gmp: Support of SHA-3 RSA signatures
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 22 Sep 2016 06:50:43 +0000 (08:50 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 22 Sep 2016 15:34:31 +0000 (17:34 +0200)
24 files changed:
src/charon-tkm/src/charon-tkm.c
src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
src/libimcv/pts/pts.c
src/libstrongswan/credentials/auth_cfg.c
src/libstrongswan/credentials/keys/public_key.c
src/libstrongswan/credentials/keys/public_key.h
src/libstrongswan/crypto/hashers/hasher.c
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
src/libstrongswan/plugins/gmp/gmp_plugin.c
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
src/libstrongswan/plugins/openssl/openssl_plugin.c
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
src/libstrongswan/tests/suites/test_auth_cfg.c
src/libstrongswan/tests/suites/test_hasher.c
src/libstrongswan/tests/suites/test_rsa.c
src/libstrongswan/tests/suites/test_utils.c
src/libtls/tls_crypto.c
testing/hosts/winnetou/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev2/net2net-cert-sha2/evaltest.dat
testing/tests/ikev2/rw-sig-auth/evaltest.dat

index 3136b80..4a6d2ae 100644 (file)
@@ -286,7 +286,7 @@ int main(int argc, char *argv[])
                PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
                        PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
                        PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
-                       PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+                       PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
                PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
                        PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
                PLUGIN_CALLBACK(tkm_spi_generator_register, NULL),
index 6fd34e0..592f497 100644 (file)
@@ -161,8 +161,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
                if (key_type == KEY_RSA)
                {
                        signature_scheme_t schemes[] = {
-                               SIGN_RSA_EMSA_PKCS1_SHA384,
-                               SIGN_RSA_EMSA_PKCS1_SHA256,
+                               SIGN_RSA_EMSA_PKCS1_SHA2_384,
+                               SIGN_RSA_EMSA_PKCS1_SHA2_256,
                                SIGN_RSA_EMSA_PKCS1_SHA1,
                        }, contained;
                        bool found;
index 906cfa7..d771d07 100644 (file)
@@ -719,13 +719,22 @@ METHOD(pts_t, verify_quote_signature, bool,
                                        scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
                                        break;
                                case HASH_SHA256:
-                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
+                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256;
                                        break;
                                case HASH_SHA384:
-                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
+                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384;
                                        break;
                                case HASH_SHA512:
-                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
+                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
+                                       break;
+                               case HASH_SHA3_256:
+                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA3_256;
+                                       break;
+                               case HASH_SHA3_384:
+                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384;
+                                       break;
+                               case HASH_SHA3_512:
+                                       scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
                                        break;
                                default:
                                        scheme = SIGN_UNKNOWN;
index 956ce08..3ec9491 100644 (file)
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2008-2016 Tobias Brunner
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffeb
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -548,10 +549,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
                } schemes[] = {
                        { "md5",                SIGN_RSA_EMSA_PKCS1_MD5,                KEY_RSA,        },
                        { "sha1",               SIGN_RSA_EMSA_PKCS1_SHA1,               KEY_RSA,        },
-                       { "sha224",             SIGN_RSA_EMSA_PKCS1_SHA224,             KEY_RSA,        },
-                       { "sha256",             SIGN_RSA_EMSA_PKCS1_SHA256,             KEY_RSA,        },
-                       { "sha384",             SIGN_RSA_EMSA_PKCS1_SHA384,             KEY_RSA,        },
-                       { "sha512",             SIGN_RSA_EMSA_PKCS1_SHA512,             KEY_RSA,        },
+                       { "sha224",             SIGN_RSA_EMSA_PKCS1_SHA2_224,   KEY_RSA,        },
+                       { "sha256",             SIGN_RSA_EMSA_PKCS1_SHA2_256,   KEY_RSA,        },
