Merge pull request #1 from UniNow/gcm

feat: gcm

Author: StefanWegener

identity_provider.go

@@ -854,7 +854,7 @@ func (req *IdpAuthnRequest) MakeAssertionEl() error {
 	encryptor := xmlenc.OAEP()
 	encryptor.BlockCipher = xmlenc.AES128CBC
 	encryptor.DigestMethod = &xmlenc.SHA1
-	encryptedDataEl, err := encryptor.Encrypt(certBuf, signedAssertionBuf)
+	encryptedDataEl, err := encryptor.Encrypt(certBuf, signedAssertionBuf, nil)
 	if err != nil {
 		return err
 	}

xmlenc/cbc.go

@@ -31,7 +31,7 @@ func (e CBC) Algorithm() string {
 
 // Encrypt encrypts plaintext with key, which should be a []byte of length KeySize().
 // It returns an xenc:EncryptedData element.
-func (e CBC) Encrypt(key interface{}, plaintext []byte) (*etree.Element, error) {
+func (e CBC) Encrypt(key interface{}, plaintext []byte, nonce []byte) (*etree.Element, error) {
 	keyBuf, ok := key.([]byte)
 	if !ok {
 		return nil, ErrIncorrectKeyType("[]byte")

xmlenc/decrypt_test.go

@@ -13,47 +13,93 @@ import (
 )
 
