You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/10/29 07:29:50 UTC
svn commit: r589513 - in /webservices/rampart/trunk/c: include/
src/omxmlsec/ src/omxmlsec/openssl/ src/omxmlsec/tokens/
Author: kaushalye
Date: Sun Oct 28 23:29:49 2007
New Revision: 589513
URL: http://svn.apache.org/viewvc?rev=589513&view=rev
Log:
p_sha1 implementation and token derivation (patch for RAMPARTC-37:https://issues.apache.org/jira/secure/attachment/12368581/key_derivation.patch)
Added:
webservices/rampart/trunk/c/src/omxmlsec/tokens/token_label.c
Modified:
webservices/rampart/trunk/c/include/openssl_constants.h
webservices/rampart/trunk/c/include/openssl_hmac.h
webservices/rampart/trunk/c/include/oxs_error.h
webservices/rampart/trunk/c/include/oxs_key.h
webservices/rampart/trunk/c/include/oxs_tokens.h
webservices/rampart/trunk/c/src/omxmlsec/derivation.c
webservices/rampart/trunk/c/src/omxmlsec/key.c
webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c
webservices/rampart/trunk/c/src/omxmlsec/tokens/Makefile.am
Modified: webservices/rampart/trunk/c/include/openssl_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/openssl_constants.h?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/openssl_constants.h (original)
+++ webservices/rampart/trunk/c/include/openssl_constants.h Sun Oct 28 23:29:49 2007
@@ -53,6 +53,9 @@
#define OPENSSL_DEFAULT_IV16 "0123456701234567"
#define OPENSSL_DEFAULT_IV24 "012345670123456701234567"
+#define OPENSSL_DEFAULT_LABEL_FOR_PSHA1 "WS-SecureConversation"
+#define OPENSSL_DEFAULT_KEY_LEN_FOR_PSHA1 32
+#define OPENSSL_DEFAULT_KEY_OFFSET_FOR_PSHA1 0
/** @} */
#ifdef __cplusplus
Modified: webservices/rampart/trunk/c/include/openssl_hmac.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/openssl_hmac.h?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/openssl_hmac.h (original)
+++ webservices/rampart/trunk/c/include/openssl_hmac.h Sun Oct 28 23:29:49 2007
@@ -44,6 +44,16 @@
oxs_key_t *secret,
oxs_buffer_t *input,
oxs_buffer_t *output);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ openssl_p_sha1(const axutil_env_t *env,
+ oxs_key_t *secret,
+ oxs_buffer_t *label,
+ oxs_buffer_t *seed,
+ unsigned int length,
+ unsigned int offset,
+ oxs_key_t *derived_key);
+
/* @} */
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/include/oxs_error.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_error.h?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_error.h (original)
+++ webservices/rampart/trunk/c/include/oxs_error.h Sun Oct 28 23:29:49 2007
@@ -63,6 +63,7 @@
#define OXS_ERROR_TRANSFORM_FAILED 12
#define OXS_ERROR_SIGN_FAILED 13
#define OXS_ERROR_SIG_VERIFICATION_FAILED 14
+#define OXS_ERROR_KEY_DERIVATION_FAILED 15
typedef struct _oxs_error_description oxs_error_description, *oxs_error_description_ptr;
Modified: webservices/rampart/trunk/c/include/oxs_key.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_key.h?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_key.h (original)
+++ webservices/rampart/trunk/c/include/oxs_key.h Sun Oct 28 23:29:49 2007
@@ -82,6 +82,18 @@
oxs_key_get_nonce(
const oxs_key_t *key,
const axutil_env_t *env);
+
+ /**
+ * Gets the label of the key.
+ * @param key oxs_key ptr to key
+ * @param env pointer to environment struct
+ * @return label of the key
+ */
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ oxs_key_get_label(
+ const oxs_key_t *key,
+ const axutil_env_t *env);
+
/**
* Gets the size of the key.
