You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2017/12/15 21:13:08 UTC
svn commit: r1818339 [1/2] - in /santuario/xml-security-cpp/trunk/xsec: enc/
enc/NSS/ enc/OpenSSL/ enc/WinCAPI/ tools/xtest/ xenc/ xenc/impl/
Author: scantor
Date: Fri Dec 15 21:13:08 2017
New Revision: 1818339
URL: http://svn.apache.org/viewvc?rev=1818339&view=rev
Log:
Move OAEP parameter handling out of key interface.
Modified:
santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.cpp
santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.hpp
santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp
santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp
santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp
santuario/xml-security-cpp/trunk/xsec/enc/XSECCryptoKeyRSA.hpp
santuario/xml-security-cpp/trunk/xsec/tools/xtest/xtest.cpp
santuario/xml-security-cpp/trunk/xsec/xenc/XENCCipher.hpp
santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp
santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCCipherImpl.cpp
santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCCipherImpl.hpp
Modified: santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.cpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.cpp Fri Dec 15 21:13:08 2017
@@ -105,36 +105,6 @@ XSECCryptoKey::KeyType NSSCryptoKeyRSA::
return KEY_RSA_PUBLIC;
}
-// --------------------------------------------------------------------------------
-// Set OAEP parameters
-// --------------------------------------------------------------------------------
-
-void NSSCryptoKeyRSA::setOAEPparams(unsigned char* params, unsigned int paramsLen) {
-
- if (params != NULL && paramsLen != 0) {
-
- throw XSECCryptoException(XSECCryptoException::UnsupportedError,
- "NSS::setOAEPParams - OAEP parameters are not supported by NSS");
-
- }
-}
-
-// --------------------------------------------------------------------------------
-// Get OAEP parameters length
-// --------------------------------------------------------------------------------
-
-unsigned int NSSCryptoKeyRSA::getOAEPparamsLen() const {
- return 0;
-}
-
-// --------------------------------------------------------------------------------
-// Get OAEP parameters
-// --------------------------------------------------------------------------------
-
-const unsigned char * NSSCryptoKeyRSA::getOAEPparams() const {
- return NULL;
-}
-
// --------------------------------------------------------------------------------
// Load modulus
@@ -490,7 +460,9 @@ unsigned int NSSCryptoKeyRSA::privateDec
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI,
- const XMLCh* mgfURI) const {
+ const XMLCh* mgfURI,
+ unsigned char* params,
+ unsigned int paramslen) const {
// Perform a decrypt
if (mp_privkey == 0) {
@@ -564,7 +536,9 @@ unsigned int NSSCryptoKeyRSA::publicEncr
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI,
- const XMLCh* mgfURI) const {
+ const XMLCh* mgfURI,
+ unsigned char* params,
+ unsigned int paramslen) const {
// Perform an encrypt
if (mp_pubkey == 0) {
Modified: santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.hpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/NSS/NSSCryptoKeyRSA.hpp Fri Dec 15 21:13:08 2017
@@ -102,44 +102,6 @@ public :
*/
//@{
- /**
- * \brief Set the OAEPparams string
- *
- * By default, the library expects crypto implementations to perform
- * OAEP padding with no params. This call allows the library (or user)
- * to set a params value prior to an encrypt/decrypt operation.
- *
- * @param params buffer containing the params data. Pass in NULL to clear any
- * old paramters.
- * @param paramsLen number of bytes in buffer to use. Pass in 0 to clear any
- * old parameters.
- * @note NSS do not support the ability to set OAEP parameters, so this will
- * throw an XSECCryptoException::UnsupportedError, unless the passed in
- * paramters are NULL and 0 (to clear).
