diff options
| author | Martin Willi <martin@strongswan.org> | 2007-02-12 15:56:47 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2007-02-12 15:56:47 +0000 |
| commit | f27f6296e6ae5beece739342fd54528cf91e5394 (patch) | |
| tree | c868a123b98b8a244b249473ab91b0bd4a764b31 /src/libstrongswan/crypto/signers/hmac_signer.c | |
| parent | 6fda18d99d2b6eac921e731a52229d9c1cf8a295 (diff) | |
| download | strongswan-f27f6296e6ae5beece739342fd54528cf91e5394.tar.bz2 strongswan-f27f6296e6ae5beece739342fd54528cf91e5394.tar.xz | |
merged EAP framework from branch into trunk
includes a lot of other modifications
Diffstat (limited to 'src/libstrongswan/crypto/signers/hmac_signer.c')
| -rw-r--r-- | src/libstrongswan/crypto/signers/hmac_signer.c | 50 |
1 files changed, 27 insertions, 23 deletions
diff --git a/src/libstrongswan/crypto/signers/hmac_signer.c b/src/libstrongswan/crypto/signers/hmac_signer.c index c4a6173b5..76e1ce50e 100644 --- a/src/libstrongswan/crypto/signers/hmac_signer.c +++ b/src/libstrongswan/crypto/signers/hmac_signer.c @@ -27,11 +27,6 @@ #include <crypto/prfs/hmac_prf.h> -/** - * This class represents a hmac signer with 12 byte (96 bit) output. - */ -#define BLOCK_SIZE 12 - typedef struct private_hmac_signer_t private_hmac_signer_t; /** @@ -43,10 +38,15 @@ struct private_hmac_signer_t { */ hmac_signer_t public; - /* + /** * Assigned hmac function. */ prf_t *hmac_prf; + + /** + * Block size (truncation of HMAC Hash) + */ + size_t block_size; }; /** @@ -56,10 +56,10 @@ static void get_signature (private_hmac_signer_t *this, chunk_t data, u_int8_t * { u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)]; - this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac); + this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac); - /* copy mac aka signature :-) */ - memcpy(buffer,full_mac,BLOCK_SIZE); + /* copy MAC depending on truncation */ + memcpy(buffer, full_mac, this->block_size); } /** @@ -72,11 +72,11 @@ static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac); - signature.ptr = malloc(BLOCK_SIZE); - signature.len = BLOCK_SIZE; + signature.ptr = malloc(this->block_size); + signature.len = this->block_size; /* copy signature */ - memcpy(signature.ptr,full_mac,BLOCK_SIZE); + memcpy(signature.ptr, full_mac, this->block_size); *chunk = signature; } @@ -84,19 +84,19 @@ static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk /** * Implementation of signer_t.verify_signature. */ -static bool verify_signature (private_hmac_signer_t *this, chunk_t data, chunk_t signature) +static bool verify_signature(private_hmac_signer_t *this, chunk_t data, chunk_t signature) { u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)]; - this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac); + this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac); - if (signature.len != BLOCK_SIZE) + if (signature.len != this->block_size) { return FALSE; } /* compare mac aka signature :-) */ - if (memcmp(signature.ptr,full_mac,BLOCK_SIZE) == 0) + if (memcmp(signature.ptr, full_mac, this->block_size) == 0) { return TRUE; } @@ -109,7 +109,7 @@ static bool verify_signature (private_hmac_signer_t *this, chunk_t data, chunk_t /** * Implementation of signer_t.get_key_size. */ -static size_t get_key_size (private_hmac_signer_t *this) +static size_t get_key_size(private_hmac_signer_t *this) { /* for HMAC signer, IKEv2 uses block size as key size */ return this->hmac_prf->get_block_size(this->hmac_prf); @@ -118,17 +118,17 @@ static size_t get_key_size (private_hmac_signer_t *this) /** * Implementation of signer_t.get_block_size. */ -static size_t get_block_size (private_hmac_signer_t *this) +static size_t get_block_size(private_hmac_signer_t *this) { - return BLOCK_SIZE; + return this->block_size; } /** * Implementation of signer_t.set_key. */ -static void set_key (private_hmac_signer_t *this, chunk_t key) +static void set_key(private_hmac_signer_t *this, chunk_t key) { - this->hmac_prf->set_key(this->hmac_prf,key); + this->hmac_prf->set_key(this->hmac_prf, key); } /** @@ -144,12 +144,12 @@ static status_t destroy(private_hmac_signer_t *this) /* * Described in header */ -hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm) +hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm, size_t block_size) { + size_t hmac_block_size; private_hmac_signer_t *this = malloc_thing(private_hmac_signer_t); this->hmac_prf = (prf_t *) hmac_prf_create(hash_algoritm); - if (this->hmac_prf == NULL) { /* algorithm not supported */ @@ -157,6 +157,10 @@ hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm) return NULL; } + /* prevent invalid truncation */ + hmac_block_size = this->hmac_prf->get_block_size(this->hmac_prf); + this->block_size = min(block_size, hmac_block_size); + /* interface functions */ this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; |