From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 25 Feb 2015 15:06:45 +0000 (+0100)
Subject: hasher: Add filter function for algorithms permitted by RFC 7427
X-Git-Tag: 5.3.0dr1~39^2~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=247eadb73d4bda5b2c66d1de9ba80a8879c3bba3;p=thirdparty%2Fstrongswan.git

hasher: Add filter function for algorithms permitted by RFC 7427
---

diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 50357d125d..8822e0fcb6 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -248,6 +248,28 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
 	return AUTH_UNDEFINED;
 }
 
+/*
+ * Described in header.
+ */
+bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
+{
+	switch (alg)
+	{
+		case HASH_SHA1:
+		case HASH_SHA256:
+		case HASH_SHA384:
+		case HASH_SHA512:
+			return TRUE;
+		case HASH_UNKNOWN:
+		case HASH_MD2:
+		case HASH_MD4:
+		case HASH_MD5:
+		case HASH_SHA224:
+			break;
+	}
+	return FALSE;
+}
+
 /*
  * Described in header.
  */
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index bae95fc35e..48735bceb4 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -162,6 +162,14 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
 integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
 													size_t length);
 
+/**
+ * Check if the given algorithm may be used for IKEv2 signature authentication.
+ *
+ * @param alg			hash algorithm
+ * @return				TRUE if algorithm may be used, FALSE otherwise
+ */
+bool hasher_algorithm_for_ikev2(hash_algorithm_t alg);
+
 /**
  * Conversion of hash algorithm into ASN.1 OID.
  *