This file is indexed.

/usr/include/xsec/xenc/XENCCipher.hpp is in libxml-security-c-dev 1.7.3-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

/*
 * XSEC
 *
 * XENCCipher := Interface definition for main encryption worker class
 *
 * $Id: XENCCipher.hpp 1125514 2011-05-20 19:08:33Z scantor $
 *
 */

#ifndef XENCCIPHER_INCLUDE
#define XENCCIPHER_INCLUDE

// XSEC Includes

#include <xsec/framework/XSECDefs.hpp>
#include <xsec/xenc/XENCCipherData.hpp>
#include <xsec/dsig/DSIGConstants.hpp>

// Xerces

XSEC_DECLARE_XERCES_CLASS(DOMElement);
XSEC_DECLARE_XERCES_CLASS(DOMDocument);
XSEC_DECLARE_XERCES_CLASS(BinInputStream);

class XSECCryptoKey;
class XENCEncryptedData;
class XENCEncryptedKey;
class XSECKeyInfoResolver;
class XSECBinTXFMInputStream;
class TXFMChain;

/**
 * @defgroup xenc XML Encryption Implementation
 *
 * <p>The classes in this group implement the XML Encryption
 * standard.  In most cases, users should interact with these
 * functions via the XENCCipher class</p>
 *
 *\@{*/



/**
 * @brief Main worker class for the XSEC implementation of XML
 * Encryption.
 *
 * The XENCCipher class not something that is directly defined in
 * the XML Encryption standard.  It is a control class used by the
 * library to generate encrypted XML information and to decrypt
 * information held in XML Encryption structures.
 *
 * All encryption and decryption work performed by the library is
 * handled within this class.  The other XENC classes simply
 * handle marshalling and unmarshalling of the DOM data.
 *
 */


class XENCCipher {

public:
	
	/** @name Constructors and Destructors */
	//@{
	
	virtual ~XENCCipher() {};

	//@}

	/** @name Decryption Functions */
	//@{

	/**
	 * \brief Decrypt the nominated element.
	 *
	 * Decrypts the passed in element, which must be the root
	 * node of a \<EncryptedData\> method with a type of "#Element".
	 * If not, the library will throw an XSECException exception.
	 *
	 * This is an "all in one method".  The library will replace
	 * the passed in Element (i.e. the encrypted XML data) with
	 * the resultant plain text, after it has been parsed back into
	 * DOM nodes
	 *
	 * @param element Root of EncryptedData DOM structyre to decrypt
	 * @returns The owning document with the element replaced, or NULL
	 * if the decryption fails for some reason (normally an exception).
	 * @throws XSECException if the decryption fails, or if this is
	 * not a valid EncryptedData DOM structure.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * decryptElement(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
	) = 0;

	/**
	 * \brief Decrypt the nominated element without replacing it.
	 *
	 * Decrypts the passed in element, which must be the root
	 * node of a \<EncryptedData\> method with a type of "#Element".
	 * If not, the library will throw an XSECException exception.  Rather
	 * than replacing the element with the decrypted content, the
	 * result is passed to the caller as an orphaned document fragment.
	 *
	 * @param element Root of EncryptedData DOM structyre to decrypt
	 * @returns The document fragment containing the decrypted node-set.
	 * @throws XSECException if the decryption fails, or if this is
	 * not a valid EncryptedData DOM structure.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * decryptElementDetached(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
	) = 0;

	/**
	 * \brief Decrypt currently loaded element.
	 *
	 * Decrypts the an element that was previously passed in via 
	 * loadEncryptedData with a type of "#Element".
	 * If not, the library will throw an XSECException exception.
	 *
	 * This is an "all in one method".  The library will replace
	 * the passed in Element (i.e. the encrypted XML data) with
	 * the resultant plain text, after it has been parsed back into
	 * DOM nodes
	 *
	 * @param element Root of EncryptedData DOM structyre to decrypt
	 * @returns The owning document with the element replaced, or NULL
	 * if the decryption fails for some reason (normally an exception).
	 * @throws XSECException if the decryption fails, or if this is
	 * not a valid EncryptedData DOM structure.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * decryptElement(void) = 0;

