gmp: Support of SHA-3 RSA signatures
[strongswan.git] / src / libstrongswan / crypto / hashers / hasher.c
1 /*
2 * Copyright (C) 2012-2015 Tobias Brunner
3 * Copyright (C) 2015-2016 Andreas Steffen
4 * Copyright (C) 2005-2006 Martin Willi
5 * Copyright (C) 2005 Jan Hutter
6 * HSR Hochschule fuer Technik Rapperswil
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include "hasher.h"
20
21 #include <asn1/oid.h>
22
23 ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_SHA512,
24 "HASH_SHA1",
25 "HASH_SHA256",
26 "HASH_SHA384",
27 "HASH_SHA512");
28 ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512,
29 "HASH_UNKNOWN",
30 "HASH_MD2",
31 "HASH_MD4",
32 "HASH_MD5",
33 "HASH_SHA224",
34 "HASH_SHA3_224",
35 "HASH_SHA3_256",
36 "HASH_SHA3_384",
37 "HASH_SHA3_512");
38 ENUM_END(hash_algorithm_names, HASH_SHA3_512);
39
40 ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_SHA512,
41 "sha1",
42 "sha256",
43 "sha384",
44 "sha512");
45 ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512,
46 "unknown",
47 "md2",
48 "md4",
49 "md5",
50 "sha224",
51 "sha3_224",
52 "sha3_256",
53 "sha3_384",
54 "sha3_512");
55 ENUM_END(hash_algorithm_short_names, HASH_SHA3_512);
56
57 /*
58 * Described in header.
59 */
60 hash_algorithm_t hasher_algorithm_from_oid(int oid)
61 {
62 switch (oid)
63 {
64 case OID_MD2:
65 case OID_MD2_WITH_RSA:
66 return HASH_MD2;
67 case OID_MD5:
68 case OID_MD5_WITH_RSA:
69 return HASH_MD5;
70 case OID_SHA1:
71 case OID_SHA1_WITH_RSA:
72 return HASH_SHA1;
73 case OID_SHA224:
74 case OID_SHA224_WITH_RSA:
75 return HASH_SHA224;
76 case OID_SHA256:
77 case OID_SHA256_WITH_RSA:
78 return HASH_SHA256;
79 case OID_SHA384:
80 case OID_SHA384_WITH_RSA:
81 return HASH_SHA384;
82 case OID_SHA512:
83 case OID_SHA512_WITH_RSA:
84 return HASH_SHA512;
85 case OID_SHA3_224:
86 case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
87 return HASH_SHA3_224;
88 case OID_SHA3_256:
89 case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
90 return HASH_SHA3_256;
91 case OID_SHA3_384:
92 case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
93 return HASH_SHA3_384;
94 case OID_SHA3_512:
95 case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
96 return HASH_SHA3_512;
97 default:
98 return HASH_UNKNOWN;
99 }
100 }
101
102 /*
103 * Described in header.
104 */
105 hash_algorithm_t hasher_algorithm_from_prf(pseudo_random_function_t alg)
106 {
107 switch (alg)
108 {
109 case PRF_HMAC_MD5:
110 return HASH_MD5;
111 case PRF_HMAC_SHA1:
112 case PRF_FIPS_SHA1_160:
113 case PRF_KEYED_SHA1:
114 return HASH_SHA1;
115 case PRF_HMAC_SHA2_256:
116 return HASH_SHA256;
117 case PRF_HMAC_SHA2_384:
118 return HASH_SHA384;
119 case PRF_HMAC_SHA2_512:
120 return HASH_SHA512;
121 case PRF_HMAC_TIGER:
122 case PRF_AES128_XCBC:
123 case PRF_AES128_CMAC:
124 case PRF_FIPS_DES:
125 case PRF_CAMELLIA128_XCBC:
126 case PRF_UNDEFINED:
127 break;
128 }
129 return HASH_UNKNOWN;
130 }
131
132 /*
133 * Described in header.
