Support the Linux specific SHA256 96 bit truncation HMAC via "sha256_96" keyword
authorMartin Willi <martin@strongswan.org>
Fri, 20 Nov 2009 09:49:03 +0000 (09:49 +0000)
committerMartin Willi <martin@strongswan.org>
Thu, 26 Nov 2009 09:39:25 +0000 (10:39 +0100)
src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/charon/sa/keymat.c
src/libstrongswan/crypto/proposal/proposal_keywords.txt
src/libstrongswan/crypto/signers/signer.c
src/libstrongswan/crypto/signers/signer.h

index de462bc..f0dc1bc 100644 (file)
@@ -195,7 +195,7 @@ static kernel_algorithm_t encryption_algs[] = {
 static kernel_algorithm_t integrity_algs[] = {
        {AUTH_HMAC_MD5_96,                      "md5"                           },
        {AUTH_HMAC_SHA1_96,                     "sha1"                          },
-       {AUTH_HMAC_SHA2_256_128,        "sha256"                        },
+       {AUTH_HMAC_SHA2_256_96,         "sha256"                        },
        {AUTH_HMAC_SHA2_384_192,        "sha384"                        },
        {AUTH_HMAC_SHA2_512_256,        "sha512"                        },
 /*     {AUTH_DES_MAC,                          "***"                           }, */
index 93f88a6..e496263 100644 (file)
@@ -110,6 +110,7 @@ keylen_entry_t keylen_enc[] = {
 keylen_entry_t keylen_int[] = {
        {AUTH_HMAC_MD5_96,                      128},
        {AUTH_HMAC_SHA1_96,                     160},
+       {AUTH_HMAC_SHA2_256_96,         256},
        {AUTH_HMAC_SHA2_256_128,        256},
        {AUTH_HMAC_SHA2_384_192,        384},
        {AUTH_HMAC_SHA2_512_256,        512},
index 511fdd5..139d689 100644 (file)
@@ -26,7 +26,7 @@ struct proposal_token {
     char             *name;
     transform_type_t  type;
        u_int16_t         algorithm;
-    u_int16_t         keysize;  
+    u_int16_t         keysize;
 };
 %%
 null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
@@ -96,6 +96,8 @@ sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
 sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
 sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
 sha2_256,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
+sha256_96,        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,    0
+sha2_256_96,      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,    0
 sha384,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
 sha2_384,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
 sha512,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0
index 1147e1f..e98916b 100644 (file)
 
 #include "signer.h"
 
-ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128,
+ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96,
        "UNDEFINED",
-       "HMAC_SHA1_128");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA1_128,
+       "HMAC_SHA1_128",
+       "HMAC_SHA2_256_96");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96,
        "HMAC_MD5_96",
        "HMAC_SHA1_96",
        "DES_MAC",
index c222af8..94e8c99 100644 (file)
@@ -64,6 +64,8 @@ enum integrity_algorithm_t {
        AUTH_HMAC_SHA2_512_256 = 14,
        /** private use */
        AUTH_HMAC_SHA1_128 = 1025,
+       /** SHA256 96 bit truncation variant, supported by Linux kernels */
+       AUTH_HMAC_SHA2_256_96 = 1026,
 };
 
 /**