add SHA2 support for xmlsec-nss

Author: lsh123

ChangeLog

@@ -1,16 +1,26 @@
+2010-04-25  Aleksey Sanin  <aleksey@aleksey.com>
+	* Added support for SHA256/384/512 for digest, HMAC and RSA 
+	(requires nss 3.8 + nspr 4.3 or greater)
+
+2010-04-24  Aleksey Sanin  <aleksey@aleksey.com>
+	* Fix PK_CONFIG problem (reported by Roumen)
+	* Enable --crypto for transform checks
+	* Fix DSA support in xmlsec-nss (https://bugzilla.mozilla.org/show_bug.cgi?id=561598)
+
 2010-04-23  Aleksey Sanin  <aleksey@aleksey.com>
-	Enable RSA/SHA2 support in xmlsec-mscrypto
-	Misc. cleanups in xmlsec-mscrypto
-	Fix PK_CONFIG problem (reported by Roumen)
+	* Enable RSA/SHA2 support in xmlsec-mscrypto
+	* Misc. cleanups in xmlsec-mscrypto
+	* Fix PK_CONFIG problem (reported by Roumen)
+	* Fix DSA support in xmlsec-nss (https://bugzilla.mozilla.org/show_bug.cgi?id=561598)
 
 2010-04-23  Aleksey Sanin  <aleksey@aleksey.com>
-	Fix search for certificates with UTF-8 subject on Windows in xmlsec-mscrypto
-	Remove spaces at the end of lines
+	* Fix search for certificates with UTF-8 subject on Windows in xmlsec-mscrypto
+	* Remove spaces at the end of lines
 
 2010-04-22  Aleksey Sanin  <aleksey@aleksey.com>
-	Fix search for certificates with Unicode subject on Windows in xmlsec-mscrypto
-	Copy *.manifest files to installation for Windows builds
-	Convert tabs to spaces
+	* Fix search for certificates with Unicode subject on Windows in xmlsec-mscrypto
+	* Copy *.manifest files to installation for Windows builds
+	* Convert tabs to spaces
 
 2010-04-21  Aleksey Sanin  <aleksey@aleksey.com>
 	* Fix key name conversion to unicode problem in xmlsec-mscrypto

configure.in

@@ -546,8 +546,8 @@ dnl ==========================================================================
 
 XMLSEC_NO_NSS="1"
 MOZILLA_MIN_VERSION="1.4"
-NSS_MIN_VERSION="3.2"
-NSPR_MIN_VERSION="4.0"
+NSS_MIN_VERSION="3.8"
+NSPR_MIN_VERSION="4.3"
 NSS_CFLAGS=""
 NSS_LIBS=""
 NSS_LIBS_LIST="-lnss3 -lsmime3"

include/xmlsec/nss/crypto.h

@@ -206,6 +206,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecNssKeyDataHmacGetKlass    (void);
 XMLSEC_CRYPTO_EXPORT int                xmlSecNssKeyDataHmacSet         (xmlSecKeyDataPtr data,
                                                                          const xmlSecByte* buf,
                                                                          xmlSecSize bufSize);
+#ifndef XMLSEC_NO_MD5
 /**
  * xmlSecNssTransformHmacMd5Id:
  *
@@ -214,7 +215,9 @@ XMLSEC_CRYPTO_EXPORT int                xmlSecNssKeyDataHmacSet         (xmlSecK
 #define xmlSecNssTransformHmacMd5Id \
         xmlSecNssTransformHmacMd5GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
 
+#ifndef XMLSEC_NO_RIPEMD160
 /**
  * xmlSecNssTransformHmacRipemd160Id:
  *
@@ -223,7 +226,9 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacMd5GetKlass(void);
 #define xmlSecNssTransformHmacRipemd160Id \
         xmlSecNssTransformHmacRipemd160GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
 
+#ifndef XMLSEC_NO_SHA1
 /**
  * xmlSecNssTransformHmacSha1Id:
  *
@@ -232,6 +237,40 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacRipemd160GetKlass(v
 #define xmlSecNssTransformHmacSha1Id \
         xmlSecNssTransformHmacSha1GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecNssTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecNssTransformHmacSha256Id \
+        xmlSecNssTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecNssTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecNssTransformHmacSha384Id \
+        xmlSecNssTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecNssTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecNssTransformHmacSha512Id \
+        xmlSecNssTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
 
 
 #endif /* XMLSEC_NO_HMAC */
@@ -253,6 +292,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha1GetKlass(void);
         xmlSecNssKeyDataRsaGetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecNssKeyDataRsaGetKlass     (void);
 
+#ifndef XMLSEC_NO_SHA1
 /**
  * xmlSecNssTransformRsaSha1Id:
  *
@@ -261,6 +301,41 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecNssKeyDataRsaGetKlass     (void);
 #define xmlSecNssTransformRsaSha1Id     \
         xmlSecNssTransformRsaSha1GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecNssTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecNssTransformRsaSha256Id       \
+        xmlSecNssTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecNssTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecNssTransformRsaSha384Id       \
+        xmlSecNssTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecNssTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecNssTransformRsaSha512Id       \
+        xmlSecNssTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
 
