blautenb 2004/02/16 03:30:02
Modified: c/src basicTests.pl configure configure.ac
c/src/enc XSECCryptoException.cpp XSECCryptoException.hpp
XSECCryptoProvider.hpp
c/src/enc/OpenSSL OpenSSLCryptoKeyRSA.cpp
OpenSSLCryptoProvider.cpp OpenSSLCryptoProvider.hpp
OpenSSLCryptoSymmetricKey.cpp
c/src/framework XSECConfig.hpp.in
c/src/tools/xtest xtest.cpp
Log:
Compile against OpenSSL 0.9.6x
Revision Changes Path
1.7 +38 -34 xml-security/c/src/basicTests.pl
Index: basicTests.pl
===================================================================
RCS file: /home/cvs/xml-security/c/src/basicTests.pl,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- basicTests.pl 15 Feb 2004 06:21:23 -0000 1.6
+++ basicTests.pl 16 Feb 2004 11:30:01 -0000 1.7
@@ -117,6 +117,7 @@
# What components do we have available?
my $have_pothole = 1;
my $have_xalan = 1;
+my $have_aes = 1;
# What kind of test results should we expect?
# Without xalan, 13 tests will fail
@@ -202,28 +203,29 @@
my $xenc_file = 1;
my $xenc_args = 2;
my $xenc_flag_xalan = 3;
+my $xenc_flag_aes = 4;
my @xenc_array=(
#bad-encrypt-content-aes128-cbc-kw-aes192.xml
#decryption-transform-except.xml
#decryption-transform.xml
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml,-i
-de,n",
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml,-i
-de,n",
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml,-i
-de,n",
-
-"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml,-i,n",
-"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml,-i,n",
-"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml,-i,n",
-"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml,-i,n",
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml,-i
-de,n",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml,-i
-de,n,y",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml,-i
-de,n,y",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml,-i
-de,n,n",
+
+"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml,-i,n,y",
+"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml,-i,n,y",
+"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml,-i,n,y",
+"top secret
message,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml,-i,n,n",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml,-i
-de,n,y",
# CipherRef now supported
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml,-i
-de,y",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml,-i
-de,y,y",
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml,-i
-de,n",
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml,-i
-de,n",
-"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml,-i
-de,n",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml,-i
-de,n,y",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml,-i
-de,n,y",
+"<Number>1234 567890
12345</Number>,ie/baltimore/merlin-examples/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml,-i
-de,n,y",
# Unsupported Key-wraps
#encrypt-content-aes192-cbc-dh-sha512.xml
@@ -253,36 +255,36 @@
# PHAOS interop tests. Commented out tests are currently
# not supported
# bad-alg-enc-element-aes128-kw-3des.xml
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-3des-kw-aes192.xml,-i -de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes128-kw-3des.xml,-i -de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml,-i
-de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml,-i
-de,n",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-3des-kw-aes192.xml,-i
-de,n,y",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes128-kw-3des.xml,-i
-de,n,y",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml,-i
-de,n,y",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml,-i
-de,n,y",
# enc-element-3des-ka-dh.xml
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml,-i -de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml,-i
-de,n",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml,-i
-de,n,n",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml,-i
-de,n,n",
# enc-element-3des-kt-rsa_oaep_sha256.xml
# enc-element-3des-kt-rsa_oaep_sha512.xml
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kw-3des.xml,-i -de,n",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-3des-kw-3des.xml,-i -de,n,n",
# enc-element-aes128-ka-dh.xml
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml,-i
-de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml,-i
