1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 /*
21 * XSEC
22 *
23 * XSECAlgorithmHandlerDefault := Interface class to define handling of
24 * default encryption algorithms
25 *
26 * $Id: XENCAlgorithmHandlerDefault.cpp 1833341 2018-06-11 16:25:41Z scantor $
27 *
28 */
29
30 // XSEC Includes
31
32 #include <xsec/dsig/DSIGConstants.hpp>
33 #include <xsec/enc/XSECCryptoKey.hpp>
34 #include <xsec/enc/XSECCryptoSymmetricKey.hpp>
35 #include <xsec/framework/XSECError.hpp>
36 #include <xsec/transformers/TXFMChain.hpp>
37 #include <xsec/transformers/TXFMCipher.hpp>
38 #include <xsec/transformers/TXFMBase64.hpp>
39 #include <xsec/transformers/TXFMSB.hpp>
40 #include <xsec/xenc/XENCEncryptionMethod.hpp>
41
42 #include "../../utils/XSECAutoPtr.hpp"
43 #include "../../utils/XSECDOMUtils.hpp"
44
45 #include "XENCAlgorithmHandlerDefault.hpp"
46
47 #include <xercesc/dom/DOM.hpp>
48 #include <xercesc/util/Janitor.hpp>
49
50 XERCES_CPP_NAMESPACE_USE
51
52 #define _MY_MAX_KEY_SIZE 2048
53
54 unsigned char s_3DES_CMS_IV [] = {
55 0x4a,
56 0xdd,
57 0xa2,
58 0x2c,
59 0x79,
60 0xe8,
61 0x21,
62 0x05
63 };
64
65 unsigned char s_AES_IV [] = {
66
67 0xA6,
68 0xA6,
69 0xA6,
70 0xA6,
71 0xA6,
72 0xA6,
73 0xA6,
74 0xA6
75
76 };
77
78 // --------------------------------------------------------------------------------
79 // Compare URI to key type
80 // --------------------------------------------------------------------------------
81
mapURIToKey(const XMLCh * uri,const XSECCryptoKey * key,XSECCryptoKey::KeyType & kt,XSECCryptoSymmetricKey::SymmetricKeyType & skt,bool & isSymmetricKeyWrap,XSECCryptoSymmetricKey::SymmetricKeyMode & skm,unsigned int & taglen) const82 void XENCAlgorithmHandlerDefault::mapURIToKey(const XMLCh* uri,
83 const XSECCryptoKey* key,
84 XSECCryptoKey::KeyType& kt,
85 XSECCryptoSymmetricKey::SymmetricKeyType& skt,
86 bool& isSymmetricKeyWrap,
87 XSECCryptoSymmetricKey::SymmetricKeyMode& skm,
88 unsigned int& taglen) const {
89
90 if (key == NULL) {
91 throw XSECException(XSECException::CipherError,
92 "XENCAlgorithmHandlerDefault::mapURIToKey - trying to process a NULL key");
93 }
94
95 XSECCryptoSymmetricKey* keySymmetric;
96 bool keyOK = false;
97
98 kt = key->getKeyType();
99 skt = XSECCryptoSymmetricKey::KEY_NONE;
100 isSymmetricKeyWrap = false;
101 skm = XSECCryptoSymmetricKey::MODE_NONE;
102 taglen = 0;
103
104 switch (kt) {
105
106 case XSECCryptoKey::KEY_RSA_PUBLIC :
107 case XSECCryptoKey::KEY_RSA_PAIR :
108 case XSECCryptoKey::KEY_RSA_PRIVATE :
109 keyOK = strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_1_5) ||
110 strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1) ||
111 strEquals(uri, DSIGConstants::s_unicodeStrURIRSA_OAEP);
112 break;
113
114 case XSECCryptoKey::KEY_SYMMETRIC :
115
116 keySymmetric = (XSECCryptoSymmetricKey*) key;
117 if (keySymmetric != NULL) {
118 skt = keySymmetric->getSymmetricKeyType();
119
120 switch (skt) {
121
122 case XSECCryptoSymmetricKey::KEY_3DES_192 :
123 if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_3DES)) {
124 keyOK = true;
125 isSymmetricKeyWrap = true;
126 skm = XSECCryptoSymmetricKey::MODE_CBC;
127 }
128 else if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
129 keyOK = true;
130 skm = XSECCryptoSymmetricKey::MODE_CBC;
131 }
132 break;
133
134 case XSECCryptoSymmetricKey::KEY_AES_128 :
135 if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES128) || strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES128_PAD)) {
136 keyOK = true;
137 isSymmetricKeyWrap = true;
138 skm = XSECCryptoSymmetricKey::MODE_ECB;
139 }
140 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC)) {
141 keyOK = true;
142 skm = XSECCryptoSymmetricKey::MODE_CBC;
143 }
144 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_GCM)) {
145 keyOK = true;
146 skm = XSECCryptoSymmetricKey::MODE_GCM;
147 taglen = 16;
148 }
149 break;
150
151 case XSECCryptoSymmetricKey::KEY_AES_192 :
152 if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES192) || strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES192_PAD)) {
153 keyOK = true;
154 isSymmetricKeyWrap = true;
155 skm = XSECCryptoSymmetricKey::MODE_ECB;
156 }
157 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC)) {
158 keyOK = true;
159 skm = XSECCryptoSymmetricKey::MODE_CBC;
160 }
161 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_GCM)) {
162 keyOK = true;
163 skm = XSECCryptoSymmetricKey::MODE_GCM;
164 taglen = 16;
165 }
166 break;
167
168 case XSECCryptoSymmetricKey::KEY_AES_256 :
169 if (strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES256) || strEquals(uri, DSIGConstants::s_unicodeStrURIKW_AES256_PAD)) {
170 keyOK = true;
171 isSymmetricKeyWrap = true;
172 skm = XSECCryptoSymmetricKey::MODE_ECB;
173 }
174 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC)) {
175 keyOK = true;
176 skm = XSECCryptoSymmetricKey::MODE_CBC;
