Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes

11 files changed, 106 insertions, 86 deletions

diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index d691426f4..64dedcb33 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -223,9 +223,9 @@
                     0x07     "BLISS-B-III"				OID_BLISS_B_III
                     0x08     "BLISS-B-IV"				OID_BLISS_B_IV
                   0x03       "blissSigType"
-                    0x01     "BLISS-with-SHA512"		OID_BLISS_WITH_SHA512
-                    0x02     "BLISS-with-SHA384"		OID_BLISS_WITH_SHA384
-                    0x03     "BLISS-with-SHA256"		OID_BLISS_WITH_SHA256
+                    0x01     "BLISS-with-SHA2-512"		OID_BLISS_WITH_SHA2_512
+                    0x02     "BLISS-with-SHA2-384"		OID_BLISS_WITH_SHA2_384
+                    0x03     "BLISS-with-SHA2-256"		OID_BLISS_WITH_SHA2_256
                     0x04     "BLISS-with-SHA3-512"		OID_BLISS_WITH_SHA3_512
                     0x05     "BLISS-with-SHA3-384"		OID_BLISS_WITH_SHA3_384
                     0x06     "BLISS-with-SHA3-256"		OID_BLISS_WITH_SHA3_256
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 3ffa9b98d..d6f211a34 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -27,7 +27,7 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS,
 	"BLISS"
 );
 
-ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
 	"UNKNOWN",
 	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
@@ -44,9 +44,9 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
 	"ECDSA-256",
 	"ECDSA-384",
 	"ECDSA-521",
-	"BLISS_WITH_SHA256",
-	"BLISS_WITH_SHA384",
-	"BLISS_WITH_SHA512",
+	"BLISS_WITH_SHA2_256",
+	"BLISS_WITH_SHA2_384",
+	"BLISS_WITH_SHA2_512",
 	"BLISS_WITH_SHA3_256",
 	"BLISS_WITH_SHA3_384",
 	"BLISS_WITH_SHA3_512",
@@ -140,12 +140,12 @@ signature_scheme_t signature_scheme_from_oid(int oid)
 		case OID_ECDSA_WITH_SHA512:
 			return SIGN_ECDSA_WITH_SHA512_DER;
 		case OID_BLISS_PUBLICKEY:
-		case OID_BLISS_WITH_SHA512:
-			return SIGN_BLISS_WITH_SHA512;
-		case OID_BLISS_WITH_SHA384:
-			return SIGN_BLISS_WITH_SHA384;
-		case OID_BLISS_WITH_SHA256:
-			return SIGN_BLISS_WITH_SHA256;
+		case OID_BLISS_WITH_SHA2_512:
+			return SIGN_BLISS_WITH_SHA2_512;
+		case OID_BLISS_WITH_SHA2_384:
+			return SIGN_BLISS_WITH_SHA2_384;
+		case OID_BLISS_WITH_SHA2_256:
+			return SIGN_BLISS_WITH_SHA2_256;
 		case OID_BLISS_WITH_SHA3_512:
 			return SIGN_BLISS_WITH_SHA3_512;
 		case OID_BLISS_WITH_SHA3_384:
@@ -190,12 +190,12 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
 			return OID_ECDSA_WITH_SHA384;
 		case SIGN_ECDSA_WITH_SHA512_DER:
 			return OID_ECDSA_WITH_SHA512;
-		case SIGN_BLISS_WITH_SHA256:
-			return OID_BLISS_WITH_SHA256;
-		case SIGN_BLISS_WITH_SHA384:
-			return OID_BLISS_WITH_SHA384;
-		case SIGN_BLISS_WITH_SHA512:
-			return OID_BLISS_WITH_SHA512;
+		case SIGN_BLISS_WITH_SHA2_256:
+			return OID_BLISS_WITH_SHA2_256;
+		case SIGN_BLISS_WITH_SHA2_384:
+			return OID_BLISS_WITH_SHA2_384;
+		case SIGN_BLISS_WITH_SHA2_512:
+			return OID_BLISS_WITH_SHA2_512;
 		case SIGN_BLISS_WITH_SHA3_256:
 			return OID_BLISS_WITH_SHA3_256;
 		case SIGN_BLISS_WITH_SHA3_384:
@@ -222,9 +222,9 @@ static struct {
 	{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
 	{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
 	{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
-	{ SIGN_BLISS_WITH_SHA256,     KEY_BLISS, 128 },
-	{ SIGN_BLISS_WITH_SHA384,     KEY_BLISS, 192 },
-	{ SIGN_BLISS_WITH_SHA512,     KEY_BLISS, 0 },
+	{ SIGN_BLISS_WITH_SHA2_256,   KEY_BLISS, 128 },
+	{ SIGN_BLISS_WITH_SHA2_384,   KEY_BLISS, 192 },
+	{ SIGN_BLISS_WITH_SHA2_512,   KEY_BLISS, 0 }
 };
 
