Fix rsa-oaep when the MGF and OAEPparams digests differ

timlegge · timlegge · commit 30117c99c244 · 2023-03-16T19:00:36.000-03:00
diff --git a/lib/XML/Enc.pm b/lib/XML/Enc.pm
@@ -199,6 +199,9 @@ sub new {
     my $oaep_mgf_alg = exists($params->{'oaep_mgf_alg'}) ? $params->{'oaep_mgf_alg'} : 'http://www.w3.org/2009/xmlenc11#mgf1sha1';
     $self->{'oaep_mgf_alg'} = $self->_setOAEPAlgorithm($oaep_mgf_alg);
 
+    my $oaep_digest = exists($params->{'oaep_digest'}) ? $params->{'oaep_digest'} : $oaep_mgf_alg;
+    $self->{'oaep_digest'} = $self->_setOAEPDigest($oaep_digest);
+
     $self->{'oaep_params'} = exists($params->{'oaep_params'}) ? $params->{'oaep_params'} : '';
 
     return $self;
@@ -233,6 +236,7 @@ sub decrypt {
     my $xpc = XML::LibXML::XPathContext->new($doc);
     $xpc->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
     $xpc->registerNs('xenc', 'http://www.w3.org/2001/04/xmlenc#');
+    $xpc->registerNs('xenc11', 'http://www.w3.org/2009/xmlenc11#');
     $xpc->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
 
     my $data;
@@ -383,6 +387,8 @@ sub _setOAEPAlgorithm {
     my $self    = shift;
     my $method  = shift;
 
+    return if ! defined $method;
+
     my %methods = (
                     'mgf1sha1' => 'http://www.w3.org/2009/xmlenc11#mgf1sha1',
                     'mgf1sha224' => 'http://www.w3.org/2009/xmlenc11#mgf1sha224',
@@ -409,6 +415,43 @@ sub _getOAEPAlgorithm {
     return exists($methods{$method}) ? $methods{$method} : $methods{'http://www.w3.org/2009/xmlenc11#mgf1sha1'};
 }
 
+sub _setOAEPDigest {
+    my $self    = shift;
+    my $method  = shift;
+
+    return if ! defined $method;
+
+    my %methods = (
+                    'sha1'      => 'http://www.w3.org/2000/09/xmldsig#sha1',
+                    'sha224'    => 'http://www.w3.org/2001/04/xmldsig-more#sha224',
+                    'sha256'    => 'http://www.w3.org/2001/04/xmlenc#sha256',
+                    'sha384'    => 'http://www.w3.org/2001/04/xmldsig-more#sha384',
+                    'sha512'    => 'http://www.w3.org/2001/04/xmlenc#sha512',
+                    'mgf1sha1'  => 'http://www.w3.org/2000/09/xmldsig#sha1',
+                    'mgf1sha224' => 'http://www.w3.org/2001/04/xmldsig-more#sha224',
+                    'mgf1sha256' => 'http://www.w3.org/2001/04/xmlenc#sha256',
+                    'mgf1sha384' => 'http://www.w3.org/2001/04/xmldsig-more#sha384',
+                    'mgf1sha512' => 'http://www.w3.org/2001/04/xmlenc#sha512',
+                );
+
+    return exists($methods{$method}) ? $methods{$method} : $methods{'http://www.w3.org/2001/04/xmlenc#sha256'};
+}
+
+sub _getParamsAlgorithm {
+    my $self    = shift;
+    my $method  = shift;
+
+    my %methods = (
+                    'http://www.w3.org/2000/09/xmldsig#sha1'        => 'SHA1',
+                    'http://www.w3.org/2001/04/xmldsig-more#sha224' => 'SHA224',
+                    'http://www.w3.org/2001/04/xmlenc#sha256'       => 'SHA256',
+                    'http://www.w3.org/2001/04/xmldsig-more#sha384' => 'SHA384',
+                    'http://www.w3.org/2001/04/xmlenc#sha512'       => 'SHA512',
+                  );
+
+    return exists($methods{$method}) ? $methods{$method} : $methods{'http://www.w3.org/2009/xmlenc11#mgf1sha1'};
+}
+
 sub _getKeyEncryptionMethod {
     my $self    = shift;
     my $xpc     = shift;
@@ -422,19 +465,54 @@ sub _getKeyEncryptionMethod {
         $id    =~ s/#//g;
 
         my $keyinfo = $xpc->find('//*[@Id=\''. $id . '\']', $context);
+        $keyinfo->[0]->setNamespace('http://www.w3.org/2000/09/xmldsig#', 'dsig', 0);
+        $keyinfo->[0]->setNamespace('http://www.w3.org/2001/04/xmlenc#', 'xenc', 0);
+        $keyinfo->[0]->setNamespace('http://www.w3.org/2009/xmlenc11#', 'xenc11', 0);
         if (! $keyinfo ) {
             die "Unable to find EncryptedKey";
         }
-        $method{Algorithm} = $keyinfo->[0]->findvalue('//xenc:EncryptedKey/xenc:EncryptionMethod/@Algorithm', $context);
-        $method{KeySize}   = $keyinfo->[0]->findvalue('//xenc:EncryptedKey/xenc:EncryptionMethod/xenc:KeySize', $context);
-        $method{OAEPparams} = $keyinfo->[0]->findvalue('//xenc:EncryptedKey/xenc:EncryptionMethod/xenc:OAEPparams', $context);
-        $method{MGF} = $keyinfo->[0]->findvalue('//xenc:EncryptedKey/xenc:EncryptionMethod/xenc:MGF/@Algorithm', $context);
+        $method{Algorithm} = $keyinfo->[0]->findvalue(
+                                '//xenc:EncryptedKey/xenc:EncryptionMethod/@Algorithm',
+                                $context);
+        $method{KeySize}   = $keyinfo->[0]->findvalue(
+                                '//xenc:EncryptedKey/xenc:EncryptionMethod/xenc:KeySize',
+                                $context);
+        $method{OAEPparams} = $keyinfo->[0]->findvalue('
+                                //xenc:EncryptedKey/xenc:EncryptionMethod/xenc:OAEPparams',
+                                $context);
+
+        if ($method{Algorithm} eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
+            $method{MGF} = $keyinfo->[0]->findvalue(
+                                '//xenc:EncryptedKey/xenc:EncryptionMethod/xmlenc11:MGF/@Algorithm'
+                                , $context);
+        }
+        if ($method{Algorithm} eq 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p') {
+            $method{MGF} = undef;
+        }
+
+        $method{oaep_digest} = $keyinfo->[0]->findvalue(
+                                'xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod/@Algorithm',
+                                $context) || 'http://www.w3.org/2000/09/xmldsig#sha1';
         return \%method;
     }
-    $method{Algorithm} = $xpc->findvalue('dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/@Algorithm', $context);
-    $method{KeySize}   = $xpc->findvalue('dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/xenc:KeySize', $context);
-    $method{OAEPparams} = $xpc->findvalue('dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/xenc:OAEPparams', $context);
-    $method{MGF} = $xpc->findvalue('dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/xenc:MGF/@Algorithm', $context);
+    $method{Algorithm} = $xpc->findvalue(
+                                'dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/@Algorithm',
+                                $context);
+    $method{KeySize}   = $xpc->findvalue(
+                                'dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/xenc:KeySize',
+                                $context);
+    $method{OAEPparams} = $xpc->findvalue(
+                                'dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/xenc:OAEPparams',
+                                $context);
+    if ($method{Algorithm} eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
+        $method{MGF} = $xpc->findvalue(
+                              'dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/xenc11:MGF/@Algorithm',
+                              $context);
+    }
+    if ($method{Algorithm} eq 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p') {
+            $method{MGF} = undef;
+    }
+    $method{oaep_digest} = $xpc->findvalue('dsig:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod/dsig:DigestMethod/@Algorithm', $context) || 'http://www.w3.org/2000/09/xmldsig#sha1';
     return \%method;
 }
 
@@ -534,10 +612,20 @@ sub _DecryptKey {
         return $self->{key_obj}->decrypt($encryptedkey, 'v1.5');
     }
     elsif ($keymethod->{Algorithm} eq 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p') {
-        return $self->{key_obj}->decrypt($encryptedkey, 'oaep', 'SHA1', decode_base64($keymethod->{OAEPparams}));
+        my $oaep_params = defined $keymethod->{OAEPparams} ?
+                            decode_base64(_trim($keymethod->{OAEPparams}) ) : undef;
+        my $params_hash = defined $keymethod->{oaep_digest} ?
+                            $self->_getParamsAlgorithm($keymethod->{oaep_digest}) : 'SHA1';
+
+        return $self->{key_obj}->decrypt($encryptedkey, 'oaep', 'SHA1', $params_hash, $oaep_params);
     }
     elsif ($keymethod->{Algorithm} eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
-        return $self->{key_obj}->decrypt($encryptedkey, 'oaep', $self->_getOAEPAlgorithm($keymethod->{MGF}), decode_base64($keymethod->{OAEPparams}));
+        my $oaep_params = defined $keymethod->{OAEPparams} ?
+                            decode_base64(_trim($keymethod->{OAEPparams}) ) : '';
+        my $mgf_hash    = defined $keymethod->{MGF} ? $self->_getOAEPAlgorithm($keymethod->{MGF}) : undef;
+        my $params_hash = defined $keymethod->{oaep_digest} ? $self->_getParamsAlgorithm($keymethod->{oaep_digest}) : $mgf_hash;
+
+        return $self->{key_obj}->decrypt($encryptedkey, 'oaep', $mgf_hash, $params_hash, $oaep_params);
     } else {
         die "Unsupported Key Encryption Method";
     }
@@ -557,10 +645,12 @@ sub _EncryptKey {
         ${$key} = $rsa_pub->encrypt(${$key}, 'v1.5');
     }
     elsif ($keymethod eq 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p') {
-        ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', 'SHA1', $self->{oaep_params});
+        ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', 'SHA1', 'SHA1', $self->{oaep_params});
     }
     elsif ($keymethod eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
-        ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', $self->_getOAEPAlgorithm($self->{oaep_mgf_alg}), $self->{oaep_params});
+        my $mgf_hash    = defined $self->{oaep_mgf_alg} ? $self->_getOAEPAlgorithm($self->{oaep_mgf_alg}) : undef;
+        my $params_hash = defined $self->{oaep_digest} & $self->{oaep_digest} ne '' ? $self->_getParamsAlgorithm($self->{oaep_digest}) : $mgf_hash;
+        ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', $mgf_hash, $params_hash, $self->{oaep_params});
     } else {
         die "Unsupported Key Encryption Method";
     }
@@ -861,6 +951,7 @@ sub _create_encrypted_data_xml {
     my $doc = XML::LibXML::Document->new();
 
     my $xencns = 'http://www.w3.org/2001/04/xmlenc#';
+    my $xenc11ns = 'http://www.w3.org/2009/xmlenc11#';
     my $dsigns = 'http://www.w3.org/2000/09/xmldsig#';
 
     my $encdata = $self->_create_node($doc, $xencns, $doc, 'xenc:EncryptedData',
@@ -914,12 +1005,24 @@ sub _create_encrypted_data_xml {
                         );
     };
 
+    if ($self->{key_transport} eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
+        my $digestmethod = $self->_create_node(
+                            $doc,
+                            $dsigns,
+                            $kencmethod,
+                            'dsig:DigestMethod',
+                            {
+                                Algorithm => $self->{oaep_digest},
+                            }
+                        );
+    };
+
     if ($self->{key_transport} eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
         my $oaepmethod = $self->_create_node(
                             $doc,
-                            $xencns,
+                            $xenc11ns,
                             $kencmethod,
-                            'xenc:MGF',
+                            'xenc11:MGF',
                             {
                                 Algorithm => $self->{oaep_mgf_alg},
                             }
diff --git a/t/06-test-encryption-methods.t b/t/06-test-encryption-methods.t
@@ -1,6 +1,6 @@
 use strict;
 use warnings;
-use Test::More tests => 126;
+use Test::More tests => 756;
 use Test::Lib;
 use Test::XML::Enc;
 use XML::Enc;
@@ -16,9 +16,10 @@ XML
 my @key_methods     = qw/rsa-1_5 rsa-oaep-mgf1p/;
 my @data_methods    = qw/aes128-cbc aes192-cbc aes256-cbc tripledes-cbc aes128-gcm aes192-gcm aes256-gcm/;
 my @oaep_mgf_algs   = qw/mgf1sha1 mgf1sha224 mgf1sha256 mgf1sha384 mgf1sha512/;
+my @oaep_digests    = qw/sha1 sha224 sha256 sha384 sha512/;
 
 my $xmlsec = get_xmlsec_features();
-my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax_key_search': '';
+my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax-key-search': '';
 
 foreach my $km (@key_methods) {
     foreach my $dm (@data_methods) {
@@ -39,10 +40,6 @@ foreach my $km (@key_methods) {
 
         SKIP: {
             skip "xmlsec1 not installed", 2 unless $xmlsec->{installed};
-            my $version;
-            if (`xmlsec1 version` =~ m/(\d+\.\d+\.\d+)/) {
-                $version = $1;
-            };
             skip "xmlsec version 1.2.27 minimum for GCM", 2 if ! $xmlsec->{aes_gcm};
             ok( open XML, '>', 'tmp.xml' );
             print XML $encrypted;
@@ -56,6 +53,7 @@ foreach my $km (@key_methods) {
 }
 
 foreach my $om (@oaep_mgf_algs) {
+    foreach my $omdig (@oaep_digests) {
     foreach my $dm (@data_methods) {
         my $encrypter = XML::Enc->new(
             {
@@ -64,14 +62,27 @@ foreach my $om (@oaep_mgf_algs) {
                 data_enc_method     => $dm,
                 key_transport       => 'rsa-oaep',
                 oaep_mgf_alg        => $om,
-                no_xml_declaration  => 1
+                oaep_digest         => $omdig,
+                no_xml_declaration  => 1,
             }
         );
 
         my $encrypted = $encrypter->encrypt($xml);
-        ok($encrypted  =~ /EncryptedData/, "Successfully Encrypted: Key Method 'rsa-oaep' with $om Data Method $dm");
+        ok($encrypted  =~ /EncryptedData/, "Successful Encrypted: Key Method:rsa-oaep MGF:$om, param:$omdig Data Method:$dm");
 
+        SKIP: {
+            skip "xmlsec1 not installed", 2 unless $xmlsec->{installed};
+            skip "xmlsec version 1.2.27 minimum for GCM", 2 if ! $xmlsec->{aes_gcm};
+            ok( open XML, '>', "$om-$omdig-$dm-tmp.xml" );
+            print XML $encrypted;
+            close XML;
+            my $verify_response = `xmlsec1 --decrypt $lax_key_search --privkey-pem t/sign-private.pem  $om-$omdig-$dm-tmp.xml 2>&1`;
+            ok( $verify_response =~ m/XML-SIG_1/, "Successfully decrypted with xmlsec1" )
+                or warn "calling xmlsec1 failed: '$verify_response'\n";
+            unlink "$om-$omdig-$dm-tmp.xml";
+        }
         ok($encrypter->decrypt($encrypted) =~ /XML-SIG_1/, "Successfully Decrypted with XML::Enc");
     }
+    }
 }
 done_testing;