	/**
	 * \brief Decrypt currently loaded element without replacing it.
	 *
	 * Decrypts the an element that was previously passed in via 
	 * loadEncryptedData with a type of "#Element".
	 * If not, the library will throw an XSECException exception.
	 *
	 * This does not replace the currently existing DOM document.  It returns
	 * an "orphaned" document fragment containing the serialised version of the
	 * decrypted data.
	 *
	 * @param element Root of EncryptedData DOM structyre to decrypt
	 * @returns The owning document with the element replaced, or NULL
	 * if the decryption fails for some reason (normally an exception).
	 * @throws XSECException if the decryption fails, or if this is
	 * not a valid EncryptedData DOM structure.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * decryptElementDetached(void) = 0;
	
	/**
	 * \brief Decrypt the nominated element and put the output to an InputStream.
	 *
	 * Decrypts the passed in element, which must be the root
	 * node of a \<EncryptedData\> method.
	 *
	 * This call does not change the source DOM in any way.  It simply
	 * processes the encrypted data and provides an InputStream that the
	 * caller can read from to read the plain text data.
	 *
	 * @param element Root of EncryptedData DOM structyre to decrypt
	 * @returns A BinInputStream object that the application can use to
	 * read the decrypted data.
	 * @throws XSECException if the decryption fails, or if this is
	 * not a valid EncryptedData DOM structure.
	 */

	virtual XSECBinTXFMInputStream * decryptToBinInputStream(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element
	) = 0;

	/**
	 * \brief Decrypt a key
	 *
	 * Reads in the passed in KeyInfo structure for an EncryptedKey and 
	 * decrypts the key to a buffer.
	 *
	 * @param encryptedKey the already loaded encryptedKey structure
	 * @param rawKey Buffer to place the decrypted key into
	 * @param maxKeySize Maximum number of bytes to place in the buffer
	 */

	virtual int decryptKey(
		XENCEncryptedKey * encryptedKey,
		XMLByte * rawKey,
		int maxKeySize
	) = 0;

	/**
	 * \brief Decrypt a key directly from DOM
	 *
	 * Loads an EncryptedKey from DOM and then decrypts the key.
	 * If a NULL buffer is passed in, will simply load the key and return
	 *
	 * @param keyNode Node to load from
	 * @param rawKey Buffer to decrypt to
	 * @param maxKeySize Length of rawKey buffer
	 * @returns The number of bytes decrypted
	 */

	virtual int decryptKey(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * keyNode,
		XMLByte * rawKey,
		int maxKeySize
	) = 0;

	//@}

	/** @name Encryption Functions */
	//@{

	/**
	 * \brief Encrypt the nominated element.
	 * 
	 * Encrypts the passed in element and all children.  The element
	 * is replaced with an EncryptedData element
	 *
	 * @param element Element (and children) to encrypt
	 * @param em The encryptionMethod to use for this encryption.  Use
	 * ENCRYPT_NONE if a user defined type is required.
	 * @param algorithmURI If ENCRYPT_NONE is passed in, this will be
	 * used to set the algorithm URI.  If this is also NULL - no
	 * EncryptionMethod will be set.  <b>NULL Value Unsupported if em not
	 * set!  It's use could cause problems!</b>
	 *
	 * @returns The owning document with the element replaced, or NULL
	 * if the decryption fails for some reason (normally an exception).
	 * @throws XSECException if the encryption fails.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * encryptElement(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
		encryptionMethod em,
		const XMLCh * algorithmURI = NULL
	) = 0;