177 }
178 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_GCM)) {
179 keyOK = true;
180 skm = XSECCryptoSymmetricKey::MODE_GCM;
181 taglen = 16;
182 }
183 break;
184
185 default:
186 break;
187 }
188 }
189 break;
190
191 default:
192 break;
193 }
194
195 if (keyOK == false) {
196 throw XSECException(XSECException::CipherError,
197 "XENCAlgorithmHandlerDefault::mapURIToKey - key inappropriate for URI");
198 }
199 }
200
201 // --------------------------------------------------------------------------------
202 // AES Key wrap/unwrap
203 // --------------------------------------------------------------------------------
204
unwrapKeyAES(TXFMChain * cipherText,const XSECCryptoKey * key,safeBuffer & result) const205 unsigned int XENCAlgorithmHandlerDefault::unwrapKeyAES(
206 TXFMChain* cipherText,
207 const XSECCryptoKey* key,
208 safeBuffer& result) const {
209
210 // Cat the encrypted key
211 XMLByte buf[_MY_MAX_KEY_SIZE];
212 XMLByte aesBuf[16];
213 XMLByte aesOutBuf[16];
214 TXFMBase* b = cipherText->getLastTxfm();
215 unsigned int sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);
216
217 if (sz <= 0) {
218 throw XSECException(XSECException::CipherError,
219 "XENCAlgorithmHandlerDefault - AES Wrapped Key not found");
220 }
221
222 if (sz == _MY_MAX_KEY_SIZE) {
223 throw XSECException(XSECException::CipherError,
224 "XENCAlgorithmHandlerDefault - Key to decrypt too big!");
225 }
226
227 // Find number of blocks, and ensure we are a multiple of 64 bits
228 if (sz % 8 != 0) {
229 throw XSECException(XSECException::CipherError,
230 "XENCAlgorithmHandlerDefault - AES wrapped key not a multiple of 64");
231 }
232
233 // Do the decrypt - this cast will throw if wrong, but we should
234 // not have been able to get through algorithm checks otherwise
235 XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;
236
237 int blocks = sz / 8;
238 int n = blocks - 1;
239 for (int j = 5; j >= 0; j--) {
240 for (int i = n ; i > 0 ; --i) {
241
242 // Gather blocks to decrypt
243 // A
244 memcpy(aesBuf, buf, 8);
245 // Ri
246 memcpy(&aesBuf[8], &buf[8* i], 8);
247 // A mod t
248 aesBuf[7] ^= ((n * j) + i);
249
250 // do decrypt
251 sk->decryptInit(false, XSECCryptoSymmetricKey::MODE_ECB); // No padding
252 int sz = sk->decrypt(aesBuf, aesOutBuf, 16, 16);
253 sz += sk->decryptFinish(&aesOutBuf[sz], 16 - sz);
254
255 if (sz != 16) {
256 throw XSECException(XSECException::CipherError,
257 "XENCAlgorithmHandlerDefault - Error performing decrypt in AES Unwrap");
258 }
259
260 // Copy back to where we are
261 // A
262 memcpy(buf, aesOutBuf, 8);
263 // Ri
264 memcpy(&buf[8 * i], &aesOutBuf[8], 8);
265 }
266 }
267
268 // Check is valid
269 if (memcmp(buf, s_AES_IV, 8) != 0) {
270 throw XSECException(XSECException::CipherError,
271 "XENCAlgorithmHandlerDefault - decrypt failed - AES IV is not correct");
272 }
273
274 // Copy to safebuffer
275 result.sbMemcpyIn(&buf[8], n * 8);
276
277 return n * 8;
278 }
279
wrapKeyAES(TXFMChain * cipherText,const XSECCryptoKey * key,safeBuffer & result) const280 bool XENCAlgorithmHandlerDefault::wrapKeyAES(
281 TXFMChain* cipherText,
282 const XSECCryptoKey* key,
283 safeBuffer& result) const {
284
285 // get the raw key
286 XMLByte buf[_MY_MAX_KEY_SIZE + 8];
287 memcpy(buf, s_AES_IV, 8);
288 XMLByte aesBuf[16];
289 XMLByte aesOutBuf[32]; // Give this an extra block for WinCAPI
290 TXFMBase* b = cipherText->getLastTxfm();
291 unsigned int sz = (unsigned int) b->readBytes(&buf[8], _MY_MAX_KEY_SIZE);
292
293 if (sz <= 0) {
294 throw XSECException(XSECException::CipherError,
295 "XENCAlgorithmHandlerDefault - Key not found");
296 }
297
298 if (sz == _MY_MAX_KEY_SIZE) {
299 throw XSECException(XSECException::CipherError,
300 "XENCAlgorithmHandlerDefault - Key to encrypt too big!");
301 }
302
303 // Find number of blocks, and ensure we are a multiple of 64 bits
304 if (sz % 8 != 0) {
305 throw XSECException(XSECException::CipherError,
306 "XENCAlgorithmHandlerDefault - AES wrapped key not a multiple of 64");
307 }
308
309 // Do the decrypt - this cast will throw if wrong, but we should
310 // not have been able to get through algorithm checks otherwise
311 XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;
312
313 int n = sz / 8;
314
315 for (int j = 0; j <= 5; ++j) {
316 for (int i = 1 ; i <= n ; ++i) {
317
318 // Gather blocks to decrypt
319 // A
320 memcpy(aesBuf, buf, 8);
321 // Ri
322 memcpy(&aesBuf[8], &buf[8 * i], 8);
323
324 // do encrypt
325 sk->encryptInit(false, XSECCryptoSymmetricKey::MODE_ECB);
326 int sz = sk->encrypt(aesBuf, aesOutBuf, 16, 32);
327 sz += sk->encryptFinish(&aesOutBuf[sz], 32 - sz);
328
329 if (sz != 16) {
330 throw XSECException(XSECException::CipherError,
331 "XENCAlgorithmHandlerDefault - Error performing encrypt in AES wrap");
332 }
333
334 // Copy back to where we are
335 // A
336 memcpy(buf, aesOutBuf, 8);
337 // A mod t
