You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/11/03 00:11:30 UTC
cvs commit: xml-security/c/src/xenc/impl XENCAlgorithmHandlerDefault.cpp XENCAlgorithmHandlerDefault.hpp XENCCipherImpl.cpp
blautenb 2003/11/02 15:11:30
Modified: c/src/dsig DSIGConstants.cpp DSIGConstants.hpp
c/src/tools/xtest xtest.cpp
c/src/xenc/impl XENCAlgorithmHandlerDefault.cpp
XENCAlgorithmHandlerDefault.hpp XENCCipherImpl.cpp
Log:
Implemented 3DES key-wrap
Revision Changes Path
1.16 +4 -1 xml-security/c/src/dsig/DSIGConstants.cpp
Index: DSIGConstants.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.cpp,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- DSIGConstants.cpp 26 Oct 2003 10:32:32 -0000 1.15
+++ DSIGConstants.cpp 2 Nov 2003 23:11:30 -0000 1.16
@@ -107,6 +107,7 @@
const XMLCh * DSIGConstants::s_unicodeStrURIKW_AES128;
const XMLCh * DSIGConstants::s_unicodeStrURIKW_AES192;
const XMLCh * DSIGConstants::s_unicodeStrURIKW_AES256;
+const XMLCh * DSIGConstants::s_unicodeStrURIKW_3DES;
const XMLCh * DSIGConstants::s_unicodeStrURIRSA_1_5;
const XMLCh * DSIGConstants::s_unicodeStrURIXENC_ELEMENT;
@@ -157,6 +158,7 @@
s_unicodeStrURIKW_AES128 = XMLString::transcode(URI_ID_KW_AES128);
s_unicodeStrURIKW_AES192 = XMLString::transcode(URI_ID_KW_AES192);
s_unicodeStrURIKW_AES256 = XMLString::transcode(URI_ID_KW_AES256);
+ s_unicodeStrURIKW_3DES = XMLString::transcode(URI_ID_KW_3DES);
s_unicodeStrURIRSA_1_5 = XMLString::transcode(URI_ID_RSA_1_5);
s_unicodeStrURIXENC_ELEMENT = XMLString::transcode(URI_ID_XENC_ELEMENT);
@@ -205,6 +207,7 @@
delete[] (XMLCh *) s_unicodeStrURIKW_AES128;
delete[] (XMLCh *) s_unicodeStrURIKW_AES192;
delete[] (XMLCh *) s_unicodeStrURIKW_AES256;
+ delete[] (XMLCh *) s_unicodeStrURIKW_3DES;
delete[] (XMLCh *) s_unicodeStrURIRSA_1_5;
delete[] (XMLCh *) s_unicodeStrURIXENC_ELEMENT;
1.18 +10 -2 xml-security/c/src/dsig/DSIGConstants.hpp
Index: DSIGConstants.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.hpp,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- DSIGConstants.hpp 26 Oct 2003 10:32:32 -0000 1.17
+++ DSIGConstants.hpp 2 Nov 2003 23:11:30 -0000 1.18
@@ -101,6 +101,7 @@
#define URI_ID_KW_AES128 "http://www.w3.org/2001/04/xmlenc#kw-aes128"
#define URI_ID_KW_AES192 "http://www.w3.org/2001/04/xmlenc#kw-aes192"
#define URI_ID_KW_AES256 "http://www.w3.org/2001/04/xmlenc#kw-aes256"
+#define URI_ID_KW_3DES "http://www.w3.org/2001/04/xmlenc#kw-tripledes"
// Key Transport algorithms
#define URI_ID_RSA_1_5 "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
@@ -203,7 +204,8 @@
ENCRYPT_KW_AES128 = 5, // KeyWrap - AES128
ENCRYPT_KW_AES192 = 6, // KeyWrap - AES192
ENCRYPT_KW_AES256 = 7, // KeyWrap - AES256
- ENCRYPT_RSA_15 = 8 // RSA with PKCS 1.5 padding
+ ENCRYPT_KW_3DES = 8,
+ ENCRYPT_RSA_15 = 9 // RSA with PKCS 1.5 padding
};
@@ -357,6 +359,11 @@
uri = URI_ID_KW_AES256;
break;
+ case (ENCRYPT_KW_3DES) :
+
+ uri = URI_ID_KW_3DES;
+ break;
+
case (ENCRYPT_RSA_15) :
uri = URI_ID_RSA_1_5;
@@ -420,6 +427,7 @@
static const XMLCh * s_unicodeStrURIKW_AES128;
static const XMLCh * s_unicodeStrURIKW_AES192;
static const XMLCh * s_unicodeStrURIKW_AES256;
+ static const XMLCh * s_unicodeStrURIKW_3DES;
static const XMLCh * s_unicodeStrURIRSA_1_5;
static const XMLCh * s_unicodeStrURIXENC_ELEMENT;
1.28 +8 -1 xml-security/c/src/tools/xtest/xtest.cpp
