0002-Change-default-key-encryption-padding-algorithm-to-R.patch
bindings/python/tests/profiles_tests.py | ||
---|---|---|
304 | 304 |
idp_login.buildAssertion("None", "None", "None", "None", "None") |
305 | 305 |
idp_login.buildAuthnResponseMsg() |
306 | 306 | |
307 |
def test08(self): |
|
308 |
'''Verify KeyEncryptionMethod support''' |
|
309 |
sp_server = server('sp5-saml2', lasso.PROVIDER_ROLE_IDP, 'idp5-saml2') |
|
310 |
idp_server = server('idp5-saml2', lasso.PROVIDER_ROLE_SP, 'sp5-saml2') |
|
311 | ||
312 |
def run(key_encryption_method=None): |
|
313 |
sp_login = lasso.Login(sp_server) |
|
314 |
sp_login.initAuthnRequest(None, lasso.HTTP_METHOD_REDIRECT) |
|
315 |
sp_login.buildAuthnRequestMsg() |
|
316 | ||
317 |
provider = idp_server.getProvider('http://sp5/metadata') |
|
318 |
provider.setEncryptionMode(lasso.ENCRYPTION_MODE_ASSERTION) |
|
319 | ||
320 |
if key_encryption_method: |
|
321 |
provider.setKeyEncryptionMethod(key_encryption_method) |
|
322 | ||
323 |
idp_login = lasso.Login(idp_server) |
|
324 |
idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1]) |
|
325 |
idp_login.protocolProfile = lasso.LOGIN_PROTOCOL_PROFILE_BRWS_POST |
|
326 |
idp_login.validateRequestMsg(True, True) |
|
327 |
idp_login.buildAssertion("None", "None", "None", "None", "None") |
|
328 |
idp_login.buildAuthnResponseMsg() |
|
329 | ||
330 |
sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE) |
|
331 |
sp_login.processAuthnResponseMsg(idp_login.msgBody) |
|
332 |
sp_login.acceptSso() |
|
333 |
return sp_login.response.debug() |
|
334 | ||
335 |
os.environ['LASSO_DEFAULT_KEY_ENCRYPTION_METHOD'] = 'rsa-pkcs1' |
|
336 |
lasso.init() |
|
337 |
assert 'xmlenc#rsa-1_5' in run() |
|
338 |
assert 'xmlenc#rsa-oaep-mgf1p' not in run() |
|
339 | ||
340 |
os.environ['LASSO_DEFAULT_KEY_ENCRYPTION_METHOD'] = 'rsa-oaep' |
|
341 |
lasso.init() |
|
342 |
assert 'xmlenc#rsa-1_5' not in run() |
|
343 |
assert 'xmlenc#rsa-oaep-mgf1p' in run() |
|
344 | ||
345 |
lasso.setDefaultKeyEncryptionMethod(lasso.KEY_ENCRYPTION_METHOD_PKCS1) |
|
346 |
assert 'xmlenc#rsa-1_5' in run() |
|
347 |
assert 'xmlenc#rsa-oaep-mgf1p' not in run() |
|
348 | ||
349 |
lasso.setDefaultKeyEncryptionMethod(lasso.KEY_ENCRYPTION_METHOD_OAEP) |
|
350 |
assert 'xmlenc#rsa-1_5' not in run() |
|
351 |
assert 'xmlenc#rsa-oaep-mgf1p' in run() |
|
352 | ||
353 |
assert 'xmlenc#rsa-1_5' in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_PKCS1) |
|
354 |
assert 'xmlenc#rsa-oaep-mgf1p' not in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_PKCS1) |
|
355 | ||
356 |
assert 'xmlenc#rsa-1_5' not in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_OAEP) |
|
357 |
assert 'xmlenc#rsa-oaep-mgf1p' in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_OAEP) |
|
358 | ||
307 | 359 | |
308 | 360 |
class LogoutTestCase(unittest.TestCase): |
309 | 361 |
def test01(self): |
configure.ac | ||
---|---|---|
831 | 831 | |
832 | 832 |
AC_DEFINE_UNQUOTED(MIN_HASH_ALGO, "$MIN_HASH_ALGO", ["The minimal hash algorithm"]) |
833 | 833 | |
834 |
AC_ARG_WITH([default-key-encryption-method], |
|
835 |
[AS_HELP_STRING([--with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]], |
|
836 |
[Default key encryption method (rsa-oaep)] |
