PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
PLUGIN_CALLBACK(tkm_spi_generator_register, NULL),
if (key_type == KEY_RSA)
{
signature_scheme_t schemes[] = {
- SIGN_RSA_EMSA_PKCS1_SHA384,
- SIGN_RSA_EMSA_PKCS1_SHA256,
+ SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_256,
SIGN_RSA_EMSA_PKCS1_SHA1,
}, contained;
bool found;
scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
break;
case HASH_SHA256:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256;
break;
case HASH_SHA384:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384;
break;
case HASH_SHA512:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
+ break;
+ case HASH_SHA3_256:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA3_256;
+ break;
+ case HASH_SHA3_384:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384;
+ break;
+ case HASH_SHA3_512:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
break;
default:
scheme = SIGN_UNKNOWN;
/*
* Copyright (C) 2008-2016 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffeb
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
} schemes[] = {
{ "md5", SIGN_RSA_EMSA_PKCS1_MD5, KEY_RSA, },
{ "sha1", SIGN_RSA_EMSA_PKCS1_SHA1, KEY_RSA, },
- { "sha224", SIGN_RSA_EMSA_PKCS1_SHA224, KEY_RSA, },
- { "sha256", SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, },
- { "sha384", SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, },
- { "sha512", SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, },
+ { "sha224", SIGN_RSA_EMSA_PKCS1_SHA2_224, KEY_RSA, },
+ { "sha256", SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, },
+ { "sha384", SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, },
+ { "sha512", SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, },
{ "sha1", SIGN_ECDSA_WITH_SHA1_DER, KEY_ECDSA, },
{ "sha256", SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, },
{ "sha384", SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, },
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
"RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"RSA_EMSA_PKCS1_SHA1",
- "RSA_EMSA_PKCS1_SHA224",
- "RSA_EMSA_PKCS1_SHA256",
- "RSA_EMSA_PKCS1_SHA384",
- "RSA_EMSA_PKCS1_SHA512",
+ "RSA_EMSA_PKCS1_SHA2_224",
+ "RSA_EMSA_PKCS1_SHA2_256",
+ "RSA_EMSA_PKCS1_SHA2_384",
+ "RSA_EMSA_PKCS1_SHA2_512",
+ "RSA_EMSA_PKCS1_SHA3_224",
+ "RSA_EMSA_PKCS1_SHA3_256",
+ "RSA_EMSA_PKCS1_SHA3_384",
+ "RSA_EMSA_PKCS1_SHA3_512",
"ECDSA_WITH_SHA1_DER",
"ECDSA_WITH_SHA256_DER",
"ECDSA_WITH_SHA384_DER",
return SIGN_RSA_EMSA_PKCS1_SHA1;
case OID_SHA224_WITH_RSA:
case OID_SHA224:
- return SIGN_RSA_EMSA_PKCS1_SHA224;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_224;
case OID_SHA256_WITH_RSA:
case OID_SHA256:
- return SIGN_RSA_EMSA_PKCS1_SHA256;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_256;
case OID_SHA384_WITH_RSA:
case OID_SHA384:
- return SIGN_RSA_EMSA_PKCS1_SHA384;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_384;
case OID_SHA512_WITH_RSA:
case OID_SHA512:
- return SIGN_RSA_EMSA_PKCS1_SHA512;
+ return SIGN_RSA_EMSA_PKCS1_SHA2_512;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_224;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_256;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_384;
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
+ return SIGN_RSA_EMSA_PKCS1_SHA3_512;
case OID_ECDSA_WITH_SHA1:
case OID_EC_PUBLICKEY:
return SIGN_ECDSA_WITH_SHA1_DER;
return OID_MD5_WITH_RSA;
case SIGN_RSA_EMSA_PKCS1_SHA1:
return OID_SHA1_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return OID_SHA224_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return OID_SHA256_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return OID_SHA384_WITH_RSA;
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return OID_SHA512_WITH_RSA;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
case SIGN_ECDSA_WITH_SHA1_DER:
return OID_ECDSA_WITH_SHA1;
case SIGN_ECDSA_WITH_SHA256_DER:
key_type_t type;
int max_keysize;
} scheme_map[] = {
- { SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA, 3072 },
- { SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA, 7680 },
- { SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA, 0 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
case SIGN_RSA_EMSA_PKCS1_NULL:
case SIGN_RSA_EMSA_PKCS1_MD5:
case SIGN_RSA_EMSA_PKCS1_SHA1:
- case SIGN_RSA_EMSA_PKCS1_SHA224:
- case SIGN_RSA_EMSA_PKCS1_SHA256:
- case SIGN_RSA_EMSA_PKCS1_SHA384:
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
return KEY_RSA;
case SIGN_ECDSA_WITH_SHA1_DER:
case SIGN_ECDSA_WITH_SHA256_DER:
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
SIGN_RSA_EMSA_PKCS1_MD5,
/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
SIGN_RSA_EMSA_PKCS1_SHA1,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */
- SIGN_RSA_EMSA_PKCS1_SHA224,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
- SIGN_RSA_EMSA_PKCS1_SHA256,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
- SIGN_RSA_EMSA_PKCS1_SHA384,
- /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
- SIGN_RSA_EMSA_PKCS1_SHA512,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_224,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
+ SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_224,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_256,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_384,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
+ SIGN_RSA_EMSA_PKCS1_SHA3_512,
/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
SIGN_ECDSA_WITH_SHA1_DER,
/** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
/*
* Copyright (C) 2012-2015 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
case OID_SHA512_WITH_RSA:
return HASH_SHA512;
case OID_SHA3_224:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
return HASH_SHA3_224;
case OID_SHA3_256:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
return HASH_SHA3_256;
case OID_SHA3_384:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
return HASH_SHA3_384;
case OID_SHA3_512:
+ case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
return HASH_SHA3_512;
default:
return HASH_UNKNOWN;