 /**
@@ -299,9 +299,9 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_ECDSA_384:
 		case SIGN_ECDSA_521:
 			return KEY_ECDSA;
-		case SIGN_BLISS_WITH_SHA256:
-		case SIGN_BLISS_WITH_SHA384:
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_256:
+		case SIGN_BLISS_WITH_SHA2_384:
+		case SIGN_BLISS_WITH_SHA2_512:
 		case SIGN_BLISS_WITH_SHA3_256:
 		case SIGN_BLISS_WITH_SHA3_384:
 		case SIGN_BLISS_WITH_SHA3_512:
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 38c04f554..ce48f9b7e 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -94,12 +94,12 @@ enum signature_scheme_t {
 	SIGN_ECDSA_384,
 	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
 	SIGN_ECDSA_521,
-	/** BLISS with SHA-256                                             */
-	SIGN_BLISS_WITH_SHA256,
-	/** BLISS with SHA-384                                             */
-	SIGN_BLISS_WITH_SHA384,
-	/** BLISS with SHA-512                                             */
-	SIGN_BLISS_WITH_SHA512,
+	/** BLISS with SHA-2_256                                           */
+	SIGN_BLISS_WITH_SHA2_256,
+	/** BLISS with SHA-2_384                                           */
+	SIGN_BLISS_WITH_SHA2_384,
+	/** BLISS with SHA-2_512                                           */
+	SIGN_BLISS_WITH_SHA2_512,
 	/** BLISS with SHA-3_256                                           */
 	SIGN_BLISS_WITH_SHA3_256,
 	/** BLISS with SHA-3_384                                           */
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index d936e126b..8e3b7de0a 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -387,11 +387,11 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
 			switch (alg)
 			{
 				case HASH_SHA256:
-					return OID_BLISS_WITH_SHA256;
+					return OID_BLISS_WITH_SHA2_256;
 				case HASH_SHA384:
-					return OID_BLISS_WITH_SHA384;
+					return OID_BLISS_WITH_SHA2_384;
 				case HASH_SHA512:
-					return OID_BLISS_WITH_SHA512;
+					return OID_BLISS_WITH_SHA2_512;
 				case HASH_SHA3_256:
 					return OID_BLISS_WITH_SHA3_256;
 				case HASH_SHA3_384:
@@ -427,19 +427,19 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_RSA_EMSA_PKCS1_SHA256:
 		case SIGN_ECDSA_WITH_SHA256_DER:
 		case SIGN_ECDSA_256:
-		case SIGN_BLISS_WITH_SHA256:
+		case SIGN_BLISS_WITH_SHA2_256:
 		case SIGN_BLISS_WITH_SHA3_256:
 			return HASH_SHA256;
 		case SIGN_RSA_EMSA_PKCS1_SHA384:
 		case SIGN_ECDSA_WITH_SHA384_DER:
 		case SIGN_ECDSA_384:
-		case SIGN_BLISS_WITH_SHA384:
+		case SIGN_BLISS_WITH_SHA2_384:
 		case SIGN_BLISS_WITH_SHA3_384:
 			return HASH_SHA384;
 		case SIGN_RSA_EMSA_PKCS1_SHA512:
 		case SIGN_ECDSA_WITH_SHA512_DER:
 		case SIGN_ECDSA_521:
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_512:
 		case SIGN_BLISS_WITH_SHA3_512:
 			return HASH_SHA512;
 	}
diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c
index 07597c318..4adcf1e76 100644
--- a/src/libstrongswan/plugins/bliss/bliss_plugin.c
+++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c
@@ -55,19 +55,31 @@ METHOD(plugin_t, get_features, int,
 		PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
 		/* signature schemes, private */
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
 		/* signature verification schemes */
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
 	};
 	*features = f;
 