-de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml,-i
-de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml,-i
-de,n",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml,-i
-de,n,y",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml,-i
-de,n,y",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml,-i
-de,n,y",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml,-i
-de,n,y",
# enc-element-aes192-ka-dh.xml
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml,-i
-de,n",
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml,-i
-de,n",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml,-i
-de,n,y",
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml,-i
-de,n,y",
# enc-element-aes256-ka-dh.xml
-"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml,-i
-de,n",
-"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-3des-kw-aes256.xml,-i,n",
-"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml,-i,n",
-"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml,-i,n",
-"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml,-i,n"
+"<Number>4019 2445 0277
5567</Number>,com/phaos/phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml,-i
-de,n,y",
+"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-3des-kw-aes256.xml,-i,n,y",
+"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml,-i,n,y",
+"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml,-i,n,y",
+"4019 2445 0277
5567,com/phaos/phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml,-i,n,y"
);
sub print_args {
- print STDERR "\nUsage: basicTests.pl [--noxalan] [--nopothole]\n\n";
+ print STDERR "\nUsage: basicTests.pl [--noxalan] [--nopothole]
[--noaes]\n\n";
exit(1);
}
@@ -294,6 +296,7 @@
SWITCH: {
if (/^--noxalan$/ || /^-x$/) {$have_xalan = 0; last SWITCH;}
if (/^--nopothole$/ || /^-p$/) {$have_pothole = 0; last SWITCH;}
+ if (/^--noaes$/ || /^-a$/) {$have_aes = 0; last SWITCH;}
if (/^--nosig$/) {$dosig = 0; last SWITCH;}
if (/^--noenc$/) {$doenc = 0; last SWITCH;}
print STDERR "Unknown command : " . $_ . "\n\n";
@@ -318,7 +321,7 @@
my $args = $fields[$dsig_args];
my $xalan_flag = $fields[$dsig_flag_xalan];
my $pothole_flag = $fields[$dsig_flag_pothole];
-
+
if ((($xalan_flag eq "n") | $have_xalan) & (($pothole_flag eq 'n') ||
$have_pothole)) {
my $result = `$checksig $checksig_args $args $data_dir/$file_name`;
@@ -369,8 +372,9 @@
my $file_name = $fields[$xenc_file];
my $args = $fields[$xenc_args];
my $xalan_flag = $fields[$xenc_flag_xalan];
+ my $aes_flag = $fields[$xenc_flag_aes];
- if (($xalan_flag eq "n") | $have_xalan) {
+ if ((($xalan_flag eq "n") | $have_xalan) & (($aes_flag eq "n") |
$have_aes)) {
my $result = `$cipher $args $data_dir/$file_name`;
1.22 +185 -2 xml-security/c/src/configure
Index: configure
===================================================================
RCS file: /home/cvs/xml-security/c/src/configure,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- configure 8 Sep 2003 11:30:42 -0000 1.21
+++ configure 16 Feb 2004 11:30:01 -0000 1.22
@@ -4082,8 +4082,8 @@
openssllib_found=yes
else
LIBS=$OLD_LIBS
- { { echo "$as_me:$LINENO: error: \"Unable to find libcrypto in
OPENSSL\"" >&5
-echo "$as_me: error: \"Unable to find libcrypto in OPENSSL\"" >&2;}
+ { { echo "$as_me:$LINENO: error: \"Unable to find libcrypto\"" >&5
+echo "$as_me: error: \"Unable to find libcrypto\"" >&2;}
{ (exit 1); exit 1; }; }
fi
@@ -4138,6 +4138,189 @@
rm -f conftest.err conftest.$ac_ext;
fi
+
+# Now try to find out some things about this version of OpenSSL
+
+ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS
conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+echo "$as_me:$LINENO: checking for const input buffers in OpenSSL" >&5
+echo $ECHO_N "checking for const input buffers in OpenSSL... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+#include <openssl/rsa.h>
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+ const unsigned char * buf;
+ unsigned char * outbuf;
+ RSA rsa;
+
+ RSA_private_decrypt(1,
+ buf,
+ outbuf,
+ &rsa,
+ RSA_PKCS1_PADDING);
+
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ cat >>confdefs.h <<\_ACEOF
+#define XSEC_OPENSSL_CONST_BUFFERS 1
+_ACEOF
+
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+
+echo "$as_me:$LINENO: checking whether EVP_aes_128_cbc is declared" >&5