134 */
135 hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
136 size_t *length)
137 {
138 if (length)
139 {
140 switch (alg)
141 {
142 case AUTH_HMAC_MD5_96:
143 case AUTH_HMAC_SHA1_96:
144 case AUTH_HMAC_SHA2_256_96:
145 *length = 12;
146 break;
147 case AUTH_HMAC_MD5_128:
148 case AUTH_HMAC_SHA1_128:
149 case AUTH_HMAC_SHA2_256_128:
150 *length = 16;
151 break;
152 case AUTH_HMAC_SHA1_160:
153 *length = 20;
154 break;
155 case AUTH_HMAC_SHA2_384_192:
156 *length = 24;
157 break;
158 case AUTH_HMAC_SHA2_256_256:
159 case AUTH_HMAC_SHA2_512_256:
160 *length = 32;
161 break;
162 case AUTH_HMAC_SHA2_384_384:
163 *length = 48;
164 break;
165 case AUTH_HMAC_SHA2_512_512:
166 *length = 64;
167 break;
168 default:
169 break;
170 }
171 }
172 switch (alg)
173 {
174 case AUTH_HMAC_MD5_96:
175 case AUTH_HMAC_MD5_128:
176 case AUTH_KPDK_MD5:
177 return HASH_MD5;
178 case AUTH_HMAC_SHA1_96:
179 case AUTH_HMAC_SHA1_128:
180 case AUTH_HMAC_SHA1_160:
181 return HASH_SHA1;
182 case AUTH_HMAC_SHA2_256_96:
183 case AUTH_HMAC_SHA2_256_128:
184 case AUTH_HMAC_SHA2_256_256:
185 return HASH_SHA256;
186 case AUTH_HMAC_SHA2_384_192:
187 case AUTH_HMAC_SHA2_384_384:
188 return HASH_SHA384;
189 case AUTH_HMAC_SHA2_512_256:
190 case AUTH_HMAC_SHA2_512_512:
191 return HASH_SHA512;
192 case AUTH_AES_CMAC_96:
193 case AUTH_AES_128_GMAC:
194 case AUTH_AES_192_GMAC:
195 case AUTH_AES_256_GMAC:
196 case AUTH_AES_XCBC_96:
197 case AUTH_DES_MAC:
198 case AUTH_CAMELLIA_XCBC_96:
199 case AUTH_UNDEFINED:
200 break;
201 }
202 return HASH_UNKNOWN;
203 }
204
205 /*
206 * Described in header.
207 */
208 integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
209 size_t length)
210 {
211 switch (alg)
212 {
213 case HASH_MD5:
214 switch (length)
215 {
216 case 12:
217 return AUTH_HMAC_MD5_96;
218 case 16:
219 return AUTH_HMAC_MD5_128;
220 }
221 break;
222 case HASH_SHA1:
223 switch (length)
224 {
225 case 12:
226 return AUTH_HMAC_SHA1_96;
227 case 16:
228 return AUTH_HMAC_SHA1_128;
229 case 20:
230 return AUTH_HMAC_SHA1_160;
231 }
232 break;
233 case HASH_SHA256:
234 switch (length)
235 {
236 case 12:
237 return AUTH_HMAC_SHA2_256_96;
238 case 16:
239 return AUTH_HMAC_SHA2_256_128;
240 case 32:
241 return AUTH_HMAC_SHA2_256_256;
242 }
243 break;
244 case HASH_SHA384:
245 switch (length)
246 {
247 case 24:
248 return AUTH_HMAC_SHA2_384_192;
249 case 48:
250 return AUTH_HMAC_SHA2_384_384;
251
252 }
253 break;
254 case HASH_SHA512:
255 switch (length)
256 {
257 case 32:
258 return AUTH_HMAC_SHA2_512_256;
259 case 64:
260 return AUTH_HMAC_SHA2_512_512;
261 }
262 break;
263 case HASH_MD2:
264 case HASH_MD4:
265 case HASH_SHA224:
266 case HASH_SHA3_224:
267 case HASH_SHA3_256:
268 case HASH_SHA3_384:
269 case HASH_SHA3_512:
270 case HASH_UNKNOWN:
271 break;
272 }
273 return AUTH_UNDEFINED;
274 }
275
276 /*
277 * Described in header.
278 */
279 bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
280 {
281 switch (alg)
282 {
283 case HASH_SHA1:
284 case HASH_SHA256:
285 case HASH_SHA384:
286 case HASH_SHA512:
287 return TRUE;
288 case HASH_UNKNOWN:
289 case HASH_MD2:
290 case HASH_MD4:
291 case HASH_MD5:
292 case HASH_SHA224:
293 case HASH_SHA3_224:
294 case HASH_SHA3_256:
295 case HASH_SHA3_384:
296 case HASH_SHA3_512:
297 break;
298 }
299 return FALSE;
300 }
301
302 /*
303 * Described in header.
304 */
305 int hasher_algorithm_to_oid(hash_algorithm_t alg)
306 {
307 int oid;
308
309 switch (alg)
310 {
311 case HASH_MD2:
312 oid = OID_MD2;
313 break;
314 case HASH_MD5:
315 oid = OID_MD5;
316 break;
317 case HASH_SHA1:
318 oid = OID_SHA1;
319 break;
320 case HASH_SHA224:
321 oid = OID_SHA224;
322 break;
323 case HASH_SHA256:
324 oid = OID_SHA256;
325 break;
326 case HASH_SHA384:
327 oid = OID_SHA384;
328 break;
329 case HASH_SHA512:
330 oid = OID_SHA512;
331 break;
332 case HASH_SHA3_224:
333 oid = OID_SHA3_224;
334 break;
335 case HASH_SHA3_256:
336 oid = OID_SHA3_256;
337 break;
338 case HASH_SHA3_384:
339 oid = OID_SHA3_384;
340 break;
341 case HASH_SHA3_512:
342 oid = OID_SHA3_512;
343 break;
344 default:
345 oid = OID_UNKNOWN;
346 }
347 return oid;
348 }
349
350 /*
351 * Described in header.
352 */
353 int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
354 {
355 switch (key)
356 {
357 case KEY_RSA:
358 switch (alg)
359 {
360 case HASH_MD2:
361 return OID_MD2_WITH_RSA;
362 case HASH_MD5:
363 return OID_MD5_WITH_RSA;
364 case HASH_SHA1:
365 return OID_SHA1_WITH_RSA;
366 case HASH_SHA224:
367 return OID_SHA224_WITH_RSA;
368 case HASH_SHA256:
369 return OID_SHA256_WITH_RSA;
370 case HASH_SHA384:
371 return OID_SHA384_WITH_RSA;
372 case HASH_SHA512:
373 return OID_SHA512_WITH_RSA;
374 case HASH_SHA3_224:
375 return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
376 case HASH_SHA3_256:
377 return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
378 case HASH_SHA3_384:
379 return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
380 case HASH_SHA3_512:
381 return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
382 default:
383 return OID_UNKNOWN;
384 }
385 case KEY_ECDSA:
386 switch (alg)
387 {
388 case HASH_SHA1:
389 return OID_ECDSA_WITH_SHA1;
390 case HASH_SHA256:
391 return OID_ECDSA_WITH_SHA256;
392 case HASH_SHA384:
393 return OID_ECDSA_WITH_SHA384;
394 case HASH_SHA512:
395 return OID_ECDSA_WITH_SHA512;
396 default:
397 return OID_UNKNOWN;
398 }
399 case KEY_BLISS:
400 switch (alg)
401 {
402 case HASH_SHA256:
403 return OID_BLISS_WITH_SHA2_256;
404 case HASH_SHA384:
405 return OID_BLISS_WITH_SHA2_384;
406 case HASH_SHA512:
407 return OID_BLISS_WITH_SHA2_512;
408 case HASH_SHA3_256:
409 return OID_BLISS_WITH_SHA3_256;
410 case HASH_SHA3_384:
411 return OID_BLISS_WITH_SHA3_384;
412 case HASH_SHA3_512:
413 return OID_BLISS_WITH_SHA3_512;
414 default:
415 return OID_UNKNOWN;
416 }
417 default:
418 return OID_UNKNOWN;
419 }
420 }
421
422 /*
423 * Defined in header.
424 */
425 hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
426 {
427 switch (scheme)
428 {
429 case SIGN_UNKNOWN:
430 case SIGN_RSA_EMSA_PKCS1_NULL:
431 case SIGN_ECDSA_WITH_NULL:
432 break;
433 case SIGN_RSA_EMSA_PKCS1_MD5:
434 return HASH_MD5;
435 case SIGN_RSA_EMSA_PKCS1_SHA1:
436 case SIGN_ECDSA_WITH_SHA1_DER:
437 return HASH_SHA1;
438 case SIGN_RSA_EMSA_PKCS1_SHA2_224:
439 return HASH_SHA224;
440 case SIGN_RSA_EMSA_PKCS1_SHA2_256:
441 case SIGN_ECDSA_WITH_SHA256_DER:
442 case SIGN_ECDSA_256:
443 case SIGN_BLISS_WITH_SHA2_256:
444 return HASH_SHA256;
445 case SIGN_RSA_EMSA_PKCS1_SHA2_384:
446 case SIGN_ECDSA_WITH_SHA384_DER:
447 case SIGN_ECDSA_384:
448 case SIGN_BLISS_WITH_SHA2_384:
449 return HASH_SHA384;
450 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
451 case SIGN_ECDSA_WITH_SHA512_DER:
452 case SIGN_ECDSA_521:
453 case SIGN_BLISS_WITH_SHA2_512:
454 return HASH_SHA512;
455 case SIGN_RSA_EMSA_PKCS1_SHA3_224:
456 return HASH_SHA3_224;
457 case SIGN_RSA_EMSA_PKCS1_SHA3_256:
458 case SIGN_BLISS_WITH_SHA3_256:
459 return HASH_SHA3_256;
460 case SIGN_RSA_EMSA_PKCS1_SHA3_384:
461 case SIGN_BLISS_WITH_SHA3_384:
462 return HASH_SHA3_384;
463 case SIGN_RSA_EMSA_PKCS1_SHA3_512:
464 case SIGN_BLISS_WITH_SHA3_512:
465 return HASH_SHA3_512;
466 }
467 return HASH_UNKNOWN;
468 }