blautenb 2003/10/19 05:50:35
Modified: c/src/enc XSECCryptoSymmetricKey.hpp
c/src/xenc/impl XENCAlgorithmHandlerDefault.cpp
XENCAlgorithmHandlerDefault.hpp XENCCipherImpl.hpp
Log:
Cleaned up algorithm handling code
Revision Changes Path
1.6 +2 -1 xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp
Index: XSECCryptoSymmetricKey.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoSymmetricKey.hpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- XSECCryptoSymmetricKey.hpp 19 Oct 2003 10:57:54 -0000 1.5
+++ XSECCryptoSymmetricKey.hpp 19 Oct 2003 12:50:35 -0000 1.6
@@ -106,6 +106,7 @@
enum SymmetricKeyType {
+ KEY_NONE,
KEY_3DES_CBC_192, /** 192 bit (3-Key)
3DES */
KEY_AES_CBC_128, /** 128 bit AES in CBC
mode */
KEY_AES_CBC_192, /** 192 bit AES in CBC
mode */
1.5 +264 -274
xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp
Index: XENCAlgorithmHandlerDefault.cpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- XENCAlgorithmHandlerDefault.cpp 19 Oct 2003 10:58:59 -0000 1.4
+++ XENCAlgorithmHandlerDefault.cpp 19 Oct 2003 12:50:35 -0000 1.5
@@ -113,76 +113,83 @@
};
//
--------------------------------------------------------------------------------
-// Internal functions
+// Compare URI to key type
//
--------------------------------------------------------------------------------
-void XENCAlgorithmHandlerDefault::mapURIToKey(const XMLCh * uri,
XSECCryptoKey * key) {
+void XENCAlgorithmHandlerDefault::mapURIToKey(const XMLCh * uri,
+
XSECCryptoKey * key,
+
XSECCryptoKey::KeyType &kt,
+
XSECCryptoSymmetricKey::SymmetricKeyType &skt,
+
bool &isSymmetricKeyWrap) {
- if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
-
- // 3 Key 3DES in CBC mode.
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_3DES_CBC_192) {
-
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - 3DES Algorithm,
but not a 3DES key");
-
- }
-
- return;
+ if (key == NULL) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::mapURIToKey - trying to
process a NULL key");
}
- if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
+ XSECCryptoSymmetricKey * keySymmetric;
+ bool keyOK = false;
- // 3 Key 3DES in CBC mode.
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_CBC_128) {
+ kt = key->getKeyType();
+ skt = XSECCryptoSymmetricKey::KEY_NONE;
+ isSymmetricKeyWrap = false;
+
+ switch (kt) {
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - AES128
Algorithm, but not a AES128 key");
-
+ case XSECCryptoKey::KEY_RSA_PUBLIC :
+ case XSECCryptoKey::KEY_RSA_PAIR :
+ case XSECCryptoKey::KEY_RSA_PRIVATE :
+
+ keyOK = strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_1_5);
+ break;
+
+ case XSECCryptoKey::KEY_SYMMETRIC :
+
+ keySymmetric = dynamic_cast<XSECCryptoSymmetricKey *>(key);
+ if (keySymmetric != NULL) {
+ skt = keySymmetric->getSymmetricKeyType();
+
+ switch (skt) {
+
+ case XSECCryptoSymmetricKey::KEY_3DES_CBC_192 :
+ keyOK = strEquals(uri,
DSIGConstants::s_unicodeStrURI3DES_CBC);
+ break;
+ case XSECCryptoSymmetricKey::KEY_AES_ECB_128 :
+ case XSECCryptoSymmetricKey::KEY_AES_CBC_128 :
+ isSymmetricKeyWrap = strEquals(uri,
DSIGConstants::s_unicodeStrURIKW_AES128);
+ keyOK = isSymmetricKeyWrap || strEquals(uri,
DSIGConstants::s_unicodeStrURIAES128_CBC);
+ break;
+ case XSECCryptoSymmetricKey::KEY_AES_ECB_192 :
+ case XSECCryptoSymmetricKey::KEY_AES_CBC_192 :
+ isSymmetricKeyWrap = strEquals(uri,
DSIGConstants::s_unicodeStrURIKW_AES192);
+ keyOK = isSymmetricKeyWrap || strEquals(uri,
DSIGConstants::s_unicodeStrURIAES192_CBC);
+ break;
+ case XSECCryptoSymmetricKey::KEY_AES_ECB_256 :
+ case XSECCryptoSymmetricKey::KEY_AES_CBC_256 :
+ isSymmetricKeyWrap = strEquals(uri,
DSIGConstants::s_unicodeStrURIKW_AES256);
+ keyOK = isSymmetricKeyWrap || strEquals(uri,
DSIGConstants::s_unicodeStrURIAES256_CBC);
+ break;
+ default:
+ break;
+ }
}
+ break;
- return;
+ default:
+ break;
}
- if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
-
- // 3 Key 3DES in CBC mode.
