Implemented AES-CMAC based PRF and signer.
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the signer and PRF based on it as defined in RFC 4494 and RFC 4615, respectively.
This commit is contained in:
parent
9a6b1cb412
commit
c0d39c205c
|
@ -97,6 +97,7 @@ ARG_DISBL_SET([pgp], [disable PGP key decoding plugin.])
|
|||
ARG_DISBL_SET([dnskey], [disable DNS RR key decoding plugin.])
|
||||
ARG_DISBL_SET([pem], [disable PEM decoding plugin.])
|
||||
ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
|
||||
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
|
||||
ARG_DISBL_SET([xcbc], [disable xcbc crypto implementation plugin.])
|
||||
ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.])
|
||||
ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.])
|
||||
|
@ -833,6 +834,7 @@ ADD_PLUGIN([fips-prf], [s libcharon])
|
|||
ADD_PLUGIN([gmp], [s libcharon pluto openac scepclient pki scripts manager medsrv attest])
|
||||
ADD_PLUGIN([agent], [s libcharon])
|
||||
ADD_PLUGIN([xcbc], [s libcharon])
|
||||
ADD_PLUGIN([cmac], [s libcharon])
|
||||
ADD_PLUGIN([hmac], [s libcharon pluto scripts])
|
||||
ADD_PLUGIN([ctr], [s libcharon scripts])
|
||||
ADD_PLUGIN([ccm], [s libcharon scripts])
|
||||
|
@ -943,6 +945,7 @@ AM_CONDITIONAL(USE_PGP, test x$pgp = xtrue)
|
|||
AM_CONDITIONAL(USE_DNSKEY, test x$dnskey = xtrue)
|
||||
AM_CONDITIONAL(USE_PEM, test x$pem = xtrue)
|
||||
AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
|
||||
AM_CONDITIONAL(USE_CMAC, test x$cmac = xtrue)
|
||||
AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue)
|
||||
AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
|
||||
AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
|
||||
|
@ -1095,6 +1098,7 @@ AC_OUTPUT(
|
|||
src/include/Makefile
|
||||
src/libstrongswan/Makefile
|
||||
src/libstrongswan/plugins/aes/Makefile
|
||||
src/libstrongswan/plugins/cmac/Makefile
|
||||
src/libstrongswan/plugins/des/Makefile
|
||||
src/libstrongswan/plugins/blowfish/Makefile
|
||||
src/libstrongswan/plugins/md4/Makefile
|
||||
|
|
|
@ -215,6 +215,13 @@ if MONOLITHIC
|
|||
endif
|
||||
endif
|
||||
|
||||
if USE_CMAC
|
||||
SUBDIRS += plugins/cmac
|
||||
if MONOLITHIC
|
||||
libstrongswan_la_LIBADD += plugins/cmac/libstrongswan-cmac.la
|
||||
endif
|
||||
endif
|
||||
|
||||
if USE_XCBC
|
||||
SUBDIRS += plugins/xcbc
|
||||
if MONOLITHIC
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
|
||||
INCLUDES = -I$(top_srcdir)/src/libstrongswan
|
||||
|
||||
AM_CFLAGS = -rdynamic
|
||||
|
||||
if MONOLITHIC
|
||||
noinst_LTLIBRARIES = libstrongswan-cmac.la
|
||||
else
|
||||
plugin_LTLIBRARIES = libstrongswan-cmac.la
|
||||
endif
|
||||
|
||||
libstrongswan_cmac_la_SOURCES = \
|
||||
cmac_plugin.h cmac_plugin.c cmac.h cmac.c \
|
||||
cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c
|
||||
|
||||
libstrongswan_cmac_la_LDFLAGS = -module -avoid-version
|
|
@ -0,0 +1,321 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "cmac.h"
|
||||
|
||||
#include <debug.h>
|
||||
|
||||
typedef struct private_cmac_t private_cmac_t;
|
||||
|
||||
/**
|
||||
* Private data of a cmac_t object.
