Hi,
I added support for SHA-2 digests (SHA-256, SHA-384 and SHA-512) into
the mscrypto module, the code works with Windows XP SP3 and higher.
The attached patch is against version 1.2.14.
Tom Stejskal
Index: include/xmlsec/mscrypto/crypto.h
===================================================================
--- include/xmlsec/mscrypto/crypto.h (revision 7)
+++ include/xmlsec/mscrypto/crypto.h (working copy)
@@ -133,6 +133,36 @@
XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha1GetKlass(void);
/**
+ * xmlSecMSCryptoTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+
+#define xmlSecMSCryptoTransformRsaSha256Id \
+ xmlSecMSCryptoTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha256GetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+
+#define xmlSecMSCryptoTransformRsaSha384Id \
+ xmlSecMSCryptoTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha384GetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+
+#define xmlSecMSCryptoTransformRsaSha512Id \
+ xmlSecMSCryptoTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha512GetKlass(void);
+
+/**
* xmlSecMSCryptoTransformRsaPkcs1Id:
*
* The RSA PKCS1 key transport transform klass.
@@ -172,6 +202,57 @@
/********************************************************************
*
+ * SHA256 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA256
+
+/**
+ * xmlSecMSCryptoTransformSha256Id:
+ *
+ * The SHA256 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformSha256Id \
+ xmlSecMSCryptoTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+/********************************************************************
+ *
+ * SHA384 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA384
+
+/**
+ * xmlSecMSCryptoTransformSha384Id:
+ *
+ * The SHA384 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformSha384Id \
+ xmlSecMSCryptoTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+/********************************************************************
+ *
+ * SHA512 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA512
+
+/**
+ * xmlSecMSCryptoTransformSha512Id:
+ *
+ * The SHA512 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformSha512Id \
+ xmlSecMSCryptoTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/********************************************************************
+ *
* GOSTR3411_94 transform
*
*******************************************************************/
Index: include/xmlsec/mscrypto/symbols.h
===================================================================
--- include/xmlsec/mscrypto/symbols.h (revision 7)
+++ include/xmlsec/mscrypto/symbols.h (working copy)
@@ -65,9 +65,15 @@
#define xmlSecTransformHmacSha1Id xmlSecMSCryptoTransformHmacSha1Id
#define xmlSecTransformRipemd160Id xmlSecMSCryptoTransformRipemd160Id
#define xmlSecTransformRsaSha1Id xmlSecMSCryptoTransformRsaSha1Id
+#define xmlSecTransformRsaSha256Id xmlSecMSCryptoTransformRsaSha256Id
+#define xmlSecTransformRsaSha384Id xmlSecMSCryptoTransformRsaSha384Id
+#define xmlSecTransformRsaSha512Id xmlSecMSCryptoTransformRsaSha512Id
#define xmlSecTransformRsaPkcs1Id xmlSecMSCryptoTransformRsaPkcs1Id
#define xmlSecTransformRsaOaepId xmlSecMSCryptoTransformRsaOaepId
#define xmlSecTransformSha1Id xmlSecMSCryptoTransformSha1Id
+#define xmlSecTransformSha256Id xmlSecMSCryptoTransformSha256Id
+#define xmlSecTransformSha384Id xmlSecMSCryptoTransformSha384Id
+#define xmlSecTransformSha512Id xmlSecMSCryptoTransformSha512Id
#define xmlSecTransformGostR3411_94Id xmlSecMSCryptoTransformGostR3411_94Id
/**
Index: src/mscrypto/certkeys.c
===================================================================
--- src/mscrypto/certkeys.c (revision 7)
+++ src/mscrypto/certkeys.c (working copy)
@@ -44,6 +44,36 @@
#define XMLSEC_CONTAINER_NAME "xmlsec-key-container"
+/*
+ * String conversion from wide char to ANSI.