 func TestCanDecrypt(t *testing.T) {
-	doc := etree.NewDocument()
-	err := doc.ReadFromBytes(golden.Get(t, "input.xml"))
-	assert.Check(t, err)
-
-	keyPEM := "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDU8wdiaFmPfTyRYuFlVPi866WrH/2JubkHzp89bBQopDaLXYxi\n3PTu3O6Q/KaKxMOFBqrInwqpv/omOGZ4ycQ51O9I+Yc7ybVlW94lTo2gpGf+Y/8E\nPsVbnZaFutRctJ4dVIp9aQ2TpLiGT0xX1OzBO/JEgq9GzDRf+B+eqSuglwIDAQAB\nAoGBAMuy1eN6cgFiCOgBsB3gVDdTKpww87Qk5ivjqEt28SmXO13A1KNVPS6oQ8SJ\nCT5Azc6X/BIAoJCURVL+LHdqebogKljhH/3yIel1kH19vr4E2kTM/tYH+qj8afUS\nJEmArUzsmmK8ccuNqBcllqdwCZjxL4CHDUmyRudFcHVX9oyhAkEA/OV1OkjM3CLU\nN3sqELdMmHq5QZCUihBmk3/N5OvGdqAFGBlEeewlepEVxkh7JnaNXAXrKHRVu/f/\nfbCQxH+qrwJBANeQERF97b9Sibp9xgolb749UWNlAdqmEpmlvmS202TdcaaT1msU\n4rRLiQN3X9O9mq4LZMSVethrQAdX1whawpkCQQDk1yGf7xZpMJ8F4U5sN+F4rLyM\nRq8Sy8p2OBTwzCUXXK+fYeXjybsUUMr6VMYTRP2fQr/LKJIX+E5ZxvcIyFmDAkEA\nyfjNVUNVaIbQTzEbRlRvT6MqR+PTCefC072NF9aJWR93JimspGZMR7viY6IM4lrr\nvBkm0F5yXKaYtoiiDMzlOQJADqmEwXl0D72ZG/2KDg8b4QZEmC9i5gidpQwJXUc6\nhU+IVQoLxRq0fBib/36K9tcrrO5Ba4iEvDcNY+D8yGbUtA==\n-----END RSA PRIVATE KEY-----\n"
-	b, _ := pem.Decode([]byte(keyPEM))
-	key, err := x509.ParsePKCS1PrivateKey(b.Bytes)
-	assert.Check(t, err)
-
-	el := doc.Root().FindElement("//EncryptedKey")
-	buf, err := Decrypt(key, el)
-	assert.Check(t, err)
-	assert.Check(t, is.DeepEqual([]byte{0xc, 0x70, 0xa2, 0xc8, 0x15, 0x74, 0x89, 0x3f, 0x36, 0xd2, 0x7c, 0x14, 0x2a, 0x9b, 0xaa, 0xd9},
-		buf))
-
-	el = doc.Root().FindElement("//EncryptedData")
-	buf, err = Decrypt(key, el)
-	assert.Check(t, err)
-	golden.Assert(t, string(buf), "plaintext.xml")
+	t.Run("CBC", func(t *testing.T) {
+		doc := etree.NewDocument()
+		err := doc.ReadFromBytes(golden.Get(t, "input.xml"))
+		assert.Check(t, err)
+
+		keyPEM := "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDU8wdiaFmPfTyRYuFlVPi866WrH/2JubkHzp89bBQopDaLXYxi\n3PTu3O6Q/KaKxMOFBqrInwqpv/omOGZ4ycQ51O9I+Yc7ybVlW94lTo2gpGf+Y/8E\nPsVbnZaFutRctJ4dVIp9aQ2TpLiGT0xX1OzBO/JEgq9GzDRf+B+eqSuglwIDAQAB\nAoGBAMuy1eN6cgFiCOgBsB3gVDdTKpww87Qk5ivjqEt28SmXO13A1KNVPS6oQ8SJ\nCT5Azc6X/BIAoJCURVL+LHdqebogKljhH/3yIel1kH19vr4E2kTM/tYH+qj8afUS\nJEmArUzsmmK8ccuNqBcllqdwCZjxL4CHDUmyRudFcHVX9oyhAkEA/OV1OkjM3CLU\nN3sqELdMmHq5QZCUihBmk3/N5OvGdqAFGBlEeewlepEVxkh7JnaNXAXrKHRVu/f/\nfbCQxH+qrwJBANeQERF97b9Sibp9xgolb749UWNlAdqmEpmlvmS202TdcaaT1msU\n4rRLiQN3X9O9mq4LZMSVethrQAdX1whawpkCQQDk1yGf7xZpMJ8F4U5sN+F4rLyM\nRq8Sy8p2OBTwzCUXXK+fYeXjybsUUMr6VMYTRP2fQr/LKJIX+E5ZxvcIyFmDAkEA\nyfjNVUNVaIbQTzEbRlRvT6MqR+PTCefC072NF9aJWR93JimspGZMR7viY6IM4lrr\nvBkm0F5yXKaYtoiiDMzlOQJADqmEwXl0D72ZG/2KDg8b4QZEmC9i5gidpQwJXUc6\nhU+IVQoLxRq0fBib/36K9tcrrO5Ba4iEvDcNY+D8yGbUtA==\n-----END RSA PRIVATE KEY-----\n"
+		b, _ := pem.Decode([]byte(keyPEM))
+		key, err := x509.ParsePKCS1PrivateKey(b.Bytes)
+		assert.Check(t, err)
+
+		el := doc.Root().FindElement("//EncryptedKey")
+		buf, err := Decrypt(key, el)
+		assert.Check(t, err)
+		assert.Check(t, is.DeepEqual([]byte{0xc, 0x70, 0xa2, 0xc8, 0x15, 0x74, 0x89, 0x3f, 0x36, 0xd2, 0x7c, 0x14, 0x2a, 0x9b, 0xaa, 0xd9},
+			buf))
+
+		el = doc.Root().FindElement("//EncryptedData")
+		buf, err = Decrypt(key, el)
+		assert.Check(t, err)
+		golden.Assert(t, string(buf), "plaintext.xml")
+	})
+
+	t.Run("GCM", func(t *testing.T) {
+		doc := etree.NewDocument()
+		err := doc.ReadFromBytes(golden.Get(t, "input_gcm.xml"))
+		assert.Check(t, err)
+
+		keyPEM := golden.Get(t, "cert.key")
+		b, _ := pem.Decode(keyPEM)
+		key, err := x509.ParsePKCS8PrivateKey(b.Bytes)
+		assert.Check(t, err)
+
+		el := doc.Root().FindElement("//EncryptedKey")
+		_, err = Decrypt(key, el)
+		assert.Check(t, err)
+
+		el = doc.Root().FindElement("//EncryptedData")
+		_, err = Decrypt(key, el)
+		assert.Check(t, err)
+	})
 }
 
