodNode,
DOMNode::ELEMENT_NODE);
+
+ while (c != NULL) {
+
+ if (strEquals(getDSIGLocalName(c), s_DigestMethod)) {
+
+ mp_digestAlgorithmAttributeNode = NULL;
+ tmpAtts = c->getAttributes();
+
+ if (tmpAtts != NULL)
+ mp_digestAlgorithmAttributeNode =
tmpAtts->getNamedItem(DSIGConstants::s_unicodeStrAlgorithm);
+
+ if (mp_digestAlgorithmAttributeNode == NULL) {
+ throw
XSECException(XSECException::EncryptionMethodError,
+ "XENCEncryptionMethod::load - Cannot
find Algorithm Attribute in DigestMethod element");
+ }
+ }
+
+ else if (strEquals(getXENCLocalName(c), s_OAEPparams)) {
+
+ mp_oaepParamsTextNode = NULL;
+ mp_oaepParamsTextNode = findFirstChildOfType(c,
DOMNode::TEXT_NODE);
+
+ if (mp_oaepParamsTextNode == NULL) {
+ throw
XSECException(XSECException::EncryptionMethodError,
+ "XENCEncryptionMethod::load - Cannot
find text value of OAEPparams node");
+ }
+
+ }
+
+ do {
+ c = c->getNextSibling();
+ } while (c != NULL && c->getNodeType() !=
DOMNode::ELEMENT_NODE);
+ }
}
//
--------------------------------------------------------------------------------
// Create from scratch
//
--------------------------------------------------------------------------------
-DOMElement * XENCEncryptionMethodImpl::createBlankEncryptedType(const XMLCh
* algorithm) {
+DOMElement * XENCEncryptionMethodImpl::createBlankEncryptedMethod(const
XMLCh * algorithm) {
// Reset
if (mp_algorithm != NULL) {
@@ -210,3 +281,131 @@
return ret;
}
+//
--------------------------------------------------------------------------------
+// Getter functions
+//
--------------------------------------------------------------------------------
+
+const XMLCh * XENCEncryptionMethodImpl::getDigestMethod(void) {
+
+ if (mp_digestAlgorithmAttributeNode != NULL)
+ return mp_digestAlgorithmAttributeNode->getNodeValue();
+
+ return NULL;
+
+}
+
+const XMLCh * XENCEncryptionMethodImpl::getOAEPparams(void) {
+
+ if (mp_oaepParamsTextNode != NULL) {
+ return mp_oaepParamsTextNode->getNodeValue();
+ }
+
+ return NULL;
+
+}
+
+//
--------------------------------------------------------------------------------
+// Setter functions
+//
--------------------------------------------------------------------------------
+
+void XENCEncryptionMethodImpl::setDigestMethod(const XMLCh * method) {
+
+ if (mp_digestAlgorithmAttributeNode == NULL) {
+
+ // Need to create
+ if (mp_oaepParamsTextNode == NULL) {
+ mp_env->doPrettyPrint(mp_encryptionMethodNode);
+ }
+
+ // Get some setup values
+ safeBuffer str;
+ DOMDocument *doc = mp_env->getParentDocument();
+ const XMLCh * prefix = mp_env->getDSIGNSPrefix();
+
+ makeQName(str, prefix, s_DigestMethod);
+
+ DOMElement *e =
doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
+ if (mp_oaepParamsTextNode != NULL) {
+ mp_encryptionMethodNode->insertBefore(e,
mp_oaepParamsTextNode->getParentNode());
+ if (mp_env->getPrettyPrintFlag())
+
mp_encryptionMethodNode->insertBefore(doc->createTextNode(DSIGConstants::s_unicodeStrNL),
mp_oaepParamsTextNode->getParentNode());
+ }
+ else {
+ mp_encryptionMethodNode->appendChild(e);
+ mp_env->doPrettyPrint(mp_encryptionMethodNode);
