From 1f2a34d6d8f497e37e856567857ba44bea431b8b Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 12 Apr 2013 12:48:04 +0200 Subject: [PATCH] Add support for untruncated HMAC-SHA-512 --- src/libstrongswan/crypto/hashers/hasher.c | 6 ++++++ src/libstrongswan/crypto/signers/signer.h | 4 +++- src/libstrongswan/plugins/af_alg/af_alg_signer.c | 1 + src/libstrongswan/plugins/hmac/hmac_plugin.c | 2 ++ src/libstrongswan/plugins/openssl/openssl_plugin.c | 1 + 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 4ed48ba36..679bb324e 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -141,6 +141,9 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg, case AUTH_HMAC_SHA2_384_384: *length = 48; break; + case AUTH_HMAC_SHA2_512_512: + *length = 64; + break; default: break; } @@ -163,6 +166,7 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg, case AUTH_HMAC_SHA2_384_384: return HASH_SHA384; case AUTH_HMAC_SHA2_512_256: + case AUTH_HMAC_SHA2_512_512: return HASH_SHA512; case AUTH_AES_CMAC_96: case AUTH_AES_128_GMAC: @@ -232,6 +236,8 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg, { case 32: return AUTH_HMAC_SHA2_512_256; + case 64: + return AUTH_HMAC_SHA2_512_512; } break; case HASH_MD2: diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 9b6bd479a..e0cf7eb5a 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -70,8 +70,10 @@ enum integrity_algorithm_t { AUTH_HMAC_SHA2_256_256 = 1027, /** SHA384 full length truncation variant, as used in TLS */ AUTH_HMAC_SHA2_384_384 = 1028, + /** SHA512 full length truncation variant */ + AUTH_HMAC_SHA2_512_512 = 1029, /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */ - AUTH_CAMELLIA_XCBC_96 = 1029, + AUTH_CAMELLIA_XCBC_96 = 1030, }; /** diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c index d995b1351..6ee380633 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c @@ -64,6 +64,7 @@ static struct { {AUTH_HMAC_SHA2_384_192, "hmac(sha384)", 24, 48, }, {AUTH_HMAC_SHA2_384_384, "hmac(sha384)", 48, 48, }, {AUTH_HMAC_SHA2_512_256, "hmac(sha512)", 32, 64, }, + {AUTH_HMAC_SHA2_512_512, "hmac(sha512)", 64, 64, }, {AUTH_AES_XCBC_96, "xcbc(aes)", 12, 16, }, {AUTH_CAMELLIA_XCBC_96, "xcbc(camellia)", 12, 16, }, }; diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index f9c0c484b..43d5a0364 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -73,6 +73,8 @@ METHOD(plugin_t, get_features, int, PLUGIN_DEPENDS(HASHER, HASH_SHA384), PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA512), }; *features = f; return countof(f); diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index fb7a6d587..97d57471d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -307,6 +307,7 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192), PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384), PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), #endif #endif /* OPENSSL_NO_HMAC */ #if OPENSSL_VERSION_NUMBER >= 0x1000100fL -- 2.39.5