strongswan/src/libstrongswan/crypto/hashers/hasher.c

/*
 * Copyright (C) 2012-2015 Tobias Brunner
 * Copyright (C) 2015-2017 Andreas Steffen
 * Copyright (C) 2005-2006 Martin Willi
 * Copyright (C) 2005 Jan Hutter
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#include "hasher.h"

#include <asn1/oid.h>
#include <credentials/keys/signature_params.h>

ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY,
	"HASH_SHA1",
	"HASH_SHA2_256",
	"HASH_SHA2_384",
	"HASH_SHA2_512",
	"HASH_IDENTITY");
ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
	"HASH_UNKNOWN",
	"HASH_MD2",
	"HASH_MD4",
	"HASH_MD5",
	"HASH_SHA2_224",
	"HASH_SHA3_224",
	"HASH_SHA3_256",
	"HASH_SHA3_384",
	"HASH_SHA3_512");
ENUM_END(hash_algorithm_names, HASH_SHA3_512);

ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_IDENTITY,
	"sha1",
	"sha256",
	"sha384",
	"sha512",
	"identity");
ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
	"unknown",
	"md2",
	"md4",
	"md5",
	"sha224",
	"sha3_224",
	"sha3_256",
	"sha3_384",
	"sha3_512");
ENUM_END(hash_algorithm_short_names, HASH_SHA3_512);

ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY,
	"SHA1",
	"SHA2_256",
	"SHA2_384",
	"SHA2_512",
	"IDENTITY");
ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
	"UNKNOWN",
	"MD2",
	"MD4",
	"MD5",
	"SHA2_224",
	"SHA3_224",
	"SHA3_256",
	"SHA3_384",
	"SHA3_512");
ENUM_END(hash_algorithm_short_names_upper, HASH_SHA3_512);

/*
 * Described in header
 */
size_t hasher_hash_size(hash_algorithm_t alg)
{
	switch (alg)
	{
		case HASH_SHA1:
			return HASH_SIZE_SHA1;
		case HASH_SHA256:
			return HASH_SIZE_SHA256;
		case HASH_SHA384:
			return HASH_SIZE_SHA384;
		case HASH_SHA512:
			return HASH_SIZE_SHA512;
		case HASH_MD2:
			return HASH_SIZE_MD2;
		case HASH_MD4:
			return HASH_SIZE_MD4;
		case HASH_MD5:
			return HASH_SIZE_MD5;
		case HASH_SHA224:
			return HASH_SIZE_SHA224;
		case HASH_SHA3_224:
			return HASH_SIZE_SHA224;
		case HASH_SHA3_256:
			return HASH_SIZE_SHA256;
		case HASH_SHA3_384:
			return HASH_SIZE_SHA384;
		case HASH_SHA3_512:
			return HASH_SIZE_SHA512;
		case HASH_IDENTITY:
		case HASH_UNKNOWN:
			break;
	}
	return 0;
}

/*
 * Described in header.
 */
hash_algorithm_t hasher_algorithm_from_oid(int oid)
{
	switch (oid)
	{
		case OID_MD2:
		case OID_MD2_WITH_RSA:
			return HASH_MD2;
		case OID_MD5:
		case OID_MD5_WITH_RSA:
			return HASH_MD5;
		case OID_SHA1:
		case OID_SHA1_WITH_RSA:
			return HASH_SHA1;
		case OID_SHA224:
		case OID_SHA224_WITH_RSA:
			return HASH_SHA224;
		case OID_SHA256:
		case OID_SHA256_WITH_RSA:
			return HASH_SHA256;
		case OID_SHA384:
		case OID_SHA384_WITH_RSA:
			return HASH_SHA384;
		case OID_SHA512:
		case OID_SHA512_WITH_RSA:
			return HASH_SHA512;
		case OID_SHA3_224:
		case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
			return HASH_SHA3_224;
		case OID_SHA3_256:
		case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
			return HASH_SHA3_256;
		case OID_SHA3_384:
		case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
			return HASH_SHA3_384;
		case OID_SHA3_512:
		case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
			return HASH_SHA3_512;
		case OID_ED25519:
		case OID_ED448:
			return HASH_IDENTITY;
		default:
			return HASH_UNKNOWN;
	}
}

/*
 * Described in header.
 */
hash_algorithm_t hasher_algorithm_from_prf(pseudo_random_function_t alg)
{
	switch (alg)
	{
		case PRF_HMAC_MD5:
			return HASH_MD5;
		case PRF_HMAC_SHA1:
		case PRF_FIPS_SHA1_160:
		case PRF_KEYED_SHA1:
			return HASH_SHA1;
		case PRF_HMAC_SHA2_256:
			return HASH_SHA256;
		case PRF_HMAC_SHA2_384:
			return HASH_SHA384;
		case PRF_HMAC_SHA2_512:
			return HASH_SHA512;
		case PRF_HMAC_TIGER:
		case PRF_AES128_XCBC:
		case PRF_AES128_CMAC:
		case PRF_FIPS_DES:
		case PRF_CAMELLIA128_XCBC:
		case PRF_UNDEFINED:
			break;
	}
	return HASH_UNKNOWN;
}

