diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-09-22 08:50:43 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-09-22 17:34:31 +0200 |
commit | 40f2589abfc8959fee01cad41ab94b840bcbfeb4 (patch) | |
tree | 3a346a7cbeea200af1ba20265bcbc0ff1b7e5482 /src/libstrongswan | |
parent | c54d1ef12cfd6082356970ec08b3982938919f19 (diff) | |
download | strongswan-40f2589abfc8959fee01cad41ab94b840bcbfeb4.tar.bz2 strongswan-40f2589abfc8959fee01cad41ab94b840bcbfeb4.tar.xz |
gmp: Support of SHA-3 RSA signatures
Diffstat (limited to 'src/libstrongswan')
17 files changed, 240 insertions, 147 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 956ce08c9..3ec9491ed 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -1,7 +1,8 @@ /* * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2016 Andreas Steffeb + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -548,10 +549,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, } schemes[] = { { "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, }, { "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, }, - { "sha224", SIGN_RSA_EMSA_PKCS1_SHA224, KEY_RSA, }, - { "sha256", SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, }, - { "sha384", SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, }, - { "sha512", SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, }, + { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, }, + { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, }, + { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, }, + { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, }, { "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, }, { "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, }, { "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, }, diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index d6f211a34..03f93b1d3 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,10 +32,14 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512, "RSA_EMSA_PKCS1_NULL", "RSA_EMSA_PKCS1_MD5", "RSA_EMSA_PKCS1_SHA1", - "RSA_EMSA_PKCS1_SHA224", - "RSA_EMSA_PKCS1_SHA256", - "RSA_EMSA_PKCS1_SHA384", - "RSA_EMSA_PKCS1_SHA512", + "RSA_EMSA_PKCS1_SHA2_224", + "RSA_EMSA_PKCS1_SHA2_256", + "RSA_EMSA_PKCS1_SHA2_384", + "RSA_EMSA_PKCS1_SHA2_512", + "RSA_EMSA_PKCS1_SHA3_224", + "RSA_EMSA_PKCS1_SHA3_256", + "RSA_EMSA_PKCS1_SHA3_384", + "RSA_EMSA_PKCS1_SHA3_512", "ECDSA_WITH_SHA1_DER", "ECDSA_WITH_SHA256_DER", "ECDSA_WITH_SHA384_DER", @@ -120,16 +124,24 @@ signature_scheme_t signature_scheme_from_oid(int oid) return SIGN_RSA_EMSA_PKCS1_SHA1; case OID_SHA224_WITH_RSA: case OID_SHA224: - return SIGN_RSA_EMSA_PKCS1_SHA224; + return SIGN_RSA_EMSA_PKCS1_SHA2_224; case OID_SHA256_WITH_RSA: case OID_SHA256: - return SIGN_RSA_EMSA_PKCS1_SHA256; + return SIGN_RSA_EMSA_PKCS1_SHA2_256; case OID_SHA384_WITH_RSA: case OID_SHA384: - return SIGN_RSA_EMSA_PKCS1_SHA384; + return SIGN_RSA_EMSA_PKCS1_SHA2_384; case OID_SHA512_WITH_RSA: case OID_SHA512: - return SIGN_RSA_EMSA_PKCS1_SHA512; + return SIGN_RSA_EMSA_PKCS1_SHA2_512; + case OID_RSASSA_PKCS1V15_WITH_SHA3_224: + return SIGN_RSA_EMSA_PKCS1_SHA3_224; + case OID_RSASSA_PKCS1V15_WITH_SHA3_256: + return SIGN_RSA_EMSA_PKCS1_SHA3_256; + case OID_RSASSA_PKCS1V15_WITH_SHA3_384: + return SIGN_RSA_EMSA_PKCS1_SHA3_384; + case OID_RSASSA_PKCS1V15_WITH_SHA3_512: + return SIGN_RSA_EMSA_PKCS1_SHA3_512; case OID_ECDSA_WITH_SHA1: case OID_EC_PUBLICKEY: return SIGN_ECDSA_WITH_SHA1_DER; @@ -174,14 +186,22 @@ int signature_scheme_to_oid(signature_scheme_t scheme) return OID_MD5_WITH_RSA; case SIGN_RSA_EMSA_PKCS1_SHA1: return OID_SHA1_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return OID_SHA224_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return OID_SHA256_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return OID_SHA384_WITH_RSA; - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return OID_SHA512_WITH_RSA; + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return OID_RSASSA_PKCS1V15_WITH_SHA3_224; + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return OID_RSASSA_PKCS1V15_WITH_SHA3_256; + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return OID_RSASSA_PKCS1V15_WITH_SHA3_384; + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return OID_RSASSA_PKCS1V15_WITH_SHA3_384; case SIGN_ECDSA_WITH_SHA1_DER: return OID_ECDSA_WITH_SHA1; case SIGN_ECDSA_WITH_SHA256_DER: @@ -216,9 +236,9 @@ static struct { key_type_t type; int max_keysize; } scheme_map[] = { - { SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, 3072 }, - { SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, 7680 }, - { SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, 0 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 }, { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 }, { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 }, { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 }, @@ -285,10 +305,14 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_NULL: case SIGN_RSA_EMSA_PKCS1_MD5: case SIGN_RSA_EMSA_PKCS1_SHA1: - case SIGN_RSA_EMSA_PKCS1_SHA224: - case SIGN_RSA_EMSA_PKCS1_SHA256: - case SIGN_RSA_EMSA_PKCS1_SHA384: - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + case SIGN_RSA_EMSA_PKCS1_SHA3_512: return KEY_RSA; case SIGN_ECDSA_WITH_SHA1_DER: case SIGN_ECDSA_WITH_SHA256_DER: diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index ce48f9b7e..236128234 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Copyright (C) 2014-2015 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -70,14 +70,22 @@ enum signature_scheme_t { SIGN_RSA_EMSA_PKCS1_MD5, /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */ SIGN_RSA_EMSA_PKCS1_SHA1, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */ - SIGN_RSA_EMSA_PKCS1_SHA224, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */ - SIGN_RSA_EMSA_PKCS1_SHA256, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */ - SIGN_RSA_EMSA_PKCS1_SHA384, - /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */ - SIGN_RSA_EMSA_PKCS1_SHA512, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */ + SIGN_RSA_EMSA_PKCS1_SHA2_224, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */ + SIGN_RSA_EMSA_PKCS1_SHA2_256, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */ + SIGN_RSA_EMSA_PKCS1_SHA2_384, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */ + SIGN_RSA_EMSA_PKCS1_SHA2_512, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */ + SIGN_RSA_EMSA_PKCS1_SHA3_224, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */ + SIGN_RSA_EMSA_PKCS1_SHA3_256, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */ + SIGN_RSA_EMSA_PKCS1_SHA3_384, + /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */ + SIGN_RSA_EMSA_PKCS1_SHA3_512, /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ SIGN_ECDSA_WITH_SHA1_DER, /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */ diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index e220593d4..d136799d7 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2012-2015 Tobias Brunner - * Copyright (C) 2015 Andreas Steffen + * Copyright (C) 2015-2016 Andreas Steffen * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid) case OID_SHA512_WITH_RSA: return HASH_SHA512; case OID_SHA3_224: + case OID_RSASSA_PKCS1V15_WITH_SHA3_224: return HASH_SHA3_224; case OID_SHA3_256: + case OID_RSASSA_PKCS1V15_WITH_SHA3_256: return HASH_SHA3_256; case OID_SHA3_384: + case OID_RSASSA_PKCS1V15_WITH_SHA3_384: return HASH_SHA3_384; case OID_SHA3_512: + case OID_RSASSA_PKCS1V15_WITH_SHA3_512: return HASH_SHA3_512; default: return HASH_UNKNOWN; @@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) return OID_SHA384_WITH_RSA; case HASH_SHA512: return OID_SHA512_WITH_RSA; + case HASH_SHA3_224: + return OID_RSASSA_PKCS1V15_WITH_SHA3_224; + case HASH_SHA3_256: + return OID_RSASSA_PKCS1V15_WITH_SHA3_256; + case HASH_SHA3_384: + return OID_RSASSA_PKCS1V15_WITH_SHA3_384; + case HASH_SHA3_512: + return OID_RSASSA_PKCS1V15_WITH_SHA3_512; default: return OID_UNKNOWN; } @@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_SHA1: case SIGN_ECDSA_WITH_SHA1_DER: return HASH_SHA1; - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return HASH_SHA224; - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: case SIGN_ECDSA_WITH_SHA256_DER: case SIGN_ECDSA_256: case SIGN_BLISS_WITH_SHA2_256: return HASH_SHA256; - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: case SIGN_ECDSA_WITH_SHA384_DER: case SIGN_ECDSA_384: case SIGN_BLISS_WITH_SHA2_384: return HASH_SHA384; - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: case SIGN_ECDSA_WITH_SHA512_DER: case SIGN_ECDSA_521: case SIGN_BLISS_WITH_SHA2_512: return HASH_SHA512; + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return HASH_SHA3_224; + case SIGN_RSA_EMSA_PKCS1_SHA3_256: case SIGN_BLISS_WITH_SHA3_256: return HASH_SHA3_256; + case SIGN_RSA_EMSA_PKCS1_SHA3_384: case SIGN_BLISS_WITH_SHA3_384: return HASH_SHA3_384; + case SIGN_RSA_EMSA_PKCS1_SHA3_512: case SIGN_BLISS_WITH_SHA3_512: return HASH_SHA3_512; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 938a46490..15b876b3f 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -206,16 +206,16 @@ METHOD(private_key_t, sign, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return sign_raw(this, data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig); case SIGN_RSA_EMSA_PKCS1_MD5: return sign_pkcs1(this, HASH_MD5, "md5", data, sig); default: diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 291287a8f..90829e052 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -173,18 +173,18 @@ METHOD(public_key_t, verify, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_raw(this, data, signature); - case SIGN_RSA_EMSA_PKCS1_MD5: - return verify_pkcs1(this, HASH_MD5, "md5", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature); + case SIGN_RSA_EMSA_PKCS1_MD5: + return verify_pkcs1(this, HASH_MD5, "md5", data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index ea75896a1..c75975301 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -80,30 +80,46 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY, KEY_RSA), /* signature schemes, private */ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), - PLUGIN_DEPENDS(HASHER, HASH_SHA1), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_DEPENDS(HASHER, HASH_SHA224), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), PLUGIN_DEPENDS(HASHER, HASH_MD5), /* signature