|
837 |
) |
|
838 |
] |
|
839 |
) |
|
840 | ||
841 |
KEY_ENCRYPTION_METHOD=rsa-oaep |
|
842 |
if test x"$with_default_" != x; then |
|
843 |
if test ! "$with_default_key_encryption_method" = "rsa-pkcs1" -a ! "$with_default_key_encryption_method" = "rsa-oaep"; then |
|
844 |
AC_MSG_ERROR("Default key encryption method must be either rsa-pkcs1 or rsa-oaep") |
|
845 |
else |
|
846 |
SIGNING_ALGO=$with_default_key_encryption_method |
|
847 |
fi |
|
848 |
fi |
|
849 | ||
850 |
AC_DEFINE_UNQUOTED(DEFAULT_KEY_ENCRYPTION_METHOD, "$KEY_ENCRYPTION_METHOD", ["The default key encryption method"]) |
|
851 | ||
834 | 852 | |
835 | 853 |
dnl ========================================================================== |
836 | 854 |
dnl Pedantic compilation |
... | ... | |
981 | 999 |
--------------- |
982 | 1000 |
Default signature: ${SIGNING_ALGO} |
983 | 1001 |
Minimal accepted hash: ${MIN_HASH_ALGO} |
1002 |
Key encryption method: ${KEY_ENCRYPTION_METHOD} |
|
984 | 1003 |
) |
lasso/id-ff/login.c | ||
---|---|---|
394 | 394 |
LASSO_NODE(ss->Subject->NameIdentifier), |
395 | 395 |
lasso_provider_get_encryption_public_key(provider), |
396 | 396 |
lasso_provider_get_encryption_sym_key_type(provider), |
397 |
lasso_provider_get_key_encryption_method(provider), |
|
397 | 398 |
provider->ProviderID)); |
398 | 399 |
if (encrypted_element != NULL) { |
399 | 400 |
lasso_assign_new_gobject(ss->Subject->EncryptedNameIdentifier, encrypted_element); |
lasso/id-ff/provider.c | ||
---|---|---|
903 | 903 |
provider->private_data->encryption_public_keys = NULL; |
904 | 904 |
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE; |
905 | 905 |
provider->private_data->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_128; |
906 |
provider->private_data->key_encryption_method = LASSO_KEY_ENCRYPTION_METHOD_DEFAULT; |
|
906 | 907 |
provider->private_data->signature_context = LASSO_SIGNATURE_CONTEXT_NONE; |
907 | 908 | |
908 | 909 |
/* no value_destroy_func since it shouldn't destroy the GList on insert */ |
... | ... | |
1535 | 1536 |
return LASSO_ENCRYPTION_SYM_KEY_TYPE_DEFAULT; |
1536 | 1537 |
} |
1537 | 1538 | |
1539 |
/** |
|
1540 |
* lasso_provider_set_key_encryption_method: |
|
1541 |
* @provider: provider to set encryption for |
|
1542 |
* @key_encryption_method: enum type for encrypting generated symetric key |
|
1543 |
* |
|
1544 |
* Set the type of the encryption of the generated encryption symetric key |
|
1545 |
**/ |
|
1546 |
void |
|
1547 |
lasso_provider_set_key_encryption_method(LassoProvider *provider, |
|
1548 |
LassoKeyEncryptionMethod key_encryption_method) |
|
1549 |
{ |
|
1550 |
g_return_if_fail(LASSO_IS_PROVIDER(provider)); |
|
1551 | ||
1552 |
if (key_encryption_method == LASSO_KEY_ENCRYPTION_METHOD_DEFAULT) { |
|
1553 |
key_encryption_method = lasso_get_default_key_encryption_method(); |
|
1554 |
} |
|
1555 |
provider->private_data->key_encryption_method = key_encryption_method;; |
|
1556 |
} |
|
1557 | ||
1558 |
/** |
|
1559 |
* lasso_provider_get_key_encryption_method: |
|
1560 |
* @provider: a #LassoProvider object |
|
1561 |
* |
|
1562 |
* Return the type of the encryption of the generated encryption symetric key |
|
1563 |
* |
|
