Ensure that version supports CryptX <= 0.077

timlegge · timlegge · commit 60768bd693d4 · 2023-03-16T18:56:58.000-03:00
diff --git a/lib/XML/Enc.pm b/lib/XML/Enc.pm
@@ -617,15 +617,23 @@ sub _DecryptKey {
         my $params_hash = defined $keymethod->{oaep_digest} ?
                             $self->_getParamsAlgorithm($keymethod->{oaep_digest}) : 'SHA1';
 
-        return $self->{key_obj}->decrypt($encryptedkey, 'oaep', 'SHA1', $params_hash, $oaep_params);
+        if ($CryptX::VERSION le 0.077) {
+            return $self->{key_obj}->decrypt($encryptedkey, 'oaep', 'SHA1', $oaep_params);
+        } else {
+            return $self->{key_obj}->decrypt($encryptedkey, 'oaep', 'SHA1', $params_hash, $oaep_params);
+        }
     }
     elsif ($keymethod->{Algorithm} eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
         my $oaep_params = defined $keymethod->{OAEPparams} ?
                             decode_base64(_trim($keymethod->{OAEPparams}) ) : '';
         my $mgf_hash    = defined $keymethod->{MGF} ? $self->_getOAEPAlgorithm($keymethod->{MGF}) : undef;
         my $params_hash = defined $keymethod->{oaep_digest} ? $self->_getParamsAlgorithm($keymethod->{oaep_digest}) : $mgf_hash;
 
-        return $self->{key_obj}->decrypt($encryptedkey, 'oaep', $mgf_hash, $params_hash, $oaep_params);
+        if ($CryptX::VERSION le 0.077) {
+            return $self->{key_obj}->decrypt($encryptedkey, 'oaep', $mgf_hash, $oaep_params);
+        } else {
+            return $self->{key_obj}->decrypt($encryptedkey, 'oaep', $mgf_hash, $params_hash, $oaep_params);
+        }
     } else {
         die "Unsupported Key Encryption Method";
     }
@@ -645,12 +653,20 @@ sub _EncryptKey {
         ${$key} = $rsa_pub->encrypt(${$key}, 'v1.5');
     }
     elsif ($keymethod eq 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p') {
-        ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', 'SHA1', 'SHA1', $self->{oaep_params});
+        if ($CryptX::VERSION le 0.077) {
+            ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', 'SHA1', $self->{oaep_params});
+        } else {
+            ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', 'SHA1', 'SHA1', $self->{oaep_params});
+        }
     }
     elsif ($keymethod eq 'http://www.w3.org/2009/xmlenc11#rsa-oaep') {
         my $mgf_hash    = defined $self->{oaep_mgf_alg} ? $self->_getOAEPAlgorithm($self->{oaep_mgf_alg}) : undef;
         my $params_hash = defined $self->{oaep_digest} & $self->{oaep_digest} ne '' ? $self->_getParamsAlgorithm($self->{oaep_digest}) : $mgf_hash;
-        ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', $mgf_hash, $params_hash, $self->{oaep_params});
+        if ($CryptX::VERSION le 0.077) {
+            ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', $mgf_hash, $self->{oaep_params});
+        } else {
+            ${$key} = $rsa_pub->encrypt(${$key}, 'oaep', $mgf_hash, $params_hash, $self->{oaep_params});
+        }
     } else {
         die "Unsupported Key Encryption Method";
     }
diff --git a/t/06-test-encryption-methods.t b/t/06-test-encryption-methods.t
@@ -20,6 +20,7 @@ my @oaep_digests    = qw/sha1 sha224 sha256 sha384 sha512/;
 
 my $xmlsec = get_xmlsec_features();
 my $lax_key_search = $xmlsec->{lax_key_search} ? '--lax-key-search': '';
+my $cryptx = get_cryptx_features();
 
 foreach my $km (@key_methods) {
     foreach my $dm (@data_methods) {
@@ -54,35 +55,41 @@ foreach my $km (@key_methods) {
 
