Support BLISS signatures with SHA-3 hash
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 28 Oct 2015 20:00:31 +0000 (21:00 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 3 Nov 2015 20:35:09 +0000 (21:35 +0100)
src/libstrongswan/credentials/keys/public_key.c
src/libstrongswan/credentials/keys/public_key.h
src/libstrongswan/crypto/hashers/hasher.c
src/libstrongswan/plugins/bliss/bliss_private_key.c
src/libstrongswan/plugins/bliss/bliss_public_key.c
src/pki/commands/acert.c
src/pki/commands/issue.c
src/pki/commands/req.c
src/pki/commands/self.c
src/pki/commands/signcrl.c

index bd5915e..3ffa9b9 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -47,6 +47,9 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
        "BLISS_WITH_SHA256",
        "BLISS_WITH_SHA384",
        "BLISS_WITH_SHA512",
+       "BLISS_WITH_SHA3_256",
+       "BLISS_WITH_SHA3_384",
+       "BLISS_WITH_SHA3_512",
 );
 
 ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
@@ -139,10 +142,16 @@ signature_scheme_t signature_scheme_from_oid(int oid)
                case OID_BLISS_PUBLICKEY:
                case OID_BLISS_WITH_SHA512:
                        return SIGN_BLISS_WITH_SHA512;
-               case OID_BLISS_WITH_SHA256:
-                       return SIGN_BLISS_WITH_SHA256;
                case OID_BLISS_WITH_SHA384:
                        return SIGN_BLISS_WITH_SHA384;
+               case OID_BLISS_WITH_SHA256:
+                       return SIGN_BLISS_WITH_SHA256;
+               case OID_BLISS_WITH_SHA3_512:
+                       return SIGN_BLISS_WITH_SHA3_512;
+               case OID_BLISS_WITH_SHA3_384:
+                       return SIGN_BLISS_WITH_SHA3_384;
+               case OID_BLISS_WITH_SHA3_256:
+                       return SIGN_BLISS_WITH_SHA3_256;
        }
        return SIGN_UNKNOWN;
 }
@@ -187,6 +196,12 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
                        return OID_BLISS_WITH_SHA384;
                case SIGN_BLISS_WITH_SHA512:
                        return OID_BLISS_WITH_SHA512;
+               case SIGN_BLISS_WITH_SHA3_256:
+                       return OID_BLISS_WITH_SHA3_256;
+               case SIGN_BLISS_WITH_SHA3_384:
+                       return OID_BLISS_WITH_SHA3_384;
+               case SIGN_BLISS_WITH_SHA3_512:
+                       return OID_BLISS_WITH_SHA3_512;
        }
        return OID_UNKNOWN;
 }
@@ -287,6 +302,9 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
                case SIGN_BLISS_WITH_SHA256:
                case SIGN_BLISS_WITH_SHA384:
                case SIGN_BLISS_WITH_SHA512:
+               case SIGN_BLISS_WITH_SHA3_256:
+               case SIGN_BLISS_WITH_SHA3_384:
+               case SIGN_BLISS_WITH_SHA3_512:
                        return KEY_BLISS;
        }
        return KEY_ANY;
index 66e98b2..38c04f5 100644 (file)
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -100,6 +100,12 @@ enum signature_scheme_t {
        SIGN_BLISS_WITH_SHA384,
        /** BLISS with SHA-512                                             */
        SIGN_BLISS_WITH_SHA512,
+       /** BLISS with SHA-3_256                                           */
+       SIGN_BLISS_WITH_SHA3_256,
+       /** BLISS with SHA-3_384                                           */
+       SIGN_BLISS_WITH_SHA3_384,
+       /** BLISS with SHA-3_512                                           */
+       SIGN_BLISS_WITH_SHA3_512,
 };
 