1564 |
* Return value: a #LassoKeyEncryptionMethod value. |
|
1565 |
*/ |
|
1566 |
LassoKeyEncryptionMethod |
|
1567 |
lasso_provider_get_key_encryption_method(const LassoProvider *provider) |
|
1568 |
{ |
|
1569 |
if (LASSO_IS_PROVIDER(provider) && provider->private_data) |
|
1570 |
if (provider->private_data->key_encryption_method != LASSO_KEY_ENCRYPTION_METHOD_DEFAULT) |
|
1571 |
return provider->private_data->key_encryption_method; |
|
1572 | ||
1573 |
return lasso_get_default_key_encryption_method(); |
|
1574 |
} |
|
1575 | ||
1538 | 1576 |
/** |
1539 | 1577 |
* lasso_provider_verify_query_signature: |
1540 | 1578 |
* @provider: the #LassoProvider for the the provider issuing the query |
lasso/id-ff/provider.h | ||
---|---|---|
281 | 281 |
LASSO_EXPORT int lasso_provider_verify_signature(LassoProvider *provider, |
282 | 282 |
const char *message, const char *id_attr_name, LassoMessageFormat format); |
283 | 283 | |
284 |
LASSO_EXPORT void lasso_provider_set_key_encryption_method( |
|
285 |
LassoProvider *provider, LassoKeyEncryptionMethod method); |
|
286 | ||
287 |
LASSO_EXPORT LassoKeyEncryptionMethod lasso_provider_get_key_encryption_method(); |
|
288 | ||
289 | ||
284 | 290 |
#ifdef __cplusplus |
285 | 291 |
} |
286 | 292 |
#endif /* __cplusplus */ |
lasso/id-ff/providerprivate.h | ||
---|---|---|
78 | 78 |
GList *encryption_public_keys; |
79 | 79 |
LassoEncryptionMode encryption_mode; |
80 | 80 |
LassoEncryptionSymKeyType encryption_sym_key_type; |
81 |
LassoKeyEncryptionMethod key_encryption_method; |
|
81 | 82 |
char *valid_until; |
82 | 83 |
char *cache_duration; |
83 | 84 |
GList *endpoints; /* of EndpointType_s */ |
... | ... | |
91 | 92 |
GList* lasso_provider_get_public_keys(const LassoProvider *provider); |
92 | 93 |
xmlSecKey* lasso_provider_get_encryption_public_key(const LassoProvider *provider); |
93 | 94 |
LassoEncryptionSymKeyType lasso_provider_get_encryption_sym_key_type(const LassoProvider* provider); |
95 |
LassoKeyEncryptionMethod lasso_provider_get_key_encryption_method(const LassoProvider* provider); |
|
94 | 96 |
int lasso_provider_verify_saml_signature(LassoProvider *provider, xmlNode *signed_node, xmlDoc *doc); |
95 | 97 |
int lasso_provider_verify_query_signature(LassoProvider *provider, const char *message); |
96 | 98 |
void _lasso_provider_load_key_descriptor(LassoProvider *provider, xmlNode *key_descriptor); |
lasso/lasso.c | ||
---|---|---|
108 | 108 |
#define LASSO_FLAG_ENV_VAR "LASSO_FLAG" |
109 | 109 |
#endif |
110 | 110 | |
111 |
#define LASSO_DEFAULT_KEY_ENCRYPTION_METHOD_ENV_VAR "LASSO_DEFAULT_KEY_ENCRYPTION_METHOD" |
|
112 | ||
111 | 113 |
#if defined _MSC_VER |
112 | 114 |
HINSTANCE g_hModule = NULL; |
113 | 115 | |
... | ... | |
187 | 189 |
return rv; |
188 | 190 |
} |
189 | 191 | |
192 |
static int |
|
193 |
set_default_key_encryption_method() |
|
194 |
{ |
|
195 |
char *env_encryption_sym_key_encryption_algo = getenv(LASSO_DEFAULT_KEY_ENCRYPTION_METHOD_ENV_VAR); |
|
196 |
if (env_encryption_sym_key_encryption_algo) { |
|
197 |
LassoKeyEncryptionMethod method = lasso_parse_key_encryption_method( |
|
198 |
env_encryption_sym_key_encryption_algo); |
|
199 |
if (method == -1) { |
|
200 |