	/**
	 * \brief Encrypt the nominated element without affecting the current document.
	 * 
	 * Encrypts the passed in element and all children.  The element
	 * is not replaced - the return node is an "orphaned" subtree from
	 * the passed in document and the original document is untouched.
	 *
	 * @param element Element (and children) to encrypt
	 * @param em The encryptionMethod to use for this encryption.  Use
	 * ENCRYPT_NONE if a user defined type is required.
	 * @param algorithmURI If ENCRYPT_NONE is passed in, this will be
	 * used to set the algorithm URI.  If this is also NULL - no
	 * EncryptionMethod will be set.  <b>NULL Value Unsupported if em not
	 * set!  It's use could cause problems!</b>
	 *
	 * @returns The resulting document fragment containing the encrypted data.
	 * @throws XSECException if the encryption fails.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * encryptElementDetached(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
		encryptionMethod em,
		const XMLCh * algorithmURI = NULL
	) = 0;
	
	/**
	 * \brief Encrypt the children of the nominated element
	 * 
	 * Encrypts the all children of the passed in element, but
	 * leaves the element itself in place, with one new child - an
	 * EncryptedData node of type #content
	 *
	 * @param element Element whose children are to be encrypted
	 * @param em The encryptionMethod to use for this encryption.  Use
	 * ENCRYPT_NONE if a user defined type is required.
	 * @param algorithmURI If ENCRYPT_NONE is passed in, this will be
	 * used to set the algorithm URI.  If this is also NULL - no
	 * EncryptionMethod will be set.  <b>NULL Value Unsupported if em not
	 * set!  It's use could cause problems!</b>
	 *
	 * @returns The owning document with the element's children replaced, or NULL
	 * if the decryption fails for some reason (normally an exception).
	 * @throws XSECException if the encryption fails.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * encryptElementContent(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
		encryptionMethod em,
		const XMLCh * algorithmURI = NULL
	) = 0;

	/**
	 * \brief Encrypt the children of the nominated element
	 * 
	 * Encrypts the all children of the passed in element.  The input
	 * DOM node set is untouched, but the function returns an orphaned
	 * sub-tree owned by the passed in document containing the encrypted
	 * data.
	 *
	 * @param element Element whose children are to be encrypted
	 * @param em The encryptionMethod to use for this encryption.  Use
	 * ENCRYPT_NONE if a user defined type is required.
	 * @param algorithmURI If ENCRYPT_NONE is passed in, this will be
	 * used to set the algorithm URI.  If this is also NULL - no
	 * EncryptionMethod will be set.  <b>NULL Value Unsupported if em not
	 * set!  It's use could cause problems!</b>
	 *
	 * @returns The resulting (orphaned) sub-tree from the passed in document
	 * containing the encrypted data.
	 * @throws XSECException if the encryption fails.
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * encryptElementContentDetached(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * element,
		encryptionMethod em,
		const XMLCh * algorithmURI = NULL
	) = 0;
	
	/**
	 * \brief Encrypt a buffer of data as a key
	 *
	 * Encrypts the passed in data and creates an EncryptedKey element
	 *
	 * @param keyBuffer The key data to encrypt
	 * @param keyLen Bytes to encrypt
	 * @param em The encryptionMethod to use for this encryption.  Use
	 * ENCRYPT_NONE if a user defined type is required.
	 * @param algorithmURI If ENCRYPT_NONE is used for em, this will be
	 * used as the algorithm URI.
	 *
	 * @returns The EncryptedKey element
	 */

	virtual XENCEncryptedKey * encryptKey(
		const unsigned char * keyBuffer,
		unsigned int keyLen,
		encryptionMethod em,
		const XMLCh * algorithmURI = NULL
	) = 0;