+echo $ECHO_N "checking whether EVP_aes_128_cbc is declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_EVP_aes_128_cbc+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+#include <openssl/evp.h>
+
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+#ifndef EVP_aes_128_cbc
+ char *p = (char *) EVP_aes_128_cbc;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_have_decl_EVP_aes_128_cbc=yes
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+ac_cv_have_decl_EVP_aes_128_cbc=no
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_have_decl_EVP_aes_128_cbc" >&5
+echo "${ECHO_T}$ac_cv_have_decl_EVP_aes_128_cbc" >&6
+if test $ac_cv_have_decl_EVP_aes_128_cbc = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define XSEC_OPENSSL_HAVE_AES 1
+_ACEOF
+
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+
+echo "$as_me:$LINENO: checking whether EVP_CIPHER_CTX_set_padding(NULL,0) is
declared" >&5
+echo $ECHO_N "checking whether EVP_CIPHER_CTX_set_padding(NULL,0) is
declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_EVP_CIPHER_CTX_set_padding_NULL_0_+set}" = set;
then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+#include <openssl/evp.h>
+
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+#ifndef EVP_CIPHER_CTX_set_padding(NULL,0)
+ char *p = (char *) EVP_CIPHER_CTX_set_padding(NULL,0);
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_have_decl_EVP_CIPHER_CTX_set_padding_NULL_0_=yes
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+ac_cv_have_decl_EVP_CIPHER_CTX_set_padding_NULL_0_=no
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result:
$ac_cv_have_decl_EVP_CIPHER_CTX_set_padding_NULL_0_" >&5
+echo "${ECHO_T}$ac_cv_have_decl_EVP_CIPHER_CTX_set_padding_NULL_0_" >&6
+if test $ac_cv_have_decl_EVP_CIPHER_CTX_set_padding_NULL_0_ = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define XSEC_OPENSSL_CANSET_PADDING 1
+_ACEOF
+
+fi
+
+
# Build the object file lists necessary to link the library
# At the same time, build the include list
1.22 +31 -1 xml-security/c/src/configure.ac
Index: configure.ac
===================================================================
RCS file: /home/cvs/xml-security/c/src/configure.ac,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- configure.ac 8 Sep 2003 11:30:42 -0000 1.21
+++ configure.ac 16 Feb 2004 11:30:01 -0000 1.22
@@ -456,7 +456,7 @@
[EVP_DecryptInit],
openssllib_found=yes,
[LIBS=$OLD_LIBS]
- [AC_MSG_ERROR(["Unable to find libcrypto in OPENSSL"])])
+ [AC_MSG_ERROR(["Unable to find libcrypto"])])
fi
@@ -474,6 +474,36 @@
[AC_MSG_ERROR([OpenSSL header files not found. Please define OPENSSL])]);
fi
+
+# Now try to find out some things about this version of OpenSSL
+
+AC_LANG(C++)
+
+AC_MSG_CHECKING([for const input buffers in OpenSSL])
+AC_TRY_COMPILE([#include <openssl/rsa.h>],
+ [ const unsigned char * buf;
+ unsigned char * outbuf;
+ RSA rsa;
+
+ RSA_private_decrypt(1,
+ buf,
+ outbuf,
+ &rsa,
+ RSA_PKCS1_PADDING);
+
+ ],
+ [AC_MSG_RESULT([yes])]
+ [AC_DEFINE(XSEC_OPENSSL_CONST_BUFFERS)],
+ [AC_MSG_RESULT([no])])
+
+AC_CHECK_DECL(EVP_aes_128_cbc,
+ [AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
+ ,[#include <openssl/evp.h>])
+
+AC_CHECK_DECL(EVP_CIPHER_CTX_set_padding(NULL,0),
+ [AC_DEFINE(XSEC_OPENSSL_CANSET_PADDING)],
+ ,[#include <openssl/evp.h>])
+
# Build the object file lists necessary to link the library
# At the same time, build the include list
1.8 +3 -2 xml-security/c/src/enc/XSECCryptoException.cpp
Index: XSECCryptoException.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoException.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- XSECCryptoException.cpp 8 Feb 2004 10:23:57 -0000 1.7
+++ XSECCryptoException.cpp 16 Feb 2004 11:30:02 -0000 1.8
@@ -40,7 +40,8 @@
"X509 Error",
"DSA Error",
"RSA Error",
- "Symmetric Error"
+ "Symmetric Error",
+ "Unsupported Algorithm"
};
1.10 +3 -2 xml-security/c/src/enc/XSECCryptoException.hpp
Index: XSECCryptoException.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoException.hpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- XSECCryptoException.hpp 8 Feb 2004 10:23:57 -0000 1.9
+++ XSECCryptoException.hpp 16 Feb 2004 11:30:02 -0000 1.10
@@ -87,7 +87,8 @@
RSAError = 7,
// RSA Error
SymmetricError = 8,
UnsupportedError = 9, //
Called function is not supported
- UnknownError = 10 // Must
be last!
+ UnsupportedAlgorithm = 10,
+ UnknownError = 11 // Must
be last!
