You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/10/31 14:06:10 UTC
svn commit: r590657 - in /webservices/rampart/trunk/c: include/
samples/client/sec_echo/ samples/omxmlsec/xmlenc/ src/omxmlsec/
src/omxmlsec/openssl/ src/util/
Author: kaushalye
Date: Wed Oct 31 06:06:08 2007
New Revision: 590657
URL: http://svn.apache.org/viewvc?rev=590657&view=rev
Log:
key derivation module modification and related modifications. (including patch for RAMPARTC-37:https://issues.apache.org/jira/secure/attachment/12368758/derivation2.patch)
Modified:
webservices/rampart/trunk/c/include/openssl_hmac.h
webservices/rampart/trunk/c/include/oxs_derivation.h
webservices/rampart/trunk/c/samples/client/sec_echo/echo.c
webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.sh
webservices/rampart/trunk/c/samples/omxmlsec/xmlenc/enc.c
webservices/rampart/trunk/c/src/omxmlsec/derivation.c
webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c
webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
Modified: webservices/rampart/trunk/c/include/openssl_hmac.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/openssl_hmac.h?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/openssl_hmac.h (original)
+++ webservices/rampart/trunk/c/include/openssl_hmac.h Wed Oct 31 06:06:08 2007
@@ -48,8 +48,8 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
openssl_p_sha1(const axutil_env_t *env,
oxs_key_t *secret,
- oxs_buffer_t *label,
- oxs_buffer_t *seed,
+ axis2_char_t *label,
+ axis2_char_t *seed,
oxs_key_t *derived_key);
/* @} */
Modified: webservices/rampart/trunk/c/include/oxs_derivation.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_derivation.h?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_derivation.h (original)
+++ webservices/rampart/trunk/c/include/oxs_derivation.h Wed Oct 31 06:06:08 2007
@@ -46,17 +46,15 @@
* @param env pointer to environment struct
* @param secret The secret is the shared secret that is exchanged (note that if two secrets were securely exchanged,\
* possible as part of an initial exchange, they are concatenated in the order they were sent/received)
- * @param label The label is the concatenation of the client's label and the service's label
- * @param seed The seed is the concatenation of nonce values (if multiple were exchanged) that were exchanged (initiator + receiver)
* @param derived_key The derived key. Caller must create and free
+ * @param build_fresh Whether to build fresh or build using details in derived key(in case of recovering the derive key from xml)
* @return status
**/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_derivation_derive_key(const axutil_env_t *env,
oxs_key_t *secret,
- oxs_buffer_t *label,
- oxs_buffer_t *seed,
- oxs_key_t *derived_key
+ oxs_key_t *derived_key,
+ axis2_bool_t build_fresh
);
AXIS2_EXTERN axiom_node_t * AXIS2_CALL
Modified: webservices/rampart/trunk/c/samples/client/sec_echo/echo.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/client/sec_echo/echo.c?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/client/sec_echo/echo.c (original)
+++ webservices/rampart/trunk/c/samples/client/sec_echo/echo.c Wed Oct 31 06:06:08 2007
@@ -70,7 +70,7 @@
options = axis2_options_create(env);
axis2_options_set_to(options, env, endpoint_ref);
axis2_options_set_action(options, env,
- "http://example.com/ws/2004/09/policy/Test/EchoRequest");
+ "http://xmlsoap.org/Ping");
/*axis2_options_set_action(options, env,
"urn:echo");*/
@@ -202,12 +202,13 @@
axiom_namespace_t *ns1 = NULL;
axis2_char_t *om_str = NULL;
- ns1 = axiom_namespace_create(env, "http://ws.apache.org/rampart/c/samples", "ns1");
- echo_om_ele = axiom_element_create(env, NULL, "echoIn", ns1, &echo_om_node);
