aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c2
-rw-r--r--src/charon/sa/keymat.c1
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.txt4
-rw-r--r--src/libstrongswan/crypto/signers/signer.c7
-rw-r--r--src/libstrongswan/crypto/signers/signer.h2
5 files changed, 11 insertions, 5 deletions
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index de462bcbf..f0dc1bc94 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -195,7 +195,7 @@ static kernel_algorithm_t encryption_algs[] = {
static kernel_algorithm_t integrity_algs[] = {
{AUTH_HMAC_MD5_96, "md5" },
{AUTH_HMAC_SHA1_96, "sha1" },
- {AUTH_HMAC_SHA2_256_128, "sha256" },
+ {AUTH_HMAC_SHA2_256_96, "sha256" },
{AUTH_HMAC_SHA2_384_192, "sha384" },
{AUTH_HMAC_SHA2_512_256, "sha512" },
/* {AUTH_DES_MAC, "***" }, */
diff --git a/src/charon/sa/keymat.c b/src/charon/sa/keymat.c
index 93f88a6fc..e49626354 100644
--- a/src/charon/sa/keymat.c
+++ b/src/charon/sa/keymat.c
@@ -110,6 +110,7 @@ keylen_entry_t keylen_enc[] = {
keylen_entry_t keylen_int[] = {
{AUTH_HMAC_MD5_96, 128},
{AUTH_HMAC_SHA1_96, 160},
+ {AUTH_HMAC_SHA2_256_96, 256},
{AUTH_HMAC_SHA2_256_128, 256},
{AUTH_HMAC_SHA2_384_192, 384},
{AUTH_HMAC_SHA2_512_256, 512},
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 511fdd50a..139d689ca 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -26,7 +26,7 @@ struct proposal_token {
char *name;
transform_type_t type;
u_int16_t algorithm;
- u_int16_t keysize;
+ u_int16_t keysize;
};
%%
null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
@@ -96,6 +96,8 @@ sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
+sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0
sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index 1147e1f26..e98916bfe 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -16,10 +16,11 @@
#include "signer.h"
-ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128,
+ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96,
"UNDEFINED",
- "HMAC_SHA1_128");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA1_128,
+ "HMAC_SHA1_128",
+ "HMAC_SHA2_256_96");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96,
"HMAC_MD5_96",
"HMAC_SHA1_96",
"DES_MAC",
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index c222af8ea..94e8c99b9 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -64,6 +64,8 @@ enum integrity_algorithm_t {
AUTH_HMAC_SHA2_512_256 = 14,
/** private use */
AUTH_HMAC_SHA1_128 = 1025,
+ /** SHA256 96 bit truncation variant, supported by Linux kernels */
+ AUTH_HMAC_SHA2_256_96 = 1026,
};
/**
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 20:13:50 +0000