- */
-
- virtual void setOAEPparams(unsigned char* params, unsigned int paramsLen);
-
- /**
- * \brief Get OAEPparams Length
- *
- * @returns the number of bytes of the OAEPparams buffer (assuming it has been set)
- * @note NSS do not support the ability to set OAEP parameters, so this will always
- * return 0
- */
-
- virtual unsigned int getOAEPparamsLen() const;
-
- /**
- * \brief Get the OAEPparams
- *
- * @returns a pointer to the (crypto object owned) buffer holding the OAEPparams
- * or NULL if no params are held
- * @note NSS do not support the ability to set OAEP parameters, so this will always
- * return NULL
- */
-
- virtual const unsigned char* getOAEPparams() const;
/**
* \brief Verify a SHA1 PKCS1 encoded signature
@@ -196,9 +158,10 @@ public :
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int privateDecrypt(const unsigned char* inBuf,
@@ -207,7 +170,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const;
/**
* \brief Encrypt using a public key
@@ -220,9 +185,10 @@ public :
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int publicEncrypt(const unsigned char* inBuf,
@@ -231,7 +197,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const;
/**
* \brief Obtain the length of an RSA key
Modified: santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp Fri Dec 15 21:13:08 2017
@@ -291,11 +291,9 @@ const EVP_MD* getDigestFromHashType(XSEC
OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA() :
- mp_rsaKey(NULL),
- mp_oaepParams(NULL),
- m_oaepParamsLen(0),
- mp_accumE(NULL),
- mp_accumN(NULL)
+ mp_rsaKey(NULL),
+ mp_accumE(NULL),
+ mp_accumN(NULL)
{
};
@@ -305,9 +303,6 @@ OpenSSLCryptoKeyRSA::~OpenSSLCryptoKeyRS
if (mp_rsaKey)
RSA_free(mp_rsaKey);
- if (mp_oaepParams != NULL)
- delete[] mp_oaepParams;
-
if (mp_accumE)
BN_free(mp_accumE);
@@ -316,31 +311,9 @@ OpenSSLCryptoKeyRSA::~OpenSSLCryptoKeyRS
};
const XMLCh* OpenSSLCryptoKeyRSA::getProviderName() const {
- return DSIGConstants::s_unicodeStrPROVOpenSSL;
+ return DSIGConstants::s_unicodeStrPROVOpenSSL;
}
-void OpenSSLCryptoKeyRSA::setOAEPparams(unsigned char* params, unsigned int paramsLen) {
-
- if (mp_oaepParams != NULL) {
- delete[] mp_oaepParams;
- }
-
- m_oaepParamsLen = paramsLen;
- if (params != NULL) {
- XSECnew(mp_oaepParams, unsigned char[paramsLen]);
- memcpy(mp_oaepParams, params, paramsLen);
- }
- else
- mp_oaepParams = NULL;
-}
-
-unsigned int OpenSSLCryptoKeyRSA::getOAEPparamsLen() const {
- return m_oaepParamsLen;
-}
-
-const unsigned char * OpenSSLCryptoKeyRSA::getOAEPparams() const {
- return mp_oaepParams;
-}
// Generic key functions
@@ -428,11 +401,9 @@ void OpenSSLCryptoKeyRSA::commitEN() {
// "Hidden" OpenSSL functions
OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA(EVP_PKEY *k) :
- mp_rsaKey(NULL),
- mp_oaepParams(NULL),
- m_oaepParamsLen(0),
- mp_accumE(NULL),
- mp_accumN(NULL)
+ mp_rsaKey(NULL),
+ mp_accumE(NULL),
+ mp_accumN(NULL)
{
// Create a new key to be loaded as we go
@@ -465,11 +436,11 @@ OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA
// --------------------------------------------------------------------------------
bool OpenSSLCryptoKeyRSA::verifySHA1PKCS1Base64Signature(
- const unsigned char* hashBuf,
- unsigned int hashLen,
- const char * base64Signature,
- unsigned int sigLen,
- XSECCryptoHash::HashType type) const {
+ const unsigned char* hashBuf,
+ unsigned int hashLen,
+ const char * base64Signature,