+ }
+
+ e->setAttributeNS(DSIGConstants::s_unicodeStrURIDSIG,
+
DSIGConstants::s_unicodeStrAlgorithm,
+ method);
+
+ // Set namespace
+ if (prefix[0] == XERCES_CPP_NAMESPACE::chNull) {
+ str.sbTranscodeIn("xmlns");
+ }
+ else {
+ str.sbTranscodeIn("xmlns:");
+ str.sbXMLChCat(prefix);
+ }
+
+ e->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS,
+
str.rawXMLChBuffer(),
+
DSIGConstants::s_unicodeStrURIXENC);
+
+ // Now retrieve for later use
+ DOMNamedNodeMap * tmpAtts = e->getAttributes();
+
+ if (tmpAtts != NULL) {
+
+ mp_digestAlgorithmAttributeNode =
tmpAtts->getNamedItem(DSIGConstants::s_unicodeStrAlgorithm);
+
+ }
+
+ if (mp_digestAlgorithmAttributeNode == NULL) {
+
+ throw
XSECException(XSECException::EncryptionMethodError,
+ "XENCEncryptionMethod::setDigestMethod - Error
creating Algorithm Attribute");
+ }
+ }
+
+ else {
+
+ mp_digestAlgorithmAttributeNode->setNodeValue(method);
+
+ }
+
+}
+
+void XENCEncryptionMethodImpl::setOAEPparams(const XMLCh * params) {
+
+ if (mp_oaepParamsTextNode == NULL) {
+
+ // Need to create
+ if (mp_digestAlgorithmAttributeNode == NULL) {
+ mp_env->doPrettyPrint(mp_encryptionMethodNode);
+ }
+
+ // Get some setup values
+ safeBuffer str;
+ DOMDocument *doc = mp_env->getParentDocument();
+ const XMLCh * prefix = mp_env->getXENCNSPrefix();
+
+ makeQName(str, prefix, s_OAEPparams);
+
+ DOMElement *e =
doc->createElementNS(DSIGConstants::s_unicodeStrURIXENC, str.rawXMLChBuffer());
+ mp_encryptionMethodNode->appendChild(e);
+ mp_env->doPrettyPrint(mp_encryptionMethodNode);
+
+ mp_oaepParamsTextNode = doc->createTextNode(params);
+ e->appendChild(mp_oaepParamsTextNode);
+
+ }
+
+ else {
+
+ mp_oaepParamsTextNode->setNodeValue(params);
+
+ }
+
+}
+
1.3 +12 -3 xml-security/c/src/xenc/impl/XENCEncryptionMethodImpl.hpp
Index: XENCEncryptionMethodImpl.hpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/xenc/impl/XENCEncryptionMethodImpl.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- XENCEncryptionMethodImpl.hpp 17 Sep 2003 10:10:22 -0000 1.2
+++ XENCEncryptionMethodImpl.hpp 4 Nov 2003 05:22:17 -0000 1.3
@@ -93,13 +93,19 @@
void load();
// Create from scratch
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * createBlankEncryptedType(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * createBlankEncryptedMethod(
const XMLCh * algorithm);
// Interface
const XMLCh * getAlgorithm(void) {return mp_algorithm;}
virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * getDOMNode(void)
{return mp_encryptionMethodNode;}
+ virtual const XMLCh * getDigestMethod(void);
+ virtual const XMLCh * getOAEPparams(void);
+ virtual void setDigestMethod(const XMLCh * method);
+ virtual void setOAEPparams(const XMLCh * params);
+
+
private:
@@ -112,7 +118,10 @@
XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
*
mp_encryptionMethodNode; // Node at head of structure
XMLCh * mp_algorithm;
-
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
+ *
mp_digestAlgorithmAttributeNode;
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
+ *
mp_oaepParamsTextNode;
};
#endif /* XENCENCRYPTIONMETHODIMPL_INCLUDE */
