diff options
Diffstat (limited to 'src/libstrongswan/plugins/cmac')
| -rw-r--r-- | src/libstrongswan/plugins/cmac/Makefile.am | 3 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/Makefile.in | 22 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/cmac.c | 127 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/cmac.h | 60 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/cmac_plugin.c | 3 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/cmac_prf.c | 121 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/cmac_prf.h | 50 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/cmac_signer.c | 159 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/cmac/cmac_signer.h | 47 |
9 files changed, 129 insertions, 463 deletions
diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am index ce0104f11..5cac3959c 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.am +++ b/src/libstrongswan/plugins/cmac/Makefile.am @@ -10,7 +10,6 @@ plugin_LTLIBRARIES = libstrongswan-cmac.la endif libstrongswan_cmac_la_SOURCES = \ - cmac_plugin.h cmac_plugin.c cmac.h cmac.c \ - cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c + cmac_plugin.h cmac_plugin.c cmac.h cmac.c libstrongswan_cmac_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index 093e63f32..eba059a29 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -49,6 +49,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; @@ -75,15 +76,14 @@ am__base_list = \ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_cmac_la_LIBADD = -am_libstrongswan_cmac_la_OBJECTS = cmac_plugin.lo cmac.lo cmac_prf.lo \ - cmac_signer.lo +am_libstrongswan_cmac_la_OBJECTS = cmac_plugin.lo cmac.lo libstrongswan_cmac_la_OBJECTS = $(am_libstrongswan_cmac_la_OBJECTS) libstrongswan_cmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_cmac_la_LDFLAGS) $(LDFLAGS) -o $@ @MONOLITHIC_FALSE@am_libstrongswan_cmac_la_rpath = -rpath $(plugindir) @MONOLITHIC_TRUE@am_libstrongswan_cmac_la_rpath = -DEFAULT_INCLUDES = -I.@am__isrc@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f @@ -109,6 +109,7 @@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BFDLIB = @BFDLIB@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ @@ -203,11 +204,14 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ -default_pkcs11 = @default_pkcs11@ +dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -224,11 +228,12 @@ imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ -libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -244,6 +249,7 @@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ @@ -253,7 +259,6 @@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ -pluto_plugins = @pluto_plugins@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ @@ -286,8 +291,7 @@ AM_CFLAGS = -rdynamic @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-cmac.la @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-cmac.la libstrongswan_cmac_la_SOURCES = \ - cmac_plugin.h cmac_plugin.c cmac.h cmac.c \ - cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c + cmac_plugin.h cmac_plugin.c cmac.h cmac.c libstrongswan_cmac_la_LDFLAGS = -module -avoid-version all: all-am @@ -375,8 +379,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_plugin.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_prf.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_signer.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c index 5ec7073c7..725d02d76 100644 --- a/src/libstrongswan/plugins/cmac/cmac.c +++ b/src/libstrongswan/plugins/cmac/cmac.c @@ -18,20 +18,23 @@ #include "cmac.h" #include <debug.h> +#include <crypto/mac.h> +#include <crypto/prfs/mac_prf.h> +#include <crypto/signers/mac_signer.h> -typedef struct private_cmac_t private_cmac_t; +typedef struct private_mac_t private_mac_t; /** - * Private data of a cmac_t object. + * Private data of a mac_t object. * * The variable names are the same as in the RFC. */ -struct private_cmac_t { +struct private_mac_t { /** * Public interface. */ - cmac_t public; + mac_t public; /** * Block size, in bytes @@ -72,7 +75,7 @@ struct private_cmac_t { /** * process supplied data, but do not run final operation */ -static void update(private_cmac_t *this, chunk_t data) +static bool update(private_mac_t *this, chunk_t data) { chunk_t iv; @@ -80,7 +83,7 @@ static void update(private_cmac_t *this, chunk_t data) { /* no complete block (or last block), just copy into remaining */ memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len); this->remaining_bytes += data.len; - return; + return TRUE; } iv = chunk_alloca(this->b); @@ -97,7 +100,10 @@ static void update(private_cmac_t *this, chunk_t data) this->b - this->remaining_bytes); data = chunk_skip(data, this->b - this->remaining_bytes); memxor(this->t, this->remaining, this->b); - this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL); + if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL)) + { + return FALSE; + } /* process blocks M_2 ... M_n-1 */ while (data.len > this->b) @@ -105,18 +111,23 @@ static void update(private_cmac_t *this, chunk_t data) memcpy(this->remaining, data.ptr, this->b); data = chunk_skip(data, this->b); memxor(this->t, this->remaining, this->b); - this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL); + if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL)) + { + return FALSE; + } } /* store remaining bytes of block M_n */ memcpy(this->remaining, data.ptr, data.len); this->remaining_bytes = data.len; + + return TRUE; } /** * process last block M_last */ -static void final(private_cmac_t *this, u_int8_t *out) +static bool final(private_mac_t *this, u_int8_t *out) { chunk_t iv; @@ -153,29 +164,38 @@ static void final(private_cmac_t *this, u_int8_t *out) * T := AES-128(K,T); */ memxor(this->t, this->remaining, this->b); - this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL); + if (!this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL)) + { + return FALSE; + } memcpy(out, this->t, this->b); /* reset state */ memset(this->t, 0, this->b); this->remaining_bytes = 0; + + return TRUE; } -METHOD(cmac_t, get_mac, void, - private_cmac_t *this, chunk_t data, u_int8_t *out) +METHOD(mac_t, get_mac, bool, + private_mac_t *this, chunk_t data, u_int8_t *out) { /* update T, do not process last block */ - update(this, data); + if (!update(this, data)) + { + return FALSE; + } if (out) { /* if not in append mode, process last block and output result */ - final(this, out); + return final(this, out); } + return TRUE; } -METHOD(cmac_t, get_block_size, size_t, - private_cmac_t *this) +METHOD(mac_t, get_mac_size, size_t, + private_mac_t *this) { return this->b; } @@ -222,8 +242,8 @@ static void derive_key(chunk_t chunk) } } -METHOD(cmac_t, set_key, void, - private_cmac_t *this, chunk_t key) +METHOD(mac_t, set_key, bool, + private_mac_t *this, chunk_t key) { chunk_t resized, iv, l; @@ -236,8 +256,11 @@ METHOD(cmac_t, set_key, void, { /* use cmac recursively to resize longer or shorter keys */ resized = chunk_alloca(this->b); memset(resized.ptr, 0, resized.len); - set_key(this, resized); - get_mac(this, key, resized.ptr); + if (!set_key(this, resized) || + !get_mac(this, key, resized.ptr)) + { + return FALSE; + } } /* @@ -256,17 +279,22 @@ METHOD(cmac_t, set_key, void, memset(iv.ptr, 0, iv.len); l = chunk_alloca(this->b); memset(l.ptr, 0, l.len); - this->k->set_key(this->k, resized); - this->k->encrypt(this->k, l, iv, NULL); + if (!this->k->set_key(this->k, resized) || + !this->k->encrypt(this->k, l, iv, NULL)) + { + return FALSE; + } derive_key(l); memcpy(this->k1, l.ptr, l.len); derive_key(l); memcpy(this->k2, l.ptr, l.len); memwipe(l.ptr, l.len); + + return TRUE; } -METHOD(cmac_t, destroy, void, - private_cmac_t *this) +METHOD(mac_t, destroy, void, + private_mac_t *this) { this->k->destroy(this->k); memwipe(this->k1, this->b); @@ -281,9 +309,9 @@ METHOD(cmac_t, destroy, void, /* * Described in header */ -cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size) +mac_t *cmac_create(encryption_algorithm_t algo, size_t key_size) { - private_cmac_t *this; + private_mac_t *this; crypter_t *crypter; u_int8_t b; @@ -303,7 +331,7 @@ cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size) INIT(this, .public = { .get_mac = _get_mac, - .get_block_size = _get_block_size, + .get_mac_size = _get_mac_size, .set_key = _set_key, .destroy = _destroy, }, @@ -319,3 +347,48 @@ cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size) return &this->public; } +/* + * Described in header. + */ +prf_t *cmac_prf_create(pseudo_random_function_t algo) +{ + mac_t *cmac; + + switch (algo) + { + case PRF_AES128_CMAC: + cmac = cmac_create(ENCR_AES_CBC, 16); + break; + default: + return NULL; + } + if (cmac) + { + return mac_prf_create(cmac); + } + return NULL; +} + +/* + * Described in header + */ +signer_t *cmac_signer_create(integrity_algorithm_t algo) +{ + size_t truncation; + mac_t *cmac; + + switch (algo) + { + case AUTH_AES_CMAC_96: + cmac = cmac_create(ENCR_AES_CBC, 16); + truncation = 12; + break; + default: + return NULL; + } + if (cmac) + { + return mac_signer_create(cmac, truncation); + } + return NULL; +} diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h index 061609127..dc85e3bc3 100644 --- a/src/libstrongswan/plugins/cmac/cmac.h +++ b/src/libstrongswan/plugins/cmac/cmac.h @@ -14,6 +14,11 @@ */ /** + * Cipher-based Message Authentication Code (CMAC). + * + * This class implements the message authentication algorithm + * described in RFC 4493. + * * @defgroup cmac cmac * @{ @ingroup cmac_p */ @@ -21,58 +26,23 @@ #ifndef CMAC_H_ #define CMAC_H_ -#include <crypto/crypters/crypter.h> - -typedef struct cmac_t cmac_t; +#include <crypto/prfs/prf.h> +#include <crypto/signers/signer.h> /** - * Cipher-based Message Authentication Code (CMAC). + * Creates a new prf_t object based on a CMAC. * - * This class implements the message authentication algorithm - * described in RFC 4493. + * @param algo algorithm to implement + * @return prf_t object, NULL if not supported */ -struct cmac_t { - - /** - * Generate message authentication code. - * - * If buffer is NULL, no result is given back. A next call will - * append the data to already supplied data. If buffer is not NULL, - * the mac of all apended data is calculated, returned and the internal - * state is reset. - * - * @param data chunk of data to authenticate - * @param buffer pointer where the generated bytes will be written - */ - void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer); - - /** - * Get the block size of this cmac_t object. - * - * @return block size in bytes - */ - size_t (*get_block_size) (cmac_t *this); - - /** - * Set the key for this cmac_t object. - * - * @param key key to set - */ - void (*set_key) (cmac_t *this, chunk_t key); - - /** - * Destroys a cmac_t object. - */ - void (*destroy) (cmac_t *this); -}; +prf_t *cmac_prf_create(pseudo_random_function_t algo); /** - * Creates a new cmac_t object. + * Creates a new signer_t object based on a CMAC. * - * @param algo underlying crypto algorithm - * @param key_size key size to use, if required for algorithm - * @return cmac_t object, NULL if not supported + * @param algo algorithm to implement + * @return signer_t, NULL if not supported */ -cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size); +signer_t *cmac_signer_create(integrity_algorithm_t algo); #endif /** CMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c index 5b42c5002..694e598a5 100644 --- a/src/libstrongswan/plugins/cmac/cmac_plugin.c +++ b/src/libstrongswan/plugins/cmac/cmac_plugin.c @@ -16,8 +16,7 @@ #include "cmac_plugin.h" #include <library.h> -#include "cmac_prf.h" -#include "cmac_signer.h" +#include "cmac.h" typedef struct private_cmac_plugin_t private_cmac_plugin_t; diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.c b/src/libstrongswan/plugins/cmac/cmac_prf.c deleted file mode 100644 index 17affe439..000000000 --- a/src/libstrongswan/plugins/cmac/cmac_prf.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "cmac_prf.h" - -#include "cmac.h" - -typedef struct private_cmac_prf_t private_cmac_prf_t; - -/** - * Private data of a cmac_prf_t object. - */ -struct private_cmac_prf_t { - - /** - * Public cmac_prf_t interface. - */ - cmac_prf_t public; - - /** - * cmac to use for generation. - */ - cmac_t *cmac; -}; - -METHOD(prf_t, get_bytes, void, - private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer) -{ - this->cmac->get_mac(this->cmac, seed, buffer); -} - -METHOD(prf_t, allocate_bytes, void, - private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk) -{ - if (chunk) - { - *chunk = chunk_alloc(this->cmac->get_block_size(this->cmac)); - get_bytes(this, seed, chunk->ptr); - } - else - { - get_bytes(this, seed, NULL); - } -} - -METHOD(prf_t, get_block_size, size_t, - private_cmac_prf_t *this) -{ - return this->cmac->get_block_size(this->cmac); -} - -METHOD(prf_t, get_key_size, size_t, - private_cmac_prf_t *this) -{ - /* in cmac, block and key size are always equal */ - return this->cmac->get_block_size(this->cmac); -} - -METHOD(prf_t, set_key, void, - private_cmac_prf_t *this, chunk_t key) -{ - this->cmac->set_key(this->cmac, key); -} - -METHOD(prf_t, destroy, void, - private_cmac_prf_t *this) -{ - this->cmac->destroy(this->cmac); - free(this); -} - -/* - * Described in header. - */ -cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo) -{ - private_cmac_prf_t *this; - cmac_t *cmac; - - switch (algo) - { - case PRF_AES128_CMAC: - cmac = cmac_create(ENCR_AES_CBC, 16); - break; - default: - return NULL; - } - if (!cmac) - { - return NULL; - } - - INIT(this, - .public = { - .prf = { - .get_bytes = _get_bytes, - .allocate_bytes = _allocate_bytes, - .get_block_size = _get_block_size, - .get_key_size = _get_key_size, - .set_key = _set_key, - .destroy = _destroy, - }, - }, - .cmac = cmac, - ); - - return &this->public; -} - diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.h b/src/libstrongswan/plugins/cmac/cmac_prf.h deleted file mode 100644 index a53cc5947..000000000 --- a/src/libstrongswan/plugins/cmac/cmac_prf.