From ea317ae3d0bef8a5fdf61b6dcbb1413e46cc336b Mon Sep 17 00:00:00 2001 From: Jun-ichiro itojun Hagino Date: Thu, 24 Jul 2003 08:03:21 +0000 Subject: hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok --- sbin/ipsecadm/ipsecadm.8 | 7 +++++-- sbin/ipsecadm/ipsecadm.c | 5 ++++- sbin/ipsecadm/pfkdump.c | 8 ++++---- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'sbin/ipsecadm') diff --git a/sbin/ipsecadm/ipsecadm.8 b/sbin/ipsecadm/ipsecadm.8 index afe417fadd3..75a09c0fe88 100644 --- a/sbin/ipsecadm/ipsecadm.8 +++ b/sbin/ipsecadm/ipsecadm.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsecadm.8,v 1.61 2003/06/10 16:41:28 deraadt Exp $ +.\" $OpenBSD: ipsecadm.8,v 1.62 2003/07/24 08:03:19 itojun Exp $ .\" .\" Copyright 1997 Niels Provos .\" All rights reserved. @@ -423,7 +423,10 @@ and .Nm sha1 for both old and new ah and also new esp. Also -.Nm rmd160 +.Nm rmd160 , +.Nm sha2-256 , +.Nm sha2-384 , +.Nm sha2-512 for both new ah and esp. .It Fl comp The compression algorithm to be used with the IPCA. diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c index cc2a4bb4d09..015c5b4d583 100644 --- a/sbin/ipsecadm/ipsecadm.c +++ b/sbin/ipsecadm/ipsecadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecadm.c,v 1.67 2003/07/02 21:44:57 deraadt Exp $ */ +/* $OpenBSD: ipsecadm.c,v 1.68 2003/07/24 08:03:19 itojun Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -103,6 +103,9 @@ transform xf[] = { { "skipjack", SADB_X_EALG_SKIPJACK, XF_ENC | ESP_NEW }, { "md5", SADB_AALG_MD5HMAC, XF_AUTH | AH_NEW | ESP_NEW }, { "sha1", SADB_AALG_SHA1HMAC, XF_AUTH | AH_NEW | ESP_NEW }, + { "sha2-256", SADB_AALG_SHA2_256, XF_AUTH | AH_NEW | ESP_NEW }, + { "sha2-384", SADB_AALG_SHA2_384, XF_AUTH | AH_NEW | ESP_NEW }, + { "sha2-512", SADB_AALG_SHA2_512, XF_AUTH | AH_NEW | ESP_NEW }, { "md5", SADB_X_AALG_MD5, XF_AUTH | AH_OLD }, { "sha1", SADB_X_AALG_SHA1, XF_AUTH | AH_OLD }, { "rmd160", SADB_AALG_RIPEMD160HMAC, XF_AUTH | AH_NEW | ESP_NEW }, diff --git a/sbin/ipsecadm/pfkdump.c b/sbin/ipsecadm/pfkdump.c index ed6c3263e97..2c1f5846842 100644 --- a/sbin/ipsecadm/pfkdump.c +++ b/sbin/ipsecadm/pfkdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkdump.c,v 1.5 2003/07/02 21:44:57 deraadt Exp $ */ +/* $OpenBSD: pfkdump.c,v 1.6 2003/07/24 08:03:19 itojun Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -146,9 +146,9 @@ struct idname auth_types[] = { { SADB_AALG_MD5HMAC, "hmac-md5", NULL }, { SADB_AALG_RIPEMD160HMAC, "hmac-ripemd160", NULL }, { SADB_AALG_SHA1HMAC, "hmac-sha1", NULL }, - { SADB_AALG_SHA2_256, "sha2-256", NULL }, - { SADB_AALG_SHA2_384, "sha2-384", NULL }, - { SADB_AALG_SHA2_512, "sha2-512", NULL }, + { SADB_AALG_SHA2_256, "hmac-sha2-256", NULL }, + { SADB_AALG_SHA2_384, "hmac-sha2-384", NULL }, + { SADB_AALG_SHA2_512, "hmac-sha2-512", NULL }, { SADB_X_AALG_MD5, "md5", NULL }, { SADB_X_AALG_SHA1, "sha1", NULL }, { 0, NULL, NULL } -- cgit v1.2.3