+ ns1 = axiom_namespace_create(env, "http://xmlsoap.org/Ping", "ns0");
+ echo_om_ele = axiom_element_create(env, NULL, "Ping", ns1, &echo_om_node);
- text_om_ele = axiom_element_create(env, echo_om_node, "text", NULL, &text_om_node);
- axiom_element_set_text(text_om_ele, env, "Hello", text_om_node);
+ /*text_om_ele = axiom_element_create(env, echo_om_node, "text", NULL, &text_om_node);
+ */
+ axiom_element_set_text(text_om_ele, env, "Hello", echo_om_ele);
om_str = axiom_node_to_string(echo_om_node, env);
if (om_str){
Modified: webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.sh
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.sh?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.sh (original)
+++ webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.sh Wed Oct 31 06:06:08 2007
@@ -7,4 +7,6 @@
cp -r $AXIS2C_HOME/modules/rampart $CLIENT_REPO/modules
#RUN
-./echo http://localhost:9090/axis2/services/sec_echo/echoString $CLIENT_REPO
+#./echo http://localhost:9090/axis2/services/sec_echo/echoString $CLIENT_REPO
+#./echo http://192.168.1.57:1110/services/UsernameForCertificateSign $CLIENT_REPO
+./echo http://localhost:9090/services/UsernameForCertificateSign $CLIENT_REPO
Modified: webservices/rampart/trunk/c/samples/omxmlsec/xmlenc/enc.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/omxmlsec/xmlenc/enc.c?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/omxmlsec/xmlenc/enc.c (original)
+++ webservices/rampart/trunk/c/samples/omxmlsec/xmlenc/enc.c Wed Oct 31 06:06:08 2007
@@ -28,8 +28,9 @@
#include <oxs_error.h>
#include <oxs_encryption.h>
#include <oxs_xml_encryption.h>
-#include <oxs_token_encrypted_data.h>
+#include <oxs_tokens.h>
#include <oxs_x509_cert.h>
+#include <oxs_derivation.h>
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
@@ -61,9 +62,24 @@
oxs_key_t *create_key(axutil_env_t *env)
{
oxs_key_t *key = NULL;
+ oxs_key_t *derived_key = NULL;
key = oxs_key_create(env);
- oxs_key_populate(key, env, (unsigned char*)"012345670123456701234567", "session_key", 32, OXS_KEY_USAGE_DECRYPT);
- return key;
+ oxs_key_populate(key, env, (unsigned char*)"012345670123456701234567", "session_key", 32, OXS_KEY_USAGE_SESSION);
+ derived_key = oxs_key_create(env);
+ oxs_derivation_derive_key(env, key, derived_key, AXIS2_TRUE);
+
+ return derived_key;
+}
+
+oxs_key_t *get_key(axutil_env_t *env, axiom_node_t *dk_token_node)
+{
+ oxs_key_t *key = NULL;
+ oxs_key_t *derived_key = NULL;
+ key = oxs_key_create(env);
+ oxs_key_populate(key, env, (unsigned char*)"012345670123456701234567", "session_key", 32, OXS_KEY_USAGE_SESSION);
+ derived_key = oxs_derivation_extract_derived_key_from_token(env, dk_token_node, NULL, key);
+
+ return derived_key;
}
axis2_status_t
@@ -73,6 +89,7 @@
axiom_node_t *tmpl = NULL;
axiom_node_t *enc_data_node = NULL;
axiom_node_t *decrypted_node = NULL;
+ axiom_node_t *derived_key = NULL;
oxs_key_t *key = NULL;
tmpl = load_sample_xml(env , tmpl, filename);
@@ -80,8 +97,9 @@
axis2_char_t *serialized_data = NULL;
FILE *outf;
+ derived_key = axiom_node_get_last_child(tmpl, env);
/*Create key*/
- key = create_key(env);
+ key = get_key (env, derived_key);
/*Create ctx*/
ctx = oxs_ctx_create(env);
@@ -96,6 +114,10 @@
}else{
printf("\noxs_xml_enc_decrypt_node FAILURE\n");
}
+
+ axiom_node_detach(derived_key, env);
+ axiom_node_free_tree(derived_key, env);
+
serialized_data = axiom_node_to_string(tmpl, env);
outf = fopen("decrypted-result.xml", "wb");
fwrite(serialized_data, 1, axutil_strlen(serialized_data), outf);
@@ -135,6 +157,7 @@
enc_data_node = oxs_token_build_encrypted_data_element(env, tmpl, OXS_TYPE_ENC_ELEMENT, id);
temp_status = oxs_xml_enc_encrypt_node(env, ctx, enc_node, &enc_data_node);