verification schemes */ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), - PLUGIN_DEPENDS(HASHER, HASH_SHA1), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_DEPENDS(HASHER, HASH_SHA224), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), PLUGIN_DEPENDS(HASHER, HASH_MD5), /* en-/decryption schemes */ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index e5d418ea4..21b420866 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -347,16 +347,24 @@ METHOD(private_key_t, sign, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return build_emsa_pkcs1_signature(this, HASH_SHA224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return build_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return build_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return build_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return build_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature); default: diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index e738908e2..2b2c7f249 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -291,18 +291,26 @@ METHOD(public_key_t, verify, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature); - case SIGN_RSA_EMSA_PKCS1_MD5: - return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_224: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_256: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_384: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA3_512: + return verify_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); + case SIGN_RSA_EMSA_PKCS1_MD5: + return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 3e3b986df..1330427cf 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -438,16 +438,16 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), #endif #ifndef OPENSSL_NO_SHA256 - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), #endif #ifndef OPENSSL_NO_SHA512 - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), #endif #ifndef OPENSSL_NO_MD5 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 485e0bbc7..cf8c3d741 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -158,16 +158,16 @@ METHOD(private_key_t, sign, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return build_emsa_pkcs1_signature(this, NID_undef, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return build_emsa_pkcs1_signature(this, NID_sha224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return build_emsa_pkcs1_signature(this, NID_sha256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return build_emsa_pkcs1_signature(this, NID_sha384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return build_emsa_pkcs1_signature(this, NID_sha512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, NID_md5, data, signature); default: diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index d66d5016e..d3a644f72 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -143,16 +143,16 @@ METHOD(public_key_t, verify, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, NID_undef, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return verify_emsa_pkcs1_signature(this, NID_md5, data, signature); default: diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index aec4550ce..a31bd3317 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -112,13 +112,13 @@ CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme, } mappings[] = { {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA2_256, {CKM_SHA256_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA2_384, {CKM_SHA384_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA2_512, {CKM_SHA512_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, - {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}, + {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}, KEY_RSA, 0, HASH_UNKNOWN}, diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c index e046725b8..139b73021 100644 --- a/src/libstrongswan/tests/suites/test_auth_cfg.c +++ b/src/libstrongswan/tests/suites/test_auth_cfg.c @@ -22,19 +22,19 @@ struct { signature_scheme_t sig[5]; signature_scheme_t ike[5]; } sig_constraints_tests[] = { - { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}}, - { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}}, + { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}}, + { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}}, { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, - { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, - { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}}, - { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }}, - { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }}, - { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }}, - { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }}, + { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, + { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}}, + { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }}, + { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }}, + { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }}, + { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }}, { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}}, - { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}}, + { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}}, { "rsa4096-sha256", {0}, {0}}, { "sha256", {0}, {0}}, { "ike:sha256", {0}, {0}}, diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c