2005-11-28 12:42:43 +00:00
|
|
|
/**
|
|
|
|
* @file hmac_signer.c
|
|
|
|
*
|
|
|
|
* @brief Implementation of hmac_signer_t.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2006-07-07 08:49:06 +00:00
|
|
|
* Copyright (C) 2005-2006 Martin Willi
|
|
|
|
* Copyright (C) 2005 Jan Hutter
|
2005-11-28 12:42:43 +00:00
|
|
|
* Hochschule fuer Technik Rapperswil
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* for more details.
|
|
|
|
*/
|
|
|
|
|
2006-04-10 08:07:38 +00:00
|
|
|
#include <string.h>
|
|
|
|
|
2005-11-28 12:42:43 +00:00
|
|
|
#include "hmac_signer.h"
|
|
|
|
|
2006-04-05 12:10:50 +00:00
|
|
|
#include <crypto/prfs/hmac_prf.h>
|
2005-11-28 12:42:43 +00:00
|
|
|
|
|
|
|
typedef struct private_hmac_signer_t private_hmac_signer_t;
|
|
|
|
|
|
|
|
/**
|
2005-12-06 16:04:39 +00:00
|
|
|
* Private data structure with signing context.
|
2005-11-28 12:42:43 +00:00
|
|
|
*/
|
|
|
|
struct private_hmac_signer_t {
|
|
|
|
/**
|
2005-12-06 16:04:39 +00:00
|
|
|
* Public interface of hmac_signer_t.
|
2005-11-28 12:42:43 +00:00
|
|
|
*/
|
|
|
|
hmac_signer_t public;
|
|
|
|
|
2007-02-12 15:56:47 +00:00
|
|
|
/**
|
2005-11-28 12:42:43 +00:00
|
|
|
* Assigned hmac function.
|
|
|
|
*/
|
|
|
|
prf_t *hmac_prf;
|
2007-02-12 15:56:47 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Block size (truncation of HMAC Hash)
|
|
|
|
*/
|
|
|
|
size_t block_size;
|
2005-11-28 12:42:43 +00:00
|
|
|
};
|
|
|
|
|
2005-12-06 16:04:39 +00:00
|
|
|
/**
|
|
|
|
* Implementation of signer_t.get_signature.
|
|
|
|
*/
|
2007-08-29 07:52:49 +00:00
|
|
|
static void get_signature(private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
2007-08-29 07:52:49 +00:00
|
|
|
if (buffer == NULL)
|
|
|
|
{ /* append mode */
|
|
|
|
this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
|
|
|
|
|
|
|
|
this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
|
|
|
|
memcpy(buffer, full_mac, this->block_size);
|
|
|
|
}
|
2005-11-28 12:42:43 +00:00
|
|
|
}
|
|
|
|
|
2005-12-06 16:04:39 +00:00
|
|
|
/**
|
|
|
|
* Implementation of signer_t.allocate_signature.
|
|
|
|
*/
|
2005-11-28 20:29:47 +00:00
|
|
|
static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
2007-08-29 07:52:49 +00:00
|
|
|
if (chunk == NULL)
|
|
|
|
{ /* append mode */
|
|
|
|
this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
chunk_t signature;
|
|
|
|
u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
|
|
|
|
|
|
|
|
this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
|
2005-11-28 20:29:47 +00:00
|
|
|
|
2007-08-29 07:52:49 +00:00
|
|
|
signature.ptr = malloc(this->block_size);
|
|
|
|
signature.len = this->block_size;
|
|
|
|
|
|
|
|
memcpy(signature.ptr, full_mac, this->block_size);
|
2005-11-28 12:42:43 +00:00
|
|
|
|
2007-08-29 07:52:49 +00:00
|
|
|
*chunk = signature;
|
|
|
|
}
|
2005-11-28 12:42:43 +00:00
|
|
|
}
|
|
|
|
|
2005-12-06 16:04:39 +00:00
|
|
|
/**
|
|
|
|
* Implementation of signer_t.verify_signature.