+                       { "sha384",             SIGN_RSA_EMSA_PKCS1_SHA2_384,   KEY_RSA,        },
+                       { "sha512",             SIGN_RSA_EMSA_PKCS1_SHA2_512,   KEY_RSA,        },
                        { "sha1",               SIGN_ECDSA_WITH_SHA1_DER,               KEY_ECDSA,      },
                        { "sha256",             SIGN_ECDSA_WITH_SHA256_DER,             KEY_ECDSA,      },
                        { "sha384",             SIGN_ECDSA_WITH_SHA384_DER,             KEY_ECDSA,      },
index d6f211a..03f93b1 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -32,10 +32,14 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
        "RSA_EMSA_PKCS1_NULL",
        "RSA_EMSA_PKCS1_MD5",
        "RSA_EMSA_PKCS1_SHA1",
-       "RSA_EMSA_PKCS1_SHA224",
-       "RSA_EMSA_PKCS1_SHA256",
-       "RSA_EMSA_PKCS1_SHA384",
-       "RSA_EMSA_PKCS1_SHA512",
+       "RSA_EMSA_PKCS1_SHA2_224",
+       "RSA_EMSA_PKCS1_SHA2_256",
+       "RSA_EMSA_PKCS1_SHA2_384",
+       "RSA_EMSA_PKCS1_SHA2_512",
+       "RSA_EMSA_PKCS1_SHA3_224",
+       "RSA_EMSA_PKCS1_SHA3_256",
+       "RSA_EMSA_PKCS1_SHA3_384",
+       "RSA_EMSA_PKCS1_SHA3_512",
        "ECDSA_WITH_SHA1_DER",
        "ECDSA_WITH_SHA256_DER",
        "ECDSA_WITH_SHA384_DER",
@@ -120,16 +124,24 @@ signature_scheme_t signature_scheme_from_oid(int oid)
                        return SIGN_RSA_EMSA_PKCS1_SHA1;
                case OID_SHA224_WITH_RSA:
                case OID_SHA224:
-                       return SIGN_RSA_EMSA_PKCS1_SHA224;
+                       return SIGN_RSA_EMSA_PKCS1_SHA2_224;
                case OID_SHA256_WITH_RSA:
                case OID_SHA256:
-                       return SIGN_RSA_EMSA_PKCS1_SHA256;
+                       return SIGN_RSA_EMSA_PKCS1_SHA2_256;
                case OID_SHA384_WITH_RSA:
                case OID_SHA384:
-                       return SIGN_RSA_EMSA_PKCS1_SHA384;
+                       return SIGN_RSA_EMSA_PKCS1_SHA2_384;
                case OID_SHA512_WITH_RSA:
                case OID_SHA512:
-                       return SIGN_RSA_EMSA_PKCS1_SHA512;
+                       return SIGN_RSA_EMSA_PKCS1_SHA2_512;
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
+                       return SIGN_RSA_EMSA_PKCS1_SHA3_224;
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
+                       return SIGN_RSA_EMSA_PKCS1_SHA3_256;
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
+                       return SIGN_RSA_EMSA_PKCS1_SHA3_384;
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
+                       return SIGN_RSA_EMSA_PKCS1_SHA3_512;
                case OID_ECDSA_WITH_SHA1:
                case OID_EC_PUBLICKEY:
                        return SIGN_ECDSA_WITH_SHA1_DER;
@@ -174,14 +186,22 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
                        return OID_MD5_WITH_RSA;
                case SIGN_RSA_EMSA_PKCS1_SHA1:
                        return OID_SHA1_WITH_RSA;
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return OID_SHA224_WITH_RSA;
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                        return OID_SHA256_WITH_RSA;
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                        return OID_SHA384_WITH_RSA;
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return OID_SHA512_WITH_RSA;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+                       return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+                       return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+                       return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+                       return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
                case SIGN_ECDSA_WITH_SHA1_DER:
                        return OID_ECDSA_WITH_SHA1;
                case SIGN_ECDSA_WITH_SHA256_DER:
@@ -216,9 +236,9 @@ static struct {
        key_type_t type;
        int max_keysize;
 } scheme_map[] = {
-       { SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA,   3072 },
-       { SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA,   7680 },
-       { SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA,   0 },
+       { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
+       { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
+       { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
        { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
        { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
        { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
@@ -285,10 +305,14 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
                case SIGN_RSA_EMSA_PKCS1_NULL:
                case SIGN_RSA_EMSA_PKCS1_MD5:
                case SIGN_RSA_EMSA_PKCS1_SHA1:
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+               case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+               case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+               case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+               case SIGN_RSA_EMSA_PKCS1_SHA3_512:
                        return KEY_RSA;