|
||||
*
|
||||
* The variable names are the same as in the RFC.
|
||||
*/
|
||||
struct private_cmac_t {
|
||||
|
||||
/**
|
||||
* Public interface.
|
||||
*/
|
||||
cmac_t public;
|
||||
|
||||
/**
|
||||
* Block size, in bytes
|
||||
*/
|
||||
u_int8_t b;
|
||||
|
||||
/**
|
||||
* Crypter with key K
|
||||
*/
|
||||
crypter_t *k;
|
||||
|
||||
/**
|
||||
* K1
|
||||
*/
|
||||
u_int8_t *k1;
|
||||
|
||||
/**
|
||||
* K2
|
||||
*/
|
||||
u_int8_t *k2;
|
||||
|
||||
/**
|
||||
* T
|
||||
*/
|
||||
u_int8_t *t;
|
||||
|
||||
/**
|
||||
* remaining, unprocessed bytes in append mode
|
||||
*/
|
||||
u_int8_t *remaining;
|
||||
|
||||
/**
|
||||
* number of bytes in remaining
|
||||
*/
|
||||
int remaining_bytes;
|
||||
};
|
||||
|
||||
/**
|
||||
* process supplied data, but do not run final operation
|
||||
*/
|
||||
static void update(private_cmac_t *this, chunk_t data)
|
||||
{
|
||||
chunk_t iv;
|
||||
|
||||
if (this->remaining_bytes + data.len <= this->b)
|
||||
{ /* no complete block (or last block), just copy into remaining */
|
||||
memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
|
||||
this->remaining_bytes += data.len;
|
||||
return;
|
||||
}
|
||||
|
||||
iv = chunk_alloca(this->b);
|
||||
memset(iv.ptr, 0, iv.len);
|
||||
|
||||
/* T := 0x00000000000000000000000000000000 (initially)
|
||||
* for each block M_i (except the last)
|
||||
* X := T XOR M_i;
|
||||
* T := AES-128(K, X);
|
||||
*/
|
||||
|
||||
/* append data to remaining bytes, process block M_1 */
|
||||
memcpy(this->remaining + this->remaining_bytes, data.ptr,
|
||||
this->b - this->remaining_bytes);
|
||||
data = chunk_skip(data, this->b - this->remaining_bytes);
|
||||
memxor(this->t, this->remaining, this->b);
|
||||
this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
|
||||
|
||||
/* process blocks M_2 ... M_n-1 */
|
||||
while (data.len > this->b)
|
||||
{
|
||||
memcpy(this->remaining, data.ptr, this->b);
|
||||
data = chunk_skip(data, this->b);
|
||||
memxor(this->t, this->remaining, this->b);
|
||||
this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
|
||||
}
|
||||
|
||||
/* store remaining bytes of block M_n */
|
||||
memcpy(this->remaining, data.ptr, data.len);
|
||||
this->remaining_bytes = data.len;
|
||||
}
|
||||
|
||||
/**
|
||||
* process last block M_last
|
||||
*/
|
||||
static void final(private_cmac_t *this, u_int8_t *out)
|
||||
{
|
||||
chunk_t iv;
|
||||
|
||||
iv = chunk_alloca(this->b);
|
||||
memset(iv.ptr, 0, iv.len);
|
||||
|
||||
/* if last block is complete
|
||||
* M_last := M_n XOR K1;
|
||||
* else
|
||||
* M_last := padding(M_n) XOR K2;
|
||||
*/
|
||||
if (this->remaining_bytes == this->b)
|
||||
{
|
||||
memxor(this->remaining, this->k1, this->b);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* padding(x) = x || 10^i where i is 128-8*r-1
|
||||
* That is, padding(x) is the concatenation of x and a single '1',
|
||||
* followed by the minimum number of '0's, so that the total length is
|
||||
* equal to 128 bits.
