From: Tobias Brunner Date: Wed, 10 May 2017 17:15:53 +0000 (+0200) Subject: child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256 X-Git-Tag: 5.5.3~22^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7637633bb9ac497563a10d93d32e26443edd4383;p=thirdparty%2Fstrongswan.git child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256 The correct truncation is 128-bit but some implementations insist on using 96-bit truncation. With strongSwan this can be negotiated using an algorithm identifier from a private range. But this doesn't work with third-party implementations. This adds an option to use 96-bit truncation even if the official identifier is used. --- diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 56ffab5973..a102c459ce 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -307,6 +307,9 @@ enum child_cfg_option_t { /** Enable hardware offload, if supported by the IPsec backend */ OPT_HW_OFFLOAD = (1<<5), + + /** Force 96-bit truncation for SHA-256 */ + OPT_SHA256_96 = (1<<6), }; /** diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 1d615915fa..e1ffc2aae5 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -802,6 +802,14 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr, this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS, &esn, NULL); + if (int_alg == AUTH_HMAC_SHA2_256_128 && + this->config->has_option(this->config, OPT_SHA256_96)) + { + DBG2(DBG_CHD, " using %N with 96-bit truncation", + integrity_algorithm_names, int_alg); + int_alg = AUTH_HMAC_SHA2_256_96; + } + if (!this->reqid_allocated && !this->static_reqid) { status = charon->kernel->alloc_reqid(charon->kernel, my_ts, other_ts,