hasher_algorithm_from_integrity() optionally returns truncation length

diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 6cf828a3645fa40acad9f2ba0e131d4f69974c79..5809762220c6d0623233db8708f89baba57d13da 100644 (file)
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -68,9 +68,41 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
 /*
  * Described in header.
  */
-hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t integrity)
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+                                                                                                size_t *length)
 {
-       switch (integrity)
+       if (length)
+       {
+               switch (alg)
+               {
+                       case AUTH_HMAC_MD5_96:
+                       case AUTH_HMAC_SHA1_96:
+                       case AUTH_HMAC_SHA2_256_96:
+                               *length = 12;
+                               break;
+                       case AUTH_HMAC_MD5_128:
+                       case AUTH_HMAC_SHA1_128:
+                       case AUTH_HMAC_SHA2_256_128:
+                               *length = 16;
+                               break;
+                       case AUTH_HMAC_SHA1_160:
+                               *length = 20;
+                               break;
+                       case AUTH_HMAC_SHA2_384_192:
+                               *length = 24;
+                               break;
+                       case AUTH_HMAC_SHA2_256_256:
+                       case AUTH_HMAC_SHA2_512_256:
+                               *length = 32;
+                               break;
+                       case AUTH_HMAC_SHA2_384_384:
+                               *length = 48;
+                               break;
+                       default:
+                               break;
+               }
+       }
+       switch (alg)
        {
                case AUTH_HMAC_MD5_96:
                case AUTH_HMAC_MD5_128:

diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 4d0d66fcf3262524efb47f61293b936b18d713ca..5325e017bb65559c491d59284f1e67f9cd989d09 100644 (file)
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -101,7 +101,7 @@ struct hasher_t {
        size_t (*get_hash_size) (hasher_t *this);
 
        /**
-        * Resets the hashers state.
+        * Resets the hasher's state.
         */
        void (*reset) (hasher_t *this);
 
@@ -115,17 +115,22 @@ struct hasher_t {
  * Conversion of ASN.1 OID to hash algorithm.
  *
  * @param oid                  ASN.1 OID
- * @return                             hash algorithm, HASH_UNKNOWN if OID unsuported
+ * @return                             hash algorithm, HASH_UNKNOWN if OID unsupported
  */
 hash_algorithm_t hasher_algorithm_from_oid(int oid);
 
 /**
  * Conversion of integrity algorithm to hash algorithm (if based on one).
  *
- * @param integrity            integrity algorithm
+ * If length is not NULL the length of the resulting signature is returned,
+ * which might be smaller than the output size of the underlying hash.
+ *
+ * @param alg                  integrity algorithm
+ * @param length               returns signature length, if not NULL
  * @return                             hash algorithm, HASH_UNKNOWN if not based on a hash
  */
-hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t integrity);
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+                                                                                                size_t *length);
 
 /**
  * Conversion of hash algorithm into ASN.1 OID.

diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 56aafa415b54b9e1667099bcd2c13d934092378b..76d639a84e905b9102af709d575efdce111e3c57 100644 (file)
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -851,7 +851,8 @@ int main(int argc, char **argv)
                                        {
                                                usage("invalid algorithm specified");
                                        }
-                                       hash = hasher_algorithm_from_integrity(token->algorithm);
+                                       hash = hasher_algorithm_from_integrity(token->algorithm,
+                                                                                                                  NULL);
                                        if (hash == OID_UNKNOWN)
                                        {
                                                usage("invalid algorithm specified");