|
||||
*/
|
||||
if (this->remaining_bytes < this->b)
|
||||
{
|
||||
this->remaining[this->remaining_bytes] = 0x80;
|
||||
while (++this->remaining_bytes < this->b)
|
||||
{
|
||||
this->remaining[this->remaining_bytes] = 0x00;
|
||||
}
|
||||
}
|
||||
memxor(this->remaining, this->k2, this->b);
|
||||
}
|
||||
/* T := M_last XOR T;
|
||||
* T := AES-128(K,T);
|
||||
*/
|
||||
memxor(this->t, this->remaining, this->b);
|
||||
this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
|
||||
|
||||
memcpy(out, this->t, this->b);
|
||||
|
||||
/* reset state */
|
||||
memset(this->t, 0, this->b);
|
||||
this->remaining_bytes = 0;
|
||||
}
|
||||
|
||||
METHOD(cmac_t, get_mac, void,
|
||||
private_cmac_t *this, chunk_t data, u_int8_t *out)
|
||||
{
|
||||
/* update T, do not process last block */
|
||||
update(this, data);
|
||||
|
||||
if (out)
|
||||
{ /* if not in append mode, process last block and output result */
|
||||
final(this, out);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(cmac_t, get_block_size, size_t,
|
||||
private_cmac_t *this)
|
||||
{
|
||||
return this->b;
|
||||
}
|
||||
|
||||
/**
|
||||
* Left-shift the given chunk by one bit.
|
||||
*/
|
||||
static void bit_shift(chunk_t chunk)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < chunk.len; i++)
|
||||
{
|
||||
chunk.ptr[i] <<= 1;
|
||||
if (i < chunk.len - 1 && chunk.ptr[i + 1] & 0x80)
|
||||
{
|
||||
chunk.ptr[i] |= 0x01;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply the following key derivation (in-place):
|
||||
* if MSB(C) == 0
|
||||
* C := C << 1
|
||||
* else
|
||||
* C := (C << 1) XOR 0x00000000000000000000000000000087
|
||||
*/
|
||||
static void derive_key(chunk_t chunk)
|
||||
{
|
||||
if (chunk.ptr[0] & 0x80)
|
||||
{
|
||||
chunk_t rb;
|
||||
|
||||
rb = chunk_alloca(chunk.len);
|
||||
memset(rb.ptr, 0, rb.len);
|
||||
rb.ptr[rb.len - 1] = 0x87;
|
||||
bit_shift(chunk);
|
||||
memxor(chunk.ptr, rb.ptr, chunk.len);
|
||||
}
|
||||
else
|
||||
{
|
||||
bit_shift(chunk);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(cmac_t, set_key, void,
|
||||
private_cmac_t *this, chunk_t key)
|
||||
{
|
||||
chunk_t resized, iv, l;
|
||||
|
||||
/* we support variable keys as defined in RFC 4615 */
|
||||
if (key.len == this->b)
|
||||
{
|
||||
resized = key;
|
||||
}
|
||||
else
|
||||
{ /* use cmac recursively to resize longer or shorter keys */
|
||||
resized = chunk_alloca(this->b);
|
||||
memset(resized.ptr, 0, resized.len);
|
||||
set_key(this, resized);
|
||||
get_mac(this, key, resized.ptr);
|
||||
}
|
||||
|
||||
/*
|
||||
* Rb = 0x00000000000000000000000000000087
|
||||
* L = 0x00000000000000000000000000000000 encrypted with K
|
||||
* if MSB(L) == 0
|
||||
* K1 = L << 1
|
||||
* else
|
||||
* K1 = (L << 1) XOR Rb
|
||||
* if MSB(K1) == 0
|
||||
* K2 = K1 << 1
|
||||
* else
|
||||
* K2 = (K1 << 1) XOR Rb
|
||||
*/
|
||||
iv = chunk_alloca(this->b);
|
||||
memset(iv.ptr, 0, iv.len);
|
||||
l = chunk_alloca(this->b);
