Version bump to 5.8.4
[strongswan.git] / src / libstrongswan / crypto / hashers / hasher.c
1 /*
2 * Copyright (C) 2012-2015 Tobias Brunner
3 * Copyright (C) 2015-2017 Andreas Steffen
4 * Copyright (C) 2005-2006 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * HSR Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include "hasher.h"
20
21 #include <asn1/oid.h>
22 #include <credentials/keys/signature_params.h>
23
24 ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY,
25 "HASH_SHA1",
26 "HASH_SHA2_256",
27 "HASH_SHA2_384",
28 "HASH_SHA2_512",
29 "HASH_IDENTITY");
30 ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
31 "HASH_UNKNOWN",
32 "HASH_MD2",
33 "HASH_MD4",
34 "HASH_MD5",
35 "HASH_SHA2_224",
36 "HASH_SHA3_224",
37 "HASH_SHA3_256",
38 "HASH_SHA3_384",
39 "HASH_SHA3_512");
40 ENUM_END(hash_algorithm_names, HASH_SHA3_512);
41
42 ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_IDENTITY,
43 "sha1",
44 "sha256",
45 "sha384",
46 "sha512",
47 "identity");
48 ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
49 "unknown",
50 "md2",
51 "md4",
52 "md5",
53 "sha224",
54 "sha3_224",
55 "sha3_256",
56 "sha3_384",
57 "sha3_512");
58 ENUM_END(hash_algorithm_short_names, HASH_SHA3_512);
59
60 ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY,
61 "SHA1",
62 "SHA2_256",
63 "SHA2_384",
64 "SHA2_512",
65 "IDENTITY");
66 ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
67 "UNKNOWN",
68 "MD2",
69 "MD4",
70 "MD5",
71 "SHA2_224",
72 "SHA3_224",
73 "SHA3_256",
74 "SHA3_384",
75 "SHA3_512");
76 ENUM_END(hash_algorithm_short_names_upper, HASH_SHA3_512);
77
78 /*
79 * Described in header
80 */
81 size_t hasher_hash_size(hash_algorithm_t alg)
82 {
83 switch (alg)
84 {
85 case HASH_SHA1:
86 return HASH_SIZE_SHA1;
87 case HASH_SHA256:
88 return HASH_SIZE_SHA256;
89 case HASH_SHA384:
90 return HASH_SIZE_SHA384;
91 case HASH_SHA512:
92 return HASH_SIZE_SHA512;
93 case HASH_MD2:
94 return HASH_SIZE_MD2;
95 case HASH_MD4:
96 return HASH_SIZE_MD4;
97 case HASH_MD5:
98 return HASH_SIZE_MD5;
99 case HASH_SHA224:
100 return HASH_SIZE_SHA224;
101 case HASH_SHA3_224:
102 return HASH_SIZE_SHA224;
103 case HASH_SHA3_256:
104 return HASH_SIZE_SHA256;
105 case HASH_SHA3_384:
106 return HASH_SIZE_SHA384;
107 case HASH_SHA3_512:
108 return HASH_SIZE_SHA512;
109 case HASH_IDENTITY:
110 case HASH_UNKNOWN:
111 break;
112 }
113 return 0;
114 }
115
116 /*
117 * Described in header.
118 */
119 hash_algorithm_t hasher_algorithm_from_oid(int oid)
120 {
121 switch (oid)
122 {
123 case OID_MD2:
124 case OID_MD2_WITH_RSA:
125 return HASH_MD2;
126 case OID_MD5:
127 case OID_MD5_WITH_RSA:
128 return HASH_MD5;
129 case OID_SHA1:
130 case OID_SHA1_WITH_RSA:
131 return HASH_SHA1;
132 case OID_SHA224:
133 case OID_SHA224_WITH_RSA:
134 return HASH_SHA224;
135 case OID_SHA256:
136 case OID_SHA256_WITH_RSA:
137 return HASH_SHA256;
138 case OID_SHA384:
139 case OID_SHA384_WITH_RSA:
140 return HASH_SHA384;
141 case OID_SHA512:
142 case OID_SHA512_WITH_RSA:
143 return HASH_SHA512;
144 case OID_SHA3_224:
145 case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
146 return HASH_SHA3_224;
147 case OID_SHA3_256:
148 case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
149 return HASH_SHA3_256;
150 case OID_SHA3_384:
151 case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
152 return HASH_SHA3_384;
153 case OID_SHA3_512:
154 case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
155 return HASH_SHA3_512;
156 case OID_ED25519:
157 case OID_ED448:
158 return HASH_IDENTITY;
159 default:
160 return HASH_UNKNOWN;
161 }
162 }
163
164 /*
165 * Described in header.
