Projet

Général

Profil

0002-Change-default-key-encryption-padding-algorithm-to-R.patch

Benjamin Dauvergne, 03 septembre 2021 12:30

Télécharger (23,3 ko)

Voir les différences:

Subject: [PATCH 2/2] Change default key encryption padding algorithm to
 RSA-OAEP (#56023)

The key encryption padding algorithm is now configurable, the default
being changed to OAEP. It's possible to set the default through
./configure with:

    --with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]

at initialization time with an environment variable:

    LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]

or at runtime for a service provider:

    lasso_provider_set_key_encryption_method(LassoProvider *provider,
        LassoKeyEncryptionMethod key_encryption_method)

The setting is global for all encrypted nodes (Assertion or NameID).
 bindings/python/tests/profiles_tests.py | 52 +++++++++++++++++++++++
 configure.ac                            | 19 +++++++++
 lasso/id-ff/login.c                     |  1 +
 lasso/id-ff/provider.c                  | 38 +++++++++++++++++
 lasso/id-ff/provider.h                  |  6 +++
 lasso/id-ff/providerprivate.h           |  2 +
 lasso/lasso.c                           | 33 +++++++++++++++
 lasso/saml-2.0/login.c                  |  4 +-
 lasso/saml-2.0/profile.c                |  1 +
 lasso/saml-2.0/provider.c               |  1 +
 lasso/xml/private.h                     | 11 +++--
 lasso/xml/tools.c                       |  7 ++--
 lasso/xml/xml.c                         | 56 +++++++++++++++++++++++--
 lasso/xml/xml.h                         |  7 ++++
 lasso/xml/xml_enc.h                     | 15 +++++++
 15 files changed, 242 insertions(+), 11 deletions(-)
bindings/python/tests/profiles_tests.py
304 304
        idp_login.buildAssertion("None", "None", "None", "None", "None")
305 305
        idp_login.buildAuthnResponseMsg()
306 306

  
307
    def test08(self):
308
        '''Verify KeyEncryptionMethod support'''
309
        sp_server = server('sp5-saml2', lasso.PROVIDER_ROLE_IDP, 'idp5-saml2')
310
        idp_server = server('idp5-saml2', lasso.PROVIDER_ROLE_SP, 'sp5-saml2')
311

  
312
        def run(key_encryption_method=None):
313
            sp_login = lasso.Login(sp_server)
314
            sp_login.initAuthnRequest(None, lasso.HTTP_METHOD_REDIRECT)
315
            sp_login.buildAuthnRequestMsg()
316

  
317
            provider = idp_server.getProvider('http://sp5/metadata')
318
            provider.setEncryptionMode(lasso.ENCRYPTION_MODE_ASSERTION)
319

  
320
            if key_encryption_method:
321
                provider.setKeyEncryptionMethod(key_encryption_method)
322

  
323
            idp_login = lasso.Login(idp_server)
324
            idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
325
            idp_login.protocolProfile = lasso.LOGIN_PROTOCOL_PROFILE_BRWS_POST
326
            idp_login.validateRequestMsg(True, True)
327
            idp_login.buildAssertion("None", "None", "None", "None", "None")
328
            idp_login.buildAuthnResponseMsg()
329

  
330
            sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
331
            sp_login.processAuthnResponseMsg(idp_login.msgBody)
332
            sp_login.acceptSso()
333
            return sp_login.response.debug()
334

  
335
        os.environ['LASSO_DEFAULT_KEY_ENCRYPTION_METHOD'] = 'rsa-pkcs1'
336
        lasso.init()
337
        assert 'xmlenc#rsa-1_5' in run()
338
        assert 'xmlenc#rsa-oaep-mgf1p' not in run()
339

  
340
        os.environ['LASSO_DEFAULT_KEY_ENCRYPTION_METHOD'] = 'rsa-oaep'
341
        lasso.init()
342
        assert 'xmlenc#rsa-1_5' not in run()
343
        assert 'xmlenc#rsa-oaep-mgf1p' in run()
344

  
345
        lasso.setDefaultKeyEncryptionMethod(lasso.KEY_ENCRYPTION_METHOD_PKCS1)
346
        assert 'xmlenc#rsa-1_5' in run()
347
        assert 'xmlenc#rsa-oaep-mgf1p' not in run()
348

  
349
        lasso.setDefaultKeyEncryptionMethod(lasso.KEY_ENCRYPTION_METHOD_OAEP)
350
        assert 'xmlenc#rsa-1_5' not in run()
351
        assert 'xmlenc#rsa-oaep-mgf1p' in run()
352