338 buf[7] ^= ((n * j) + i);
339 // Ri
340 memcpy(&buf[8 * i], &aesOutBuf[8], 8);
341 }
342 }
343
344 // Now we have to base64 encode
345 XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();
346
347 if (!b64) {
348 throw XSECException(XSECException::CryptoProviderError,
349 "XENCAlgorithmHandlerDefault - Error getting base64 encoder in AES wrap");
350 }
351
352 Janitor<XSECCryptoBase64> j_b64(b64);
353 unsigned char* b64Buffer;
354 int bufLen = ((n + 1) * 8) * 3;
355 XSECnew(b64Buffer, unsigned char[bufLen + 1]);// Overkill
356 ArrayJanitor<unsigned char> j_b64Buffer(b64Buffer);
357
358 b64->encodeInit();
359 int outputLen = b64->encode (buf, (n+1) * 8, b64Buffer, bufLen);
360 outputLen += b64->encodeFinish(&b64Buffer[outputLen], bufLen - outputLen);
361 b64Buffer[outputLen] = '\0';
362
363 // Copy to safebuffer
364 result.sbStrcpyIn((const char*) b64Buffer);
365
366 return true;
367 }
368
369 // --------------------------------------------------------------------------------
370 // DES CMS Key wrap/unwrap
371 // --------------------------------------------------------------------------------
372
unwrapKey3DES(TXFMChain * cipherText,const XSECCryptoKey * key,safeBuffer & result) const373 unsigned int XENCAlgorithmHandlerDefault::unwrapKey3DES(
374 TXFMChain* cipherText,
375 const XSECCryptoKey* key,
376 safeBuffer& result) const {
377
378 // Perform an unwrap on the key
379 safeBuffer cipherSB;
380
381 // Cat the encrypted key
382 XMLByte buf[_MY_MAX_KEY_SIZE];
383 TXFMBase* b = cipherText->getLastTxfm();
384 unsigned int offset = 0;
385 unsigned int sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);
386
387 while (sz > 0) {
388 cipherSB.sbMemcpyIn(offset, buf, sz);
389 offset += sz;
390 sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);
391 }
392
393 if (offset > _MY_MAX_KEY_SIZE) {
394 throw XSECException(XSECException::CipherError,
395 "XENCAlgorithmHandlerDefault - Key to decrypt too big!");
396 }
397
398 // Do the decrypt - this cast will throw if wrong, but we should
399 // not have been able to get through algorithm checks otherwise
400 XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;
401
402 sk->decryptInit(false, XSECCryptoSymmetricKey::MODE_CBC, s_3DES_CMS_IV);
403 // If key is bigger than this, then we have a problem
404 sz = sk->decrypt(cipherSB.rawBuffer(), buf, offset, _MY_MAX_KEY_SIZE);
405
406 sz += sk->decryptFinish(&buf[sz], _MY_MAX_KEY_SIZE - sz);
407
408 if (sz <= 0) {
409 throw XSECException(XSECException::CipherError,
410 "XENCAlgorithmHandlerDefault - Error decrypting key!");
411 }
412
413 // We now have the first cut, reverse the cipher text
414 XMLByte buf2[_MY_MAX_KEY_SIZE];
415 for (unsigned int i = 0; i < sz; ++ i) {
416 buf2[sz - i - 1] = buf[i];
417 }
418
419 // decrypt again
420 sk->decryptInit(false);
421 offset = sk->decrypt(buf2, buf, sz, _MY_MAX_KEY_SIZE);
422 offset += sk->decryptFinish(&buf[offset], _MY_MAX_KEY_SIZE - offset);
423
424 // Calculate the CMS Key Checksum
425 XSECCryptoHash* sha1 = XSECPlatformUtils::g_cryptoProvider->hash(XSECCryptoHash::HASH_SHA1);
426 if (!sha1) {
427 throw XSECException(XSECException::CryptoProviderError,
428 "XENCAlgorithmHandlerDefault - Error getting SHA-1 object in 3DES unwrap");
429 }
430 Janitor<XSECCryptoHash> j_sha1(sha1);
431 sha1->reset();
432 sha1->hash(buf, offset - 8);
433 sha1->finish(buf2, _MY_MAX_KEY_SIZE);
434
435 // Compare
436 for (unsigned int j = 0; j < 8; ++j) {
437 if (buf[offset - 8 + j] != buf2[j]) {
438 throw XSECException(XSECException::CipherError,
439 "XENCAlgorithmHandlerDefault::unwrapKey3DES - CMS Key Checksum does not match");
440 }
441 }
442
443 result.sbMemcpyIn(buf, offset - 8);
444
445 return offset - 8;
446 }
447
wrapKey3DES(TXFMChain * cipherText,const XSECCryptoKey * key,safeBuffer & result) const448 bool XENCAlgorithmHandlerDefault::wrapKey3DES(
449 TXFMChain* cipherText,
450 const XSECCryptoKey* key,
451 safeBuffer& result) const {
452
453 // Cat the plaintext key
454 XMLByte buf[_MY_MAX_KEY_SIZE + 16];
455 TXFMBase* b = cipherText->getLastTxfm();
456 int offset = 0;
457 unsigned int sz = (unsigned int) b->readBytes(buf, _MY_MAX_KEY_SIZE);
458
459 if (sz <= 0) {
460 throw XSECException(XSECException::CipherError,
461 "XENCAlgorithmHandlerDefault::wrapKey3DES - Unable to read key");
462 }
463
464 if (sz >= _MY_MAX_KEY_SIZE) {
465 throw XSECException(XSECException::CipherError,
466 "XENCAlgorithmHandlerDefault::wrapKey3DES - Key to decrypt too big!");
467 }
468
469 if (sz % 8 != 0) {
470 throw XSECException(XSECException::CipherError,
471 "XENCAlgorithmHandlerDefault::wrapKey3DES - Key to encrypt not a multiple of 8 bytes");
472 }
473
474 // Calculate the CMS Key Checksum
475
476 // Do the first encrypt
477 XMLByte buf2[_MY_MAX_KEY_SIZE + 16];
478
479 XSECCryptoHash* sha1 = XSECPlatformUtils::g_cryptoProvider->hash(XSECCryptoHash::HASH_SHA1);
480 if (!sha1) {
481 throw XSECException(XSECException::CryptoProviderError,
482 "XENCAlgorithmHandlerDefault - Error getting SHA-1 object in 3DES wrap");
483 }
484 Janitor<XSECCryptoHash> j_sha1(sha1);
485 sha1->reset();
486 sha1->hash(buf, sz);
487 sha1->finish(buf2, _MY_MAX_KEY_SIZE);
488
489 for (int j = 0; j < 8 ; ++j)
490 buf[sz++] = buf2[j];
491
492 // Do the first encrypt - this cast will throw if wrong, but we should
493 // not have been able to get through algorithm checks otherwise
494 XSECCryptoSymmetricKey* sk = (XSECCryptoSymmetricKey*) key;
495
496 sk->encryptInit(false);
497 // If key is bigger than this, then we have a problem
498 sz = sk->encrypt(buf, buf2, sz, _MY_MAX_KEY_SIZE);
499 sz += sk->encryptFinish(&buf2[sz], _MY_MAX_KEY_SIZE - sz);
500
501 if (sz <= 0) {
502 throw XSECException(XSECException::CipherError,
503 "XENCAlgorithmHandlerDefault::wrapKey3DES - Error encrypting key!");
504 }
505
506 // We now have the first cut, reverse the cipher text
507 for (unsigned int i = 0; i < sz; ++ i) {
508 buf[sz - i - 1] = buf2[i];
509 }
510
511 // encrypt again
512 sk->encryptInit(false, XSECCryptoSymmetricKey::MODE_CBC, s_3DES_CMS_IV);
513 offset = sk->encrypt(buf, buf2, sz, _MY_MAX_KEY_SIZE);
514 offset += sk->encryptFinish(&buf2[offset], _MY_MAX_KEY_SIZE - offset);
515
516 // Base64 encode
517 XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();
518
519 if (!b64) {
520 throw XSECException(XSECException::CryptoProviderError,
521 "XENCAlgorithmHandlerDefault - Error getting base64 encoder in 3DES wrap");
522 }
523
524 Janitor<XSECCryptoBase64> j_b64(b64);
525 unsigned char* b64Buffer;
526 int bufLen = (offset + 9) * 3;
527 XSECnew(b64Buffer, unsigned char[bufLen + 1]);// Overkill
528 ArrayJanitor<unsigned char> j_b64Buffer(b64Buffer);
529
530 b64->encodeInit();
531 int outputLen = b64->encode (&buf2[8], offset-8, b64Buffer, bufLen);
532 outputLen += b64->encodeFinish(&b64Buffer[outputLen], bufLen - outputLen);
533 b64Buffer[outputLen] = '\0';
534
535 // Copy to safebuffer
536 result.sbStrcpyIn((const char*) b64Buffer);
537
538 return true;
539 }
540
541 // --------------------------------------------------------------------------------
542 // InputStream decryption
543 // --------------------------------------------------------------------------------
544
appendDecryptCipherTXFM(TXFMChain * cipherText,XENCEncryptionMethod * encryptionMethod,const XSECCryptoKey * key,XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc) const545 bool XENCAlgorithmHandlerDefault::appendDecryptCipherTXFM(
546 TXFMChain* cipherText,
547 XENCEncryptionMethod* encryptionMethod,
548 const XSECCryptoKey* key,
549 XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc
550 ) const {
551
552 // We only support this for bulk Symmetric key algorithms
553
554 XSECCryptoKey::KeyType kt;
555 XSECCryptoSymmetricKey::SymmetricKeyType skt;
556 bool isKeyWrap = false;
557 XSECCryptoSymmetricKey::SymmetricKeyMode skm;
558 unsigned int taglen;
559
560 mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap, skm, taglen);
561 if (kt != XSECCryptoKey::KEY_SYMMETRIC || isKeyWrap == true) {
562 throw XSECException(XSECException::CipherError,
563 "XENCAlgorithmHandlerDefault::appendDecryptCipherTXFM - only supports bulk symmetric algorithms");
564 }
565
566 if (skm == XSECCryptoSymmetricKey::MODE_GCM) {
567
568 // GCM doesn't fit the pipelined model of the existing code, so we have a custom
569 // routine that decrypts to a safeBuffer directly.
570 safeBuffer result;
571 unsigned int sz = doGCMDecryptToSafeBuffer(cipherText, key, taglen, result);
572
573 // Now we hijack the original tansform chain with a safeBuffer-sourced link.
574 TXFMSB* tsb;
575 XSECnew(tsb, TXFMSB(doc));
576 tsb->setInput(result, sz);
577 cipherText->appendTxfm(tsb);
578 result.cleanseBuffer();
579 return true;
580 }
581
582
583 // Add the decryption TXFM
584 TXFMCipher* tcipher;
585 XSECnew(tcipher, TXFMCipher(doc, key, false));
586 cipherText->appendTxfm(tcipher);
587
588 return true;
589 }
590
591
592 // --------------------------------------------------------------------------------
593 // GCM SafeBuffer decryption
594 // --------------------------------------------------------------------------------
595
doGCMDecryptToSafeBuffer(TXFMChain * cipherText,const XSECCryptoKey * key,unsigned int taglen,safeBuffer & result) const596 unsigned int XENCAlgorithmHandlerDefault::doGCMDecryptToSafeBuffer(
597 TXFMChain* cipherText,
598 const XSECCryptoKey* key,
599 unsigned int taglen,
600 safeBuffer& result) const {
601
602 // Only works with symmetric key
603 if (key->getKeyType() != XSECCryptoKey::KEY_SYMMETRIC) {
604 throw XSECException(XSECException::CipherError,
605 "XENCAlgorithmHandlerDefault - GCM Decrypt must use symmetric key");
606 }
607
608 // First read in all the data so we can get to the tag.
