Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes

5 files changed, 31 insertions, 19 deletions

diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c
index 07597c318..4adcf1e76 100644
--- a/src/libstrongswan/plugins/bliss/bliss_plugin.c
+++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c
@@ -55,19 +55,31 @@ METHOD(plugin_t, get_features, int,
 		PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
 		/* signature schemes, private */
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
 		/* signature verification schemes */
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
 	};
 	*features = f;
 
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 22c194b7c..20bbc6ac5 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -511,11 +511,11 @@ METHOD(private_key_t, sign, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_BLISS_WITH_SHA256:
+		case SIGN_BLISS_WITH_SHA2_256:
 			return sign_bliss(this, HASH_SHA256, data, signature);
-		case SIGN_BLISS_WITH_SHA384:
+		case SIGN_BLISS_WITH_SHA2_384:
 			return sign_bliss(this, HASH_SHA384, data, signature);
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_512:
 			return sign_bliss(this, HASH_SHA512, data, signature);
 		case SIGN_BLISS_WITH_SHA3_256:
 			return sign_bliss(this, HASH_SHA3_256, data, signature);
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index ba34bf46b..93d1165eb 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -193,11 +193,11 @@ METHOD(public_key_t, verify, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_BLISS_WITH_SHA256:
+		case SIGN_BLISS_WITH_SHA2_256:
 			return verify_bliss(this, HASH_SHA256, data, signature);
-		case SIGN_BLISS_WITH_SHA384:
+		case SIGN_BLISS_WITH_SHA2_384:
 			return verify_bliss(this, HASH_SHA384, data, signature);
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_512:
 			return verify_bliss(this, HASH_SHA512, data, signature);
 		case SIGN_BLISS_WITH_SHA3_256:
 			return verify_bliss(this, HASH_SHA3_256, data, signature);
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
index 8b4e9cbf0..a3e4420a9 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
@@ -36,13 +36,13 @@ START_TEST(test_bliss_sign_all)
 		switch (k)
 		{
 			case 1:
-				signature_scheme = SIGN_BLISS_WITH_SHA256;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_256;
 				break;
 			case 2:
-				signature_scheme = SIGN_BLISS_WITH_SHA384;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_384;
 				break;
 			default:
-				signature_scheme = SIGN_BLISS_WITH_SHA512;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_512;
 		}
 
 		/* enforce BLISS-B key for k = 2, 3 */
@@ -176,14 +176,14 @@ START_TEST(test_bliss_sign_fail)
 
 	/* generate valid signature */
 	msg = chunk_from_str("Hello Dolly!");
-	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA512, msg, &signature));
+	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
 
 	/* verify with invalid signature scheme */
 	ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
 
 	/* corrupt signature */
 	signature.ptr[signature.len - 1] ^= 0x80;
-	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA512, msg, signature));
+	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
 
 	free(signature.ptr);
 	privkey->destroy(privkey);
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index eb5b01986..e32f8eefe 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -266,8 +266,8 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
 			scheme = SIGN_ECDSA_WITH_SHA1_DER;
 			break;
 		case KEY_BLISS:
-			oid = OID_BLISS_WITH_SHA512;
-			scheme = SIGN_BLISS_WITH_SHA512;
+			oid = OID_BLISS_WITH_SHA2_512;
+			scheme = SIGN_BLISS_WITH_SHA2_512;
 			break;
 		default:
 			DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not "