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_CBC_192) {
-
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - AES192
Algorithm, but not a AES192 key");
-
- }
-
- return;
+ if (keyOK == false) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::mapURIToKey - key
inappropriate for URI");
}
- if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
-
- // 3 Key 3DES in CBC mode.
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_CBC_256) {
-
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - AES256
Algorithm, but not a AES256 key");
-
- }
-
- return;
- }
+}
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - URI not recognised for Symmetric
Key encryption check");
+//
--------------------------------------------------------------------------------
+// AES Key wrap/unwrap
+//
--------------------------------------------------------------------------------
-}
-
unsigned int XENCAlgorithmHandlerDefault::unwrapKeyAES(
TXFMChain * cipherText,
XSECCryptoKey * key,
@@ -352,6 +359,10 @@
return true;
}
+//
--------------------------------------------------------------------------------
+// DES CMS Key wrap/unwrap
+//
--------------------------------------------------------------------------------
+
#if 0
Keep for DES keywrap
@@ -420,7 +431,15 @@
// We only support this for bulk Symmetric key algorithms
- mapURIToKey(encryptionMethod->getAlgorithm(), key);
+ XSECCryptoKey::KeyType kt;
+ XSECCryptoSymmetricKey::SymmetricKeyType skt;
+ bool isKeyWrap = false;
+
+ mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap);
+ if (kt != XSECCryptoKey::KEY_SYMMETRIC || isKeyWrap == true) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::appendDecryptCipherTXFM -
only supports bulk symmetric algorithms");
+ }
// Add the decryption TXFM
@@ -434,126 +453,126 @@
//
--------------------------------------------------------------------------------
-// SafeBuffer decryption
+// RSA SafeBuffer decryption
//
--------------------------------------------------------------------------------
-unsigned int XENCAlgorithmHandlerDefault::decryptToSafeBuffer(
+unsigned int XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer(
TXFMChain * cipherText,
XENCEncryptionMethod * encryptionMethod,
XSECCryptoKey * key,
DOMDocument * doc,
- safeBuffer & result
- ) {
-
- bool isAESKeyWrap = false;
+ safeBuffer & result) {
- // Is this a keyWrap URI?