609 safeBuffer cipherBuf("");
610 XMLByte inbuf[3072];
611 unsigned int szTotal = 0, sz = cipherText->getLastTxfm()->readBytes(inbuf, 3072);
612 while (sz > 0) {
613 cipherBuf.sbMemcpyIn(szTotal, inbuf, sz);
614 szTotal += sz;
615 sz = cipherText->getLastTxfm()->readBytes(inbuf, 3072);
616 }
617
618 if (szTotal <= taglen) {
619 throw XSECException(XSECException::CipherError,
620 "XENCAlgorithmHandlerDefault - GCM ciphertext size not large enough to include authentication tag");
621 }
622
623 const unsigned char* cipherPtr = cipherBuf.rawBuffer();
624
625 // Init the cipher with the tag at the end of the cipher text and omit it from later decryption.
626 szTotal -= taglen;
627 ((XSECCryptoSymmetricKey*) key)->decryptInit(false, XSECCryptoSymmetricKey::MODE_GCM, NULL, cipherPtr + szTotal, taglen);
628
629 unsigned int plainOffset = 0;
630 do {
631 // Feed the data in at most 2048-byte chunks.
632 sz = ((XSECCryptoSymmetricKey*) key)->decrypt(cipherPtr, inbuf, (szTotal > 2048 ? 2048 : szTotal), 3072);
633 cipherPtr += (szTotal > 2048 ? 2048 : szTotal);
634 szTotal -= (szTotal > 2048 ? 2048 : szTotal);
635 if (sz > 0) {
636 result.sbMemcpyIn(plainOffset, inbuf, sz);
637 plainOffset += sz;
638 }
639 } while (szTotal > 0);
640
641 // Wrap it up.
642 sz = ((XSECCryptoSymmetricKey*) key)->decryptFinish(inbuf, 3072);
643 if (sz > 0) {
644 result.sbMemcpyIn(plainOffset, inbuf, sz);
645 plainOffset += sz;
646 }
647
648 // In case any plaintext is left lying around.
649 memset(inbuf, 0, 3072);
650 return plainOffset;
651 }
652
653 // --------------------------------------------------------------------------------
654 // RSA SafeBuffer decryption
655 // --------------------------------------------------------------------------------
656
doRSADecryptToSafeBuffer(TXFMChain * cipherText,XENCEncryptionMethod * encryptionMethod,const XSECCryptoKey * key,DOMDocument * doc,safeBuffer & result) const657 unsigned int XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer(
658 TXFMChain* cipherText,
659 XENCEncryptionMethod* encryptionMethod,
660 const XSECCryptoKey* key,
661 DOMDocument* doc,
662 safeBuffer& result) const {
663
664 // Only works with RSA_PRIVATE or PAIR
665 if (key->getKeyType() == XSECCryptoKey::KEY_RSA_PUBLIC) {
666 throw XSECException(XSECException::CipherError,
667 "XENCAlgorithmHandlerDefault - RSA Decrypt must use private key");
668 }
669
670 // Know this is an RSA key, so just cast
671
672 XSECCryptoKeyRSA* rsa = (XSECCryptoKeyRSA*) key;
673
674 // Allocate an output buffer
675 unsigned char* decBuf;
676 XSECnew(decBuf, unsigned char[rsa->getLength()]);
677 ArrayJanitor<unsigned char> j_decBuf(decBuf);
678
679 // Input
680 TXFMBase* b = cipherText->getLastTxfm();
681 safeBuffer cipherSB;
682 XMLByte buf[1024];
683 unsigned int offset = 0;
684
685 unsigned int bytesRead = (unsigned int) b->readBytes(buf, 1024);
686 while (bytesRead > 0) {
687 cipherSB.sbMemcpyIn(offset, buf, bytesRead);
688 offset += bytesRead;
689 bytesRead = (unsigned int) b->readBytes(buf, 1024);
690 }
691
692 unsigned int decryptLen;
693
694 // Now we find out what kind of padding
695 if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_1_5)) {
696
697 // Do decrypt
698 decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
699 decBuf,
700 offset,
701 rsa->getLength(),
702 XSECCryptoKeyRSA::PAD_PKCS_1_5);
703 }
704 else if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1) ||
705 strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP)) {
706
707 const XMLCh* digmeth = encryptionMethod->getDigestMethod();
708 if (!digmeth|| !*digmeth) {
709 digmeth = DSIGConstants::s_unicodeStrURISHA1;
710 }
711
712 const XMLCh* mgfalg = encryptionMethod->getMGF();
713 if (!mgfalg || !*mgfalg) {
714 mgfalg = DSIGConstants::s_unicodeStrURIMGF1_SHA1;
715 }
716
717 // Read out any OAEP params
718 unsigned char* oaepParamsBuf = NULL;
719 unsigned int oaepParamsLen = 0;