|
||||
memset(l.ptr, 0, l.len);
|
||||
this->k->set_key(this->k, resized);
|
||||
this->k->encrypt(this->k, l, iv, NULL);
|
||||
derive_key(l);
|
||||
memcpy(this->k1, l.ptr, l.len);
|
||||
derive_key(l);
|
||||
memcpy(this->k2, l.ptr, l.len);
|
||||
memwipe(l.ptr, l.len);
|
||||
}
|
||||
|
||||
METHOD(cmac_t, destroy, void,
|
||||
private_cmac_t *this)
|
||||
{
|
||||
this->k->destroy(this->k);
|
||||
memwipe(this->k1, this->b);
|
||||
free(this->k1);
|
||||
memwipe(this->k2, this->b);
|
||||
free(this->k2);
|
||||
free(this->t);
|
||||
free(this->remaining);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
|
||||
{
|
||||
private_cmac_t *this;
|
||||
crypter_t *crypter;
|
||||
u_int8_t b;
|
||||
|
||||
crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
|
||||
if (!crypter)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
b = crypter->get_block_size(crypter);
|
||||
/* input and output of crypter must be equal for cmac */
|
||||
if (b != key_size)
|
||||
{
|
||||
crypter->destroy(crypter);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.get_mac = _get_mac,
|
||||
.get_block_size = _get_block_size,
|
||||
.set_key = _set_key,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.b = b,
|
||||
.k = crypter,
|
||||
.k1 = malloc(b),
|
||||
.k2 = malloc(b),
|
||||
.t = malloc(b),
|
||||
.remaining = malloc(b),
|
||||
);
|
||||
memset(this->t, 0, b);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
@ -0,0 +1,78 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup cmac cmac
|
||||
* @{ @ingroup cmac_p
|
||||
*/
|
||||
|
||||
#ifndef CMAC_H_
|
||||
#define CMAC_H_
|
||||
|
||||
#include <crypto/crypters/crypter.h>
|
||||
|
||||
typedef struct cmac_t cmac_t;
|
||||
|
||||
/**
|
||||
* Cipher-based Message Authentication Code (CMAC).
|
||||
*
|
||||
* This class implements the message authentication algorithm
|
||||
* described in RFC 4493.
|
||||
*/
|
||||
struct cmac_t {
|
||||
|
||||
/**
|
||||
* Generate message authentication code.
|
||||
*
|
||||
* If buffer is NULL, no result is given back. A next call will
|
||||
* append the data to already supplied data. If buffer is not NULL,
|
||||
* the mac of all apended data is calculated, returned and the internal
|
||||
* state is reset.
|
||||
*
|
||||
* @param data chunk of data to authenticate
|
||||
* @param buffer pointer where the generated bytes will be written
|
||||
*/
|
||||
void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer);
|
||||
|
||||
/**
|
||||
* Get the block size of this cmac_t object.
|
||||
*
|
||||
* @return block size in bytes
|
||||
*/
|
||||
size_t (*get_block_size) (cmac_t *this);
|
||||
|
||||
/**
|
||||
* Set the key for this cmac_t object.
|
||||
*
|
||||
* @param key key to set
|
||||
*/
|
||||
void (*set_key) (cmac_t *this, chunk_t key);
|
||||
|
||||
/**
|
||||
* Destroys a cmac_t object.
|
||||
*/
|
||||
void (*destroy) (cmac_t *this);
|
||||
};
|
||||
|
||||
/**
|
||||
* Creates a new cmac_t object.