|
|
|
|
*/
|
2007-02-12 15:56:47 +00:00
|
|
|
static bool verify_signature(private_hmac_signer_t *this, chunk_t data, chunk_t signature)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
|
|
|
u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
|
|
|
|
|
2007-02-12 15:56:47 +00:00
|
|
|
this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
|
2005-11-28 12:42:43 +00:00
|
|
|
|
2007-02-12 15:56:47 +00:00
|
|
|
if (signature.len != this->block_size)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
2005-12-06 16:04:39 +00:00
|
|
|
return FALSE;
|
2005-11-28 12:42:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* compare mac aka signature :-) */
|
2007-02-12 15:56:47 +00:00
|
|
|
if (memcmp(signature.ptr, full_mac, this->block_size) == 0)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
2005-12-06 16:04:39 +00:00
|
|
|
return TRUE;
|
2005-11-28 12:42:43 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2005-12-06 16:04:39 +00:00
|
|
|
return FALSE;
|
2005-11-28 12:42:43 +00:00
|
|
|
}
|
|
|
|
}
|
2005-11-29 17:19:59 +00:00
|
|
|
|
2005-12-06 16:04:39 +00:00
|
|
|
/**
|
|
|
|
* Implementation of signer_t.get_key_size.
|
|
|
|
*/
|
2007-02-12 15:56:47 +00:00
|
|
|
static size_t get_key_size(private_hmac_signer_t *this)
|
2005-11-29 17:19:59 +00:00
|
|
|
{
|
2006-02-14 14:52:00 +00:00
|
|
|
/* for HMAC signer, IKEv2 uses block size as key size */
|
2005-11-29 17:19:59 +00:00
|
|
|
return this->hmac_prf->get_block_size(this->hmac_prf);
|
|
|
|
}
|
2005-12-06 16:04:39 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Implementation of signer_t.get_block_size.
|
|
|
|
*/
|
2007-02-12 15:56:47 +00:00
|
|
|
static size_t get_block_size(private_hmac_signer_t *this)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
2007-02-12 15:56:47 +00:00
|
|
|
return this->block_size;
|
2005-11-28 12:42:43 +00:00
|
|
|
}
|
2005-12-06 16:04:39 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Implementation of signer_t.set_key.
|
|
|
|
*/
|
2007-02-12 15:56:47 +00:00
|
|
|
static void set_key(private_hmac_signer_t *this, chunk_t key)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
2007-02-12 15:56:47 +00:00
|
|
|
this->hmac_prf->set_key(this->hmac_prf, key);
|
2005-11-28 12:42:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2005-12-06 16:04:39 +00:00
|
|
|
* Implementation of signer_t.destroy.
|
2005-11-28 12:42:43 +00:00
|
|
|
*/
|
|
|
|
static status_t destroy(private_hmac_signer_t *this)
|
|
|
|
{
|
|
|
|
this->hmac_prf->destroy(this->hmac_prf);
|
2006-04-10 08:07:38 +00:00
|
|
|
free(this);
|
2005-11-28 12:42:43 +00:00
|
|
|
return SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Described in header
|
|
|
|
*/
|
2007-02-12 15:56:47 +00:00
|
|
|
hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm, size_t block_size)
|
2005-11-28 12:42:43 +00:00
|
|
|
{
|
2007-02-12 15:56:47 +00:00
|
|
|
size_t hmac_block_size;
|
2006-04-10 08:07:38 +00:00
|
|
|
private_hmac_signer_t *this = malloc_thing(private_hmac_signer_t);
|
2005-11-28 20:29:47 +00:00
|
|
|
|
2005-11-28 12:56:40 +00:00
|
|
|
this->hmac_prf = (prf_t *) hmac_prf_create(hash_algoritm);
|
2005-11-28 12:42:43 +00:00
|
|
|
if (this->hmac_prf == NULL)
|
|
|
|
{
|
2005-11-28 20:29:47 +00:00
|
|
|
/* algorithm not supported */
|
2006-04-10 08:07:38 +00:00
|
|
|
free(this);
|
2005-11-28 12:42:43 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2007-02-12 15:56:47 +00:00
|
|
|
/* prevent invalid truncation */
|
|
|
|
hmac_block_size = this->hmac_prf->get_block_size(this->hmac_prf);
|
|
|
|
this->block_size = min(block_size, hmac_block_size);
|
|
|
|
|
2005-11-28 12:42:43 +00:00
|
|
|
/* interface functions */
|
2005-11-28 20:29:47 +00:00
|
|
|
this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
|
|
|
|
this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
|
2005-12-06 16:04:39 +00:00
|
|
|
this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
|
2005-11-29 17:19:59 +00:00
|
|
|
this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
|
2005-11-28 12:42:43 +00:00
|
|
|
this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
|
2005-11-28 20:29:47 +00:00
|
|
|
this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
|
|
|
|
this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
|
2005-11-28 12:42:43 +00:00
|
|
|
|
|
|
|
return &(this->public);
|
|
|
|
}
|