Added support for AUTH_HMAC_SHA2_256_256, used in TLS

src/libstrongswan/crypto/signers/signer.c

@@ -16,11 +16,12 @@
 
 #include "signer.h"
 
-ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96,
+ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_256,
 	"UNDEFINED",
 	"HMAC_SHA1_128",
-	"HMAC_SHA2_256_96");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96,
+	"HMAC_SHA2_256_96",
+	"HMAC_SHA2_256_256");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_256,
 	"HMAC_MD5_96",
 	"HMAC_SHA1_96",
 	"DES_MAC",

src/libstrongswan/crypto/signers/signer.h

@@ -66,6 +66,8 @@ enum integrity_algorithm_t {
 	AUTH_HMAC_SHA1_128 = 1025,
 	/** SHA256 96 bit truncation variant, supported by Linux kernels */
 	AUTH_HMAC_SHA2_256_96 = 1026,
+	/** SHA256 full length tuncation variant, as used in TLS */
+	AUTH_HMAC_SHA2_256_256 = 1027,
 };
 
 /**

src/libstrongswan/plugins/hmac/hmac_signer.c

@@ -177,6 +177,9 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo)
 			hash = HASH_SHA512;
 			trunc = 32;
 			break;
+		case AUTH_HMAC_SHA2_256_256:
+			hash = HASH_SHA256;
+			trunc = 32;
 		default:
 			return NULL;
 	}