{ "sha256", SIGN_ECDSA_256, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_384, KEY_ECDSA, },
{ "sha512", SIGN_ECDSA_521, KEY_ECDSA, },
- { "sha256", SIGN_BLISS_WITH_SHA256, KEY_BLISS, },
- { "sha384", SIGN_BLISS_WITH_SHA384, KEY_BLISS, },
- { "sha512", SIGN_BLISS_WITH_SHA512, KEY_BLISS, },
+ { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, },
+ { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, },
+ { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, },
};
if (rsa_len || ecdsa_len || bliss_strength)
0x07 "BLISS-B-III" OID_BLISS_B_III
0x08 "BLISS-B-IV" OID_BLISS_B_IV
0x03 "blissSigType"
- 0x01 "BLISS-with-SHA512" OID_BLISS_WITH_SHA512
- 0x02 "BLISS-with-SHA384" OID_BLISS_WITH_SHA384
- 0x03 "BLISS-with-SHA256" OID_BLISS_WITH_SHA256
+ 0x01 "BLISS-with-SHA2-512" OID_BLISS_WITH_SHA2_512
+ 0x02 "BLISS-with-SHA2-384" OID_BLISS_WITH_SHA2_384
+ 0x03 "BLISS-with-SHA2-256" OID_BLISS_WITH_SHA2_256
0x04 "BLISS-with-SHA3-512" OID_BLISS_WITH_SHA3_512
0x05 "BLISS-with-SHA3-384" OID_BLISS_WITH_SHA3_384
0x06 "BLISS-with-SHA3-256" OID_BLISS_WITH_SHA3_256
"BLISS"
);
-ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
"UNKNOWN",
"RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
- "BLISS_WITH_SHA256",
- "BLISS_WITH_SHA384",
- "BLISS_WITH_SHA512",
+ "BLISS_WITH_SHA2_256",
+ "BLISS_WITH_SHA2_384",
+ "BLISS_WITH_SHA2_512",
"BLISS_WITH_SHA3_256",
"BLISS_WITH_SHA3_384",
"BLISS_WITH_SHA3_512",
case OID_ECDSA_WITH_SHA512:
return SIGN_ECDSA_WITH_SHA512_DER;
case OID_BLISS_PUBLICKEY:
- case OID_BLISS_WITH_SHA512:
- return SIGN_BLISS_WITH_SHA512;
- case OID_BLISS_WITH_SHA384:
- return SIGN_BLISS_WITH_SHA384;
- case OID_BLISS_WITH_SHA256:
- return SIGN_BLISS_WITH_SHA256;
+ case OID_BLISS_WITH_SHA2_512:
+ return SIGN_BLISS_WITH_SHA2_512;
+ case OID_BLISS_WITH_SHA2_384:
+ return SIGN_BLISS_WITH_SHA2_384;
+ case OID_BLISS_WITH_SHA2_256:
+ return SIGN_BLISS_WITH_SHA2_256;
case OID_BLISS_WITH_SHA3_512:
return SIGN_BLISS_WITH_SHA3_512;
case OID_BLISS_WITH_SHA3_384:
return OID_ECDSA_WITH_SHA384;
case SIGN_ECDSA_WITH_SHA512_DER:
return OID_ECDSA_WITH_SHA512;
- case SIGN_BLISS_WITH_SHA256:
- return OID_BLISS_WITH_SHA256;
- case SIGN_BLISS_WITH_SHA384:
- return OID_BLISS_WITH_SHA384;
- case SIGN_BLISS_WITH_SHA512:
- return OID_BLISS_WITH_SHA512;
+ case SIGN_BLISS_WITH_SHA2_256:
+ return OID_BLISS_WITH_SHA2_256;
+ case SIGN_BLISS_WITH_SHA2_384:
+ return OID_BLISS_WITH_SHA2_384;
+ case SIGN_BLISS_WITH_SHA2_512:
+ return OID_BLISS_WITH_SHA2_512;
case SIGN_BLISS_WITH_SHA3_256:
return OID_BLISS_WITH_SHA3_256;
case SIGN_BLISS_WITH_SHA3_384:
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
- { SIGN_BLISS_WITH_SHA256, KEY_BLISS, 128 },
- { SIGN_BLISS_WITH_SHA384, KEY_BLISS, 192 },
- { SIGN_BLISS_WITH_SHA512, KEY_BLISS, 0 },
+ { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 },
+ { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 },
+ { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 }
};
/**
case SIGN_ECDSA_384:
case SIGN_ECDSA_521:
return KEY_ECDSA;
- case SIGN_BLISS_WITH_SHA256:
- case SIGN_BLISS_WITH_SHA384:
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_256:
+ case SIGN_BLISS_WITH_SHA2_384:
+ case SIGN_BLISS_WITH_SHA2_512:
case SIGN_BLISS_WITH_SHA3_256:
case SIGN_BLISS_WITH_SHA3_384:
case SIGN_BLISS_WITH_SHA3_512:
SIGN_ECDSA_384,
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
- /** BLISS with SHA-256 */
- SIGN_BLISS_WITH_SHA256,
- /** BLISS with SHA-384 */
- SIGN_BLISS_WITH_SHA384,
- /** BLISS with SHA-512 */
- SIGN_BLISS_WITH_SHA512,
+ /** BLISS with SHA-2_256 */
+ SIGN_BLISS_WITH_SHA2_256,
+ /** BLISS with SHA-2_384 */
+ SIGN_BLISS_WITH_SHA2_384,
+ /** BLISS with SHA-2_512 */
+ SIGN_BLISS_WITH_SHA2_512,
/** BLISS with SHA-3_256 */