720
721 const XMLCh* oaepParams = encryptionMethod->getOAEPparams();
722 if (oaepParams != NULL) {
723 XSECAutoPtrChar oaepParamsStr(oaepParams);
724
725 unsigned int bufLen = (unsigned int) strlen(oaepParamsStr.get());
726 oaepParamsBuf = new unsigned char[bufLen];
727
728 XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();
729 Janitor<XSECCryptoBase64> j_b64(b64);
730
731 b64->decodeInit();
732 oaepParamsLen = b64->decode((unsigned char*) oaepParamsStr.get(), bufLen, oaepParamsBuf, bufLen);
733 oaepParamsLen += b64->decodeFinish(&oaepParamsBuf[oaepParamsLen], bufLen - oaepParamsLen);
734 }
735
736 ArrayJanitor<unsigned char> j_oaepParamsBuf(oaepParamsBuf);
737
738 decryptLen = rsa->privateDecrypt(cipherSB.rawBuffer(),
739 decBuf,
740 offset,
741 rsa->getLength(),
742 XSECCryptoKeyRSA::PAD_OAEP,
743 digmeth,
744 mgfalg,
745 oaepParamsBuf,
746 oaepParamsLen);
747
748 }
749
750 else {
751 throw XSECException(XSECException::CipherError,
752 "XENCAlgorithmHandlerDefault::doRSADecryptToSafeBuffer - Unknown padding type");
753 }
754 // Copy to output
755 result.sbMemcpyIn(decBuf, decryptLen);
756
757 memset(decBuf, 0, decryptLen);
758
759 return decryptLen;
760 }
761
762 // --------------------------------------------------------------------------------
763 // SafeBuffer decryption
764 // --------------------------------------------------------------------------------
765
decryptToSafeBuffer(TXFMChain * cipherText,XENCEncryptionMethod * encryptionMethod,const XSECCryptoKey * key,DOMDocument * doc,safeBuffer & result) const766 unsigned int XENCAlgorithmHandlerDefault::decryptToSafeBuffer(
767 TXFMChain* cipherText,
768 XENCEncryptionMethod* encryptionMethod,
769 const XSECCryptoKey* key,
770 DOMDocument* doc,
771 safeBuffer& result
772 ) const {
773
774 XSECCryptoKey::KeyType kt;
775 XSECCryptoSymmetricKey::SymmetricKeyType skt;
776 bool isKeyWrap = false;
777 XSECCryptoSymmetricKey::SymmetricKeyMode skm;
778 unsigned int taglen;
779
780 if (encryptionMethod == NULL) {
781 throw XSECException(XSECException::CipherError,
782 "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - Cannot operate with NULL encryption Method");
783 }
784
785
786 // Check the uri against the key type
787 mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap, skm, taglen);
788
789 // RSA?
790 if (kt == XSECCryptoKey::KEY_RSA_PAIR ||
791 kt == XSECCryptoKey::KEY_RSA_PUBLIC ||
792 kt == XSECCryptoKey::KEY_RSA_PRIVATE) {
793
794 return doRSADecryptToSafeBuffer(cipherText, encryptionMethod, key, doc, result);
795
796 }
797
798 // Ensure is symmetric before we continue
799 if (kt != XSECCryptoKey::KEY_SYMMETRIC) {
800 throw XSECException(XSECException::CipherError,
801 "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - Not an RSA key, but not symmetric");
802 }
803
804 // Key wrap?
805
806 if (isKeyWrap == true) {
807
808 if (skt == XSECCryptoSymmetricKey::KEY_AES_128 ||
809 skt == XSECCryptoSymmetricKey::KEY_AES_192 ||
810 skt == XSECCryptoSymmetricKey::KEY_AES_256) {
811
812 return unwrapKeyAES(cipherText, key, result);
813 }
814 else if (skt == XSECCryptoSymmetricKey::KEY_3DES_192) {
815 return unwrapKey3DES(cipherText, key, result);
816 }
817 else {
818 throw XSECException(XSECException::CipherError,
819 "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - don't know how to do key wrap for algorithm");
820 }
821 }
822
823 if (skm == XSECCryptoSymmetricKey::MODE_GCM) {
824 // GCM doesn't fit the pipelined model of the existing code, so we have a custom
825 // routine that decrypts to a safeBuffer directly.
826 return doGCMDecryptToSafeBuffer(cipherText, key, taglen, result);
827 }
828
829 // It's symmetric and it's not a key wrap or GCM, so just treat as a block algorithm.
830
831 TXFMCipher* tcipher;
832 XSECnew(tcipher, TXFMCipher(doc, key, false));
833
834 cipherText->appendTxfm(tcipher);
835
836 // Do the decrypt to the safeBuffer.