Index: xtest.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/xtest/xtest.cpp,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- xtest.cpp 28 Oct 2003 09:33:18 -0000 1.27
+++ xtest.cpp 2 Nov 2003 23:11:30 -0000 1.28
@@ -932,6 +932,13 @@
unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_AES256);
+ cerr << "Triple DES key wrap... ";
+
+ ks = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
+ ks->setKey((unsigned char *) s_keyStr, 24);
+
+ unitTestKeyEncrypt(impl, ks, ENCRYPT_KW_3DES);
+
}
// --------------------------------------------------------------------------------
// Test encrypt/Decrypt
1.7 +174 -43 xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp
Index: XENCAlgorithmHandlerDefault.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.cpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- XENCAlgorithmHandlerDefault.cpp 28 Oct 2003 09:33:18 -0000 1.6
+++ XENCAlgorithmHandlerDefault.cpp 2 Nov 2003 23:11:30 -0000 1.7
@@ -152,7 +152,8 @@
switch (skt) {
case XSECCryptoSymmetricKey::KEY_3DES_192 :
- keyOK = strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC);
+ isSymmetricKeyWrap = strEquals(uri, DSIGConstants::s_unicodeStrURIKW_3DES);
+ keyOK = isSymmetricKeyWrap || strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC);
break;
case XSECCryptoSymmetricKey::KEY_AES_128 :
isSymmetricKeyWrap = strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES128);
@@ -360,60 +361,182 @@
// DES CMS Key wrap/unwrap
// --------------------------------------------------------------------------------
-#if 0
+unsigned int XENCAlgorithmHandlerDefault::unwrapKey3DES(
+ TXFMChain * cipherText,
+ XSECCryptoKey * key,
+ safeBuffer & result) {
-Keep for DES keywrap
+ // Perform an unwrap on the key
+ safeBuffer cipherSB;
- // Perform an unwrap on the key
- safeBuffer cipherSB;
+ // Cat the encrypted key
+ XMLByte buf[_MY_MAX_KEY_SIZE];
+ TXFMBase * b = cipherText->getLastTxfm();
+ int offset = 0;
+ int sz = b->readBytes(buf, _MY_MAX_KEY_SIZE);
- // Set the IV
- cipherSB.sbMemcpyIn(s_CMSIV, 8);
-
- // Cat the encrypted key
- XMLByte buf[_MY_MAX_KEY_SIZE];
- TXFMBase * b = cipherText->getLastTxfm();
- int offset = 8;
- int sz = b->readBytes(buf, _MY_MAX_KEY_SIZE);
-
- while (sz > 0) {
- cipherSB.sbMemcpyIn(offset, buf, sz);
- offset += sz;
- sz = b->readBytes(buf, _MY_MAX_KEY_SIZE);
- }
+ while (sz > 0) {
+ cipherSB.sbMemcpyIn(offset, buf, sz);
+ offset += sz;
+ sz = b->readBytes(buf, _MY_MAX_KEY_SIZE);
+ }
- if (offset > _MY_MAX_KEY_SIZE) {
- throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - Key to decrypt too big!");
- }
+ if (offset > _MY_MAX_KEY_SIZE) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - Key to decrypt too big!");
+ }
+
+ // Do the decrypt - this cast will throw if wrong, but we should
+ // not have been able to get through algorithm checks otherwise
+ XSECCryptoSymmetricKey * sk = dynamic_cast<XSECCryptoSymmetricKey *>(key);
+
+ sk->decryptInit(false, XSECCryptoSymmetricKey::MODE_CBC, s_3DES_CMS_IV);
+ // If key is bigger than this, then we have a problem
+ sz = sk->decrypt(cipherSB.rawBuffer(), buf, offset, _MY_MAX_KEY_SIZE);
+
+ sz += sk->decryptFinish(&buf[sz], _MY_MAX_KEY_SIZE - sz);
+
+ if (sz <= 0) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault - Error decrypting key!");
+ }
- // Do the decrypt - this cast will throw if wrong, but we should
