New upstream version 5.5.1

6 files changed, 116 insertions, 87 deletions

diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c
index e046725b8..139b73021 100644
--- a/src/libstrongswan/tests/suites/test_auth_cfg.c
+++ b/src/libstrongswan/tests/suites/test_auth_cfg.c
@@ -22,19 +22,19 @@ struct {
 	signature_scheme_t sig[5];
 	signature_scheme_t ike[5];
 } sig_constraints_tests[] = {
-	{ "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
-	{ "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA512, 0 }, {0}},
+	{ "rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
+	{ "rsa-sha256-sha512", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_512, 0 }, {0}},
 	{ "ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-	{ "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-	{ "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
-	{ "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-	{ "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-	{ "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }},
-	{ "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
+	{ "rsa-sha256-ecdsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
+	{ "pubkey-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {0}},
+	{ "ike:rsa-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+	{ "ike:rsa-sha256-rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+	{ "rsa-sha256-ike:rsa-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }},
+	{ "ike:pubkey-sha256", {0}, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }},
 	{ "rsa-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
 	{ "rsa-4096-ecdsa-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
 	{ "rsa-4096-ecdsa-256-sha256", { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, 0 }, {0}},
-	{ "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA256, 0 }, {0}},
+	{ "rsa-ecdsa256-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {0}},
 	{ "rsa4096-sha256", {0}, {0}},
 	{ "sha256", {0}, {0}},
 	{ "ike:sha256", {0}, {0}},
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 067abf0d9..de285ca09 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -87,29 +87,33 @@ typedef struct {
 }hasher_sig_scheme_t;
 
 static hasher_sig_scheme_t sig_schemes[] = {
-	{ SIGN_UNKNOWN,               HASH_UNKNOWN  },
-	{ SIGN_RSA_EMSA_PKCS1_NULL,   HASH_UNKNOWN  },
-	{ SIGN_RSA_EMSA_PKCS1_MD5,    HASH_MD5      },
-	{ SIGN_RSA_EMSA_PKCS1_SHA1,   HASH_SHA1     },
-	{ SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224   },
-	{ SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256   },
-	{ SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384   },
-	{ SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512   },
-	{ SIGN_ECDSA_WITH_SHA1_DER,   HASH_SHA1     },
-	{ SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256   },
-	{ SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384   },
-	{ SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512   },
-	{ SIGN_ECDSA_WITH_NULL,       HASH_UNKNOWN  },
-	{ SIGN_ECDSA_256,             HASH_SHA256   },
-	{ SIGN_ECDSA_384,             HASH_SHA384   },
-	{ SIGN_ECDSA_521,             HASH_SHA512   },
-	{ SIGN_BLISS_WITH_SHA2_256,   HASH_SHA256   },
-	{ SIGN_BLISS_WITH_SHA2_384,   HASH_SHA384   },
-	{ SIGN_BLISS_WITH_SHA2_512,   HASH_SHA512   },
-	{ SIGN_BLISS_WITH_SHA3_256,   HASH_SHA3_256 },
-	{ SIGN_BLISS_WITH_SHA3_384,   HASH_SHA3_384 },
-	{ SIGN_BLISS_WITH_SHA3_512,   HASH_SHA3_512 },
-	{ 30,						  HASH_UNKNOWN  }
+	{ SIGN_UNKNOWN,               HASH_UNKNOWN    },
+	{ SIGN_RSA_EMSA_PKCS1_NULL,   HASH_UNKNOWN    },
+	{ SIGN_RSA_EMSA_PKCS1_MD5,    HASH_MD5        },
+	{ SIGN_RSA_EMSA_PKCS1_SHA1,   HASH_SHA1       },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_224, HASH_SHA224   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_256, HASH_SHA256   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_384, HASH_SHA384   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_512, HASH_SHA512   },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_224, HASH_SHA3_224 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 },
+	{ SIGN_ECDSA_WITH_SHA1_DER,   HASH_SHA1       },
+	{ SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256     },
+	{ SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384     },
+	{ SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512     },
+	{ SIGN_ECDSA_WITH_NULL,       HASH_UNKNOWN    },
+	{ SIGN_ECDSA_256,             HASH_SHA256     },
+	{ SIGN_ECDSA_384,             HASH_SHA384     },
+	{ SIGN_ECDSA_521,             HASH_SHA512     },
+	{ SIGN_BLISS_WITH_SHA2_256,   HASH_SHA256     },
+	{ SIGN_BLISS_WITH_SHA2_384,   HASH_SHA384     },
+	{ SIGN_BLISS_WITH_SHA2_512,   HASH_SHA512     },
+	{ SIGN_BLISS_WITH_SHA3_256,   HASH_SHA3_256   },
+	{ SIGN_BLISS_WITH_SHA3_384,   HASH_SHA3_384   },
+	{ SIGN_BLISS_WITH_SHA3_512,   HASH_SHA3_512   },
+	{ 30,						  HASH_UNKNOWN    }
 };
 