* @param key oxs_key ptr to key
@@ -150,6 +162,12 @@
oxs_key_t *key,
const axutil_env_t *env,
axis2_char_t *nonce);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ oxs_key_set_label(
+ oxs_key_t *key,
+ const axutil_env_t *env,
+ axis2_char_t *label);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_key_set_offset(
Modified: webservices/rampart/trunk/c/include/oxs_tokens.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_tokens.h?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_tokens.h (original)
+++ webservices/rampart/trunk/c/include/oxs_tokens.h Sun Oct 28 23:29:49 2007
@@ -542,6 +542,20 @@
oxs_token_get_nonce_value(const axutil_env_t *env,
axiom_node_t *nonce_node);
+ /**
+ * Creates <wsc:Label> element
+ */
+ AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+ oxs_token_build_label_element(const axutil_env_t *env,
+ axiom_node_t *parent,
+ axis2_char_t* label);
+ /**
+ * Gets value from <wsc:Label> element
+ */
+ AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+ oxs_token_get_label_value(const axutil_env_t *env,
+ axiom_node_t *label_node);
+
/**
Modified: webservices/rampart/trunk/c/src/omxmlsec/derivation.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/derivation.c?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/derivation.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/derivation.c Sun Oct 28 23:29:49 2007
@@ -38,9 +38,11 @@
axiom_node_t *nonce_token = NULL;
axiom_node_t *offset_token = NULL;
axiom_node_t *length_token = NULL;
+ axiom_node_t *label_token = NULL;
axis2_char_t *dk_id = NULL;
axis2_char_t *nonce = NULL;
+ axis2_char_t *label = NULL;
int offset = -1;
int length = 0;
@@ -65,6 +67,11 @@
if(nonce){
nonce_token = oxs_token_build_nonce_element(env, dk_token, nonce);
}
+ /*Create label*/
+ label = oxs_key_get_label(derived_key, env);
+ if(label){
+ label_token = oxs_token_build_label_element(env, dk_token, label);
+ }
return dk_token;
}
@@ -78,22 +85,10 @@
)
{
axis2_status_t status = AXIS2_FAILURE;
- axis2_char_t *dk_id = NULL;
- /*TODO Concatenate the seed and label*/
-
- /*TODO P_SHA1 (secret, label + seed)*/
-
- /*TODO Populate the derived key. What we do here is fake. We use the same key ;-)*/
- dk_id = oxs_util_generate_id(env, (axis2_char_t*)OXS_DERIVED_ID);
- status = oxs_key_populate(derived_key, env,
- oxs_key_get_data(secret, env),
- dk_id,
- oxs_key_get_size(secret, env),
- oxs_key_get_usage(secret, env));
-
- oxs_key_set_nonce(derived_key, env, oxs_util_generate_nonce(env, 16)); /*Nonce length*/
- oxs_key_set_offset(derived_key, env, 0); /*Default ??*/
+ /*TODO check for derivation algorithm*/
+ status = openssl_p_sha1(env, secret, label, seed, OPENSSL_DEFAULT_KEY_LEN_FOR_PSHA1,
+ OPENSSL_DEFAULT_KEY_OFFSET_FOR_PSHA1, derived_key);
return status;
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/key.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/key.c?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/key.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/key.c Sun Oct 28 23:29:49 2007
@@ -31,6 +31,7 @@
int usage;
axis2_char_t *nonce; /*Specially added for WS-Secure Conversation*/
+ axis2_char_t *label; /*Specially added for WS-Secure Conversation*/
int offset; /*Specially added for WS-Secure Conversation*/
};
@@ -66,6 +67,16 @@
return key->nonce;
}
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+oxs_key_get_label(
+ const oxs_key_t *key,
+ const axutil_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, NULL);
+
+ return key->label;
+}
+
AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
oxs_key_get_buffer(const oxs_key_t *key,
const axutil_env_t *env)
@@ -144,6 +155,24 @@
return AXIS2_SUCCESS;
}
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_key_set_label(