+ unsigned int sigLen,
+ XSECCryptoHash::HashType type) const {
// Use the currently loaded key to validate the Base64 encoded signature
@@ -584,11 +555,11 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS
unsigned int OpenSSLCryptoKeyRSA::signSHA1PKCS1Base64Signature(
- unsigned char* hashBuf,
+ unsigned char* hashBuf,
unsigned int hashLen,
char * base64SignatureBuf,
unsigned int base64SignatureBufLen,
- XSECCryptoHash::HashType type) const {
+ XSECCryptoHash::HashType type) const {
// Sign a pre-calculated hash using this key
@@ -673,13 +644,15 @@ unsigned int OpenSSLCryptoKeyRSA::signSH
// --------------------------------------------------------------------------------
unsigned int OpenSSLCryptoKeyRSA::privateDecrypt(
- const unsigned char* inBuf,
- unsigned char* plainBuf,
- unsigned int inLength,
- unsigned int maxOutLength,
- PaddingType padding,
- const XMLCh* hashURI,
- const XMLCh* mgfURI) const {
+ const unsigned char* inBuf,
+ unsigned char* plainBuf,
+ unsigned int inLength,
+ unsigned int maxOutLength,
+ PaddingType padding,
+ const XMLCh* hashURI,
+ const XMLCh* mgfURI,
+ unsigned char* params,
+ unsigned int paramslen) const {
// Perform a decrypt
if (mp_rsaKey == NULL) {
@@ -767,8 +740,8 @@ unsigned int OpenSSLCryptoKeyRSA::privat
&tBuf[i],
decryptSize,
num,
- mp_oaepParams,
- m_oaepParamsLen,
+ params,
+ paramslen,
evp_md,
mgf_md);
@@ -805,13 +778,15 @@ unsigned int OpenSSLCryptoKeyRSA::privat
// --------------------------------------------------------------------------------
unsigned int OpenSSLCryptoKeyRSA::publicEncrypt(
- const unsigned char* inBuf,
- unsigned char* cipherBuf,
- unsigned int inLength,
- unsigned int maxOutLength,
- PaddingType padding,
- const XMLCh* hashURI,
- const XMLCh* mgfURI) const {
+ const unsigned char* inBuf,
+ unsigned char* cipherBuf,
+ unsigned int inLength,
+ unsigned int maxOutLength,
+ PaddingType padding,
+ const XMLCh* hashURI,
+ const XMLCh* mgfURI,
+ unsigned char* params,
+ unsigned int paramslen) const {
// Perform an encrypt
if (mp_rsaKey == NULL) {
@@ -876,8 +851,8 @@ unsigned int OpenSSLCryptoKeyRSA::public
// (unsigned char *) inBuf,
//#endif
inLength,
- mp_oaepParams,
- m_oaepParamsLen,
+ params,
+ paramslen,
evp_md,
mgf_md);
@@ -910,7 +885,7 @@ unsigned int OpenSSLCryptoKeyRSA::public
// Size in bytes
// --------------------------------------------------------------------------------
-unsigned int OpenSSLCryptoKeyRSA::getLength(void) const {
+unsigned int OpenSSLCryptoKeyRSA::getLength() const {
if (mp_rsaKey != NULL)
return RSA_size(mp_rsaKey);
@@ -930,16 +905,6 @@ XSECCryptoKey * OpenSSLCryptoKeyRSA::clo
ret->mp_rsaKey = RSA_new();
- if (mp_oaepParams != NULL) {
- XSECnew(ret->mp_oaepParams, unsigned char[m_oaepParamsLen]);
- memcpy(ret->mp_oaepParams, mp_oaepParams, m_oaepParamsLen);
- ret->m_oaepParamsLen = m_oaepParamsLen;
- }
- else {
- ret->mp_oaepParams = NULL;
- ret->m_oaepParamsLen = 0;
- }
-
// Duplicate parameters
const BIGNUM *n=NULL, *e=NULL, *d=NULL;
RSA_get0_key(mp_rsaKey, &n, &e, &d);
Modified: santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp Fri Dec 15 21:13:08 2017
@@ -90,37 +90,6 @@ public :
*/
//@{
- /**
- * \brief Set the OAEPparams string
- *
- * By default, the library expects crypto implementations to perform
- * OAEP padding with no params. This call allows the library (or user)
- * to set a params value prior to an encrypt/decrypt operation.