                case SIGN_ECDSA_WITH_SHA1_DER:
                case SIGN_ECDSA_WITH_SHA256_DER:
index ce48f9b..2361282 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -70,14 +70,22 @@ enum signature_scheme_t {
        SIGN_RSA_EMSA_PKCS1_MD5,
        /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
        SIGN_RSA_EMSA_PKCS1_SHA1,
-       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224   */
-       SIGN_RSA_EMSA_PKCS1_SHA224,
-       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256   */
-       SIGN_RSA_EMSA_PKCS1_SHA256,
-       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384   */
-       SIGN_RSA_EMSA_PKCS1_SHA384,
-       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
-       SIGN_RSA_EMSA_PKCS1_SHA512,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
+       SIGN_RSA_EMSA_PKCS1_SHA2_224,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
+       SIGN_RSA_EMSA_PKCS1_SHA2_256,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
+       SIGN_RSA_EMSA_PKCS1_SHA2_384,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
+       SIGN_RSA_EMSA_PKCS1_SHA2_512,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
+       SIGN_RSA_EMSA_PKCS1_SHA3_224,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
+       SIGN_RSA_EMSA_PKCS1_SHA3_256,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
+       SIGN_RSA_EMSA_PKCS1_SHA3_384,
+       /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
+       SIGN_RSA_EMSA_PKCS1_SHA3_512,
        /** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
        SIGN_ECDSA_WITH_SHA1_DER,
        /** ECDSA with SHA-256 using DER encoding as in RFC 3279           */
index e220593..d136799 100644 (file)
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
                case OID_SHA512_WITH_RSA:
                        return HASH_SHA512;
                case OID_SHA3_224:
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
                        return HASH_SHA3_224;
                case OID_SHA3_256:
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
                        return HASH_SHA3_256;
                case OID_SHA3_384:
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
                        return HASH_SHA3_384;
                case OID_SHA3_512:
+               case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
                        return HASH_SHA3_512;
                default:
                        return HASH_UNKNOWN;
@@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
                                        return OID_SHA384_WITH_RSA;
                                case HASH_SHA512:
                                        return OID_SHA512_WITH_RSA;
+                               case HASH_SHA3_224:
+                                       return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+                               case HASH_SHA3_256:
+                                       return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+                               case HASH_SHA3_384:
+                                       return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+                               case HASH_SHA3_512:
+                                       return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
                                default:
                                        return OID_UNKNOWN;
                        }
@@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
                case SIGN_RSA_EMSA_PKCS1_SHA1:
                case SIGN_ECDSA_WITH_SHA1_DER:
                        return HASH_SHA1;
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return HASH_SHA224;
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                case SIGN_ECDSA_WITH_SHA256_DER:
                case SIGN_ECDSA_256:
                case SIGN_BLISS_WITH_SHA2_256:
                        return HASH_SHA256;
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                case SIGN_ECDSA_WITH_SHA384_DER:
                case SIGN_ECDSA_384:
                case SIGN_BLISS_WITH_SHA2_384:
                        return HASH_SHA384;
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                case SIGN_ECDSA_WITH_SHA512_DER:
                case SIGN_ECDSA_521:
                case SIGN_BLISS_WITH_SHA2_512:
                        return HASH_SHA512;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+                       return HASH_SHA3_224;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_256:
                case SIGN_BLISS_WITH_SHA3_256:
                        return HASH_SHA3_256;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_384:
                case SIGN_BLISS_WITH_SHA3_384:
                        return HASH_SHA3_384;
+               case SIGN_RSA_EMSA_PKCS1_SHA3_512:
                case SIGN_BLISS_WITH_SHA3_512:
                        return HASH_SHA3_512;
        }
index 938a464..15b876b 100644 (file)
@@ -206,16 +206,16 @@ METHOD(private_key_t, sign, bool,
        {
                case SIGN_RSA_EMSA_PKCS1_NULL:
                        return sign_raw(this, data, sig);
-               case SIGN_RSA_EMSA_PKCS1_SHA1:
-                       return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig);
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                        return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                        return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+               case SIGN_RSA_EMSA_PKCS1_SHA1:
+                       return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
                case SIGN_RSA_EMSA_PKCS1_MD5:
                        return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
                default:
index 291287a..90829e0 100644 (file)
@@ -173,18 +173,18 @@ METHOD(public_key_t, verify, bool,
        {
                case SIGN_RSA_EMSA_PKCS1_NULL:
                        return verify_raw(this, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_MD5:
-                       return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA1:
-                       return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                        return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                        return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA1:
+                       return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+               case SIGN_RSA_EMSA_PKCS1_MD5:
+                       return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
                default:
                        DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
                                 signature_scheme_names, scheme);
index ea75896..c759753 100644 (file)
@@ -80,30 +80,46 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
                /* signature schemes, private */
                PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
-                       PLUGIN_DEPENDS(HASHER, HASH_SHA1),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA224),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA1),
                PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
                        PLUGIN_DEPENDS(HASHER, HASH_MD5),
                /* signature verification schemes */
                PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
-                       PLUGIN_DEPENDS(HASHER, HASH_SHA1),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA224),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
                        PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+                       PLUGIN_DEPENDS(HASHER, HASH_SHA1),
                PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
                        PLUGIN_DEPENDS(HASHER, HASH_MD5),
                /* en-/decryption schemes */
index e5d418e..21b4208 100644 (file)
@@ -347,16 +347,24 @@ METHOD(private_key_t, sign, bool,
        {
                case SIGN_RSA_EMSA_PKCS1_NULL:
                        return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA1:
-                       return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return build_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                        return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                        return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+                       return build_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+                       return build_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+                       return build_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+                       return build_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA1:
+                       return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
                case SIGN_RSA_EMSA_PKCS1_MD5:
                        return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
                default:
index e738908..2b2c7f2 100644 (file)
@@ -291,18 +291,26 @@ METHOD(public_key_t, verify, bool,
        {
                case SIGN_RSA_EMSA_PKCS1_NULL:
                        return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_MD5:
-                       return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA1:
-                       return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                        return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                        return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+                       return verify_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+                       return verify_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+                       return verify_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+                       return verify_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA1:
+                       return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_MD5:
+                       return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
                default:
                        DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
                                 signature_scheme_names, scheme);
index 3e3b986..1330427 100644 (file)