	/**
	 * \brief Encrypt an input stream to a CipherValue
	 *
	 * Encrypts the data passed in via a Xerces BinInputStream and places it
	 * directly into a new EncryptedData element that contains a CipherValue
	 *
	 * @param plainText The InputStream to read the plain text from
	 * @param em The encryptionMethod to use for this encryption.  Use
	 * ENCRYPT_NONE if a user defined type is required.
	 * @param algorithmURI if ENCRYPT_NONE is used for em, this will be used
	 * as the algorithm URI
	 *
	 * @returns the EncryptedData element containing the CipherValue of the data
	 */

	virtual XENCEncryptedData * encryptBinInputStream(
		XERCES_CPP_NAMESPACE_QUALIFIER BinInputStream * plainText,
		encryptionMethod em,
		const XMLCh * algorithmURI = NULL
	) = 0;

	/**
	 * \brief Encrypt a TXFMChain to a CipherValue
	 *
	 * Encrypts the data passed in via a TXFMChain and places it
	 * directly into a new EncryptedData element that contains a CipherValue.
	 *
	 * @note This is not really intended for client apps, but is used internally
	 * and is provided for flexibility.  The "formal" method is encryptBinInputStream
	 *
	 * @param plainText The TXFMChain to read the plain text from
	 * @param em The encryptionMethod to use for this encryption.  Use
	 * ENCRYPT_NONE if a user defined type is required.
	 * @param algorithmURI if ENCRYPT_NONE is used for em, this will be used
	 * as the algorithm URI
	 *
	 * @returns the EncryptedData element containing the CipherValue of the data
	 */

	virtual XENCEncryptedData * encryptTXFMChain(
		TXFMChain * plainText,
		encryptionMethod em,
		const XMLCh * algorithmURI = NULL
	) = 0;

	//@}
	/** @name Getter Functions */
	//@{

	/**
	 * \brief Get owning document
	 *
	 * Every Cipher object is associated with an owning document (for generation of
	 * nodes etc.)  This allows callers to retrieve this value.
	 *
	 * @returns The DOMDocument that is used by this object
	 */

	virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * getDocument(void) = 0;

	/**
	 * \brief Get namespace prefix for XENC nodes
	 *
	 * Find the string being used by the library to prefix nodes in the 
	 * xenc: namespace.
	 *
	 * @returns XENC namespace prefix
	 */

	virtual const XMLCh * getXENCNSPrefix(void) const = 0;

	/**
	 * \brief Get the EncryptedData element
	 *
	 * Allows the user to get the EncryptedData element that was last processed/
	 * created by this XENCCipher object.
	 *
	 * @returns The last used EncryptedData
	 */

	virtual XENCEncryptedData * getEncryptedData(void) = 0;

	/**
	 * \brief Tell caller whether PrettyPrinting is active
	 *
	 * @returns True if Pretty Printing is active, false if not
	 */

	virtual bool getPrettyPrint(void) = 0;

	/**
	 * \brief Tell caller whether the serialisation routines will
	 * use exclusive or normal canonicalisation.
	 *
	 * When serialising an element prior to encryption, the c14n
	 * canonicalisation routines are used.  By default, exclusive
	 * c14n is used, however this can be turned off using the
	 * setExclusiveC14nSerialisation call.  This function returns 
	 * the current state of the associated flag.
	 *
	 * @returns True if Exclusive c14n will be used, false if standard
	 */

	virtual bool getExclusiveC14nSerialisation(void) = 0;

	//@}

	/** @name Setter Functions */
	//@{

	/**
	 * \brief Set decryption key for next operation
	 *
	 * Set the passed in key for the next decryption/encryption
	 * operation.
	 *
	 * @param key Key to use
	 * @note This function will take ownership of the key and delete it when done.
	 */

	virtual void setKey(XSECCryptoKey * key) = 0;

	/**
	 * \brief Set Key Encryption Key for next operation
	 *
	 * Set the passed in key for the next key decryption/encryption
	 * operation.
	 *
	 * @note This key will only be used to decrypt EncryptedKey elements.
	 * To set a key for decrypting an EncryptedData use #setKey instead.
	 *
	 * @param key Key to use
	 * @note This function will take ownership of the key and delete it when done.
	 */

	virtual void setKEK(XSECCryptoKey * key) = 0;

