You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2005/02/20 11:35:51 UTC
cvs commit: xml-security/c/src/dsig DSIGConstants.cpp DSIGConstants.hpp DSIGReference.cpp DSIGSignature.cpp DSIGSignedInfo.cpp
blautenb 2005/02/20 02:35:51
Modified: c/src/dsig DSIGConstants.cpp DSIGConstants.hpp
DSIGReference.cpp DSIGSignature.cpp
DSIGSignedInfo.cpp
Log:
Add URIs and support for SHA224/256/384/512 (+ HMAC variants)
Revision Changes Path
1.25 +13 -1 xml-security/c/src/dsig/DSIGConstants.cpp
Index: DSIGConstants.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.cpp,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- DSIGConstants.cpp 3 Feb 2005 12:56:37 -0000 1.24
+++ DSIGConstants.cpp 20 Feb 2005 10:35:51 -0000 1.25
@@ -56,6 +56,10 @@
const XMLCh * DSIGConstants::s_unicodeStrURIRawX509;
const XMLCh * DSIGConstants::s_unicodeStrURISHA1;
+const XMLCh * DSIGConstants::s_unicodeStrURISHA224;
+const XMLCh * DSIGConstants::s_unicodeStrURISHA256;
+const XMLCh * DSIGConstants::s_unicodeStrURISHA384;
+const XMLCh * DSIGConstants::s_unicodeStrURISHA512;
const XMLCh * DSIGConstants::s_unicodeStrURIMD5; // Not recommended
const XMLCh * DSIGConstants::s_unicodeStrURIBASE64;
const XMLCh * DSIGConstants::s_unicodeStrURIXPATH;
@@ -110,6 +114,10 @@
s_unicodeStrURIXENC = XMLString::transcode(URI_ID_XENC);
s_unicodeStrURISHA1 = XMLString::transcode(URI_ID_SHA1);
+ s_unicodeStrURISHA224 = XMLString::transcode(URI_ID_SHA224);
+ s_unicodeStrURISHA256 = XMLString::transcode(URI_ID_SHA256);
+ s_unicodeStrURISHA384 = XMLString::transcode(URI_ID_SHA384);
+ s_unicodeStrURISHA512 = XMLString::transcode(URI_ID_SHA512);
s_unicodeStrURIMD5 = XMLString::transcode(URI_ID_MD5);
s_unicodeStrURIBASE64 = XMLString::transcode(URI_ID_BASE64);
s_unicodeStrURIXPATH = XMLString::transcode(URI_ID_XPATH);
@@ -161,6 +169,10 @@
XSEC_RELEASE_XMLCH(s_unicodeStrURIXPF);
XSEC_RELEASE_XMLCH(s_unicodeStrURIXENC);
XSEC_RELEASE_XMLCH(s_unicodeStrURISHA1);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURISHA224);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURISHA256);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURISHA384);
+ XSEC_RELEASE_XMLCH(s_unicodeStrURISHA512);
XSEC_RELEASE_XMLCH(s_unicodeStrURIMD5);
XSEC_RELEASE_XMLCH(s_unicodeStrURIBASE64);
XSEC_RELEASE_XMLCH(s_unicodeStrURIXPATH);
1.24 +78 -3 xml-security/c/src/dsig/DSIGConstants.hpp
Index: DSIGConstants.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.hpp,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- DSIGConstants.hpp 3 Feb 2005 12:56:37 -0000 1.23
+++ DSIGConstants.hpp 20 Feb 2005 10:35:51 -0000 1.24
@@ -47,6 +47,10 @@
#define URI_ID_SHA1 "http://www.w3.org/2000/09/xmldsig#sha1"
#define URI_ID_MD5 "http://www.w3.org/2001/04/xmldsig-more#md5"
+#define URI_ID_SHA224 "http://www.w3.org/2001/04/xmldsig-more#sha224"
+#define URI_ID_SHA256 "http://www.w3.org/2001/04/xmlenc#sha256"
+#define URI_ID_SHA384 "http://www.w3.org/2001/04/xmldsig-more#sha384"
+#define URI_ID_SHA512 "http://www.w3.org/2001/04/xmlenc#sha512"
// Encryption Algorithms
#define URI_ID_3DES_CBC "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
@@ -81,14 +85,29 @@
// Signature Algorithms
#define URI_ID_SIG_BASE "http://www.w3.org/2000/09/xmldsig#"
+#define URI_ID_SIG_BASEMORE "http://www.w3.org/2001/04/xmldsig-more#"
#define URI_ID_SIG_DSA "dsa"
#define URI_ID_SIG_HMAC "hmac"
#define URI_ID_SIG_SHA1 "sha1"
+#define URI_ID_SIG_SHA224 "sha224"
+#define URI_ID_SIG_SHA256 "sha256"
+#define URI_ID_SIG_SHA384 "sha384"
+#define URI_ID_SIG_SHA512 "sha512"
#define URI_ID_SIG_RSA "rsa"
+#define URI_ID_SIG_MD5 "md5"
#define URI_ID_DSA_SHA1 "http://www.w3.org/2000/09/xmldsig#dsa-sha1"
#define URI_ID_HMAC_SHA1 "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
+#define URI_ID_HMAC_SHA224 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"
+#define URI_ID_HMAC_SHA256 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"