+ */
+static LPSTR
+xmlSecMSCryptoWideCharToAnsi(LPWSTR str) {
+ int size = 0;
+ LPSTR res;
+
+ size = WideCharToMultiByte(CP_ACP, 0, str, -1, NULL, size, NULL, NULL);
+ if (size == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "convertWideCharToAnsi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return NULL;
+ }
+ res = (char *) xmlMalloc(size);
+ if (WideCharToMultiByte(CP_ACP, 0, str, -1, res, size, NULL, NULL) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "convertWideCharToAnsi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(res);
+ return NULL;
+ }
+ return res;
+}
+
/**************************************************************************
*
* Internal MSCrypto PCCERT_CONTEXT key CTX
@@ -459,7 +489,16 @@
xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv);
} else if((type & xmlSecKeyDataTypePublic) != 0){
HCRYPTPROV hProv = 0;
- if (!CryptAcquireContext(&hProv,
+ if (ctx->providerType = 1)
+ {
+ if (!CryptAcquireContext(&hProv, NULL, MS_ENH_RSA_AES_PROV_XP,
+ 24, CRYPT_VERIFYCONTEXT))
+ {
+ CryptAcquireContext(&hProv, NULL, MS_ENH_RSA_AES_PROV_VISTA,
+ 24, CRYPT_VERIFYCONTEXT);
+ }
+ }
+ if ((hProv == 0) && !CryptAcquireContext(&hProv,
NULL,
NULL, /* ctx->providerName, */
ctx->providerType,
@@ -622,6 +661,39 @@
return(xmlSecMSCryptoKeyDataCtxGetProvider(ctx));
}
+HCRYPTPROV
+xmlSecMSCryptoKeyDataGetEnhancedRSAProvider(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ DWORD size;
+ PCRYPT_KEY_PROV_INFO info;
+ LPSTR containerName;
+ HCRYPTPROV prov = 0;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ if (CertGetCertificateContextProperty(ctx->pCert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size))
+ {
+ info = (PCRYPT_KEY_PROV_INFO) xmlMalloc(size);
+ if (CertGetCertificateContextProperty(ctx->pCert, CERT_KEY_PROV_INFO_PROP_ID, info, &size))
+ {
+ containerName = xmlSecMSCryptoWideCharToAnsi(info->pwszContainerName);
+ if (!CryptAcquireContext(&prov, containerName, MS_ENH_RSA_AES_PROV_XP,
+ 24, info->dwFlags))
+ {
+ CryptAcquireContext(&prov, containerName,
+ MS_ENH_RSA_AES_PROV_VISTA, 24, info->dwFlags);
+ }
+ xmlFree(containerName);
+ }
+ xmlFree(info);
+ }
+ return prov;
+}
+
DWORD
xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
Index: src/mscrypto/crypto.c
===================================================================
--- src/mscrypto/crypto.c (revision 7)
+++ src/mscrypto/crypto.c (working copy)
@@ -105,6 +105,15 @@
#ifndef XMLSEC_NO_RSA
gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass = xmlSecMSCryptoTransformRsaSha1GetKlass;
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformRsaSha256GetKlass = xmlSecMSCryptoTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformRsaSha384GetKlass = xmlSecMSCryptoTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformRsaSha512GetKlass = xmlSecMSCryptoTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass;
#endif /* XMLSEC_NO_RSA */
@@ -119,6 +128,15 @@
#ifndef XMLSEC_NO_SHA1
gXmlSecMSCryptoFunctions->transformSha1GetKlass = xmlSecMSCryptoTransformSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformSha256GetKlass = xmlSecMSCryptoTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformSha384GetKlass = xmlSecMSCryptoTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformSha512GetKlass = xmlSecMSCryptoTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_GOST
gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass;
Index: src/mscrypto/digests.c
===================================================================
--- src/mscrypto/digests.c (revision 7)
+++ src/mscrypto/digests.c (working copy)
@@ -66,6 +66,21 @@
return(1);
}
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_GOST
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
@@ -94,6 +109,21 @@
ctx->alg_id = CALG_SHA;
} else
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
+ ctx->alg_id = CALG_SHA_256;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha384Id)) {
+ ctx->alg_id = CALG_SHA_384;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha512Id)) {
+ ctx->alg_id = CALG_SHA_512;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_GOST
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
@@ -123,6 +153,16 @@
return(-1);
}
+ if ((ctx->alg_id == CALG_SHA_256) || (ctx->alg_id == CALG_SHA_384) || (ctx->alg_id == CALG_SHA_512))
+ {
+ if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENH_RSA_AES_PROV_XP,
+ 24, CRYPT_VERIFYCONTEXT))
+ {
+ CryptAcquireContext(&ctx->provider, NULL, MS_ENH_RSA_AES_PROV_VISTA,
+ 24, CRYPT_VERIFYCONTEXT);
+ }
+ }
+ else
/* TODO: Check what provider is best suited here.... */
if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV,PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
@@ -230,7 +270,7 @@
if((ret == 0) || (ctx->mscHash == 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptHashData",
+ "CryptCreateHash",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
@@ -367,6 +407,138 @@
}
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha256GetKlass:
+ *
+ * SHA-256 digest transform klass.
+ *
+ * Returns pointer to SHA-256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha256GetKlass(void) {
+ return(&xmlSecMSCryptoSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha384GetKlass:
+ *
+ * SHA-384 digest transform klass.
+ *
+ * Returns pointer to SHA-384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha384GetKlass(void) {
+ return(&xmlSecMSCryptoSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha512GetKlass:
+ *
+ * SHA-512 digest transform klass.