|
||||
*
|
||||
* @param algo underlying crypto algorithm
|
||||
* @param key_size key size to use, if required for algorithm
|
||||
* @return cmac_t object, NULL if not supported
|
||||
*/
|
||||
cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size);
|
||||
|
||||
#endif /** CMAC_H_ @}*/
|
|
@ -0,0 +1,81 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "cmac_plugin.h"
|
||||
|
||||
#include <library.h>
|
||||
#include "cmac_prf.h"
|
||||
#include "cmac_signer.h"
|
||||
|
||||
typedef struct private_cmac_plugin_t private_cmac_plugin_t;
|
||||
|
||||
/**
|
||||
* private data of cmac_plugin
|
||||
*/
|
||||
struct private_cmac_plugin_t {
|
||||
|
||||
/**
|
||||
* public functions
|
||||
*/
|
||||
cmac_plugin_t public;
|
||||
};
|
||||
|
||||
METHOD(plugin_t, get_name, char*,
|
||||
private_cmac_plugin_t *this)
|
||||
{
|
||||
return "cmac";
|
||||
}
|
||||
|
||||
METHOD(plugin_t, get_features, int,
|
||||
private_cmac_plugin_t *this, plugin_feature_t *features[])
|
||||
{
|
||||
static plugin_feature_t f[] = {
|
||||
PLUGIN_REGISTER(PRF, cmac_prf_create),
|
||||
PLUGIN_PROVIDE(PRF, PRF_AES128_CMAC),
|
||||
PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
|
||||
PLUGIN_REGISTER(SIGNER, cmac_signer_create),
|
||||
PLUGIN_PROVIDE(SIGNER, AUTH_AES_CMAC_96),
|
||||
PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
}
|
||||
|
||||
METHOD(plugin_t, destroy, void,
|
||||
private_cmac_plugin_t *this)
|
||||
{
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* see header file
|
||||
*/
|
||||
plugin_t *cmac_plugin_create()
|
||||
{
|
||||
private_cmac_plugin_t *this;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.plugin = {
|
||||
.get_name = _get_name,
|
||||
.get_features = _get_features,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
return &this->public.plugin;
|
||||
}
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup cmac_p cmac
|
||||
* @ingroup plugins
|
||||
*
|
||||
* @defgroup cmac_plugin cmac_plugin
|
||||
* @{ @ingroup cmac_p
|
||||
*/
|
||||
|
||||
#ifndef CMAC_PLUGIN_H_
|
||||
#define CMAC_PLUGIN_H_
|
||||
|
||||
#include <plugins/plugin.h>
|
||||
|
||||
typedef struct cmac_plugin_t cmac_plugin_t;
|
||||
|
||||
/**
|
||||
* Plugin implementing CMAC algorithm to provide crypter based PRF and signer.
|
||||
*/
|
||||
struct cmac_plugin_t {
|
||||
|
||||
/**
|
||||
* implements plugin interface
|
||||
*/
|
||||
plugin_t plugin;
|
||||
};
|
||||
|
||||
#endif /** CMAC_PLUGIN_H_ @}*/
|
|
@ -0,0 +1,121 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "cmac_prf.h"
|
||||
|
||||
#include "cmac.h"
|
||||
|
||||
typedef struct private_cmac_prf_t private_cmac_prf_t;
|
||||
|
||||
/**
|
||||
* Private data of a cmac_prf_t object.
|
||||
*/
|
||||
struct private_cmac_prf_t {
|
||||
|
||||
/**
|
||||
* Public cmac_prf_t interface.
|
||||
*/
|
||||
cmac_prf_t public;
|
||||
|
||||
/**
|
||||
* cmac to use for generation.