 /**
  * xmlSecNssTransformRsaPkcs1Id:
@@ -304,6 +379,55 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha1GetKlass   (void);
 #endif /* XMLSEC_NO_SHA1 */
 
+/********************************************************************
+ *
+ * SHA256 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecNssTransformSha256Id:
+ *
+ * The SHA256 digest transform klass.
+ */
+#define xmlSecNssTransformSha256Id \
+        xmlSecNssTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+/********************************************************************
+ *
+ * SHA384 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecNssTransformSha384Id:
+ *
+ * The SHA384 digest transform klass.
+ */
+#define xmlSecNssTransformSha384Id \
+        xmlSecNssTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+/********************************************************************
+ *
+ * SHA512 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecNssTransformSha512Id:
+ *
+ * The SHA512 digest transform klass.
+ */
+#define xmlSecNssTransformSha512Id \
+        xmlSecNssTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */

src/nss/crypto.c

@@ -94,6 +94,8 @@ xmlSecCryptoGetFunctions_nss(void) {
     /**
      * Crypto transforms ids
      */
+
+    /******************************* AES ********************************/
 #ifndef XMLSEC_NO_AES
     gXmlSecNssFunctions->transformAes128CbcGetKlass     = xmlSecNssTransformAes128CbcGetKlass;
     gXmlSecNssFunctions->transformAes192CbcGetKlass     = xmlSecNssTransformAes192CbcGetKlass;
@@ -103,23 +105,65 @@ xmlSecCryptoGetFunctions_nss(void) {
     gXmlSecNssFunctions->transformKWAes256GetKlass      = xmlSecNssTransformKWAes256GetKlass;
 #endif /* XMLSEC_NO_AES */
 
+    /******************************* DES ********************************/
 #ifndef XMLSEC_NO_DES
     gXmlSecNssFunctions->transformDes3CbcGetKlass       = xmlSecNssTransformDes3CbcGetKlass;
     gXmlSecNssFunctions->transformKWDes3GetKlass        = xmlSecNssTransformKWDes3GetKlass;
 #endif /* XMLSEC_NO_DES */
 
+    /******************************* DSA ********************************/
 #ifndef XMLSEC_NO_DSA
     gXmlSecNssFunctions->transformDsaSha1GetKlass       = xmlSecNssTransformDsaSha1GetKlass;
 #endif /* XMLSEC_NO_DSA */
 
+    /******************************* HMAC ********************************/
 #ifndef XMLSEC_NO_HMAC
-    gXmlSecNssFunctions->transformHmacSha1GetKlass      = xmlSecNssTransformHmacSha1GetKlass;
-    gXmlSecNssFunctions->transformHmacRipemd160GetKlass = xmlSecNssTransformHmacRipemd160GetKlass;
+
+#ifndef XMLSEC_NO_MD5
     gXmlSecNssFunctions->transformHmacMd5GetKlass       = xmlSecNssTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+    gXmlSecNssFunctions->transformHmacRipemd160GetKlass = xmlSecNssTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecNssFunctions->transformHmacSha1GetKlass      = xmlSecNssTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecNssFunctions->transformHmacSha256GetKlass    = xmlSecNssTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecNssFunctions->transformHmacSha384GetKlass    = xmlSecNssTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecNssFunctions->transformHmacSha512GetKlass    = xmlSecNssTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
 #endif /* XMLSEC_NO_HMAC */
 
+    /******************************* RSA ********************************/
 #ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_SHA1
     gXmlSecNssFunctions->transformRsaSha1GetKlass       = xmlSecNssTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecNssFunctions->transformRsaSha256GetKlass     = xmlSecNssTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecNssFunctions->transformRsaSha384GetKlass     = xmlSecNssTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecNssFunctions->transformRsaSha512GetKlass     = xmlSecNssTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
     gXmlSecNssFunctions->transformRsaPkcs1GetKlass      = xmlSecNssTransformRsaPkcs1GetKlass;
 
 /* RSA OAEP is not supported by NSS yet */
@@ -129,9 +173,20 @@ xmlSecCryptoGetFunctions_nss(void) {
 
 #endif /* XMLSEC_NO_RSA */
 
+    /******************************* SHA ********************************/
 #ifndef XMLSEC_NO_SHA1
     gXmlSecNssFunctions->transformSha1GetKlass          = xmlSecNssTransformSha1GetKlass;
 #endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecNssFunctions->transformSha256GetKlass        = xmlSecNssTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecNssFunctions->transformSha384GetKlass        = xmlSecNssTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecNssFunctions->transformSha512GetKlass        = xmlSecNssTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
 
     /**
      * High level routines form xmlsec command line utility