- *
- * @param params buffer containing the params data. Pass in NULL to clear any
- * old paramters.
- * @param paramsLen number of bytes in buffer to use. Pass in 0 to clear any
- * old parameters.
- */
-
- virtual void setOAEPparams(unsigned char* params, unsigned int paramsLen);
-
- /**
- * \brief Get OAEPparams Length
- *
- * @returns the number of bytes of the OAEPparams buffer (assuming it has been set)
- */
-
- virtual unsigned int getOAEPparamsLen() const;
-
- /**
- * \brief Get the OAEPparams
- *
- * @returns a pointer to the (crypto object owned) buffer holding the OAEPparams
- * or NULL if no params are held
- */
-
- virtual const unsigned char* getOAEPparams() const;
/**
* \brief Verify a SHA1 PKCS1 encoded signature
@@ -177,9 +146,10 @@ public :
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int privateDecrypt(const unsigned char* inBuf,
@@ -188,7 +158,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const;
/**
@@ -202,9 +174,10 @@ public :
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int publicEncrypt(const unsigned char* inBuf,
@@ -213,7 +186,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const;
/**
* \brief Obtain the length of an RSA key
@@ -221,7 +196,7 @@ public :
* @returns The length of the rsa key (in bytes)
*/
- virtual unsigned int getLength(void) const;
+ virtual unsigned int getLength() const;
//@}
@@ -274,21 +249,19 @@ public :
* \brief Get OpenSSL RSA Object
*/
- RSA* getOpenSSLRSA(void) {return mp_rsaKey;}
+ RSA* getOpenSSLRSA() {return mp_rsaKey;}
/**
* \brief Get OpenSSL RSA Object
*/
- const RSA* getOpenSSLRSA(void) const {return mp_rsaKey;}
+ const RSA* getOpenSSLRSA() const {return mp_rsaKey;}
//@}
private:
RSA* mp_rsaKey;
- unsigned char* mp_oaepParams;
- unsigned int m_oaepParamsLen;
BIGNUM *mp_accumE, *mp_accumN;
void setEBase(BIGNUM *eBase);
Modified: santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp Fri Dec 15 21:13:08 2017
@@ -140,25 +140,6 @@ XSECCryptoKey::KeyType WinCAPICryptoKeyR
return KEY_RSA_PUBLIC;
}
-// --------------------------------------------------------------------------------
-// OAEP parameters handling
-// --------------------------------------------------------------------------------
-
-
-void WinCAPICryptoKeyRSA::setOAEPparams(unsigned char * params, unsigned int paramsLen) {
-
- if (params != NULL && paramsLen != 0)
- throw XSECCryptoException(XSECCryptoException::UnsupportedError,
- "WinCAPI::setOAEPParams - OAEP parameters are not supported by Windows Crypto API");
-}
-
-unsigned int WinCAPICryptoKeyRSA::getOAEPparamsLen() const {
- return 0;
-}
-
-const unsigned char * WinCAPICryptoKeyRSA::getOAEPparams() const {
- return NULL;
-}
// --------------------------------------------------------------------------------
// Load key from parameters
@@ -542,7 +523,9 @@ unsigned int WinCAPICryptoKeyRSA::privat
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI,
- const XMLCh* mgfURI) const {
+ const XMLCh* mgfURI,
+ unsigned char* params,
+ unsigned int paramslen) const {
// Perform a decrypt
if (m_key == NULL) {
@@ -585,6 +568,10 @@ unsigned int WinCAPICryptoKeyRSA::privat
throw XSECCryptoException(XSECCryptoException::UnsupportedAlgorithm,
"WinCAPI:RSA - Unsupported OAEP digest algorithm");
}
+ else if (paramsLen > 0) {
+ throw XSECCryptoException(XSECCryptoException::UnsupportedError,
+ "WinCAPI::setOAEPParams - OAEP parameters are not supported by Windows Crypto API");
+ }
if (!CryptDecrypt(m_key,
0,
@@ -619,7 +606,9 @@ unsigned int WinCAPICryptoKeyRSA::public
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI,