+ oxs_key_t *key,
+ const axutil_env_t *env,
+ axis2_char_t *label)
+{
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, label, AXIS2_FAILURE);
+
+ if (key->label)
+ {
+ AXIS2_FREE(env->allocator, key->label);
+ key->label = NULL;
+ }
+ key->label = axutil_strdup(env, label);
+ return AXIS2_SUCCESS;
+}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_key_set_usage(
Modified: webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c Sun Oct 28 23:29:49 2007
@@ -21,6 +21,7 @@
#include <openssl_hmac.h>
#include <axutil_base64.h>
#include <axis2_util.h>
+#include <openssl_constants.h>
/**
@@ -64,4 +65,147 @@
return AXIS2_SUCCESS;
}
+/*
+ * Borrowed from openssl library. Thankyou
+ */
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_p_hash(const axutil_env_t *env,
+ oxs_key_t *secret,
+ unsigned char *seed,
+ unsigned int seed_len,
+ unsigned char *output,
+ unsigned int output_len)
+{
+ int chunk;
+ unsigned int j;
+ HMAC_CTX ctx;
+ HMAC_CTX ctx_tmp;
+ unsigned char A1[EVP_MAX_MD_SIZE];
+ unsigned int A1_len;
+
+ if(!secret)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_KEY_DERIVATION_FAILED,"[oxs][openssl] No key to derive ");
+ return AXIS2_FAILURE;
+ }
+
+ if(!seed)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_KEY_DERIVATION_FAILED,"[oxs][openssl] lable+seed is empty ");
+ return AXIS2_FAILURE;
+ }
+
+ if(!output)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_KEY_DERIVATION_FAILED,"[oxs][openssl] The buffer to place hash is NULL ");
+ return AXIS2_FAILURE;
+ }
+
+ chunk=EVP_MD_size(EVP_sha1());
+
+ HMAC_CTX_init(&ctx);
+ HMAC_CTX_init(&ctx_tmp);
+ HMAC_Init_ex(&ctx, oxs_key_get_data(secret, env), oxs_key_get_size(secret, env), EVP_sha1(), NULL);
+ HMAC_Init_ex(&ctx_tmp, oxs_key_get_data(secret, env), oxs_key_get_size(secret, env), EVP_sha1(), NULL);
+ HMAC_Update(&ctx, seed, seed_len);
+ HMAC_Final(&ctx, A1, &A1_len);
+
+ for (;;)
+ {
+ HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL); /* re-init */
+ HMAC_Init_ex(&ctx_tmp, NULL, 0, NULL, NULL); /* re-init */
+ HMAC_Update(&ctx, A1, A1_len);
+ HMAC_Update(&ctx_tmp, A1, A1_len);
+ HMAC_Update(&ctx, seed, seed_len);
+
+ if (output_len > chunk)
+ {
+ HMAC_Final(&ctx, output, &j);
+ output+=j;
+ output_len-=j;
+ HMAC_Final(&ctx_tmp, A1, &A1_len); /* calc the next A1 value */
+ }
+ else /* last one */
+ {
+ HMAC_Final(&ctx, A1, &A1_len);
+ memcpy(output, A1, output_len);
+ break;
+ }
+ }
+ HMAC_CTX_cleanup(&ctx);
+ HMAC_CTX_cleanup(&ctx_tmp);
+ OPENSSL_cleanse(A1,sizeof(A1));
+
+ return AXIS2_SUCCESS;
+}
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_p_sha1(const axutil_env_t *env,
+ oxs_key_t *secret,
+ oxs_buffer_t *label,
+ oxs_buffer_t *seed,
+ unsigned int length,
+ unsigned int offset,
+ oxs_key_t *derived_key)
+{
+ oxs_buffer_t *label_and_seed = NULL;
+ unsigned int key_len = 0;
+ unsigned char *output = NULL;
+ axis2_char_t *dk_id = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ if(!derived_key)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_KEY_DERIVATION_FAILED,"[oxs][openssl] derived key is null ");
+ return status;
+ }
+
+ if (!secret)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_KEY_DERIVATION_FAILED,"[oxs][openssl] secret is not valid ");
+ return status;
+ }
+
+ if (!length)
+ {
+ length = OPENSSL_DEFAULT_KEY_LEN_FOR_PSHA1;
+ }
+
+ label_and_seed = oxs_buffer_create(env);
+
+ if((!label) || (!oxs_buffer_get_size(label, env)))
+ {
+ oxs_buffer_append(label_and_seed, env, (unsigned char*)OPENSSL_DEFAULT_LABEL_FOR_PSHA1, axutil_strlen(OPENSSL_DEFAULT_LABEL_FOR_PSHA1));
+ oxs_key_set_label(derived_key, env, OPENSSL_DEFAULT_LABEL_FOR_PSHA1);
+ }
+ else
+ {
