From: Tobias Brunner Date: Wed, 4 Apr 2012 08:51:46 +0000 (+0200) Subject: Make AES-CMAC actually usable for IKEv2. X-Git-Tag: 4.6.3~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bad192069f3efb4eb895aa0a15a10fdacbdb8d5a;p=thirdparty%2Fstrongswan.git Make AES-CMAC actually usable for IKEv2. --- diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 2251b82dd7..d3c60a4696 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -598,6 +598,9 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) case AUTH_CAMELLIA_XCBC_96: prf = PRF_CAMELLIA128_XCBC; break; + case AUTH_AES_CMAC_96: + prf = PRF_AES128_CMAC; + break; default: prf = PRF_UNDEFINED; } @@ -794,6 +797,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) case AUTH_HMAC_SHA2_512_256: case AUTH_HMAC_MD5_96: case AUTH_AES_XCBC_96: + case AUTH_AES_CMAC_96: add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0); break; default: @@ -813,6 +817,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) case PRF_HMAC_SHA2_512: case PRF_HMAC_MD5: case PRF_AES128_XCBC: + case PRF_AES128_CMAC: add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); break; default: diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index b16e2eccbb..1d04f2dc42 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -131,6 +131,7 @@ md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0 md5_128, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0 aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0 camelliaxcbc, INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0 +aescmac, INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0 modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0 modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0 modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0