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 22c194b7c..20bbc6ac5 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -511,11 +511,11 @@ METHOD(private_key_t, sign, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_BLISS_WITH_SHA256:
+		case SIGN_BLISS_WITH_SHA2_256:
 			return sign_bliss(this, HASH_SHA256, data, signature);
-		case SIGN_BLISS_WITH_SHA384:
+		case SIGN_BLISS_WITH_SHA2_384:
 			return sign_bliss(this, HASH_SHA384, data, signature);
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_512:
 			return sign_bliss(this, HASH_SHA512, data, signature);
 		case SIGN_BLISS_WITH_SHA3_256:
 			return sign_bliss(this, HASH_SHA3_256, data, signature);
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index ba34bf46b..93d1165eb 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -193,11 +193,11 @@ METHOD(public_key_t, verify, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_BLISS_WITH_SHA256:
+		case SIGN_BLISS_WITH_SHA2_256:
 			return verify_bliss(this, HASH_SHA256, data, signature);
-		case SIGN_BLISS_WITH_SHA384:
+		case SIGN_BLISS_WITH_SHA2_384:
 			return verify_bliss(this, HASH_SHA384, data, signature);
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_512:
 			return verify_bliss(this, HASH_SHA512, data, signature);
 		case SIGN_BLISS_WITH_SHA3_256:
 			return verify_bliss(this, HASH_SHA3_256, data, signature);
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
index 8b4e9cbf0..a3e4420a9 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
@@ -36,13 +36,13 @@ START_TEST(test_bliss_sign_all)
 		switch (k)
 		{
 			case 1:
-				signature_scheme = SIGN_BLISS_WITH_SHA256;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_256;
 				break;
 			case 2:
-				signature_scheme = SIGN_BLISS_WITH_SHA384;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_384;
 				break;
 			default:
-				signature_scheme = SIGN_BLISS_WITH_SHA512;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_512;
 		}
 
 		/* enforce BLISS-B key for k = 2, 3 */
@@ -176,14 +176,14 @@ START_TEST(test_bliss_sign_fail)
 
 	/* generate valid signature */
 	msg = chunk_from_str("Hello Dolly!");
-	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA512, msg, &signature));
+	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
 
 	/* verify with invalid signature scheme */
 	ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
 
 	/* corrupt signature */
 	signature.ptr[signature.len - 1] ^= 0x80;
-	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA512, msg, signature));
+	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
 
 	free(signature.ptr);
 	privkey->destroy(privkey);
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index eb5b01986..e32f8eefe 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -266,8 +266,8 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
 			scheme = SIGN_ECDSA_WITH_SHA1_DER;
 			break;
 		case KEY_BLISS:
-			oid = OID_BLISS_WITH_SHA512;
-			scheme = SIGN_BLISS_WITH_SHA512;
+			oid = OID_BLISS_WITH_SHA2_512;
+			scheme = SIGN_BLISS_WITH_SHA2_512;
 			break;
 		default:
 			DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not "
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 14cc32122..07a6aca51 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -28,30 +28,38 @@ typedef struct {
 }hasher_oid_t;
 
