[xmlsec] adding rsa/oaep support for mscrypto; enabling new tests
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] adding rsa/oaep support for mscrypto; enabling new tests
- Date: Fri, 30 Apr 2010 07:01:35 +0000 (UTC)
commit 230d83730f11d89f3cb41db121a7d9ed3dac3434
Author: Aleksey Sanin <aleksey aleksey com>
Date: Fri Apr 30 00:00:16 2010 -0700
adding rsa/oaep support for mscrypto; enabling new tests
include/xmlsec/mscrypto/crypto.h | 9 +
src/mscrypto/crypto.c | 1 +
src/mscrypto/kt_rsa.c | 355 +++++++++++++++++++++++++++++---------
src/openssl/kt_rsa.c | 87 +++++-----
tests/testDSig.sh | 23 ++-
tests/testEnc.sh | 26 +++-
6 files changed, 361 insertions(+), 140 deletions(-)
---
diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h
index aea1be7..ab3a026 100644
--- a/include/xmlsec/mscrypto/crypto.h
+++ b/include/xmlsec/mscrypto/crypto.h
@@ -194,6 +194,15 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha512GetKlass(
xmlSecMSCryptoTransformRsaPkcs1GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaPkcs1GetKlass(void);
+/**
+ * xmlSecMSCryptoTransformRsaOaepId:
+ *
+ * The RSA OAEP key transport transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaOaepId \
+ xmlSecMSCryptoTransformRsaOaepGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaOaepGetKlass(void);
+
/**
* xmlSecMSCryptoTransformRsaOaepId:
*
diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c
index b00e936..d006df5 100644
--- a/src/mscrypto/crypto.c
+++ b/src/mscrypto/crypto.c
@@ -196,6 +196,7 @@ xmlSecCryptoGetFunctions_mscrypto(void) {
#endif /* XMLSEC_NO_SHA512 */
gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass;
+ gXmlSecMSCryptoFunctions->transformRsaOaepGetKlass = xmlSecMSCryptoTransformRsaOaepGetKlass;
#endif /* XMLSEC_NO_RSA */
/******************************* SHA ********************************/
diff --git a/src/mscrypto/kt_rsa.c b/src/mscrypto/kt_rsa.c
index b6364a7..f0d84ee 100644
--- a/src/mscrypto/kt_rsa.c
+++ b/src/mscrypto/kt_rsa.c
@@ -36,99 +36,114 @@
* Internal MSCRYPTO RSA PKCS1 CTX
*
*************************************************************************/
-typedef struct _xmlSecMSCryptoRsaPkcs1Ctx xmlSecMSCryptoRsaPkcs1Ctx,
- *xmlSecMSCryptoRsaPkcs1CtxPtr;
-struct _xmlSecMSCryptoRsaPkcs1Ctx {
- xmlSecKeyDataPtr data;
- DWORD typeFlags;
+typedef struct _xmlSecMSCryptoRsaPkcs1OaepCtx xmlSecMSCryptoRsaPkcs1OaepCtx,
+ *xmlSecMSCryptoRsaPkcs1OaepCtxPtr;
+struct _xmlSecMSCryptoRsaPkcs1OaepCtx {
+ DWORD dwFlags;
+ xmlSecKeyDataPtr data;
+ xmlSecBuffer oaepParams;
};
/*********************************************************************
*
* RSA PKCS1 key transport transform
*
- * xmlSecMSCryptoRsaPkcs1Ctx is located after xmlSecTransform
+ * xmlSecMSCryptoRsaPkcs1OaepCtx is located after xmlSecTransform
*
********************************************************************/
-#define xmlSecMSCryptoRsaPkcs1Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoRsaPkcs1Ctx))
-#define xmlSecMSCryptoRsaPkcs1GetCtx(transform) \
- ((xmlSecMSCryptoRsaPkcs1CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecMSCryptoRsaPkcs1Initialize (xmlSecTransformPtr transform);
-static void xmlSecMSCryptoRsaPkcs1Finalize (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoRsaPkcs1SetKeyReq (xmlSecTransformPtr transform,
+#define xmlSecMSCryptoRsaPkcs1OaepCtx \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx))
+#define xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform) \
+ ((xmlSecMSCryptoRsaPkcs1OaepCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoRsaPkcs1OaepCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoRsaPkcs1OaepInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoRsaPkcs1OaepFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoRsaPkcs1OaepSetKeyReq (xmlSecTransformPtr transform,
xmlSecKeyReqPtr keyReq);
-static int xmlSecMSCryptoRsaPkcs1SetKey (xmlSecTransformPtr transform,
+static int xmlSecMSCryptoRsaPkcs1OaepSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
-static int xmlSecMSCryptoRsaPkcs1Execute (xmlSecTransformPtr transform,
+static int xmlSecMSCryptoRsaPkcs1OaepExecute (xmlSecTransformPtr transform,
int last,
xmlSecTransformCtxPtr transformCtx);
-static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform,
+static int xmlSecMSCryptoRsaPkcs1OaepProcess (xmlSecTransformPtr transform,
xmlSecTransformCtxPtr transformCtx);
-static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */
- xmlSecNameRsaPkcs1, /* const xmlChar* name; */
- xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+static int
+xmlSecMSCryptoRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) {
- xmlSecMSCryptoRsaPkcs1Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoRsaPkcs1Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoRsaPkcs1SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoRsaPkcs1SetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoRsaPkcs1Execute, /* xmlSecTransformExecuteMethod execute; */
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) {
+ return(1);
+ } else
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) {
+ return(1);
+ } else
+ /* not found */
+ {
+ return(0);
+ }
-/**
- * xmlSecMSCryptoTransformRsaPkcs1GetKlass:
- *
- * The RSA-PKCS1 key transport transform klass.