- const XMLCh* mgfURI) const {
+ const XMLCh* mgfURI,
+ unsigned char* params,
+ unsigned int paramslen) const {
// Perform an encrypt
if (m_key == 0) {
@@ -663,6 +652,10 @@ unsigned int WinCAPICryptoKeyRSA::public
throw XSECCryptoException(XSECCryptoException::UnsupportedAlgorithm,
"WinCAPI:RSA - Unsupported OAEP MGF algorithm");
}
+ else if (paramsLen > 0) {
+ throw XSECCryptoException(XSECCryptoException::UnsupportedError,
+ "WinCAPI::setOAEPParams - OAEP parameters are not supported by Windows Crypto API");
+ }
if (!CryptEncrypt(m_key,
0, /* No Hash */
Modified: santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp Fri Dec 15 21:13:08 2017
@@ -135,45 +135,6 @@ public :
*/
//@{
- /**
- * \brief Set the OAEPparams string
- *
- * By default, the library expects crypto implementations to perform
- * OAEP padding with no params. This call allows the library (or user)
- * to set a params value prior to an encrypt/decrypt operation.
- *
- * @param params buffer containing the params data. Pass in NULL to clear any
- * old paramters.
- * @param paramsLen number of bytes in buffer to use. Pass in 0 to clear any
- * old parameters.
- * @note The Microsoft Crypto RSA_AES and RSA_FULL providers do not support
- * the ability to set OAEP parameters, so this will throw an
- * XSECCryptoException::UnsupportedError, unless the passed in paramters
- * are NULL and 0 (to clear).
- */
-
- virtual void setOAEPparams(unsigned char* params, unsigned int paramsLen);
-
- /**
- * \brief Get OAEPparams Length
- *
- * @returns the number of bytes of the OAEPparams buffer (assuming it has been set)
- * @note The Microsoft Crypto RSA_AES and RSA_FULL providers do not support
- * the ability to set OAEP parameters, so this will always return 0
- */
-
- virtual unsigned int getOAEPparamsLen() const;
-
- /**
- * \brief Get the OAEPparams
- *
- * @returns a pointer to the (crypto object owned) buffer holding the OAEPparams
- * or NULL if no params are held
- * @note The Microsoft Crypto RSA_AES and RSA_FULL providers do not support
- * the ability to set OAEP parameters, so this will always return NULL
- */
-
- virtual const unsigned char* getOAEPparams() const;
/**
* \brief Verify a SHA1 PKCS1 encoded signature
@@ -231,9 +192,10 @@ public :
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int privateDecrypt(const unsigned char* inBuf,
@@ -242,7 +204,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const;
/**
* \brief Encrypt using a public key
@@ -255,9 +219,10 @@ public :
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int publicEncrypt(const unsigned char* inBuf,
@@ -266,7 +231,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const;
/**
* \brief Obtain the length of an RSA key
Modified: santuario/xml-security-cpp/trunk/xsec/enc/XSECCryptoKeyRSA.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/enc/XSECCryptoKeyRSA.hpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/enc/XSECCryptoKeyRSA.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/enc/XSECCryptoKeyRSA.hpp Fri Dec 15 21:13:08 2017
@@ -98,38 +98,6 @@ public :
//@{
/**
- * \brief Set the OAEPparams string
- *
- * By default, the library expects crypto implementations to perform
- * OAEP padding with no params. This call allows the library (or user)
- * to set a params value prior to an encrypt/decrypt operation.
- *
- * @param params buffer containing the params data. Pass in NULL to clear any
- * old paramters.
- * @param paramsLen number of bytes in buffer to use. Pass in 0 to clear any
- * old parameters.
