Annotation of embedaddon/strongswan/src/libstrongswan/crypto/hashers/hasher.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2012-2015 Tobias Brunner
3: * Copyright (C) 2015-2017 Andreas Steffen
4: * Copyright (C) 2005-2006 Martin Willi
5: * Copyright (C) 2005 Jan Hutter
6: * HSR Hochschule fuer Technik Rapperswil
7: *
8: * This program is free software; you can redistribute it and/or modify it
9: * under the terms of the GNU General Public License as published by the
10: * Free Software Foundation; either version 2 of the License, or (at your
11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12: *
13: * This program is distributed in the hope that it will be useful, but
14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16: * for more details.
17: */
18:
19: #include "hasher.h"
20:
21: #include <asn1/oid.h>
22: #include <credentials/keys/signature_params.h>
23:
24: ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY,
25: "HASH_SHA1",
26: "HASH_SHA2_256",
27: "HASH_SHA2_384",
28: "HASH_SHA2_512",
29: "HASH_IDENTITY");
30: ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
31: "HASH_UNKNOWN",
32: "HASH_MD2",
33: "HASH_MD4",
34: "HASH_MD5",
35: "HASH_SHA2_224",
36: "HASH_SHA3_224",
37: "HASH_SHA3_256",
38: "HASH_SHA3_384",
39: "HASH_SHA3_512");
40: ENUM_END(hash_algorithm_names, HASH_SHA3_512);
41:
42: ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_IDENTITY,
43: "sha1",
44: "sha256",
45: "sha384",
46: "sha512",
47: "identity");
48: ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
49: "unknown",
50: "md2",
51: "md4",
52: "md5",
53: "sha224",
54: "sha3_224",
55: "sha3_256",
56: "sha3_384",
57: "sha3_512");
58: ENUM_END(hash_algorithm_short_names, HASH_SHA3_512);
59:
60: ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY,
61: "SHA1",
62: "SHA2_256",
63: "SHA2_384",
64: "SHA2_512",
65: "IDENTITY");
66: ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
67: "UNKNOWN",
68: "MD2",
69: "MD4",
70: "MD5",
71: "SHA2_224",
72: "SHA3_224",
73: "SHA3_256",
74: "SHA3_384",
75: "SHA3_512");
76: ENUM_END(hash_algorithm_short_names_upper, HASH_SHA3_512);
77:
78: /*
79: * Described in header
80: */
81: size_t hasher_hash_size(hash_algorithm_t alg)
82: {
83: switch (alg)
84: {
85: case HASH_SHA1:
86: return HASH_SIZE_SHA1;
87: case HASH_SHA256:
88: return HASH_SIZE_SHA256;
89: case HASH_SHA384:
90: return HASH_SIZE_SHA384;
91: case HASH_SHA512:
92: return HASH_SIZE_SHA512;
93: case HASH_MD2:
94: return HASH_SIZE_MD2;
95: case HASH_MD4:
96: return HASH_SIZE_MD4;
97: case HASH_MD5:
98: return HASH_SIZE_MD5;
99: case HASH_SHA224:
100: return HASH_SIZE_SHA224;
101: case HASH_SHA3_224:
102: return HASH_SIZE_SHA224;
103: case HASH_SHA3_256:
104: return HASH_SIZE_SHA256;
105: case HASH_SHA3_384:
106: return HASH_SIZE_SHA384;
107: case HASH_SHA3_512:
108: return HASH_SIZE_SHA512;
109: case HASH_IDENTITY:
110: case HASH_UNKNOWN:
111: break;
112: }
113: return 0;
114: }
115:
116: /*
117: * Described in header.
118: */
119: hash_algorithm_t hasher_algorithm_from_oid(int oid)
120: {
121: switch (oid)
122: {
123: case OID_MD2:
124: case OID_MD2_WITH_RSA:
125: return HASH_MD2;
126: case OID_MD5:
127: case OID_MD5_WITH_RSA:
128: return HASH_MD5;
129: case OID_SHA1:
130: case OID_SHA1_WITH_RSA:
131: return HASH_SHA1;
132: case OID_SHA224:
133: case OID_SHA224_WITH_RSA:
134: return HASH_SHA224;
135: case OID_SHA256:
136: case OID_SHA256_WITH_RSA:
137: return HASH_SHA256;
138: case OID_SHA384:
139: case OID_SHA384_WITH_RSA:
140: return HASH_SHA384;
141: case OID_SHA512:
142: case OID_SHA512_WITH_RSA:
143: return HASH_SHA512;
144: case OID_SHA3_224:
145: case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
146: return HASH_SHA3_224;
147: case OID_SHA3_256:
148: case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
149: return HASH_SHA3_256;
150: case OID_SHA3_384:
151: case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
152: return HASH_SHA3_384;
153: case OID_SHA3_512:
154: case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
155: return HASH_SHA3_512;
156: case OID_ED25519:
157: case OID_ED448:
158: return HASH_IDENTITY;
159: default:
160: return HASH_UNKNOWN;
161: }
162: }
163:
164: /*
165: * Described in header.