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIKW_AES128)) {
+ // Only works with RSA_PRIVATE or PAIR
+ if (key->getKeyType() == XSECCryptoKey::KEY_RSA_PUBLIC) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - RSA Decrypt must use
private key");
+ }
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_ECB_128) {
+ XSECCryptoKeyRSA * rsa = dynamic_cast<XSECCryptoKeyRSA *>(key);
+ if (rsa == NULL) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer
- Error casting to RSA key");
+ }
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - 128bit AES
Algorithm, but not a AES (ECB) 128 bit key");
-
- }
+ // Allocate an output buffer
+ unsigned char * decBuf;
+ XSECnew(decBuf, unsigned char[rsa->getLength()]);
+ ArrayJanitor<unsigned char> j_decBuf(decBuf);
- isAESKeyWrap = true;
+ // Input
+ TXFMBase * b = cipherText->getLastTxfm();
+ safeBuffer cipherSB;
+ XMLByte buf[1024];
+ unsigned int offset = 0;
+ int bytesRead = b->readBytes(buf, 1024);
+ while (bytesRead > 0) {
+ cipherSB.sbMemcpyIn(offset, buf, bytesRead);
+ offset += bytesRead;
+ bytesRead = b->readBytes(buf, 1024);
}
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIKW_AES192)) {
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_ECB_192) {
+ // Do decrypt
+ unsigned int decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
+
decBuf,
+
offset,
+
rsa->getLength(),
+
XSECCryptoKeyRSA::PAD_PKCS_1_5,
+
HASH_NONE,
+
NULL,
+
0);
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - 192bit AES
Algorithm, but not a AES (ECB) 192 bit key");
-
- }
+ // Copy to output
+ result.sbMemcpyIn(decBuf, decryptLen);
+
+ memset(decBuf, 0, decryptLen);
- isAESKeyWrap = true;
+ return decryptLen;
- }
-
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIKW_AES256)) {
+}
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
+//
--------------------------------------------------------------------------------
+// SafeBuffer decryption
+//
--------------------------------------------------------------------------------
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - 256bit AES
Algorithm, but not a AES (ECB) 256 bit key");
-
- }
+unsigned int XENCAlgorithmHandlerDefault::decryptToSafeBuffer(
+ TXFMChain * cipherText,
+ XENCEncryptionMethod * encryptionMethod,
+ XSECCryptoKey * key,
+ DOMDocument * doc,
+ safeBuffer & result
+ ) {
- isAESKeyWrap = true;
+ XSECCryptoKey::KeyType kt;
+ XSECCryptoSymmetricKey::SymmetricKeyType skt;
+ bool isKeyWrap = false;
+ if (encryptionMethod == NULL) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::decryptToSafeBuffer -
Cannot operate with NULL encryption Method");
}
- if (isAESKeyWrap == true) {
- return unwrapKeyAES(cipherText, key, result);
+ // Check the uri against the key type
+ mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap);
- }
+ // RSA?
+ if (kt == XSECCryptoKey::KEY_RSA_PAIR ||
+ kt == XSECCryptoKey::KEY_RSA_PUBLIC ||
+ kt == XSECCryptoKey::KEY_RSA_PRIVATE) {
- // Is this an RSA key?
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIRSA_1_5)) {
+ return doRSADecryptToSafeBuffer(cipherText, encryptionMethod,
key, doc, result);
- if (key->getKeyType() != XSECCryptoKey::KEY_RSA_PRIVATE &&
- key->getKeyType() != XSECCryptoKey::KEY_RSA_PAIR) {
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - RSA Decrypt URI
but not an RSA key");
- }
+ }
- XSECCryptoKeyRSA * rsa = dynamic_cast<XSECCryptoKeyRSA *>(key);
-
- // Allocate an output buffer
- unsigned char * decBuf;
- XSECnew(decBuf, unsigned char[rsa->getLength()]);
- ArrayJanitor<unsigned char> j_decBuf(decBuf);
+ // Ensure is symmetric before we continue
+ if (kt != XSECCryptoKey::KEY_SYMMETRIC) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - Not
an RSA key, but not symmetric");
+ }
- // Input
- TXFMBase * b = cipherText->getLastTxfm();
- safeBuffer cipherSB;
- XMLByte buf[1024];
- unsigned int offset = 0;
+ // Key wrap?
- int bytesRead = b->readBytes(buf, 1024);
- while (bytesRead > 0) {
- cipherSB.sbMemcpyIn(offset, buf, bytesRead);
- offset += bytesRead;
- bytesRead = b->readBytes(buf, 1024);
- }
+ if (isKeyWrap == true) {
+ if (skt == XSECCryptoSymmetricKey::KEY_AES_ECB_128 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_ECB_192 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
- // Do decrypt
- unsigned int decryptLen =
rsa->privateDecrypt(cipherSB.rawBuffer(),
-
decBuf,
-
offset,
-
rsa->getLength(),
-
XSECCryptoKeyRSA::PAD_PKCS_1_5,
-
HASH_NONE,
-
NULL,
-
0);
+ return unwrapKeyAES(cipherText, key, result);
- // Copy to output
- result.sbMemcpyIn(decBuf, decryptLen);
-
- memset(decBuf, 0, decryptLen);
+ }
- return decryptLen;
+ else {
+ throw XSECException(XSECException::CipherError,
+
"XENCAlgorithmHandlerDefault::decryptToSafeBuffer - don't know how to do key
wrap for algorithm");
+ }
}
- // The default case is to just do a standard, padded block decrypt.