 func TestCanDecryptWithoutCertificate(t *testing.T) {
-	doc := etree.NewDocument()
-	err := doc.ReadFromBytes(golden.Get(t, "input.xml"))
-	assert.Check(t, err)
-
-	el := doc.FindElement("//ds:X509Certificate")
-	el.Parent().RemoveChild(el)
-
-	keyPEM := golden.Get(t, "key.pem")
-	b, _ := pem.Decode(keyPEM)
-	key, err := x509.ParsePKCS1PrivateKey(b.Bytes)
-	assert.Check(t, err)
-
-	el = doc.Root().FindElement("//EncryptedKey")
-	buf, err := Decrypt(key, el)
-	assert.Check(t, err)
-	assert.Check(t, is.DeepEqual([]byte{0xc, 0x70, 0xa2, 0xc8, 0x15, 0x74, 0x89, 0x3f, 0x36, 0xd2, 0x7c, 0x14, 0x2a, 0x9b, 0xaa, 0xd9}, buf))
-
-	el = doc.Root().FindElement("//EncryptedData")
-	buf, err = Decrypt(key, el)
-	assert.Check(t, err)
-	golden.Assert(t, string(buf), "plaintext.xml")
+	t.Run("CBC", func(t *testing.T) {
+		doc := etree.NewDocument()
+		err := doc.ReadFromBytes(golden.Get(t, "input.xml"))
+		assert.Check(t, err)
+
+		el := doc.FindElement("//ds:X509Certificate")
+		el.Parent().RemoveChild(el)
+
+		keyPEM := golden.Get(t, "key.pem")
+		b, _ := pem.Decode(keyPEM)
+		key, err := x509.ParsePKCS1PrivateKey(b.Bytes)
+		assert.Check(t, err)
+
+		el = doc.Root().FindElement("//EncryptedKey")
+		buf, err := Decrypt(key, el)
+		assert.Check(t, err)
+		assert.Check(t, is.DeepEqual([]byte{0xc, 0x70, 0xa2, 0xc8, 0x15, 0x74, 0x89, 0x3f, 0x36, 0xd2, 0x7c, 0x14, 0x2a, 0x9b, 0xaa, 0xd9}, buf))
+
+		el = doc.Root().FindElement("//EncryptedData")
+		buf, err = Decrypt(key, el)
+		assert.Check(t, err)
+		golden.Assert(t, string(buf), "plaintext.xml")
+	})
+
+	t.Run("GCM", func(t *testing.T) {
+		doc := etree.NewDocument()
+		err := doc.ReadFromBytes(golden.Get(t, "input_gcm.xml"))
+		assert.Check(t, err)
+
+		el := doc.FindElement("//ds:X509Certificate")
+		el.Parent().RemoveChild(el)
+
+		keyPEM := golden.Get(t, "cert.key")
+		b, _ := pem.Decode(keyPEM)
+		key, err := x509.ParsePKCS8PrivateKey(b.Bytes)
+		assert.Check(t, err)
+
+		el = doc.Root().FindElement("//EncryptedKey")
+		_, err = Decrypt(key, el)
+		assert.Check(t, err)
+
+		el = doc.Root().FindElement("//EncryptedData")
+		_, err = Decrypt(key, el)
+		assert.Check(t, err)
+		//assertion.NotNil(t, plaintext)
+	})
 }

xmlenc/encrypt_test.go

@@ -3,33 +3,56 @@ package xmlenc
 import (
 	"crypto/x509"
 	"encoding/pem"
-	"math/rand"
-	"testing"
-
+	"github.com/beevik/etree"
 	"gotest.tools/assert"
 	"gotest.tools/golden"
-
-	"github.com/beevik/etree"
+	"math/rand"
+	"testing"
 )
 