@@ -438,16 +438,16 @@ METHOD(plugin_t, get_features, int,
                PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
 #endif
 #ifndef OPENSSL_NO_SHA256
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 #endif
 #ifndef OPENSSL_NO_SHA512
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
-               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
-               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+               PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+               PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
 #endif
 #ifndef OPENSSL_NO_MD5
                PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
index 485e0bb..cf8c3d7 100644 (file)
@@ -158,16 +158,16 @@ METHOD(private_key_t, sign, bool,
        {
                case SIGN_RSA_EMSA_PKCS1_NULL:
                        return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA1:
-                       return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                        return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                        return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA1:
+                       return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
                case SIGN_RSA_EMSA_PKCS1_MD5:
                        return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
                default:
index d66d501..d3a644f 100644 (file)
@@ -143,16 +143,16 @@ METHOD(public_key_t, verify, bool,
        {
                case SIGN_RSA_EMSA_PKCS1_NULL:
                        return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA1:
-                       return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA224:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_224:
                        return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA256:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_256:
                        return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA384:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_384:
                        return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
-               case SIGN_RSA_EMSA_PKCS1_SHA512:
+               case SIGN_RSA_EMSA_PKCS1_SHA2_512:
                        return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+               case SIGN_RSA_EMSA_PKCS1_SHA1:
+                       return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
                case SIGN_RSA_EMSA_PKCS1_MD5:
                        return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
                default:
index aec4550..a31bd33 100644 (file)
@@ -112,13 +112,13 @@ CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme,
        } mappings[] = {
                {SIGN_RSA_EMSA_PKCS1_NULL,              {CKM_RSA_PKCS,                  NULL, 0},
                 KEY_RSA, 0,                                                                       HASH_UNKNOWN},
-               {SIGN_RSA_EMSA_PKCS1_SHA1,              {CKM_SHA1_RSA_PKCS,             NULL, 0},
+               {SIGN_RSA_EMSA_PKCS1_SHA2_256,  {CKM_SHA256_RSA_PKCS,   NULL, 0},
                 KEY_RSA, 0,                                                                       HASH_UNKNOWN},
-               {SIGN_RSA_EMSA_PKCS1_SHA256,    {CKM_SHA256_RSA_PKCS,   NULL, 0},
+               {SIGN_RSA_EMSA_PKCS1_SHA2_384,  {CKM_SHA384_RSA_PKCS,   NULL, 0},
                 KEY_RSA, 0,                                                                       HASH_UNKNOWN},
-               {SIGN_RSA_EMSA_PKCS1_SHA384,    {CKM_SHA384_RSA_PKCS,   NULL, 0},
+               {SIGN_RSA_EMSA_PKCS1_SHA2_512,  {CKM_SHA512_RSA_PKCS,   NULL, 0},
                 KEY_RSA, 0,                                                                       HASH_UNKNOWN},
-               {SIGN_RSA_EMSA_PKCS1_SHA512,    {CKM_SHA512_RSA_PKCS,   NULL, 0},
+               {SIGN_RSA_EMSA_PKCS1_SHA1,              {CKM_SHA1_RSA_PKCS,             NULL, 0},
                 KEY_RSA, 0,                                                                       HASH_UNKNOWN},
                {SIGN_RSA_EMSA_PKCS1_MD5,               {CKM_MD5_RSA_PKCS,              NULL, 0},
                 KEY_RSA, 0,                                                                       HASH_UNKNOWN},
index e046725..139b730 100644 (file)
@@ -22,19 +22,19 @@ struct {
        signature_scheme_t sig[5];
        signature_scheme_t ike[5];
 } sig_constraints_tests[] = {
-       { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
-       { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}},
+       { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
+       { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
        { "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-       { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-       { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