};
1.14 +10 -1 xml-security/c/src/enc/XSECCryptoProvider.hpp
Index: XSECCryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoProvider.hpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- XSECCryptoProvider.hpp 8 Feb 2004 10:23:57 -0000 1.13
+++ XSECCryptoProvider.hpp 16 Feb 2004 11:30:02 -0000 1.14
@@ -259,6 +259,15 @@
virtual XSECCryptoX509 * X509() = 0;
/**
+ * \brief Determine whether a given algorithm is supported
+ *
+ * A call that can be used to determine whether a given
+ * symmetric algorithm is supported
+ */
+
+ virtual bool
algorithmSupported(XSECCryptoSymmetricKey::SymmetricKeyType alg) = 0;
+
+ /**
* \brief Return a Symmetric Key implementation object.
*
* Call used by the library to obtain a bulk encryption
1.12 +20 -4 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
Index: OpenSSLCryptoKeyRSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- OpenSSLCryptoKeyRSA.cpp 8 Feb 2004 10:22:50 -0000 1.11
+++ OpenSSLCryptoKeyRSA.cpp 16 Feb 2004 11:30:02 -0000 1.12
@@ -379,7 +379,11 @@
case XSECCryptoKeyRSA::PAD_PKCS_1_5 :
decryptSize = RSA_private_decrypt(inLength,
+#if defined(XSEC_OPENSSL_CONST_BUFFERS)
inBuf,
+#else
+ (unsigned char *) inBuf,
+#endif
plainBuf,
mp_rsaKey,
RSA_PKCS1_PADDING);
@@ -402,7 +406,11 @@
ArrayJanitor<unsigned char> j_tBuf(tBuf);
decryptSize = RSA_private_decrypt(inLength,
- inBuf,
+#if defined(XSEC_OPENSSL_CONST_BUFFERS)
+ inBuf,
+#else
+ (unsigned char *) inBuf,
+#endif
tBuf,
mp_rsaKey,
RSA_NO_PADDING);
@@ -473,7 +481,11 @@
case XSECCryptoKeyRSA::PAD_PKCS_1_5 :
encryptSize = RSA_public_encrypt(inLength,
- inBuf,
+#if defined(XSEC_OPENSSL_CONST_BUFFERS)
+ inBuf,
+#else
+ (unsigned char *) inBuf,
+#endif
cipherBuf,
mp_rsaKey,
RSA_PKCS1_PADDING);
@@ -504,7 +516,11 @@
encryptSize = RSA_padding_add_PKCS1_OAEP(tBuf,
num,
-
inBuf,
+#if defined(XSEC_OPENSSL_CONST_BUFFERS)
+ inBuf,
+#else
+
(unsigned char *) inBuf,
+#endif
inLength,
mp_oaepParams,
m_oaepParamsLen);
1.13 +28 -1 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp
Index: OpenSSLCryptoProvider.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.cpp,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- OpenSSLCryptoProvider.cpp 8 Feb 2004 10:22:50 -0000 1.12
+++ OpenSSLCryptoProvider.cpp 16 Feb 2004 11:30:02 -0000 1.13
@@ -150,6 +150,33 @@
}
+bool
OpenSSLCryptoProvider::algorithmSupported(XSECCryptoSymmetricKey::SymmetricKeyType
alg) {
+
+ switch (alg) {
+
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_192) :
+ case (XSECCryptoSymmetricKey::KEY_AES_256) :
+
+#if !defined (XSEC_OPENSSL_HAVE_AES)
+ return false;
+#endif
+ case (XSECCryptoSymmetricKey::KEY_3DES_192) :
+
+ return true;
+
+ default:
+
+ return false;
+
+ }
+
+ return false;
+
+}
+
+
+
XSECCryptoSymmetricKey *
OpenSSLCryptoProvider::keySymmetric(XSECCryptoSymmetricKey::SymmetricKeyType
alg) {
OpenSSLCryptoSymmetricKey * ret;
1.11 +10 -1 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp
Index: OpenSSLCryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoProvider.hpp,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- OpenSSLCryptoProvider.hpp 8 Feb 2004 10:22:50 -0000 1.10
+++ OpenSSLCryptoProvider.hpp 16 Feb 2004 11:30:02 -0000 1.11
@@ -175,6 +175,15 @@
virtual XSECCryptoX509 * X509();
/**
+ * \brief Determine whether a given algorithm is supported
+ *
+ * A call that can be used to determine whether a given
+ * symmetric algorithm is supported
+ */
+
+ virtual bool
algorithmSupported(XSECCryptoSymmetricKey::SymmetricKeyType alg);
+
+ /**
* \brief Return a Symmetric Key implementation object.
