experimental SHA2 HMAC and PRF implementations
authorMartin Willi <martin@strongswan.org>
Thu, 8 Mar 2007 00:14:17 +0000 (00:14 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 8 Mar 2007 00:14:17 +0000 (00:14 -0000)
src/libstrongswan/crypto/hmac.c
src/libstrongswan/crypto/prfs/prf.c
src/libstrongswan/crypto/prfs/prf.h
src/libstrongswan/crypto/signers/signer.c
src/libstrongswan/crypto/signers/signer.h

index 720f10b..df4f90b 100644 (file)
@@ -189,8 +189,13 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
        {
                case HASH_SHA1:
                case HASH_MD5:
+               case HASH_SHA256:
                        this->b = 64;
                        break;
+               case HASH_SHA384:
+               case HASH_SHA512:
+                       this->b = 128;
+                       break;
                default:
                        free(this);
                        return NULL;    
index f3b05ea..f803829 100644 (file)
@@ -32,12 +32,15 @@ ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_FIPS_DES,
        "PRF_UNDEFINED",
        "PRF_FIPS_SHA1_160",
        "PRF_FIPS_DES");
-ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CBC, PRF_FIPS_DES,
+ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_HMAC_SHA2_512, PRF_FIPS_DES,
        "PRF_HMAC_MD5",
        "PRF_HMAC_SHA1",
        "PRF_HMAC_TIGER",
-       "PRF_AES128_CBC");
-ENUM_END(pseudo_random_function_names, PRF_AES128_CBC);
+       "PRF_AES128_CBC",
+       "PRF_HMAC_SHA2_256",
+       "PRF_HMAC_SHA2_384",
+       "PRF_HMAC_SHA2_512");
+ENUM_END(pseudo_random_function_names, PRF_HMAC_SHA2_512);
 
 /*
  * Described in header.
@@ -50,6 +53,12 @@ prf_t *prf_create(pseudo_random_function_t pseudo_random_function)
                        return (prf_t*)hmac_prf_create(HASH_SHA1);
                case PRF_HMAC_MD5:
                        return (prf_t*)hmac_prf_create(HASH_MD5);
+               case PRF_HMAC_SHA2_256:
+                       return (prf_t*)hmac_prf_create(HASH_SHA256);
+               case PRF_HMAC_SHA2_384:
+                       return (prf_t*)hmac_prf_create(HASH_SHA384);
+               case PRF_HMAC_SHA2_512:
+                       return (prf_t*)hmac_prf_create(HASH_SHA512);
                case PRF_FIPS_SHA1_160:
                        return (prf_t*)fips_prf_create(20, g_sha1);
                case PRF_FIPS_DES:
index 7a45018..8560a4a 100644 (file)
@@ -45,6 +45,12 @@ enum pseudo_random_function_t {
        PRF_HMAC_SHA1 = 2,
        PRF_HMAC_TIGER = 3,
        PRF_AES128_CBC = 4,
+       /** Implemented via hmac_prf_t. */
+       PRF_HMAC_SHA2_256 = 5,
+       /** Implemented via hmac_prf_t. */
+       PRF_HMAC_SHA2_384 = 6,
+       /** Implemented via hmac_prf_t. */
+       PRF_HMAC_SHA2_512 = 7,
        /** Implemented via fips_prf_t, other output sizes would be possible */
        PRF_FIPS_SHA1_160 = 1025,
        /** Could be implemented via fips_prf_t, uses fixed output size of 160bit */
index 250d64b..747bc5e 100644 (file)
@@ -34,7 +34,11 @@ ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_AES_XCBC_96, AUTH_HM
        "DES_MAC",
        "KPDK_MD5",
        "AES_XCBC_96");
-ENUM_END(integrity_algorithm_names, AUTH_AES_XCBC_96);
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_SHA2_256_128, AUTH_HMAC_SHA2_512_256, AUTH_AES_XCBC_96,
+       "AUTH_HMAC_SHA2_256_128",
+       "AUTH_HMAC_SHA2_384_192",
+       "AUTH_HMAC_SHA2_512_256");
+ENUM_END(integrity_algorithm_names, AUTH_HMAC_SHA2_512_256);
 
 /*
  * Described in header.
@@ -49,6 +53,12 @@ signer_t *signer_create(integrity_algorithm_t integrity_algorithm)
                        return (signer_t *)hmac_signer_create(HASH_SHA1, 16);
                case AUTH_HMAC_MD5_96:
                        return (signer_t *)hmac_signer_create(HASH_MD5, 12);
+               case AUTH_HMAC_SHA2_256_128:
+                       return (signer_t *)hmac_signer_create(HASH_SHA256, 16);
+               case AUTH_HMAC_SHA2_384_192:
+                       return (signer_t *)hmac_signer_create(HASH_SHA384, 24);
+               case AUTH_HMAC_SHA2_512_256:
+                       return (signer_t *)hmac_signer_create(HASH_SHA512, 32);
                default:
                        return NULL;
        }
index 436161a..0f37097 100644 (file)
@@ -46,6 +46,12 @@ enum integrity_algorithm_t {
        AUTH_KPDK_MD5 = 4,
        AUTH_AES_XCBC_96 = 5,
        /** Implemented via hmac_signer_t */
+       AUTH_HMAC_SHA2_256_128 = 12,
+       /** Implemented via hmac_signer_t */
+       AUTH_HMAC_SHA2_384_192 = 13,
+       /** Implemented via hmac_signer_t */
+       AUTH_HMAC_SHA2_512_256 = 14,
+       /** Implemented via hmac_signer_t */
        AUTH_HMAC_SHA1_128 = 1025,
 };