Skip to content

Commit

Permalink
Add Initial GCM Decrypter
Browse files Browse the repository at this point in the history
  • Loading branch information
OlfaKaroui committed Aug 11, 2021
1 parent 0ee85b6 commit e0c9879
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 1 deletion.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/amboss-mededu/saml

go 1.13
go 1.16

require (
github.com/beevik/etree v1.1.0
Expand Down
91 changes: 91 additions & 0 deletions xmlenc/gcm.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
package xmlenc

import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"fmt"
"github.com/beevik/etree"
"io"
)

// struct implements Decrypter and Encrypter for block ciphers in struct mode
type GCM struct {
keySize int
algorithm string
cipher func([]byte) (cipher.Block, error)
}

// KeySize returns the length of the key required.
func (e GCM) KeySize() int {
return e.keySize
}

// Algorithm returns the name of the algorithm, as will be found
// in an xenc:EncryptionMethod element.
func (e GCM) Algorithm() string {
return e.algorithm
}

func (e GCM) Encrypt(key interface{}, plaintext []byte) (*etree.Element, error) {
return nil, nil
}

// Decrypt decrypts an encrypted element with key. If the ciphertext contains an
// EncryptedKey element, then the type of `key` is determined by the registered
// Decryptor for the EncryptedKey element. Otherwise, `key` must be a []byte of
// length KeySize().
func (e GCM) Decrypt(key interface{}, ciphertextEl *etree.Element) ([]byte, error) {
fmt.Printf("gcm ciphertextEl Type: %T\n", ciphertextEl)
fmt.Printf("gcm ciphertextEl Value: %v\n", ciphertextEl)
if encryptedKeyEl := ciphertextEl.FindElement("./KeyInfo/EncryptedKey"); encryptedKeyEl != nil {
var err error
key, err = Decrypt(key, encryptedKeyEl)
if err != nil {
return nil, err
}
}

keyBuf, ok := key.([]byte)

if !ok {
return nil, ErrIncorrectKeyType("[]byte")
}
if len(keyBuf) != e.KeySize() {
return nil, ErrIncorrectKeyLength(e.KeySize())
}

block, err := e.cipher(keyBuf)
if err != nil {
return nil, err
}

aesgcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}

nonce := make([]byte, aesgcm.NonceSize())
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
return nil, err
}

plainText, err := aesgcm.Open(nonce, nonce, keyBuf, nil)
if err != nil {
return nil, err
}
return plainText, nil
}

var (
// AES128GCM implements AES128-GCM mode for encryption and decryption
AES128GCM BlockCipher = GCM{
keySize: 16,
algorithm: "http://www.w3.org/2009/xmlenc11#aes128-gcm",
cipher: aes.NewCipher,
}
)

func init() {
RegisterDecrypter(AES128GCM)
}

0 comments on commit e0c9879

Please sign in to comment.