  
353
        assert 'xmlenc#rsa-1_5' in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_PKCS1)
354
        assert 'xmlenc#rsa-oaep-mgf1p' not in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_PKCS1)
355

  
356
        assert 'xmlenc#rsa-1_5' not in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_OAEP)
357
        assert 'xmlenc#rsa-oaep-mgf1p' in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_OAEP)
358

  
307 359

  
308 360
class LogoutTestCase(unittest.TestCase):
309 361
    def test01(self):
configure.ac
831 831

  
832 832
AC_DEFINE_UNQUOTED(MIN_HASH_ALGO, "$MIN_HASH_ALGO", ["The minimal hash algorithm"])
833 833

  
834
AC_ARG_WITH([default-key-encryption-method],
835
            [AS_HELP_STRING([--with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]],
836
                            [Default key encryption method (rsa-oaep)]
837
                           )
838
            ]
839
)
840

  
841
KEY_ENCRYPTION_METHOD=rsa-oaep
842
if test x"$with_default_" != x; then
843
    if test ! "$with_default_key_encryption_method" = "rsa-pkcs1" -a ! "$with_default_key_encryption_method" = "rsa-oaep"; then
844
	AC_MSG_ERROR("Default key encryption method must be either rsa-pkcs1 or rsa-oaep")
845
    else
846
	SIGNING_ALGO=$with_default_key_encryption_method
847
    fi
848
fi
849

  
850
AC_DEFINE_UNQUOTED(DEFAULT_KEY_ENCRYPTION_METHOD, "$KEY_ENCRYPTION_METHOD", ["The default key encryption method"])
851

  
834 852

  
835 853
dnl ==========================================================================
836 854
dnl Pedantic compilation
......
981 999
---------------
982 1000
Default signature:      ${SIGNING_ALGO}
983 1001
Minimal accepted hash:  ${MIN_HASH_ALGO}
1002
Key encryption method:  ${KEY_ENCRYPTION_METHOD}
984 1003
)
lasso/id-ff/login.c
394 394
					LASSO_NODE(ss->Subject->NameIdentifier),
395 395
					lasso_provider_get_encryption_public_key(provider),
396 396
					lasso_provider_get_encryption_sym_key_type(provider),
397
					lasso_provider_get_key_encryption_method(provider),
397 398
					provider->ProviderID));
398 399
		if (encrypted_element != NULL) {
399 400
			lasso_assign_new_gobject(ss->Subject->EncryptedNameIdentifier, encrypted_element);
lasso/id-ff/provider.c
903 903
	provider->private_data->encryption_public_keys = NULL;
904 904
	provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
905 905
	provider->private_data->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_128;
906
	provider->private_data->key_encryption_method = LASSO_KEY_ENCRYPTION_METHOD_DEFAULT;
906 907
	provider->private_data->signature_context = LASSO_SIGNATURE_CONTEXT_NONE;
907 908

  
908 909
	/* no value_destroy_func since it shouldn't destroy the GList on insert */
......
1535 1536
	return LASSO_ENCRYPTION_SYM_KEY_TYPE_DEFAULT;
1536 1537
}
1537 1538

  
1539
/**
1540
 * lasso_provider_set_key_encryption_method:
1541
 * @provider: provider to set encryption for
1542
 * @key_encryption_method: enum type for encrypting generated symetric key
1543
 *
1544
 * Set the type of the encryption of the generated encryption symetric key
1545
 **/
1546
void
1547
lasso_provider_set_key_encryption_method(LassoProvider *provider,
1548
		LassoKeyEncryptionMethod key_encryption_method)
1549
{
1550
	g_return_if_fail(LASSO_IS_PROVIDER(provider));
1551

  
1552
	if (key_encryption_method == LASSO_KEY_ENCRYPTION_METHOD_DEFAULT) {
1553
		key_encryption_method = lasso_get_default_key_encryption_method();
1554
	}
1555
	provider->private_data->key_encryption_method = key_encryption_method;;
1556
}
1557

  
1558
/**
1559
 * lasso_provider_get_key_encryption_method:
1560
 * @provider: a #LassoProvider object
1561
 *
1562
 * Return the type of the encryption of the generated encryption symetric key
1563
 *
1564
 * Return value: a #LassoKeyEncryptionMethod value.
1565
 */
1566
LassoKeyEncryptionMethod
1567
lasso_provider_get_key_encryption_method(const LassoProvider *provider)
1568
{
1569
	if (LASSO_IS_PROVIDER(provider) && provider->private_data)
1570
		if (provider->private_data->key_encryption_method != LASSO_KEY_ENCRYPTION_METHOD_DEFAULT)
1571
			return provider->private_data->key_encryption_method;
1572

