gmp: Support of SHA-3 RSA signatures

17 files changed, 240 insertions, 147 deletions

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 956ce08c9..3ec9491ed 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2008-2016 Tobias Brunner
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffeb
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -548,10 +549,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
 		} schemes[] = {
 			{ "md5",		SIGN_RSA_EMSA_PKCS1_MD5,		KEY_RSA,	},
 			{ "sha1",		SIGN_RSA_EMSA_PKCS1_SHA1,		KEY_RSA,	},
-			{ "sha224",		SIGN_RSA_EMSA_PKCS1_SHA224,		KEY_RSA,	},
-			{ "sha256",		SIGN_RSA_EMSA_PKCS1_SHA256,		KEY_RSA,	},
-			{ "sha384",		SIGN_RSA_EMSA_PKCS1_SHA384,		KEY_RSA,	},
-			{ "sha512",		SIGN_RSA_EMSA_PKCS1_SHA512,		KEY_RSA,	},
+			{ "sha224",		SIGN_RSA_EMSA_PKCS1_SHA2_224,	KEY_RSA,	},
+			{ "sha256",		SIGN_RSA_EMSA_PKCS1_SHA2_256,	KEY_RSA,	},
+			{ "sha384",		SIGN_RSA_EMSA_PKCS1_SHA2_384,	KEY_RSA,	},
+			{ "sha512",		SIGN_RSA_EMSA_PKCS1_SHA2_512,	KEY_RSA,	},
 			{ "sha1",		SIGN_ECDSA_WITH_SHA1_DER,		KEY_ECDSA,	},
 			{ "sha256",		SIGN_ECDSA_WITH_SHA256_DER,		KEY_ECDSA,	},
 			{ "sha384",		SIGN_ECDSA_WITH_SHA384_DER,		KEY_ECDSA,	},
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index d6f211a34..03f93b1d3 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -32,10 +32,14 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
 	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
 	"RSA_EMSA_PKCS1_SHA1",
-	"RSA_EMSA_PKCS1_SHA224",
-	"RSA_EMSA_PKCS1_SHA256",
-	"RSA_EMSA_PKCS1_SHA384",
-	"RSA_EMSA_PKCS1_SHA512",
+	"RSA_EMSA_PKCS1_SHA2_224",
+	"RSA_EMSA_PKCS1_SHA2_256",
+	"RSA_EMSA_PKCS1_SHA2_384",
+	"RSA_EMSA_PKCS1_SHA2_512",
+	"RSA_EMSA_PKCS1_SHA3_224",
+	"RSA_EMSA_PKCS1_SHA3_256",
+	"RSA_EMSA_PKCS1_SHA3_384",
+	"RSA_EMSA_PKCS1_SHA3_512",
 	"ECDSA_WITH_SHA1_DER",
 	"ECDSA_WITH_SHA256_DER",
 	"ECDSA_WITH_SHA384_DER",
@@ -120,16 +124,24 @@ signature_scheme_t signature_scheme_from_oid(int oid)
 			return SIGN_RSA_EMSA_PKCS1_SHA1;
 		case OID_SHA224_WITH_RSA:
 		case OID_SHA224:
-			return SIGN_RSA_EMSA_PKCS1_SHA224;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_224;
 		case OID_SHA256_WITH_RSA:
 		case OID_SHA256:
-			return SIGN_RSA_EMSA_PKCS1_SHA256;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_256;
 		case OID_SHA384_WITH_RSA:
 		case OID_SHA384:
-			return SIGN_RSA_EMSA_PKCS1_SHA384;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_384;
 		case OID_SHA512_WITH_RSA:
 		case OID_SHA512:
-			return SIGN_RSA_EMSA_PKCS1_SHA512;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_512;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_224;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_256;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_384;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_512;
 		case OID_ECDSA_WITH_SHA1:
 		case OID_EC_PUBLICKEY:
 			return SIGN_ECDSA_WITH_SHA1_DER;
@@ -174,14 +186,22 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
 			return OID_MD5_WITH_RSA;
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return OID_SHA1_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return OID_SHA224_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return OID_SHA256_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return OID_SHA384_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return OID_SHA512_WITH_RSA;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
 		case SIGN_ECDSA_WITH_SHA1_DER:
 			return OID_ECDSA_WITH_SHA1;
 		case SIGN_ECDSA_WITH_SHA256_DER:
@@ -216,9 +236,9 @@ static struct {
 	key_type_t type;
 	int max_keysize;
 } scheme_map[] = {
-	{ SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA,   3072 },
-	{ SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA,   7680 },
-	{ SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA,   0 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
 	{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
 	{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
 	{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
@@ -285,10 +305,14 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
 			return KEY_RSA;
 		case SIGN_ECDSA_WITH_SHA1_DER:
 		case SIGN_ECDSA_WITH_SHA256_DER:
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index ce48f9b7e..236128234 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -70,14 +70,22 @@ enum signature_scheme_t {
 	SIGN_RSA_EMSA_PKCS1_MD5,
 	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
 	SIGN_RSA_EMSA_PKCS1_SHA1,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224   */
-	SIGN_RSA_EMSA_PKCS1_SHA224,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256   */
-	SIGN_RSA_EMSA_PKCS1_SHA256,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384   */