/*
 * Described in header.
 */
hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
												 size_t *length)
{
	if (length)
	{
		switch (alg)
		{
			case AUTH_HMAC_MD5_96:
			case AUTH_HMAC_SHA1_96:
			case AUTH_HMAC_SHA2_256_96:
				*length = 12;
				break;
			case AUTH_HMAC_MD5_128:
			case AUTH_HMAC_SHA1_128:
			case AUTH_HMAC_SHA2_256_128:
				*length = 16;
				break;
			case AUTH_HMAC_SHA1_160:
				*length = 20;
				break;
			case AUTH_HMAC_SHA2_384_192:
				*length = 24;
				break;
			case AUTH_HMAC_SHA2_256_256:
			case AUTH_HMAC_SHA2_512_256:
				*length = 32;
				break;
			case AUTH_HMAC_SHA2_384_384:
				*length = 48;
				break;
			case AUTH_HMAC_SHA2_512_512:
				*length = 64;
				break;
			default:
				break;
		}
	}
	switch (alg)
	{
		case AUTH_HMAC_MD5_96:
		case AUTH_HMAC_MD5_128:
		case AUTH_KPDK_MD5:
			return HASH_MD5;
		case AUTH_HMAC_SHA1_96:
		case AUTH_HMAC_SHA1_128:
		case AUTH_HMAC_SHA1_160:
			return HASH_SHA1;
		case AUTH_HMAC_SHA2_256_96:
		case AUTH_HMAC_SHA2_256_128:
		case AUTH_HMAC_SHA2_256_256:
			return HASH_SHA256;
		case AUTH_HMAC_SHA2_384_192:
		case AUTH_HMAC_SHA2_384_384:
			return HASH_SHA384;
		case AUTH_HMAC_SHA2_512_256:
		case AUTH_HMAC_SHA2_512_512:
			return HASH_SHA512;
		case AUTH_AES_CMAC_96:
		case AUTH_AES_128_GMAC:
		case AUTH_AES_192_GMAC:
		case AUTH_AES_256_GMAC:
		case AUTH_AES_XCBC_96:
		case AUTH_DES_MAC:
		case AUTH_CAMELLIA_XCBC_96:
		case AUTH_UNDEFINED:
			break;
	}
	return HASH_UNKNOWN;
}

/*
 * Described in header.
 */
integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
													size_t length)
{
	switch (alg)
	{
		case HASH_MD5:
			switch (length)
			{
				case 12:
					return AUTH_HMAC_MD5_96;
				case 16:
					return AUTH_HMAC_MD5_128;
			}
			break;
		case HASH_SHA1:
			switch (length)
			{
				case 12:
					return AUTH_HMAC_SHA1_96;
				case 16:
					return AUTH_HMAC_SHA1_128;
				case 20:
					return AUTH_HMAC_SHA1_160;
			}
			break;
		case HASH_SHA256:
			switch (length)
			{
				case 12:
					return AUTH_HMAC_SHA2_256_96;
				case 16:
					return AUTH_HMAC_SHA2_256_128;
				case 32:
					return AUTH_HMAC_SHA2_256_256;
			}
			break;
		case HASH_SHA384:
			switch (length)
			{
				case 24:
					return AUTH_HMAC_SHA2_384_192;
				case 48:
					return AUTH_HMAC_SHA2_384_384;

			}
			break;
		case HASH_SHA512:
			switch (length)
			{
				case 32:
					return AUTH_HMAC_SHA2_512_256;
				case 64:
					return AUTH_HMAC_SHA2_512_512;
			}
			break;
		case HASH_MD2:
		case HASH_MD4:
		case HASH_SHA224:
		case HASH_SHA3_224:
		case HASH_SHA3_256:
		case HASH_SHA3_384:
		case HASH_SHA3_512:
		case HASH_IDENTITY:
		case HASH_UNKNOWN:
			break;
	}
	return AUTH_UNDEFINED;
}

/*
 * Described in header.
 */
bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
{
	switch (alg)
	{
		case HASH_SHA1:
		case HASH_SHA256:
		case HASH_SHA384:
		case HASH_SHA512:
			return TRUE;
		case HASH_IDENTITY:
		case HASH_UNKNOWN:
		case HASH_MD2:
		case HASH_MD4:
		case HASH_MD5:
		case HASH_SHA224:
		case HASH_SHA3_224:
		case HASH_SHA3_256:
		case HASH_SHA3_384:
		case HASH_SHA3_512:
			break;
	}
	return FALSE;
}

