hasher: Add filter function for algorithms permitted by RFC 7427

author Tobias Brunner <tobias@strongswan.org>

Wed, 25 Feb 2015 15:06:45 +0000 (16:06 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Wed, 4 Mar 2015 12:54:08 +0000 (13:54 +0100)
author Tobias Brunner <tobias@strongswan.org>
Wed, 25 Feb 2015 15:06:45 +0000 (16:06 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Wed, 4 Mar 2015 12:54:08 +0000 (13:54 +0100)
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c

index 50357d125d7e9112667c90bd23dc87e53bb27c79..8822e0fcb65f561b4acee183520866ac0c382849 100644 (file)
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -248,6 +248,28 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
         return AUTH_UNDEFINED;
  }
  
+/*
+ * Described in header.
+ */
+bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
+{
+       switch (alg)
+       {
+               case HASH_SHA1:
+               case HASH_SHA256:
+               case HASH_SHA384:
+               case HASH_SHA512:
+                       return TRUE;
+               case HASH_UNKNOWN:
+               case HASH_MD2:
+               case HASH_MD4:
+               case HASH_MD5:
+               case HASH_SHA224:
+                       break;
+       }
+       return FALSE;
+}
+
  /*
   * Described in header.
   */
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h

index bae95fc35e0ec4f60ca0d87c4ca6c560a96376d4..48735bceb4e6459dc84158e3444d04a3a2aa7a7b 100644 (file)
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -162,6 +162,14 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
  integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
                                                                                                         size_t length);
  
+/**
+ * Check if the given algorithm may be used for IKEv2 signature authentication.
+ *
+ * @param alg                  hash algorithm
+ * @return                             TRUE if algorithm may be used, FALSE otherwise
+ */
+bool hasher_algorithm_for_ikev2(hash_algorithm_t alg);
+
  /**
   * Conversion of hash algorithm into ASN.1 OID.
   *
author	Tobias Brunner <tobias@strongswan.org>
	Wed, 25 Feb 2015 15:06:45 +0000 (16:06 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Wed, 4 Mar 2015 12:54:08 +0000 (13:54 +0100)
src/libstrongswan/crypto/hashers/hasher.c		patch \| blob \| blame \| history
src/libstrongswan/crypto/hashers/hasher.h		patch \| blob \| blame \| history