+#define URI_ID_HMAC_SHA384 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"
+#define URI_ID_HMAC_SHA512 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"
#define URI_ID_RSA_SHA1 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+#define URI_ID_RSA_SHA224 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"
+#define URI_ID_RSA_SHA256 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+#define URI_ID_RSA_SHA384 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+#define URI_ID_RSA_SHA512 "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+#define URI_ID_RSA_MD5 "http://www.w3.org/2000/09/xmldsig#rsa-md5"
// Encryption defines
#define URI_ID_XENC_ELEMENT "http://www.w3.org/2001/04/xmlenc#Element"
@@ -129,7 +148,11 @@
HASH_NONE = 0, // No method defined
HASH_SHA1 = 1, // SHA1
- HASH_MD5 = 2
+ HASH_MD5 = 2,
+ HASH_SHA224 = 3,
+ HASH_SHA256 = 4,
+ HASH_SHA384 = 5,
+ HASH_SHA512 = 6
};
enum transformType {
@@ -210,7 +233,10 @@
inline
bool signatureHashMethod2URI(safeBuffer &uri, signatureMethod sm, hashMethod hm) {
- uri = URI_ID_SIG_BASE;
+ if (hm < HASH_MD5)
+ uri = URI_ID_SIG_BASE;
+ else
+ uri = URI_ID_SIG_BASEMORE;
switch (sm) {
@@ -244,6 +270,31 @@
uri.sbStrcatIn(URI_ID_SIG_SHA1);
break;
+ case (HASH_MD5) :
+
+ uri.sbStrcatIn(URI_ID_SIG_MD5);
+ break;
+
+ case (HASH_SHA224) :
+
+ uri.sbStrcatIn(URI_ID_SIG_SHA224);
+ break;
+
+ case (HASH_SHA256) :
+
+ uri.sbStrcatIn(URI_ID_SIG_SHA256);
+ break;
+
+ case (HASH_SHA384) :
+
+ uri.sbStrcatIn(URI_ID_SIG_SHA384);
+ break;
+
+ case (HASH_SHA512) :
+
+ uri.sbStrcatIn(URI_ID_SIG_SHA512);
+ break;
+
default:
return false;
@@ -269,6 +320,26 @@
uri = URI_ID_MD5;
break;
+ case (HASH_SHA224) :
+
+ uri = URI_ID_SHA224;
+ break;
+
+ case (HASH_SHA256) :
+
+ uri = URI_ID_SHA256;
+ break;
+
+ case (HASH_SHA384) :
+
+ uri = URI_ID_SHA384;
+ break;
+
+ case (HASH_SHA512) :
+
+ uri = URI_ID_SHA512;
+ break;
+
default:
return false;
@@ -369,6 +440,10 @@
static const XMLCh * s_unicodeStrURIRawX509;
static const XMLCh * s_unicodeStrURISHA1;
+ static const XMLCh * s_unicodeStrURISHA224;
+ static const XMLCh * s_unicodeStrURISHA256;
+ static const XMLCh * s_unicodeStrURISHA384;
+ static const XMLCh * s_unicodeStrURISHA512;
static const XMLCh * s_unicodeStrURIMD5; // Not recommended
static const XMLCh * s_unicodeStrURIBASE64;
static const XMLCh * s_unicodeStrURIXPATH;
1.26 +31 -3 xml-security/c/src/dsig/DSIGReference.cpp
Index: DSIGReference.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGReference.cpp,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- DSIGReference.cpp 3 Feb 2005 12:56:37 -0000 1.25
+++ DSIGReference.cpp 20 Feb 2005 10:35:51 -0000 1.26
@@ -635,6 +635,30 @@
}
+ else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA224)) {
+
+ me_hashMethod = HASH_SHA224;
+
+ }
+
+ else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA256)) {
+
+ me_hashMethod = HASH_SHA256;
+
+ }
+
+ else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA384)) {
+
+ me_hashMethod = HASH_SHA384;
+
+ }
+
+ else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA512)) {
+
+ me_hashMethod = HASH_SHA512;
+
+ }
+
else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURIMD5)) {
me_hashMethod = HASH_MD5;
@@ -1246,10 +1270,14 @@
switch (me_hashMethod) {
case HASH_SHA1 :
+ case HASH_SHA224 :
+ case HASH_SHA256 :
+ case HASH_SHA384 :
+ case HASH_SHA512 :
- XSECnew(currentTxfm, TXFMSHA1(d));
+ XSECnew(currentTxfm, TXFMSHA1(d, me_hashMethod));
break;
-
+
case HASH_MD5 :
XSECnew(currentTxfm, TXFMMD5(d));
1.37 +64 -4 xml-security/c/src/dsig/DSIGSignature.cpp
Index: DSIGSignature.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignature.cpp,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- DSIGSignature.cpp 3 Feb 2005 12:56:37 -0000 1.36
+++ DSIGSignature.cpp 20 Feb 2005 10:35:51 -0000 1.37
@@ -858,7 +858,7 @@
default :
throw XSECException(XSECException::SigVfyError,