  
1573
	return lasso_get_default_key_encryption_method();
1574
}
1575

  
1538 1576
/**
1539 1577
 * lasso_provider_verify_query_signature:
1540 1578
 * @provider: the #LassoProvider for the the provider issuing the query
lasso/id-ff/provider.h
281 281
LASSO_EXPORT int lasso_provider_verify_signature(LassoProvider *provider,
282 282
		const char *message, const char *id_attr_name, LassoMessageFormat format);
283 283

  
284
LASSO_EXPORT void lasso_provider_set_key_encryption_method(
285
		LassoProvider *provider, LassoKeyEncryptionMethod method);
286

  
287
LASSO_EXPORT LassoKeyEncryptionMethod lasso_provider_get_key_encryption_method();
288

  
289

  
284 290
#ifdef __cplusplus
285 291
}
286 292
#endif /* __cplusplus */
lasso/id-ff/providerprivate.h
78 78
	GList *encryption_public_keys;
79 79
	LassoEncryptionMode encryption_mode;
80 80
	LassoEncryptionSymKeyType encryption_sym_key_type;
81
	LassoKeyEncryptionMethod key_encryption_method;
81 82
	char *valid_until;
82 83
	char *cache_duration;
83 84
	GList *endpoints; /* of EndpointType_s */
......
91 92
GList* lasso_provider_get_public_keys(const LassoProvider *provider);
92 93
xmlSecKey* lasso_provider_get_encryption_public_key(const LassoProvider *provider);
93 94
LassoEncryptionSymKeyType lasso_provider_get_encryption_sym_key_type(const LassoProvider* provider);
95
LassoKeyEncryptionMethod lasso_provider_get_key_encryption_method(const LassoProvider* provider);
94 96
int lasso_provider_verify_saml_signature(LassoProvider *provider, xmlNode *signed_node, xmlDoc *doc);
95 97
int lasso_provider_verify_query_signature(LassoProvider *provider, const char *message);
96 98
void _lasso_provider_load_key_descriptor(LassoProvider *provider, xmlNode *key_descriptor);
lasso/lasso.c
108 108
#define LASSO_FLAG_ENV_VAR "LASSO_FLAG"
109 109
#endif
110 110

  
111
#define LASSO_DEFAULT_KEY_ENCRYPTION_METHOD_ENV_VAR "LASSO_DEFAULT_KEY_ENCRYPTION_METHOD"
112

  
111 113
#if defined _MSC_VER
112 114
HINSTANCE g_hModule = NULL;
113 115

  
......
187 189
	return rv;
188 190
}
189 191

  
192
static int
193
set_default_key_encryption_method()
194
{
195
	char *env_encryption_sym_key_encryption_algo = getenv(LASSO_DEFAULT_KEY_ENCRYPTION_METHOD_ENV_VAR);
196
	if (env_encryption_sym_key_encryption_algo) {
197
		LassoKeyEncryptionMethod method = lasso_parse_key_encryption_method(
198
			env_encryption_sym_key_encryption_algo);
199
		if (method == -1) {
200
			message(G_LOG_LEVEL_CRITICAL, "Unsupported key encryption "
201
				"method %s configured in environment variable " LASSO_DEFAULT_KEY_ENCRYPTION_METHOD_ENV_VAR,
202
				env_encryption_sym_key_encryption_algo);
203
			return LASSO_ERROR_UNDEFINED;
204
		}
205
		lasso_set_default_key_encryption_method(method);
206
		return 0;
207
	}
208

  
209
	LassoKeyEncryptionMethod method = lasso_parse_key_encryption_method(DEFAULT_KEY_ENCRYPTION_METHOD);
210
	if (method != -1) {
211
		lasso_set_default_key_encryption_method(method);
212
		return 0;
213
	} else {
214
		message(G_LOG_LEVEL_CRITICAL, "Unsupported key encryption "
215
			"method "DEFAULT_KEY_ENCRYPTION_METHOD" configured");
216
		return LASSO_ERROR_UNDEFINED;
217
	}
218
}
219