message(G_LOG_LEVEL_CRITICAL, "Unsupported key encryption " |
|
201 |
"method %s configured in environment variable " LASSO_DEFAULT_KEY_ENCRYPTION_METHOD_ENV_VAR, |
|
202 |
env_encryption_sym_key_encryption_algo); |
|
203 |
return LASSO_ERROR_UNDEFINED; |
|
204 |
} |
|
205 |
lasso_set_default_key_encryption_method(method); |
|
206 |
return 0; |
|
207 |
} |
|
208 | ||
209 |
LassoKeyEncryptionMethod method = lasso_parse_key_encryption_method(DEFAULT_KEY_ENCRYPTION_METHOD); |
|
210 |
if (method != -1) { |
|
211 |
lasso_set_default_key_encryption_method(method); |
|
212 |
return 0; |
|
213 |
} else { |
|
214 |
message(G_LOG_LEVEL_CRITICAL, "Unsupported key encryption " |
|
215 |
"method "DEFAULT_KEY_ENCRYPTION_METHOD" configured"); |
|
216 |
return LASSO_ERROR_UNDEFINED; |
|
217 |
} |
|
218 |
} |
|
219 | ||
190 | 220 |
/** |
191 | 221 |
* lasso_init: |
192 | 222 |
* |
... | ... | |
214 | 244 |
return LASSO_ERROR_UNDEFINED; |
215 | 245 |
} |
216 | 246 | |
247 |
if (set_default_key_encryption_method() != 0) { |
|
248 |
return LASSO_ERROR_UNDEFINED; |
|
249 |
} |
|
217 | 250 | |
218 | 251 |
/* Init Lasso classes */ |
219 | 252 |
for (i=0; functions[i]; i++) |
lasso/saml-2.0/login.c | ||
---|---|---|
900 | 900 |
(LassoNode*)assertion->Subject->NameID, |
901 | 901 |
lasso_provider_get_encryption_public_key(provider), |
902 | 902 |
lasso_provider_get_encryption_sym_key_type(provider), |
903 |
lasso_provider_get_key_encryption_method(provider), |
|
903 | 904 |
provider->ProviderID); |
904 | 905 |
goto_cleanup_if_fail_with_rc(assertion->Subject->EncryptedID != NULL, |
905 | 906 |
LASSO_DS_ERROR_ENCRYPTION_FAILED); |
... | ... | |
910 | 911 |
if (do_encrypt_assertion) { |
911 | 912 |
lasso_node_set_encryption((LassoNode*)assertion, |
912 | 913 |
lasso_provider_get_encryption_public_key(provider), |
913 |
lasso_provider_get_encryption_sym_key_type(provider)); |
|
914 |
lasso_provider_get_encryption_sym_key_type(provider), |
|
915 |
lasso_provider_get_key_encryption_method(provider)); |
|
914 | 916 |
} |
915 | 917 | |
916 | 918 |
response = LASSO_SAMLP2_RESPONSE(profile->response); |
lasso/saml-2.0/profile.c | ||
---|---|---|
1684 | 1684 |
encrypted_node = (LassoNode*)lasso_node_encrypt(*node_to_encrypt, |
1685 | 1685 |
lasso_provider_get_encryption_public_key(provider), |
1686 | 1686 |
lasso_provider_get_encryption_sym_key_type(provider), |
1687 |
lasso_provider_get_key_encryption_method(provider), |
|
1687 | 1688 |
provider->ProviderID); |
1688 | 1689 |
if (! encrypted_node) { |
1689 | 1690 |
return LASSO_DS_ERROR_ENCRYPTION_FAILED; |
lasso/saml-2.0/provider.c | ||
---|---|---|
885 | 885 |
saml2_encrypted_element = lasso_node_encrypt(lasso_node, |
886 | 886 |
lasso_provider_get_encryption_public_key(provider), |
887 | 887 |
lasso_provider_get_encryption_sym_key_type(provider), |
888 |
lasso_provider_get_key_encryption_method(provider), |
|
888 | 889 |
provider->ProviderID); |
889 | 890 | |
890 | 891 |
return saml2_encrypted_element; |
lasso/xml/private.h | ||
---|---|---|
252 | 252 |
xmlNode* lasso_node_get_xmlnode_for_any_type(LassoNode *node, xmlNode *cur); |
253 | 253 | |
254 | 254 |
LassoSaml2EncryptedElement* lasso_node_encrypt(LassoNode *lasso_node, |
255 |
