hasher_algorithm_from_integrity() optionally returns truncation length

2012-06-22 11:28:10 +02:00 · 2012-06-22 11:28:10 +02:00 · 903093d439
parent 73d032e412
commit 903093d439
3 changed files with 45 additions and 7 deletions
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@ -68,9 +68,41 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
 /*
 * Described in header.
 */
-hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t integrity)
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+												 size_t *length)
 {
-	switch (integrity)
+	if (length)
+	{
+		switch (alg)
+		{
+			case AUTH_HMAC_MD5_96:
+			case AUTH_HMAC_SHA1_96:
+			case AUTH_HMAC_SHA2_256_96:
+				*length = 12;
+				break;
+			case AUTH_HMAC_MD5_128:
+			case AUTH_HMAC_SHA1_128:
+			case AUTH_HMAC_SHA2_256_128:
+				*length = 16;
+				break;
+			case AUTH_HMAC_SHA1_160:
+				*length = 20;
+				break;
+			case AUTH_HMAC_SHA2_384_192:
+				*length = 24;
+				break;
+			case AUTH_HMAC_SHA2_256_256:
+			case AUTH_HMAC_SHA2_512_256:
+				*length = 32;
+				break;
+			case AUTH_HMAC_SHA2_384_384:
+				*length = 48;
+				break;
+			default:
+				break;
+		}
+	}
+	switch (alg)
 	{
 		case AUTH_HMAC_MD5_96:
 		case AUTH_HMAC_MD5_128:
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@ -101,7 +101,7 @@ struct hasher_t {
 	size_t (*get_hash_size) (hasher_t *this);

 	/**
-	 * Resets the hashers state.
+	 * Resets the hasher's state.
 	 */
 	void (*reset) (hasher_t *this);

@ -115,17 +115,22 @@ struct hasher_t {
 * Conversion of ASN.1 OID to hash algorithm.
 *
 * @param oid			ASN.1 OID
- * @return				hash algorithm, HASH_UNKNOWN if OID unsuported
+ * @return				hash algorithm, HASH_UNKNOWN if OID unsupported
 */
 hash_algorithm_t hasher_algorithm_from_oid(int oid);

 /**
 * Conversion of integrity algorithm to hash algorithm (if based on one).
 *
- * @param integrity		integrity algorithm
+ * If length is not NULL the length of the resulting signature is returned,
+ * which might be smaller than the output size of the underlying hash.
+ *
+ * @param alg			integrity algorithm
+ * @param length		returns signature length, if not NULL
 * @return				hash algorithm, HASH_UNKNOWN if not based on a hash
 */
-hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t integrity);
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+												 size_t *length);

 /**
 * Conversion of hash algorithm into ASN.1 OID.
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@ -851,7 +851,8 @@ int main(int argc, char **argv)
 					{
 						usage("invalid algorithm specified");
 					}
-					hash = hasher_algorithm_from_integrity(token->algorithm);
+					hash = hasher_algorithm_from_integrity(token->algorithm,
+														   NULL);
 					if (hash == OID_UNKNOWN)
 					{
 						usage("invalid algorithm specified");