166 */
167 hash_algorithm_t hasher_algorithm_from_prf(pseudo_random_function_t alg)
168 {
169 switch (alg)
170 {
171 case PRF_HMAC_MD5:
172 return HASH_MD5;
173 case PRF_HMAC_SHA1:
174 case PRF_FIPS_SHA1_160:
175 case PRF_KEYED_SHA1:
176 return HASH_SHA1;
177 case PRF_HMAC_SHA2_256:
178 return HASH_SHA256;
179 case PRF_HMAC_SHA2_384:
180 return HASH_SHA384;
181 case PRF_HMAC_SHA2_512:
182 return HASH_SHA512;
183 case PRF_HMAC_TIGER:
184 case PRF_AES128_XCBC:
185 case PRF_AES128_CMAC:
186 case PRF_FIPS_DES:
187 case PRF_CAMELLIA128_XCBC:
188 case PRF_UNDEFINED:
189 break;
190 }
191 return HASH_UNKNOWN;
192 }
193
194 /*
195 * Described in header.
196 */
197 hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
198 size_t *length)
199 {
200 if (length)
201 {
202 switch (alg)
203 {
204 case AUTH_HMAC_MD5_96:
205 case AUTH_HMAC_SHA1_96:
206 case AUTH_HMAC_SHA2_256_96:
207 *length = 12;
208 break;
209 case AUTH_HMAC_MD5_128:
210 case AUTH_HMAC_SHA1_128:
211 case AUTH_HMAC_SHA2_256_128:
212 *length = 16;
213 break;
214 case AUTH_HMAC_SHA1_160:
215 *length = 20;
216 break;
217 case AUTH_HMAC_SHA2_384_192:
218 *length = 24;
219 break;
220 case AUTH_HMAC_SHA2_256_256:
221 case AUTH_HMAC_SHA2_512_256:
222 *length = 32;
223 break;
224 case AUTH_HMAC_SHA2_384_384:
225 *length = 48;
226 break;
227 case AUTH_HMAC_SHA2_512_512:
228 *length = 64;
229 break;
230 default:
231 break;
232 }
233 }
234 switch (alg)
235 {
236 case AUTH_HMAC_MD5_96:
237 case AUTH_HMAC_MD5_128:
238 case AUTH_KPDK_MD5:
239 return HASH_MD5;
240 case AUTH_HMAC_SHA1_96:
241 case AUTH_HMAC_SHA1_128:
242 case AUTH_HMAC_SHA1_160:
243 return HASH_SHA1;
244 case AUTH_HMAC_SHA2_256_96:
245 case AUTH_HMAC_SHA2_256_128:
246 case AUTH_HMAC_SHA2_256_256:
247 return HASH_SHA256;
248 case AUTH_HMAC_SHA2_384_192:
249 case AUTH_HMAC_SHA2_384_384:
250 return HASH_SHA384;
251 case AUTH_HMAC_SHA2_512_256:
252 case AUTH_HMAC_SHA2_512_512:
253 return HASH_SHA512;
254 case AUTH_AES_CMAC_96:
255 case AUTH_AES_128_GMAC:
256 case AUTH_AES_192_GMAC:
257 case AUTH_AES_256_GMAC:
258 case AUTH_AES_XCBC_96:
259 case AUTH_DES_MAC:
260 case AUTH_CAMELLIA_XCBC_96:
261 case AUTH_UNDEFINED:
262 break;
263 }
264 return HASH_UNKNOWN;
265 }
266
267 /*
268 * Described in header.