- // So the only thing we have to do is ensure key type matches URI.
-
- mapURIToKey(encryptionMethod->getAlgorithm(), key);
-
- // Add the decryption TXFM
+ // It's symmetric and it's not a key wrap, so just treat as a block
algorithm
TXFMCipher * tcipher;
XSECnew(tcipher, TXFMCipher(doc, key, false));
@@ -581,10 +600,10 @@
}
//
--------------------------------------------------------------------------------
-// SafeBuffer encryption
+// RSA SafeBuffer encryption
//
--------------------------------------------------------------------------------
-bool XENCAlgorithmHandlerDefault::encryptToSafeBuffer(
+bool XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer(
TXFMChain * plainText,
XENCEncryptionMethod * encryptionMethod,
XSECCryptoKey * key,
@@ -592,127 +611,128 @@
safeBuffer & result
) {
+ // Only works with RSA_PRIVATE or PAIR
+ if (key->getKeyType() == XSECCryptoKey::KEY_RSA_PRIVATE) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - RSA Encrypt must use
public key");
+ }
- bool isAESKeyWrap = false;
+ XSECCryptoKeyRSA * rsa = dynamic_cast<XSECCryptoKeyRSA *>(key);
+ if (rsa == NULL) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer
- Error casting to RSA key");
+ }
+
+ // Allocate an output buffer
+ unsigned char * encBuf;
+ XSECnew(encBuf, unsigned char[rsa->getLength()]);
+ ArrayJanitor<unsigned char> j_encBuf(encBuf);
+
+ // Input
+ TXFMBase * b = plainText->getLastTxfm();
+ safeBuffer plainSB;
+ plainSB.isSensitive();
- // Is this a keyWrap URI?
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIKW_AES128)) {
+ XMLByte buf[1024];
+ unsigned int offset = 0;
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_ECB_128) {
+ int bytesRead = b->readBytes(buf, 1024);
+ while (bytesRead > 0) {
+ plainSB.sbMemcpyIn(offset, buf, bytesRead);
+ offset += bytesRead;
+ bytesRead = b->readBytes(buf, 1024);
+ }
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - 128bit AES
Algorithm, but not a AES (ECB) 128 bit key");
-
- }
- isAESKeyWrap = true;
+ // Do decrypt
+ unsigned int encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
+
encBuf,
+
offset,
+
rsa->getLength(),
+
XSECCryptoKeyRSA::PAD_PKCS_1_5,
+
HASH_NONE,
+
NULL,
+
0);
+
+ // Now need to base64 encode
+ XSECCryptoBase64 * b64 =
+ XSECPlatformUtils::g_cryptoProvider->base64();
+ Janitor<XSECCryptoBase64> j_b64(b64);
- }
+ b64->encodeInit();
+ encryptLen = b64->encode(encBuf, encryptLen, buf, 1024);
+ result.sbMemcpyIn(buf, encryptLen);
+ unsigned int finalLen = b64->encodeFinish(buf, 1024);
+ result.sbMemcpyIn(encryptLen, buf, finalLen);
+ result[encryptLen + finalLen] = '\0';
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIKW_AES192)) {
+ // This is a string, so set the buffer correctly
+ result.setBufferType(safeBuffer::BUFFER_CHAR);
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_ECB_192) {
+ return true;
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - 192bit AES
Algorithm, but not a AES (ECB) 192 bit key");
-
- }
+}
- isAESKeyWrap = true;
- }
+//
--------------------------------------------------------------------------------
+// SafeBuffer encryption
+//
--------------------------------------------------------------------------------
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIKW_AES256)) {
+bool XENCAlgorithmHandlerDefault::encryptToSafeBuffer(
+ TXFMChain * plainText,
+ XENCEncryptionMethod * encryptionMethod,
+ XSECCryptoKey * key,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc,
+ safeBuffer & result
+ ) {
- if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC ||
- dynamic_cast<XSECCryptoSymmetricKey
*>(key)->getSymmetricKeyType() !=
- XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
+ XSECCryptoKey::KeyType kt;
+ XSECCryptoSymmetricKey::SymmetricKeyType skt;
+ bool isKeyWrap = false;
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - 256bit AES
Algorithm, but not a AES (ECB) 256 bit key");
-
- }
+ if (encryptionMethod == NULL) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::encryptToSafeBuffer -
Cannot operate with NULL encryption Method");
+ }
- isAESKeyWrap = true;
- }
+ // Check the uri against the key type
+ mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap);
- if (isAESKeyWrap == true) {
+ // RSA?