*
* Call used by the library to obtain a bulk encryption
1.11 +151 -14
xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
Index: OpenSSLCryptoSymmetricKey.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- OpenSSLCryptoSymmetricKey.cpp 8 Feb 2004 10:22:50 -0000 1.10
+++ OpenSSLCryptoSymmetricKey.cpp 16 Feb 2004 11:30:02 -0000 1.11
@@ -31,6 +31,10 @@
#include <xsec/framework/XSECError.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
+#include <xercesc/util/Janitor.hpp>
+#include <iostream>
+XERCES_CPP_NAMESPACE_USE;
+
#if defined (HAVE_OPENSSL)
#include <string.h>
@@ -135,11 +139,22 @@
}
- EVP_DecryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL,
m_keyBuf.rawBuffer(), iv);
+ /* Do not use "_ex" calls yet - as want backwards
compatibility
+ with 0.9.6 */
+
+#if defined(XSEC_OPENSSL_CONST_BUFFERS)
+ EVP_DecryptInit(&m_ctx,
EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
+#else
+ EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned
char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
+#endif
m_ivSize = 8;
}
else {
- EVP_DecryptInit_ex(&m_ctx, EVP_des_ede3_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+#if defined(XSEC_OPENSSL_CONST_BUFFERS)
+ EVP_DecryptInit(&m_ctx, EVP_des_ede3(),
m_keyBuf.rawBuffer(), NULL);
+#else
+ EVP_DecryptInit(&m_ctx, EVP_des_ede3(), (unsigned char
*) m_keyBuf.rawBuffer(), NULL);
+#endif
m_ivSize = 0;
}
@@ -147,6 +162,8 @@
m_blockSize = 8;
break;
+#if defined (XSEC_OPENSSL_HAVE_AES)
+
case (XSECCryptoSymmetricKey::KEY_AES_128) :
// An AES key
@@ -220,6 +237,16 @@
m_blockSize = 16;
break;
+#else
+
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_192) :
+ case (XSECCryptoSymmetricKey::KEY_AES_256) :
+
+ throw
XSECCryptoException(XSECCryptoException::UnsupportedAlgorithm,
+ "OpenSSL:SymmetricKey - AES not supported in this
version of OpenSSL");
+
+#endif /* XSEC_OPENSSL_HAVE_AES */
default :
@@ -237,7 +264,10 @@
m_bytesInLastBlock = 0;
// Disable OpenSSL padding - The interop samples have broken PKCS
padding - AARGHH
+
+#if defined (XSEC_OPENSSL_CANSET_PADDING)
EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
+#endif
// Return number of bytes chewed up by IV
return m_ivSize;
@@ -282,8 +312,11 @@
"OpenSSLSymmetricKey::decrypt - Not enough space in
output buffer");
}
+#if defined (XSEC_OPENSSL_CONST_BUFFERS)
if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl,
&inBuf[offset], inLength - offset) == 0) {
-
+#else
+ if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl,
(unsigned char *) &inBuf[offset], inLength - offset) == 0) {
+#endif
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error during OpenSSL decrypt");
@@ -315,13 +348,15 @@
int outl = maxOutLength;
m_initialised = false;
- if (EVP_DecryptFinal_ex(&m_ctx, plainBuf, &outl) == 0) {
+#if defined (XSEC_OPENSSL_CANSET_PADDING)
+
+ if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error during OpenSSL decrypt
finalisation");
}
-
+
if (outl > 0) {
// Should never see any bytes output, as we are not padding
@@ -354,6 +389,70 @@
return outl;
+#else
+
+ /* Working with a version of OpenSSL that *always* performs padding
+ so we need to work around it */
+ unsigned char *scrPlainBuf;
+ unsigned char *cipherBuf;
+ scrPlainBuf = new unsigned char[2 * m_blockSize];
+ ArrayJanitor<unsigned char> j_scrPlainBuf(scrPlainBuf);
+ cipherBuf = new unsigned char[m_blockSize];
+ ArrayJanitor<unsigned char> j_cipherBuf(cipherBuf);
+
+ /* Zeroise the cipher buffer */
+ memset(cipherBuf, 0, m_blockSize);
+
+ unsigned int offset = 0;
+
+ /* Get any previous bytes from the m_lastBlock */
+ if (m_bytesInLastBlock > 0 & m_bytesInLastBlock <= m_blockSize) {
+ memcpy(scrPlainBuf, m_lastBlock, m_bytesInLastBlock);
+ offset = m_bytesInLastBlock;
+ }
+
+ outl = m_blockSize;
+
+ /* This is really ugly - but we have to trick OpenSSL into thinking
there
+ is more, so that it sends us the lasts block with the padding in it.