xmlSecKey *encryption_public_key, LassoEncryptionSymKeyType encryption_sym_key_type, const char *recipient); |
|
255 |
xmlSecKey *encryption_public_key, |
|
256 |
LassoEncryptionSymKeyType encryption_sym_key_type, |
|
257 |
LassoKeyEncryptionMethod key_encryption_method, |
|
258 |
const char *recipient); |
|
256 | 259 | |
257 | 260 |
int lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, GList *encrypted_key, |
258 | 261 |
xmlSecKey *encryption_private_key, LassoNode **output); |
... | ... | |
305 | 308 |
LassoSignatureContext lasso_node_get_signature(LassoNode *node); |
306 | 309 | |
307 | 310 |
void lasso_node_set_encryption(LassoNode *node, xmlSecKey *encryption_public_key, |
308 |
LassoEncryptionSymKeyType encryption_sym_key_type); |
|
311 |
LassoEncryptionSymKeyType encryption_sym_key_type, |
|
312 |
LassoKeyEncryptionMethod key_encryption_method); |
|
309 | 313 | |
310 | 314 |
void lasso_node_get_encryption(LassoNode *node, xmlSecKey **encryption_public_key, |
311 |
LassoEncryptionSymKeyType *encryption_sym_key_type); |
|
315 |
LassoEncryptionSymKeyType *encryption_sym_key_type, |
|
316 |
LassoKeyEncryptionMethod *key_encryption_method); |
|
312 | 317 |
gboolean lasso_base64_decode(const char *from, char **buffer, int *buffer_len); |
313 | 318 | |
314 | 319 |
xmlSecKeyPtr |
lasso/xml/tools.c | ||
---|---|---|
709 | 709 |
lasso_assertion_encrypt(LassoSaml2Assertion *assertion, char *recipient) |
710 | 710 |
{ |
711 | 711 |
xmlSecKey *encryption_public_key = NULL; |
712 |
LassoEncryptionSymKeyType encryption_sym_key_type = 0; |
|
712 |
LassoEncryptionSymKeyType encryption_sym_key_type; |
|
713 |
LassoKeyEncryptionMethod key_encryption_method; |
|
713 | 714 |
LassoNode *ret = NULL; |
714 | 715 | |
715 | 716 |
lasso_node_get_encryption((LassoNode*)assertion, &encryption_public_key, |
716 |
&encryption_sym_key_type); |
|
717 |
&encryption_sym_key_type, &key_encryption_method);
|
|
717 | 718 |
if (! encryption_public_key) { |
718 | 719 |
return NULL; |
719 | 720 |
} |
720 | 721 | |
721 | 722 |
ret = LASSO_NODE(lasso_node_encrypt(LASSO_NODE(assertion), |
722 |
encryption_public_key, encryption_sym_key_type, recipient)); |
|
723 |
encryption_public_key, encryption_sym_key_type, key_encryption_method, recipient));
|
|
723 | 724 |
lasso_release_sec_key(encryption_public_key); |
724 | 725 |
return ret; |
725 | 726 |
lasso/xml/xml.c | ||
---|---|---|
94 | 94 | |
95 | 95 |
static LassoSignatureMethod default_signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; |
96 | 96 |
static LassoSignatureMethod min_signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; |
97 |
static LassoKeyEncryptionMethod default_encryption_key_encryption_method = LASSO_KEY_ENCRYPTION_METHOD_OAEP; |
|
97 | 98 | |
98 | 99 |
/*****************************************************************************/ |
99 | 100 |
/* global methods */ |
... | ... | |
539 | 540 |
**/ |
540 | 541 |
LassoSaml2EncryptedElement* |
541 | 542 |
lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key, |
542 |
LassoEncryptionSymKeyType encryption_sym_key_type, const char *recipient) |
|
543 |
LassoEncryptionSymKeyType encryption_sym_key_type, |
|
544 |
LassoKeyEncryptionMethod key_encryption_method, |