-	SIGN_RSA_EMSA_PKCS1_SHA384,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
-	SIGN_RSA_EMSA_PKCS1_SHA512,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_224,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_256,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_384,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_512,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_224,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_256,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_384,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_512,
 	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
 	SIGN_ECDSA_WITH_SHA1_DER,
 	/** ECDSA with SHA-256 using DER encoding as in RFC 3279           */
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index e220593d4..d136799d7 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
 		case OID_SHA512_WITH_RSA:
 			return HASH_SHA512;
 		case OID_SHA3_224:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
 			return HASH_SHA3_224;
 		case OID_SHA3_256:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
 			return HASH_SHA3_256;
 		case OID_SHA3_384:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
 			return HASH_SHA3_384;
 		case OID_SHA3_512:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
 			return HASH_SHA3_512;
 		default:
 			return HASH_UNKNOWN;
@@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
 					return OID_SHA384_WITH_RSA;
 				case HASH_SHA512:
 					return OID_SHA512_WITH_RSA;
+				case HASH_SHA3_224:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+				case HASH_SHA3_256:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+				case HASH_SHA3_384:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+				case HASH_SHA3_512:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
 				default:
 					return OID_UNKNOWN;
 			}
@@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 		case SIGN_ECDSA_WITH_SHA1_DER:
 			return HASH_SHA1;
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return HASH_SHA224;
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 		case SIGN_ECDSA_WITH_SHA256_DER:
 		case SIGN_ECDSA_256:
 		case SIGN_BLISS_WITH_SHA2_256:
 			return HASH_SHA256;
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 		case SIGN_ECDSA_WITH_SHA384_DER:
 		case SIGN_ECDSA_384:
 		case SIGN_BLISS_WITH_SHA2_384:
 			return HASH_SHA384;
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 		case SIGN_ECDSA_WITH_SHA512_DER:
 		case SIGN_ECDSA_521:
 		case SIGN_BLISS_WITH_SHA2_512:
 			return HASH_SHA512;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return HASH_SHA3_224;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
 		case SIGN_BLISS_WITH_SHA3_256:
 			return HASH_SHA3_256;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
 		case SIGN_BLISS_WITH_SHA3_384:
 			return HASH_SHA3_384;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
 		case SIGN_BLISS_WITH_SHA3_512:
 			return HASH_SHA3_512;
 	}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 938a46490..15b876b3f 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -206,16 +206,16 @@ METHOD(private_key_t, sign, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return sign_raw(this, data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
 		default:
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 291287a8f..90829e052 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -173,18 +173,18 @@ METHOD(public_key_t, verify, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return verify_raw(this, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_MD5:
-			return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+		case SIGN_RSA_EMSA_PKCS1_MD5:
+			return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
 		default:
 			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index ea75896a1..c75975301 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -80,30 +80,46 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
 		/* signature schemes, private */
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
-			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA224),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
 			PLUGIN_DEPENDS(HASHER, HASH_MD5),
 		/* signature verification schemes */
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
-			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA224),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
 			PLUGIN_DEPENDS(HASHER, HASH_MD5),
 		/* en-/decryption schemes */
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index e5d418ea4..21b420866 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -347,16 +347,24 @@ METHOD(private_key_t, sign, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return build_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
