Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.

This requires a Linux kernel >= 2.6.33.

diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c
index 33ece24b2f2ce049a02e00e04c7e37065c149d4a..d762fa34ee6b01088f6053b799157c86f511cddb 100644 (file)
--- a/src/libcharon/sa/keymat.c
+++ b/src/libcharon/sa/keymat.c
@@ -99,7 +99,9 @@ keylen_entry_t keylen_enc[] = {
  */
 keylen_entry_t keylen_int[] = {
        {AUTH_HMAC_MD5_96,                      128},
+       {AUTH_HMAC_MD5_128,                     128},
        {AUTH_HMAC_SHA1_96,                     160},
+       {AUTH_HMAC_SHA1_160,            160},
        {AUTH_HMAC_SHA2_256_96,         256},
        {AUTH_HMAC_SHA2_256_128,        256},
        {AUTH_HMAC_SHA2_384_192,        384},

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 7a2df236f2432ab82613f4c196f3532364e43206..b2cf778be29b8ad982585e0a30852c1dd1e6414d 100644 (file)
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -202,7 +202,9 @@ static kernel_algorithm_t encryption_algs[] = {
  */
 static kernel_algorithm_t integrity_algs[] = {
        {AUTH_HMAC_MD5_96,                      "md5"                           },
+       {AUTH_HMAC_MD5_128,                     "hmac(md5)"                     },
        {AUTH_HMAC_SHA1_96,                     "sha1"                          },
+       {AUTH_HMAC_SHA1_160,            "hmac(sha1)"            },
        {AUTH_HMAC_SHA2_256_96,         "sha256"                        },
        {AUTH_HMAC_SHA2_256_128,        "hmac(sha256)"          },
        {AUTH_HMAC_SHA2_384_192,        "hmac(sha384)"          },
@@ -1279,6 +1281,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 
        if (int_alg != AUTH_UNDEFINED)
        {
+               u_int trunc_len = 0;
+
                alg_name = lookup_algorithm(integrity_algs, int_alg);
                if (alg_name == NULL)
                {
@@ -1289,12 +1293,26 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
                DBG2(DBG_KNL, "  using integrity algorithm %N with key size %d",
                         integrity_algorithm_names, int_alg, int_key.len * 8);
 
-               if (int_alg == AUTH_HMAC_SHA2_256_128)
+               switch (int_alg)
+               {
+                       case AUTH_HMAC_MD5_128:
+                       case AUTH_HMAC_SHA2_256_128:
+                               trunc_len = 128;
+                               break;
+                       case AUTH_HMAC_SHA1_160:
+                               trunc_len = 160;
+                               break;
+                       default:
+                               break;
+               }
+
+               if (trunc_len)
                {
                        struct xfrm_algo_auth* algo;
 
                        /* the kernel uses SHA256 with 96 bit truncation by default,
-                        * use specified truncation size supported by newer kernels */
+                        * use specified truncation size supported by newer kernels.
+                        * also use this for untruncated MD5 and SHA1. */
                        rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC;
                        rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) +
                                                                                int_key.len);
@@ -1307,7 +1325,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 
                        algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
                        algo->alg_key_len = int_key.len * 8;
-                       algo->alg_trunc_len = 128;
+                       algo->alg_trunc_len = trunc_len;
                        strcpy(algo->alg_name, alg_name);
                        memcpy(algo->alg_key, int_key.ptr, int_key.len);
                }

diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 4ef664d8f4c8a3c0bffaaec6a3b49899ce47496a..b16e2eccbb78a183132e5d56fc997bba4206633e 100644 (file)
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -118,6 +118,7 @@ twofish192,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        192
 twofish256,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        256
 sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0
 sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0
+sha1_160,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_160,        0
 sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0
 sha2_256,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0
 sha256_96,        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0
@@ -127,6 +128,7 @@ sha2_384,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0
 sha512,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0
 sha2_512,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0
 md5,              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,          0
+md5_128,          INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_128,         0
 aesxcbc,          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,          0
 camelliaxcbc,     INTEGRITY_ALGORITHM,  AUTH_CAMELLIA_XCBC_96,     0
 modpnull,         DIFFIE_HELLMAN_GROUP, MODP_NULL,                 0