|
||||
*/
|
||||
cmac_t *cmac;
|
||||
};
|
||||
|
||||
METHOD(prf_t, get_bytes, void,
|
||||
private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
|
||||
{
|
||||
this->cmac->get_mac(this->cmac, seed, buffer);
|
||||
}
|
||||
|
||||
METHOD(prf_t, allocate_bytes, void,
|
||||
private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk)
|
||||
{
|
||||
if (chunk)
|
||||
{
|
||||
*chunk = chunk_alloc(this->cmac->get_block_size(this->cmac));
|
||||
get_bytes(this, seed, chunk->ptr);
|
||||
}
|
||||
else
|
||||
{
|
||||
get_bytes(this, seed, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(prf_t, get_block_size, size_t,
|
||||
private_cmac_prf_t *this)
|
||||
{
|
||||
return this->cmac->get_block_size(this->cmac);
|
||||
}
|
||||
|
||||
METHOD(prf_t, get_key_size, size_t,
|
||||
private_cmac_prf_t *this)
|
||||
{
|
||||
/* in cmac, block and key size are always equal */
|
||||
return this->cmac->get_block_size(this->cmac);
|
||||
}
|
||||
|
||||
METHOD(prf_t, set_key, void,
|
||||
private_cmac_prf_t *this, chunk_t key)
|
||||
{
|
||||
this->cmac->set_key(this->cmac, key);
|
||||
}
|
||||
|
||||
METHOD(prf_t, destroy, void,
|
||||
private_cmac_prf_t *this)
|
||||
{
|
||||
this->cmac->destroy(this->cmac);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo)
|
||||
{
|
||||
private_cmac_prf_t *this;
|
||||
cmac_t *cmac;
|
||||
|
||||
switch (algo)
|
||||
{
|
||||
case PRF_AES128_CMAC:
|
||||
cmac = cmac_create(ENCR_AES_CBC, 16);
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
if (!cmac)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.prf = {
|
||||
.get_bytes = _get_bytes,
|
||||
.allocate_bytes = _allocate_bytes,
|
||||
.get_block_size = _get_block_size,
|
||||
.get_key_size = _get_key_size,
|
||||
.set_key = _set_key,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.cmac = cmac,
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup cmac_prf cmac_prf
|
||||
* @{ @ingroup cmac_p
|
||||
*/
|
||||
|
||||
#ifndef PRF_CMAC_H_
|
||||
#define PRF_CMAC_H_
|
||||
|
||||
typedef struct cmac_prf_t cmac_prf_t;
|
||||
|
||||
#include <crypto/prfs/prf.h>
|
||||
|
||||
/**
|
||||
* Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615.
|
||||
*
|
||||
* This simply wraps a cmac_t in a prf_t. More a question of
|
||||
* interface matching.
|
||||
*/
|
||||
struct cmac_prf_t {
|
||||
|
||||
/**
|
||||
* Implements prf_t interface.
|
||||
*/
|
||||
prf_t prf;
|
||||
};
|
||||
|
||||
/**
|
||||
* Creates a new cmac_prf_t object.
|
||||
*
|
||||
* @param algo algorithm to implement
|
||||
* @return cmac_prf_t object, NULL if hash not supported
|
||||
*/
|
||||
cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo);
|
||||
|
||||
#endif /** PRF_CMAC_H_ @}*/
|
|
@ -0,0 +1,159 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "cmac_signer.h"
|
||||
#include "cmac.h"
|
||||
|
||||
typedef struct private_cmac_signer_t private_cmac_signer_t;
|
||||
|
||||
/**
|
||||
* Private data structure with signing context.
|
||||
*/
|
||||
struct private_cmac_signer_t {
|
||||
|
||||
/**
|
||||
* Public interface.
|
||||
*/
|
||||
cmac_signer_t public;
|
||||
|
||||
/**
|
||||
* Assigned cmac function.
