0001-Fix-lasso_query_sign-HMAC-other-than-SHA1.patch
| lasso/xml/tools.c | ||
|---|---|---|
| 594 | 594 |
sigret_size = DSA_size(dsa); |
| 595 | 595 |
break; |
| 596 | 596 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA1: |
| 597 |
md = EVP_sha1(); |
|
| 598 |
sigret_size = EVP_MD_size(md); |
|
| 599 |
break; |
|
| 597 | 600 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA256: |
| 601 |
md = EVP_sha256(); |
|
| 602 |
sigret_size = EVP_MD_size(md); |
|
| 603 |
break; |
|
| 598 | 604 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA384: |
| 605 |
md = EVP_sha384(); |
|
| 606 |
sigret_size = EVP_MD_size(md); |
|
| 607 |
break; |
|
| 599 | 608 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA512: |
| 600 |
if ((rc = lasso_get_hmac_key(key, (void**)&hmac_key, |
|
| 601 |
&hmac_key_length))) {
|
|
| 602 |
message(G_LOG_LEVEL_CRITICAL, "Failed to get hmac key (%s)", lasso_strerror(rc)); |
|
| 603 |
goto done; |
|
| 604 |
} |
|
| 605 |
g_assert(hmac_key); |
|
| 606 |
md = EVP_sha1(); |
|
| 609 |
md = EVP_sha512(); |
|
| 607 | 610 |
sigret_size = EVP_MD_size(md); |
| 608 |
/* key should be at least 128 bits long */ |
|
| 609 |
if (hmac_key_length < 16) {
|
|
| 610 |
critical("HMAC key should be at least 128 bits long");
|
|
| 611 |
goto done; |
|
| 612 |
} |
|
| 613 | 611 |
break; |
| 614 | 612 |
default: |
| 615 | 613 |
g_assert_not_reached(); |
| ... | ... | |
| 645 | 643 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA256: |
| 646 | 644 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA384: |
| 647 | 645 |
case LASSO_SIGNATURE_METHOD_HMAC_SHA512: |
| 646 |
if ((rc = lasso_get_hmac_key(key, (void**)&hmac_key, |
|
| 647 |
&hmac_key_length))) {
|
|
| 648 |
message(G_LOG_LEVEL_CRITICAL, "Failed to get hmac key (%s)", lasso_strerror(rc)); |
|
| 649 |
goto done; |
|
| 650 |
} |
|
| 651 |
g_assert(hmac_key); |
|
| 652 | ||
| 653 |
/* key should be at least 128 bits long */ |
|
| 654 |
if (hmac_key_length < 16) {
|
|
| 655 |
critical("HMAC key should be at least 128 bits long");
|
|
| 656 |
goto done; |
|
| 657 |
} |
|
| 658 | ||
| 648 | 659 |
HMAC(md, hmac_key, hmac_key_length, (unsigned char *)new_query, |
| 649 | 660 |
strlen(new_query), sigret, &siglen); |
| 650 | 661 |
status = 1; |
| tests/login_tests_saml2.c | ||
|---|---|---|
| 981 | 981 |
lasso_release_gobject(sp_login_context); |
| 982 | 982 |
} |
| 983 | 983 | |
| 984 |
START_TEST(test07_sso_sp_with_hmac_sha1_signatures)
|
|
| 984 |
START_TEST(test07_sso_sp_with_hmac_sha256_signatures)
|
|
| 985 | 985 |
{
|
| 986 | 986 |
LassoServer *idp_context = NULL; |
| 987 | 987 |
LassoServer *sp_context = NULL; |
| ... | ... | |
| 990 | 990 | |
| 991 | 991 |
/* Create the shared key */ |
| 992 | 992 |
key = lasso_key_new_for_signature_from_memory("xxxxxxxxxxxxxxxx", 16,
|
| 993 |
NULL, LASSO_SIGNATURE_METHOD_HMAC_SHA1, NULL);
|
|
| 993 |
NULL, LASSO_SIGNATURE_METHOD_HMAC_SHA256, NULL);
|
|
| 994 | 994 |
check_true(LASSO_IS_KEY(key)); |
| 995 | 995 | |
| 996 | 996 |
/* Create an IdP context for IdP initiated SSO with provider metadata 1 */ |
| ... | ... | |
| 1640 | 1640 |
tcase_add_test(tc_spSloSoap, test04_sso_then_slo_soap); |
| 1641 | 1641 |
tcase_add_test(tc_idpKeyRollover, test05_sso_idp_with_key_rollover); |
| 1642 | 1642 |
tcase_add_test(tc_spKeyRollover, test06_sso_sp_with_key_rollover); |
| 1643 |
tcase_add_test(tc_hmacSignature, test07_sso_sp_with_hmac_sha1_signatures);
|
|
| 1643 |
tcase_add_test(tc_hmacSignature, test07_sso_sp_with_hmac_sha256_signatures);
|
|
| 1644 | 1644 |
tcase_add_test(tc_spLogin, test08_test_authnrequest_flags); |
| 1645 | 1645 |
tcase_add_test(tc_ecp, test09_ecp); |
| 1646 | 1646 |
tcase_add_test(tc_ecp, test10_ecp); |
| 1647 |
- |
|