signers implemented with HMAC now support NULL output parameters

to feed signer with more than one block of data.

2 files changed, 34 insertions, 17 deletions

diff --git a/src/libstrongswan/crypto/signers/hmac_signer.c b/src/libstrongswan/crypto/signers/hmac_signer.c
index 76e1ce50e..ad5b882a6 100644
--- a/src/libstrongswan/crypto/signers/hmac_signer.c
+++ b/src/libstrongswan/crypto/signers/hmac_signer.c
@@ -52,14 +52,19 @@ struct private_hmac_signer_t {
 /**
  * Implementation of signer_t.get_signature.
  */
-static void get_signature (private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
+static void get_signature(private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
 {
-	u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
-	
-	this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
-
-	/* copy MAC depending on truncation */
-	memcpy(buffer, full_mac, this->block_size);
+	if (buffer == NULL)
+	{	/* append mode */
+		this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
+	}
+	else
+	{
+		u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
+		
+		this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
+		memcpy(buffer, full_mac, this->block_size);
+	}
 }
 
 /**
@@ -67,18 +72,24 @@ static void get_signature (private_hmac_signer_t *this, chunk_t data, u_int8_t *
  */
 static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
 {
-	chunk_t signature;
-	u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
-	
-	this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac);
+	if (chunk == NULL)
+	{	/* append mode */
+		this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
+	}
+	else
+	{
+		chunk_t signature;
+		u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
+		
+		this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
 
-	signature.ptr = malloc(this->block_size);
-	signature.len = this->block_size;
-	
-	/* copy signature */
-	memcpy(signature.ptr, full_mac, this->block_size);
+		signature.ptr = malloc(this->block_size);
+		signature.len = this->block_size;
+		
+		memcpy(signature.ptr, full_mac, this->block_size);
 
-	*chunk = signature;
+		*chunk = signature;
+	}
 }
 
 /**
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 0f3709712..4218e4146 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -74,6 +74,9 @@ extern enum_name_t *integrity_algorithm_names;
 struct signer_t {
 	/**
 	 * @brief Generate a signature.
+	 *
+	 * If buffer is NULL, data is processed and prepended to a next call until
+	 * buffer is a valid pointer.
 	 * 
 	 * @param this			calling object
 	 * @param data			a chunk containing the data to sign
@@ -83,6 +86,9 @@ struct signer_t {
 	
 	/**
 	 * @brief Generate a signature and allocate space for it.
+	 *
+	 * If chunk is NULL, data is processed and prepended to a next call until
+	 * chunk is a valid chunk pointer.
 	 * 
 	 * @param this			calling object
 	 * @param data			a chunk containing the data to sign