 START_TEST(test_hasher_from_sig_scheme)
diff --git a/src/libstrongswan/tests/suites/test_mgf1.c b/src/libstrongswan/tests/suites/test_mgf1.c
index 9388b95d4..6945f5c7f 100644
--- a/src/libstrongswan/tests/suites/test_mgf1.c
+++ b/src/libstrongswan/tests/suites/test_mgf1.c
@@ -17,11 +17,12 @@
 
 #include <tests/utils/test_rng.h>
 #include <utils/test.h>
-#include <crypto/mgf1/mgf1.h>
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof.h>
+#include <crypto/xofs/xof_bitspender.h>
+#include <crypto/xofs/mgf1.h>
 
 typedef struct {
-	hash_algorithm_t alg;
+	ext_out_function_t alg;
 	size_t hash_size;
 	size_t ml1, ml2, ml3, seed_len;
 	chunk_t seed;
@@ -34,7 +35,7 @@ typedef struct {
  * MGF1 Mask Generation Function Test Vectors
  */
 mgf1_test_t mgf1_tests[] = {
-	{	HASH_SHA1, 20, 60, 20, 15, 24,
+	{	XOF_MGF1_SHA1, 20, 60, 20, 15, 24,
 		chunk_from_chars(
 						0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
 						0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
@@ -73,7 +74,7 @@ mgf1_test_t mgf1_tests[] = {
 		{ 0, 0, 0, 4, 1, 1, 46, 103, 38, 411, 848, 57, 3540, 4058, 12403,
 		  0x63, 0x2B, 0xC9, 0x17, 0x56, 669409, 0xA407A43B },
 	},
-	{	HASH_SHA256, 32, 64, 32, 33, 40,
+	{	XOF_MGF1_SHA256, 32, 64, 32, 33, 40,
 		chunk_from_chars(
 						0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
 						0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
@@ -127,6 +128,7 @@ mgf1_test_t mgf1_tests[] = {
 
 START_TEST(mgf1_test_mgf1)
 {
+	xof_t *xof;
 	mgf1_t *mgf1;
 	chunk_t mask, mask1, mask2, mask3;
 
@@ -137,72 +139,88 @@ START_TEST(mgf1_test_mgf1)
 	mask2.len = mgf1_tests[_i].ml2;
 	mask3.len = mgf1_tests[_i].ml3;
 
-	mgf1 = mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE);
-	ck_assert(mgf1 == NULL);
+	/* unknown XOF */
+	xof = lib->crypto->create_xof(lib->crypto, XOF_UNDEFINED);
+	ck_assert(xof == NULL);
 
-	mgf1 = mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE);
-	ck_assert(mgf1 == NULL);
+	/* create MGF1 XOF */
+	xof = lib->crypto->create_xof(lib->crypto, mgf1_tests[_i].alg);
+	ck_assert(xof);
 
-	/* return mask in allocated chunk */
-	mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
-	ck_assert(mgf1);
+	/* hash the seed */
+	mgf1 = (mgf1_t*)xof;
+	mgf1->set_hash_seed(mgf1, TRUE);
 
-	/* check hash size */
-	ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size);
+	/* check MGF1 type */
+	ck_assert(xof->get_type(xof) == mgf1_tests[_i].alg);
 