+ oxs_buffer_append(label_and_seed, env, oxs_buffer_get_data(label, env), oxs_buffer_get_size(label, env));
+ oxs_key_set_label(derived_key, env, (axis2_char_t*)oxs_buffer_get_data(label, env));
+ }
+
+ if ((!seed) || (!oxs_buffer_get_size(seed, env)))
+ {
+ oxs_key_set_nonce(derived_key, env, (axis2_char_t*)oxs_util_generate_nonce(env, 16));
+ oxs_buffer_append(label_and_seed, env, (unsigned char*)oxs_key_get_nonce(derived_key, env), axutil_base64_encode_len(16));
+ }
+ else
+ {
+ oxs_buffer_append(label_and_seed, env, oxs_buffer_get_data(seed, env), oxs_buffer_get_size(seed, env));
+ oxs_key_set_nonce(derived_key, env, (axis2_char_t*)oxs_buffer_get_data(seed, env));
+ }
+ oxs_key_set_offset(derived_key, env, offset);
+
+ key_len = length + offset;
+ output = (unsigned char*)AXIS2_MALLOC(env->allocator, key_len + 1);
+ status = openssl_p_hash(env, secret, oxs_buffer_get_data(label_and_seed, env), oxs_buffer_get_size(label_and_seed, env), output, key_len);
+ output = (unsigned char*)axutil_string_substring_starting_at((axis2_char_t*)output, offset);
+ dk_id = (axis2_char_t*)oxs_util_generate_id(env, (axis2_char_t*)OXS_DERIVED_ID);
+
+ status = status && oxs_key_populate(derived_key, env, (unsigned char*)output, dk_id, length, oxs_key_get_usage(secret, env));
+ AXIS2_FREE(env->allocator, output);
+ AXIS2_FREE(env->allocator, dk_id);
+ oxs_buffer_free(label_and_seed, env);
+
+ return status;
+}
Modified: webservices/rampart/trunk/c/src/omxmlsec/tokens/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/tokens/Makefile.am?rev=589513&r1=589512&r2=589513&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/tokens/Makefile.am (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/tokens/Makefile.am Sun Oct 28 23:29:49 2007
@@ -9,7 +9,7 @@
token_c14n_method.c token_signature_method.c token_digest_method.c token_digest_value.c \
token_transform.c token_transforms.c token_signature.c token_ds_reference.c \
token_x509_certificate.c token_signature_confirmation.c token_derived_key_token.c \
- token_properties.c token_generation.c token_length.c token_nonce.c token_offset.c
+ token_properties.c token_generation.c token_length.c token_nonce.c token_offset.c token_label.c
INCLUDES = -I$(top_builddir)/include \
Added: webservices/rampart/trunk/c/src/omxmlsec/tokens/token_label.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/tokens/token_label.c?rev=589513&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/tokens/token_label.c (added)
+++ webservices/rampart/trunk/c/src/omxmlsec/tokens/token_label.c Sun Oct 28 23:29:49 2007
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <oxs_constants.h>
+#include <oxs_error.h>
+#include <oxs_tokens.h>
+#include <axiom_element.h>
+#include <oxs_axiom.h>
+
+
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+oxs_token_get_label_value(const axutil_env_t *env,
+ axiom_node_t *label_node)
+{
+ axis2_char_t *value = NULL;
+ value = (axis2_char_t*)oxs_axiom_get_node_content(env, label_node);
+ return value;
+
+}
+
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+oxs_token_build_label_element(const axutil_env_t *env,
+ axiom_node_t *parent,
+ axis2_char_t* label_val
+ )
+{
+ axiom_node_t *label_node = NULL;
+ axiom_element_t *label_ele = NULL;
+ axis2_status_t ret;
+ axiom_namespace_t *ns_obj = NULL;
+
+ ns_obj = axiom_namespace_create(env, OXS_WSC_NS,
+ OXS_WSC);
+
+ label_ele = axiom_element_create(env, parent, OXS_NODE_LABEL, ns_obj, &label_node);
+ if (!label_ele)
+ {
+ oxs_error(env, ERROR_LOCATION,
+ OXS_ERROR_ELEMENT_FAILED, "Error creating %s element", OXS_NODE_LABEL);
+ return NULL;
+ }
+
+ if (label_val)
+ {
+ ret = axiom_element_set_text(label_ele, env, label_val, label_node);
+ }
+
+ return label_node;
+
+}
+