166: */
167: hash_algorithm_t hasher_algorithm_from_prf(pseudo_random_function_t alg)
168: {
169: switch (alg)
170: {
171: case PRF_HMAC_MD5:
172: return HASH_MD5;
173: case PRF_HMAC_SHA1:
174: case PRF_FIPS_SHA1_160:
175: case PRF_KEYED_SHA1:
176: return HASH_SHA1;
177: case PRF_HMAC_SHA2_256:
178: return HASH_SHA256;
179: case PRF_HMAC_SHA2_384:
180: return HASH_SHA384;
181: case PRF_HMAC_SHA2_512:
182: return HASH_SHA512;
183: case PRF_HMAC_TIGER:
184: case PRF_AES128_XCBC:
185: case PRF_AES128_CMAC:
186: case PRF_FIPS_DES:
187: case PRF_CAMELLIA128_XCBC:
188: case PRF_UNDEFINED:
189: break;
190: }
191: return HASH_UNKNOWN;
192: }
193:
194: /*
195: * Described in header.
196: */
197: hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
198: size_t *length)
199: {
200: if (length)
201: {
202: switch (alg)
203: {
204: case AUTH_HMAC_MD5_96:
205: case AUTH_HMAC_SHA1_96:
206: case AUTH_HMAC_SHA2_256_96:
207: *length = 12;
208: break;
209: case AUTH_HMAC_MD5_128:
210: case AUTH_HMAC_SHA1_128:
211: case AUTH_HMAC_SHA2_256_128:
212: *length = 16;
213: break;
214: case AUTH_HMAC_SHA1_160:
215: *length = 20;
216: break;
217: case AUTH_HMAC_SHA2_384_192:
218: *length = 24;
219: break;
220: case AUTH_HMAC_SHA2_256_256:
221: case AUTH_HMAC_SHA2_512_256:
222: *length = 32;
223: break;
224: case AUTH_HMAC_SHA2_384_384:
225: *length = 48;
226: break;
227: case AUTH_HMAC_SHA2_512_512:
228: *length = 64;
229: break;
230: default:
231: break;
232: }
233: }
234: switch (alg)
235: {
236: case AUTH_HMAC_MD5_96:
237: case AUTH_HMAC_MD5_128:
238: case AUTH_KPDK_MD5:
239: return HASH_MD5;
240: case AUTH_HMAC_SHA1_96:
241: case AUTH_HMAC_SHA1_128:
242: case AUTH_HMAC_SHA1_160:
243: return HASH_SHA1;
244: case AUTH_HMAC_SHA2_256_96:
245: case AUTH_HMAC_SHA2_256_128:
246: case AUTH_HMAC_SHA2_256_256:
247: return HASH_SHA256;
248: case AUTH_HMAC_SHA2_384_192:
249: case AUTH_HMAC_SHA2_384_384:
250: return HASH_SHA384;
251: case AUTH_HMAC_SHA2_512_256:
252: case AUTH_HMAC_SHA2_512_512:
253: return HASH_SHA512;
254: case AUTH_AES_CMAC_96:
255: case AUTH_AES_128_GMAC:
256: case AUTH_AES_192_GMAC:
257: case AUTH_AES_256_GMAC:
258: case AUTH_AES_XCBC_96:
259: case AUTH_DES_MAC:
260: case AUTH_CAMELLIA_XCBC_96:
261: case AUTH_UNDEFINED:
262: break;
263: }
264: return HASH_UNKNOWN;
265: }
266:
267: /*
268: * Described in header.