|
545 |
const char *recipient) |
|
543 | 546 |
{ |
544 | 547 |
xmlDocPtr doc = NULL; |
545 | 548 |
xmlNodePtr orig_node = NULL; |
... | ... | |
551 | 554 |
xmlNodePtr key_info_node2 = NULL; |
552 | 555 |
xmlSecEncCtxPtr enc_ctx = NULL; |
553 | 556 |
xmlSecTransformId xmlsec_encryption_sym_key_type; |
557 |
xmlSecTransformId xmlsec_key_encryption_method; |
|
554 | 558 |
xmlSecKey *duplicate = NULL; |
555 | 559 | |
556 | 560 |
if (encryption_public_key == NULL || !xmlSecKeyIsValid(encryption_public_key)) { |
... | ... | |
577 | 581 |
break; |
578 | 582 |
} |
579 | 583 | |
584 |
/* Get the symetric key encryption type */ |
|
585 |
switch(key_encryption_method) { |
|
586 |
case LASSO_KEY_ENCRYPTION_METHOD_PKCS1: |
|
587 |
xmlsec_key_encryption_method = xmlSecTransformRsaPkcs1Id; |
|
588 |
break; |
|
589 |
case LASSO_KEY_ENCRYPTION_METHOD_OAEP: |
|
590 |
default: |
|
591 |
xmlsec_key_encryption_method = xmlSecTransformRsaOaepId; |
|
592 |
break; |
|
593 |
} |
|
594 | ||
580 | 595 |
/* Create encryption template for a specific symetric key type */ |
581 | 596 |
/* saml-core 2.2.4 line 498: |
582 | 597 |
* The Type attribute SHOULD be present and, if present, MUST contain a value of |
... | ... | |
627 | 642 | |
628 | 643 |
/* add <enc:EncryptedKey/> to store the encrypted session key */ |
629 | 644 |
encrypted_key_node = xmlSecTmplKeyInfoAddEncryptedKey(key_info_node, |
630 |
xmlSecTransformRsaPkcs1Id, NULL, NULL, (xmlChar*)recipient); |
|
645 |
xmlsec_key_encryption_method, |
|
646 |
NULL, NULL, (xmlChar*)recipient); |
|
631 | 647 |
if (encrypted_key_node == NULL) { |
632 | 648 |
message(G_LOG_LEVEL_WARNING, "Failed to add encrypted key"); |
633 | 649 |
goto cleanup; |
... | ... | |
982 | 998 |
LassoSignatureContext signature_context; |
983 | 999 |
xmlSecKey *encryption_public_key; |
984 | 1000 |
LassoEncryptionSymKeyType encryption_sym_key_type; |
1001 |
LassoKeyEncryptionMethod key_encryption_method; |
|
985 | 1002 |
}; |
986 | 1003 | |
987 | 1004 |
static struct _CustomElement * |
... | ... | |
1128 | 1145 |
*/ |
1129 | 1146 |
void |
1130 | 1147 |
lasso_node_set_encryption(LassoNode *node, xmlSecKey *encryption_public_key, |
1131 |
LassoEncryptionSymKeyType encryption_sym_key_type) |
|
1148 |
LassoEncryptionSymKeyType encryption_sym_key_type, |
|
1149 |
LassoKeyEncryptionMethod key_encryption_method) |
|
1132 | 1150 |
{ |
1133 | 1151 |
struct _CustomElement *custom_element; |
1134 | 1152 | |
... | ... | |
1153 | 1171 |
} else { |
1154 | 1172 |
custom_element->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_DEFAULT; |
1155 | 1173 |
} |
1174 |
if (LASSO_KEY_ENCRYPTION_METHOD_DEFAULT < key_encryption_method |
|
1175 |
&& key_encryption_method < LASSO_KEY_ENCRYPTION_METHOD_LAST) { |
|
1176 |
custom_element->key_encryption_method = key_encryption_method; |
|
1177 |
} else { |
|
1178 |
custom_element->key_encryption_method = lasso_get_default_key_encryption_method(); |
|
1179 |
} |
|
1156 | 1180 |
} |
1157 | 1181 | |
1158 | 1182 |
/** |
... | ... | |
1166 | 1190 |
*/ |
1167 | 1191 |
void |
1168 | 1192 |
lasso_node_get_encryption(LassoNode *node, xmlSecKey **encryption_public_key, |
1169 |
LassoEncryptionSymKeyType *encryption_sym_key_type) |
|
