- Updated to new upstream.

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-07-10 12:47:56 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-07-10 12:47:56 +0000
commit: eb841c5ef668a48782ef1154fda65cb6048f5885 (patch)
tree: 00dd0cb4313bf2291d94ed511fe51f0b4bc7ea7a /src/libstrongswan/crypto/prfs
parent: 738206039047924ae7e4762a53d121be1ca43000 (diff)
download: vyos-strongswan-eb841c5ef668a48782ef1154fda65cb6048f5885.tar.gz
vyos-strongswan-eb841c5ef668a48782ef1154fda65cb6048f5885.zip
6 files changed, 35 insertions, 615 deletions
diff --git a/src/libstrongswan/crypto/prfs/fips_prf.c b/src/libstrongswan/crypto/prfs/fips_prf.c
deleted file mode 100644
index 0ab80b089..000000000
--- a/src/libstrongswan/crypto/prfs/fips_prf.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/**
- * @file fips_prf.c
- * 
- * @brief Implementation for fips_prf_t.
- * 
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "fips_prf.h"
-
-#include <arpa/inet.h>
-
-#include <debug.h>
-
-typedef struct private_fips_prf_t private_fips_prf_t;
-
-/**
- * Private data of a fips_prf_t object.
- */
-struct private_fips_prf_t {
-	/**
-	 * Public fips_prf_t interface.
-	 */
-	fips_prf_t public;
-	
-	/**
-	 * key of prf function, "b" long
-	 */
-	u_int8_t *key;
-	
-	/**
-	 * size of "b" in bytes
-	 */
-	size_t b;
-	
-	/**
-	 * G function, either SHA1 or DES
-	 */
-	void (*g)(u_int8_t t[], chunk_t c, u_int8_t res[]);
-};
-
-/**
- * t used in G(), equals to initial SHA1 value
- */
-static u_int8_t t[] = {
-	0x67,0x45,0x23,0x01,0xEF,0xCD,0xAB,0x89,0x98,0xBA,
-	0xDC,0xFE,0x10,0x32,0x54,0x76,0xC3,0xD2,0xE1,0xF0,
-};
-
-/**
- * sum = (a + b) mod 2 ^ (length * 8)
- */
-static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[])
-{
-	int i, c = 0;
-	
-	for(i = length - 1; i >= 0; i--)
-	{
-		u_int32_t tmp;
-		
-		tmp = a[i] + b[i] + c;
-		sum[i] = 0xff & tmp;
-		c = tmp >> 8;
-	}
-}
-
-/**
- * calculate "chunk mod 2^(length*8)" and save it into buffer
- */
-static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[])
-{
-	if (chunk.len < length)
-	{
-		/* apply seed as least significant bits, others are zero */
-		memset(buffer, 0, length - chunk.len);
-		memcpy(buffer + length - chunk.len, chunk.ptr, chunk.len);
-	}
-	else
-	{
-		/* use least significant bytes from seed, as we use mod 2^b */
-		memcpy(buffer, chunk.ptr + chunk.len - length, length);
-	}
-}
-
-/**
- * Implementation of prf_t.get_bytes.
- *
- * Test vector:
- *
- * key:
- * 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b,
- * 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f,
- * 0xeb, 0x5a, 0x38, 0xb6
- *
- * seed:
- * 0x00
- *
- * result:
- * 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f,
- * 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49,
- * 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba,
- * 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78,
- * 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16
- */
-static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[])
-{
-	int i;
-	u_int8_t xval[this->b];
-	u_int8_t xseed[this->b];
-	u_int8_t sum[this->b];
-	u_int8_t *xkey = this->key;
-	u_int8_t one[this->b];
-	chunk_t xval_chunk = chunk_from_buf(xval);
-	
-	memset(one, 0, this->b);
-	one[this->b - 1] = 0x01;
-	
-	/* 3.1 */
-	chunk_mod(this->b, seed, xseed);
-	
-	/* 3.2 */
-	for (i = 0; i < 2; i++) /* twice */
-	{
-		/* a. XVAL = (XKEY + XSEED j) mod 2^b */
-		add_mod(this->b, xkey, xseed, xval);
-		DBG3("XVAL %b", xval, this->b);
-		/* b. wi = G(t, XVAL ) */
-		this->g(t, xval_chunk, &w[i * this->b]);
-		DBG3("w[%d] %b", i, &w[i * this->b], this->b);
-		/* c. XKEY = (1 + XKEY + wi) mod 2b */
-		add_mod(this->b, xkey, &w[i * this->b], sum);
-		add_mod(this->b, sum, one, xkey);
-		DBG3("XKEY %b", xkey, this->b);
-	}
-	
-	/* 3.3 done already, mod q not used */
-}
-
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_fips_prf_t *this)
-{
-	return 2 * this->b;
-}
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_fips_prf_t *this, chunk_t seed, chunk_t *chunk)
-{