-       { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-       { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-       { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-       { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+       { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+       { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+       { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+       { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+       { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+       { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
        { "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
        { "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
        { "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-       { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+       { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
        { "rsa4096-sha256", {0}, {0}},
        { "sha256", {0}, {0}},
        { "ike:sha256", {0}, {0}},
index 067abf0..de285ca 100644 (file)
@@ -87,29 +87,33 @@ typedef struct {
 }hasher_sig_scheme_t;
 
 static hasher_sig_scheme_t sig_schemes[] = {
-       { SIGN_UNKNOWN,               HASH_UNKNOWN  },
-       { SIGN_RSA_EMSA_PKCS1_NULL,   HASH_UNKNOWN  },
-       { SIGN_RSA_EMSA_PKCS1_MD5,    HASH_MD5      },
-       { SIGN_RSA_EMSA_PKCS1_SHA1,   HASH_SHA1     },
-       { SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224   },
-       { SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256   },
-       { SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384   },
-       { SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512   },
-       { SIGN_ECDSA_WITH_SHA1_DER,   HASH_SHA1     },
-       { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256   },
-       { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384   },
-       { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512   },
-       { SIGN_ECDSA_WITH_NULL,       HASH_UNKNOWN  },
-       { SIGN_ECDSA_256,             HASH_SHA256   },
-       { SIGN_ECDSA_384,             HASH_SHA384   },
-       { SIGN_ECDSA_521,             HASH_SHA512   },
-       { SIGN_BLISS_WITH_SHA2_256,   HASH_SHA256   },
-       { SIGN_BLISS_WITH_SHA2_384,   HASH_SHA384   },
-       { SIGN_BLISS_WITH_SHA2_512,   HASH_SHA512   },
-       { SIGN_BLISS_WITH_SHA3_256,   HASH_SHA3_256 },
-       { SIGN_BLISS_WITH_SHA3_384,   HASH_SHA3_384 },
-       { SIGN_BLISS_WITH_SHA3_512,   HASH_SHA3_512 },
-       { 30,                                             HASH_UNKNOWN  }
+       { SIGN_UNKNOWN,               HASH_UNKNOWN    },
+       { SIGN_RSA_EMSA_PKCS1_NULL,   HASH_UNKNOWN    },
+       { SIGN_RSA_EMSA_PKCS1_MD5,    HASH_MD5        },
+       { SIGN_RSA_EMSA_PKCS1_SHA1,   HASH_SHA1       },
+       { SIGN_RSA_EMSA_PKCS1_SHA2_224, HASH_SHA224   },
+       { SIGN_RSA_EMSA_PKCS1_SHA2_256, HASH_SHA256   },
+       { SIGN_RSA_EMSA_PKCS1_SHA2_384, HASH_SHA384   },
+       { SIGN_RSA_EMSA_PKCS1_SHA2_512, HASH_SHA512   },
+       { SIGN_RSA_EMSA_PKCS1_SHA3_224, HASH_SHA3_224 },
+       { SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 },
+       { SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 },
+       { SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 },
+       { SIGN_ECDSA_WITH_SHA1_DER,   HASH_SHA1       },
+       { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256     },
+       { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384     },
+       { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512     },
+       { SIGN_ECDSA_WITH_NULL,       HASH_UNKNOWN    },
+       { SIGN_ECDSA_256,             HASH_SHA256     },
+       { SIGN_ECDSA_384,             HASH_SHA384     },
+       { SIGN_ECDSA_521,             HASH_SHA512     },
+       { SIGN_BLISS_WITH_SHA2_256,   HASH_SHA256     },
+       { SIGN_BLISS_WITH_SHA2_384,   HASH_SHA384     },
+       { SIGN_BLISS_WITH_SHA2_512,   HASH_SHA512     },
+       { SIGN_BLISS_WITH_SHA3_256,   HASH_SHA3_256   },
+       { SIGN_BLISS_WITH_SHA3_384,   HASH_SHA3_384   },
+       { SIGN_BLISS_WITH_SHA3_512,   HASH_SHA3_512   },
+       { 30,                                             HASH_UNKNOWN    }
 };
 
 START_TEST(test_hasher_from_sig_scheme)
index 2c1c6fb..41e7835 100644 (file)
@@ -24,10 +24,10 @@ static signature_scheme_t schemes[] = {
        SIGN_RSA_EMSA_PKCS1_NULL,
        SIGN_RSA_EMSA_PKCS1_MD5,
        SIGN_RSA_EMSA_PKCS1_SHA1,
-       SIGN_RSA_EMSA_PKCS1_SHA224,
-       SIGN_RSA_EMSA_PKCS1_SHA256,
-       SIGN_RSA_EMSA_PKCS1_SHA384,
-       SIGN_RSA_EMSA_PKCS1_SHA512,
+       SIGN_RSA_EMSA_PKCS1_SHA2_224,
+       SIGN_RSA_EMSA_PKCS1_SHA2_256,
+       SIGN_RSA_EMSA_PKCS1_SHA2_384,
+       SIGN_RSA_EMSA_PKCS1_SHA2_512,
 };
 
 /**
index 1eb3c8b..de7b470 100644 (file)
@@ -858,15 +858,22 @@ static struct {
        int size;
        signature_scheme_t expected[4];
 } scheme_data[] = {
-       {KEY_RSA,   1024, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-       {KEY_RSA,   2048, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-       {KEY_RSA,   4096, { SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-       {KEY_RSA,   8192, { SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-       {KEY_ECDSA,  256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
