fixed IKEv1 support of HMAC_SHA2_256_96
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 9 Dec 2009 08:33:32 +0000 (09:33 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 9 Dec 2009 08:33:32 +0000 (09:33 +0100)
src/pluto/alg_info.c
src/pluto/constants.c
src/pluto/kernel_alg.c

index ce7d1c7..edecf14 100644 (file)
@@ -51,20 +51,13 @@ int alg_info_esp_aa2sadb(int auth)
 {
        int sadb_aalg = 0;
 
-       switch(auth) {
+       switch(auth)
+       {
                case AUTH_ALGORITHM_HMAC_MD5:
                case AUTH_ALGORITHM_HMAC_SHA1:
                        sadb_aalg = auth + 1;
                        break;
-               case AUTH_ALGORITHM_HMAC_SHA2_256:
-               case AUTH_ALGORITHM_HMAC_SHA2_384:
-               case AUTH_ALGORITHM_HMAC_SHA2_512:
-               case AUTH_ALGORITHM_HMAC_RIPEMD:
-               case AUTH_ALGORITHM_AES_XCBC_MAC:
-                       sadb_aalg = auth;
-                       break;
                default:
-                       /* loose ... */
                        sadb_aalg = auth;
        }
        return sadb_aalg;
@@ -74,20 +67,13 @@ int alg_info_esp_sadb2aa(int sadb_aalg)
 {
        int auth = 0;
 
-       switch(sadb_aalg) {
+       switch(sadb_aalg)
+       {
                case SADB_AALG_MD5HMAC:
                case SADB_AALG_SHA1HMAC:
                        auth = sadb_aalg - 1;
                        break;
-               case SADB_X_AALG_SHA2_256HMAC:
-               case SADB_X_AALG_SHA2_384HMAC:
-               case SADB_X_AALG_SHA2_512HMAC:
-               case SADB_X_AALG_RIPEMD160HMAC:
-               case SADB_X_AALG_AES_XCBC_MAC:
-                       auth = sadb_aalg;
-                       break;
                default:
-                       /* loose ... */
                        auth = sadb_aalg;
        }
        return auth;
index 2d4784b..6f991fd 100644 (file)
@@ -675,15 +675,17 @@ static const char *const auth_alg_name[] = {
 };
 
 static const char *const extended_auth_alg_name[] = {
-       "NULL"
-       };
+       "NULL",
+       "HMAC_SHA2_256_96"
+};
 
 enum_names extended_auth_alg_names =
-       { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_NULL, extended_auth_alg_name, NULL };
+       { AUTH_ALGORITHM_NULL, AUTH_ALGORITHM_HMAC_SHA2_256_96,
+               extended_auth_alg_name, NULL };
 
 enum_names auth_alg_names =
-       { AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA, auth_alg_name
-               , &extended_auth_alg_names };
+       { AUTH_ALGORITHM_NONE, AUTH_ALGORITHM_SIG_RSA,
+               auth_alg_name, &extended_auth_alg_names };
 
 /* From draft-beaulieu-ike-xauth */
 static const char *const xauth_type_name[] = {
index 6734833..bf67315 100644 (file)
@@ -380,6 +380,7 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
                        )
                        /* if AES_CBC is registered then also register AES_CCM and AES_GCM */
                        if (satype == SADB_SATYPE_ESP &&
+                               supp_exttype == SADB_EXT_SUPPORTED_ENCRYPT &&
                                sadb.alg->sadb_alg_id == SADB_X_EALG_AESCBC)
                        {
                                struct sadb_alg alg = *sadb.alg;
@@ -395,6 +396,16 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
                                        }
                                }
                        }
+                       /* if SHA2_256 is registered then also register SHA2_256_96 */
+                       if (satype == SADB_SATYPE_ESP &&
+                               supp_exttype == SADB_EXT_SUPPORTED_AUTH &&
+                               sadb.alg->sadb_alg_id == SADB_X_AALG_SHA2_256HMAC)
+                       {
+                               struct sadb_alg alg = *sadb.alg;
+
+                               alg.sadb_alg_id = SADB_X_AALG_SHA2_256_96HMAC;
+                               kernel_alg_add(satype, supp_exttype, &alg);
+                       }
                }
        }
 }