837
838 result.sbStrcpyIn("");
839 unsigned int offset = 0;
840 XMLByte buf[1024];
841 TXFMBase* b = cipherText->getLastTxfm();
842
843 unsigned int bytesRead = (unsigned int) b->readBytes(buf, 1024);
844 while (bytesRead > 0) {
845 result.sbMemcpyIn(offset, buf, bytesRead);
846 offset += bytesRead;
847 bytesRead = (unsigned int) b->readBytes(buf, 1024);
848 }
849
850 result[offset] = '\0';
851
852 return offset;
853 }
854
855 // --------------------------------------------------------------------------------
856 // RSA SafeBuffer encryption
857 // --------------------------------------------------------------------------------
858
doRSAEncryptToSafeBuffer(TXFMChain * plainText,XENCEncryptionMethod * encryptionMethod,const XSECCryptoKey * key,XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc,safeBuffer & result) const859 bool XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer(
860 TXFMChain* plainText,
861 XENCEncryptionMethod* encryptionMethod,
862 const XSECCryptoKey* key,
863 XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
864 safeBuffer& result
865 ) const {
866
867 // Only works with RSA_PRIVATE or PAIR
868 if (key->getKeyType() == XSECCryptoKey::KEY_RSA_PRIVATE) {
869 throw XSECException(XSECException::CipherError,
870 "XENCAlgorithmHandlerDefault - RSA Encrypt must use public key");
871 }
872
873 XSECCryptoKeyRSA* rsa = (XSECCryptoKeyRSA*) key;
874
875 // Allocate an output buffer
876 unsigned char* encBuf;
877 XSECnew(encBuf, unsigned char[rsa->getLength()]);
878 ArrayJanitor<unsigned char> j_encBuf(encBuf);
879
880 // Input
881 TXFMBase* b = plainText->getLastTxfm();
882 safeBuffer plainSB;
883 plainSB.isSensitive();
884
885 XMLByte buf[1024];
886 unsigned int offset = 0;
887
888 unsigned int bytesRead = (unsigned int) b->readBytes(buf, 1024);
889 while (bytesRead > 0) {
890 plainSB.sbMemcpyIn(offset, buf, bytesRead);
891 offset += bytesRead;
892 bytesRead = (unsigned int) b->readBytes(buf, 1024);
893 }
894
895 unsigned int encryptLen;
896
897 // Do encrypt
898 if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_1_5)) {
899 encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
900 encBuf,
901 offset,
902 rsa->getLength(),
903 XSECCryptoKeyRSA::PAD_PKCS_1_5);
904 }
905
906 else if (strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1) ||
907 strEquals(encryptionMethod->getAlgorithm(), DSIGConstants::s_unicodeStrURIRSA_OAEP)) {
908
909 const XMLCh* digmeth = encryptionMethod->getDigestMethod();
910 if (!digmeth || !*digmeth) {
911 digmeth = DSIGConstants::s_unicodeStrURISHA1;
912 }
913
914 const XMLCh* mgfalg = encryptionMethod->getMGF();
915 if (!mgfalg || !*mgfalg) {
916 mgfalg = DSIGConstants::s_unicodeStrURIMGF1_SHA1;
917 }
918
919 // Read out any OAEP params
920 unsigned char* oaepParamsBuf = NULL;
921 unsigned int oaepParamsLen = 0;
922
923 const XMLCh* oaepParams = encryptionMethod->getOAEPparams();
924 if (oaepParams != NULL) {
925 XSECAutoPtrChar oaepParamsStr(oaepParams);
926
927 unsigned int bufLen = (unsigned int) strlen(oaepParamsStr.get());
928 oaepParamsBuf = new unsigned char[bufLen];
929
930 XSECCryptoBase64* b64 = XSECPlatformUtils::g_cryptoProvider->base64();
931 Janitor<XSECCryptoBase64> j_b64(b64);
932
933 b64->decodeInit();
934 oaepParamsLen = b64->decode((unsigned char*) oaepParamsStr.get(), bufLen, oaepParamsBuf, bufLen);
935 oaepParamsLen += b64->decodeFinish(&oaepParamsBuf[oaepParamsLen], bufLen - oaepParamsLen);
936 }
937
938 ArrayJanitor<unsigned char> j_oaepParamsBuf(oaepParamsBuf);
939
940 encryptLen = rsa->publicEncrypt(plainSB.rawBuffer(),
941 encBuf,
942 offset,
943 rsa->getLength(),
944 XSECCryptoKeyRSA::PAD_OAEP,
945 digmeth,
946 mgfalg,
947 oaepParamsBuf,
948 oaepParamsLen);
949 }
950 else {
951 throw XSECException(XSECException::CipherError,
952 "XENCAlgorithmHandlerDefault::doRSAEncryptToSafeBuffer - Unknown padding type");
953 }
954
955 // Now need to base64 encode
956 XSECCryptoBase64* b64 =
957 XSECPlatformUtils::g_cryptoProvider->base64();
958 Janitor<XSECCryptoBase64> j_b64(b64);
959
960 b64->encodeInit();
961 encryptLen = b64->encode(encBuf, encryptLen, buf, 1024);
962 result.sbMemcpyIn(buf, encryptLen);
963 unsigned int finalLen = b64->encodeFinish(buf, 1024);
964 result.sbMemcpyIn(encryptLen, buf, finalLen);
965 result[encryptLen + finalLen] = '\0';
966
967 // This is a string, so set the buffer correctly
968 result.setBufferType(safeBuffer::BUFFER_CHAR);
969
970 return true;
971 }
972
973
974 // --------------------------------------------------------------------------------
975 // SafeBuffer encryption
976 // --------------------------------------------------------------------------------
977
encryptToSafeBuffer(TXFMChain * plainText,XENCEncryptionMethod * encryptionMethod,const XSECCryptoKey * key,XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc,safeBuffer & result) const978 bool XENCAlgorithmHandlerDefault::encryptToSafeBuffer(
979 TXFMChain* plainText,
980 XENCEncryptionMethod* encryptionMethod,
981 const XSECCryptoKey* key,
982 XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
983 safeBuffer& result
984 ) const {
985
986 XSECCryptoKey::KeyType kt;
987 XSECCryptoSymmetricKey::SymmetricKeyType skt;
988 bool isKeyWrap = false;
989 XSECCryptoSymmetricKey::SymmetricKeyMode skm;
990 unsigned int taglen;
991
992 if (encryptionMethod == NULL) {
993 throw XSECException(XSECException::CipherError,
994 "XENCAlgorithmHandlerDefault::encryptToSafeBuffer - Cannot operate with NULL encryption Method");
995 }
996
997
998 // Check the uri against the key type
999 mapURIToKey(encryptionMethod->getAlgorithm(), key, kt, skt, isKeyWrap, skm, taglen);
1000
1001 // RSA?