- *
- * Returns: RSA-PKCS1 key transport transform klass.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) {
- return(&xmlSecMSCryptoRsaPkcs1Klass);
+ /* just in case */
+ return(0);
}
static int
-xmlSecMSCryptoRsaPkcs1Initialize(xmlSecTransformPtr transform) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+xmlSecMSCryptoRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ int ret;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1Ctx));
+ /* initialize */
+ memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx));
+
+ ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) {
+ ctx->dwFlags = 0;
+ } else
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) {
+ ctx->dwFlags = CRYPT_OAEP;
+ } else
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
return(0);
}
static void
-xmlSecMSCryptoRsaPkcs1Finalize(xmlSecTransformPtr transform) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+xmlSecMSCryptoRsaPkcs1OaepFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
- xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size));
+ xmlSecAssert(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx));
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert(ctx != NULL);
if (ctx->data != NULL) {
@@ -136,19 +151,20 @@ xmlSecMSCryptoRsaPkcs1Finalize(xmlSecTransformPtr transform) {
ctx->data = NULL;
}
- memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1Ctx));
+ xmlSecBufferFinalize(&(ctx->oaepParams));
+ memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx));
}
static int
-xmlSecMSCryptoRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+xmlSecMSCryptoRsaPkcs1OaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(keyReq != NULL, -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
keyReq->keyId = xmlSecMSCryptoKeyDataRsaId;
@@ -163,16 +179,16 @@ xmlSecMSCryptoRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr k
}
static int
-xmlSecMSCryptoRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+xmlSecMSCryptoRsaPkcs1OaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->data == NULL, -1);
@@ -190,16 +206,16 @@ xmlSecMSCryptoRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
}
static int
-xmlSecMSCryptoRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+xmlSecMSCryptoRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
int ret;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
@@ -209,11 +225,11 @@ xmlSecMSCryptoRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTran
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- ret = xmlSecMSCryptoRsaPkcs1Process(transform, transformCtx);
+ ret = xmlSecMSCryptoRsaPkcs1OaepProcess(transform, transformCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoRsaPkcs1Process",
+ "xmlSecMSCryptoRsaPkcs1OaepProcess",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
@@ -234,8 +250,8 @@ xmlSecMSCryptoRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTran
}
static int
-xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize;
xmlSecSize keySize;
@@ -248,12 +264,12 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
xmlSecByte * inBuf;
int i;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->data != NULL, -1);
@@ -330,7 +346,7 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
outBuf = xmlSecBufferGetData(out);
xmlSecAssert2(outBuf != NULL, -1);
- if (!CryptEncrypt(hKey, 0, TRUE, 0, outBuf, &dwInLen, dwBufLen)) {
+ if (!CryptEncrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwInLen, dwBufLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CryptEncrypt",
@@ -361,7 +377,7 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
XMLSEC_ERRORS_NO_MESSAGE);
return (-1);
}
- if (!CryptDecrypt(hKey, 0, TRUE, 0, outBuf, &dwOutLen)) {
+ if (!CryptDecrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwOutLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"CryptDecrypt",
@@ -396,5 +412,172 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
return(0);
}
+
+/**********************************************************************
+ *
+ * RSA/PKCS1 transform
+ *
+ **********************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */
+
+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecMSCryptoTransformRsaPkcs1GetKlass:
+ *
+ * The RSA-PKCS1 key transport transform klass.
+ *
+ * Returns: RSA-PKCS1 key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) {
+ return(&xmlSecMSCryptoRsaPkcs1Klass);
+}
+
+
+
+/**********************************************************************
+ *
+ * RSA/OAEP transform
+ *
+ **********************************************************************/
+static int xmlSecMSCryptoRsaOaepNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecMSCryptoRsaOaepKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */
+
+ xmlSecNameRsaOaep, /* const xmlChar* name; */
+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecMSCryptoTransformRsaOaepGetKlass:
+ *
+ * The RSA-OAEP key transport transform klass.
