2 files changed, 158 insertions, 11 deletions

diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 81750a519..dc73d5223 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -1,7 +1,7 @@
 /*
- * Copyright (C) 2005 Jan Hutter
+ * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
- *
+ * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -32,6 +32,19 @@ ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512,
 	"HASH_SHA512"
 );
 
+ENUM(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA512,
+	"unknown",
+	"preferred",
+	"md2",
+	"md4",
+	"md5",
+	"sha1",
+	"sha224",
+	"sha256",
+	"sha384",
+	"sha512"
+);
+
 /*
  * Described in header.
  */
@@ -68,6 +81,105 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
 /*
  * Described in header.
  */
+hash_algorithm_t hasher_algorithm_from_prf(pseudo_random_function_t alg)
+{
+	switch (alg)
+	{
+		case PRF_HMAC_MD5:
+			return HASH_MD5;
+		case PRF_HMAC_SHA1:
+		case PRF_FIPS_SHA1_160:
+		case PRF_KEYED_SHA1:
+			return HASH_SHA1;
+		case PRF_HMAC_SHA2_256:
+			return HASH_SHA256;
+		case PRF_HMAC_SHA2_384:
+			return HASH_SHA384;
+		case PRF_HMAC_SHA2_512:
+			return HASH_SHA512;
+		case PRF_HMAC_TIGER:
+		case PRF_AES128_XCBC:
+		case PRF_AES128_CMAC:
+		case PRF_FIPS_DES:
+		case PRF_CAMELLIA128_XCBC:
+		case PRF_UNDEFINED:
+			break;
+	}
+	return HASH_UNKNOWN;
+}
+
+/*
+ * Described in header.
+ */
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+												 size_t *length)
+{
+	if (length)
+	{
+		switch (alg)
+		{
+			case AUTH_HMAC_MD5_96:
+			case AUTH_HMAC_SHA1_96:
+			case AUTH_HMAC_SHA2_256_96:
+				*length = 12;
+				break;
+			case AUTH_HMAC_MD5_128:
+			case AUTH_HMAC_SHA1_128:
+			case AUTH_HMAC_SHA2_256_128:
+				*length = 16;
+				break;
+			case AUTH_HMAC_SHA1_160:
+				*length = 20;
+				break;
+			case AUTH_HMAC_SHA2_384_192:
+				*length = 24;
+				break;
+			case AUTH_HMAC_SHA2_256_256:
+			case AUTH_HMAC_SHA2_512_256:
+				*length = 32;
+				break;
+			case AUTH_HMAC_SHA2_384_384:
+				*length = 48;
+				break;
+			default:
+				break;
+		}
+	}
+	switch (alg)
+	{
+		case AUTH_HMAC_MD5_96:
+		case AUTH_HMAC_MD5_128:
+		case AUTH_KPDK_MD5:
+			return HASH_MD5;
+		case AUTH_HMAC_SHA1_96:
+		case AUTH_HMAC_SHA1_128:
+		case AUTH_HMAC_SHA1_160:
+			return HASH_SHA1;
+		case AUTH_HMAC_SHA2_256_96:
+		case AUTH_HMAC_SHA2_256_128:
+		case AUTH_HMAC_SHA2_256_256:
+			return HASH_SHA256;
+		case AUTH_HMAC_SHA2_384_192:
+		case AUTH_HMAC_SHA2_384_384:
+			return HASH_SHA384;
+		case AUTH_HMAC_SHA2_512_256:
+			return HASH_SHA512;
+		case AUTH_AES_CMAC_96:
+		case AUTH_AES_128_GMAC:
+		case AUTH_AES_192_GMAC:
+		case AUTH_AES_256_GMAC:
+		case AUTH_AES_XCBC_96:
+		case AUTH_DES_MAC:
+		case AUTH_CAMELLIA_XCBC_96:
+		case AUTH_UNDEFINED:
+			break;
+	}
+	return HASH_UNKNOWN;
+}
+
+/*
+ * Described in header.
+ */
 int hasher_algorithm_to_oid(hash_algorithm_t alg)
 {
 	int oid;
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 9fa043c7e..759f6a23c 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -1,7 +1,7 @@
 /*
- * Copyright (C) 2005 Jan Hutter
+ * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
- *
+ * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@ typedef enum hash_algorithm_t hash_algorithm_t;
 typedef struct hasher_t hasher_t;
 