/*
 * Described in header.
 */
int hasher_algorithm_to_oid(hash_algorithm_t alg)
{
	int oid;

	switch (alg)
	{
		case HASH_MD2:
			oid = OID_MD2;
			break;
		case HASH_MD5:
			oid = OID_MD5;
			break;
		case HASH_SHA1:
			oid = OID_SHA1;
			break;
		case HASH_SHA224:
			oid = OID_SHA224;
			break;
		case HASH_SHA256:
			oid = OID_SHA256;
			break;
		case HASH_SHA384:
			oid = OID_SHA384;
			break;
		case HASH_SHA512:
			oid = OID_SHA512;
			break;
		case HASH_SHA3_224:
			oid = OID_SHA3_224;
			break;
		case HASH_SHA3_256:
			oid = OID_SHA3_256;
			break;
		case HASH_SHA3_384:
			oid = OID_SHA3_384;
			break;
		case HASH_SHA3_512:
			oid = OID_SHA3_512;
			break;
		default:
			oid = OID_UNKNOWN;
	}
	return oid;
}

/*
 * Described in header.
 */
int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
{
	switch (key)
	{
		case KEY_RSA:
			switch (alg)
			{
				case HASH_MD2:
					return OID_MD2_WITH_RSA;
				case HASH_MD5:
					return OID_MD5_WITH_RSA;
				case HASH_SHA1:
					return OID_SHA1_WITH_RSA;
				case HASH_SHA224:
					return OID_SHA224_WITH_RSA;
				case HASH_SHA256:
					return OID_SHA256_WITH_RSA;
				case HASH_SHA384:
					return OID_SHA384_WITH_RSA;
				case HASH_SHA512:
					return OID_SHA512_WITH_RSA;
				case HASH_SHA3_224:
					return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
				case HASH_SHA3_256:
					return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
				case HASH_SHA3_384:
					return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
				case HASH_SHA3_512:
					return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
				default:
					return OID_UNKNOWN;
			}
		case KEY_ECDSA:
			switch (alg)
			{
				case HASH_SHA1:
					return OID_ECDSA_WITH_SHA1;
				case HASH_SHA256:
					return OID_ECDSA_WITH_SHA256;
				case HASH_SHA384:
					return OID_ECDSA_WITH_SHA384;
				case HASH_SHA512:
					return OID_ECDSA_WITH_SHA512;
				default:
					return OID_UNKNOWN;
			}
		case KEY_ED25519:
			switch (alg)
			{
				case HASH_IDENTITY:
					return OID_ED25519;
				default:
					return OID_UNKNOWN;
			}
		case KEY_ED448:
			switch (alg)
			{
				case HASH_IDENTITY:
					return OID_ED448;
				default:
					return OID_UNKNOWN;
			}
		case KEY_BLISS:
			switch (alg)
			{
				case HASH_SHA256:
					return OID_BLISS_WITH_SHA2_256;
				case HASH_SHA384:
					return OID_BLISS_WITH_SHA2_384;
				case HASH_SHA512:
					return OID_BLISS_WITH_SHA2_512;
				case HASH_SHA3_256:
					return OID_BLISS_WITH_SHA3_256;
				case HASH_SHA3_384:
					return OID_BLISS_WITH_SHA3_384;
				case HASH_SHA3_512:
					return OID_BLISS_WITH_SHA3_512;
				default:
					return OID_UNKNOWN;
			}
		default:
			return OID_UNKNOWN;
	}
}

/*
 * Defined in header.
 */
hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
											  void *params)
{
	switch (scheme)
	{
		case SIGN_UNKNOWN:
		case SIGN_RSA_EMSA_PKCS1_NULL:
		case SIGN_ECDSA_WITH_NULL:
			break;
		case SIGN_RSA_EMSA_PSS:
			if (params)
			{
				rsa_pss_params_t *pss = params;
				return pss->hash;
			}
			break;
		case SIGN_ED25519:
		case SIGN_ED448:
			return HASH_IDENTITY;
		case SIGN_RSA_EMSA_PKCS1_MD5:
			return HASH_MD5;
		case SIGN_RSA_EMSA_PKCS1_SHA1:
		case SIGN_ECDSA_WITH_SHA1_DER:
			return HASH_SHA1;
		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
			return HASH_SHA224;
		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
		case SIGN_ECDSA_WITH_SHA256_DER:
		case SIGN_ECDSA_256:
		case SIGN_BLISS_WITH_SHA2_256:
			return HASH_SHA256;
		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
		case SIGN_ECDSA_WITH_SHA384_DER:
		case SIGN_ECDSA_384:
		case SIGN_BLISS_WITH_SHA2_384:
			return HASH_SHA384;
		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
		case SIGN_ECDSA_WITH_SHA512_DER:
		case SIGN_ECDSA_521:
		case SIGN_BLISS_WITH_SHA2_512:
			return HASH_SHA512;
		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
			return HASH_SHA3_224;
		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
		case SIGN_BLISS_WITH_SHA3_256:
			return HASH_SHA3_256;
		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
		case SIGN_BLISS_WITH_SHA3_384:
			return HASH_SHA3_384;
		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
		case SIGN_BLISS_WITH_SHA3_512:
			return HASH_SHA3_512;
	}
	return HASH_UNKNOWN;
}