 /**
index 5f8ea95..d936e12 100644 (file)
@@ -428,16 +428,19 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
                case SIGN_ECDSA_WITH_SHA256_DER:
                case SIGN_ECDSA_256:
                case SIGN_BLISS_WITH_SHA256:
+               case SIGN_BLISS_WITH_SHA3_256:
                        return HASH_SHA256;
                case SIGN_RSA_EMSA_PKCS1_SHA384:
                case SIGN_ECDSA_WITH_SHA384_DER:
                case SIGN_ECDSA_384:
                case SIGN_BLISS_WITH_SHA384:
+               case SIGN_BLISS_WITH_SHA3_384:
                        return HASH_SHA384;
                case SIGN_RSA_EMSA_PKCS1_SHA512:
                case SIGN_ECDSA_WITH_SHA512_DER:
                case SIGN_ECDSA_521:
                case SIGN_BLISS_WITH_SHA512:
+               case SIGN_BLISS_WITH_SHA3_512:
                        return HASH_SHA512;
        }
        return HASH_UNKNOWN;
index 1386eeb..22c194b 100644 (file)
@@ -517,6 +517,12 @@ METHOD(private_key_t, sign, bool,
                        return sign_bliss(this, HASH_SHA384, data, signature);
                case SIGN_BLISS_WITH_SHA512:
                        return sign_bliss(this, HASH_SHA512, data, signature);
+               case SIGN_BLISS_WITH_SHA3_256:
+                       return sign_bliss(this, HASH_SHA3_256, data, signature);
+               case SIGN_BLISS_WITH_SHA3_384:
+                       return sign_bliss(this, HASH_SHA3_384, data, signature);
+               case SIGN_BLISS_WITH_SHA3_512:
+                       return sign_bliss(this, HASH_SHA3_512, data, signature);
                default:
                        DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
                                 signature_scheme_names, scheme);
index 2b305f6..ba34bf4 100644 (file)
@@ -199,6 +199,12 @@ METHOD(public_key_t, verify, bool,
                        return verify_bliss(this, HASH_SHA384, data, signature);
                case SIGN_BLISS_WITH_SHA512:
                        return verify_bliss(this, HASH_SHA512, data, signature);
+               case SIGN_BLISS_WITH_SHA3_256:
+                       return verify_bliss(this, HASH_SHA3_256, data, signature);
+               case SIGN_BLISS_WITH_SHA3_384:
+                       return verify_bliss(this, HASH_SHA3_384, data, signature);
+               case SIGN_BLISS_WITH_SHA3_512:
+                       return verify_bliss(this, HASH_SHA3_512, data, signature);
                default:
                        DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
                                 signature_scheme_names, scheme);
index 7099977..4f850d6 100644 (file)
@@ -278,7 +278,8 @@ static void __attribute__ ((constructor))reg()
                {"[--in file] [--group name]* --issuerkey file|--issuerkeyid hex",
                 " --issuercert file [--serial hex] [--lifetime hours]",
                 " [--not-before datetime] [--not-after datetime] [--dateform form]",
-                "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+                "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+                "[--outform der|pem]"},
                {
                        {"help",                        'h', 0, "show usage information"},
                        {"in",                          'i', 1, "holder certificate, default: stdin"},
index 2dc9fcc..fdc43d7 100644 (file)
@@ -588,7 +588,8 @@ static void __attribute__ ((constructor))reg()
                 "[--nc-excluded name] [--policy-mapping issuer-oid:subject-oid]",
                 "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
                 "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
-                "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+                "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+                "[--outform der|pem]"},
                {
                        {"help",                        'h', 0, "show usage information"},
                        {"in",                          'i', 1, "key/request file to issue, default: stdin"},
index da991b5..68d6112 100644 (file)
@@ -196,7 +196,8 @@ static void __attribute__ ((constructor))reg()
                "create a PKCS#10 certificate request",
                {"  [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
                 "[--san subjectAltName]+ [--password challengePassword]",
-                "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+                "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+                "[--outform der|pem]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"in",          'i', 1, "private key input file, default: stdin"},
index a785c2a..f4e83c7 100644 (file)
@@ -425,7 +425,8 @@ static void __attribute__ ((constructor))reg()
                 "[--policy-map issuer-oid:subject-oid]",
                 "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
                 "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
-                "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+                "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
+                "[--outform der|pem]"},
                {
                        {"help",                        'h', 0, "show usage information"},
                        {"in",                          'i', 1, "private key input file, default: stdin"},
index 720dfd8..6c27289 100644 (file)
@@ -451,7 +451,7 @@ static void __attribute__ ((constructor))reg()
                 "  [[--reason key-compromise|ca-compromise|affiliation-changed|",
                 "             superseded|cessation-of-operation|certificate-hold]",
                 "   [--date timestamp] --cert file|--serial hex]*",
-                "  [--digest md5|sha1|sha224|sha256|sha384|sha512]",
+                "  [--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
                 "  [--outform der|pem]"},
                {
                        {"help",                'h', 0, "show usage information"},