 #include <library.h>
+#include <crypto/prfs/prf.h>
+#include <crypto/signers/signer.h>
 #include <credentials/keys/public_key.h>
 
 /**
@@ -62,9 +64,15 @@ enum hash_algorithm_t {
 extern enum_name_t *hash_algorithm_names;
 
 /**
+ * Short names for hash_algorithm_names
+ */
+extern enum_name_t *hash_algorithm_short_names;
+
+/**
  * Generic interface for all hash functions.
  */
 struct hasher_t {
+
 	/**
 	 * Hash data and write it in the buffer.
 	 *
@@ -77,8 +85,10 @@ struct hasher_t {
 	 *
 	 * @param data		data to hash
 	 * @param hash		pointer where the hash will be written
+	 * @return			TRUE if hash created successfully
 	 */
-	void (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash);
+	bool (*get_hash)(hasher_t *this, chunk_t data,
+					 u_int8_t *hash) __attribute__((warn_unused_result));
 
 	/**
 	 * Hash data and allocate space for the hash.
@@ -89,36 +99,61 @@ struct hasher_t {
 	 *
 	 * @param data		chunk with data to hash
 	 * @param hash		chunk which will hold allocated hash
+	 * @return			TRUE if hash allocated successfully
 	 */
-	void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
+	bool (*allocate_hash)(hasher_t *this, chunk_t data,
+						  chunk_t *hash) __attribute__((warn_unused_result));
 
 	/**
 	 * Get the size of the resulting hash.
 	 *
 	 * @return			hash size in bytes
 	 */
-	size_t (*get_hash_size) (hasher_t *this);
+	size_t (*get_hash_size)(hasher_t *this);
 
 	/**
-	 * Resets the hashers state.
+	 * Resets the hasher's state.
+	 *
+	 * @return			TRUE if hasher reset successfully
 	 */
-	void (*reset) (hasher_t *this);
+	bool (*reset)(hasher_t *this) __attribute__((warn_unused_result));
 
 	/**
 	 * Destroys a hasher object.
 	 */
-	void (*destroy) (hasher_t *this);
+	void (*destroy)(hasher_t *this);
 };
 
 /**
  * Conversion of ASN.1 OID to hash algorithm.
  *
  * @param oid			ASN.1 OID
- * @return				hash algorithm, HASH_UNKNOWN if OID unsuported
+ * @return				hash algorithm, HASH_UNKNOWN if OID unsupported
  */
 hash_algorithm_t hasher_algorithm_from_oid(int oid);
 
 /**
+ * Conversion of PRF algorithm to hash algorithm (if based on one).
+ *
+ * @param alg			prf algorithm
+ * @return				hash algorithm, HASH_UNKNOWN if not based on a hash
+ */
+hash_algorithm_t hasher_algorithm_from_prf(pseudo_random_function_t alg);
+
+/**
+ * Conversion of integrity algorithm to hash algorithm (if based on one).
+ *
+ * If length is not NULL the length of the resulting signature is returned,
+ * which might be smaller than the output size of the underlying hash.
+ *
+ * @param alg			integrity algorithm
+ * @param length		returns signature length, if not NULL
+ * @return				hash algorithm, HASH_UNKNOWN if not based on a hash
+ */
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+												 size_t *length);
+
+/**
  * Conversion of hash algorithm into ASN.1 OID.
  *
  * @param alg			hash algorithm