- */
-
- virtual void setOAEPparams(unsigned char* params, unsigned int paramsLen) = 0;
-
- /**
- * \brief Get OAEPparams Length
- *
- * @returns the number of bytes of the OAEPparams buffer (assuming it has been set)
- */
-
- virtual unsigned int getOAEPparamsLen() const = 0;
-
- /**
- * \brief Get the OAEPparams
- *
- * @returns a pointer to the (crypto object owned) buffer holding the OAEPparams
- * or NULL if no params are held
- */
-
- virtual const unsigned char * getOAEPparams() const = 0;
-
- /**
* \brief Verify a SHA1 PKCS1 encoded signature
*
* The library will call this function to validate an RSA signature
@@ -187,9 +155,10 @@ public :
* @param inLength bytes of cipher text to decrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int privateDecrypt(const unsigned char* inBuf,
@@ -198,7 +167,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const = 0;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const = 0;
/**
* \brief Encrypt using a public key
@@ -211,9 +182,10 @@ public :
* @param inLength bytes of plain text to encrypt
* @param maxOutLength size of outputBuffer
* @param padding Type of padding (PKCS 1.5 or OAEP)
- * @param hashURI Hash Method for OAEP encryption (OAEPParams should be
- * set using setOAEPparams()
+ * @param hashURI Hash Method for OAEP encryption
* @param mgfURI algorithm identifier for OAEP mask generation function
+ * @param params raw OAEP parameter data, if any
+ * @param paramslen OEP parameter length
*/
virtual unsigned int publicEncrypt(const unsigned char* inBuf,
@@ -222,7 +194,9 @@ public :
unsigned int maxOutLength,
PaddingType padding,
const XMLCh* hashURI=NULL,
- const XMLCh* mgfURI=NULL) const = 0;
+ const XMLCh* mgfURI=NULL,
+ unsigned char* params=NULL,
+ unsigned int paramsLen=0) const = 0;
/**
* \brief Obtain the length of an RSA key
@@ -230,7 +204,7 @@ public :
* @returns The length of the rsa key (in bytes)
*/
- virtual unsigned int getLength(void) const = 0;
+ virtual unsigned int getLength() const = 0;
//@}
@@ -272,6 +246,4 @@ public :
};
-
-
#endif /* XSECCRYPTOKEYRSA_INCLUDE */
Modified: santuario/xml-security-cpp/trunk/xsec/tools/xtest/xtest.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/tools/xtest/xtest.cpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/tools/xtest/xtest.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/tools/xtest/xtest.cpp Fri Dec 15 21:13:08 2017
@@ -1871,7 +1871,14 @@ void unitTestSmallElement(DOMImplementat
}
-void unitTestKeyEncrypt(DOMImplementation* impl, XSECCryptoKey* k, const XMLCh* algorithm, const XMLCh* mgf=NULL) {
+void unitTestKeyEncrypt(
+ DOMImplementation* impl,
+ XSECCryptoKey* k,
+ const XMLCh* algorithm,
+ const XMLCh* mgf=NULL,
+ unsigned char* oaepParams=NULL,
+ unsigned int oaepParamsLen=0
+ ) {
// Create a document that we will embed the encrypted key in
DOMDocument *doc = impl->createDocument(
@@ -1902,7 +1909,9 @@ void unitTestKeyEncrypt(DOMImplementatio
cipher->setKEK(k);
XENCEncryptedKey * encryptedKey;
- encryptedKey = cipher->encryptKey(toEncryptStr, (unsigned int) strlen((char *) toEncryptStr), algorithm, mgf);
+ encryptedKey = cipher->encryptKey(
+ toEncryptStr, (unsigned int) strlen((char *) toEncryptStr), algorithm, mgf, oaepParams, oaepParamsLen
+ );
Janitor<XENCEncryptedKey> j_encryptedKey(encryptedKey);
rootElem->appendChild(encryptedKey->getElement());
@@ -1992,8 +2001,8 @@ void unitTestEncrypt(DOMImplementation *
cerr << "RSA OAEP key wrap + params... ";
k = new OpenSSLCryptoKeyRSA(pk);
- k->setOAEPparams(s_tstOAEPparams, (unsigned int) strlen((char *) s_tstOAEPparams));
- unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, DSIGConstants::s_unicodeStrURIMGF1_SHA1);
+ unitTestKeyEncrypt(impl, k, DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, DSIGConstants::s_unicodeStrURIMGF1_SHA1,
