[svn-upgrade] Integrating new upstream version, strongswan (4.2.4)

4 files changed, 29 insertions, 342 deletions

diff --git a/src/libstrongswan/crypto/signers/hmac_signer.c b/src/libstrongswan/crypto/signers/hmac_signer.c
deleted file mode 100644
index ad5b882a6..000000000
--- a/src/libstrongswan/crypto/signers/hmac_signer.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/**
- * @file hmac_signer.c
- * 
- * @brief Implementation of hmac_signer_t.
- * 
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "hmac_signer.h"
-
-#include <crypto/prfs/hmac_prf.h>
-
-typedef struct private_hmac_signer_t private_hmac_signer_t;
-
-/**
- * Private data structure with signing context.
- */
-struct private_hmac_signer_t {
-	/**
-	 * Public interface of hmac_signer_t.
-	 */
-	hmac_signer_t public;
-	
-	/**
-	 * Assigned hmac function.
-	 */
-	prf_t *hmac_prf;
-	
-	/**
-	 * Block size (truncation of HMAC Hash)
-	 */
-	size_t block_size;
-};
-
-/**
- * Implementation of signer_t.get_signature.
- */
-static void get_signature(private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
-{
-	if (buffer == NULL)
-	{	/* append mode */
-		this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
-	}
-	else
-	{
-		u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
-		
-		this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
-		memcpy(buffer, full_mac, this->block_size);
-	}
-}
-
-/**
- * Implementation of signer_t.allocate_signature.
- */
-static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
-{
-	if (chunk == NULL)
-	{	/* append mode */
-		this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
-	}
-	else
-	{
-		chunk_t signature;
-		u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
-		
-		this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
-
-		signature.ptr = malloc(this->block_size);
-		signature.len = this->block_size;
-		
-		memcpy(signature.ptr, full_mac, this->block_size);
-
-		*chunk = signature;
-	}
-}
-
-/**
- * Implementation of signer_t.verify_signature.
- */
-static bool verify_signature(private_hmac_signer_t *this, chunk_t data, chunk_t signature)
-{
-	u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
-	
-	this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
-	
-	if (signature.len != this->block_size)
-	{
-		return FALSE;
-	}
-	
-	/* compare mac aka signature :-) */
-	if (memcmp(signature.ptr, full_mac, this->block_size) == 0)
-	{
-		return TRUE;
-	}
-	else
-	{
-		return FALSE;
-	}
-}
-
-/**
- * Implementation of signer_t.get_key_size.
- */
-static size_t get_key_size(private_hmac_signer_t *this)
-{
-	/* for HMAC signer, IKEv2 uses block size as key size */
-	return this->hmac_prf->get_block_size(this->hmac_prf);
-}
-
-/**
- * Implementation of signer_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_signer_t *this)
-{
-	return this->block_size;
-}
-
-/**
- * Implementation of signer_t.set_key.
- */
-static void set_key(private_hmac_signer_t *this, chunk_t key)
-{
-	this->hmac_prf->set_key(this->hmac_prf, key);
-}
-
-/**
- * Implementation of signer_t.destroy.
- */
-static status_t destroy(private_hmac_signer_t *this)
-{
-	this->hmac_prf->destroy(this->hmac_prf);
-	free(this);
-	return SUCCESS;
-}
-
-/*
- * Described in header
- */
-hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm, size_t block_size)
-{
-	size_t hmac_block_size;
-	private_hmac_signer_t *this = malloc_thing(private_hmac_signer_t);
-
-	this->hmac_prf = (prf_t *) hmac_prf_create(hash_algoritm);
-	if (this->hmac_prf == NULL)
-	{
-		/* algorithm not supported */
-		free(this);
-		return NULL;
-	}
-	
-	/* prevent invalid truncation */
-	hmac_block_size = this->hmac_prf->get_block_size(this->hmac_prf);
-	this->block_size = min(block_size, hmac_block_size);
-	
-	/* interface functions */
-	this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
-	this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
-	this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
-	this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
-	this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
-	this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
-	this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
-	
-	return &(this->public);
-}
diff --git a/src/libstrongswan/crypto/signers/hmac_signer.h b/src/libstrongswan/crypto/signers/hmac_signer.h
deleted file mode 100644
index 2449069bd..000000000
--- a/src/libstrongswan/crypto/signers/hmac_signer.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * @file hmac_signer.h
- * 
- * @brief Interface of hmac_signer_t.
- * 
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef HMAC_SIGNER_H_
-#define HMAC_SIGNER_H_
-
-typedef struct hmac_signer_t hmac_signer_t;
-
-#include <crypto/signers/signer.h>
-#include <crypto/hashers/hasher.h>
-
-/**
- * @brief Implementation of signer_t interface using HMAC.
- *
- * HMAC uses a standard hash function implemented in a hasher_t to build
- * a MAC.
- *
- * @ingroup signers
- */
-struct hmac_signer_t {
-	
-	/**
-	 * generic signer_t interface for this signer
-	 */
-	signer_t signer_interface;
-};
-
-/**
- * @brief Creates a new hmac_signer_t.
- *
- * HMAC signatures are often truncated to shorten them to a more usable, but
- * still secure enough length.
- * Block size must be equal or smaller then the hash algorithms
- * hash.
- *
- * @param hash_algoritm		Hash algorithm to use with signer
- * @param block_size		Size of resulting signature (truncated to block_size)
- * @return					
- * 							- hmac_signer_t
- * 							- NULL if hash algorithm not supported
- * 
- * @ingroup signers
- */
-hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm,
-								  size_t block_size);
-
-
-#endif /*HMAC_SIGNER_H_*/
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index 747bc5efa..8412ff62e 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -1,10 +1,3 @@
-/**
- * @file signer.c
- * 
- * @brief Implementation of generic signer_t constructor.
- * 
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,12 +12,12 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: signer.c 3589 2008-03-13 14:14:44Z martin $
  */
 