  
190 220
/**
191 221
 * lasso_init:
192 222
 *
......
214 244
		return LASSO_ERROR_UNDEFINED;
215 245
	}
216 246

  
247
	if (set_default_key_encryption_method() != 0) {
248
		return LASSO_ERROR_UNDEFINED;
249
	}
217 250

  
218 251
	/* Init Lasso classes */
219 252
	for (i=0; functions[i]; i++)
lasso/saml-2.0/login.c
900 900
			(LassoNode*)assertion->Subject->NameID,
901 901
			lasso_provider_get_encryption_public_key(provider),
902 902
			lasso_provider_get_encryption_sym_key_type(provider),
903
			lasso_provider_get_key_encryption_method(provider),
903 904
			provider->ProviderID);
904 905
		goto_cleanup_if_fail_with_rc(assertion->Subject->EncryptedID != NULL,
905 906
				LASSO_DS_ERROR_ENCRYPTION_FAILED);
......
910 911
	if (do_encrypt_assertion) {
911 912
		lasso_node_set_encryption((LassoNode*)assertion,
912 913
				lasso_provider_get_encryption_public_key(provider),
913
				lasso_provider_get_encryption_sym_key_type(provider));
914
				lasso_provider_get_encryption_sym_key_type(provider),
915
				lasso_provider_get_key_encryption_method(provider));
914 916
	}
915 917

  
916 918
	response = LASSO_SAMLP2_RESPONSE(profile->response);
lasso/saml-2.0/profile.c
1684 1684
	encrypted_node = (LassoNode*)lasso_node_encrypt(*node_to_encrypt,
1685 1685
			lasso_provider_get_encryption_public_key(provider),
1686 1686
			lasso_provider_get_encryption_sym_key_type(provider),
1687
			lasso_provider_get_key_encryption_method(provider),
1687 1688
			provider->ProviderID);
1688 1689
	if (! encrypted_node) {
1689 1690
		return LASSO_DS_ERROR_ENCRYPTION_FAILED;
lasso/saml-2.0/provider.c
885 885
	saml2_encrypted_element = lasso_node_encrypt(lasso_node,
886 886
			lasso_provider_get_encryption_public_key(provider),
887 887
			lasso_provider_get_encryption_sym_key_type(provider),
888
			lasso_provider_get_key_encryption_method(provider),
888 889
			provider->ProviderID);
889 890

  
890 891
	return saml2_encrypted_element;
lasso/xml/private.h
252 252
xmlNode* lasso_node_get_xmlnode_for_any_type(LassoNode *node, xmlNode *cur);
253 253

  
254 254
LassoSaml2EncryptedElement* lasso_node_encrypt(LassoNode *lasso_node,
255
	xmlSecKey *encryption_public_key, LassoEncryptionSymKeyType encryption_sym_key_type, const char *recipient);
255
	xmlSecKey *encryption_public_key,
256
	LassoEncryptionSymKeyType encryption_sym_key_type,
257
	LassoKeyEncryptionMethod key_encryption_method,
258
	const char *recipient);
256 259

  
257 260
int lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, GList *encrypted_key,
258 261
		xmlSecKey *encryption_private_key, LassoNode **output);
......
305 308
LassoSignatureContext lasso_node_get_signature(LassoNode *node);
306 309

  
307 310
void lasso_node_set_encryption(LassoNode *node, xmlSecKey *encryption_public_key,
308
		LassoEncryptionSymKeyType encryption_sym_key_type);
311
		LassoEncryptionSymKeyType encryption_sym_key_type,
312
		LassoKeyEncryptionMethod key_encryption_method);
309 313

  
310 314
void lasso_node_get_encryption(LassoNode *node, xmlSecKey **encryption_public_key,
311
		LassoEncryptionSymKeyType *encryption_sym_key_type);
315
		LassoEncryptionSymKeyType *encryption_sym_key_type,
316
		LassoKeyEncryptionMethod *key_encryption_method);
312 317
gboolean lasso_base64_decode(const char *from, char **buffer, int *buffer_len);
313 318

  
314 319
xmlSecKeyPtr
lasso/xml/tools.c
709 709
lasso_assertion_encrypt(LassoSaml2Assertion *assertion, char *recipient)
710 710
{
711 711
	xmlSecKey *encryption_public_key = NULL;
712
	LassoEncryptionSymKeyType encryption_sym_key_type = 0;
712
	LassoEncryptionSymKeyType encryption_sym_key_type;
713
	LassoKeyEncryptionMethod key_encryption_method;
713 714
	LassoNode *ret = NULL;
714 715

