diff options
Diffstat (limited to 'src/libstrongswan/plugins/xcbc/xcbc_signer.c')
| -rw-r--r-- | src/libstrongswan/plugins/xcbc/xcbc_signer.c | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c new file mode 100644 index 000000000..29eb2d25b --- /dev/null +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c @@ -0,0 +1,177 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include <string.h> + +#include "xcbc_signer.h" +#include "xcbc.h" + +typedef struct private_xcbc_signer_t private_xcbc_signer_t; + +/** + * Private data structure with signing context. + */ +struct private_xcbc_signer_t { + + /** + * Public interface of xcbc_signer_t. + */ + xcbc_signer_t public; + + /** + * Assigned xcbc function. + */ + xcbc_t *xcbc; + + /** + * Block size (truncation of XCBC MAC) + */ + size_t block_size; +}; + +/** + * Implementation of signer_t.get_signature. + */ +static void get_signature(private_xcbc_signer_t *this, + chunk_t data, u_int8_t *buffer) +{ + if (buffer == NULL) + { /* append mode */ + this->xcbc->get_mac(this->xcbc, data, NULL); + } + else + { + u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; + + this->xcbc->get_mac(this->xcbc, data, mac); + memcpy(buffer, mac, this->block_size); + } +} + +/** + * Implementation of signer_t.allocate_signature. + */ +static void allocate_signature (private_xcbc_signer_t *this, + chunk_t data, chunk_t *chunk) +{ + if (chunk == NULL) + { /* append mode */ + this->xcbc->get_mac(this->xcbc, data, NULL); + } + else + { + u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; + + this->xcbc->get_mac(this->xcbc, data, mac); + + chunk->ptr = malloc(this->block_size); + chunk->len = this->block_size; + + memcpy(chunk->ptr, mac, this->block_size); + } +} + +/** + * Implementation of signer_t.verify_signature. + */ +static bool verify_signature(private_xcbc_signer_t *this, + chunk_t data, chunk_t signature) +{ + u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; + + if (signature.len != this->block_size) + { + return FALSE; + } + + this->xcbc->get_mac(this->xcbc, data, mac); + return memeq(signature.ptr, mac, this->block_size); +} + +/** + * Implementation of signer_t.get_key_size. + */ +static size_t get_key_size(private_xcbc_signer_t *this) +{ + return this->xcbc->get_block_size(this->xcbc); +} + +/** + * Implementation of signer_t.get_block_size. + */ +static size_t get_block_size(private_xcbc_signer_t *this) +{ + return this->block_size; +} + +/** + * Implementation of signer_t.set_key. + */ +static void set_key(private_xcbc_signer_t *this, chunk_t key) +{ + this->xcbc->set_key(this->xcbc, key); +} + +/** + * Implementation of signer_t.destroy. + */ +static status_t destroy(private_xcbc_signer_t *this) +{ + this->xcbc->destroy(this->xcbc); + free(this); + return SUCCESS; +} + +/* + * Described in header + */ +xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) +{ + private_xcbc_signer_t *this; + size_t trunc; + xcbc_t *xcbc; + + switch (algo) + { + case AUTH_AES_XCBC_96: + xcbc = xcbc_create(ENCR_AES_CBC, 16); + trunc = 12; + break; + default: + return NULL; + } + if (xcbc == NULL) + { + return NULL; + } + + this = malloc_thing(private_xcbc_signer_t); + this->xcbc = xcbc; + this->block_size = min(trunc, xcbc->get_block_size(xcbc)); + + /* interface functions */ + this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; + this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; + this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature; + this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size; + this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; + this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; + this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; + + return &this->public; +} + |