+ if (kt == XSECCryptoKey::KEY_RSA_PRIVATE ||
+ kt == XSECCryptoKey::KEY_RSA_PUBLIC ||
+ kt == XSECCryptoKey::KEY_RSA_PAIR) {
- return wrapKeyAES(plainText, key, result);
+ return doRSAEncryptToSafeBuffer(plainText, encryptionMethod,
key, doc, result);
}
-
- // Is this an RSA key?
- if (strEquals(encryptionMethod->getAlgorithm(),
DSIGConstants::s_unicodeStrURIRSA_1_5)) {
- if (key->getKeyType() != XSECCryptoKey::KEY_RSA_PUBLIC &&
- key->getKeyType() != XSECCryptoKey::KEY_RSA_PAIR) {
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - RSA Encrypt URI
but not an RSA public key");
- }
+ // Ensure is symmetric before we continue
+ if (kt != XSECCryptoKey::KEY_SYMMETRIC) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::encryptToSafeBuffer - Not
an RSA key, but not symmetric");
+ }
- XSECCryptoKeyRSA * rsa = dynamic_cast<XSECCryptoKeyRSA *>(key);
-
- // Allocate an output buffer
- unsigned char * encBuf;
- XSECnew(encBuf, unsigned char[rsa->getLength()]);
- ArrayJanitor<unsigned char> j_encBuf(encBuf);
-
- // Input
- TXFMBase * b = plainText->getLastTxfm();
- safeBuffer plainSB;
- plainSB.isSensitive();
-
- XMLByte buf[1024];
- unsigned int offset = 0;
-
- int bytesRead = b->readBytes(buf, 1024);
- while (bytesRead > 0) {
- plainSB.sbMemcpyIn(offset, buf, bytesRead);
- offset += bytesRead;
- bytesRead = b->readBytes(buf, 1024);
- }
+ if (isKeyWrap == true) {
+ if (skt == XSECCryptoSymmetricKey::KEY_AES_ECB_128 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_ECB_192 ||
+ skt == XSECCryptoSymmetricKey::KEY_AES_ECB_256) {
- // Do decrypt
- unsigned int encryptLen =
rsa->publicEncrypt(plainSB.rawBuffer(),
-
encBuf,
-
offset,
-
rsa->getLength(),
-
XSECCryptoKeyRSA::PAD_PKCS_1_5,
-
HASH_NONE,
-
NULL,
-
0);
-
- // Now need to base64 encode
- XSECCryptoBase64 * b64 =
- XSECPlatformUtils::g_cryptoProvider->base64();
- Janitor<XSECCryptoBase64> j_b64(b64);
-
- b64->encodeInit();
- encryptLen = b64->encode(encBuf, encryptLen, buf, 1024);
- result.sbMemcpyIn(buf, encryptLen);
- unsigned int finalLen = b64->encodeFinish(buf, 1024);
- result.sbMemcpyIn(encryptLen, buf, finalLen);
- result[encryptLen + finalLen] = '\0';
+ return wrapKeyAES(plainText, key, result);
- // This is a string, so set the buffer correctly
- result.setBufferType(safeBuffer::BUFFER_CHAR);
+ }
- return true;
+ else {
+ throw XSECException(XSECException::CipherError,
+
"XENCAlgorithmHandlerDefault::decryptToSafeBuffer - don't know how to do key
wrap for algorithm");
+ }
}
- // Check the URI and key match
-
- mapURIToKey(encryptionMethod->getAlgorithm(), key);
+ // Must be bulk symmetric - do the encryption
- // Do the encryption
TXFMCipher *tcipher;
XSECnew(tcipher, TXFMCipher(doc, key, true));
plainText->appendTxfm(tcipher);
@@ -740,58 +760,28 @@
unsigned int keyLen
) {
- if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
-
- // 3 Key 3DES in CBC mode.