+ s_tstOAEPparams, (unsigned int) strlen((char *) s_tstOAEPparams));
cerr << "RSA OAEP 1.1 key wrap... ";
k = new OpenSSLCryptoKeyRSA(pk);
Modified: santuario/xml-security-cpp/trunk/xsec/xenc/XENCCipher.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/xenc/XENCCipher.hpp?rev=1818339&r1=1818338&r2=1818339&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/xenc/XENCCipher.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/xenc/XENCCipher.hpp Fri Dec 15 21:13:08 2017
@@ -108,8 +108,8 @@ public:
* not a valid EncryptedData DOM structure.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * decryptElement(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* decryptElement(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* element
) = 0;
/**
@@ -127,8 +127,8 @@ public:
* not a valid EncryptedData DOM structure.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * decryptElementDetached(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* decryptElementDetached(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* element
) = 0;
/**
@@ -150,7 +150,7 @@ public:
* not a valid EncryptedData DOM structure.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * decryptElement() = 0;
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* decryptElement() = 0;
/**
* \brief Decrypt currently loaded element without replacing it.
@@ -170,7 +170,7 @@ public:
* not a valid EncryptedData DOM structure.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * decryptElementDetached() = 0;
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* decryptElementDetached() = 0;
/**
* \brief Decrypt the nominated element and put the output to an InputStream.
@@ -189,8 +189,8 @@ public:
* not a valid EncryptedData DOM structure.
*/
- virtual XSECBinTXFMInputStream * decryptToBinInputStream(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
+ virtual XSECBinTXFMInputStream* decryptToBinInputStream(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* element
) = 0;
/**
@@ -205,8 +205,8 @@ public:
*/
virtual int decryptKey(
- XENCEncryptedKey * encryptedKey,
- XMLByte * rawKey,
+ XENCEncryptedKey* encryptedKey,
+ XMLByte* rawKey,
int maxKeySize
) = 0;
@@ -223,8 +223,8 @@ public:
*/
virtual int decryptKey(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * keyNode,
- XMLByte * rawKey,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* keyNode,
+ XMLByte* rawKey,
int maxKeySize
) = 0;
@@ -247,9 +247,9 @@ public:
* @throws XSECException if the encryption fails.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * encryptElement(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
- const XMLCh * algorithmURI
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* encryptElement(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* element,
+ const XMLCh* algorithmURI
) = 0;
/**
@@ -266,9 +266,9 @@ public:
* @throws XSECException if the encryption fails.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * encryptElementDetached(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
- const XMLCh * algorithmURI
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* encryptElementDetached(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* element,
+ const XMLCh* algorithmURI
) = 0;
/**
@@ -286,9 +286,9 @@ public:
* @throws XSECException if the encryption fails.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * encryptElementContent(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
- const XMLCh * algorithmURI
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* encryptElementContent(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* element,
+ const XMLCh* algorithmURI
) = 0;
/**
@@ -307,9 +307,9 @@ public:
* @throws XSECException if the encryption fails.
