Skip to content
Snippets Groups Projects
Commit b15c7631 authored by Olav Morken's avatar Olav Morken
Browse files

SAML2_EncryptedAssertion: Add support for RSA_OAEP_MGF1P encryption. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1757 44740490-163a-0410-bde0-09ae8108e29a
parent 116aa447
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SAML2/EncryptedAssertion.php
+ 23
8
View file @ b15c7631
...@@ -58,7 +58,8 @@ class SAML2_EncryptedAssertion { ...@@ -58,7 +58,8 @@ class SAML2_EncryptedAssertion {
$symmetricKey = $key; $symmetricKey = $key;
break; break;
case XMLSecurityKey::RSA_1_5: case XMLSecurityKey::RSA_1_5:
case XMLSecurityKey::RSA_OAEP_MGF1P:
$symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC); $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
$symmetricKey->generateSessionKey(); $symmetricKey->generateSessionKey();
...@@ -97,13 +98,26 @@ class SAML2_EncryptedAssertion { ...@@ -97,13 +98,26 @@ class SAML2_EncryptedAssertion {
throw new Exception('Could not locate <dsig:KeyInfo> for the encrypted key.'); throw new Exception('Could not locate <dsig:KeyInfo> for the encrypted key.');
} }
$inputKeyAlgo = $inputKey->getAlgorith();
if ($symmetricKeyInfo->isEncrypted) { if ($symmetricKeyInfo->isEncrypted) {
/* Make sure that the input key format is the same as the one used to encrypt the key. */ $symKeyInfoAlgo = $symmetricKeyInfo->getAlgorith();
if ($inputKey->getAlgorith() !== $symmetricKeyInfo->getAlgorith()) {
if ($symKeyInfoAlgo === XMLSecurityKey::RSA_OAEP_MGF1P && $inputKeyAlgo === XMLSecurityKey::RSA_1_5) {
/*
* The RSA key formats are equal, so loading an RSA_1_5 key
* into an RSA_OAEP_MGF1P key can be done without problems.
* We therefore pretend that the input key is an
* RSA_OAEP_MGF1P key.
*/
$inputKeyAlgo = XMLSecurityKey::RSA_OAEP_MGF1P;
}
/* Make sure that the input key format is the same as the one used to encrypt the key. */
if ($inputKeyAlgo !== $symKeyInfoAlgo) {
throw new Exception('Algorithm mismatch between input key and key used to encrypt ' . throw new Exception('Algorithm mismatch between input key and key used to encrypt ' .
' the symmetric key for the message. Key was: ' . ' the symmetric key for the message. Key was: ' .
var_export($inputKey->getAlgorith(), TRUE) . '; message was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' .
var_export($symmetricKeyInfo->getAlgorith(), TRUE)); var_export($symKeyInfoAlgo, TRUE));
} }
$encKey = $symmetricKeyInfo->encryptedCtx; $encKey = $symmetricKeyInfo->encryptedCtx;
...@@ -111,11 +125,12 @@ class SAML2_EncryptedAssertion { ...@@ -111,11 +125,12 @@ class SAML2_EncryptedAssertion {
$key = $encKey->decryptKey($symmetricKeyInfo); $key = $encKey->decryptKey($symmetricKeyInfo);
$symmetricKey->loadkey($key); $symmetricKey->loadkey($key);
} else { } else {
$symKeyAlgo = $symmetricKey->getAlgorith();
/* Make sure that the input key has the correct format. */ /* Make sure that the input key has the correct format. */
if ($inputKey->getAlgorith() !== $symmetricKey->getAlgorith()) { if ($inputKeyAlgo !== $symKeyAlgo) {
throw new Exception('Algorithm mismatch between input key and key in message. ' . throw new Exception('Algorithm mismatch between input key and key in message. ' .
'Key was: ' . var_export($inputKey->getAlgorith(), TRUE) . '; message was: ' . 'Key was: ' . var_export($inputKeyAlgo, TRUE) . '; message was: ' .
var_export($symmetricKey->getAlgorith(), TRUE)); var_export($symKeyAlgo, TRUE));
} }
$symmetricKey = $inputKey; $symmetricKey = $inputKey;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment