Use mac_t and PRF and signer wrappers in xcbc plugin

author: Tobias Brunner <tobias@strongswan.org> 2012-06-25 12:50:55 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2012-06-25 16:35:06 +0200
commit: 83cb52b04474819531de203be06fc526476ec90b (patch)
tree: 13a5ba2a3801a9540ba7c6325fedcf44165061cd /src/libstrongswan/plugins/xcbc
parent: c4a3c9672a1739d9af3dc645a997cf6a76a63a90 (diff)
download: strongswan-83cb52b04474819531de203be06fc526476ec90b.tar.bz2
strongswan-83cb52b04474819531de203be06fc526476ec90b.tar.xz
8 files changed, 91 insertions, 452 deletions
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.am b/src/libstrongswan/plugins/xcbc/Makefile.am
index 7de306832..28e99f650 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.am
+++ b/src/libstrongswan/plugins/xcbc/Makefile.am
@@ -10,7 +10,6 @@ plugin_LTLIBRARIES = libstrongswan-xcbc.la
 endif
 
 libstrongswan_xcbc_la_SOURCES = \
-	xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
-	xcbc_prf.h xcbc_prf.c xcbc_signer.h xcbc_signer.c
+	xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c
 
 libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index 53629abe5..59655cb1f 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -18,20 +19,23 @@
 #include "xcbc.h"
 
 #include <debug.h>
+#include <crypto/mac.h>
+#include <crypto/prfs/mac_prf.h>
+#include <crypto/signers/mac_signer.h>
 
-typedef struct private_xcbc_t private_xcbc_t;
+typedef struct private_mac_t private_mac_t;
 
 /**
- * Private data of a xcbc_t object.
+ * Private data of a mac_t object.
  *
  * The variable names are the same as in the RFC.
  */
-struct private_xcbc_t {
+struct private_mac_t {
 
 	/**
-	 * Public xcbc_t interface.
+	 * Public mac_t interface.
 	 */
-	xcbc_t public;
+	mac_t public;
 
 	/**
 	 * Block size, in bytes
@@ -77,7 +81,7 @@ struct private_xcbc_t {
 /**
  * xcbc supplied data, but do not run final operation
  */
-static void update(private_xcbc_t *this, chunk_t data)
+static void update(private_mac_t *this, chunk_t data)
 {
 	chunk_t iv;
 
@@ -125,7 +129,7 @@ static void update(private_xcbc_t *this, chunk_t data)
 /**
  * run last round, data is in this->e
  */
-static void final(private_xcbc_t *this, u_int8_t *out)
+static void final(private_mac_t *this, u_int8_t *out)
 {
 	chunk_t iv;
 
@@ -175,8 +179,8 @@ static void final(private_xcbc_t *this, u_int8_t *out)
 	this->zero = TRUE;
 }
 
-METHOD(xcbc_t, get_mac, void,
-	private_xcbc_t *this, chunk_t data, u_int8_t *out)
+METHOD(mac_t, get_mac, void,
+	private_mac_t *this, chunk_t data, u_int8_t *out)
 {
 	/* update E, do not process last block */
 	update(this, data);
@@ -187,14 +191,14 @@ METHOD(xcbc_t, get_mac, void,
 	}
 }
 
-METHOD(xcbc_t, get_block_size, size_t,
-	private_xcbc_t *this)
+METHOD(mac_t, get_mac_size, size_t,
+	private_mac_t *this)
 {
 	return this->b;
 }
 
-METHOD(xcbc_t, set_key, void,
-	private_xcbc_t *this, chunk_t key)
+METHOD(mac_t, set_key, void,
+	private_mac_t *this, chunk_t key)
 {
 	chunk_t iv, k1, lengthened;
 
@@ -240,8 +244,8 @@ METHOD(xcbc_t, set_key, void,
 	memwipe(k1.ptr, k1.len);
 }
 
-METHOD(xcbc_t, destroy, void,
-	private_xcbc_t *this)
+METHOD(mac_t, destroy, void,
+	private_mac_t *this)
 {
 	this->k1->destroy(this->k1);
 	memwipe(this->k2, this->b);
@@ -256,9 +260,9 @@ METHOD(xcbc_t, destroy, void,
 /*
  * Described in header
  */
-xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
+static mac_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
 {
-	private_xcbc_t *this;
+	private_mac_t *this;
 	crypter_t *crypter;
 	u_int8_t b;
 
@@ -278,7 +282,7 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
 	INIT(this,
 		.public = {
 			.get_mac = _get_mac,
-			.get_block_size = _get_block_size,
+			.get_mac_size = _get_mac_size,
 			.set_key = _set_key,
 			.destroy = _destroy,
 		},
@@ -295,3 +299,55 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
 	return &this->public;
 }
 
+/*
+ * Described in header.
+ */
+prf_t *xcbc_prf_create(pseudo_random_function_t algo)
+{
+	mac_t *xcbc;
+
+	switch (algo)
+	{
+		case PRF_AES128_XCBC:
+			xcbc = xcbc_create(ENCR_AES_CBC, 16);
+			break;
+		case PRF_CAMELLIA128_XCBC:
+			xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+			break;
+		default:
+			return NULL;
+	}
+	if (xcbc)
+	{
+		return mac_prf_create(xcbc);
+	}
+	return NULL;
+}
+
+/*
+ * Described in header
+ */
+signer_t *xcbc_signer_create(integrity_algorithm_t algo)
+{
+	size_t trunc;
+	mac_t *xcbc;
+
+	switch (algo)
+	{
+		case AUTH_AES_XCBC_96:
+			xcbc = xcbc_create(ENCR_AES_CBC, 16);
+			trunc = 12;
+			break;
+		case AUTH_CAMELLIA_XCBC_96:
+			xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+			trunc = 12;
+			break;
+		default:
+			return NULL;
+	}
+	if (xcbc)
+	{
+		return mac_signer_create(xcbc, trunc);
+	}
+	return NULL;
+}
+\ No newline at end of file
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h
index 5d5eb04fb..a36069a17 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc.h
@@ -14,6 +14,11 @@
  */
 
 /**
+ * Message authentication using CBC crypter.
+ *
+ * This class implements the message authentication algorithm
+ * described in RFC3566.
+ *
  * @defgroup xcbc xcbc
  * @{ @ingroup xcbc_p
  */
@@ -21,58 +26,23 @@
 #ifndef XCBC_H_
 #define XCBC_H_
 
-typedef struct xcbc_t xcbc_t;
-
-#include <crypto/hashers/hasher.h>
+#include <crypto/prfs/prf.h>
+#include <crypto/signers/signer.h>
 
 /**
- * Message authentication using CBC crypter.
+ * Creates a new prf_t object based on a XCBC MAC.
  *
- * This class implements the message authentication algorithm
- * described in RFC3566.
+ * @param algo		algorithm to implement
+ * @return			prf_t object, NULL if not supported
  */
-struct xcbc_t {
-
-	/**
-	 * Generate message authentication code.
-	 *
-	 * If buffer is NULL, no result is given back. A next call will
-	 * append the data to already supplied data. If buffer is not NULL,
-	 * the mac of all apended data is calculated, returned and the
-	 * state of the xcbc_t is reseted.
-	 *
-	 * @param data		chunk of data to authenticate
-	 * @param buffer	pointer where the generated bytes will be written
-	 */
-	void (*get_mac) (xcbc_t *this, chunk_t data, u_int8_t *buffer);
-
-	/**
-	 * Get the block size of this xcbc_t object.
-	 *
-	 * @return			block size in bytes
-	 */
-	size_t (*get_block_size) (xcbc_t *this);
-
-	/**
-	 * Set the key for this xcbc_t object.
-	 *
-	 * @param key		key to set
-	 */
-	void (*set_key) (xcbc_t *this, chunk_t key);
-
-	/**
-	 * Destroys a xcbc_t object.
-	 */
-	void (*destroy) (xcbc_t *this);
-};
+prf_t *xcbc_prf_create(pseudo_random_function_t algo);
 
 /**
- * Creates a new xcbc_t object.
+ * Creates a new signer_t object based on a XCBC MAC.
  *
- * @param algo			underlying crypto algorithm
- * @param key_size		key size to use, if required for algorithm
- * @return				xcbc_t object, NULL if not supported
+ * @param algo		algorithm to implement
+ * @return			signer_t, NULL if not supported
  */
-xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size);
+signer_t *xcbc_signer_create(integrity_algorithm_t algo);
 
 #endif /** XCBC_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 3c3b9d12a..4706a9574 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -16,8 +16,7 @@
 #include "xcbc_plugin.h"
 
 #include <library.h>
-#include "xcbc_signer.h"
-#include "xcbc_prf.h"
+#include "xcbc.h"
 
 typedef struct private_xcbc_plugin_t private_xcbc_plugin_t;
 
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
deleted file mode 100644
index ac9e1fda0..000000000
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "xcbc_prf.h"
-
-#include "xcbc.h"
-
-typedef struct private_xcbc_prf_t private_xcbc_prf_t;
-
-/**
- * Private data of a xcbc_prf_t object.
- */
-struct private_xcbc_prf_t {
-
-	/**
-	 * Public xcbc_prf_t interface.
-	 */
-	xcbc_prf_t public;
-
-	/**
-	 * xcbc to use for generation.
-	 */
-	xcbc_t *xcbc;
-};
-
-METHOD(prf_t, get_bytes, void,
-	private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer)
-{
-	this->xcbc->get_mac(this->xcbc, seed, buffer);
-}
-
-METHOD(prf_t, allocate_bytes, void,
-	private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk)
-{
-	if (chunk)
-	{
-		*chunk = chunk_alloc(this->xcbc->get_block_size(this->xcbc));
-		get_bytes(this, seed, chunk->ptr);
-	}
-	else
-	{
-		get_bytes(this, seed, NULL);
-	}
-}
-
-METHOD(prf_t, get_block_size, size_t,
-	private_xcbc_prf_t *this)
-{
-	return this->xcbc->get_block_size(this->xcbc);
-}
-
-METHOD(prf_t, get_key_size, size_t,
-	private_xcbc_prf_t *this)
-{
-	/* in xcbc, block and key size are always equal */
-	return this->xcbc->get_block_size(this->xcbc);
-}
-
-METHOD(prf_t, set_key, void,
-	private_xcbc_prf_t *this, chunk_t key)
-{
-	this->xcbc->set_key(this->xcbc, key);
-}
-
-METHOD(prf_t, destroy, void,
-	private_xcbc_prf_t *this)
-{
-	this->xcbc->destroy(this->xcbc);
-	free(this);
-}
-
-/*
- * Described in header.
- */
-xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo)
-{
-	private_xcbc_prf_t *this;
-	xcbc_t *xcbc;
-
-	switch (algo)
-	{
-		case PRF_AES128_XCBC:
-			xcbc = xcbc_create(ENCR_AES_CBC, 16);
-			break;
-		case PRF_CAMELLIA128_XCBC:
-			xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
-			break;
-		default:
-			return NULL;
-	}
-	if (!xcbc)
-	{
-		return NULL;
-	}
-
-	INIT(this,
-		.public = {
-			.prf = {
-				.get_bytes = _get_bytes,
-				.allocate_bytes = _allocate_bytes,
-				.get_block_size = _get_block_size,
-				.get_key_size = _get_key_size,
-				.set_key = _set_key,
-				.destroy = _destroy,
-			},
-		},
-		.xcbc = xcbc,
-	);
-
-	return &this->public;
-}
-
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
deleted file mode 100644
index 294a853b4..000000000
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup xcbc_prf xcbc_prf
- * @{ @ingroup xcbc_p
- */
-
-#ifndef PRF_XCBC_H_
-#define PRF_XCBC_H_
-
-typedef struct xcbc_prf_t xcbc_prf_t;
-
-#include <crypto/prfs/prf.h>
-
-/**
- * Implementation of prf_t on CBC block cipher using XCBC, RFC3664/RFC4434.
- *
- * This simply wraps a xcbc_t in a prf_t. More a question of
- * interface matching.
- */
-struct xcbc_prf_t {
-
-	/**
-	 * Implements prf_t interface.
-	 */
-	prf_t prf;
-};
-
-/**
- * Creates a new xcbc_prf_t object.
- *
- * @param algo		algorithm to implement
- * @return			xcbc_prf_t object, NULL if hash not supported
- */
-xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo);
-
-#endif /** PRF_XCBC_SHA1_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
deleted file mode 100644
index ece592323..000000000
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "xcbc_signer.h"
-#include "xcbc.h"
-
-typedef struct private_xcbc_signer_t private_xcbc_signer_t;
-
-/**
- * Private data structure with signing context.
- */
-struct private_xcbc_signer_t {
-
-	/**
-	 * Public interface of xcbc_signer_t.
-	 */
-	xcbc_signer_t public;
-
-	/**
-	 * Assigned xcbc function.
-	 */
-	xcbc_t *xcbc;
-
-	/**
-	 * Block size (truncation of XCBC MAC)
-	 */
-	size_t block_size;
-};
-
-METHOD(signer_t, get_signature, void,
-	private_xcbc_signer_t *this, chunk_t data, u_int8_t *buffer)
-{