+ We can then clean that up ourselves
+ */
+
+ if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf,
m_blockSize) == 0) {
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error cecrypting final block
during OpenSSL");
+ }
+
+ outl += offset;
+
+ if (m_doPad && offset > 0) {
+
+ /* Strip any padding */
+ outl -= scrPlainBuf[outl - 1];
+
+ if (outl > (2 * m_blockSize) || outl < 0) {
+
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey::decryptFinish - Out of
range padding value in final block");
+
+ }
+
+ }
+
+ if (outl > (int) maxOutLength) {
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSLSymmetricKey::decryptFinish - **WARNING** -
Plaintext output > maxOutLength!");
+ }
+
+ if (outl > 0) {
+
+ memcpy(plainBuf, scrPlainBuf, outl);
+
+ }
+
+ return outl;
+#endif
+
}
//
--------------------------------------------------------------------------------
@@ -383,7 +482,7 @@
// Set up the context according to the required cipher type
- const unsigned char * usedIV;
+ const unsigned char * usedIV = NULL;
unsigned char genIV[256];
// Tell the library that the IV still has to be sent
@@ -412,18 +511,26 @@
else
usedIV = iv;
- EVP_EncryptInit_ex(&m_ctx, EVP_des_ede3_cbc(), NULL,
m_keyBuf.rawBuffer(), usedIV);
-
+#if defined (XSEC_OPENSSL_CONST_BUFFERS)
+ EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(),
m_keyBuf.rawBuffer(), usedIV);
+#else
+ EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned
char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
+#endif
}
else {
-
- EVP_EncryptInit_ex(&m_ctx, EVP_des_ede3_ecb(), NULL,
m_keyBuf.rawBuffer(), NULL);
+#if defined (XSEC_OPENSSL_CONST_BUFFERS)
+ EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(),
m_keyBuf.rawBuffer(), NULL);
+#else
+ EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char
*) m_keyBuf.rawBuffer(), NULL);
+#endif
}
m_blockSize = 8;
break;
+#if defined (XSEC_OPENSSL_HAVE_AES)
+
case (XSECCryptoSymmetricKey::KEY_AES_128) :
// An AES key
@@ -518,6 +625,17 @@
m_blockSize = 16;
break;
+#else
+
+ case (XSECCryptoSymmetricKey::KEY_AES_128) :
+ case (XSECCryptoSymmetricKey::KEY_AES_192) :
+ case (XSECCryptoSymmetricKey::KEY_AES_256) :
+
+ throw
XSECCryptoException(XSECCryptoException::UnsupportedAlgorithm,
+ "OpenSSL:SymmetricKey - AES not supported in this
version of OpenSSL");
+
+#endif /* XSEC_OPENSSL_HAVE_AES */
+
default :
throw XSECCryptoException(XSECCryptoException::SymmetricError,
@@ -534,6 +652,7 @@
else
m_ivSize = 0;
+#if defined (XSEC_OPENSSL_CANSET_PADDING)
// Setup padding
if (m_doPad) {
EVP_CIPHER_CTX_set_padding(&m_ctx, 1);
@@ -541,6 +660,7 @@
else {
EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
}
+#endif
return true;
@@ -578,8 +698,11 @@
"OpenSSL:SymmetricKey - Not enough space in output
buffer for encrypt");
}
-
+#if defined (XSEC_OPENSSL_CONST_BUFFERS)
if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf,
inLength) == 0) {
+#else
+ if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char
*) inBuf, inLength) == 0) {
+#endif
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSL:SymmetricKey - Error during OpenSSL encrypt");
@@ -596,10 +719,10 @@
int outl = maxOutLength;
m_initialised = false;
- if (EVP_EncryptFinal_ex(&m_ctx, cipherBuf, &outl) == 0) {
+ if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) {
throw XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSLSymmetricKey::encryptFinish - Error during
OpenSSL decrypt finalisation");
+ "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL
decrypt finalisation");
}
@@ -607,6 +730,20 @@
throw XSECCryptoException(XSECCryptoException::SymmetricError,
"OpenSSLSymmetricKey::encryptFinish - **WARNING** -
