Support BLISS signatures with SHA-3 hash
This commit is contained in:
parent
a488584b5f
commit
f6fede934b
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2015 Tobias Brunner
|
||||
* Copyright (C) 2007 Martin Willi
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -47,6 +47,9 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
|
|||
"BLISS_WITH_SHA256",
|
||||
"BLISS_WITH_SHA384",
|
||||
"BLISS_WITH_SHA512",
|
||||
"BLISS_WITH_SHA3_256",
|
||||
"BLISS_WITH_SHA3_384",
|
||||
"BLISS_WITH_SHA3_512",
|
||||
);
|
||||
|
||||
ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
|
||||
|
@ -139,10 +142,16 @@ signature_scheme_t signature_scheme_from_oid(int oid)
|
|||
case OID_BLISS_PUBLICKEY:
|
||||
case OID_BLISS_WITH_SHA512:
|
||||
return SIGN_BLISS_WITH_SHA512;
|
||||
case OID_BLISS_WITH_SHA256:
|
||||
return SIGN_BLISS_WITH_SHA256;
|
||||
case OID_BLISS_WITH_SHA384:
|
||||
return SIGN_BLISS_WITH_SHA384;
|
||||
case OID_BLISS_WITH_SHA256:
|
||||
return SIGN_BLISS_WITH_SHA256;
|
||||
case OID_BLISS_WITH_SHA3_512:
|
||||
return SIGN_BLISS_WITH_SHA3_512;
|
||||
case OID_BLISS_WITH_SHA3_384:
|
||||
return SIGN_BLISS_WITH_SHA3_384;
|
||||
case OID_BLISS_WITH_SHA3_256:
|
||||
return SIGN_BLISS_WITH_SHA3_256;
|
||||
}
|
||||
return SIGN_UNKNOWN;
|
||||
}
|
||||
|
@ -187,6 +196,12 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
|
|||
return OID_BLISS_WITH_SHA384;
|
||||
case SIGN_BLISS_WITH_SHA512:
|
||||
return OID_BLISS_WITH_SHA512;
|
||||
case SIGN_BLISS_WITH_SHA3_256:
|
||||
return OID_BLISS_WITH_SHA3_256;
|
||||
case SIGN_BLISS_WITH_SHA3_384:
|
||||
return OID_BLISS_WITH_SHA3_384;
|
||||
case SIGN_BLISS_WITH_SHA3_512:
|
||||
return OID_BLISS_WITH_SHA3_512;
|
||||
}
|
||||
return OID_UNKNOWN;
|
||||
}
|
||||
|
@ -287,6 +302,9 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
|
|||
case SIGN_BLISS_WITH_SHA256:
|
||||
case SIGN_BLISS_WITH_SHA384:
|
||||
case SIGN_BLISS_WITH_SHA512:
|
||||
case SIGN_BLISS_WITH_SHA3_256:
|
||||
case SIGN_BLISS_WITH_SHA3_384:
|
||||
case SIGN_BLISS_WITH_SHA3_512:
|
||||
return KEY_BLISS;
|
||||
}
|
||||
return KEY_ANY;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2015 Tobias Brunner
|
||||
* Copyright (C) 2007 Martin Willi
|
||||
* Copyright (C) 2014 Andreas Steffen
|
||||
* Copyright (C) 2014-2015 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
@ -100,6 +100,12 @@ enum signature_scheme_t {
|
|||
SIGN_BLISS_WITH_SHA384,
|
||||
/** BLISS with SHA-512 */
|
||||
SIGN_BLISS_WITH_SHA512,
|
||||
/** BLISS with SHA-3_256 */
|
||||
SIGN_BLISS_WITH_SHA3_256,
|
||||
/** BLISS with SHA-3_384 */
|
||||
SIGN_BLISS_WITH_SHA3_384,
|
||||
/** BLISS with SHA-3_512 */
|
||||
SIGN_BLISS_WITH_SHA3_512,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -428,16 +428,19 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
|
|||
case SIGN_ECDSA_WITH_SHA256_DER:
|
||||
case SIGN_ECDSA_256:
|
||||
case SIGN_BLISS_WITH_SHA256:
|
||||
case SIGN_BLISS_WITH_SHA3_256:
|
||||
return HASH_SHA256;
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA384:
|
||||
case SIGN_ECDSA_WITH_SHA384_DER:
|
||||
case SIGN_ECDSA_384:
|
||||
case SIGN_BLISS_WITH_SHA384:
|
||||
case SIGN_BLISS_WITH_SHA3_384:
|
||||
return HASH_SHA384;
|
||||
case SIGN_RSA_EMSA_PKCS1_SHA512:
|
||||
case SIGN_ECDSA_WITH_SHA512_DER:
|
||||
case SIGN_ECDSA_521:
|
||||
case SIGN_BLISS_WITH_SHA512:
|
||||
case SIGN_BLISS_WITH_SHA3_512:
|
||||
return HASH_SHA512;
|
||||
}
|
||||
return HASH_UNKNOWN;
