child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256
authorTobias Brunner <tobias@strongswan.org>
Wed, 10 May 2017 17:15:53 +0000 (19:15 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 26 May 2017 09:22:27 +0000 (11:22 +0200)
The correct truncation is 128-bit but some implementations insist on
using 96-bit truncation.  With strongSwan this can be negotiated using
an algorithm identifier from a private range.  But this doesn't work
with third-party implementations.  This adds an option to use 96-bit
truncation even if the official identifier is used.

src/libcharon/config/child_cfg.h
src/libcharon/sa/child_sa.c

index 56ffab5..a102c45 100644 (file)
@@ -307,6 +307,9 @@ enum child_cfg_option_t {
 
        /** Enable hardware offload, if supported by the IPsec backend */
        OPT_HW_OFFLOAD = (1<<5),
+
+       /** Force 96-bit truncation for SHA-256 */
+       OPT_SHA256_96 = (1<<6),
 };
 
 /**
index 1d61591..e1ffc2a 100644 (file)
@@ -802,6 +802,14 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
        this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS,
                                                                  &esn, NULL);
 
+       if (int_alg == AUTH_HMAC_SHA2_256_128 &&
+               this->config->has_option(this->config, OPT_SHA256_96))
+       {
+               DBG2(DBG_CHD, "  using %N with 96-bit truncation",
+                        integrity_algorithm_names, int_alg);
+               int_alg = AUTH_HMAC_SHA2_256_96;
+       }
+
        if (!this->reqid_allocated && !this->static_reqid)
        {
                status = charon->kernel->alloc_reqid(charon->kernel, my_ts, other_ts,