Cipheroutput > maxOutLength!");
}
+
+#if !defined (XSEC_OPENSSL_CANSET_PADDING)
+ if (!m_doPad) {
+
+ if (outl < m_blockSize) {
+ throw
XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSLSymmetricKey::encryptFinish - cannot remove
padding!");
+ }
+
+ outl -= m_blockSize;
+
+ }
+
+#endif
return outl;
1.8 +9 -0 xml-security/c/src/framework/XSECConfig.hpp.in
Index: XSECConfig.hpp.in
===================================================================
RCS file: /home/cvs/xml-security/c/src/framework/XSECConfig.hpp.in,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- XSECConfig.hpp.in 8 Feb 2004 10:50:22 -0000 1.7
+++ XSECConfig.hpp.in 16 Feb 2004 11:30:02 -0000 1.8
@@ -60,6 +60,15 @@
#undef HAVE_WINCAPI
/*
+ * Some settings for OpenSSL if we have it
+ *
+ */
+
+#undef XSEC_OPENSSL_CONST_BUFFERS
+#undef XSEC_OPENSSL_HAVE_AES
+#undef XSEC_OPENSSL_CANSET_PADDING
+
+/*
* Macros used to determine what header files exist on this
* system
*/
1.40 +86 -43 xml-security/c/src/tools/xtest/xtest.cpp
Index: xtest.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/xtest/xtest.cpp,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- xtest.cpp 8 Feb 2004 10:24:59 -0000 1.39
+++ xtest.cpp 16 Feb 2004 11:30:02 -0000 1.40
@@ -121,6 +121,7 @@
bool g_printDocs = false;
bool g_useWinCAPI = false;
+bool g_haveAES = true;
//
--------------------------------------------------------------------------------
// Known "Good" Values
@@ -1458,28 +1459,33 @@
}
#endif
+ XSECCryptoSymmetricKey * ks;
- cerr << "AES 128 key wrap... ";
+ if (g_haveAES) {
+ cerr << "AES 128 key wrap... ";
- XSECCryptoSymmetricKey * ks =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
- ks->setKey((unsigned char *) s_keyStr, 16);
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
+ ks->setKey((unsigned char *) s_keyStr, 16);
- unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES128);
+ unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES128);
- cerr << "AES 192 key wrap... ";
+ cerr << "AES 192 key wrap... ";
- ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
- ks->setKey((unsigned char *) s_keyStr, 24);
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
+ ks->setKey((unsigned char *) s_keyStr, 24);
- unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES192);
+ unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES192);
- cerr << "AES 256 key wrap... ";
+ cerr << "AES 256 key wrap... ";
- ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
- ks->setKey((unsigned char *) s_keyStr, 32);
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
+ ks->setKey((unsigned char *) s_keyStr, 32);
- unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES256);
+ unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES256);
+ }
+
+ else
+ cerr << "Skipped AES key wrap tests" << endl;
cerr << "Triple DES key wrap... ";
@@ -1489,29 +1495,35 @@
unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_3DES);
// Now do Element encrypts
- // 128 AES
- ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
- ks->setKey((unsigned char *) s_keyStr, 16);
- cerr << "Unit testing AES 128 bit CBC encryption" << endl;
- unitTestElementContentEncrypt(impl, ks->clone(),
ENCRYPT_AES128_CBC, false);
- unitTestElementContentEncrypt(impl, ks, ENCRYPT_AES128_CBC,
true);
-
- //192 AES
- ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
- ks->setKey((unsigned char *) s_keyStr, 24);
-
- cerr << "Unit testing AES 192 bit CBC encryption" << endl;
- unitTestElementContentEncrypt(impl, ks->clone(),
ENCRYPT_AES192_CBC, false);
- unitTestElementContentEncrypt(impl, ks, ENCRYPT_AES192_CBC,
true);