|
||||
*/
|
||||
cmac_t *cmac;
|
||||
|
||||
/**
|
||||
* Block size (truncation of CMAC MAC)
|
||||
*/
|
||||
size_t block_size;
|
||||
};
|
||||
|
||||
METHOD(signer_t, get_signature, void,
|
||||
private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer)
|
||||
{
|
||||
if (buffer == NULL)
|
||||
{ /* append mode */
|
||||
this->cmac->get_mac(this->cmac, data, NULL);
|
||||
}
|
||||
else
|
||||
{
|
||||
u_int8_t mac[this->cmac->get_block_size(this->cmac)];
|
||||
|
||||
this->cmac->get_mac(this->cmac, data, mac);
|
||||
memcpy(buffer, mac, this->block_size);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(signer_t, allocate_signature, void,
|
||||
private_cmac_signer_t *this, chunk_t data, chunk_t *chunk)
|
||||
{
|
||||
if (chunk == NULL)
|
||||
{ /* append mode */
|
||||
this->cmac->get_mac(this->cmac, data, NULL);
|
||||
}
|
||||
else
|
||||
{
|
||||
u_int8_t mac[this->cmac->get_block_size(this->cmac)];
|
||||
|
||||
this->cmac->get_mac(this->cmac, data, mac);
|
||||
|
||||
chunk->ptr = malloc(this->block_size);
|
||||
chunk->len = this->block_size;
|
||||
|
||||
memcpy(chunk->ptr, mac, this->block_size);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(signer_t, verify_signature, bool,
|
||||
private_cmac_signer_t *this, chunk_t data, chunk_t signature)
|
||||
{
|
||||
u_int8_t mac[this->cmac->get_block_size(this->cmac)];
|
||||
|
||||
if (signature.len != this->block_size)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
this->cmac->get_mac(this->cmac, data, mac);
|
||||
return memeq(signature.ptr, mac, this->block_size);
|
||||
}
|
||||
|
||||
METHOD(signer_t, get_key_size, size_t,
|
||||
private_cmac_signer_t *this)
|
||||
{
|
||||
return this->cmac->get_block_size(this->cmac);
|
||||
}
|
||||
|
||||
METHOD(signer_t, get_block_size, size_t,
|
||||
private_cmac_signer_t *this)
|
||||
{
|
||||
return this->block_size;
|
||||
}
|
||||
|
||||
METHOD(signer_t, set_key, void,
|
||||
private_cmac_signer_t *this, chunk_t key)
|
||||
{
|
||||
this->cmac->set_key(this->cmac, key);
|
||||
}
|
||||
|
||||
METHOD(signer_t, destroy, void,
|
||||
private_cmac_signer_t *this)
|
||||
{
|
||||
this->cmac->destroy(this->cmac);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo)
|
||||
{
|
||||
private_cmac_signer_t *this;
|
||||
size_t truncation;
|
||||
cmac_t *cmac;
|
||||
|
||||
switch (algo)
|
||||
{
|
||||
case AUTH_AES_CMAC_96:
|
||||
cmac = cmac_create(ENCR_AES_CBC, 16);
|
||||
truncation = 12;
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
if (cmac == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.signer = {
|
||||
.get_signature = _get_signature,
|
||||
.allocate_signature = _allocate_signature,
|
||||
.verify_signature = _verify_signature,
|
||||
.get_key_size = _get_key_size,
|
||||
.get_block_size = _get_block_size,
|
||||
.set_key = _set_key,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.cmac = cmac,
|
||||
.block_size = min(truncation, cmac->get_block_size(cmac)),
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup cmac_signer cmac_signer
|
||||
* @{ @ingroup cmac_p
|
||||
*/
|
||||
|
||||
#ifndef CMAC_SIGNER_H_
|
||||
#define CMAC_SIGNER_H_
|
||||
|
||||
typedef struct cmac_signer_t cmac_signer_t;
|
||||
|
||||
#include <crypto/signers/signer.h>
|
||||
|
||||
/**
|
||||
* Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494.
|
||||
*/
|
||||
struct cmac_signer_t {
|
||||
|
||||
/**
|
||||
* Implements signer_t interface.
|
||||
*/
|
||||
signer_t signer;
|
||||
};
|
||||
|
||||
/**
|
||||
* Creates a new cmac_signer_t.
|
||||
*
|
||||
* @param algo algorithm to implement
|
||||
* @return cmac_signer_t, NULL if not supported
|
||||
*/
|
||||
cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo);
|
||||
|
||||
#endif /** CMAC_SIGNER_H_ @}*/
|
Loading…
Reference in New Issue