SIGN_BLISS_WITH_SHA3_256,
/** BLISS with SHA-3_384 */
switch (alg)
{
case HASH_SHA256:
- return OID_BLISS_WITH_SHA256;
+ return OID_BLISS_WITH_SHA2_256;
case HASH_SHA384:
- return OID_BLISS_WITH_SHA384;
+ return OID_BLISS_WITH_SHA2_384;
case HASH_SHA512:
- return OID_BLISS_WITH_SHA512;
+ return OID_BLISS_WITH_SHA2_512;
case HASH_SHA3_256:
return OID_BLISS_WITH_SHA3_256;
case HASH_SHA3_384:
case SIGN_RSA_EMSA_PKCS1_SHA256:
case SIGN_ECDSA_WITH_SHA256_DER:
case SIGN_ECDSA_256:
- case SIGN_BLISS_WITH_SHA256:
+ case SIGN_BLISS_WITH_SHA2_256:
case SIGN_BLISS_WITH_SHA3_256:
return HASH_SHA256;
case SIGN_RSA_EMSA_PKCS1_SHA384:
case SIGN_ECDSA_WITH_SHA384_DER:
case SIGN_ECDSA_384:
- case SIGN_BLISS_WITH_SHA384:
+ case SIGN_BLISS_WITH_SHA2_384:
case SIGN_BLISS_WITH_SHA3_384:
return HASH_SHA384;
case SIGN_RSA_EMSA_PKCS1_SHA512:
case SIGN_ECDSA_WITH_SHA512_DER:
case SIGN_ECDSA_521:
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_512:
case SIGN_BLISS_WITH_SHA3_512:
return HASH_SHA512;
}
PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
/* signature schemes, private */
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
/* signature verification schemes */
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
};
*features = f;
{
switch (scheme)
{
- case SIGN_BLISS_WITH_SHA256:
+ case SIGN_BLISS_WITH_SHA2_256:
return sign_bliss(this, HASH_SHA256, data, signature);
- case SIGN_BLISS_WITH_SHA384:
+ case SIGN_BLISS_WITH_SHA2_384:
return sign_bliss(this, HASH_SHA384, data, signature);
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_512:
return sign_bliss(this, HASH_SHA512, data, signature);
case SIGN_BLISS_WITH_SHA3_256:
return sign_bliss(this, HASH_SHA3_256, data, signature);
{
switch (scheme)
{
- case SIGN_BLISS_WITH_SHA256:
+ case SIGN_BLISS_WITH_SHA2_256:
return verify_bliss(this, HASH_SHA256, data, signature);
- case SIGN_BLISS_WITH_SHA384:
+ case SIGN_BLISS_WITH_SHA2_384:
return verify_bliss(this, HASH_SHA384, data, signature);
- case SIGN_BLISS_WITH_SHA512:
+ case SIGN_BLISS_WITH_SHA2_512:
return verify_bliss(this, HASH_SHA512, data, signature);
case SIGN_BLISS_WITH_SHA3_256:
return verify_bliss(this, HASH_SHA3_256, data, signature);
switch (k)
{
case 1:
- signature_scheme = SIGN_BLISS_WITH_SHA256;
+ signature_scheme = SIGN_BLISS_WITH_SHA2_256;
break;
case 2:
- signature_scheme = SIGN_BLISS_WITH_SHA384;
+ signature_scheme = SIGN_BLISS_WITH_SHA2_384;
break;
default:
- signature_scheme = SIGN_BLISS_WITH_SHA512;
+ signature_scheme = SIGN_BLISS_WITH_SHA2_512;
}
/* enforce BLISS-B key for k = 2, 3 */
/* generate valid signature */
msg = chunk_from_str("Hello Dolly!");
- ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA512, msg, &signature));
+ ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
/* verify with invalid signature scheme */
ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
/* corrupt signature */
signature.ptr[signature.len - 1] ^= 0x80;
- ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA512, msg, signature));
+ ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
free(signature.ptr);
privkey->destroy(privkey);
scheme = SIGN_ECDSA_WITH_SHA1_DER;
break;
case KEY_BLISS:
- oid = OID_BLISS_WITH_SHA512;
- scheme = SIGN_BLISS_WITH_SHA512;
+ oid = OID_BLISS_WITH_SHA2_512;
+ scheme = SIGN_BLISS_WITH_SHA2_512;
break;
default:
DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not "
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2015 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
}hasher_oid_t;
static hasher_oid_t oids[] = {
- { OID_MD2, HASH_MD2, KEY_ANY },
- { OID_MD5, HASH_MD5, KEY_ANY },
- { OID_SHA1, HASH_SHA1, KEY_ANY },
- { OID_SHA224, HASH_SHA224, KEY_ANY },
- { OID_SHA256, HASH_SHA256, KEY_ANY },
