Imported Upstream version 5.3.4

4 files changed, 41 insertions, 17 deletions

diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c
index 07597c318..4adcf1e76 100644
--- a/src/libstrongswan/plugins/bliss/bliss_plugin.c
+++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c
@@ -55,19 +55,31 @@ METHOD(plugin_t, get_features, int,
 		PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
 		/* signature schemes, private */
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
 		/* signature verification schemes */
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
 	};
 	*features = f;
 
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 1386eeb2d..20bbc6ac5 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -511,12 +511,18 @@ METHOD(private_key_t, sign, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_BLISS_WITH_SHA256:
+		case SIGN_BLISS_WITH_SHA2_256:
 			return sign_bliss(this, HASH_SHA256, data, signature);
-		case SIGN_BLISS_WITH_SHA384:
+		case SIGN_BLISS_WITH_SHA2_384:
 			return sign_bliss(this, HASH_SHA384, data, signature);
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_512:
 			return sign_bliss(this, HASH_SHA512, data, signature);
+		case SIGN_BLISS_WITH_SHA3_256:
+			return sign_bliss(this, HASH_SHA3_256, data, signature);
+		case SIGN_BLISS_WITH_SHA3_384:
+			return sign_bliss(this, HASH_SHA3_384, data, signature);
+		case SIGN_BLISS_WITH_SHA3_512:
+			return sign_bliss(this, HASH_SHA3_512, data, signature);
 		default:
 			DBG1(DBG_LIB, "signature scheme %N not supported with BLISS",
 				 signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index 2b305f6c2..93d1165eb 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -193,12 +193,18 @@ METHOD(public_key_t, verify, bool,
 {
 	switch (scheme)
 	{
-		case SIGN_BLISS_WITH_SHA256:
+		case SIGN_BLISS_WITH_SHA2_256:
 			return verify_bliss(this, HASH_SHA256, data, signature);
-		case SIGN_BLISS_WITH_SHA384:
+		case SIGN_BLISS_WITH_SHA2_384:
 			return verify_bliss(this, HASH_SHA384, data, signature);
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_512:
 			return verify_bliss(this, HASH_SHA512, data, signature);
+		case SIGN_BLISS_WITH_SHA3_256:
+			return verify_bliss(this, HASH_SHA3_256, data, signature);
+		case SIGN_BLISS_WITH_SHA3_384:
+			return verify_bliss(this, HASH_SHA3_384, data, signature);
+		case SIGN_BLISS_WITH_SHA3_512:
+			return verify_bliss(this, HASH_SHA3_512, data, signature);
 		default:
 			DBG1(DBG_LIB, "signature scheme %N not supported by BLISS",
 				 signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
index 8b4e9cbf0..a3e4420a9 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c
@@ -36,13 +36,13 @@ START_TEST(test_bliss_sign_all)
 		switch (k)
 		{
 			case 1:
-				signature_scheme = SIGN_BLISS_WITH_SHA256;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_256;
 				break;
 			case 2:
-				signature_scheme = SIGN_BLISS_WITH_SHA384;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_384;
 				break;
 			default:
-				signature_scheme = SIGN_BLISS_WITH_SHA512;
+				signature_scheme = SIGN_BLISS_WITH_SHA2_512;
 		}
 
 		/* enforce BLISS-B key for k = 2, 3 */
@@ -176,14 +176,14 @@ START_TEST(test_bliss_sign_fail)
 
 	/* generate valid signature */
 	msg = chunk_from_str("Hello Dolly!");
-	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA512, msg, &signature));
+	ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
 
 	/* verify with invalid signature scheme */
 	ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature));
 
 	/* corrupt signature */
 	signature.ptr[signature.len - 1] ^= 0x80;
-	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA512, msg, signature));
+	ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature));
 
 	free(signature.ptr);
 	privkey->destroy(privkey);