index 067abf0d9..de285ca09 100644 --- a/src/libstrongswan/tests/suites/test_hasher.c +++ b/src/libstrongswan/tests/suites/test_hasher.c @@ -87,29 +87,33 @@ typedef struct { }hasher_sig_scheme_t; static hasher_sig_scheme_t sig_schemes[] = { - { SIGN_UNKNOWN, HASH_UNKNOWN }, - { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN }, - { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 }, - { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 }, - { SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224 }, - { SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256 }, - { SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384 }, - { SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512 }, - { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 }, - { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 }, - { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 }, - { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 }, - { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN }, - { SIGN_ECDSA_256, HASH_SHA256 }, - { SIGN_ECDSA_384, HASH_SHA384 }, - { SIGN_ECDSA_521, HASH_SHA512 }, - { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 }, - { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 }, - { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 }, - { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 }, - { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 }, - { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 }, - { 30, HASH_UNKNOWN } + { SIGN_UNKNOWN, HASH_UNKNOWN }, + { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN }, + { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 }, + { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_224, HASH_SHA224 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_256, HASH_SHA256 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_384, HASH_SHA384 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_512, HASH_SHA512 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_224, HASH_SHA3_224 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 }, + { SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 }, + { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 }, + { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 }, + { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 }, + { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 }, + { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN }, + { SIGN_ECDSA_256, HASH_SHA256 }, + { SIGN_ECDSA_384, HASH_SHA384 }, + { SIGN_ECDSA_521, HASH_SHA512 }, + { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 }, + { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 }, + { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 }, + { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 }, + { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 }, + { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 }, + { 30, HASH_UNKNOWN } }; START_TEST(test_hasher_from_sig_scheme) diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c index 2c1c6fb8d..41e783521 100644 --- a/src/libstrongswan/tests/suites/test_rsa.c +++ b/src/libstrongswan/tests/suites/test_rsa.c @@ -24,10 +24,10 @@ static signature_scheme_t schemes[] = { SIGN_RSA_EMSA_PKCS1_NULL, SIGN_RSA_EMSA_PKCS1_MD5, SIGN_RSA_EMSA_PKCS1_SHA1, - SIGN_RSA_EMSA_PKCS1_SHA224, - SIGN_RSA_EMSA_PKCS1_SHA256, - SIGN_RSA_EMSA_PKCS1_SHA384, - SIGN_RSA_EMSA_PKCS1_SHA512, + SIGN_RSA_EMSA_PKCS1_SHA2_224, + SIGN_RSA_EMSA_PKCS1_SHA2_256, + SIGN_RSA_EMSA_PKCS1_SHA2_384, + SIGN_RSA_EMSA_PKCS1_SHA2_512, }; /** diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 1eb3c8bc3..de7b470d2 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -858,15 +858,22 @@ static struct { int size; signature_scheme_t expected[4]; } scheme_data[] = { - {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }}, - {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, - {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, + {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, + SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, + SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + SIGN_UNKNOWN }}, + {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, + SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, + {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, + SIGN_UNKNOWN }}, {KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, - {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, - {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, + {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, + SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, + {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, + SIGN_UNKNOWN }}, {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, }; |