0001-Fix-lasso_query_sign-HMAC-other-than-SHA1.patch
lasso/xml/tools.c | ||
---|---|---|
594 | 594 |
sigret_size = DSA_size(dsa); |
595 | 595 |
break; |
596 | 596 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA1: |
597 |
md = EVP_sha1(); |
|
598 |
sigret_size = EVP_MD_size(md); |
|
599 |
break; |
|
597 | 600 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA256: |
601 |
md = EVP_sha256(); |
|
602 |
sigret_size = EVP_MD_size(md); |
|
603 |
break; |
|
598 | 604 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA384: |
605 |
md = EVP_sha384(); |
|
606 |
sigret_size = EVP_MD_size(md); |
|
607 |
break; |
|
599 | 608 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA512: |
600 |
if ((rc = lasso_get_hmac_key(key, (void**)&hmac_key, |
|
601 |
&hmac_key_length))) { |
|
602 |
message(G_LOG_LEVEL_CRITICAL, "Failed to get hmac key (%s)", lasso_strerror(rc)); |
|
603 |
goto done; |
|
604 |
} |
|
605 |
g_assert(hmac_key); |
|
606 |
md = EVP_sha1(); |
|
609 |
md = EVP_sha512(); |
|
607 | 610 |
sigret_size = EVP_MD_size(md); |
608 |
/* key should be at least 128 bits long */ |
|
609 |
if (hmac_key_length < 16) { |
|
610 |
critical("HMAC key should be at least 128 bits long"); |
|
611 |
goto done; |
|
612 |
} |
|
613 | 611 |
break; |
614 | 612 |
default: |
615 | 613 |
g_assert_not_reached(); |
... | ... | |
645 | 643 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA256: |
646 | 644 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA384: |
647 | 645 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA512: |
646 |
if ((rc = lasso_get_hmac_key(key, (void**)&hmac_key, |
|
647 |
&hmac_key_length))) { |
|
648 |
message(G_LOG_LEVEL_CRITICAL, "Failed to get hmac key (%s)", lasso_strerror(rc)); |
|
649 |
goto done; |
|
650 |
} |
|
651 |
g_assert(hmac_key); |
|
652 | ||
653 |
/* key should be at least 128 bits long */ |
|
654 |
if (hmac_key_length < 16) { |
|
655 |
critical("HMAC key should be at least 128 bits long"); |
|
656 |
goto done; |
|
657 |
} |
|
658 | ||
648 | 659 |
HMAC(md, hmac_key, hmac_key_length, (unsigned char *)new_query, |
649 | 660 |
strlen(new_query), sigret, &siglen); |
650 | 661 |
status = 1; |
tests/login_tests_saml2.c | ||
---|---|---|
981 | 981 |
lasso_release_gobject(sp_login_context); |
982 | 982 |
} |
983 | 983 | |
984 |
START_TEST(test07_sso_sp_with_hmac_sha1_signatures)
|
|
984 |
START_TEST(test07_sso_sp_with_hmac_sha256_signatures)
|
|
985 | 985 |
{ |
986 | 986 |
LassoServer *idp_context = NULL; |
987 | 987 |
LassoServer *sp_context = NULL; |
... | ... | |
990 | 990 | |
991 | 991 |
/* Create the shared key */ |
992 | 992 |
key = lasso_key_new_for_signature_from_memory("xxxxxxxxxxxxxxxx", 16, |
993 |
NULL, LASSO_SIGNATURE_METHOD_HMAC_SHA1, NULL);
|
|
993 |
NULL, LASSO_SIGNATURE_METHOD_HMAC_SHA256, NULL);
|
|
994 | 994 |
check_true(LASSO_IS_KEY(key)); |
995 | 995 | |
996 | 996 |
/* Create an IdP context for IdP initiated SSO with provider metadata 1 */ |
... | ... | |
1640 | 1640 |
tcase_add_test(tc_spSloSoap, test04_sso_then_slo_soap); |
1641 | 1641 |
tcase_add_test(tc_idpKeyRollover, test05_sso_idp_with_key_rollover); |
1642 | 1642 |
tcase_add_test(tc_spKeyRollover, test06_sso_sp_with_key_rollover); |
1643 |
tcase_add_test(tc_hmacSignature, test07_sso_sp_with_hmac_sha1_signatures);
|
|
1643 |
tcase_add_test(tc_hmacSignature, test07_sso_sp_with_hmac_sha256_signatures);
|
|
1644 | 1644 |
tcase_add_test(tc_spLogin, test08_test_authnrequest_flags); |
1645 | 1645 |
tcase_add_test(tc_ecp, test09_ecp); |
1646 | 1646 |
tcase_add_test(tc_ecp, test10_ecp); |
1647 |
- |