5 files changed, 40 insertions, 4 deletions

diff --git a/src/libstrongswan/crypto/hmac.c b/src/libstrongswan/crypto/hmac.c
index 720f10b38..df4f90bc8 100644
--- a/src/libstrongswan/crypto/hmac.c
+++ b/src/libstrongswan/crypto/hmac.c
@@ -189,8 +189,13 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
 	{
 		case HASH_SHA1:
 		case HASH_MD5:
+		case HASH_SHA256:
 			this->b = 64;
 			break;
+		case HASH_SHA384:
+		case HASH_SHA512:
+			this->b = 128;
+			break;
 		default:
 			free(this);
 			return NULL;	
diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c
index f3b05ea00..f803829af 100644
--- a/src/libstrongswan/crypto/prfs/prf.c
+++ b/src/libstrongswan/crypto/prfs/prf.c
@@ -32,12 +32,15 @@ ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_FIPS_DES,
 	"PRF_UNDEFINED",
 	"PRF_FIPS_SHA1_160",
 	"PRF_FIPS_DES");
-ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CBC, PRF_FIPS_DES,
+ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_HMAC_SHA2_512, PRF_FIPS_DES,
 	"PRF_HMAC_MD5",
 	"PRF_HMAC_SHA1",
 	"PRF_HMAC_TIGER",
-	"PRF_AES128_CBC");
-ENUM_END(pseudo_random_function_names, PRF_AES128_CBC);
+	"PRF_AES128_CBC",
+	"PRF_HMAC_SHA2_256",
+	"PRF_HMAC_SHA2_384",
+	"PRF_HMAC_SHA2_512");
+ENUM_END(pseudo_random_function_names, PRF_HMAC_SHA2_512);
 
 /*
  * Described in header.
@@ -50,6 +53,12 @@ prf_t *prf_create(pseudo_random_function_t pseudo_random_function)
 			return (prf_t*)hmac_prf_create(HASH_SHA1);
 		case PRF_HMAC_MD5:
 			return (prf_t*)hmac_prf_create(HASH_MD5);
+		case PRF_HMAC_SHA2_256:
+			return (prf_t*)hmac_prf_create(HASH_SHA256);
+		case PRF_HMAC_SHA2_384:
+			return (prf_t*)hmac_prf_create(HASH_SHA384);
+		case PRF_HMAC_SHA2_512:
+			return (prf_t*)hmac_prf_create(HASH_SHA512);
 		case PRF_FIPS_SHA1_160:
 			return (prf_t*)fips_prf_create(20, g_sha1);
 		case PRF_FIPS_DES:
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index 7a4501866..8560a4a9c 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -45,6 +45,12 @@ enum pseudo_random_function_t {
 	PRF_HMAC_SHA1 = 2,
 	PRF_HMAC_TIGER = 3,
 	PRF_AES128_CBC = 4,
+	/** Implemented via hmac_prf_t. */
+	PRF_HMAC_SHA2_256 = 5,
+	/** Implemented via hmac_prf_t. */
+	PRF_HMAC_SHA2_384 = 6,
+	/** Implemented via hmac_prf_t. */
+	PRF_HMAC_SHA2_512 = 7,
 	/** Implemented via fips_prf_t, other output sizes would be possible */
 	PRF_FIPS_SHA1_160 = 1025,
 	/** Could be implemented via fips_prf_t, uses fixed output size of 160bit */
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index 250d64b71..747bc5efa 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -34,7 +34,11 @@ ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_AES_XCBC_96, AUTH_HM
 	"DES_MAC",
 	"KPDK_MD5",
 	"AES_XCBC_96");
-ENUM_END(integrity_algorithm_names, AUTH_AES_XCBC_96);
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_SHA2_256_128, AUTH_HMAC_SHA2_512_256, AUTH_AES_XCBC_96,
+	"AUTH_HMAC_SHA2_256_128",
+	"AUTH_HMAC_SHA2_384_192",
+	"AUTH_HMAC_SHA2_512_256");
+ENUM_END(integrity_algorithm_names, AUTH_HMAC_SHA2_512_256);
 
 /*
  * Described in header.
@@ -49,6 +53,12 @@ signer_t *signer_create(integrity_algorithm_t integrity_algorithm)
 			return (signer_t *)hmac_signer_create(HASH_SHA1, 16);
 		case AUTH_HMAC_MD5_96:
 			return (signer_t *)hmac_signer_create(HASH_MD5, 12);
+		case AUTH_HMAC_SHA2_256_128:
+			return (signer_t *)hmac_signer_create(HASH_SHA256, 16);
+		case AUTH_HMAC_SHA2_384_192:
+			return (signer_t *)hmac_signer_create(HASH_SHA384, 24);
+		case AUTH_HMAC_SHA2_512_256:
+			return (signer_t *)hmac_signer_create(HASH_SHA512, 32);
 		default:
 			return NULL;
 	}
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 436161a66..0f3709712 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -46,6 +46,12 @@ enum integrity_algorithm_t {
 	AUTH_KPDK_MD5 = 4,
 	AUTH_AES_XCBC_96 = 5,
 	/** Implemented via hmac_signer_t */
+	AUTH_HMAC_SHA2_256_128 = 12,
+	/** Implemented via hmac_signer_t */
+	AUTH_HMAC_SHA2_384_192 = 13,
+	/** Implemented via hmac_signer_t */
+	AUTH_HMAC_SHA2_512_256 = 14,
+	/** Implemented via hmac_signer_t */
 	AUTH_HMAC_SHA1_128 = 1025,
 };