269: */
270: integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
271: size_t length)
272: {
273: switch (alg)
274: {
275: case HASH_MD5:
276: switch (length)
277: {
278: case 12:
279: return AUTH_HMAC_MD5_96;
280: case 16:
281: return AUTH_HMAC_MD5_128;
282: }
283: break;
284: case HASH_SHA1:
285: switch (length)
286: {
287: case 12:
288: return AUTH_HMAC_SHA1_96;
289: case 16:
290: return AUTH_HMAC_SHA1_128;
291: case 20:
292: return AUTH_HMAC_SHA1_160;
293: }
294: break;
295: case HASH_SHA256:
296: switch (length)
297: {
298: case 12:
299: return AUTH_HMAC_SHA2_256_96;
300: case 16:
301: return AUTH_HMAC_SHA2_256_128;
302: case 32:
303: return AUTH_HMAC_SHA2_256_256;
304: }
305: break;
306: case HASH_SHA384:
307: switch (length)
308: {
309: case 24:
310: return AUTH_HMAC_SHA2_384_192;
311: case 48:
312: return AUTH_HMAC_SHA2_384_384;
313:
314: }
315: break;
316: case HASH_SHA512:
317: switch (length)
318: {
319: case 32:
320: return AUTH_HMAC_SHA2_512_256;
321: case 64:
322: return AUTH_HMAC_SHA2_512_512;
323: }
324: break;
325: case HASH_MD2:
326: case HASH_MD4:
327: case HASH_SHA224:
328: case HASH_SHA3_224:
329: case HASH_SHA3_256:
330: case HASH_SHA3_384:
331: case HASH_SHA3_512:
332: case HASH_IDENTITY:
333: case HASH_UNKNOWN:
334: break;
335: }
336: return AUTH_UNDEFINED;
337: }
338:
339: /*
340: * Described in header.
341: */
342: bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
343: {
344: switch (alg)
345: {
346: case HASH_IDENTITY:
347: case HASH_SHA256:
348: case HASH_SHA384:
349: case HASH_SHA512:
350: return TRUE;
351: case HASH_UNKNOWN:
352: case HASH_MD2:
353: case HASH_MD4:
354: case HASH_MD5:
355: case HASH_SHA1:
356: case HASH_SHA224:
357: case HASH_SHA3_224:
358: case HASH_SHA3_256:
359: case HASH_SHA3_384:
360: case HASH_SHA3_512:
361: break;
362: }
363: return FALSE;
364: }
365:
366: /*
367: * Described in header.
368: */
369: int hasher_algorithm_to_oid(hash_algorithm_t alg)
370: {
371: int oid;
372:
373: switch (alg)
374: {
375: case HASH_MD2:
376: oid = OID_MD2;
377: break;
378: case HASH_MD5:
379: oid = OID_MD5;
380: break;
381: case HASH_SHA1:
382: oid = OID_SHA1;
383: break;
384: case HASH_SHA224:
385: oid = OID_SHA224;
386: break;
387: case HASH_SHA256:
388: oid = OID_SHA256;
389: break;
390: case HASH_SHA384:
391: oid = OID_SHA384;
392: break;
393: case HASH_SHA512:
394: oid = OID_SHA512;
395: break;
396: case HASH_SHA3_224:
397: oid = OID_SHA3_224;
398: break;
399: case HASH_SHA3_256:
400: oid = OID_SHA3_256;
401: break;
402: case HASH_SHA3_384:
403: oid = OID_SHA3_384;
404: break;
405: case HASH_SHA3_512:
406: oid = OID_SHA3_512;
407: break;
408: default:
409: oid = OID_UNKNOWN;
410: }
411: return oid;
412: }
413:
414: /*
415: * Described in header.