- // not have been able to get through algorithm checks otherwise
- XSECCryptoSymmetricKey * sk = dynamic_cast<XSECCryptoSymmetricKey *>(key);
+ // We now have the first cut, reverse the cipher text
+ XMLByte buf2[_MY_MAX_KEY_SIZE];
+ for (int i = 0; i < sz; ++ i) {
+ buf2[sz - i - 1] = buf[i];
+ }
+
+ // decrypt again
+ sk->decryptInit(false);
+ offset = sk->decrypt(buf2, buf, sz, _MY_MAX_KEY_SIZE);
+ offset += sk->decryptFinish(&buf[offset], _MY_MAX_KEY_SIZE - offset);
- sk->decryptInit(false); // No padding
- // If key is bigger than this, then we have a problem
- sz = sk->decrypt(cipherSB.rawBuffer(), buf, offset, _MY_MAX_KEY_SIZE);
+ // Calculate the CMS Key Checksum
+ XSECCryptoHash * sha1 = XSECPlatformUtils::g_cryptoProvider->hashSHA1();
+ if (!sha1) {
- sz += sk->decryptFinish(&buf[sz], _MY_MAX_KEY_SIZE - sz);
+ throw XSECException(XSECException::CryptoProviderError,
+ "XENCAlgorithmHandlerDefault - Error getting SHA-1 object in 3DES unwrap");
- if (sz <= 0) {
+ }
+ Janitor<XSECCryptoHash> j_sha1(sha1);
+ sha1->reset();
+ sha1->hash(buf, offset - 8);
+ sha1->finish(buf2, _MY_MAX_KEY_SIZE);
+
+ // Compare
+ for (int j = 0; j < 8; ++j) {
+
+ if (buf[offset - 8 + j] != buf2[j]) {
throw XSECException(XSECException::CipherError,
- "XENCAlgorithmHandlerDefault - Error decrypting key!");
+ "XENCAlgorithmHandlerDefault::unwrapKey3DES - CMS Key Checksum does not match");
}
+ }
- // We now have the first cut, reverse the key
- XMLByte buf2[_MY_MAX_KEY_SIZE];
- for (int i = 0; i < sz; ++ i) {
- buf2[sz - i] = buf[i];
- }
+ result.sbMemcpyIn(buf, offset - 8);
+
+ return offset - 8;
- // decrypt again
- sk->decryptInit(false);
- offset = sk->decrypt(buf2, buf, sz, _MY_MAX_KEY_SIZE);
- offset += sk->decryptFinish(&buf[offset], _MY_MAX_KEY_SIZE - offset);
+}
-#endif
+bool XENCAlgorithmHandlerDefault::wrapKey3DES(
+ TXFMChain * cipherText,
+ XSECCryptoKey * key,
+ safeBuffer & result) {
+
+ // Cat the plaintext key
+ XMLByte buf[_MY_MAX_KEY_SIZE + 16];
+ TXFMBase * b = cipherText->getLastTxfm();
+ int offset = 0;
+ int sz = b->readBytes(buf, _MY_MAX_KEY_SIZE);
+
+ if (sz <= 0) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::wrapKey3DES - Unable to read key");
+ }
+
+ if (sz >= _MY_MAX_KEY_SIZE) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::wrapKey3DES - Key to decrypt too big!");
+ }
+
+ if (sz % 8 != 0) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::wrapKey3DES - Key to encrypt not a multiple of 8 bytes");
+ }
+
+ // Calculate the CMS Key Checksum
+
+ // Do the first encrypt
+ XMLByte buf2[_MY_MAX_KEY_SIZE + 16];
+
+ XSECCryptoHash * sha1 = XSECPlatformUtils::g_cryptoProvider->hashSHA1();
+ if (!sha1) {
+
+ throw XSECException(XSECException::CryptoProviderError,
+ "XENCAlgorithmHandlerDefault - Error getting SHA-1 object in 3DES wrap");
+
+ }
+ Janitor<XSECCryptoHash> j_sha1(sha1);
+ sha1->reset();
+ sha1->hash(buf, sz);
+ sha1->finish(buf2, _MY_MAX_KEY_SIZE);
+
+ for (int j = 0; j < 8 ; ++j)
+ buf[sz++] = buf2[j];
+
+ // Do the first encrypt - this cast will throw if wrong, but we should
+ // not have been able to get through algorithm checks otherwise
+ XSECCryptoSymmetricKey * sk = dynamic_cast<XSECCryptoSymmetricKey *>(key);
+
+ sk->encryptInit(false);
+ // If key is bigger than this, then we have a problem
