hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok

2 files changed, 35 insertions, 5 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 8b6d0676fa6..8011b81de7c 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.87 2003/02/16 21:30:13 deraadt Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.88 2003/07/24 08:03:19 itojun Exp $ */
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -99,18 +99,21 @@ static const struct sadb_alg ealgs[] = {
 	{ SADB_X_EALG_BLF, 64, 40, BLF_MAXKEYLEN * 8},
 	{ SADB_X_EALG_CAST, 64, 40, 128},
 	{ SADB_X_EALG_SKIPJACK, 64, 80, 80},
-	{ SADB_X_EALG_AES, 128, 64, 256},
+	{ SADB_X_EALG_AES, 128, 64, 256}
 };
 
 static const struct sadb_alg aalgs[] = {
 	{ SADB_AALG_SHA1HMAC, 0, 160, 160 },
 	{ SADB_AALG_MD5HMAC, 0, 128, 128 },
-	{ SADB_AALG_RIPEMD160HMAC, 0, 160, 160 }
+	{ SADB_AALG_RIPEMD160HMAC, 0, 160, 160 },
+	{ SADB_AALG_SHA2_256, 0, 256, 256 },
+	{ SADB_AALG_SHA2_384, 0, 384, 384 },
+	{ SADB_AALG_SHA2_512, 0, 512, 512 }
 };
 
 static const struct sadb_alg calgs[] = {
 	{ SADB_X_CALG_DEFLATE, 0, 0, 0},
-	{ SADB_X_CALG_LZS, 0, 0, 0},
+	{ SADB_X_CALG_LZS, 0, 0, 0}
 };
 
 extern uint32_t sadb_exts_allowed_out[SADB_MAX+1];
@@ -1950,6 +1953,21 @@ pfkeyv2_acquire(struct ipsec_policy *ipo, union sockaddr_union *gw,
 			sadb_comb->sadb_comb_auth = SADB_AALG_MD5HMAC;
 			sadb_comb->sadb_comb_auth_minbits = 128;
 			sadb_comb->sadb_comb_auth_maxbits = 128;
+		} else if (!strncasecmp(ipsec_def_auth, "hmac-sha2-256",
+		    sizeof("hmac-sha2-256"))) {
+			sadb_comb->sadb_comb_auth = SADB_AALG_SHA2_256;
+			sadb_comb->sadb_comb_auth_minbits = 256;
+			sadb_comb->sadb_comb_auth_maxbits = 256;
+		} else if (!strncasecmp(ipsec_def_auth, "hmac-sha2-384",
+		    sizeof("hmac-sha2-384"))) {
+			sadb_comb->sadb_comb_auth = SADB_AALG_SHA2_384;
+			sadb_comb->sadb_comb_auth_minbits = 384;
+			sadb_comb->sadb_comb_auth_maxbits = 384;
+		} else if (!strncasecmp(ipsec_def_auth, "hmac-sha2-512",
+		    sizeof("hmac-sha2-512"))) {
+			sadb_comb->sadb_comb_auth = SADB_AALG_SHA2_512;
+			sadb_comb->sadb_comb_auth_minbits = 512;
+			sadb_comb->sadb_comb_auth_maxbits = 512;
 		}
 
 		sadb_comb->sadb_comb_soft_allocations = ipsec_soft_allocations;
diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index e6209b2832d..43e14557ff0 100644
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_convert.c,v 1.15 2003/02/23 18:45:32 markus Exp $	*/
+/*	$OpenBSD: pfkeyv2_convert.c,v 1.16 2003/07/24 08:03:19 itojun Exp $	*/
 /*
  * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
  *
@@ -183,6 +183,18 @@ export_sa(void **p, struct tdb *tdb)
 			sadb_sa->sadb_sa_auth = SADB_AALG_RIPEMD160HMAC;
 			break;
 
+		case CRYPTO_SHA2_256_HMAC:
+			sadb_sa->sadb_sa_auth = SADB_AALG_SHA2_256;
+			break;
+
+		case CRYPTO_SHA2_384_HMAC:
+			sadb_sa->sadb_sa_auth = SADB_AALG_SHA2_384;
+			break;
+
+		case CRYPTO_SHA2_512_HMAC:
+			sadb_sa->sadb_sa_auth = SADB_AALG_SHA2_512;
+			break;
+
 		case CRYPTO_MD5_KPDK:
 			sadb_sa->sadb_sa_auth = SADB_X_AALG_MD5;
 			break;