  
715 716
	lasso_node_get_encryption((LassoNode*)assertion, &encryption_public_key,
716
			&encryption_sym_key_type);
717
			&encryption_sym_key_type, &key_encryption_method);
717 718
	if (! encryption_public_key) {
718 719
		return NULL;
719 720
	}
720 721

  
721 722
	ret = LASSO_NODE(lasso_node_encrypt(LASSO_NODE(assertion),
722
		encryption_public_key, encryption_sym_key_type, recipient));
723
		encryption_public_key, encryption_sym_key_type, key_encryption_method, recipient));
723 724
	lasso_release_sec_key(encryption_public_key);
724 725
	return ret;
725 726

  
lasso/xml/xml.c
94 94

  
95 95
static LassoSignatureMethod default_signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
96 96
static LassoSignatureMethod min_signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
97
static LassoKeyEncryptionMethod default_encryption_key_encryption_method = LASSO_KEY_ENCRYPTION_METHOD_OAEP;
97 98

  
98 99
/*****************************************************************************/
99 100
/* global methods                                                            */
......
539 540
 **/
540 541
LassoSaml2EncryptedElement*
541 542
lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key,
542
		LassoEncryptionSymKeyType encryption_sym_key_type, const char *recipient)
543
		LassoEncryptionSymKeyType encryption_sym_key_type,
544
		LassoKeyEncryptionMethod key_encryption_method,
545
		const char *recipient)
543 546
{
544 547
	xmlDocPtr doc = NULL;
545 548
	xmlNodePtr orig_node = NULL;
......
551 554
	xmlNodePtr key_info_node2 = NULL;
552 555
	xmlSecEncCtxPtr enc_ctx = NULL;
553 556
	xmlSecTransformId xmlsec_encryption_sym_key_type;
557
	xmlSecTransformId xmlsec_key_encryption_method;
554 558
	xmlSecKey *duplicate = NULL;
555 559

  
556 560
	if (encryption_public_key == NULL || !xmlSecKeyIsValid(encryption_public_key)) {
......
577 581
			break;
578 582
	}
579 583

  
584
	/* Get the symetric key encryption type */
585
	switch(key_encryption_method) {
586
		case LASSO_KEY_ENCRYPTION_METHOD_PKCS1:
587
			xmlsec_key_encryption_method = xmlSecTransformRsaPkcs1Id;
588
			break;
589
		case LASSO_KEY_ENCRYPTION_METHOD_OAEP:
590
		default:
591
			xmlsec_key_encryption_method = xmlSecTransformRsaOaepId;
592
			break;
593
	}
594

  
580 595
	/* Create encryption template for a specific symetric key type */
581 596
	/* saml-core 2.2.4 line 498:
582 597
	 * The Type attribute SHOULD be present and, if present, MUST contain a value of
......
627 642

  
628 643
	/* add <enc:EncryptedKey/> to store the encrypted session key */
629 644
	encrypted_key_node = xmlSecTmplKeyInfoAddEncryptedKey(key_info_node,
630
			xmlSecTransformRsaPkcs1Id, NULL, NULL, (xmlChar*)recipient);
645
			xmlsec_key_encryption_method,
646
			NULL, NULL, (xmlChar*)recipient);
631 647
	if (encrypted_key_node == NULL) {
632 648
		message(G_LOG_LEVEL_WARNING, "Failed to add encrypted key");
633 649
		goto cleanup;
......
982 998
	LassoSignatureContext signature_context;
983 999
	xmlSecKey *encryption_public_key;
984 1000
	LassoEncryptionSymKeyType encryption_sym_key_type;
1001
	LassoKeyEncryptionMethod key_encryption_method;
985 1002
};
986 1003

  
987 1004
static struct _CustomElement *
......
1128 1145
 */
1129 1146
void
1130 1147
lasso_node_set_encryption(LassoNode *node, xmlSecKey *encryption_public_key,
1131
		LassoEncryptionSymKeyType encryption_sym_key_type)
1148
		LassoEncryptionSymKeyType encryption_sym_key_type,
1149
		LassoKeyEncryptionMethod key_encryption_method)
1132 1150
{
1133 1151
	struct _CustomElement *custom_element;
1134 1152