-	*chunk = chunk_alloc(get_block_size(this));
-	get_bytes(this, seed, chunk->ptr);
-}
-
-/**
- * Implementation of prf_t.get_key_size.
- */
-static size_t get_key_size(private_fips_prf_t *this)
-{
-	return this->b;
-}
-
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_fips_prf_t *this, chunk_t key)
-{
-	/* save key as "key mod 2^b" */
-	chunk_mod(this->b, key, this->key);
-}
-
-/**
- * Implementation of the G() function based on SHA1
- */
-void g_sha1(u_int8_t t[], chunk_t c, u_int8_t res[])
-{
-	hasher_t *hasher;
-	u_int8_t buf[64];
-	chunk_t state_chunk;
-	u_int32_t *state, *iv, *hash;
-	
-	if (c.len < sizeof(buf))
-	{
-		/* pad c with zeros */
-		memset(buf, 0, sizeof(buf));
-		memcpy(buf, c.ptr, c.len);
-		c.ptr = buf;
-		c.len = sizeof(buf);
-	}
-	else
-	{
-		/* not more than 512 bits can be G()-ed */
-		c.len = sizeof(buf);
-	}
-	
-	/* our SHA1 hasher's state is 32-Bit integers in host order. We must
-	 * convert them */
-	hasher = hasher_create(HASH_SHA1);
-	state_chunk = hasher->get_state(hasher);
-	state = (u_int32_t*)state_chunk.ptr;
-	iv = (u_int32_t*)t;
-	hash = (u_int32_t*)res;
-	state[0] = htonl(iv[0]);
-	state[1] = htonl(iv[1]);
-	state[2] = htonl(iv[2]);
-	state[3] = htonl(iv[3]);
-	hasher->get_hash(hasher, c, NULL);
-	hash[0] = htonl(state[0]);
-	hash[1] = htonl(state[1]);
-	hash[2] = htonl(state[2]);
-	hash[3] = htonl(state[3]);
-	hash[4] = htonl(state[4]);
-	hasher->destroy(hasher);
-}
-
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_fips_prf_t *this)
-{
-	free(this->key);
-	free(this);
-}
-
-/*
- * Described in header.
- */
-fips_prf_t *fips_prf_create(size_t b, void(*g)(u_int8_t[],chunk_t,u_int8_t[]))
-{
-	private_fips_prf_t *this = malloc_thing(private_fips_prf_t);
-	
-	this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
-	this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
-	this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
-	this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
-	this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
-	this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
-	
-	this->g = g;
-	this->b = b;
-	this->key = malloc(b);
-	
-	return &(this->public);
-}
diff --git a/src/libstrongswan/crypto/prfs/fips_prf.h b/src/libstrongswan/crypto/prfs/fips_prf.h
deleted file mode 100644
index 283ee1f61..000000000
--- a/src/libstrongswan/crypto/prfs/fips_prf.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/**
- * @file fips_prf.h
- * 
- * @brief Interface of fips_prf_t.
- * 
- */
-
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef FIPS_PRF_H_
-#define FIPS_PRF_H_
-
-typedef struct fips_prf_t fips_prf_t;
-
-#include <library.h>
-#include <crypto/prfs/prf.h>
-#include <crypto/hashers/hasher.h>
-
-/**
- * @brief Implementation of prf_t using the FIPS 186-2-change1 standard.
- *
- * FIPS defines a "General Purpose Random Number Generator" (Revised
- * Algorithm for Computing m values of x (Appendix 3.1 of FIPS 186-2)). This
- * implementation is not intended for private key generation and therefore does
- * not include the "mod q" operation (see FIPS 186-2-change1 p74).
- * The FIPS PRF is stateful; the key changes every time when bytes are acquired.
- *
- * @b Constructors:
- *  - fips_prf_create()
- *  - prf_create() using one of the FIPS algorithms
- * 
- * @ingroup prfs
- */
-struct fips_prf_t {
-	
-	/**
-	 * Generic prf_t interface for this fips_prf_t class.
-	 */
-	prf_t prf_interface;
-};
-
-/**
- * @brief Creates a new fips_prf_t object.
- * 
- * FIPS 186-2 defines G() functions used in the PRF function. It can
- * be implemented either based on SHA1 or DES.
- *
- * @param b		size of b (in bytes, not bits)
- * @param g		G() function to use (e.g. g_sha1)
- * @return
- *				- fips_prf_t object
- *				- NULL if b invalid not supported
- * 
- * @ingroup prfs
- */
-fips_prf_t *fips_prf_create(size_t b, void(*g)(u_int8_t[],chunk_t,u_int8_t[]));
-
-/**
- * @brief Implementation of the G() function based on SHA1.
- *
- * @param t		initialization vector for SHA1 hasher, 20 bytes long