-       {KEY_ECDSA,  384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+       {KEY_RSA,   1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+                                               SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+       {KEY_RSA,   2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+                                               SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+       {KEY_RSA,   4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+                                               SIGN_UNKNOWN }},
+       {KEY_RSA,   8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+       {KEY_ECDSA,  256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER,
+                                               SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+       {KEY_ECDSA,  384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER,
+                                               SIGN_UNKNOWN }},
        {KEY_ECDSA,  512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
-       {KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
-       {KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+       {KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384,
+                                               SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+       {KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512,
+                                               SIGN_UNKNOWN }},
        {KEY_BLISS,  256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
 };
 
index 6bbd958..84b511f 100644 (file)
@@ -1215,16 +1215,16 @@ static struct {
        tls_hash_algorithm_t hash;
        signature_scheme_t scheme;
 } schemes[] = {
-       { TLS_SIG_ECDSA,        TLS_HASH_SHA256,        SIGN_ECDSA_WITH_SHA256_DER      },
-       { TLS_SIG_ECDSA,        TLS_HASH_SHA384,        SIGN_ECDSA_WITH_SHA384_DER      },
-       { TLS_SIG_ECDSA,        TLS_HASH_SHA512,        SIGN_ECDSA_WITH_SHA512_DER      },
-       { TLS_SIG_ECDSA,        TLS_HASH_SHA1,          SIGN_ECDSA_WITH_SHA1_DER        },
-       { TLS_SIG_RSA,          TLS_HASH_SHA256,        SIGN_RSA_EMSA_PKCS1_SHA256      },
-       { TLS_SIG_RSA,          TLS_HASH_SHA384,        SIGN_RSA_EMSA_PKCS1_SHA384      },
-       { TLS_SIG_RSA,          TLS_HASH_SHA512,        SIGN_RSA_EMSA_PKCS1_SHA512      },
-       { TLS_SIG_RSA,          TLS_HASH_SHA224,        SIGN_RSA_EMSA_PKCS1_SHA224      },
-       { TLS_SIG_RSA,          TLS_HASH_SHA1,          SIGN_RSA_EMSA_PKCS1_SHA1        },
-       { TLS_SIG_RSA,          TLS_HASH_MD5,           SIGN_RSA_EMSA_PKCS1_MD5         },
+       { TLS_SIG_ECDSA,        TLS_HASH_SHA256,        SIGN_ECDSA_WITH_SHA256_DER   },
+       { TLS_SIG_ECDSA,        TLS_HASH_SHA384,        SIGN_ECDSA_WITH_SHA384_DER   },
+       { TLS_SIG_ECDSA,        TLS_HASH_SHA512,        SIGN_ECDSA_WITH_SHA512_DER   },
+       { TLS_SIG_ECDSA,        TLS_HASH_SHA1,          SIGN_ECDSA_WITH_SHA1_DER     },
+       { TLS_SIG_RSA,          TLS_HASH_SHA256,        SIGN_RSA_EMSA_PKCS1_SHA2_256 },
+       { TLS_SIG_RSA,          TLS_HASH_SHA384,        SIGN_RSA_EMSA_PKCS1_SHA2_384 },
+       { TLS_SIG_RSA,          TLS_HASH_SHA512,        SIGN_RSA_EMSA_PKCS1_SHA2_512 },
+       { TLS_SIG_RSA,          TLS_HASH_SHA224,        SIGN_RSA_EMSA_PKCS1_SHA2_224 },
+       { TLS_SIG_RSA,          TLS_HASH_SHA1,          SIGN_RSA_EMSA_PKCS1_SHA1     },
+       { TLS_SIG_RSA,          TLS_HASH_MD5,           SIGN_RSA_EMSA_PKCS1_MD5      },
 };
 
 METHOD(tls_crypto_t, get_signature_algorithms, void,
diff --git a/testing/hosts/winnetou/etc/strongswan.conf b/testing/hosts/winnetou/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..dfb9dbc
--- /dev/null
@@ -0,0 +1,5 @@
+# strongswan.conf - strongSwan configuration file
+
+pki {
+  load = random pem sha1 sha2 sha3 pkcs1 pem gmp mgf1 bliss x509
+}
index 91451e9..61adcd2 100644 (file)
@@ -1,6 +1,6 @@
-moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA512 successful::YES
+moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_512 successful::YES
 moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA384 successful::YES
+sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_384 successful::YES
 sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
index 5e264c5..20849de 100644 (file)
@@ -1,12 +1,12 @@
 carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES
-moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA384 successful::YES
+moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_384 successful::YES
 moon ::ipsec status 2> /dev/null::research.*ESTABLISHED.*moon.strongswan.org.*PH_IP_CAROL::YES
 carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_CAROL.*moon.strongswan.org::YES
 moon ::ipsec status 2> /dev/null::research.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::NO
 dave ::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES
-moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA512 successful::YES
+moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_512 successful::YES
 moon ::ipsec status 2> /dev/null::accounting.*ESTABLISHED.*moon.strongswan.org.*PH_IP_DAVE::YES
 dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswan.org::YES
 moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES