Google Git
Sign in
android / platform / external / ipsec-tools / 12fee5fe621659791b204617d369f8085bb5ebec
commit12fee5fe621659791b204617d369f8085bb5ebec[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Mon Jan 23 17:33:47 2017 +0900
committerLorenzo Colitti <lorenzo@google.com>Mon Jan 23 19:12:14 2017 +0900
tree229e786c59c61e9e2818e58e5c65341152e39291
parenta7ed60ec39f53a7204939ce212029346ab9dfb22 [diff]
Add support for SHA384 and SHA512, depref SHA256.

This changes the phase1 and phase2 proposals as follows:

1. Add SHA384 and SHA512 auth algorithms in ISAKMP proposals
   that have AES128 or AES256 encryption.
2. If the kernel supports SHA384 and SHA512, add them as phase 2
   auth algorithms, above SHA1 and SHA256.
3. List SHA1 before SHA256 (both after SHA512 and SHA384),
   because of the interoperability issues with SHA256.

The ISAKMP proposals don't have to check for kernel support
because they are implemented by racoon in userspace.

We move the code that configures the phase 2 proposals into its
own function because determining whether a given algorithm is
supported can only be done after pfkey_init is called.

Test: On kernel with no CONFIG_CRYPTO_SHA512, SHA1 is used.
Test: On kernel with CONFIG_CRYPTO_SHA512, SHA512 is used.
Bug: 34114242
Change-Id: I39e92cd41fde6a81266415b3696e024cf22270fb
1 file changed
tree: 229e786c59c61e9e2818e58e5c65341152e39291
  1. src/
  2. Android.mk
  3. ChangeLog
  4. CleanSpec.mk
  5. config.h
  6. main.c
  7. Makefile
  8. MODULE_LICENSE_BSD
  9. NEWS
  10. NOTICE
  11. racoon.rc
  12. README
  13. README.google
  14. README.version
  15. setup.c