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * encryptElementContentDetached(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
- const XMLCh * algorithmURI
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* encryptElementContentDetached(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* element,
+ const XMLCh* algorithmURI
) = 0;
/**
@@ -321,6 +321,8 @@ public:
* @param keyLen Bytes to encrypt
* @param algorithmURI algorithm URI to set
* @param mgfURI RSA-OAEP mask generation algorithm
+ * @param oaepParams RSA-OAEP parameters, if any
+ * @param oaepParamsLen RSA-OAEP parameter length
*
* @returns The EncryptedKey element
*/
@@ -329,7 +331,9 @@ public:
const unsigned char* keyBuffer,
unsigned int keyLen,
const XMLCh* algorithmURI,
- const XMLCh* mgfURI=NULL
+ const XMLCh* mgfURI=NULL,
+ unsigned char* oaepParams=NULL,
+ unsigned int oaepParamsLen=0
) = 0;
/**
@@ -344,9 +348,9 @@ public:
* @returns the EncryptedData element containing the CipherValue of the data
*/
- virtual XENCEncryptedData * encryptBinInputStream(
- XERCES_CPP_NAMESPACE_QUALIFIER BinInputStream * plainText,
- const XMLCh * algorithmURI
+ virtual XENCEncryptedData* encryptBinInputStream(
+ XERCES_CPP_NAMESPACE_QUALIFIER BinInputStream* plainText,
+ const XMLCh* algorithmURI
) = 0;
/**
@@ -364,9 +368,9 @@ public:
* @returns the EncryptedData element containing the CipherValue of the data
*/
- virtual XENCEncryptedData * encryptTXFMChain(
- TXFMChain * plainText,
- const XMLCh * algorithmURI
+ virtual XENCEncryptedData* encryptTXFMChain(
+ TXFMChain* plainText,
+ const XMLCh* algorithmURI
) = 0;
//@}
@@ -382,7 +386,7 @@ public:
* @returns The DOMDocument that is used by this object
*/
- virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * getDocument() const = 0;
+ virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* getDocument() const = 0;
/**
* \brief Get namespace prefix for XENC nodes
@@ -393,7 +397,7 @@ public:
* @returns XENC namespace prefix
*/
- virtual const XMLCh * getXENCNSPrefix() const = 0;
+ virtual const XMLCh* getXENCNSPrefix() const = 0;
/**
* \brief Get the EncryptedData element
@@ -404,7 +408,7 @@ public:
* @returns The last used EncryptedData
*/
- virtual XENCEncryptedData * getEncryptedData() const = 0;
+ virtual XENCEncryptedData* getEncryptedData() const = 0;
/**
* \brief Tell caller whether PrettyPrinting is active
@@ -444,7 +448,7 @@ public:
* @note This function will take ownership of the key and delete it when done.
*/
- virtual void setKey(XSECCryptoKey * key) = 0;
+ virtual void setKey(XSECCryptoKey* key) = 0;
/**
* \brief Set Key Encryption Key for next operation
@@ -459,7 +463,7 @@ public:
* @note This function will take ownership of the key and delete it when done.
*/
- virtual void setKEK(XSECCryptoKey * key) = 0;
+ virtual void setKEK(XSECCryptoKey* key) = 0;
/**
* \brief Register a KeyInfoResolver
@@ -475,7 +479,7 @@ public:
*
*/
- virtual void setKeyInfoResolver(const XSECKeyInfoResolver * resolver) = 0;
+ virtual void setKeyInfoResolver(const XSECKeyInfoResolver* resolver) = 0;
/**
* \brief Set prefix for XENC nodes
@@ -484,7 +488,7 @@ public:
* nodes in the XENC namespace
*/
- virtual void setXENCNSPrefix(const XMLCh * prefix) = 0;
+ virtual void setXENCNSPrefix(const XMLCh* prefix) = 0;
/**
* \brief Set Pretty Print
@@ -539,9 +543,9 @@ public:
* @returns An XENCEncryptedData object
*/
- virtual XENCEncryptedData * createEncryptedData(XENCCipherData::XENCCipherDataType type,
- const XMLCh * algorithm,
- const XMLCh * value) = 0;
+ virtual XENCEncryptedData* createEncryptedData(XENCCipherData::XENCCipherDataType type,
+ const XMLCh* algorithm,
+ const XMLCh* value) = 0;
/**
* \brief Load an EncryptedKey element
@@ -554,8 +558,8 @@ public:
* node.
*/
- virtual XENCEncryptedKey * loadEncryptedKey(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * keyNode
+ virtual XENCEncryptedKey* loadEncryptedKey(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* keyNode
) = 0;
/**
@@ -572,8 +576,8 @@ public:
* node.
*/
- virtual XENCEncryptedData * loadEncryptedData(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * dataNode
+ virtual XENCEncryptedData* loadEncryptedData(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* dataNode
) = 0;