269 */
270 integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
271 size_t length)
272 {
273 switch (alg)
274 {
275 case HASH_MD5:
276 switch (length)
277 {
278 case 12:
279 return AUTH_HMAC_MD5_96;
280 case 16:
281 return AUTH_HMAC_MD5_128;
282 }
283 break;
284 case HASH_SHA1:
285 switch (length)
286 {
287 case 12:
288 return AUTH_HMAC_SHA1_96;
289 case 16:
290 return AUTH_HMAC_SHA1_128;
291 case 20:
292 return AUTH_HMAC_SHA1_160;
293 }
294 break;
295 case HASH_SHA256:
296 switch (length)
297 {
298 case 12:
299 return AUTH_HMAC_SHA2_256_96;
300 case 16:
301 return AUTH_HMAC_SHA2_256_128;
302 case 32:
303 return AUTH_HMAC_SHA2_256_256;
304 }
305 break;
306 case HASH_SHA384:
307 switch (length)
308 {
309 case 24:
310 return AUTH_HMAC_SHA2_384_192;
311 case 48:
312 return AUTH_HMAC_SHA2_384_384;
313
314 }
315 break;
316 case HASH_SHA512:
317 switch (length)
318 {
319 case 32:
320 return AUTH_HMAC_SHA2_512_256;
321 case 64:
322 return AUTH_HMAC_SHA2_512_512;
323 }
324 break;
325 case HASH_MD2:
326 case HASH_MD4:
327 case HASH_SHA224:
328 case HASH_SHA3_224:
329 case HASH_SHA3_256:
330 case HASH_SHA3_384:
331 case HASH_SHA3_512:
332 case HASH_IDENTITY:
333 case HASH_UNKNOWN:
334 break;
335 }
336 return AUTH_UNDEFINED;
337 }
338
339 /*
340 * Described in header.
341 */
342 bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
343 {
344 switch (alg)
345 {
346 case HASH_IDENTITY:
347 case HASH_SHA256:
348 case HASH_SHA384:
349 case HASH_SHA512:
350 return TRUE;
351 case HASH_UNKNOWN:
352 case HASH_MD2:
353 case HASH_MD4:
354 case HASH_MD5:
355 case HASH_SHA1:
356 case HASH_SHA224:
357 case HASH_SHA3_224:
358 case HASH_SHA3_256:
359 case HASH_SHA3_384:
360 case HASH_SHA3_512:
361 break;
362 }
363 return FALSE;
364 }
365
366 /*
367 * Described in header.
368 */
369 int hasher_algorithm_to_oid(hash_algorithm_t alg)
370 {
371 int oid;
372
373 switch (alg)
374 {
375 case HASH_MD2:
376 oid = OID_MD2;
377 break;
378 case HASH_MD5:
379 oid = OID_MD5;
380 break;
381 case HASH_SHA1:
382 oid = OID_SHA1;
383 break;
384 case HASH_SHA224:
385 oid = OID_SHA224;
386 break;
387 case HASH_SHA256:
388 oid = OID_SHA256;
389 break;
390 case HASH_SHA384:
391 oid = OID_SHA384;
392 break;
393 case HASH_SHA512:
394 oid = OID_SHA512;
395 break;
396 case HASH_SHA3_224:
397 oid = OID_SHA3_224;
398 break;
399 case HASH_SHA3_256:
400 oid = OID_SHA3_256;
401 break;
402 case HASH_SHA3_384:
403 oid = OID_SHA3_384;
404 break;
405 case HASH_SHA3_512:
406 oid = OID_SHA3_512;
407 break;
408 default:
409 oid = OID_UNKNOWN;
410 }
411 return oid;
412 }
413
414 /*
415 * Described in header.