1193 |
LassoEncryptionSymKeyType *encryption_sym_key_type, |
|
1194 |
LassoKeyEncryptionMethod *key_encryption_method) |
|
1170 | 1195 |
{ |
1171 | 1196 |
struct _CustomElement *custom_element; |
1172 | 1197 | |
... | ... | |
1176 | 1201 |
lasso_assign_sec_key(*encryption_public_key, |
1177 | 1202 |
custom_element->encryption_public_key); |
1178 | 1203 |
*encryption_sym_key_type = custom_element->encryption_sym_key_type; |
1204 |
*key_encryption_method = custom_element->key_encryption_method; |
|
1179 | 1205 |
} |
1180 | 1206 |
} |
1181 | 1207 | |
... | ... | |
3714 | 3740 |
lasso_set_min_signature_method(LassoSignatureMethod meth) { |
3715 | 3741 |
min_signature_method = meth; |
3716 | 3742 |
} |
3743 | ||
3744 |
LassoKeyEncryptionMethod |
|
3745 |
lasso_parse_key_encryption_method(char *str) { |
|
3746 | ||
3747 |
if (lasso_strisequal(str, "rsa-pkcs1")) { |
|
3748 |
return LASSO_KEY_ENCRYPTION_METHOD_PKCS1; |
|
3749 |
} else if (lasso_strisequal(str, "rsa-oaep")) { |
|
3750 |
return LASSO_KEY_ENCRYPTION_METHOD_OAEP; |
|
3751 |
} |
|
3752 |
return LASSO_KEY_ENCRYPTION_METHOD_INVALID; |
|
3753 |
} |
|
3754 | ||
3755 |
LassoKeyEncryptionMethod |
|
3756 |
lasso_get_default_key_encryption_method() { |
|
3757 |
return default_encryption_key_encryption_method; |
|
3758 |
} |
|
3759 | ||
3760 |
void |
|
3761 |
lasso_set_default_key_encryption_method(LassoKeyEncryptionMethod method) |
|
3762 |
{ |
|
3763 |
default_encryption_key_encryption_method = method; |
|
3764 |
} |
lasso/xml/xml.h | ||
---|---|---|
40 | 40 |
#include "../export.h" |
41 | 41 |
#include "../errors.h" |
42 | 42 |
#include "strings.h" |
43 |
#include "xml_enc.h" |
|
43 | 44 | |
44 | 45 |
#define LASSO_TYPE_NODE (lasso_node_get_type()) |
45 | 46 |
#define LASSO_NODE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_NODE, LassoNode)) |
... | ... | |
243 | 244 |
LASSO_EXPORT char* lasso_node_export_to_saml2_query(LassoNode *node, const char *param_name, const |
244 | 245 |
char *url, struct _LassoKey *key); |
245 | 246 | |
247 |
LASSO_EXPORT LassoKeyEncryptionMethod lasso_parse_key_encryption_method(char *str); |
|
248 | ||
249 |
LASSO_EXPORT LassoKeyEncryptionMethod lasso_get_default_key_encryption_method(); |
|
250 | ||
251 |
LASSO_EXPORT void lasso_set_default_key_encryption_method(LassoKeyEncryptionMethod method); |
|
252 | ||
246 | 253 |
#ifdef __cplusplus |
247 | 254 |
} |
248 | 255 |
#endif /* __cplusplus */ |
lasso/xml/xml_enc.h | ||
---|---|---|
49 | 49 |
LASSO_ENCRYTPION_SYM_KEY_TYPE_LAST |
50 | 50 |
} LassoEncryptionSymKeyType; |
51 | 51 | |
52 |
/** |
|
53 |
* LassoKeyEncryptionMethod: |
|
54 |
* @LASSO_KEY_ENCRYPTION_METHOD_PKCS1 : RSA PKCS1.5 padding |
|
55 |
* @LASSO_KEY_ENCRYPTION_METHOD_OAEP : RSA OAEP padding |
|
56 |
* |
|
57 |
* Encryption symetric key encryption type. |
|
58 |
**/ |
|
59 |
typedef enum { |
|
60 |
LASSO_KEY_ENCRYPTION_METHOD_DEFAULT, |
|
61 |
LASSO_KEY_ENCRYPTION_METHOD_PKCS1, |
|
62 |
LASSO_KEY_ENCRYPTION_METHOD_OAEP, |
|
63 |
LASSO_KEY_ENCRYPTION_METHOD_LAST, |
|
64 |
LASSO_KEY_ENCRYPTION_METHOD_INVALID = -1 |
|
65 |
} LassoKeyEncryptionMethod; |
|
66 | ||
52 | 67 |
#ifdef __cplusplus |
53 | 68 |
} |
54 | 69 |
#endif /* __cplusplus */ |
55 |
- |