1002 if (kt == XSECCryptoKey::KEY_RSA_PRIVATE ||
1003 kt == XSECCryptoKey::KEY_RSA_PUBLIC ||
1004 kt == XSECCryptoKey::KEY_RSA_PAIR) {
1005
1006 return doRSAEncryptToSafeBuffer(plainText, encryptionMethod, key, doc, result);
1007 }
1008
1009 // Ensure is symmetric before we continue
1010 if (kt != XSECCryptoKey::KEY_SYMMETRIC) {
1011 throw XSECException(XSECException::CipherError,
1012 "XENCAlgorithmHandlerDefault::encryptToSafeBuffer - Not an RSA key, but not symmetric");
1013 }
1014
1015 if (isKeyWrap == true) {
1016
1017 if (skt == XSECCryptoSymmetricKey::KEY_AES_128 ||
1018 skt == XSECCryptoSymmetricKey::KEY_AES_192 ||
1019 skt == XSECCryptoSymmetricKey::KEY_AES_256) {
1020
1021 return wrapKeyAES(plainText, key, result);
1022 }
1023
1024 if (skt == XSECCryptoSymmetricKey::KEY_3DES_192) {
1025 return wrapKey3DES(plainText, key, result);
1026 }
1027 else {
1028 throw XSECException(XSECException::CipherError,
1029 "XENCAlgorithmHandlerDefault::decryptToSafeBuffer - don't know how to do key wrap for algorithm");
1030 }
1031 }
1032
1033 // Must be bulk symmetric - do the encryption
1034
1035 TXFMCipher* tcipher;
1036 XSECnew(tcipher, TXFMCipher(doc, key, true, skm, taglen));
1037 plainText->appendTxfm(tcipher);
1038
1039 // Transform to Base64
1040 TXFMBase64* tb64;
1041 XSECnew(tb64, TXFMBase64(doc, false));
1042 plainText->appendTxfm(tb64);
1043
1044 // Read into the safeBuffer
1045 result = "";
1046
1047 result << plainText->getLastTxfm();
1048
1049 return true;
1050 }
1051 // --------------------------------------------------------------------------------
1052 // Key Creation
1053 // --------------------------------------------------------------------------------
1054
createKeyForURI(const XMLCh * uri,const unsigned char * keyBuffer,unsigned int keyLen) const1055 XSECCryptoKey* XENCAlgorithmHandlerDefault::createKeyForURI(
1056 const XMLCh* uri,
1057 const unsigned char* keyBuffer,
1058 unsigned int keyLen
1059 ) const {
1060
1061 XSECCryptoSymmetricKey* sk = NULL;
1062
1063 if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
1064 if (keyLen < 192 / 8)
1065 throw XSECException(XSECException::CipherError,
1066 "XENCAlgorithmHandlerDefault - key size was invalid");
1067 sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
1068 }
1069 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_GCM)) {
1070 if (keyLen < 128 / 8)
1071 throw XSECException(XSECException::CipherError,
1072 "XENCAlgorithmHandlerDefault - key size was invalid");
1073 sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
1074 }
1075 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_GCM)) {
1076 if (keyLen < 192 / 8)
1077 throw XSECException(XSECException::CipherError,
1078 "XENCAlgorithmHandlerDefault - key size was invalid");
1079 sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
1080 }
1081 else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_GCM)) {
1082 if (keyLen < 256 / 8)
1083 throw XSECException(XSECException::CipherError,
1084 "XENCAlgorithmHandlerDefault - key size was invalid");
1085 sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);
1086 }
1087
1088 if (sk != NULL) {
1089 sk->setKey(keyBuffer, keyLen);
1090 return sk;
1091 }
1092
1093 throw XSECException(XSECException::CipherError,
1094 "XENCAlgorithmHandlerDefault - URI Provided, but cannot create associated key");
1095 }
1096
1097
1098 // --------------------------------------------------------------------------------
1099 // Clone
1100 // --------------------------------------------------------------------------------
1101
clone(void) const1102 XSECAlgorithmHandler* XENCAlgorithmHandlerDefault::clone(void) const {
1103
1104 XENCAlgorithmHandlerDefault* ret;
1105 XSECnew(ret, XENCAlgorithmHandlerDefault);
1106
1107 return ret;
1108 }
1109
1110 // --------------------------------------------------------------------------------
1111 // Unsupported operations
1112 // --------------------------------------------------------------------------------
1113
signToSafeBuffer(TXFMChain * inputBytes,const XMLCh * URI,const XSECCryptoKey * key,unsigned int outputLength,safeBuffer & result) const1114 unsigned int XENCAlgorithmHandlerDefault::signToSafeBuffer(
1115 TXFMChain* inputBytes,
1116 const XMLCh* URI,
1117 const XSECCryptoKey* key,
1118 unsigned int outputLength,
1119 safeBuffer& result) const {
1120
1121 throw XSECException(XSECException::AlgorithmMapperError,
1122 "XENCAlgorithmHandlerDefault - Signature operations not supported");
1123 }
1124
1125
appendSignatureHashTxfm(TXFMChain * inputBytes,const XMLCh * URI,const XSECCryptoKey * key) const1126 bool XENCAlgorithmHandlerDefault::appendSignatureHashTxfm(
1127 TXFMChain* inputBytes,
1128 const XMLCh* URI,
1129 const XSECCryptoKey* key) const {
1130
1131 throw XSECException(XSECException::AlgorithmMapperError,
1132 "XENCAlgorithmHandlerDefault - Signature operations not supported");
1133 }
1134
verifyBase64Signature(TXFMChain * inputBytes,const XMLCh * URI,const char * sig,unsigned int outputLength,const XSECCryptoKey * key) const1135 bool XENCAlgorithmHandlerDefault::verifyBase64Signature(
1136 TXFMChain* inputBytes,
1137 const XMLCh* URI,
1138 const char* sig,
1139 unsigned int outputLength,
1140 const XSECCryptoKey* key) const {
1141
1142 throw XSECException(XSECException::AlgorithmMapperError,
1143 "XENCAlgorithmHandlerDefault - Signature operations not supported");
1144 }
1145
appendHashTxfm(TXFMChain * inputBytes,const XMLCh * URI) const1146 bool XENCAlgorithmHandlerDefault::appendHashTxfm(
1147 TXFMChain* inputBytes,
1148 const XMLCh* URI) const {
1149
1150 throw XSECException(XSECException::AlgorithmMapperError,
1151 "XENCAlgorithmHandlerDefault - Hash operations not supported");
1152 }
1153