Add support for SHA384 and SHA512, depref SHA256.
This changes the phase1 and phase2 proposals as follows: 1. Add SHA384 and SHA512 auth algorithms in ISAKMP proposals that have AES128 or AES256 encryption. 2. If the kernel supports SHA384 and SHA512, add them as phase 2 auth algorithms, above SHA1 and SHA256. 3. List SHA1 before SHA256 (both after SHA512 and SHA384), because of the interoperability issues with SHA256. The ISAKMP proposals don't have to check for kernel support because they are implemented by racoon in userspace. We move the code that configures the phase 2 proposals into its own function because determining whether a given algorithm is supported can only be done after pfkey_init is called. Test: On kernel with no CONFIG_CRYPTO_SHA512, SHA1 is used. Test: On kernel with CONFIG_CRYPTO_SHA512, SHA512 is used. Bug: 34114242 Change-Id: I39e92cd41fde6a81266415b3696e024cf22270fb
Loading
Please sign in to comment