- * @param c		value to hash, not longer than 512 bit
- * @param res	result of G(), requries 20 bytes
- */
-void g_sha1(u_int8_t t[], chunk_t c, u_int8_t res[]);
-
-#endif /* FIPS_PRF_H_ */
diff --git a/src/libstrongswan/crypto/prfs/hmac_prf.c b/src/libstrongswan/crypto/prfs/hmac_prf.c
deleted file mode 100644
index f315f880d..000000000
--- a/src/libstrongswan/crypto/prfs/hmac_prf.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/**
- * @file hmac_prf.c
- * 
- * @brief Implementation for hmac_prf_t.
- * 
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "hmac_prf.h"
-
-#include <crypto/hmac.h>
-
-
-typedef struct private_hmac_prf_t private_hmac_prf_t;
-
-/**
- * Private data of a hma_prf_t object.
- */
-struct private_hmac_prf_t {
-	/**
-	 * Public hmac_prf_t interface.
-	 */
-	hmac_prf_t public;	
-	
-	/**
-	 * Hmac to use for generation.
-	 */
-	hmac_t *hmac;
-};
-
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
-{
-	this->hmac->get_mac(this->hmac, seed, buffer);
-}
-
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk)
-{
-	this->hmac->allocate_mac(this->hmac, seed, chunk);
-}
-
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_prf_t *this)
-{
-	return this->hmac->get_block_size(this->hmac);
-}
-
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_key_size(private_hmac_prf_t *this)
-{
-	/* for HMAC prfs, IKEv2 uses block size as key size */
-	return this->hmac->get_block_size(this->hmac);
-}
-
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_hmac_prf_t *this, chunk_t key)
-{
-	this->hmac->set_key(this->hmac, key);
-}
-
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_hmac_prf_t *this)
-{
-	this->hmac->destroy(this->hmac);
-	free(this);
-}
-
-/*
- * Described in header.
- */
-hmac_prf_t *hmac_prf_create(hash_algorithm_t hash_algorithm)
-{
-	private_hmac_prf_t *this = malloc_thing(private_hmac_prf_t);
-	
-	this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
-	this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
-	this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
-	this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
-	this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
-	this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
-	
-	this->hmac = hmac_create(hash_algorithm);
-	if (this->hmac == NULL)
-	{
-		free(this);
-		return NULL;	
-	}
-	
-	return &(this->public);
-}
diff --git a/src/libstrongswan/crypto/prfs/hmac_prf.h b/src/libstrongswan/crypto/prfs/hmac_prf.h
deleted file mode 100644
index 9b06ee3a2..000000000
--- a/src/libstrongswan/crypto/prfs/hmac_prf.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * @file hmac_prf.h
- * 
- * @brief Interface of hmac_prf_t.
- * 
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef PRF_HMAC_H_
-#define PRF_HMAC_H_
-
-typedef struct hmac_prf_t hmac_prf_t;
-
-#include <library.h>
-#include <crypto/prfs/prf.h>
-#include <crypto/hashers/hasher.h>
-
-/**
- * @brief Implementation of prf_t interface using the
- * HMAC algorithm.
- * 
- * This simply wraps a hmac_t in a prf_t. More a question of
- * interface matching.
- * 
- * @b Constructors:
- *  - hmac_prf_create()
- * 
- * @ingroup prfs
- */
-struct hmac_prf_t {
-	
-	/**
-	 * Generic prf_t interface for this hmac_prf_t class.
-	 */
-	prf_t prf_interface;
-};
-
-/**
- * @brief Creates a new hmac_prf_t object.
- * 
- * @param hash_algorithm	hmac's hash algorithm
- * @return
- * 							- hmac_prf_t object
- * 							- NULL if hash not supported
- * 
- * @ingroup prfs
- */
-hmac_prf_t *hmac_prf_create(hash_algorithm_t hash_algorithm);
-
-#endif /*PRF_HMAC_SHA1_H_*/
diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c
index f803829af..812f6278d 100644
--- a/src/libstrongswan/crypto/prfs/prf.c
+++ b/src/libstrongswan/crypto/prfs/prf.c
@@ -1,10 +1,3 @@
-/**
- * @file prf.c
- * 
- * @brief Generic constructor for all prf_t
- * 
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,20 +12,18 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: prf.c 3619 2008-03-19 14:02:52Z martin $
  */
 