 static hasher_oid_t oids[] = {
-	{ OID_MD2, HASH_MD2, KEY_ANY },
-	{ OID_MD5, HASH_MD5, KEY_ANY },
-	{ OID_SHA1, HASH_SHA1, KEY_ANY },
-	{ OID_SHA224, HASH_SHA224, KEY_ANY },
-	{ OID_SHA256, HASH_SHA256, KEY_ANY },
-	{ OID_SHA384, HASH_SHA384, KEY_ANY },
-	{ OID_SHA512, HASH_SHA512, KEY_ANY },
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },
-	{ OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA },
-	{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },
-	{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },
-	{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },
-	{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },
-	{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },
-	{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },
-	{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },
-	{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },
-	{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },
-	{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },
-	{ OID_BLISS_WITH_SHA256, HASH_SHA256, KEY_BLISS },
-	{ OID_BLISS_WITH_SHA384, HASH_SHA384, KEY_BLISS },
-	{ OID_BLISS_WITH_SHA512, HASH_SHA512, KEY_BLISS },
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }
+	{ OID_MD2, HASH_MD2, KEY_ANY },                         /*  0 */
+	{ OID_MD5, HASH_MD5, KEY_ANY },                         /*  1 */
+	{ OID_SHA1, HASH_SHA1, KEY_ANY },                       /*  2 */
+	{ OID_SHA224, HASH_SHA224, KEY_ANY },                   /*  3 */
+	{ OID_SHA256, HASH_SHA256, KEY_ANY },                   /*  4 */
+	{ OID_SHA384, HASH_SHA384, KEY_ANY },                   /*  5 */
+	{ OID_SHA512, HASH_SHA512, KEY_ANY },                   /*  6 */
+	{ OID_SHA3_224, HASH_SHA3_224, KEY_ANY },               /*  7 */
+	{ OID_SHA3_256, HASH_SHA3_256, KEY_ANY },               /*  8 */
+	{ OID_SHA3_384, HASH_SHA3_384, KEY_ANY },               /*  9 */
+	{ OID_SHA3_512, HASH_SHA3_512, KEY_ANY },               /* 10 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },                 /* 11 */
+	{ OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA },                /* 12 */
+	{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },                /* 13 */
+	{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },              /* 14 */
+	{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },          /* 15 */
+	{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },          /* 16 */
+	{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },          /* 17 */
+	{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },          /* 18 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },                 /* 19 */
+	{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },          /* 20 */
+	{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },      /* 21 */
+	{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },      /* 22 */
+	{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },      /* 23 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA },               /* 24 */
+	{ OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS },    /* 25 */
+	{ OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS },    /* 26 */
+	{ OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS },    /* 27 */
+	{ OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS },  /* 28 */
+	{ OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS },  /* 29 */
+	{ OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS },  /* 30 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS }                /* 31 */
 };
 
 START_TEST(test_hasher_from_oid)
@@ -169,11 +177,11 @@ Suite *hasher_suite_create()
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("to_oid");
-	tcase_add_loop_test(tc, test_hasher_to_oid, 0, 8);
+	tcase_add_loop_test(tc, test_hasher_to_oid, 0, 12);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("sig_to_oid");
-	tcase_add_loop_test(tc, test_hasher_sig_to_oid, 7, countof(oids));
+	tcase_add_loop_test(tc, test_hasher_sig_to_oid, 11, countof(oids));
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("from_prf");
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index b38f2cb52..104b0b2c0 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -789,9 +789,9 @@ static struct {
 	{KEY_ECDSA,  256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
 	{KEY_ECDSA,  384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
 	{KEY_ECDSA,  512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
-	{KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA256, SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
-	{KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
-	{KEY_BLISS,  256, { SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
+	{KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_BLISS,  256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
 };
 
 START_TEST(test_signature_schemes_for_key)