3 files changed, 67 insertions, 34 deletions

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 956ce08c9..3ec9491ed 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2008-2016 Tobias Brunner
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffeb
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -548,10 +549,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
 		} schemes[] = {
 			{ "md5",		SIGN_RSA_EMSA_PKCS1_MD5,		KEY_RSA,	},
 			{ "sha1",		SIGN_RSA_EMSA_PKCS1_SHA1,		KEY_RSA,	},
-			{ "sha224",		SIGN_RSA_EMSA_PKCS1_SHA224,		KEY_RSA,	},
-			{ "sha256",		SIGN_RSA_EMSA_PKCS1_SHA256,		KEY_RSA,	},
-			{ "sha384",		SIGN_RSA_EMSA_PKCS1_SHA384,		KEY_RSA,	},
-			{ "sha512",		SIGN_RSA_EMSA_PKCS1_SHA512,		KEY_RSA,	},
+			{ "sha224",		SIGN_RSA_EMSA_PKCS1_SHA2_224,	KEY_RSA,	},
+			{ "sha256",		SIGN_RSA_EMSA_PKCS1_SHA2_256,	KEY_RSA,	},
+			{ "sha384",		SIGN_RSA_EMSA_PKCS1_SHA2_384,	KEY_RSA,	},
+			{ "sha512",		SIGN_RSA_EMSA_PKCS1_SHA2_512,	KEY_RSA,	},
 			{ "sha1",		SIGN_ECDSA_WITH_SHA1_DER,		KEY_ECDSA,	},
 			{ "sha256",		SIGN_ECDSA_WITH_SHA256_DER,		KEY_ECDSA,	},
 			{ "sha384",		SIGN_ECDSA_WITH_SHA384_DER,		KEY_ECDSA,	},
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index d6f211a34..03f93b1d3 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -32,10 +32,14 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
 	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
 	"RSA_EMSA_PKCS1_SHA1",
-	"RSA_EMSA_PKCS1_SHA224",
-	"RSA_EMSA_PKCS1_SHA256",
-	"RSA_EMSA_PKCS1_SHA384",
-	"RSA_EMSA_PKCS1_SHA512",
+	"RSA_EMSA_PKCS1_SHA2_224",
+	"RSA_EMSA_PKCS1_SHA2_256",
+	"RSA_EMSA_PKCS1_SHA2_384",
+	"RSA_EMSA_PKCS1_SHA2_512",
+	"RSA_EMSA_PKCS1_SHA3_224",
+	"RSA_EMSA_PKCS1_SHA3_256",
+	"RSA_EMSA_PKCS1_SHA3_384",
+	"RSA_EMSA_PKCS1_SHA3_512",
 	"ECDSA_WITH_SHA1_DER",
 	"ECDSA_WITH_SHA256_DER",
 	"ECDSA_WITH_SHA384_DER",
@@ -120,16 +124,24 @@ signature_scheme_t signature_scheme_from_oid(int oid)
 			return SIGN_RSA_EMSA_PKCS1_SHA1;
 		case OID_SHA224_WITH_RSA:
 		case OID_SHA224:
-			return SIGN_RSA_EMSA_PKCS1_SHA224;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_224;
 		case OID_SHA256_WITH_RSA:
 		case OID_SHA256:
-			return SIGN_RSA_EMSA_PKCS1_SHA256;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_256;
 		case OID_SHA384_WITH_RSA:
 		case OID_SHA384:
-			return SIGN_RSA_EMSA_PKCS1_SHA384;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_384;
 		case OID_SHA512_WITH_RSA:
 		case OID_SHA512:
-			return SIGN_RSA_EMSA_PKCS1_SHA512;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_512;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_224;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_256;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_384;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_512;
 		case OID_ECDSA_WITH_SHA1:
 		case OID_EC_PUBLICKEY:
 			return SIGN_ECDSA_WITH_SHA1_DER;
@@ -174,14 +186,22 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
 			return OID_MD5_WITH_RSA;
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return OID_SHA1_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return OID_SHA224_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return OID_SHA256_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return OID_SHA384_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return OID_SHA512_WITH_RSA;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
 		case SIGN_ECDSA_WITH_SHA1_DER:
 			return OID_ECDSA_WITH_SHA1;
 		case SIGN_ECDSA_WITH_SHA256_DER:
@@ -216,9 +236,9 @@ static struct {
 	key_type_t type;
 	int max_keysize;
 } scheme_map[] = {
-	{ SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA,   3072 },
-	{ SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA,   7680 },
-	{ SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA,   0 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
 	{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
 	{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
 	{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
@@ -285,10 +305,14 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
 			return KEY_RSA;
 		case SIGN_ECDSA_WITH_SHA1_DER:
 		case SIGN_ECDSA_WITH_SHA256_DER:
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index ce48f9b7e..236128234 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -70,14 +70,22 @@ enum signature_scheme_t {
 	SIGN_RSA_EMSA_PKCS1_MD5,
 	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
 	SIGN_RSA_EMSA_PKCS1_SHA1,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224   */
-	SIGN_RSA_EMSA_PKCS1_SHA224,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256   */
-	SIGN_RSA_EMSA_PKCS1_SHA256,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384   */
-	SIGN_RSA_EMSA_PKCS1_SHA384,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
-	SIGN_RSA_EMSA_PKCS1_SHA512,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_224,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_256,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_384,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_512,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_224,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_256,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_384,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_512,
 	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
 	SIGN_ECDSA_WITH_SHA1_DER,
 	/** ECDSA with SHA-256 using DER encoding as in RFC 3279           */