[Libreoffice-commits] core.git: offapi/com svl/source xmlsecurity/inc xmlsecurity/source

Thorsten Behrens Thorsten.Behrens at CIB.de
Sat Sep 9 23:43:16 UTC 2017 

 offapi/com/sun/star/xml/crypto/DigestID.idl      |    9 +++++
 svl/source/crypto/cryptosign.cxx                 |    1 
 xmlsecurity/inc/xsecctl.hxx                      |    2 +
 xmlsecurity/source/helper/xsecctl.cxx            |   36 +++++++++++++++++++++--
 xmlsecurity/source/helper/xsecparser.cxx         |    8 +++--
 xmlsecurity/source/xmlsec/nss/nssinitializer.cxx |    7 ++++
 6 files changed, 59 insertions(+), 4 deletions(-)

New commits:
commit ca6ab632a8f2dd5b45234f7af9b9f2b40690db89
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Date:   Fri Sep 8 02:45:30 2017 +0200

    gpg4libre: add sha512 support
    
    Change-Id: Ia5ef54e47e8528a33aba83ae2e317fac5cffb428
    Reviewed-on: https://gerrit.libreoffice.org/42086
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>

diff --git a/offapi/com/sun/star/xml/crypto/DigestID.idl b/offapi/com/sun/star/xml/crypto/DigestID.idl
index b913ef19ec3b..bf21c4285cfa 100644
--- a/offapi/com/sun/star/xml/crypto/DigestID.idl
+++ b/offapi/com/sun/star/xml/crypto/DigestID.idl
@@ -48,6 +48,15 @@ constants DigestID
         of data.
      */
     const long SHA256_1K = 4;
+
+    /** identifier of SHA-512 algorithm
+     */
+    const long SHA512 = 5;
+
+    /** identifier of SHA-512 algorithm that is applied to the first
+        kilobyte of data.
+     */
+    const long SHA512_1K = 6;
 };
 
 
diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 891b563e7c92..952cdf5e0b6b 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -2053,6 +2053,7 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
         break;
     case SEC_OID_SHA512:
         nMaxResultLen = msfilter::SHA512_HASH_LENGTH;
+        rInformation.nDigestID = xml::crypto::DigestID::SHA512;
         break;
     default:
         SAL_WARN("svl.crypto", "ValidateSignature: unrecognized algorithm");
diff --git a/xmlsecurity/inc/xsecctl.hxx b/xmlsecurity/inc/xsecctl.hxx
index ec2762665eda..5e8cdb6ccfe7 100644
--- a/xmlsecurity/inc/xsecctl.hxx
+++ b/xmlsecurity/inc/xsecctl.hxx
@@ -56,8 +56,10 @@
 #define ALGO_C14N          "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
 #define ALGO_RSASHA1       "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
 #define ALGO_RSASHA256     "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+#define ALGO_RSASHA512     "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
 #define ALGO_XMLDSIGSHA1   "http://www.w3.org/2000/09/xmldsig#sha1"
 #define ALGO_XMLDSIGSHA256 "http://www.w3.org/2001/04/xmlenc#sha256"
+#define ALGO_XMLDSIGSHA512 "http://www.w3.org/2001/04/xmlenc#sha512"
 #define ALGO_RELATIONSHIP  "http://schemas.openxmlformats.org/package/2006/RelationshipTransform"
 
 class XSecParser;
diff --git a/xmlsecurity/source/helper/xsecctl.cxx b/xmlsecurity/source/helper/xsecctl.cxx
index 37fbb225c1f9..ad0744f54d27 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -50,6 +50,38 @@ namespace cssxc = com::sun::star::xml::crypto;
 namespace cssxs = com::sun::star::xml::sax;
 using namespace com::sun::star;
 
