From b15c7631343ea4da6f27b696eb863323d3cb8e1d Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 16 Sep 2009 08:58:26 +0000
Subject: [PATCH] SAML2_EncryptedAssertion: Add support for RSA_OAEP_MGF1P
 encryption.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1757 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/EncryptedAssertion.php | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/lib/SAML2/EncryptedAssertion.php b/lib/SAML2/EncryptedAssertion.php
index af87ec8fb..164e609e5 100644
--- a/lib/SAML2/EncryptedAssertion.php
+++ b/lib/SAML2/EncryptedAssertion.php
@@ -58,7 +58,8 @@ class SAML2_EncryptedAssertion {
 			$symmetricKey = $key;
 			break;
 
-		case  XMLSecurityKey::RSA_1_5:
+		case XMLSecurityKey::RSA_1_5:
+		case XMLSecurityKey::RSA_OAEP_MGF1P:
 			$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
 			$symmetricKey->generateSessionKey();
 
@@ -97,13 +98,26 @@ class SAML2_EncryptedAssertion {
 			throw new Exception('Could not locate <dsig:KeyInfo> for the encrypted key.');
 		}
 
+		$inputKeyAlgo = $inputKey->getAlgorith();
 		if ($symmetricKeyInfo->isEncrypted) {
-			/* Make sure that the input key  format is the same as the one used to encrypt the key. */
-			if ($inputKey->getAlgorith() !== $symmetricKeyInfo->getAlgorith()) {
+			$symKeyInfoAlgo = $symmetricKeyInfo->getAlgorith();
+
+			if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) {
+				/*
+				 * The RSA key formats are equal, so loading an RSA_1_5 key
+				 * into an RSA_OAEP_MGF1P key can be done without problems.
+				 * We therefore pretend that the input key is an
+				 * RSA_OAEP_MGF1P key.
+				 */
+				$inputKeyAlgo = XMLSecurityKey::RSA_OAEP_MGF1P;
+			}
+
+			/* Make sure that the input key format is the same as the one used to encrypt the key. */
+			if ($inputKeyAlgo !== $symKeyInfoAlgo) {
 				throw new Exception('Algorithm mismatch between input key and key used to encrypt ' .
 					' the symmetric key for the message. Key was: ' .
-					var_export($inputKey->getAlgorith(), TRUE) . '; message was: ' .
-					var_export($symmetricKeyInfo->getAlgorith(), TRUE));
+					var_export($inputKeyAlgo, TRUE) . '; message was: ' .
+					var_export($symKeyInfoAlgo, TRUE));
 			}
 
 			$encKey = $symmetricKeyInfo->encryptedCtx;
@@ -111,11 +125,12 @@ class SAML2_EncryptedAssertion {
 			$key = $encKey->decryptKey($symmetricKeyInfo);
 			$symmetricKey->loadkey($key);
 		} else {
+			$symKeyAlgo = $symmetricKey->getAlgorith();
 			/* Make sure that the input key has the correct format. */
-			if ($inputKey->getAlgorith() !== $symmetricKey->getAlgorith()) {
+			if ($inputKeyAlgo !== $symKeyAlgo) {
 				throw new Exception('Algorithm mismatch between input key and key in message. ' .
-					'Key was: ' . var_export($inputKey->getAlgorith(), TRUE) . '; message was: ' .
-					var_export($symmetricKey->getAlgorith(), TRUE));
+					'Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' .
+					var_export($symKeyAlgo, TRUE));
 			}
 			$symmetricKey = $inputKey;
 		}
-- 
GitLab