 		default:
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index e738908e2..2b2c7f249 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -291,18 +291,26 @@ METHOD(public_key_t, verify, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_MD5:
-			return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_MD5:
+			return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
 		default:
 			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 3e3b986df..1330427cf 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -438,16 +438,16 @@ METHOD(plugin_t, get_features, int,
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
 #endif
 #ifndef OPENSSL_NO_SHA256
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 #endif
 #ifndef OPENSSL_NO_SHA512
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
 #endif
 #ifndef OPENSSL_NO_MD5
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 485e0bbc7..cf8c3d741 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -158,16 +158,16 @@ METHOD(private_key_t, sign, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
 		default:
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index d66d5016e..d3a644f72 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -143,16 +143,16 @@ METHOD(public_key_t, verify, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
 		default:
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index aec4550ce..a31bd3317 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -112,13 +112,13 @@ CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme,
 	} mappings[] = {
 		{SIGN_RSA_EMSA_PKCS1_NULL,		{CKM_RSA_PKCS,			NULL, 0},
 		 KEY_RSA, 0,									   HASH_UNKNOWN},
-		{SIGN_RSA_EMSA_PKCS1_SHA1,		{CKM_SHA1_RSA_PKCS,		NULL, 0},
+		{SIGN_RSA_EMSA_PKCS1_SHA2_256,	{CKM_SHA256_RSA_PKCS,	NULL, 0},
 		 KEY_RSA, 0,									   HASH_UNKNOWN},
-		{SIGN_RSA_EMSA_PKCS1_SHA256,	{CKM_SHA256_RSA_PKCS,	NULL, 0},
+		{SIGN_RSA_EMSA_PKCS1_SHA2_384,	{CKM_SHA384_RSA_PKCS,	NULL, 0},
 		 KEY_RSA, 0,									   HASH_UNKNOWN},
-		{SIGN_RSA_EMSA_PKCS1_SHA384,	{CKM_SHA384_RSA_PKCS,	NULL, 0},
+		{SIGN_RSA_EMSA_PKCS1_SHA2_512,	{CKM_SHA512_RSA_PKCS,	NULL, 0},
 		 KEY_RSA, 0,									   HASH_UNKNOWN},
-		{SIGN_RSA_EMSA_PKCS1_SHA512,	{CKM_SHA512_RSA_PKCS,	NULL, 0},
+		{SIGN_RSA_EMSA_PKCS1_SHA1,		{CKM_SHA1_RSA_PKCS,		NULL, 0},
 		 KEY_RSA, 0,									   HASH_UNKNOWN},
 		{SIGN_RSA_EMSA_PKCS1_MD5,		{CKM_MD5_RSA_PKCS,		NULL, 0},
 		 KEY_RSA, 0,									   HASH_UNKNOWN},
diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c
index e046725b8..139b73021 100644
--- a/src/libstrongswan/tests/suites/test_auth_cfg.c
+++ b/src/libstrongswan/tests/suites/test_auth_cfg.c
@@ -22,19 +22,19 @@ struct {
 	signature_scheme_t sig[5];
 	signature_scheme_t ike[5];
 } sig_constraints_tests[] = {
-	{ "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
-	{ "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}},
+	{ "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
+	{ "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
 	{ "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-	{ "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-	{ "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
-	{ "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-	{ "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-	{ "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-	{ "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+	{ "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+	{ "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+	{ "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+	{ "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+	{ "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+	{ "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
 	{ "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
 	{ "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
 	{ "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-	{ "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+	{ "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
 	{ "rsa4096-sha256", {0}, {0}},
 	{ "sha256", {0}, {0}},
 	{ "ike:sha256", {0}, {0}},
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 067abf0d9..de285ca09 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -87,29 +87,33 @@ typedef struct {
 }hasher_sig_scheme_t;
 
 static hasher_sig_scheme_t sig_schemes[] = {
-	{ SIGN_UNKNOWN,               HASH_UNKNOWN  },
-	{ SIGN_RSA_EMSA_PKCS1_NULL,   HASH_UNKNOWN  },
-	{ SIGN_RSA_EMSA_PKCS1_MD5,    HASH_MD5      },
-	{ SIGN_RSA_EMSA_PKCS1_SHA1,   HASH_SHA1     },
