feat: support AES-192/256-CBC and AES-192/256-GCM assertion decryption#90
Open
jacques-kigo wants to merge 3 commits intonjaremko:masterfrom
Open
feat: support AES-192/256-CBC and AES-192/256-GCM assertion decryption#90jacques-kigo wants to merge 3 commits intonjaremko:masterfrom
jacques-kigo wants to merge 3 commits intonjaremko:masterfrom
Conversation
Add match arms in `decrypt_assertion_value_info` for AES-192-CBC and AES-256-CBC, mirroring the existing AES-128-CBC arm. SP metadata already advertised these algorithms, so this aligns the implementation with what is published. Add static test vectors and tests covering both algorithms (decrypt- only and full validation), generated with `xmlsec1 --encrypt` against the existing `sp_cert.pem` / `sp_private.pem` keypair. Document the fixture-generation procedure in `test_vectors/README.md`, parallel to the existing signed-response generation docs, and update the supported- algorithm list in the top-level `README.md`.
Add match arms in `decrypt_assertion_value_info` for AES-192-GCM and AES-256-GCM, mirroring the existing AES-128-GCM arm (rsa-oaep-mgf1p key transport, 16-byte authentication tag). Add static test vectors and tests covering both algorithms (decrypt- only and full validation), generated with `xmlsec1 --encrypt`. Update the supported-algorithm list in the top-level `README.md` and extend the fixture-generation procedure in `test_vectors/README.md` to cover the GCM variants.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds match arms in
decrypt_assertion_value_info(src/crypto/xmlsec/mod.rs) for:http://www.w3.org/2001/04/xmlenc#aes192-cbchttp://www.w3.org/2001/04/xmlenc#aes256-cbchttp://www.w3.org/2009/xmlenc11#aes192-gcmhttp://www.w3.org/2009/xmlenc11#aes256-gcmEach new arm mirrors the existing AES-128-CBC / AES-128-GCM arm, swapping the OpenSSL
Cipherconstructor.Why
ServiceProvider::metadata()already advertises CBC-128/192/256 in the SP's<KeyDescriptor>EncryptionMethodblock, but the decryption path only implemented AES-128-CBC and AES-128-GCM. Identity providers that pick the strongest advertised algorithm (e.g. AES-256-CBC) hitEncryptedAssertionValueMethodUnsupportedeven though the SP claimed support. This PR aligns the implementation with what the metadata advertises.Test coverage
8 new tests in
src/service_provider/tests.rs, mirroring the existingtest_decrypt_assertion/test_decrypt_and_validate_assertionpattern (one decrypt-only and one full-validation test per new algorithm).8 new fixtures in
test_vectors/, generated withxmlsec1 --encryptagainst the existingsp_cert.pem/sp_private.pemkeypair (rsa-oaep-mgf1p key transport). Generation procedure documented intest_vectors/README.md, parallel to the existing signed-response generation docs.README.mdsupported-algorithm list updated to reflect the four new arms.Commits
Split into two for review:
feat: support AES-192-CBC and AES-256-CBC assertion decryption— the metadata-implementation alignment that motivated the PRfeat: support AES-192-GCM and AES-256-GCM assertion decryption— included for completeness alongside the existing AES-128-GCM armEither commit could land independently; they're separable.
Notes
Cipher::aes_192_cbc(),Cipher::aes_256_cbc(),Cipher::aes_192_gcm(),Cipher::aes_256_gcm()already exist in theopensslcrate the project uses.xmlsec1(correctly) strips redundantxmlns:dsigdeclarations on<dsig:KeyInfo>since the prefix is already in scope from the parent<xenc:EncryptedData>. samael's serde-based parser requires the explicitxmlns:dsigattribute on the<dsig:KeyInfo>element itself (EncryptedKeyInfo.dsinsrc/key_info.rs), so the post-processing step intest_vectors/README.mdre-adds it.xmlsec1 1.3.10with the openssl backend.