-	/* get zero number of octets */
-	ck_assert(mgf1->allocate_mask(mgf1, 0, &mask));
+	/* check seed size */
+	ck_assert(xof->get_seed_size(xof) == mgf1_tests[_i].hash_size);
+
+	/* check block size */
+	ck_assert(xof->get_block_size(xof) == mgf1_tests[_i].hash_size);
+
+	/* empty seed */
+	ck_assert(!xof->set_seed(xof, chunk_empty));
+
+	/* initialize MGF1 with non-empty seed */
+	ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
+
+	/* allocate zero number of octets */
+	ck_assert(xof->allocate_bytes(xof, 0, &mask));
 	ck_assert(mask.len == 0 && mask.ptr == NULL);
 
-	/* get non-zero number of octets */
-	ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask));
+	/* allocate non-zero number of octets */
+	ck_assert(xof->allocate_bytes(xof, mgf1_tests[_i].mask.len, &mask));
 	ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
-	mgf1->destroy(mgf1);
+
+	/* re-initialize MGF1 with non-empty seed */
+	ck_assert(xof->set_seed(xof, mgf1_tests[_i].seed));
 
 	/* copy mask to pre-allocated buffer */
-	mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE);
-	ck_assert(mgf1);
-	ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr));
+	ck_assert(xof->get_bytes(xof, mgf1_tests[_i].mask.len, mask.ptr));
 	ck_assert(chunk_equals(mask, mgf1_tests[_i].mask));
-	mgf1->destroy(mgf1);
 
-	/* get mask in batches without hashing the seed */
-	mgf1 = mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE);
-	ck_assert(mgf1);
+	/* do not hash the seed */
+	mgf1->set_hash_seed(mgf1, FALSE);
+
+	/* re-initialize MGF1 with non-empty seed */
+	ck_assert(xof->set_seed(xof, mgf1_tests[_i].hashed_seed));
 
 	/* first batch */
-	ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr));
+	ck_assert(xof->get_bytes(xof, mask1.len, mask.ptr));
 	mask.len = mask1.len;
 	ck_assert(chunk_equals(mask, mask1));
 
 	/* second batch */
-	ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr));
+	ck_assert(xof->get_bytes(xof, mask2.len, mask.ptr));
 	mask.len = mask2.len;
 	ck_assert(chunk_equals(mask, mask2));
 
 	/* third batch */
-	ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr));
+	ck_assert(xof->get_bytes(xof, mask3.len, mask.ptr));
 	mask.len = mask3.len;
 	ck_assert(chunk_equals(mask, mask3));
 
-	mgf1->destroy(mgf1);
+	/* clean up */
+	xof->destroy(xof);
 	chunk_free(&mask);
 }
 END_TEST
 
 START_TEST(mgf1_test_bitspender)
 {
-	mgf1_bitspender_t *bitspender;
+	xof_bitspender_t *bitspender;
 	uint32_t bits;
 	uint8_t byte;
 	int j;
 
-	bitspender = mgf1_bitspender_create(HASH_UNKNOWN,
-										mgf1_tests[_i].hashed_seed, FALSE);
+	bitspender = xof_bitspender_create(XOF_UNDEFINED,
+									   mgf1_tests[_i].hashed_seed, FALSE);
 	ck_assert(bitspender == NULL);
 
-	bitspender = mgf1_bitspender_create(mgf1_tests[_i].alg,
-										mgf1_tests[_i].hashed_seed, FALSE);
+	bitspender = xof_bitspender_create(mgf1_tests[_i].alg,
+									   mgf1_tests[_i].hashed_seed, FALSE);
 	ck_assert(bitspender);
 
 	for (j = 0; j < 15; j++)
diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c
index 0a6d24d04..0b432e24c 100644
--- a/src/libstrongswan/tests/suites/test_ntru.c
+++ b/src/libstrongswan/tests/suites/test_ntru.c
@@ -17,7 +17,7 @@
 
 #include <tests/utils/test_rng.h>
 #include <utils/test.h>
-#include <crypto/mgf1/mgf1.h>
+#include <crypto/xofs/xof.h>
 #include <plugins/ntru/ntru_drbg.h>
 #include <plugins/ntru/ntru_trits.h>
 #include <plugins/ntru/ntru_poly.h>
@@ -28,10 +28,10 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*,
 						  uint32_t strength, chunk_t pers_str, rng_t *entropy)
 
 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*,
-						  size_t len, hash_algorithm_t alg, chunk_t seed)
+						  size_t len, ext_out_function_t alg, chunk_t seed)
 
 IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*,
-						  hash_algorithm_t alg, chunk_t seed, uint8_t c_bits,
+						  ext_out_function_t alg, chunk_t seed, uint8_t c_bits,
 						  uint16_t N, uint16_t q, uint32_t indices_len_p,
 						  uint32_t indices_len_m, bool is_product_form)
 
@@ -329,7 +329,7 @@ typedef struct {
 } poly_test_t;
 
 typedef struct {
-	hash_algorithm_t alg;
+	ext_out_function_t alg;
 	size_t hash_size;
 	size_t seed_len;
 	chunk_t seed;
@@ -384,7 +384,7 @@ uint16_t indices_ees1171ep1[] = {
  * Trits and Polynomial Test Vectors
  */
 static trits_test_t trits_tests[] = {
-	{	HASH_SHA1, 20, 24,
+	{	XOF_MGF1_SHA1, 20, 24,
 		chunk_from_chars(
 						0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D,
 						0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D,
@@ -432,7 +432,7 @@ static trits_test_t trits_tests[] = {
 			}
 		}
 	},
-	{	HASH_SHA256, 32, 40,
+	{	XOF_MGF1_SHA256, 32, 40,
 		chunk_from_chars(
 						0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53,
 						0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69,
@@ -501,7 +501,7 @@ START_TEST(test_ntru_trits)
 	chunk_t trits;
 
 	mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
-						 HASH_UNKNOWN, trits_tests[_i].seed);
+						 XOF_UNDEFINED, trits_tests[_i].seed);
 	ck_assert(mask == NULL);
 
 	mask = TEST_FUNCTION(ntru, ntru_trits_create, trits_tests[_i].trits.len,
@@ -539,7 +539,7 @@ START_TEST(test_ntru_poly)
 	seed.len = trits_tests[_i].seed_len;
 
 	p = &trits_tests[_i].poly_test[0];
-	poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, HASH_UNKNOWN, seed,
+	poly = TEST_FUNCTION(ntru, ntru_poly_create_from_seed, XOF_UNDEFINED, seed,
 						 p->c_bits, p->N, p->q, p->indices_len, p->indices_len,
 						 p->is_product_form);
 	ck_assert(poly == NULL);
diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 2c1c6fb8d..41e783521 100644
--- a/src/libstrongswan/tests/suites/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -24,10 +24,10 @@ static signature_scheme_t schemes[] = {
 	SIGN_RSA_EMSA_PKCS1_NULL,
 	SIGN_RSA_EMSA_PKCS1_MD5,
 	SIGN_RSA_EMSA_PKCS1_SHA1,
-	SIGN_RSA_EMSA_PKCS1_SHA224,
-	SIGN_RSA_EMSA_PKCS1_SHA256,
-	SIGN_RSA_EMSA_PKCS1_SHA384,
-	SIGN_RSA_EMSA_PKCS1_SHA512,
+	SIGN_RSA_EMSA_PKCS1_SHA2_224,
+	SIGN_RSA_EMSA_PKCS1_SHA2_256,
+	SIGN_RSA_EMSA_PKCS1_SHA2_384,
+	SIGN_RSA_EMSA_PKCS1_SHA2_512,
 };
 
 /**
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index 1eb3c8bc3..de7b470d2 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -858,15 +858,22 @@ static struct {
 	int size;
 	signature_scheme_t expected[4];
 } scheme_data[] = {
-	{KEY_RSA,   1024, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_RSA,   2048, { SIGN_RSA_EMSA_PKCS1_SHA256, SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_RSA,   4096, { SIGN_RSA_EMSA_PKCS1_SHA384, SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_RSA,   8192, { SIGN_RSA_EMSA_PKCS1_SHA512, SIGN_UNKNOWN }},
-	{KEY_ECDSA,  256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
-	{KEY_ECDSA,  384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+	{KEY_RSA,   1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+						SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_RSA,   2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384,
+						SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_RSA,   4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512,
+						SIGN_UNKNOWN }},
+	{KEY_RSA,   8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_ECDSA,  256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER,
+						SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
+	{KEY_ECDSA,  384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER,
+						SIGN_UNKNOWN }},
 	{KEY_ECDSA,  512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }},
-	{KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
-	{KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_BLISS,  128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384,
+						SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
+	{KEY_BLISS,  192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512,
+						SIGN_UNKNOWN }},
 	{KEY_BLISS,  256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }},
 };