-
 #include "prf.h"
 
-#include <crypto/hashers/hasher.h>
-#include <crypto/prfs/hmac_prf.h>
-#include <crypto/prfs/fips_prf.h>
-
-ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_FIPS_DES,
+ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_KEYED_SHA1,
 	"PRF_UNDEFINED",
 	"PRF_FIPS_SHA1_160",
-	"PRF_FIPS_DES");
-ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_HMAC_SHA2_512, PRF_FIPS_DES,
+	"PRF_FIPS_DES",
+	"PRF_KEYED_SHA1");
+ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_HMAC_SHA2_512, PRF_KEYED_SHA1,
 	"PRF_HMAC_MD5",
 	"PRF_HMAC_SHA1",
 	"PRF_HMAC_TIGER",
@@ -42,29 +33,3 @@ ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_HMAC_SHA2_512, PRF_FIP
 	"PRF_HMAC_SHA2_512");
 ENUM_END(pseudo_random_function_names, PRF_HMAC_SHA2_512);
 
-/*
- * Described in header.
- */
-prf_t *prf_create(pseudo_random_function_t pseudo_random_function)
-{
-	switch (pseudo_random_function)
-	{
-		case PRF_HMAC_SHA1:
-			return (prf_t*)hmac_prf_create(HASH_SHA1);
-		case PRF_HMAC_MD5:
-			return (prf_t*)hmac_prf_create(HASH_MD5);
-		case PRF_HMAC_SHA2_256:
-			return (prf_t*)hmac_prf_create(HASH_SHA256);
-		case PRF_HMAC_SHA2_384:
-			return (prf_t*)hmac_prf_create(HASH_SHA384);
-		case PRF_HMAC_SHA2_512:
-			return (prf_t*)hmac_prf_create(HASH_SHA512);
-		case PRF_FIPS_SHA1_160:
-			return (prf_t*)fips_prf_create(20, g_sha1);
-		case PRF_FIPS_DES:
-		case PRF_HMAC_TIGER:
-		case PRF_AES128_CBC:
-		default:
-			return NULL;
-	}
-}
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index 8560a4a9c..324eb89b4 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -1,10 +1,3 @@
-/**
- * @file prf.h
- * 
- * @brief Interface prf_t.
- * 
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: prf.h 3916 2008-05-08 12:43:27Z martin $
+ */
+ 
+/**
+ * @defgroup prf prf
+ * @{ @ingroup crypto
  */
 
 #ifndef PRF_H_
@@ -30,12 +30,10 @@ typedef struct prf_t prf_t;
 #include <library.h>
 
 /**
- * @brief Pseudo random function, as in IKEv2 RFC 3.3.2.
+ * Pseudo random function, as in IKEv2 RFC 3.3.2.
  *
  * PRF algorithms not defined in IKEv2 are allocated in "private use"
  * space.
- *
- * @ingroup prfs
  */
 enum pseudo_random_function_t {
 	PRF_UNDEFINED = 1024,
@@ -44,7 +42,7 @@ enum pseudo_random_function_t {
 	/** Implemented via hmac_prf_t. */
 	PRF_HMAC_SHA1 = 2,
 	PRF_HMAC_TIGER = 3,
-	PRF_AES128_CBC = 4,
+	PRF_AES128_XCBC = 4,
 	/** Implemented via hmac_prf_t. */
 	PRF_HMAC_SHA2_256 = 5,
 	/** Implemented via hmac_prf_t. */
@@ -55,6 +53,11 @@ enum pseudo_random_function_t {
 	PRF_FIPS_SHA1_160 = 1025,
 	/** Could be implemented via fips_prf_t, uses fixed output size of 160bit */
 	PRF_FIPS_DES = 1026,
+	/** 
+	 * Keyed hash algorithm using SHA1, used in EAP-AKA:
+	 * This PRF uses SHA1, but XORs the key into the IV. No "Final()" operation
+	 * is applied to the SHA1 state. */
+	PRF_KEYED_SHA1 = 1027,
 };
 