416 */
417 int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
418 {
419 switch (key)
420 {
421 case KEY_RSA:
422 switch (alg)
423 {
424 case HASH_MD2:
425 return OID_MD2_WITH_RSA;
426 case HASH_MD5:
427 return OID_MD5_WITH_RSA;
428 case HASH_SHA1:
429 return OID_SHA1_WITH_RSA;
430 case HASH_SHA224:
431 return OID_SHA224_WITH_RSA;
432 case HASH_SHA256:
433 return OID_SHA256_WITH_RSA;
434 case HASH_SHA384:
435 return OID_SHA384_WITH_RSA;
436 case HASH_SHA512:
437 return OID_SHA512_WITH_RSA;
438 case HASH_SHA3_224:
439 return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
440 case HASH_SHA3_256:
441 return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
442 case HASH_SHA3_384:
443 return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
444 case HASH_SHA3_512:
445 return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
446 default:
447 return OID_UNKNOWN;
448 }
449 case KEY_ECDSA:
450 switch (alg)
451 {
452 case HASH_SHA1:
453 return OID_ECDSA_WITH_SHA1;
454 case HASH_SHA256:
455 return OID_ECDSA_WITH_SHA256;
456 case HASH_SHA384:
457 return OID_ECDSA_WITH_SHA384;
458 case HASH_SHA512:
459 return OID_ECDSA_WITH_SHA512;
460 default:
461 return OID_UNKNOWN;
462 }
463 case KEY_ED25519:
464 switch (alg)
465 {
466 case HASH_IDENTITY:
467 return OID_ED25519;
468 default:
469 return OID_UNKNOWN;
470 }
471 case KEY_ED448:
472 switch (alg)
473 {
474 case HASH_IDENTITY:
475 return OID_ED448;
476 default:
477 return OID_UNKNOWN;
478 }
479 case KEY_BLISS:
480 switch (alg)
481 {
482 case HASH_SHA256:
483 return OID_BLISS_WITH_SHA2_256;
484 case HASH_SHA384:
485 return OID_BLISS_WITH_SHA2_384;
486 case HASH_SHA512:
487 return OID_BLISS_WITH_SHA2_512;
488 case HASH_SHA3_256:
489 return OID_BLISS_WITH_SHA3_256;
490 case HASH_SHA3_384:
491 return OID_BLISS_WITH_SHA3_384;
492 case HASH_SHA3_512:
493 return OID_BLISS_WITH_SHA3_512;
494 default:
495 return OID_UNKNOWN;
496 }
497 default:
498 return OID_UNKNOWN;
499 }
500 }
501
502 /*
503 * Defined in header.
504 */
505 hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
506 void *params)
507 {
508 switch (scheme)
509 {
510 case SIGN_UNKNOWN:
511 case SIGN_RSA_EMSA_PKCS1_NULL:
512 case SIGN_ECDSA_WITH_NULL:
513 break;
514 case SIGN_RSA_EMSA_PSS:
515 if (params)
516 {
517 rsa_pss_params_t *pss = params;
518 return pss->hash;
519 }
520 break;
521 case SIGN_ED25519:
522 case SIGN_ED448:
523 return HASH_IDENTITY;
524 case SIGN_RSA_EMSA_PKCS1_MD5:
525 return HASH_MD5;
526 case SIGN_RSA_EMSA_PKCS1_SHA1:
527 case SIGN_ECDSA_WITH_SHA1_DER:
528 return HASH_SHA1;
529 case SIGN_RSA_EMSA_PKCS1_SHA2_224:
530 return HASH_SHA224;
531 case SIGN_RSA_EMSA_PKCS1_SHA2_256:
532 case SIGN_ECDSA_WITH_SHA256_DER:
533 case SIGN_ECDSA_256:
534 case SIGN_BLISS_WITH_SHA2_256:
535 return HASH_SHA256;
536 case SIGN_RSA_EMSA_PKCS1_SHA2_384:
537 case SIGN_ECDSA_WITH_SHA384_DER:
538 case SIGN_ECDSA_384:
539 case SIGN_BLISS_WITH_SHA2_384:
540 return HASH_SHA384;
541 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
542 case SIGN_ECDSA_WITH_SHA512_DER:
543 case SIGN_ECDSA_521:
544 case SIGN_BLISS_WITH_SHA2_512:
545 return HASH_SHA512;
546 case SIGN_RSA_EMSA_PKCS1_SHA3_224:
547 return HASH_SHA3_224;
548 case SIGN_RSA_EMSA_PKCS1_SHA3_256:
549 case SIGN_BLISS_WITH_SHA3_256:
550 return HASH_SHA3_256;
551 case SIGN_RSA_EMSA_PKCS1_SHA3_384:
552 case SIGN_BLISS_WITH_SHA3_384:
553 return HASH_SHA3_384;
554 case SIGN_RSA_EMSA_PKCS1_SHA3_512:
555 case SIGN_BLISS_WITH_SHA3_512:
556 return HASH_SHA3_512;
557 }
558 return HASH_UNKNOWN;
559 }