416: */
417: int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
418: {
419: switch (key)
420: {
421: case KEY_RSA:
422: switch (alg)
423: {
424: case HASH_MD2:
425: return OID_MD2_WITH_RSA;
426: case HASH_MD5:
427: return OID_MD5_WITH_RSA;
428: case HASH_SHA1:
429: return OID_SHA1_WITH_RSA;
430: case HASH_SHA224:
431: return OID_SHA224_WITH_RSA;
432: case HASH_SHA256:
433: return OID_SHA256_WITH_RSA;
434: case HASH_SHA384:
435: return OID_SHA384_WITH_RSA;
436: case HASH_SHA512:
437: return OID_SHA512_WITH_RSA;
438: case HASH_SHA3_224:
439: return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
440: case HASH_SHA3_256:
441: return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
442: case HASH_SHA3_384:
443: return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
444: case HASH_SHA3_512:
445: return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
446: default:
447: return OID_UNKNOWN;
448: }
449: case KEY_ECDSA:
450: switch (alg)
451: {
452: case HASH_SHA1:
453: return OID_ECDSA_WITH_SHA1;
454: case HASH_SHA256:
455: return OID_ECDSA_WITH_SHA256;
456: case HASH_SHA384:
457: return OID_ECDSA_WITH_SHA384;
458: case HASH_SHA512:
459: return OID_ECDSA_WITH_SHA512;
460: default:
461: return OID_UNKNOWN;
462: }
463: case KEY_ED25519:
464: switch (alg)
465: {
466: case HASH_IDENTITY:
467: return OID_ED25519;
468: default:
469: return OID_UNKNOWN;
470: }
471: case KEY_ED448:
472: switch (alg)
473: {
474: case HASH_IDENTITY:
475: return OID_ED448;
476: default:
477: return OID_UNKNOWN;
478: }
479: case KEY_BLISS:
480: switch (alg)
481: {
482: case HASH_SHA256:
483: return OID_BLISS_WITH_SHA2_256;
484: case HASH_SHA384:
485: return OID_BLISS_WITH_SHA2_384;
486: case HASH_SHA512:
487: return OID_BLISS_WITH_SHA2_512;
488: case HASH_SHA3_256:
489: return OID_BLISS_WITH_SHA3_256;
490: case HASH_SHA3_384:
491: return OID_BLISS_WITH_SHA3_384;
492: case HASH_SHA3_512:
493: return OID_BLISS_WITH_SHA3_512;
494: default:
495: return OID_UNKNOWN;
496: }
497: default:
498: return OID_UNKNOWN;
499: }
500: }
501:
502: /*
503: * Defined in header.
504: */
505: hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme,
506: void *params)
507: {
508: switch (scheme)
509: {
510: case SIGN_UNKNOWN:
511: case SIGN_RSA_EMSA_PKCS1_NULL:
512: case SIGN_ECDSA_WITH_NULL:
513: break;
514: case SIGN_RSA_EMSA_PSS:
515: if (params)
516: {
517: rsa_pss_params_t *pss = params;
518: return pss->hash;
519: }
520: break;
521: case SIGN_ED25519:
522: case SIGN_ED448:
523: return HASH_IDENTITY;
524: case SIGN_RSA_EMSA_PKCS1_MD5:
525: return HASH_MD5;
526: case SIGN_RSA_EMSA_PKCS1_SHA1:
527: case SIGN_ECDSA_WITH_SHA1_DER:
528: return HASH_SHA1;
529: case SIGN_RSA_EMSA_PKCS1_SHA2_224:
530: return HASH_SHA224;
531: case SIGN_RSA_EMSA_PKCS1_SHA2_256:
532: case SIGN_ECDSA_WITH_SHA256_DER:
533: case SIGN_ECDSA_256:
534: case SIGN_BLISS_WITH_SHA2_256:
535: return HASH_SHA256;
536: case SIGN_RSA_EMSA_PKCS1_SHA2_384:
537: case SIGN_ECDSA_WITH_SHA384_DER:
538: case SIGN_ECDSA_384:
539: case SIGN_BLISS_WITH_SHA2_384:
540: return HASH_SHA384;
541: case SIGN_RSA_EMSA_PKCS1_SHA2_512:
542: case SIGN_ECDSA_WITH_SHA512_DER:
543: case SIGN_ECDSA_521:
544: case SIGN_BLISS_WITH_SHA2_512:
545: return HASH_SHA512;
546: case SIGN_RSA_EMSA_PKCS1_SHA3_224:
547: return HASH_SHA3_224;
548: case SIGN_RSA_EMSA_PKCS1_SHA3_256:
549: case SIGN_BLISS_WITH_SHA3_256:
550: return HASH_SHA3_256;
551: case SIGN_RSA_EMSA_PKCS1_SHA3_384:
552: case SIGN_BLISS_WITH_SHA3_384:
553: return HASH_SHA3_384;
554: case SIGN_RSA_EMSA_PKCS1_SHA3_512:
555: case SIGN_BLISS_WITH_SHA3_512:
556: return HASH_SHA3_512;
557: }
558: return HASH_UNKNOWN;
559: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>