return OID_SHA384_WITH_RSA;
case HASH_SHA512:
return OID_SHA512_WITH_RSA;
+ case HASH_SHA3_224:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+ case HASH_SHA3_256:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+ case HASH_SHA3_384:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+ case HASH_SHA3_512:
+ return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
default:
return OID_UNKNOWN;
}
case SIGN_RSA_EMSA_PKCS1_SHA1:
case SIGN_ECDSA_WITH_SHA1_DER:
return HASH_SHA1;
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return HASH_SHA224;
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
case SIGN_ECDSA_WITH_SHA256_DER:
case SIGN_ECDSA_256:
case SIGN_BLISS_WITH_SHA2_256:
return HASH_SHA256;
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
case SIGN_ECDSA_WITH_SHA384_DER:
case SIGN_ECDSA_384:
case SIGN_BLISS_WITH_SHA2_384:
return HASH_SHA384;
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
case SIGN_ECDSA_WITH_SHA512_DER:
case SIGN_ECDSA_521:
case SIGN_BLISS_WITH_SHA2_512:
return HASH_SHA512;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return HASH_SHA3_224;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
case SIGN_BLISS_WITH_SHA3_256:
return HASH_SHA3_256;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
case SIGN_BLISS_WITH_SHA3_384:
return HASH_SHA3_384;
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
case SIGN_BLISS_WITH_SHA3_512:
return HASH_SHA3_512;
}
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return sign_raw(this, data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
case SIGN_RSA_EMSA_PKCS1_MD5:
return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
default:
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_raw(this, data, signature);
- case SIGN_RSA_EMSA_PKCS1_MD5:
- return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_MD5:
+ return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
/* signature schemes, private */
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
- PLUGIN_DEPENDS(HASHER, HASH_SHA1),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
PLUGIN_DEPENDS(HASHER, HASH_SHA224),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
PLUGIN_DEPENDS(HASHER, HASH_MD5),
/* signature verification schemes */
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
- PLUGIN_DEPENDS(HASHER, HASH_SHA1),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
PLUGIN_DEPENDS(HASHER, HASH_SHA224),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
PLUGIN_DEPENDS(HASHER, HASH_SHA256),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
PLUGIN_DEPENDS(HASHER, HASH_SHA384),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
PLUGIN_DEPENDS(HASHER, HASH_MD5),
/* en-/decryption schemes */
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return build_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+ return build_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
default:
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
- case SIGN_RSA_EMSA_PKCS1_MD5:
- return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_MD5:
+ return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
default:
DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
#endif
#ifndef OPENSSL_NO_SHA256
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
#endif
#ifndef OPENSSL_NO_SHA512
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
- PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
- PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
#endif
#ifndef OPENSSL_NO_MD5
PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
{
case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA1:
- return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA224:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
- case SIGN_RSA_EMSA_PKCS1_SHA512:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
} mappings[] = {
{SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA2_256, {CKM_SHA256_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA2_384, {CKM_SHA384_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA2_512, {CKM_SHA512_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
- {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0},
+ {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
{SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0},
KEY_RSA, 0, HASH_UNKNOWN},
signature_scheme_t sig[5];
signature_scheme_t ike[5];
} sig_constraints_tests[] = {
- { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
- { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}},
+ { "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
+ { "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
{ "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
- { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
- { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
- { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
- { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
- { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
- { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+ { "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+ { "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+ { "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+ { "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+ { "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+ { "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
{ "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
{ "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
- { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+ { "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
{ "rsa4096-sha256", {0}, {0}},
{ "sha256", {0}, {0}},
{ "ike:sha256", {0}, {0}},
}hasher_sig_scheme_t;
static hasher_sig_scheme_t sig_schemes[] = {
- { SIGN_UNKNOWN, HASH_UNKNOWN },
- { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN },
- { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 },
- { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 },
- { SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224 },
- { SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256 },
- { SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384 },
- { SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512 },
- { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 },
- { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 },
- { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 },
- { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 },
- { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN },
- { SIGN_ECDSA_256, HASH_SHA256 },
- { SIGN_ECDSA_384, HASH_SHA384 },
- { SIGN_ECDSA_521, HASH_SHA512 },
- { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 },
- { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 },
- { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 },
- { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
- { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
- { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
- { 30, HASH_UNKNOWN }
+ { SIGN_UNKNOWN, HASH_UNKNOWN },
+ { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN },
+ { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 },
+ { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_224, HASH_SHA224 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_256, HASH_SHA256 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_384, HASH_SHA384 },
+ { SIGN_RSA_EMSA_PKCS1_SHA2_512, HASH_SHA512 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_224, HASH_SHA3_224 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 },
+ { SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 },
+ { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 },
+ { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 },
+ { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 },
+ { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 },
+ { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN },
+ { SIGN_ECDSA_256, HASH_SHA256 },
+ { SIGN_ECDSA_384, HASH_SHA384 },
+ { SIGN_ECDSA_521, HASH_SHA512 },
+ { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 },
+ { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 },
+ { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 },
+ { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 },
+ { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 },
+ { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 },
+ { 30, HASH_UNKNOWN }
};
START_TEST(test_hasher_from_sig_scheme)
SIGN_RSA_EMSA_PKCS1_NULL,
SIGN_RSA_EMSA_PKCS1_MD5,
SIGN_RSA_EMSA_PKCS1_SHA1,
- SIGN_RSA_EMSA_PKCS1_SHA224,
- SIGN_RSA_EMSA_PKCS1_SHA256,
- SIGN_RSA_EMSA_PKCS1_SHA384,
- SIGN_RSA_EMSA_PKCS1_SHA512,
+ SIGN_RSA_EMSA_PKCS1_SHA2_224,
+ SIGN_RSA_EMSA_PKCS1_SHA2_256,
+ SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_512,
};
/**
int size;
signature_scheme_t expected[4];
} scheme_data[] = {
- {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
- {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
- {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+ {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+ SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+ SIGN_UNKNOWN }},
+ {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER,
+ SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+ {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER,
+ SIGN_UNKNOWN }},
{KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
- {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
- {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384,
+ SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+ {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512,
+ SIGN_UNKNOWN }},
{KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
};
tls_hash_algorithm_t hash;
signature_scheme_t scheme;
} schemes[] = {
- { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER },
- { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA256 },
- { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA384 },
- { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA512 },
- { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA224 },
- { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 },
- { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER },
+ { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA2_256 },
+ { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA2_384 },
+ { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA2_512 },
+ { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA2_224 },
+ { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 },
+ { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 },
};
METHOD(tls_crypto_t, get_signature_algorithms, void,
--- /dev/null
+# strongswan.conf - strongSwan configuration file
+
+pki {
+ load = random pem sha1 sha2 sha3 pkcs1 pem gmp mgf1 bliss x509
+}
-moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA512 successful::YES
+moon:: cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_512 successful::YES
moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA384 successful::YES
+sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PKCS1_SHA2_384 successful::YES
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES
-moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA384 successful::YES
+moon ::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_384 successful::YES
moon ::ipsec status 2> /dev/null::research.*ESTABLISHED.*moon.strongswan.org.*PH_IP_CAROL::YES
carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_CAROL.*moon.strongswan.org::YES
moon ::ipsec status 2> /dev/null::research.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::NO
dave ::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA.* successful::YES
-moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA512 successful::YES
+moon ::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA_EMSA_PKCS1_SHA2_512 successful::YES
moon ::ipsec status 2> /dev/null::accounting.*ESTABLISHED.*moon.strongswan.org.*PH_IP_DAVE::YES
dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswan.org::YES
moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES
projects / thirdparty / strongswan.git / commitdiff
