Add support for untruncated HMAC-SHA-512

5 files changed, 13 insertions, 1 deletions

diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 4ed48ba36..679bb324e 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -141,6 +141,9 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
 			case AUTH_HMAC_SHA2_384_384:
 				*length = 48;
 				break;
+			case AUTH_HMAC_SHA2_512_512:
+				*length = 64;
+				break;
 			default:
 				break;
 		}
@@ -163,6 +166,7 @@ hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
 		case AUTH_HMAC_SHA2_384_384:
 			return HASH_SHA384;
 		case AUTH_HMAC_SHA2_512_256:
+		case AUTH_HMAC_SHA2_512_512:
 			return HASH_SHA512;
 		case AUTH_AES_CMAC_96:
 		case AUTH_AES_128_GMAC:
@@ -232,6 +236,8 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
 			{
 				case 32:
 					return AUTH_HMAC_SHA2_512_256;
+				case 64:
+					return AUTH_HMAC_SHA2_512_512;
 			}
 			break;
 		case HASH_MD2:
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 9b6bd479a..e0cf7eb5a 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -70,8 +70,10 @@ enum integrity_algorithm_t {
 	AUTH_HMAC_SHA2_256_256 = 1027,
 	/** SHA384 full length truncation variant, as used in TLS */
 	AUTH_HMAC_SHA2_384_384 = 1028,
+	/** SHA512 full length truncation variant */
+	AUTH_HMAC_SHA2_512_512 = 1029,
 	/** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
-	AUTH_CAMELLIA_XCBC_96 = 1029,
+	AUTH_CAMELLIA_XCBC_96 = 1030,
 };
 
 /**
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
index d995b1351..6ee380633 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
@@ -64,6 +64,7 @@ static struct {
 	{AUTH_HMAC_SHA2_384_192,	"hmac(sha384)",		24,		48,	},
 	{AUTH_HMAC_SHA2_384_384,	"hmac(sha384)",		48,		48,	},
 	{AUTH_HMAC_SHA2_512_256,	"hmac(sha512)",		32,		64,	},
+	{AUTH_HMAC_SHA2_512_512,	"hmac(sha512)",		64,		64,	},
 	{AUTH_AES_XCBC_96,			"xcbc(aes)",		12,		16,	},
 	{AUTH_CAMELLIA_XCBC_96,		"xcbc(camellia)",	12,		16,	},
 };
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index f9c0c484b..43d5a0364 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -73,6 +73,8 @@ METHOD(plugin_t, get_features, int,
 				PLUGIN_DEPENDS(HASHER,  HASH_SHA384),
 			PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
 				PLUGIN_DEPENDS(HASHER,  HASH_SHA512),
+			PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
+				PLUGIN_DEPENDS(HASHER,  HASH_SHA512),
 	};
 	*features = f;
 	return countof(f);
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index fb7a6d587..97d57471d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -307,6 +307,7 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
 			PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
 			PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
+			PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
 #endif
 #endif /* OPENSSL_NO_HMAC */
 #if OPENSSL_VERSION_NUMBER >= 0x1000100fL