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup cmac_prf cmac_prf - * @{ @ingroup cmac_p - */ - -#ifndef PRF_CMAC_H_ -#define PRF_CMAC_H_ - -typedef struct cmac_prf_t cmac_prf_t; - -#include <crypto/prfs/prf.h> - -/** - * Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615. - * - * This simply wraps a cmac_t in a prf_t. More a question of - * interface matching. - */ -struct cmac_prf_t { - - /** - * Implements prf_t interface. - */ - prf_t prf; -}; - -/** - * Creates a new cmac_prf_t object. - * - * @param algo algorithm to implement - * @return cmac_prf_t object, NULL if hash not supported - */ -cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo); - -#endif /** PRF_CMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.c b/src/libstrongswan/plugins/cmac/cmac_signer.c deleted file mode 100644 index 82e8885d6..000000000 --- a/src/libstrongswan/plugins/cmac/cmac_signer.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <string.h> - -#include "cmac_signer.h" -#include "cmac.h" - -typedef struct private_cmac_signer_t private_cmac_signer_t; - -/** - * Private data structure with signing context. - */ -struct private_cmac_signer_t { - - /** - * Public interface. - */ - cmac_signer_t public; - - /** - * Assigned cmac function. - */ - cmac_t *cmac; - - /** - * Block size (truncation of CMAC MAC) - */ - size_t block_size; -}; - -METHOD(signer_t, get_signature, void, - private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer) -{ - if (buffer == NULL) - { /* append mode */ - this->cmac->get_mac(this->cmac, data, NULL); - } - else - { - u_int8_t mac[this->cmac->get_block_size(this->cmac)]; - - this->cmac->get_mac(this->cmac, data, mac); - memcpy(buffer, mac, this->block_size); - } -} - -METHOD(signer_t, allocate_signature, void, - private_cmac_signer_t *this, chunk_t data, chunk_t *chunk) -{ - if (chunk == NULL) - { /* append mode */ - this->cmac->get_mac(this->cmac, data, NULL); - } - else - { - u_int8_t mac[this->cmac->get_block_size(this->cmac)]; - - this->cmac->get_mac(this->cmac, data, mac); - - chunk->ptr = malloc(this->block_size); - chunk->len = this->block_size; - - memcpy(chunk->ptr, mac, this->block_size); - } -} - -METHOD(signer_t, verify_signature, bool, - private_cmac_signer_t *this, chunk_t data, chunk_t signature) -{ - u_int8_t mac[this->cmac->get_block_size(this->cmac)]; - - if (signature.len != this->block_size) - { - return FALSE; - } - - this->cmac->get_mac(this->cmac, data, mac); - return memeq(signature.ptr, mac, this->block_size); -} - -METHOD(signer_t, get_key_size, size_t, - private_cmac_signer_t *this) -{ - return this->cmac->get_block_size(this->cmac); -} - -METHOD(signer_t, get_block_size, size_t, - private_cmac_signer_t *this) -{ - return this->block_size; -} - -METHOD(signer_t, set_key, void, - private_cmac_signer_t *this, chunk_t key) -{ - this->cmac->set_key(this->cmac, key); -} - -METHOD(signer_t, destroy, void, - private_cmac_signer_t *this) -{ - this->cmac->destroy(this->cmac); - free(this); -} - -/* - * Described in header - */ -cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo) -{ - private_cmac_signer_t *this; - size_t truncation; - cmac_t *cmac; - - switch (algo) - { - case AUTH_AES_CMAC_96: - cmac = cmac_create(ENCR_AES_CBC, 16); - truncation = 12; - break; - default: - return NULL; - } - if (cmac == NULL) - { - return NULL; - } - - INIT(this, - .public = { - .signer = { - .get_signature = _get_signature, - .allocate_signature = _allocate_signature, - .verify_signature = _verify_signature, - .get_key_size = _get_key_size, - .get_block_size = _get_block_size, - .set_key = _set_key, - .destroy = _destroy, - }, - }, - .cmac = cmac, - .block_size = min(truncation, cmac->get_block_size(cmac)), - ); - - return &this->public; -} diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.h b/src/libstrongswan/plugins/cmac/cmac_signer.h deleted file mode 100644 index 2e3724471..000000000 --- a/src/libstrongswan/plugins/cmac/cmac_signer.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2012 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup cmac_signer cmac_signer - * @{ @ingroup cmac_p - */ - -#ifndef CMAC_SIGNER_H_ -#define CMAC_SIGNER_H_ - -typedef struct cmac_signer_t cmac_signer_t; - -#include <crypto/signers/signer.h> - -/** - * Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494. - */ -struct cmac_signer_t { - - /** - * Implements signer_t interface. - */ - signer_t signer; -}; - -/** - * Creates a new cmac_signer_t. - * - * @param algo algorithm to implement - * @return cmac_signer_t, NULL if not supported - */ -cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo); - -#endif /** CMAC_SIGNER_H_ @}*/ |