 /**
@@ -63,80 +66,53 @@ enum pseudo_random_function_t {
 extern enum_name_t *pseudo_random_function_names;
 
 /**
- * @brief Generic interface for pseudo-random-functions.
- * 
- * @b Constructors:
- *  - prf_create()
- *  - hmac_prf_create()
- * 
- * @todo Implement more prf algorithms
- * 
- * @ingroup prfs
+ * Generic interface for pseudo-random-functions.
  */
 struct prf_t {
 	/**
-	 * @brief Generates pseudo random bytes and writes them in the buffer.
+	 * Generates pseudo random bytes and writes them in the buffer.
 	 *
-	 * @param this			calling object
-	 * @param seed			a chunk containing the seed for the next bytes
-	 * @param[out] buffer	pointer where the generated bytes will be written
+	 * @param seed		a chunk containing the seed for the next bytes
+	 * @param buffer	pointer where the generated bytes will be written
 	 */
 	void (*get_bytes) (prf_t *this, chunk_t seed, u_int8_t *buffer);
 	
 	/**
-	 * @brief Generates pseudo random bytes and allocate space for them.
+	 * Generates pseudo random bytes and allocate space for them.
 	 * 
-	 * @param this			calling object
-	 * @param seed			a chunk containing the seed for the next bytes
-	 * @param[out] chunk	chunk which will hold generated bytes
+	 * @param seed		a chunk containing the seed for the next bytes
+	 * @param chunk		chunk which will hold generated bytes
 	 */
 	void (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk);
 	
 	/**
-	 * @brief Get the block size of this prf_t object.
+	 * Get the block size of this prf_t object.
 	 * 
-	 * @param this			calling object
-	 * @return				block size in bytes
+	 * @return			block size in bytes
 	 */
 	size_t (*get_block_size) (prf_t *this);
 	
 	/**
-	 * @brief Get the key size of this prf_t object.
+	 * Get the key size of this prf_t object.
 	 *
 	 * This is a suggestion only, all implemented PRFs accept variable key
 	 * length.
 	 * 
-	 * @param this			calling object
-	 * @return				key size in bytes
+	 * @return			key size in bytes
 	 */
 	size_t (*get_key_size) (prf_t *this);
 	
 	/**
-	 * @brief Set the key for this prf_t object.
+	 * Set the key for this prf_t object.
 	 * 
-	 * @param this			calling object
-	 * @param key			key to set
+	 * @param key		key to set
 	 */
 	void (*set_key) (prf_t *this, chunk_t key);
 	
 	/**
-	 * @brief Destroys a prf object.
-	 *
-	 * @param this 			calling object
+	 * Destroys a prf object.
 	 */
 	void (*destroy) (prf_t *this);
 };
 
-/**
- * @brief Generic constructor for a prf_t oject.
- * 
- * @param pseudo_random_function	Algorithm to use
- * @return
- * 									- prf_t object
- * 									- NULL if prf algorithm not supported
- *
- * @ingroup prfs
- */
-prf_t *prf_create(pseudo_random_function_t pseudo_random_function);
-
-#endif /*PRF_H_*/
+#endif /*PRF_H_ @} */
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-07-10 12:47:56 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-07-10 12:47:56 +0000
commit	eb841c5ef668a48782ef1154fda65cb6048f5885 (patch)
tree	00dd0cb4313bf2291d94ed511fe51f0b4bc7ea7a /src/libstrongswan/crypto/prfs
parent	738206039047924ae7e4762a53d121be1ca43000 (diff)
download	vyos-strongswan-eb841c5ef668a48782ef1154fda65cb6048f5885.tar.gz vyos-strongswan-eb841c5ef668a48782ef1154fda65cb6048f5885.zip