- XSECCryptoSymmetricKey * sk =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
-
- sk->setKey(keyBuffer, keyLen);
-
- return sk;
+ XSECCryptoSymmetricKey * sk = NULL;
+ if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_CBC_192);
}
-
- if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
-
- // AES 128bit key in CBC mode.
- XSECCryptoSymmetricKey * sk =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_128);
-
- sk->setKey(keyBuffer, keyLen);
-
- return sk;
-
+ else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_128);
}
-
- if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
-
- // AES 192bit key in CBC mode.
- XSECCryptoSymmetricKey * sk =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_192);
-
- sk->setKey(keyBuffer, keyLen);
-
- return sk;
-
+ else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_192);
+ }
+ else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
+ sk =
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_256);
}
-
- if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
-
- // AES 192bit key in CBC mode.
- XSECCryptoSymmetricKey * sk =
-
XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_CBC_256);
+ if (sk != NULL) {
sk->setKey(keyBuffer, keyLen);
-
return sk;
-
}
throw XSECException(XSECException::CipherError,
"XENCAlgorithmHandlerDefault - URI Provided, but cannot create
associated key");
-
- return NULL;
}
1.4 +18 -2
xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.hpp
Index: XENCAlgorithmHandlerDefault.hpp
===================================================================
RCS file:
/home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XENCAlgorithmHandlerDefault.hpp 19 Oct 2003 10:58:59 -0000 1.3
+++ XENCAlgorithmHandlerDefault.hpp 19 Oct 2003 12:50:35 -0000 1.4
@@ -122,7 +122,23 @@
private:
- void mapURIToKey(const XMLCh * uri, XSECCryptoKey * key);
+ void mapURIToKey(const XMLCh * uri,
+ XSECCryptoKey * key,
+ XSECCryptoKey::KeyType &kt,
+ XSECCryptoSymmetricKey::SymmetricKeyType &skt,
+ bool &isSymmetricKeyWrap);
+ unsigned int doRSADecryptToSafeBuffer(
+ TXFMChain * cipherText,
+ XENCEncryptionMethod * encryptionMethod,
+ XSECCryptoKey * key,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc,
+ safeBuffer & result);
+ bool XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer(
+ TXFMChain * plainText,
+ XENCEncryptionMethod * encryptionMethod,
+ XSECCryptoKey * key,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc,
+ safeBuffer & result);
unsigned int unwrapKeyAES(
TXFMChain * cipherText,
XSECCryptoKey * key,
1.10 +2 -1 xml-security/c/src/xenc/impl/XENCCipherImpl.hpp
Index: XENCCipherImpl.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherImpl.hpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- XENCCipherImpl.hpp 19 Oct 2003 10:58:59 -0000 1.9
+++ XENCCipherImpl.hpp 19 Oct 2003 12:50:35 -0000 1.10
@@ -81,6 +81,7 @@
class XSECEnv;
class XSECKeyInfoResolver;
class XSECPlatformUtils;
+class DSIGKeyInfoList;
XSEC_DECLARE_XERCES_CLASS(DOMNode);
XSEC_DECLARE_XERCES_CLASS(DOMDocumentFragment);
