diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index 490d2660..400d2b4e 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -49,6 +49,12 @@ #define RSA_SHA1 "RSA_SHA1" #define DSA_SHA1 "DSA_SHA1" #define HMAC_SHA1 "HMAC_SHA1" +#define RSA_SHA256 "RSA_SHA256" +#define HMAC_SHA256 "HMAC_SHA256" +#define RSA_SHA384 "RSA_SHA384" +#define HMAC_SHA384 "HMAC_SHA384" +#define RSA_SHA512 "RSA_SHA512" +#define HMAC_SHA512 "HMAC_SHA512" /*****************************************************************************/ /* public methods */ @@ -283,7 +289,12 @@ static xmlNode* get_xmlNode(LassoNode *node, gboolean lasso_dump) { LassoServer *server = LASSO_SERVER(node); - char *signature_methods[] = { NULL, RSA_SHA1, DSA_SHA1, HMAC_SHA1}; + char *signature_methods[] = { NULL, + RSA_SHA1, DSA_SHA1, HMAC_SHA1, + RSA_SHA256, HMAC_SHA256, + RSA_SHA384, HMAC_SHA384, + RSA_SHA512, HMAC_SHA512, + }; xmlNode *xmlnode = NULL, *ret_xmlnode = NULL; xmlnode = parent_class->get_xmlNode(node, lasso_dump); @@ -339,6 +350,18 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) server->signature_method = LASSO_SIGNATURE_METHOD_DSA_SHA1; else if (lasso_strisequal((char*) s, HMAC_SHA1)) server->signature_method = LASSO_SIGNATURE_METHOD_HMAC_SHA1; + else if (lasso_strisequal((char*) s, RSA_SHA256)) + server->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA256; + else if (lasso_strisequal((char*) s, HMAC_SHA256)) + server->signature_method = LASSO_SIGNATURE_METHOD_HMAC_SHA256; + else if (lasso_strisequal((char*) s, RSA_SHA384)) + server->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA384; + else if (lasso_strisequal((char*) s, HMAC_SHA384)) + server->signature_method = LASSO_SIGNATURE_METHOD_HMAC_SHA384; + else if (lasso_strisequal((char*) s, RSA_SHA512)) + server->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA512; + else if (lasso_strisequal((char*) s, HMAC_SHA512)) + server->signature_method = LASSO_SIGNATURE_METHOD_HMAC_SHA512; else { warning("Unable to rebuild a LassoServer object from XML, bad SignatureMethod: %s", s); diff --git a/lasso/xml/private.h b/lasso/xml/private.h index f1b0e94b..1d3042ae 100644 --- a/lasso/xml/private.h +++ b/lasso/xml/private.h @@ -224,6 +224,12 @@ int lasso_saml2_query_verify_signature(const char *query, const xmlSecKey *sende char* lasso_sha1(const char *str); +char* lasso_sha256(const char *str); + +char* lasso_sha384(const char *str); + +char* lasso_sha512(const char *str); + char** urlencoded_to_strings(const char *str); int lasso_sign_node(xmlNode *xmlnode, LassoSignatureContext context, const char *id_attr_name, const char *id_value); diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 09f7da85..337b2c6a 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -508,6 +508,24 @@ lasso_query_sign(char *query, LassoSignatureContext context) case LASSO_SIGNATURE_METHOD_HMAC_SHA1: algo_href = xmlSecHrefHmacSha1; break; + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + algo_href = xmlSecHrefRsaSha256; + break; + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + algo_href = xmlSecHrefHmacSha256; + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + algo_href = xmlSecHrefRsaSha384; + break; + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + algo_href = xmlSecHrefHmacSha384; + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA512: + algo_href = xmlSecHrefRsaSha512; + break; + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: + algo_href = xmlSecHrefHmacSha512; + break; case LASSO_SIGNATURE_METHOD_NONE: case LASSO_SIGNATURE_METHOD_LAST: g_assert_not_reached(); @@ -520,14 +538,41 @@ lasso_query_sign(char *query, LassoSignatureContext context) } /* build buffer digest */ - digest = lasso_sha1(new_query); - if (digest == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Failed to build the buffer digest"); - goto done; + switch (sign_method) { + case LASSO_SIGNATURE_METHOD_RSA_SHA1: + case LASSO_SIGNATURE_METHOD_DSA_SHA1: + digest = lasso_sha1(new_query); + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + digest = lasso_sha256(new_query); + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + digest = lasso_sha384(new_query); + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA512: + digest = lasso_sha512(new_query); + default: + break; + } + switch (sign_method) { + case LASSO_SIGNATURE_METHOD_RSA_SHA1: + case LASSO_SIGNATURE_METHOD_DSA_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: + if (digest == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to build the buffer digest"); + goto done; + } + default: + break; } /* extract the OpenSSL key */ switch (sign_method) { case LASSO_SIGNATURE_METHOD_RSA_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: rsa = xmlSecOpenSSLKeyDataRsaGetRsa(key_data); g_assert(rsa); /* alloc memory for sigret */ @@ -540,6 +585,9 @@ lasso_query_sign(char *query, LassoSignatureContext context) sigret_size = DSA_size(dsa); break; case LASSO_SIGNATURE_METHOD_HMAC_SHA1: + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: lasso_get_hmac_key(key, (void**)&hmac_key, &hmac_key_length); g_assert(hmac_key); @@ -558,6 +606,9 @@ lasso_query_sign(char *query, LassoSignatureContext context) switch (sign_method) { case LASSO_SIGNATURE_METHOD_RSA_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: /* sign digest message */ status = RSA_sign(NID_sha1, (unsigned char*)digest, 20, sigret, &siglen, rsa); @@ -567,6 +618,9 @@ lasso_query_sign(char *query, LassoSignatureContext context) &siglen, dsa); break; case LASSO_SIGNATURE_METHOD_HMAC_SHA1: + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: HMAC(md, hmac_key, hmac_key_length, (unsigned char *)new_query, strlen(new_query), sigret, &siglen); status = 1; @@ -592,6 +646,12 @@ lasso_query_sign(char *query, LassoSignatureContext context) case LASSO_SIGNATURE_METHOD_RSA_SHA1: case LASSO_SIGNATURE_METHOD_DSA_SHA1: case LASSO_SIGNATURE_METHOD_HMAC_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: s_new_query = g_strdup_printf("%s&Signature=%s", new_query, (char*) e_b64_sigret); break; @@ -644,6 +704,8 @@ lasso_query_verify_helper(const char *signed_content, const char *b64_signature, const EVP_MD *md = NULL; lasso_error_t rc = 0; LassoSignatureMethod method = LASSO_SIGNATURE_METHOD_NONE; + size_t digest_size = 1; + int type = -1; if (lasso_strisequal(algorithm, (char*)xmlSecHrefRsaSha1)) { goto_cleanup_if_fail_with_rc(key->value->id == xmlSecOpenSSLKeyDataRsaId, @@ -651,16 +713,59 @@ lasso_query_verify_helper(const char *signed_content, const char *b64_signature, rsa = xmlSecOpenSSLKeyDataRsaGetRsa(key->value); key_size = RSA_size(rsa); method = LASSO_SIGNATURE_METHOD_RSA_SHA1; + digest_size = 20; + type = NID_sha1; } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefDsaSha1)) { goto_cleanup_if_fail_with_rc(key->value->id == xmlSecOpenSSLKeyDataDsaId, LASSO_DS_ERROR_INVALID_SIGALG); dsa = xmlSecOpenSSLKeyDataDsaGetDsa(key->value); key_size = DSA_size(dsa); method = LASSO_SIGNATURE_METHOD_DSA_SHA1; + digest_size = 20; + type = NID_sha1; + } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefRsaSha256)) { + goto_cleanup_if_fail_with_rc(key->value->id == xmlSecOpenSSLKeyDataRsaId, + LASSO_DS_ERROR_INVALID_SIGALG) + rsa = xmlSecOpenSSLKeyDataRsaGetRsa(key->value); + key_size = RSA_size(rsa); + method = LASSO_SIGNATURE_METHOD_RSA_SHA256; + digest_size = 32; + type = NID_sha256; + } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefRsaSha384)) { + goto_cleanup_if_fail_with_rc(key->value->id == xmlSecOpenSSLKeyDataRsaId, + LASSO_DS_ERROR_INVALID_SIGALG) + rsa = xmlSecOpenSSLKeyDataRsaGetRsa(key->value); + key_size = RSA_size(rsa); + method = LASSO_SIGNATURE_METHOD_RSA_SHA384; + digest_size = 48; + type = NID_sha384; + } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefRsaSha512)) { + goto_cleanup_if_fail_with_rc(key->value->id == xmlSecOpenSSLKeyDataRsaId, + LASSO_DS_ERROR_INVALID_SIGALG) + rsa = xmlSecOpenSSLKeyDataRsaGetRsa(key->value); + key_size = RSA_size(rsa); + method = LASSO_SIGNATURE_METHOD_RSA_SHA512; + digest_size = 64; + type = NID_sha512; } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefHmacSha1)) { lasso_check_good_rc(lasso_get_hmac_key(key, (void**)&hmac_key, &hmac_key_length)); md = EVP_sha1(); key_size = EVP_MD_size(md); method = LASSO_SIGNATURE_METHOD_HMAC_SHA1; + } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefHmacSha256)) { + lasso_check_good_rc(lasso_get_hmac_key(key, (void**)&hmac_key, &hmac_key_length)); + md = EVP_sha256(); + key_size = EVP_MD_size(md); + method = LASSO_SIGNATURE_METHOD_HMAC_SHA256; + } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefHmacSha384)) { + lasso_check_good_rc(lasso_get_hmac_key(key, (void**)&hmac_key, &hmac_key_length)); + md = EVP_sha384(); + key_size = EVP_MD_size(md); + method = LASSO_SIGNATURE_METHOD_HMAC_SHA384; + } else if (lasso_strisequal(algorithm, (char*)xmlSecHrefHmacSha512)) { + lasso_check_good_rc(lasso_get_hmac_key(key, (void**)&hmac_key, &hmac_key_length)); + md = EVP_sha512(); + key_size = EVP_MD_size(md); + method = LASSO_SIGNATURE_METHOD_HMAC_SHA512; } else { goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG); } @@ -675,31 +780,52 @@ lasso_query_verify_helper(const char *signed_content, const char *b64_signature, case LASSO_SIGNATURE_METHOD_DSA_SHA1: digest = lasso_sha1(signed_content); break; - default: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + digest = lasso_sha256(signed_content); break; + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + digest = lasso_sha384(signed_content); + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA512: + digest = lasso_sha512(signed_content); + break; + case LASSO_SIGNATURE_METHOD_HMAC_SHA1: + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: + break; + default: + g_assert_not_reached(); } /* verify signature */ switch (method) { case LASSO_SIGNATURE_METHOD_RSA_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: goto_cleanup_if_fail_with_rc( RSA_verify( - NID_sha1, + type, (unsigned char*)digest, - 20, + digest_size, signature, key_size, rsa) == 1, LASSO_DS_ERROR_INVALID_SIGNATURE); break; case LASSO_SIGNATURE_METHOD_DSA_SHA1: goto_cleanup_if_fail_with_rc( - DSA_verify(NID_sha1, + DSA_verify( + type, (unsigned char*)digest, - 20, + digest_size, signature, key_size, dsa) == 1, LASSO_DS_ERROR_INVALID_SIGNATURE); break; case LASSO_SIGNATURE_METHOD_HMAC_SHA1: + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: digest = g_malloc(key_size); HMAC(md, hmac_key, hmac_key_length, (unsigned char*)signed_content, strlen(signed_content), (unsigned char*)digest, NULL); @@ -897,7 +1023,7 @@ cleanup: * * Builds the SHA-1 message digest (cryptographic hash) of @str * - * Return value: 20-bytes buffer allocated with xmlMalloc + * Return value: 20-bytes buffer allocated with g_malloc **/ char* lasso_sha1(const char *str) @@ -911,6 +1037,66 @@ lasso_sha1(const char *str) return (char*)SHA1((unsigned char*)str, strlen(str), md); } +/** + * lasso_sha256: + * @str: a string + * + * Builds the SHA-256 message digest (cryptographic hash) of @str + * + * Return value: 32-bytes buffer allocated with g_malloc + **/ +char* +lasso_sha256(const char *str) +{ + xmlChar *md; + + if (str == NULL) + return NULL; + + md = g_malloc(32); + return (char*)SHA256((unsigned char*)str, strlen(str), md); +} + +/** + * lasso_sha384: + * @str: a string + * + * Builds the SHA-384 message digest (cryptographic hash) of @str + * + * Return value: 48-bytes buffer allocated with g_malloc + **/ +char* +lasso_sha384(const char *str) +{ + xmlChar *md; + + if (str == NULL) + return NULL; + + md = g_malloc(48); + return (char*)SHA384((unsigned char*)str, strlen(str), md); +} + +/** + * lasso_sha512: + * @str: a string + * + * Builds the SHA-512 message digest (cryptographic hash) of @str + * + * Return value: 64-bytes buffer allocated with g_malloc + **/ +char* +lasso_sha512(const char *str) +{ + xmlChar *md; + + if (str == NULL) + return NULL; + + md = g_malloc(64); + return (char*)SHA512((unsigned char*)str, strlen(str), md); +} + char** urlencoded_to_strings(const char *str) { @@ -1254,7 +1440,17 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) { (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformHmacSha1Id) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformDsaSha1Id) < 0) || - (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) { + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha256Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformHmacSha256Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha256Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha384Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformHmacSha384Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha384Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha512Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformHmacSha512Id) < 0) || + (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha512Id) < 0) + ) { message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed signature transforms"); return FALSE; @@ -1262,6 +1458,9 @@ lasso_saml_constrain_dsigctxt(xmlSecDSigCtxPtr dsigCtx) { if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || + (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha256Id) < 0) || + (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha384Id) < 0) || + (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha512Id) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) { message(G_LOG_LEVEL_CRITICAL, "Error: failed to limit allowed reference transforms"); @@ -2004,12 +2203,18 @@ _lasso_xmlsec_load_key_from_buffer(const char *buffer, size_t length, const char switch (signature_method) { case LASSO_SIGNATURE_METHOD_RSA_SHA1: case LASSO_SIGNATURE_METHOD_DSA_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: for (i = 0; key_formats[i] && private_key == NULL; i++) { private_key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte*)buffer, length, key_formats[i], password, NULL, NULL); } break; case LASSO_SIGNATURE_METHOD_HMAC_SHA1: + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: private_key = xmlSecKeyReadMemory(xmlSecKeyDataHmacId, (xmlSecByte*)buffer, length); if (private_key) { xmlSecKeySetName(private_key, BAD_CAST "shared"); @@ -2021,27 +2226,34 @@ _lasso_xmlsec_load_key_from_buffer(const char *buffer, size_t length, const char } goto_cleanup_if_fail(private_key != NULL); if (certificate) { - if (signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1 || signature_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) { - int done = 0; + int done = 0; - for (i=0; cert_formats[i]; i++) { - if (xmlSecCryptoAppKeyCertLoad(private_key, certificate, cert_formats[i]) - == 0) { - done = 1; - break; + switch (signature_method) { + case LASSO_SIGNATURE_METHOD_RSA_SHA1: + case LASSO_SIGNATURE_METHOD_DSA_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: + + for (i=0; cert_formats[i]; i++) { + if (xmlSecCryptoAppKeyCertLoad(private_key, certificate, cert_formats[i]) + == 0) { + done = 1; + break; + } + if (xmlSecCryptoAppKeyCertLoadMemory(private_key, BAD_CAST certificate, + strlen(certificate), cert_formats[i]) == 0) { + done = 1; + break; + } } - if (xmlSecCryptoAppKeyCertLoadMemory(private_key, BAD_CAST certificate, - strlen(certificate), cert_formats[i]) == 0) { - done = 1; - break; + if (done == 0) { + warning("Unable to load certificate: %s", certificate); } - } - if (done == 0) { - warning("Unable to load certificate: %s", certificate); - } - } else { - warning("Attaching a certificate for signature only " - "works with DSA and RSA algorithms."); + break; + default: + warning("Attaching a certificate for signature only " + "works with DSA and RSA algorithms."); } } cleanup: @@ -2540,6 +2752,24 @@ lasso_xmlnode_add_saml2_signature_template(xmlNode *node, LassoSignatureContext case LASSO_SIGNATURE_METHOD_HMAC_SHA1: transform_id = xmlSecTransformHmacSha1Id; break; + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + transform_id = xmlSecTransformRsaSha256Id; + break; + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + transform_id = xmlSecTransformHmacSha256Id; + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + transform_id = xmlSecTransformRsaSha384Id; + break; + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + transform_id = xmlSecTransformHmacSha384Id; + break; + case LASSO_SIGNATURE_METHOD_RSA_SHA512: + transform_id = xmlSecTransformRsaSha512Id; + break; + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: + transform_id = xmlSecTransformHmacSha512Id; + break; default: g_assert_not_reached(); } @@ -2570,6 +2800,9 @@ lasso_xmlnode_add_saml2_signature_template(xmlNode *node, LassoSignatureContext switch (context.signature_method) { case LASSO_SIGNATURE_METHOD_RSA_SHA1: case LASSO_SIGNATURE_METHOD_DSA_SHA1: + case LASSO_SIGNATURE_METHOD_RSA_SHA256: + case LASSO_SIGNATURE_METHOD_RSA_SHA384: + case LASSO_SIGNATURE_METHOD_RSA_SHA512: /* asymetric cryptography methods */ key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); if (xmlSecKeyGetData(context.signature_key, xmlSecOpenSSLKeyDataX509Id)) { @@ -2580,6 +2813,9 @@ lasso_xmlnode_add_saml2_signature_template(xmlNode *node, LassoSignatureContext } break; case LASSO_SIGNATURE_METHOD_HMAC_SHA1: + case LASSO_SIGNATURE_METHOD_HMAC_SHA256: + case LASSO_SIGNATURE_METHOD_HMAC_SHA384: + case LASSO_SIGNATURE_METHOD_HMAC_SHA512: if (context.signature_key->name) { key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); xmlSecTmplKeyInfoAddKeyName(key_info, NULL); diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h index 9750079b..30f80141 100644 --- a/lasso/xml/xml.h +++ b/lasso/xml/xml.h @@ -100,6 +100,12 @@ typedef enum { LASSO_SIGNATURE_METHOD_RSA_SHA1, LASSO_SIGNATURE_METHOD_DSA_SHA1, LASSO_SIGNATURE_METHOD_HMAC_SHA1, + LASSO_SIGNATURE_METHOD_RSA_SHA256, + LASSO_SIGNATURE_METHOD_HMAC_SHA256, + LASSO_SIGNATURE_METHOD_RSA_SHA384, + LASSO_SIGNATURE_METHOD_HMAC_SHA384, + LASSO_SIGNATURE_METHOD_RSA_SHA512, + LASSO_SIGNATURE_METHOD_HMAC_SHA512, LASSO_SIGNATURE_METHOD_LAST } LassoSignatureMethod;