  
......
1153 1171
	} else {
1154 1172
		custom_element->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_DEFAULT;
1155 1173
	}
1174
	if (LASSO_KEY_ENCRYPTION_METHOD_DEFAULT < key_encryption_method
1175
			&& key_encryption_method < LASSO_KEY_ENCRYPTION_METHOD_LAST) {
1176
		custom_element->key_encryption_method = key_encryption_method;
1177
	} else {
1178
		custom_element->key_encryption_method = lasso_get_default_key_encryption_method();
1179
	}
1156 1180
}
1157 1181

  
1158 1182
/**
......
1166 1190
 */
1167 1191
void
1168 1192
lasso_node_get_encryption(LassoNode *node, xmlSecKey **encryption_public_key,
1169
		LassoEncryptionSymKeyType *encryption_sym_key_type)
1193
		LassoEncryptionSymKeyType *encryption_sym_key_type,
1194
		LassoKeyEncryptionMethod *key_encryption_method)
1170 1195
{
1171 1196
	struct _CustomElement *custom_element;
1172 1197

  
......
1176 1201
		lasso_assign_sec_key(*encryption_public_key,
1177 1202
				custom_element->encryption_public_key);
1178 1203
		*encryption_sym_key_type = custom_element->encryption_sym_key_type;
1204
		*key_encryption_method = custom_element->key_encryption_method;
1179 1205
	}
1180 1206
}
1181 1207

  
......
3714 3740
lasso_set_min_signature_method(LassoSignatureMethod meth) {
3715 3741
	min_signature_method = meth;
3716 3742
}
3743

  
3744
LassoKeyEncryptionMethod
3745
lasso_parse_key_encryption_method(char *str) {
3746

  
3747
	if (lasso_strisequal(str, "rsa-pkcs1")) {
3748
		return LASSO_KEY_ENCRYPTION_METHOD_PKCS1;
3749
	} else if (lasso_strisequal(str, "rsa-oaep")) {
3750
		return LASSO_KEY_ENCRYPTION_METHOD_OAEP;
3751
	}
3752
	return LASSO_KEY_ENCRYPTION_METHOD_INVALID;
3753
}
3754

  
3755
LassoKeyEncryptionMethod
3756
lasso_get_default_key_encryption_method() {
3757
	return default_encryption_key_encryption_method;
3758
}
3759

  
3760
void
3761
lasso_set_default_key_encryption_method(LassoKeyEncryptionMethod method)
3762
{
3763
	default_encryption_key_encryption_method = method;
3764
}
lasso/xml/xml.h
40 40
#include "../export.h"
41 41
#include "../errors.h"
42 42
#include "strings.h"
43
#include "xml_enc.h"
43 44

  
44 45
#define LASSO_TYPE_NODE (lasso_node_get_type())
45 46
#define LASSO_NODE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_NODE, LassoNode))
......
243 244
LASSO_EXPORT char* lasso_node_export_to_saml2_query(LassoNode *node, const char *param_name, const
244 245
		char *url, struct _LassoKey *key);
245 246

  
247
LASSO_EXPORT LassoKeyEncryptionMethod lasso_parse_key_encryption_method(char *str);
248

  
249
LASSO_EXPORT LassoKeyEncryptionMethod lasso_get_default_key_encryption_method();
250

  
251
LASSO_EXPORT void lasso_set_default_key_encryption_method(LassoKeyEncryptionMethod method);
252

  
246 253
#ifdef __cplusplus
247 254
}
248 255
#endif /* __cplusplus */
lasso/xml/xml_enc.h
49 49
	LASSO_ENCRYTPION_SYM_KEY_TYPE_LAST
50 50
} LassoEncryptionSymKeyType;
51 51

  
52
/**
53
 * LassoKeyEncryptionMethod:
54
 * @LASSO_KEY_ENCRYPTION_METHOD_PKCS1 : RSA PKCS1.5 padding
55
 * @LASSO_KEY_ENCRYPTION_METHOD_OAEP : RSA OAEP padding
56
 *
57
 * Encryption symetric key encryption type.
58
 **/
59
typedef enum {
60
	LASSO_KEY_ENCRYPTION_METHOD_DEFAULT,
61
	LASSO_KEY_ENCRYPTION_METHOD_PKCS1,
62
	LASSO_KEY_ENCRYPTION_METHOD_OAEP,
63
	LASSO_KEY_ENCRYPTION_METHOD_LAST,
64
	LASSO_KEY_ENCRYPTION_METHOD_INVALID = -1
65
} LassoKeyEncryptionMethod;
66

  
52 67
#ifdef __cplusplus
53 68
}
54 69
#endif /* __cplusplus */
55
-