-	if (buffer == NULL)
-	{	/* append mode */
-		this->xcbc->get_mac(this->xcbc, data, NULL);
-	}
-	else
-	{
-		u_int8_t mac[this->xcbc->get_block_size(this->xcbc)];
-
-		this->xcbc->get_mac(this->xcbc, data, mac);
-		memcpy(buffer, mac, this->block_size);
-	}
-}
-
-METHOD(signer_t, allocate_signature, void,
-	private_xcbc_signer_t *this, chunk_t data, chunk_t *chunk)
-{
-	if (chunk == NULL)
-	{	/* append mode */
-		this->xcbc->get_mac(this->xcbc, data, NULL);
-	}
-	else
-	{
-		u_int8_t mac[this->xcbc->get_block_size(this->xcbc)];
-
-		this->xcbc->get_mac(this->xcbc, data, mac);
-
-		chunk->ptr = malloc(this->block_size);
-		chunk->len = this->block_size;
-
-		memcpy(chunk->ptr, mac, this->block_size);
-	}
-}
-
-METHOD(signer_t, verify_signature, bool,
-	private_xcbc_signer_t *this, chunk_t data, chunk_t signature)
-{
-	u_int8_t mac[this->xcbc->get_block_size(this->xcbc)];
-
-	if (signature.len != this->block_size)
-	{
-		return FALSE;
-	}
-
-	this->xcbc->get_mac(this->xcbc, data, mac);
-	return memeq(signature.ptr, mac, this->block_size);
-}
-
-METHOD(signer_t, get_key_size, size_t,
-	private_xcbc_signer_t *this)
-{
-	return this->xcbc->get_block_size(this->xcbc);
-}
-
-METHOD(signer_t, get_block_size, size_t,
-	private_xcbc_signer_t *this)
-{
-	return this->block_size;
-}
-
-METHOD(signer_t, set_key, void,
-	private_xcbc_signer_t *this, chunk_t key)
-{
-	this->xcbc->set_key(this->xcbc, key);
-}
-
-METHOD(signer_t, destroy, void,
-	private_xcbc_signer_t *this)
-{
-	this->xcbc->destroy(this->xcbc);
-	free(this);
-}
-
-/*
- * Described in header
- */
-xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo)
-{
-	private_xcbc_signer_t *this;
-	size_t trunc;
-	xcbc_t *xcbc;
-
-	switch (algo)
-	{
-		case AUTH_AES_XCBC_96:
-			xcbc = xcbc_create(ENCR_AES_CBC, 16);
-			trunc = 12;
-			break;
-		case AUTH_CAMELLIA_XCBC_96:
-			xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
-			trunc = 12;
-			break;
-		default:
-			return NULL;
-	}
-	if (xcbc == NULL)
-	{
-		return NULL;
-	}
-
-	INIT(this,
-		.public = {
-			.signer = {
-				.get_signature = _get_signature,
-				.allocate_signature = _allocate_signature,
-				.verify_signature = _verify_signature,
-				.get_key_size = _get_key_size,
-				.get_block_size = _get_block_size,
-				.set_key = _set_key,
-				.destroy = _destroy,
-			},
-		},
-		.xcbc = xcbc,
-		.block_size = min(trunc, xcbc->get_block_size(xcbc)),
-	);
-
-	return &this->public;
-}
-
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
deleted file mode 100644
index 56b55f223..000000000
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup xcbc_signer xcbc_signer
- * @{ @ingroup xcbc_p
- */
-
-#ifndef XCBC_SIGNER_H_
-#define XCBC_SIGNER_H_
-
-typedef struct xcbc_signer_t xcbc_signer_t;
-
-#include <crypto/signers/signer.h>
-
-/**
- * Implementation of signer_t based on CBC symmetric cypher. XCBC, RFC3566.
- */
-struct xcbc_signer_t {
-
-	/**
-	 * Implements signer_t interface.
-	 */
-	signer_t signer;
-};
-
-/**
- * Creates a new xcbc_signer_t.
- *
- * @param algo		algorithm to implement
- * @return			xcbc_signer_t, NULL if  not supported
- */
-xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo);
-
-#endif /** XCBC_SIGNER_H_ @}*/
author	Tobias Brunner <tobias@strongswan.org>	2012-06-25 12:50:55 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2012-06-25 16:35:06 +0200
commit	83cb52b04474819531de203be06fc526476ec90b (patch)
tree	13a5ba2a3801a9540ba7c6325fedcf44165061cd /src/libstrongswan/plugins/xcbc
parent	c4a3c9672a1739d9af3dc645a997cf6a76a63a90 (diff)
download	strongswan-83cb52b04474819531de203be06fc526476ec90b.tar.bz2 strongswan-83cb52b04474819531de203be06fc526476ec90b.tar.xz