static kernel_algorithm_t integrity_algs[] = {
{AUTH_HMAC_MD5_96, "md5" },
{AUTH_HMAC_SHA1_96, "sha1" },
- {AUTH_HMAC_SHA2_256_128, "sha256" },
+ {AUTH_HMAC_SHA2_256_96, "sha256" },
{AUTH_HMAC_SHA2_384_192, "sha384" },
{AUTH_HMAC_SHA2_512_256, "sha512" },
/* {AUTH_DES_MAC, "***" }, */
keylen_entry_t keylen_int[] = {
{AUTH_HMAC_MD5_96, 128},
{AUTH_HMAC_SHA1_96, 160},
+ {AUTH_HMAC_SHA2_256_96, 256},
{AUTH_HMAC_SHA2_256_128, 256},
{AUTH_HMAC_SHA2_384_192, 384},
{AUTH_HMAC_SHA2_512_256, 512},
char *name;
transform_type_t type;
u_int16_t algorithm;
- u_int16_t keysize;
+ u_int16_t keysize;
};
%%
null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
+sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
#include "signer.h"
-ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128,
+ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96,
"UNDEFINED",
- "HMAC_SHA1_128");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA1_128,
+ "HMAC_SHA1_128",
+ "HMAC_SHA2_256_96");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96,
"HMAC_MD5_96",
"HMAC_SHA1_96",
"DES_MAC",
AUTH_HMAC_SHA2_512_256 = 14,
/** private use */
AUTH_HMAC_SHA1_128 = 1025,
+ /** SHA256 96 bit truncation variant, supported by Linux kernels */
+ AUTH_HMAC_SHA2_256_96 = 1026,
};
/**