+ sz = sk->encrypt(buf, buf2, sz, _MY_MAX_KEY_SIZE);
+ sz += sk->encryptFinish(&buf2[sz], _MY_MAX_KEY_SIZE - sz);
+
+ if (sz <= 0) {
+ throw XSECException(XSECException::CipherError,
+ "XENCAlgorithmHandlerDefault::wrapKey3DES - Error encrypting key!");
+ }
+
+ // We now have the first cut, reverse the cipher text
+ for (int i = 0; i < sz; ++ i) {
+ buf[sz - i - 1] = buf2[i];
+ }
+
+ // encrypt again
+ sk->encryptInit(false, XSECCryptoSymmetricKey::MODE_CBC, s_3DES_CMS_IV);
+ offset = sk->encrypt(buf, buf2, sz, _MY_MAX_KEY_SIZE);
+ offset += sk->encryptFinish(&buf2[offset], _MY_MAX_KEY_SIZE - offset);
+
+ // Base64 encode
+ XSECCryptoBase64 * b64 = XSECPlatformUtils::g_cryptoProvider->base64();
+
+ if (!b64) {
+
+ throw XSECException(XSECException::CryptoProviderError,
+ "XENCAlgorithmHandlerDefault - Error getting base64 encoder in 3DES wrap");
+
+ }
+
+ Janitor<XSECCryptoBase64> j_b64(b64);
+ unsigned char * b64Buffer;
+ int bufLen = (offset + 9) * 3;
+ XSECnew(b64Buffer, unsigned char[bufLen + 1]);// Overkill
+ ArrayJanitor<unsigned char> j_b64Buffer(b64Buffer);
+
+ b64->encodeInit();
+ int outputLen = b64->encode (&buf2[8], offset-8, b64Buffer, bufLen);
+ outputLen += b64->encodeFinish(&b64Buffer[outputLen], bufLen - outputLen);
+ b64Buffer[outputLen] = '\0';
+
+ // Copy to safebuffer
+ result.sbStrcpyIn((const char *) b64Buffer);
+
+ return true;
+
+}
// --------------------------------------------------------------------------------
// InputStream decryption
@@ -562,6 +685,10 @@
}
+ else if (skt == XSECCryptoSymmetricKey::KEY_3DES_192) {
+ return unwrapKey3DES(cipherText, key, result);
+ }
+
else {
throw XSECException(XSECException::CipherError,
"XENCAlgorithmHandlerDefault::decryptToSafeBuffer - don't know how to do key wrap for algorithm");
@@ -719,6 +846,10 @@
return wrapKeyAES(plainText, key, result);
+ }
+
+ if (skt == XSECCryptoSymmetricKey::KEY_3DES_192) {
+ return wrapKey3DES(plainText, key, result);
}
else {
1.5 +9 -2 xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.hpp
Index: XENCAlgorithmHandlerDefault.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCAlgorithmHandlerDefault.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- XENCAlgorithmHandlerDefault.hpp 19 Oct 2003 12:50:35 -0000 1.4
+++ XENCAlgorithmHandlerDefault.hpp 2 Nov 2003 23:11:30 -0000 1.5
@@ -143,11 +143,18 @@
TXFMChain * cipherText,
XSECCryptoKey * key,
safeBuffer & result);
+ unsigned int unwrapKey3DES(
+ TXFMChain * cipherText,
+ XSECCryptoKey * key,
+ safeBuffer & result);
bool wrapKeyAES(
TXFMChain * cipherText,
XSECCryptoKey * key,
safeBuffer & result);
-
+ bool wrapKey3DES(
+ TXFMChain * cipherText,
+ XSECCryptoKey * key,
+ safeBuffer & result);
};
1.12 +2 -1 xml-security/c/src/xenc/impl/XENCCipherImpl.cpp
Index: XENCCipherImpl.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherImpl.cpp,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- XENCCipherImpl.cpp 26 Oct 2003 10:32:33 -0000 1.11
+++ XENCCipherImpl.cpp 2 Nov 2003 23:11:30 -0000 1.12
@@ -191,6 +191,7 @@
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_AES128, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_AES192, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_AES256, def);
+ XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIKW_3DES, def);
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_1_5, def);
}