You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2011/11/18 12:35:59 UTC
svn commit: r1203606 - in /santuario/xml-security-java/trunk: ./
src/main/java/org/apache/xml/security/algorithms/
src/main/java/org/apache/xml/security/encryption/
src/main/java/org/apache/xml/security/resource/
src/main/java/org/apache/xml/security/u...
Author: coheigea
Date: Fri Nov 18 11:35:58 2011
New Revision: 1203606
URL: http://svn.apache.org/viewvc?rev=1203606&view=rev
Log:
[SANTUARIO-288] - Add support for GCM algorithms via a third-party Crypto provider
Modified:
santuario/xml-security-java/trunk/CHANGELOG.txt
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/EncryptionConstants.java
Modified: santuario/xml-security-java/trunk/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/CHANGELOG.txt?rev=1203606&r1=1203605&r2=1203606&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/CHANGELOG.txt (original)
+++ santuario/xml-security-java/trunk/CHANGELOG.txt Fri Nov 18 11:35:58 2011
@@ -1,6 +1,7 @@
Changelog for "Apache xml-security" <http://santuario.apache.org/>
New in v1.5.0-SNAPSHOT
+ Fixed SANTUARIO-288: Add support for GCM algorithms via a third-party Crypto provider.
Fixed SANTUARIO-287: Rename org.jcp package in the 1.5 release.
Fixed SANTUARIO-284: ElementProxy#getTextFromChildElement() doesn't get all of the text if the element contains an entity like &
Fixed SANTUARIO-273: xml:base attribute not processed correctly in C14N11 canonicalization.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java?rev=1203606&r1=1203605&r2=1203606&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java Fri Nov 18 11:35:58 2011
@@ -137,6 +137,12 @@ public class JCEMapper {
XMLCipher.AES_256, new Algorithm("AES", "AES/CBC/ISO10126Padding", 256)
);
algorithmsMap.put(
+ XMLCipher.AES_128_GCM, new Algorithm("AES", "AES/GCM/NoPadding", 128)
+ );
+ algorithmsMap.put(
+ XMLCipher.AES_256_GCM, new Algorithm("AES", "AES/GCM/NoPadding", 256)
+ );
+ algorithmsMap.put(
XMLCipher.RSA_v1dot5, new Algorithm("RSA", "RSA/ECB/PKCS1Padding")
);
algorithmsMap.put(
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1203606&r1=1203605&r2=1203606&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Fri Nov 18 11:35:58 2011
@@ -28,6 +28,7 @@ import java.security.InvalidKeyException
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
@@ -92,6 +93,14 @@ public class XMLCipher {
public static final String AES_192 =
EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192;
+ /** AES 128 GCM Cipher */
+ public static final String AES_128_GCM =
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM;
+
+ /** AES 256 GCM Cipher */
+ public static final String AES_256_GCM =
+ EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM;
+
/** RSA 1.5 Cipher */
public static final String RSA_v1dot5 =
EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15;
@@ -175,7 +184,8 @@ public class XMLCipher {
private static final String ENC_ALGORITHMS = TRIPLEDES + "\n" +
AES_128 + "\n" + AES_256 + "\n" + AES_192 + "\n" + RSA_v1dot5 + "\n" +
RSA_OAEP + "\n" + TRIPLEDES_KeyWrap + "\n" + AES_128_KeyWrap + "\n" +
- AES_256_KeyWrap + "\n" + AES_192_KeyWrap+ "\n";
+ AES_256_KeyWrap + "\n" + AES_192_KeyWrap + "\n" +
+ AES_128_GCM + "\n" + AES_256_GCM + "\n";
/** Cipher created during initialisation that is used for encryption */
private Cipher contextCipher;
@@ -216,6 +226,8 @@ public class XMLCipher {
// (part of an UNWRAP operation)
private EncryptedData ed;
+ private SecureRandom random;
+
/**
* Set the Serializer algorithm to use
*/
@@ -314,6 +326,8 @@ public class XMLCipher {
algorithm.equals(AES_128) ||
algorithm.equals(AES_256) ||
algorithm.equals(AES_192) ||
+ algorithm.equals(AES_128_GCM) ||
+ algorithm.equals(AES_256_GCM) ||
algorithm.equals(RSA_v1dot5) ||
algorithm.equals(RSA_OAEP) ||
algorithm.equals(TRIPLEDES_KeyWrap) ||
@@ -1022,11 +1036,23 @@ public class XMLCipher {
// Now perform the encryption
try {
- // Should internally generate an IV
- // todo - allow user to set an IV
- c.init(cipherMode, key);
+ // The Spec mandates a 96-bit IV for GCM algorithms
+ if (AES_128_GCM.equals(algorithm) || AES_256_GCM.equals(algorithm)) {
+ if (random == null) {
+ random = SecureRandom.getInstance("SHA1PRNG");
+ random.setSeed(System.nanoTime());
+ }
+ byte[] temp = new byte[12];
+ random.nextBytes(temp);
+ IvParameterSpec paramSpec = new IvParameterSpec(temp);
+ c.init(cipherMode, key, paramSpec);
+ } else {
+ c.init(cipherMode, key);
+ }
} catch (InvalidKeyException ike) {
throw new XMLEncryptionException("empty", ike);
+ } catch (NoSuchAlgorithmException ex) {
+ throw new XMLEncryptionException("empty", ex);
}
try {
@@ -1526,6 +1552,10 @@ public class XMLCipher {
// This should probably be put into the JCE mapper.
int ivLen = c.getBlockSize();
+ String alg = encryptedData.getEncryptionMethod().getAlgorithm();
+ if (AES_128_GCM.equals(alg) || AES_256_GCM.equals(alg)) {
+ ivLen = 12;
+ }
byte[] ivBytes = new byte[ivLen];
// You may be able to pass the entire piece in to IvParameterSpec
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/resource/config.xml?rev=1203606&r1=1203605&r2=1203606&view=diff
==============================================================================
Binary files - no diff available.
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/EncryptionConstants.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/EncryptionConstants.java?rev=1203606&r1=1203605&r2=1203606&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/EncryptionConstants.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/EncryptionConstants.java Fri Nov 18 11:35:58 2011
@@ -137,6 +137,14 @@ public class EncryptionConstants {
/** Block Encryption - OPTIONAL AES-192 */
public static final String ALGO_ID_BLOCKCIPHER_AES192 =
EncryptionConstants.EncryptionSpecNS + "aes192-cbc";
+
+ /** Block Encryption - OPTIONAL AES-128-GCM */
+ public static final String ALGO_ID_BLOCKCIPHER_AES128_GCM =
+ "http://www.w3.org/2009/xmlenc11#aes128-gcm";
+
+ /** Block Encryption - OPTIONAL AES-256-GCM */
+ public static final String ALGO_ID_BLOCKCIPHER_AES256_GCM =
+ "http://www.w3.org/2009/xmlenc11#aes256-gcm";
/** Key Transport - REQUIRED RSA-v1.5*/
public static final String ALGO_ID_KEYTRANSPORT_RSA15 =