 #include "signer.h"
 
-#include <crypto/signers/hmac_signer.h>
-
 ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128,
 	"UNDEFINED",
 	"AUTH_HMAC_SHA1_128");
@@ -40,26 +33,3 @@ ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_SHA2_256_128, AUTH_HMAC_SHA2_512_
 	"AUTH_HMAC_SHA2_512_256");
 ENUM_END(integrity_algorithm_names, AUTH_HMAC_SHA2_512_256);
 
-/*
- * Described in header.
- */
-signer_t *signer_create(integrity_algorithm_t integrity_algorithm)
-{
-	switch(integrity_algorithm)
-	{
-		case AUTH_HMAC_SHA1_96:
-			return (signer_t *)hmac_signer_create(HASH_SHA1, 12);
-		case AUTH_HMAC_SHA1_128:
-			return (signer_t *)hmac_signer_create(HASH_SHA1, 16);
-		case AUTH_HMAC_MD5_96:
-			return (signer_t *)hmac_signer_create(HASH_MD5, 12);
-		case AUTH_HMAC_SHA2_256_128:
-			return (signer_t *)hmac_signer_create(HASH_SHA256, 16);
-		case AUTH_HMAC_SHA2_384_192:
-			return (signer_t *)hmac_signer_create(HASH_SHA384, 24);
-		case AUTH_HMAC_SHA2_512_256:
-			return (signer_t *)hmac_signer_create(HASH_SHA512, 32);
-		default:
-			return NULL;
-	}
-}
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 4218e4146..f67c38f07 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -1,10 +1,3 @@
-/**
- * @file signer.h
- * 
- * @brief Interface for signer_t.
- * 
- */
-
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: signer.h 3589 2008-03-13 14:14:44Z martin $
+ */
+ 
+/**
+ * @defgroup signer signer
+ * @{ @ingroup crypto
  */
 