 func TestCanEncryptOAEP(t *testing.T) {
-	RandReader = rand.New(rand.NewSource(0)) //nolint:gosec // deterministic random numbers for tests
+	t.Run("CBC", func(t *testing.T) {
+
+		RandReader = rand.New(rand.NewSource(0)) //nolint:gosec // deterministic random numbers for tests
+
+		pemBlock, _ := pem.Decode(golden.Get(t, "cert.pem"))
+		certificate, err := x509.ParseCertificate(pemBlock.Bytes)
+		assert.Check(t, err)
+
+		e := OAEP()
+		e.BlockCipher = AES128CBC
+		e.DigestMethod = &SHA1
+
+		el, err := e.Encrypt(certificate, golden.Get(t, "plaintext.xml"), nil)
+		assert.Check(t, err)
+
+		doc := etree.NewDocument()
+		doc.SetRoot(el)
+		doc.IndentTabs()
+		ciphertext, _ := doc.WriteToString()
+
+		golden.Assert(t, ciphertext, "ciphertext.xml")
+	})
 
-	pemBlock, _ := pem.Decode(golden.Get(t, "cert.pem"))
-	certificate, err := x509.ParseCertificate(pemBlock.Bytes)
-	assert.Check(t, err)
+	t.Run("GCM", func(t *testing.T) {
+		RandReader = rand.New(rand.NewSource(0)) //nolint:gosec // deterministic random numbers for tests
 
-	e := OAEP()
-	e.BlockCipher = AES128CBC
-	e.DigestMethod = &SHA1
+		cert := golden.Get(t, "cert.cert")
+		b, _ := pem.Decode(cert)
+		certificate, err := x509.ParseCertificate(b.Bytes)
+		assert.Check(t, err)
 
-	el, err := e.Encrypt(certificate, golden.Get(t, "plaintext.xml"))
-	assert.Check(t, err)
+		e := OAEP()
+		e.BlockCipher = AES128GCM
+		e.DigestMethod = &SHA1
 
-	doc := etree.NewDocument()
-	doc.SetRoot(el)
-	doc.IndentTabs()
-	ciphertext, _ := doc.WriteToString()
+		el, err := e.Encrypt(certificate, golden.Get(t, "plaintext_gcm.xml"), []byte("1234567890AZ"))
+		assert.Check(t, err)
 
-	golden.Assert(t, ciphertext, "ciphertext.xml")
+		doc := etree.NewDocument()
+		doc.SetRoot(el)
+		doc.Indent(4)
+		ciphertext, _ := doc.WriteToString()
+		golden.Assert(t, ciphertext, "ciphertext_gcm.xml")
+	})
 }

