Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

support PKCS#1 v1.5 encryption in AuthnResponse

  • Loading branch information...
beyang committed Jul 12, 2019
1 parent 2506a07 commit f05918046bab66c922c230dde63b91fd0378d979
Showing with 15 additions and 2 deletions.
  1. +15 −2 types/encrypted_key.go
@@ -39,8 +39,9 @@ type DigestMethod struct {

//Well-known public-key encryption methods
const (
MethodRSAOAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
MethodRSAOAEP2 = "http://www.w3.org/2009/xmlenc11#rsa-oaep"
MethodRSAOAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
MethodRSAOAEP2 = "http://www.w3.org/2009/xmlenc11#rsa-oaep"
MethodRSAPKCS15 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
)

//Well-known private key encryption methods
@@ -131,6 +132,18 @@ func (ek *EncryptedKey) DecryptSymmetricKey(cert *tls.Certificate) (cipher.Block
return nil, err
}

return b, nil
case MethodRSAPKCS15:
pt, err := rsa.DecryptPKCS1v15(rand.Reader, pk, cipherText)
if err != nil {
return nil, fmt.Errorf("rsa internal error: %v", err)
}

b, err := aes.NewCipher(pt)
if err != nil {
return nil, err
}

return b, nil
default:
return nil, fmt.Errorf("unsupported encryption algorithm: %s", ek.EncryptionMethod.Algorithm)

0 comments on commit f059180

Please sign in to comment.
You can’t perform that action at this time.