+ oxs_derivation_build_derived_key_token(env, key, tmpl, "A", "A");
oxs_ctx_free( ctx, env);
Modified: webservices/rampart/trunk/c/src/omxmlsec/derivation.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/derivation.c?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/derivation.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/derivation.c Wed Oct 31 06:06:08 2007
@@ -76,7 +76,7 @@
oxs_key_set_length(derived_key, env, length);
/*Now derive the key using the base_key and other parematers*/
- status = oxs_derivation_derive_key(env, base_key, NULL, NULL, derived_key);
+ status = oxs_derivation_derive_key(env, base_key, derived_key, AXIS2_FALSE);
if(AXIS2_FAILURE == status){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA, "Cannot derive the key from given element");
oxs_key_free(derived_key, env);
@@ -98,19 +98,23 @@
axiom_node_t *nonce_token = NULL;
axiom_node_t *offset_token = NULL;
axiom_node_t *length_token = NULL;
+ axis2_char_t *uri = NULL;
/*axiom_node_t *label_token = NULL;*/
axis2_char_t *dk_id = NULL;
+ axis2_char_t *dk_name = NULL;
axis2_char_t *nonce = NULL;
axis2_char_t *label = NULL;
int offset = -1;
int length = 0;
- dk_id = oxs_key_get_name(derived_key, env);
+ dk_name = oxs_key_get_name(derived_key, env);
+ dk_id = axutil_string_substring_starting_at(dk_name, 1);
+ uri = axutil_stracat(env, "#", stref_uri);
dk_token = oxs_token_build_derived_key_token_element(env, parent, dk_id, NULL);
str_token = oxs_token_build_security_token_reference_element(env, dk_token);
- ref_token = oxs_token_build_reference_element(env, dk_token, stref_uri, stref_val_type);
+ ref_token = oxs_token_build_reference_element(env, str_token, uri, stref_val_type);
/*Create offset*/
offset = oxs_key_get_offset(derived_key, env);
@@ -139,15 +143,21 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_derivation_derive_key(const axutil_env_t *env,
oxs_key_t *secret,
- oxs_buffer_t *label,
- oxs_buffer_t *seed,
- oxs_key_t *derived_key
+ oxs_key_t *derived_key,
+ axis2_bool_t build
)
{
axis2_status_t status = AXIS2_FAILURE;
/*TODO check for derivation algorithm*/
- status = openssl_p_sha1(env, secret, label, seed, derived_key);
+ if (build)
+ {
+ status = openssl_p_sha1(env, secret, NULL, NULL, derived_key);
+ }
+ else
+ {
+ status = openssl_p_sha1(env, secret, oxs_key_get_label(derived_key, env), oxs_key_get_nonce(derived_key, env), derived_key);
+ }
return status;
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c Wed Oct 31 06:06:08 2007
@@ -142,14 +142,15 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
openssl_p_sha1(const axutil_env_t *env,
oxs_key_t *secret,
- oxs_buffer_t *label,
- oxs_buffer_t *seed,
+ axis2_char_t *label,
+ axis2_char_t *seed,
oxs_key_t *derived_key)
{
oxs_buffer_t *label_and_seed = NULL;
unsigned int key_len = 0;
unsigned char *output = NULL;
axis2_char_t *dk_id = NULL;
+ axis2_char_t *dk_name = NULL;
axis2_status_t status = AXIS2_FAILURE;
unsigned int length;
unsigned int offset;
@@ -176,38 +177,45 @@
label_and_seed = oxs_buffer_create(env);
- if((!label) || (!oxs_buffer_get_size(label, env)))
+ if((!label) || (!axutil_strlen(label)))
{
oxs_buffer_append(label_and_seed, env, (unsigned char*)OPENSSL_DEFAULT_LABEL_FOR_PSHA1, axutil_strlen(OPENSSL_DEFAULT_LABEL_FOR_PSHA1));
oxs_key_set_label(derived_key, env, OPENSSL_DEFAULT_LABEL_FOR_PSHA1);
}
else
{
- oxs_buffer_append(label_and_seed, env, oxs_buffer_get_data(label, env), oxs_buffer_get_size(label, env));
- oxs_key_set_label(derived_key, env, (axis2_char_t*)oxs_buffer_get_data(label, env));
+ oxs_buffer_append(label_and_seed, env, (unsigned char*)label, axutil_strlen(label));
}
- if ((!seed) || (!oxs_buffer_get_size(seed, env)))
- {
- oxs_key_set_nonce(derived_key, env, (axis2_char_t*)oxs_util_generate_nonce(env, 16));