xmlenc/gcm.go

@@ -0,0 +1,141 @@
+package xmlenc
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"github.com/beevik/etree"
+	"io"
+)
+
+// struct implements Decrypter and Encrypter for block ciphers in struct mode
+type GCM struct {
+	keySize   int
+	algorithm string
+	cipher    func([]byte) (cipher.Block, error)
+}
+
+// KeySize returns the length of the key required.
+func (e GCM) KeySize() int {
+	return e.keySize
+}
+
+// Algorithm returns the name of the algorithm, as will be found
+// in an xenc:EncryptionMethod element.
+func (e GCM) Algorithm() string {
+	return e.algorithm
+}
+
+func (e GCM) Encrypt(key interface{}, plaintext []byte, nonce []byte) (*etree.Element, error) {
+	keyBuf, ok := key.([]byte)
+	if !ok {
+		return nil, ErrIncorrectKeyType("[]byte")
+	}
+	if len(keyBuf) != e.keySize {
+		return nil, ErrIncorrectKeyLength(e.keySize)
+	}
+
+	block, err := e.cipher(keyBuf)
+	if err != nil {
+		return nil, err
+	}
+
+	encryptedDataEl := etree.NewElement("xenc:EncryptedData")
+	encryptedDataEl.CreateAttr("xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#")
+	{
+		randBuf := make([]byte, 16)
+		if _, err := RandReader.Read(randBuf); err != nil {
+			return nil, err
+		}
+		encryptedDataEl.CreateAttr("Id", fmt.Sprintf("_%x", randBuf))
+	}
+
+	em := encryptedDataEl.CreateElement("xenc:EncryptionMethod")
+	em.CreateAttr("Algorithm", e.algorithm)
+	em.CreateAttr("xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#")
+
+	plaintext = appendPadding(plaintext, block.BlockSize())
+
+	aesgcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	if nonce == nil {
+		// generate random nonce when it's nil
+		nonce := make([]byte, aesgcm.NonceSize())
+		if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+			panic(err.Error())
+		}
+	}
+
+	ciphertext := make([]byte, len(plaintext))
+	text := aesgcm.Seal(nil, nonce, ciphertext, nil)
+
+	cd := encryptedDataEl.CreateElement("xenc:CipherData")
+	cd.CreateAttr("xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#")
+	cd.CreateElement("xenc:CipherValue").SetText(base64.StdEncoding.EncodeToString(text))
+	return encryptedDataEl, nil
+}
+
+// Decrypt decrypts an encrypted element with key. If the ciphertext contains an
+// EncryptedKey element, then the type of `key` is determined by the registered
+// Decryptor for the EncryptedKey element. Otherwise, `key` must be a []byte of
+// length KeySize().
+func (e GCM) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error) {
+	if encryptedKeyEl := ciphertextEl.FindElement("./KeyInfo/EncryptedKey"); encryptedKeyEl != nil {
+		var err error
+		key, err = Decrypt(key, encryptedKeyEl)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	keyBuf, ok := key.([]byte)
+
+	if !ok {
+		return nil, ErrIncorrectKeyType("[]byte")
+	}
+	if len(keyBuf) != e.KeySize() {
+		return nil, ErrIncorrectKeyLength(e.KeySize())
+	}
+
+	block, err := e.cipher(keyBuf)
+	if err != nil {
+		return nil, err
+	}
+
+	aesgcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext, err := getCiphertext(ciphertextEl)
+	if err != nil {
+		return nil, err
+	}
+
+	nonce := ciphertext[:aesgcm.NonceSize()]
+	text := ciphertext[aesgcm.NonceSize():]
+
+	plainText, err := aesgcm.Open(nil, nonce, text, nil)
+	if err != nil {
+		return nil, err
+	}
+	return plainText, nil
+}
+
+var (
+	// AES128GCM implements AES128-GCM mode for encryption and decryption
+	AES128GCM BlockCipher = GCM{
+		keySize:   16,
+		algorithm: "http://www.w3.org/2009/xmlenc11#aes128-gcm",
+		cipher:    aes.NewCipher,
+	}
+)
+
+func init() {
+	RegisterDecrypter(AES128GCM)
+}

xmlenc/pubkey.go

@@ -29,7 +29,7 @@ func (e RSA) Algorithm() string {
 
 // Encrypt implements encrypter. certificate must be a []byte containing the ASN.1 bytes
 // of certificate containing an RSA public key.
-func (e RSA) Encrypt(certificate interface{}, plaintext []byte) (*etree.Element, error) {
+func (e RSA) Encrypt(certificate interface{}, plaintext []byte, nonce []byte) (*etree.Element, error) {
 	cert, ok := certificate.(*x509.Certificate)
 	if !ok {
 		return nil, ErrIncorrectKeyType("*x.509 certificate")
@@ -83,11 +83,11 @@ func (e RSA) Encrypt(certificate interface{}, plaintext []byte) (*etree.Element,
 	cd := encryptedKey.CreateElement("xenc:CipherData")
 	cd.CreateAttr("xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#")
 	cd.CreateElement("xenc:CipherValue").SetText(base64.StdEncoding.EncodeToString(buf))
-	encryptedDataEl, err := e.BlockCipher.Encrypt(key, plaintext)
+	encryptedDataEl, err := e.BlockCipher.Encrypt(key, plaintext, nonce)
 	if err != nil {
 		return nil, err
 	}
-	encryptedDataEl.InsertChild(encryptedDataEl.FindElement("./CipherData"), keyInfoEl)
+	encryptedDataEl.InsertChildAt(encryptedDataEl.FindElement("./CipherData").Index(), keyInfoEl)
 
 	return encryptedDataEl, nil
 }