+ if (g_haveAES) {
+ // 128 AES
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
+ ks->setKey((unsigned char *) s_keyStr, 16);
+
+ cerr << "Unit testing AES 128 bit CBC encryption" <<
endl;
+ unitTestElementContentEncrypt(impl, ks->clone(),
ENCRYPT_AES128_CBC, false);
+ unitTestElementContentEncrypt(impl, ks,
ENCRYPT_AES128_CBC, true);
+
+ //192 AES
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
+ ks->setKey((unsigned char *) s_keyStr, 24);
+
+ cerr << "Unit testing AES 192 bit CBC encryption" <<
endl;
+ unitTestElementContentEncrypt(impl, ks->clone(),
ENCRYPT_AES192_CBC, false);
+ unitTestElementContentEncrypt(impl, ks,
ENCRYPT_AES192_CBC, true);
// 256 AES
- ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
- ks->setKey((unsigned char *) s_keyStr, 32);
+ ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
+ ks->setKey((unsigned char *) s_keyStr, 32);
+
+ cerr << "Unit testing AES 256 bit CBC encryption" <<
endl;
+ unitTestElementContentEncrypt(impl, ks->clone(),
ENCRYPT_AES256_CBC, false);
+ unitTestElementContentEncrypt(impl, ks,
ENCRYPT_AES256_CBC, true);
+ }
- cerr << "Unit testing AES 256 bit CBC encryption" << endl;
- unitTestElementContentEncrypt(impl, ks->clone(),
ENCRYPT_AES256_CBC, false);
- unitTestElementContentEncrypt(impl, ks, ENCRYPT_AES256_CBC,
true);
+ else
+ cerr << "Skipped AES Element tests" << endl;
// 192 3DES
ks =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
@@ -1521,8 +1533,13 @@
unitTestElementContentEncrypt(impl, ks->clone(),
ENCRYPT_3DES_CBC, false);
unitTestElementContentEncrypt(impl, ks, ENCRYPT_3DES_CBC, true);
- cerr << "Unit testing CipherReference creation and decryption"
<< endl;
- unitTestCipherReference(impl);
+ if (g_haveAES) {
+ cerr << "Unit testing CipherReference creation and
decryption" << endl;
+ unitTestCipherReference(impl);
+ }
+ else {
+ cerr << "Skipped Cipher Reference Test (uses AES)" <<
endl;
+ }
}
catch (XSECCryptoException &e)
@@ -1619,14 +1636,25 @@
cerr << "Encrypting symmetric key ... " << endl;
- XSECCryptoSymmetricKey * kek =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
- kek->setKey((unsigned char *) s_keyStr, 16);
+ XSECCryptoSymmetricKey * kek;
+ if (g_haveAES) {
+
+ kek =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
+ kek->setKey((unsigned char *) s_keyStr, 16);
+ }
+ else {
+ kek =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
+ kek->setKey((unsigned char *) s_keyStr, 24);
+
+ }
+
cipher->setKEK(kek);
XENCEncryptedKey * encryptedKey;
- encryptedKey = cipher->encryptKey(randomBuffer, 24,
ENCRYPT_KW_AES128);
-
+ if (g_haveAES)
+ encryptedKey = cipher->encryptKey(randomBuffer, 24,
ENCRYPT_KW_AES128);
+ else
+ encryptedKey = cipher->encryptKey(randomBuffer, 24,
ENCRYPT_KW_3DES);
cerr << "done!" << endl;
cerr << "Adding CarriedKeyName and Recipient to encryptedKey
... " << endl;
@@ -1644,9 +1672,20 @@
XENCCipher * cipher2 = prov.newCipher(doc);
- XSECCryptoSymmetricKey * k2 =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
- k2->setKey((unsigned char *) s_keyStr, 16);
+ XSECCryptoSymmetricKey * k2;
+
+ if (g_haveAES) {
+
+ k2 =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
+ k2->setKey((unsigned char *) s_keyStr, 16);
+ }
+
+ else {
+ k2 =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
+ k2->setKey((unsigned char *) s_keyStr, 24);
+
+ }
+
cipher2->setKEK(k2);
cerr << "Decrypting ... ";
@@ -1916,6 +1955,10 @@
{
// Set up for tests
+
+ g_haveAES =
XSECPlatformUtils::g_cryptoProvider->algorithmSupported(XSECCryptoSymmetricKey::KEY_AES_128);
+
+ // Setup for building documents
XMLCh tempStr[100];
XMLString::transcode("Core", tempStr, 99);