|
||||
|
|
|
@ -517,6 +517,12 @@ METHOD(private_key_t, sign, bool,
|
|||
return sign_bliss(this, HASH_SHA384, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA512:
|
||||
return sign_bliss(this, HASH_SHA512, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA3_256:
|
||||
return sign_bliss(this, HASH_SHA3_256, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA3_384:
|
||||
return sign_bliss(this, HASH_SHA3_384, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA3_512:
|
||||
return sign_bliss(this, HASH_SHA3_512, data, signature);
|
||||
default:
|
||||
DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
|
||||
signature_scheme_names, scheme);
|
||||
|
|
|
@ -199,6 +199,12 @@ METHOD(public_key_t, verify, bool,
|
|||
return verify_bliss(this, HASH_SHA384, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA512:
|
||||
return verify_bliss(this, HASH_SHA512, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA3_256:
|
||||
return verify_bliss(this, HASH_SHA3_256, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA3_384:
|
||||
return verify_bliss(this, HASH_SHA3_384, data, signature);
|
||||
case SIGN_BLISS_WITH_SHA3_512:
|
||||
return verify_bliss(this, HASH_SHA3_512, data, signature);
|
||||
default:
|
||||
DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
|
||||
signature_scheme_names, scheme);
|
||||
|
|
|
@ -278,7 +278,8 @@ static void __attribute__ ((constructor))reg()
|
|||
{"[--in file] [--group name]* --issuerkey file|--issuerkeyid hex",
|
||||
" --issuercert file [--serial hex] [--lifetime hours]",
|
||||
" [--not-before datetime] [--not-after datetime] [--dateform form]",
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
|
||||
"[--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "holder certificate, default: stdin"},
|
||||
|
|
|
@ -588,7 +588,8 @@ static void __attribute__ ((constructor))reg()
|
|||
"[--nc-excluded name] [--policy-mapping issuer-oid:subject-oid]",
|
||||
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
|
||||
"[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
|
||||
"[--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "key/request file to issue, default: stdin"},
|
||||
|
|
|
@ -196,7 +196,8 @@ static void __attribute__ ((constructor))reg()
|
|||
"create a PKCS#10 certificate request",
|
||||
{" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
|
||||
"[--san subjectAltName]+ [--password challengePassword]",
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
|
||||
"[--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "private key input file, default: stdin"},
|
||||
|
|
|
@ -425,7 +425,8 @@ static void __attribute__ ((constructor))reg()
|
|||
"[--policy-map issuer-oid:subject-oid]",
|
||||
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
|
||||
"[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
|
||||
"[--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "private key input file, default: stdin"},
|
||||
|
|
|
@ -451,7 +451,7 @@ static void __attribute__ ((constructor))reg()
|
|||
" [[--reason key-compromise|ca-compromise|affiliation-changed|",
|
||||
" superseded|cessation-of-operation|certificate-hold]",
|
||||
" [--date timestamp] --cert file|--serial hex]*",
|
||||
" [--digest md5|sha1|sha224|sha256|sha384|sha512]",
|
||||
" [--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
|
||||
" [--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
|
|
Loading…
Reference in New Issue