- { OID_SHA384, HASH_SHA384, KEY_ANY },
- { OID_SHA512, HASH_SHA512, KEY_ANY },
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },
- { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA },
- { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },
- { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },
- { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },
- { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },
- { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },
- { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },
- { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },
- { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },
- { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },
- { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },
- { OID_BLISS_WITH_SHA256, HASH_SHA256, KEY_BLISS },
- { OID_BLISS_WITH_SHA384, HASH_SHA384, KEY_BLISS },
- { OID_BLISS_WITH_SHA512, HASH_SHA512, KEY_BLISS },
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }
+ { OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */
+ { OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */
+ { OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */
+ { OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */
+ { OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */
+ { OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */
+ { OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */
+ { OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */
+ { OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */
+ { OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */
+ { OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */
+ { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */
+ { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */
+ { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */
+ { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */
+ { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */
+ { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */
+ { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 19 */
+ { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 20 */
+ { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 21 */
+ { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 22 */
+ { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 23 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 24 */
+ { OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 25 */
+ { OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 26 */
+ { OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 27 */
+ { OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 28 */
+ { OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 29 */
+ { OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 30 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS } /* 31 */
};
START_TEST(test_hasher_from_oid)
suite_add_tcase(s, tc);
tc = tcase_create("to_oid");
- tcase_add_loop_test(tc, test_hasher_to_oid, 0, 8);
+ tcase_add_loop_test(tc, test_hasher_to_oid, 0, 12);
suite_add_tcase(s, tc);
tc = tcase_create("sig_to_oid");
- tcase_add_loop_test(tc, test_hasher_sig_to_oid, 7, countof(oids));
+ tcase_add_loop_test(tc, test_hasher_sig_to_oid, 11, countof(oids));
suite_add_tcase(s, tc);
tc = tcase_create("from_prf");
{KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
{KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
{KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
- {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA256, SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
- {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
- {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
};
START_TEST(test_signature_schemes_for_key)