 foreach my $om (@oaep_mgf_algs) {
     foreach my $omdig (@oaep_digests) {
-    foreach my $dm (@data_methods) {
-        my $encrypter = XML::Enc->new(
-            {
-                key                 => 't/sign-private.pem',
-                cert                => 't/sign-certonly.pem',
-                data_enc_method     => $dm,
-                key_transport       => 'rsa-oaep',
-                oaep_mgf_alg        => $om,
-                oaep_digest         => $omdig,
-                no_xml_declaration  => 1,
+        SKIP: {
+            if (! $cryptx->{oaem_mgf_digest} & ($om ne $omdig)) {
+                my $skip = (scalar @data_methods) * 4;
+                skip "CryptX $cryptx->{version} does not support rsa-oaep MGF: $om and digest $omdig", $skip;
             }
-        );
+            foreach my $dm (@data_methods) {
+                my $encrypter = XML::Enc->new(
+                    {
+                     key                 => 't/sign-private.pem',
+                     cert                => 't/sign-certonly.pem',
+                        data_enc_method     => $dm,
+                        key_transport       => 'rsa-oaep',
+                        oaep_mgf_alg        => $om,
+                        oaep_digest         => $omdig,
+                        no_xml_declaration  => 1,
+                    }
+                );
 
-        my $encrypted = $encrypter->encrypt($xml);
-        ok($encrypted  =~ /EncryptedData/, "Successful Encrypted: Key Method:rsa-oaep MGF:$om, param:$omdig Data Method:$dm");
+                my $encrypted = $encrypter->encrypt($xml);
+                ok($encrypted  =~ /EncryptedData/, "Successful Encrypted: Key Method:rsa-oaep MGF:$om, param:$omdig Data Method:$dm");
 
-        SKIP: {
-            skip "xmlsec1 not installed", 2 unless $xmlsec->{installed};
-            skip "xmlsec version 1.2.27 minimum for GCM", 2 if ! $xmlsec->{aes_gcm};
-            ok( open XML, '>', "$om-$omdig-$dm-tmp.xml" );
-            print XML $encrypted;
-            close XML;
-            my $verify_response = `xmlsec1 --decrypt $lax_key_search --privkey-pem t/sign-private.pem  $om-$omdig-$dm-tmp.xml 2>&1`;
-            ok( $verify_response =~ m/XML-SIG_1/, "Successfully decrypted with xmlsec1" )
-                or warn "calling xmlsec1 failed: '$verify_response'\n";
-            unlink "$om-$omdig-$dm-tmp.xml";
+                SKIP: {
+                    skip "xmlsec1 not installed", 2 unless $xmlsec->{installed};
+                    skip "xmlsec version 1.2.27 minimum for GCM", 2 if ! $xmlsec->{aes_gcm};
+                    ok( open XML, '>', "$om-$omdig-$dm-tmp.xml" );
+                    print XML $encrypted;
+                    close XML;
+                    my $verify_response = `xmlsec1 --decrypt $lax_key_search --privkey-pem t/sign-private.pem  $om-$omdig-$dm-tmp.xml 2>&1`;
+                    ok( $verify_response =~ m/XML-SIG_1/, "Successfully decrypted with xmlsec1" )
+                        or warn "calling xmlsec1 failed: '$verify_response'\n";
+                    unlink "$om-$omdig-$dm-tmp.xml";
+                }
+                ok($encrypter->decrypt($encrypted) =~ /XML-SIG_1/, "Successfully Decrypted with XML::Enc");
+            }
         }
-        ok($encrypter->decrypt($encrypted) =~ /XML-SIG_1/, "Successfully Decrypted with XML::Enc");
-    }
     }
 }
 done_testing;
diff --git a/t/lib/Test/XML/Enc/Util.pm b/t/lib/Test/XML/Enc/Util.pm
@@ -9,6 +9,7 @@ our @ISA    = qw(Exporter);
 our @EXPORT = qw(
     get_xmlsec_features
     get_openssl_features
+    get_cryptx_features
  );
 
 our @EXPORT_OK;
@@ -87,6 +88,35 @@ sub get_openssl_features {
     return \%openssl;
 }
 
+#########################################################################
+# get_cryptx_features
+#
+# Parameter:    none
+#
+# Returns a hash of the version and any features that are needed
+# if proper the version is installed
+#
+# Response: hash
+#
+#       %features = (
+#                   version         => '0.077',
+#                   oaem_mgf_digest => 0,
+#       );
+##########################################################################
+sub get_cryptx_features {
+
+    require CryptX;
+
+    my $version = $CryptX::VERSION;
+
+    my %cryptx = (
+                    version         => $version,
+                    oaem_mgf_digest => ($version gt '0.077') ? 1 : 0,
+                );
+
+    return \%cryptx;
+}
+
 1;
 
 __END__