	/**
	 * \brief Register a KeyInfoResolver 
	 *
	 * Registers a KeyInfoResolver to be used by the cipher when 
	 * it needs to find a key to be used to decrypt some ciper text
	 *
	 * @note The library will use the #clone() function from the resolver
	 * to get a copy.  The passed in resolver remains the property of
	 * the calling function
	 *
	 * @param resolver Resolver to clone and use for resolving keys
	 *
	 */

	virtual void setKeyInfoResolver(const XSECKeyInfoResolver * resolver) = 0;

	/**
	 * \brief Set prefix for XENC nodes
	 *
	 * Set the namespace prefix the library will use when creating
	 * nodes in the XENC namespace
	 */

	virtual void setXENCNSPrefix(const XMLCh * prefix) = 0;

	/**
	 * \brief Set Pretty Print
	 *
	 * The pretty print functions controls whether the library will output
	 * CR/LF after the elements it adds to a document
	 *
	 * By default the library will do pretty printing (flag is true)
	 *
	 * @param flag Value to set for Pretty Printing (true = do pretty printing)
	 */

	virtual void setPrettyPrint(bool flag) = 0;

	/**
	 * \brief Set whether the serialisation routines will
	 * use exclusive or normal canonicalisation.
	 *
	 * When serialising an element prior to encryption, the c14n
	 * canonicalisation routines are used.  By default, exclusive
	 * c14n is used, however this can be turned off using the
	 * setExclusiveC14nSerialisation call.
	 *
	 * @param flag Set for true if Exclusive c14n will be used, 
	 * false otherwise
	 */

	virtual void setExclusiveC14nSerialisation(bool flag) = 0;

	//@}

	/** @name Creation and loading Functions */
	//@{

	/**
	 * \brief Create a new EncryptedData element
	 *
	 * Method for creating a basic Encrypted Data element.  Can be used
	 * in cases where an application needs to build this from scratch.
	 *
	 * In general, applications should use the higher level methods such
	 * as #encryptElement or #encryptElementContent.
	 *
	 * @note The Cipher object will take on this new object as the current
	 * EncryptedData and delete any currently being held.
	 *
	 * @param type Should this set up a CipherReference or a CipherValue
	 * @param algorithm URI string to use for the Algorithm attribute in EncryptionMethod.
	 * Set to NULL for no defined algorithm.
	 * @param value String to set the cipher data to if the type is VALUE_TYPE.
	 * for REFERENCE_TYPE CipherData elements, this should be the URI value.
	 * @returns An XENCEncryptedData object
	 */

	virtual XENCEncryptedData * createEncryptedData(XENCCipherData::XENCCipherDataType type,
													const XMLCh * algorithm,
													const XMLCh * value) = 0;

	/**
	 * \brief Load an EncryptedKey element
	 *
	 * Take a passed in EncryptedKey DOMNode and return a loaded XENCEncryptedKey
	 * object based on the DOMNode from the passed in element.
	 *
	 * @param keyNode Element node to load EncryptedKey from
	 * @returns An XENCEncryptedKey structure (owned by the caller) based on the 
	 * node.
	 */

	virtual XENCEncryptedKey * loadEncryptedKey(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * keyNode
		) = 0;

	/**
	 * \brief Load an EncryptedData element
	 *
	 * Take a passed in EncryptedData DOMNode and return a loaded XENCEncryptedData
	 * object based on the DOMNode from the passed in element.
	 *
	 * @note The Cipher object will take on this new object as the current
	 * EncryptedData and delete any currently being held.
	 *
	 * @param dataNode Element node to load EncryptedData from
	 * @returns An XENCEncryptedData structure (owned by the caller) based on the 
	 * node.
	 */

	virtual XENCEncryptedData * loadEncryptedData(
		XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * dataNode
		) = 0;


	//@}

};

/*\@}*/

#endif /* XENCCIPHER_INCLUDE */