- "Canonicalisation method unknown in DSIGSignature::verify()");
+ "Canonicalisation method unknown in DSIGSignature::calculateSignedInfoHash()");
}
@@ -873,7 +873,7 @@
throw XSECException(XSECException::SigVfyError,
"DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
}
- XSECnew(txfm, TXFMSHA1(mp_doc, mp_signingKey));
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA1, mp_signingKey));
}
else {
XSECnew(txfm, TXFMSHA1(mp_doc));
@@ -881,10 +881,70 @@
break;
+ case HASH_SHA224 :
+
+ if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
+ if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
+ throw XSECException(XSECException::SigVfyError,
+ "DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
+ }
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA224, mp_signingKey));
+ }
+ else {
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA224));
+ }
+
+ break;
+
+ case HASH_SHA256 :
+
+ if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
+ if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
+ throw XSECException(XSECException::SigVfyError,
+ "DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
+ }
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA256, mp_signingKey));
+ }
+ else {
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA256));
+ }
+
+ break;
+
+ case HASH_SHA384 :
+
+ if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
+ if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
+ throw XSECException(XSECException::SigVfyError,
+ "DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
+ }
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA384, mp_signingKey));
+ }
+ else {
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA384));
+ }
+
+ break;
+
+ case HASH_SHA512 :
+
+ if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
+ if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
+ throw XSECException(XSECException::SigVfyError,
+ "DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
+ }
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA512, mp_signingKey));
+ }
+ else {
+ XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA512));
+ }
+
+ break;
+
default :
throw XSECException(XSECException::SigVfyError,
- "Hash method unknown in DSIGSignature::verify()");
+ "Hash method unknown in DSIGSignature::calculateSignedInfoHash()");
}
1.12 +44 -3 xml-security/c/src/dsig/DSIGSignedInfo.cpp
Index: DSIGSignedInfo.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignedInfo.cpp,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- DSIGSignedInfo.cpp 3 Feb 2005 12:56:37 -0000 1.11
+++ DSIGSignedInfo.cpp 20 Feb 2005 10:35:51 -0000 1.12
@@ -350,10 +350,51 @@
}
- else if (tmpSB.sbStrcmp(URI_ID_HMAC_SHA1) == 0) {
+ else if (tmpSB.sbStrcmp(URI_ID_RSA_SHA224) == 0) {
+
+ m_signatureMethod = SIGNATURE_RSA;
+ m_hashMethod = HASH_SHA224;
+
+ }
+
+ else if (tmpSB.sbStrcmp(URI_ID_RSA_SHA256) == 0) {
+
+ m_signatureMethod = SIGNATURE_RSA;
+ m_hashMethod = HASH_SHA256;
+
+ }
+
+ else if (tmpSB.sbStrcmp(URI_ID_RSA_SHA384) == 0) {
+
+ m_signatureMethod = SIGNATURE_RSA;
+ m_hashMethod = HASH_SHA384;
+
+ }
+
+ else if (tmpSB.sbStrcmp(URI_ID_RSA_SHA512) == 0) {
+
+ m_signatureMethod = SIGNATURE_RSA;
+ m_hashMethod = HASH_SHA512;
+
+ }
+
+ else if (tmpSB.sbStrcmp(URI_ID_HMAC_SHA1) == 0 ||
+ tmpSB.sbStrcmp(URI_ID_HMAC_SHA224) == 0 ||
+ tmpSB.sbStrcmp(URI_ID_HMAC_SHA256) == 0 ||
+ tmpSB.sbStrcmp(URI_ID_HMAC_SHA384) == 0 ||
+ tmpSB.sbStrcmp(URI_ID_HMAC_SHA512) == 0) {
m_signatureMethod = SIGNATURE_HMAC;
- m_hashMethod = HASH_SHA1;
+ if (tmpSB.sbStrcmp(URI_ID_HMAC_SHA1) == 0)
+ m_hashMethod = HASH_SHA1;
+ else if (tmpSB.sbStrcmp(URI_ID_HMAC_SHA224) == 0)
+ m_hashMethod = HASH_SHA224;
+ else if (tmpSB.sbStrcmp(URI_ID_HMAC_SHA256) == 0)
+ m_hashMethod = HASH_SHA256;
+ else if (tmpSB.sbStrcmp(URI_ID_HMAC_SHA384) == 0)
+ m_hashMethod = HASH_SHA384;
+ else
+ m_hashMethod = HASH_SHA512;
// Check to see if there is a maximum output value