 #ifndef SIGNER_H_
@@ -30,11 +30,9 @@ typedef struct signer_t signer_t;
 #include <library.h>
 
 /**
- * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
+ * Integrity algorithm, as in IKEv2 RFC 3.3.2.
  *
  * Algorithms not specified in IKEv2 are allocated in private use space.
- *
- * @ingroup signers
  */
 enum integrity_algorithm_t {
 	AUTH_UNDEFINED = 1024,
@@ -61,93 +59,65 @@ enum integrity_algorithm_t {
 extern enum_name_t *integrity_algorithm_names;
 
 /**
- * @brief Generig interface for a symmetric signature algorithm.
- *
- * @b Constructors:
- *  - signer_create()
- *  - hmac_signer_create()
- *
- * @todo Implement more integrity algorithms
- *
- * @ingroup signers
+ * Generig interface for a symmetric signature algorithm.
  */
 struct signer_t {
 	/**
-	 * @brief Generate a signature.
+	 * Generate a signature.
 	 *
 	 * If buffer is NULL, data is processed and prepended to a next call until
 	 * buffer is a valid pointer.
 	 * 
-	 * @param this			calling object
-	 * @param data			a chunk containing the data to sign
-	 * @param[out] buffer	pointer where the signature will be written
+	 * @param data		a chunk containing the data to sign
+	 * @param buffer	pointer where the signature will be written
 	 */
 	void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
 	
 	/**
-	 * @brief Generate a signature and allocate space for it.
+	 * Generate a signature and allocate space for it.
 	 *
 	 * If chunk is NULL, data is processed and prepended to a next call until
 	 * chunk is a valid chunk pointer.
 	 * 
-	 * @param this			calling object
-	 * @param data			a chunk containing the data to sign
-	 * @param[out] chunk	chunk which will hold the allocated signature
+	 * @param data		a chunk containing the data to sign
+	 * @param chunk		chunk which will hold the allocated signature
 	 */
 	void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
 	
 	/**
-	 * @brief Verify a signature.
+	 * Verify a signature.
 	 * 
-	 * @param this			calling object
-	 * @param data			a chunk containing the data to verify
-	 * @param signature		a chunk containing the signature
-	 * @return				TRUE, if signature is valid, FALSE otherwise
+	 * @param data		a chunk containing the data to verify
+	 * @param signature	a chunk containing the signature
+	 * @return			TRUE, if signature is valid, FALSE otherwise
 	 */
 	bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature);
 	
 	/**
-	 * @brief Get the block size of this signature algorithm.
+	 * Get the block size of this signature algorithm.
 	 * 
-	 * @param this			calling object
-	 * @return				block size in bytes
+	 * @return			block size in bytes
 	 */
 	size_t (*get_block_size) (signer_t *this);
 	
 	/**
-	 * @brief Get the key size of the signature algorithm.
+	 * Get the key size of the signature algorithm.
 	 * 
-	 * @param this			calling object
-	 * @return				key size in bytes
+	 * @return			key size in bytes
 	 */
 	size_t (*get_key_size) (signer_t *this);
 	
 	/**
-	 * @brief Set the key for this object.
+	 * Set the key for this object.
 	 * 
-	 * @param this			calling object
-	 * @param key			key to set
+	 * @param key		key to set
 	 */
 	void (*set_key) (signer_t *this, chunk_t key);
 	
 	/**
-	 * @brief Destroys a signer_t object.
-	 *
-	 * @param this			calling object
+	 * Destroys a signer_t object.
 	 */
 	void (*destroy) (signer_t *this);
 };
 
-/**
- * @brief Creates a new signer_t object.
- * 
- * @param integrity_algorithm	Algorithm to use for signing and verifying.
- * @return
- * 								- signer_t object
- * 								- NULL if signer not supported
- * 
- * @ingroup signers
- */
-signer_t *signer_create(integrity_algorithm_t integrity_algorithm);
-
-#endif /*SIGNER_H_*/
+#endif /*SIGNER_H_ @} */