- oxs_buffer_append(label_and_seed, env, (unsigned char*)oxs_key_get_nonce(derived_key, env), axutil_base64_encode_len(16));
+ /*
+ * if seed is not needed, can pass empty. if have to be created, then pass NULL
+ */
+ if (!seed)
+ {
+ seed = oxs_util_generate_nonce(env, 16);
+ oxs_key_set_nonce(derived_key, env, seed);
+ oxs_buffer_append(label_and_seed, env, (unsigned char*)seed, axutil_strlen(seed));
+ AXIS2_FREE(env->allocator, seed);
+ seed = NULL;
}
else
{
- oxs_buffer_append(label_and_seed, env, oxs_buffer_get_data(seed, env), oxs_buffer_get_size(seed, env));
- oxs_key_set_nonce(derived_key, env, (axis2_char_t*)oxs_buffer_get_data(seed, env));
+ oxs_buffer_append(label_and_seed, env, (unsigned char*)seed, axutil_strlen(seed));
}
+
+
oxs_key_set_offset(derived_key, env, offset);
-
key_len = length + offset;
output = (unsigned char*)AXIS2_MALLOC(env->allocator, key_len + 1);
status = openssl_p_hash(env, secret, oxs_buffer_get_data(label_and_seed, env), oxs_buffer_get_size(label_and_seed, env), output, key_len);
output = (unsigned char*)axutil_string_substring_starting_at((axis2_char_t*)output, offset);
dk_id = (axis2_char_t*)oxs_util_generate_id(env, (axis2_char_t*)OXS_DERIVED_ID);
+ dk_name = axutil_stracat(env, "#", dk_id);
- status = status && oxs_key_populate(derived_key, env, (unsigned char*)output, dk_id, length, oxs_key_get_usage(secret, env));
+ status = status && oxs_key_populate(derived_key, env, (unsigned char*)output, dk_name, length, oxs_key_get_usage(secret, env));
AXIS2_FREE(env->allocator, output);
AXIS2_FREE(env->allocator, dk_id);
+ AXIS2_FREE(env->allocator, dk_name);
oxs_buffer_free(label_and_seed, env);
return status;
Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c Wed Oct 31 06:06:08 2007
@@ -254,7 +254,7 @@
/*Remove the node from the parent*/
if(AXIS2_SUCCESS == ret){
axiom_node_detach(node, env);
- axiom_node_free_tree(node, env);
+ /*axiom_node_free_tree(node, env);*/
node = NULL;
}
/*Free*/
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=590657&r1=590656&r2=590657&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Wed Oct 31 06:06:08 2007
@@ -323,7 +323,7 @@
if(AXIS2_TRUE == use_derived_keys){
/*Derive a new key*/
derived_key = oxs_key_create(env);
- status = oxs_derivation_derive_key(env, session_key, NULL, NULL, derived_key);
+ status = oxs_derivation_derive_key(env, session_key, derived_key, AXIS2_TRUE);
/*Set the derived key for the encryption*/
oxs_ctx_set_key(enc_ctx, env, derived_key);
@@ -412,7 +412,7 @@
/*Build the <wsc:DerivedKeyToken> element*/
if(dk){
- oxs_derivation_build_derived_key_token(env, dk, sec_node, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY, asym_key_id);
+ oxs_derivation_build_derived_key_token(env, dk, sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
}
/*Do we need derived keys? Can we free 'em here?*/
oxs_key_free(dk, env);
@@ -808,7 +808,7 @@
if(AXIS2_TRUE == use_derived_keys){
/*Derive a new key*/
derived_key = oxs_key_create(env);
- status = oxs_derivation_derive_key(env, session_key, NULL, NULL, derived_key);
+ status = oxs_derivation_derive_key(env, session_key, derived_key, AXIS2_TRUE);
/*Set the derived key for the encryption*/
oxs_ctx_set_key(enc_ctx, env, derived_key);
@@ -845,7 +845,7 @@
axis2_char_t *asym_key_id = NULL;
asym_key_id = oxs_axiom_get_attribute_value_of_node_by_name(env, encrypted_key_node, OXS_ATTR_ID, NULL);
- oxs_derivation_build_derived_key_token(env, derived_key, sec_node, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY, asym_key_id);
+ oxs_derivation_build_derived_key_token(env, derived_key, sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
}
node_to_move = oxs_axiom_get_node_by_local_name(