From: Martin Willi <martin@revosec.ch>
Date: Mon, 25 Jan 2010 11:15:05 +0000 (+0000)
Subject: Added support for AUTH_HMAC_SHA2_256_256, used in TLS
X-Git-Tag: 4.5.0~659
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9dc73cd21c5fe42d95ee9991d4bf962d9876f6c4;p=thirdparty%2Fstrongswan.git

Added support for AUTH_HMAC_SHA2_256_256, used in TLS
---

diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index e98916bfea..1c7dcaef0f 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -16,11 +16,12 @@
 
 #include "signer.h"
 
-ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96,
+ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_256,
 	"UNDEFINED",
 	"HMAC_SHA1_128",
-	"HMAC_SHA2_256_96");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96,
+	"HMAC_SHA2_256_96",
+	"HMAC_SHA2_256_256");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_256,
 	"HMAC_MD5_96",
 	"HMAC_SHA1_96",
 	"DES_MAC",
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 94e8c99b96..02efc1c5ac 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -66,6 +66,8 @@ enum integrity_algorithm_t {
 	AUTH_HMAC_SHA1_128 = 1025,
 	/** SHA256 96 bit truncation variant, supported by Linux kernels */
 	AUTH_HMAC_SHA2_256_96 = 1026,
+	/** SHA256 full length tuncation variant, as used in TLS */
+	AUTH_HMAC_SHA2_256_256 = 1027,
 };
 
 /**
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c
index f82a8f3a12..7b8e03c6d1 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.c
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.c
@@ -177,6 +177,9 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo)
 			hash = HASH_SHA512;
 			trunc = 32;
 			break;
+		case AUTH_HMAC_SHA2_256_256:
+			hash = HASH_SHA256;
+			trunc = 32;
 		default:
 			return NULL;
 	}