Add support for untruncated HMAC-SHA-512
authorTobias Brunner <tobias@strongswan.org>
Fri, 12 Apr 2013 10:48:04 +0000 (12:48 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 May 2013 13:02:39 +0000 (15:02 +0200)
src/libstrongswan/crypto/hashers/hasher.c
src/libstrongswan/crypto/signers/signer.h
src/libstrongswan/plugins/af_alg/af_alg_signer.c
src/libstrongswan/plugins/hmac/hmac_plugin.c
src/libstrongswan/plugins/openssl/openssl_plugin.c

index 4ed48ba..679bb32 100644 (file)
@@ -141,6 +141,9 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
                        case AUTH_HMAC_SHA2_384_384:
                                *length = 48;
                                break;
+                       case AUTH_HMAC_SHA2_512_512:
+                               *length = 64;
+                               break;
                        default:
                                break;
                }
@@ -163,6 +166,7 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
                case AUTH_HMAC_SHA2_384_384:
                        return HASH_SHA384;
                case AUTH_HMAC_SHA2_512_256:
+               case AUTH_HMAC_SHA2_512_512:
                        return HASH_SHA512;
                case AUTH_AES_CMAC_96:
                case AUTH_AES_128_GMAC:
@@ -232,6 +236,8 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
                        {
                                case 32:
                                        return AUTH_HMAC_SHA2_512_256;
+                               case 64:
+                                       return AUTH_HMAC_SHA2_512_512;
                        }
                        break;
                case HASH_MD2:
index 9b6bd47..e0cf7eb 100644 (file)
@@ -70,8 +70,10 @@ enum integrity_algorithm_t {
        AUTH_HMAC_SHA2_256_256 = 1027,
        /** SHA384 full length truncation variant, as used in TLS */
        AUTH_HMAC_SHA2_384_384 = 1028,
+       /** SHA512 full length truncation variant */
+       AUTH_HMAC_SHA2_512_512 = 1029,
        /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
-       AUTH_CAMELLIA_XCBC_96 = 1029,
+       AUTH_CAMELLIA_XCBC_96 = 1030,
 };
 
 /**
index d995b13..6ee3806 100644 (file)
@@ -64,6 +64,7 @@ static struct {
        {AUTH_HMAC_SHA2_384_192,        "hmac(sha384)",         24,             48,     },
        {AUTH_HMAC_SHA2_384_384,        "hmac(sha384)",         48,             48,     },
        {AUTH_HMAC_SHA2_512_256,        "hmac(sha512)",         32,             64,     },
+       {AUTH_HMAC_SHA2_512_512,        "hmac(sha512)",         64,             64,     },
        {AUTH_AES_XCBC_96,                      "xcbc(aes)",            12,             16,     },
        {AUTH_CAMELLIA_XCBC_96,         "xcbc(camellia)",       12,             16,     },
 };
index f9c0c48..43d5a03 100644 (file)
@@ -73,6 +73,8 @@ METHOD(plugin_t, get_features, int,
                                PLUGIN_DEPENDS(HASHER,  HASH_SHA384),
                        PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
                                PLUGIN_DEPENDS(HASHER,  HASH_SHA512),
+                       PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
+                               PLUGIN_DEPENDS(HASHER,  HASH_SHA512),
        };
        *features = f;
        return countof(f);
index fb7a6d5..97d5747 100644 (file)
@@ -307,6 +307,7 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
                        PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
                        PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
+                       PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
 #endif
 #endif /* OPENSSL_NO_HMAC */
 #if OPENSSL_VERSION_NUMBER >= 0x1000100fL