+ *
+ * Returns pointer to SHA-512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha512GetKlass(void) {
+ return(&xmlSecMSCryptoSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
#ifndef XMLSEC_NO_GOST
/******************************************************************************
*
Index: src/mscrypto/globals.h
===================================================================
--- src/mscrypto/globals.h (revision 7)
+++ src/mscrypto/globals.h (working copy)
@@ -18,6 +18,26 @@
#include "config.h"
#endif /* HAVE_CONFIG_H */
+#ifndef MS_ENH_RSA_AES_PROV_XP
+#define MS_ENH_RSA_AES_PROV_XP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#endif /* MS_ENH_RSA_AES_PROV_XP */
+
+#ifndef MS_ENH_RSA_AES_PROV_VISTA
+#define MS_ENH_RSA_AES_PROV_VISTA "Microsoft Enhanced RSA and AES Cryptographic Provider"
+#endif /* MS_ENH_RSA_AES_PROV_VISTA */
+
+#ifndef CALG_SHA_256
+#define CALG_SHA_256 0x0000800c
+#endif /* CALG_SHA_256 */
+
+#ifndef CALG_SHA_384
+#define CALG_SHA_384 0x0000800d
+#endif /* CALG_SHA_384 */
+
+#ifndef CALG_SHA_512
+#define CALG_SHA_512 0x0000800e
+#endif /* CALG_SHA_512 */
+
#define IN_XMLSEC_CRYPTO
#define XMLSEC_PRIVATE
Index: src/mscrypto/signatures.c
===================================================================
--- src/mscrypto/signatures.c (revision 7)
+++ src/mscrypto/signatures.c (working copy)
@@ -30,6 +30,7 @@
/*FIXME: include header files*/
extern HCRYPTPROV xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data);
+extern HCRYPTPROV xmlSecMSCryptoKeyDataGetEnhancedRSAProvider(xmlSecKeyDataPtr data);
extern DWORD xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data);
#if defined(__MINGW32__)
@@ -97,6 +98,21 @@
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
return(1);
}
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
#endif /* XMLSEC_NO_RSA */
return(0);
@@ -117,7 +133,25 @@
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
ctx->digestAlgId = CALG_SHA1;
ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
- } else
+ } else
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ ctx->digestAlgId = CALG_SHA_256;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ ctx->digestAlgId = CALG_SHA_384;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ ctx->digestAlgId = CALG_SHA_512;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_GOST
@@ -282,6 +316,30 @@
while (l >= tmpBuf) {
*l-- = *j++;
}
+#ifndef XMLSEC_NO_SHA256
+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ j = (BYTE *)data;
+ l = tmpBuf + dataSize - 1;
+ while (l >= tmpBuf) {
+ *l-- = *j++;
+ }
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ j = (BYTE *)data;
+ l = tmpBuf + dataSize - 1;
+ while (l >= tmpBuf) {
+ *l-- = *j++;
+ }
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ j = (BYTE *)data;
+ l = tmpBuf + dataSize - 1;
+ while (l >= tmpBuf) {
+ *l-- = *j++;
+ }
+#endif /* XMLSEC_NO_SHA512 */
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -363,7 +421,21 @@
if(transform->status == xmlSecTransformStatusNone) {
xmlSecAssert2(outSize == 0, -1);
-
+ if ((transform->operation == xmlSecTransformOperationSign)
+ && (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)
+ || xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)
+ || xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)))
+ {
+ if (0 == (hProv = xmlSecMSCryptoKeyDataGetEnhancedRSAProvider(ctx->data))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoKeyDataGetEnhancedRSAProvider",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+ }
+ else
if (0 == (hProv = xmlSecMSCryptoKeyDataGetMSCryptoProvider(ctx->data))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -487,6 +559,33 @@
while (j >= outBuf) {
*j-- = *i++;
}
+#ifndef XMLSEC_NO_SHA256
+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ i = tmpBuf;
+ j = outBuf + dwSigLen - 1;
+
+ while (j >= outBuf) {
+ *j-- = *i++;
+ }
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ i = tmpBuf;
+ j = outBuf + dwSigLen - 1;
+
+ while (j >= outBuf) {
+ *j-- = *i++;
+ }
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ i = tmpBuf;
+ j = outBuf + dwSigLen - 1;
+
+ while (j >= outBuf) {
+ *j-- = *i++;
+ }
+#endif /* XMLSEC_NO_SHA512 */
} else {
/* We shouldn't get at this place */
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -563,6 +662,144 @@
return(&xmlSecMSCryptoRsaSha1Klass);
}
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha256GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha384GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA2512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha512GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_DSA
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