-	{ SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224   },
-	{ SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256   },
-	{ SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384   },
-	{ SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512   },
-	{ SIGN_ECDSA_WITH_SHA1_DER,   HASH_SHA1     },
-	{ SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256   },
-	{ SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384   },
-	{ SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512   },
-	{ SIGN_ECDSA_WITH_NULL,       HASH_UNKNOWN  },
-	{ SIGN_ECDSA_256,             HASH_SHA256   },
-	{ SIGN_ECDSA_384,             HASH_SHA384   },
-	{ SIGN_ECDSA_521,             HASH_SHA512   },
-	{ SIGN_BLISS_WITH_SHA2_256,   HASH_SHA256   },
-	{ SIGN_BLISS_WITH_SHA2_384,   HASH_SHA384   },
-	{ SIGN_BLISS_WITH_SHA2_512,   HASH_SHA512   },
-	{ SIGN_BLISS_WITH_SHA3_256,   HASH_SHA3_256 },
-	{ SIGN_BLISS_WITH_SHA3_384,   HASH_SHA3_384 },
-	{ SIGN_BLISS_WITH_SHA3_512,   HASH_SHA3_512 },
-	{ 30,						  HASH_UNKNOWN  }
+	{ SIGN_UNKNOWN,               HASH_UNKNOWN    },
+	{ SIGN_RSA_EMSA_PKCS1_NULL,   HASH_UNKNOWN    },
+	{ SIGN_RSA_EMSA_PKCS1_MD5,    HASH_MD5        },
+	{ SIGN_RSA_EMSA_PKCS1_SHA1,   HASH_SHA1       },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_224, HASH_SHA224   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_256, HASH_SHA256   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_384, HASH_SHA384   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_512, HASH_SHA512   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_224, HASH_SHA3_224 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 },
+	{ SIGN_ECDSA_WITH_SHA1_DER,   HASH_SHA1       },
+	{ SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256     },
+	{ SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384     },
+	{ SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512     },
+	{ SIGN_ECDSA_WITH_NULL,       HASH_UNKNOWN    },
+	{ SIGN_ECDSA_256,             HASH_SHA256     },
+	{ SIGN_ECDSA_384,             HASH_SHA384     },
+	{ SIGN_ECDSA_521,             HASH_SHA512     },
+	{ SIGN_BLISS_WITH_SHA2_256,   HASH_SHA256     },
+	{ SIGN_BLISS_WITH_SHA2_384,   HASH_SHA384     },
+	{ SIGN_BLISS_WITH_SHA2_512,   HASH_SHA512     },
+	{ SIGN_BLISS_WITH_SHA3_256,   HASH_SHA3_256   },
+	{ SIGN_BLISS_WITH_SHA3_384,   HASH_SHA3_384   },
+	{ SIGN_BLISS_WITH_SHA3_512,   HASH_SHA3_512   },
+	{ 30,						  HASH_UNKNOWN    }
 };
 
 START_TEST(test_hasher_from_sig_scheme)
diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 2c1c6fb8d..41e783521 100644
--- a/src/libstrongswan/tests/suites/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -24,10 +24,10 @@ static signature_scheme_t schemes[] = {
 	SIGN_RSA_EMSA_PKCS1_NULL,
 	SIGN_RSA_EMSA_PKCS1_MD5,
 	SIGN_RSA_EMSA_PKCS1_SHA1,
-	SIGN_RSA_EMSA_PKCS1_SHA224,
-	SIGN_RSA_EMSA_PKCS1_SHA256,
-	SIGN_RSA_EMSA_PKCS1_SHA384,
-	SIGN_RSA_EMSA_PKCS1_SHA512,
+	SIGN_RSA_EMSA_PKCS1_SHA2_224,
+	SIGN_RSA_EMSA_PKCS1_SHA2_256,
+	SIGN_RSA_EMSA_PKCS1_SHA2_384,
+	SIGN_RSA_EMSA_PKCS1_SHA2_512,
 };
 
 /**
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index 1eb3c8bc3..de7b470d2 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -858,15 +858,22 @@ static struct {
 	int size;
 	signature_scheme_t expected[4];
 } scheme_data[] = {
-	{KEY_RSA,   1024, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_RSA,   2048, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_RSA,   4096, { SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_RSA,   8192, { SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_ECDSA,  256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
-	{KEY_ECDSA,  384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+	{KEY_RSA,   1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+						SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_RSA,   2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+						SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_RSA,   4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+						SIGN_UNKNOWN }},
+	{KEY_RSA,   8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_ECDSA,  256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER,
+						SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+	{KEY_ECDSA,  384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER,
+						SIGN_UNKNOWN }},
 	{KEY_ECDSA,  512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
-	{KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
-	{KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384,
+						SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512,
+						SIGN_UNKNOWN }},
 	{KEY_BLISS,  256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
 };