+ *
+ * Returns: RSA-OAEP key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaOaepGetKlass(void) {
+ return(&xmlSecMSCryptoRsaOaepKlass);
+}
+
+static int
+xmlSecMSCryptoRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ while(cur != NULL) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
+ ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
+ xmlChar* algorithm;
+
+ /* Algorithm attribute is required */
+ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
+ if(algorithm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* for now we support only sha1 */
+ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(algorithm),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "digest algorithm is not supported for rsa/oaep");
+ xmlFree(algorithm);
+ return(-1);
+ }
+ xmlFree(algorithm);
+ } else {
+ /* not found */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next node */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(0);
+}
+
#endif /* XMLSEC_NO_RSA */
diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c
index c41b168..1cf1aba 100644
--- a/src/openssl/kt_rsa.c
+++ b/src/openssl/kt_rsa.c
@@ -358,7 +358,7 @@ xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr
/**************************************************************************
*
- * Internal OpenSSL RSA OAPE CTX
+ * Internal OpenSSL RSA OAEP CTX
*
*************************************************************************/
typedef struct _xmlSecOpenSSLRsaOaepCtx xmlSecOpenSSLRsaOaepCtx,
@@ -492,58 +492,57 @@ xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS
xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
cur = xmlSecGetNextElementNode(node->children);
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
- ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
- if(ret < 0) {
+ while(cur != NULL) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
+ ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
+ xmlChar* algorithm;
+
+ /* Algorithm attribute is required */
+ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
+ if(algorithm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* for now we support only sha1 */
+ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(algorithm),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "digest algorithm is not supported for rsa/oaep");
+ xmlFree(algorithm);
+ return(-1);
+ }
+ xmlFree(algorithm);
+ } else {
+ /* not found */
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferBase64NodeContentRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
- xmlChar* algorithm;
-
- /* Algorithm attribute is required */
- algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
- if(algorithm == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
-
- /* for now we support only sha1 */
- if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(algorithm),
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- "digest algorithm is not supported for rsa/oaep");
- xmlFree(algorithm);
- return(-1);
- }
- xmlFree(algorithm);
+ /* next node */
cur = xmlSecGetNextElementNode(cur->next);
}
- if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
return(0);
}
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index 3ad6a8b..ac72050 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -472,18 +472,17 @@ execDSigTest "" "merlin-xmldsig-twenty-three/signature" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
+
##########################################################################
#
-# merlin-xmlenc-five
+# merlin-xmlenc-five
+#
+# While the main operation is signature (and this is why we have these
+# tests here instead of testEnc.sh), these tests check the encryption
+# key transport/wrapper algorightms
#
##########################################################################
-execDSigTest "" "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
- "ripemd160 hmac-ripemd160 kw-tripledes" \
- "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
- "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
- "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
-
execDSigTest "" "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \
"sha256 hmac-sha256 kw-aes128" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
@@ -496,9 +495,17 @@ execDSigTest "" "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \
"sha512 hmac-sha512 kw-aes256" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
-#merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5.xml
+execDSigTest "" "merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \
+ "sha1 hmac-sha256 rsa-1_5" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
+
+execDSigTest "" "merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \
+ "sha1 hmac-sha256 rsa-oaep-mgf1p" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
+
#merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p.xml
+
##########################################################################
#
# merlin-exc-c14n-one
diff --git a/tests/testEnc.sh b/tests/testEnc.sh
index e7e54a1..96b168f 100755
--- a/tests/testEnc.sh
+++ b/tests/testEnc.sh
@@ -127,6 +127,11 @@ echo "--- log file is $logfile"
echo "--- testEnc started for xmlsec-$crypto library ($timestamp)" >> $logfile
echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile
+##########################################################################
+#
+# aleksey-xmlenc-01
+#
+##########################################################################
execEncTest "aleksey-xmlenc-01/enc-des3cbc-keyname" \
"tripledes-cbc" \
@@ -186,7 +191,12 @@ execEncTest "aleksey-xmlenc-01/enc-des3cbc-aes192-keyname" \
"--keys-file $keysfile --session-key des-192 --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data" \
"--keys-file $keysfile"
-# Merlin's tests
+##########################################################################
+#
+# merlin-xmlenc-five
+#
+##########################################################################
+
execEncTest "merlin-xmlenc-five/encrypt-data-aes128-cbc" \
"aes128-cbc" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
@@ -249,6 +259,13 @@ execEncTest "merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256"
"aes256-cbc kw-aes256" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+execEncTest "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
+ "ripemd160 hmac-ripemd160 kw-tripledes" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+#merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
#merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml
#merlin-xmlenc-five/decryption-transform-except.xml
@@ -256,10 +273,15 @@ execEncTest "merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256"
#merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
#merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml
-#merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
#merlin-xmlenc-five/encsig-hmac-sha256-dh.xml
#merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml
+##########################################################################
+#
+# 01-phaos-xmlenc-3
+#
+##########################################################################
+
execEncTest "01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5" \
"tripledes-cbc rsa-1_5" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]