+namespace
+{
+OUString getDigestURI(sal_Int32 nID)
+{
+    switch( nID )
+    {
+        case cssxc::DigestID::SHA1:
+            return OUString(ALGO_XMLDSIGSHA1);
+        case cssxc::DigestID::SHA256:
+            return OUString(ALGO_XMLDSIGSHA256);
+        case cssxc::DigestID::SHA512:
+            return OUString(ALGO_XMLDSIGSHA512);
+        default:
+            return OUString(ALGO_XMLDSIGSHA1);
+    }
+}
+OUString getSignatureURI(sal_Int32 nID)
+{
+    switch( nID )
+    {
+        case cssxc::DigestID::SHA1:
+            return OUString(ALGO_RSASHA1);
+        case cssxc::DigestID::SHA256:
+            return OUString(ALGO_RSASHA256);
+        case cssxc::DigestID::SHA512:
+            return OUString(ALGO_RSASHA512);
+        default:
+            return OUString(ALGO_RSASHA1);
+    }
+}
+}
+
 XSecController::XSecController( const cssu::Reference<cssu::XComponentContext>& rxCtx )
     : mxCtx(rxCtx)
     , m_nNextSecurityId(1)
@@ -633,7 +665,7 @@ void XSecController::exportSignature(
             // SignatureMethod:Algorithm should be the corresponding one.
             pAttributeList->AddAttribute(
                 "Algorithm",
-                (vReferenceInfors[0].nDigestID == cssxc::DigestID::SHA1 ? OUString(ALGO_RSASHA1) : OUString(ALGO_RSASHA256)));
+                getSignatureURI(vReferenceInfors[0].nDigestID));
             xDocumentHandler->startElement( "SignatureMethod", cssu::Reference< cssxs::XAttributeList > (pAttributeList) );
             xDocumentHandler->endElement( "SignatureMethod" );
 
@@ -693,7 +725,7 @@ void XSecController::exportSignature(
                     pAttributeList = new SvXMLAttributeList();
                     pAttributeList->AddAttribute(
                         "Algorithm",
-                        (refInfor.nDigestID == cssxc::DigestID::SHA1 ? OUString(ALGO_XMLDSIGSHA1) : OUString(ALGO_XMLDSIGSHA256)));
+                        getDigestURI(refInfor.nDigestID));
                     xDocumentHandler->startElement(
                         "DigestMethod",
                         cssu::Reference< cssxs::XAttributeList > (pAttributeList) );
diff --git a/xmlsecurity/source/helper/xsecparser.cxx b/xmlsecurity/source/helper/xsecparser.cxx
index bcab9811faf7..be6f0b7c3dd2 100644
--- a/xmlsecurity/source/helper/xsecparser.cxx
+++ b/xmlsecurity/source/helper/xsecparser.cxx
@@ -141,12 +141,16 @@ void SAL_CALL XSecParser::startElement(
             SAL_WARN_IF( ouAlgorithm.isEmpty(), "xmlsecurity.helper", "no Algorithm in Reference" );
             if (!ouAlgorithm.isEmpty())
             {
-                SAL_WARN_IF( ouAlgorithm != ALGO_XMLDSIGSHA1 && ouAlgorithm != ALGO_XMLDSIGSHA256,
-                             "xmlsecurity.helper", "Algorithm neither SHA1 or SHA256");
+                SAL_WARN_IF( ouAlgorithm != ALGO_XMLDSIGSHA1
+                             && ouAlgorithm != ALGO_XMLDSIGSHA256
+                             && ouAlgorithm != ALGO_XMLDSIGSHA512,
+                             "xmlsecurity.helper", "Algorithm neither SHA1, SHA256 nor SHA512");
                 if (ouAlgorithm == ALGO_XMLDSIGSHA1)
                     m_nReferenceDigestID = cssxc::DigestID::SHA1;
                 else if (ouAlgorithm == ALGO_XMLDSIGSHA256)
                     m_nReferenceDigestID = cssxc::DigestID::SHA256;
+                else if (ouAlgorithm == ALGO_XMLDSIGSHA512)
+                    m_nReferenceDigestID = cssxc::DigestID::SHA512;
             }
         }
         else if (aName == "Transform")
diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
index e9ba525ff2f5..a996ce5d43f4 100644
--- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
+++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
@@ -413,6 +413,13 @@ css::uno::Reference< css::xml::crypto::XDigestContext > SAL_CALL ONSSInitializer
         nDigestLength = 20;
         b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA1_1K );
     }
+    else if ( nDigestID == css::xml::crypto::DigestID::SHA512
+           || nDigestID == css::xml::crypto::DigestID::SHA512_1K )
+    {
+        nNSSDigestID = SEC_OID_SHA512;
+        nDigestLength = 64;
+        b1KData = ( nDigestID == css::xml::crypto::DigestID::SHA512_1K );
+    }
     else
         throw css::lang::IllegalArgumentException("Unexpected digest requested.", css::uno::Reference< css::uno::XInterface >(), 1 );

More information about the Libreoffice-commits mailing list