diff options
Diffstat (limited to 'Source/lib/crypto/signers')
| -rw-r--r-- | Source/lib/crypto/signers/Makefile.signers | 23 | ||||
| -rw-r--r-- | Source/lib/crypto/signers/hmac_signer.c | 169 | ||||
| -rw-r--r-- | Source/lib/crypto/signers/hmac_signer.h | 58 | ||||
| -rw-r--r-- | Source/lib/crypto/signers/signer.c | 59 | ||||
| -rw-r--r-- | Source/lib/crypto/signers/signer.h | 147 |
5 files changed, 0 insertions, 456 deletions
diff --git a/Source/lib/crypto/signers/Makefile.signers b/Source/lib/crypto/signers/Makefile.signers deleted file mode 100644 index 8f161a09d..000000000 --- a/Source/lib/crypto/signers/Makefile.signers +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (C) 2005 Jan Hutter, Martin Willi -# Hochschule fuer Technik Rapperswil -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# - -SIGNERS_DIR= $(CRYPTO_DIR)signers/ - -LIB_OBJS+= $(BUILD_DIR)signer.o -$(BUILD_DIR)signer.o : $(SIGNERS_DIR)signer.c $(SIGNERS_DIR)signer.h - $(CC) $(CFLAGS) -c -o $@ $< - -LIB_OBJS+= $(BUILD_DIR)hmac_signer.o -$(BUILD_DIR)hmac_signer.o : $(SIGNERS_DIR)hmac_signer.c $(SIGNERS_DIR)hmac_signer.h - $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/lib/crypto/signers/hmac_signer.c b/Source/lib/crypto/signers/hmac_signer.c deleted file mode 100644 index cb7d08244..000000000 --- a/Source/lib/crypto/signers/hmac_signer.c +++ /dev/null @@ -1,169 +0,0 @@ -/** - * @file hmac_signer.c - * - * @brief Implementation of hmac_signer_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <string.h> - -#include "hmac_signer.h" - -#include <crypto/prfs/hmac_prf.h> - -/** - * This class represents a hmac signer with 12 byte (96 bit) output. - */ -#define BLOCK_SIZE 12 - -typedef struct private_hmac_signer_t private_hmac_signer_t; - -/** - * Private data structure with signing context. - */ -struct private_hmac_signer_t { - /** - * Public interface of hmac_signer_t. - */ - hmac_signer_t public; - - /* - * Assigned hmac function. - */ - prf_t *hmac_prf; -}; - -/** - * Implementation of signer_t.get_signature. - */ -static void get_signature (private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer) -{ - u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)]; - - this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac); - - /* copy mac aka signature :-) */ - memcpy(buffer,full_mac,BLOCK_SIZE); -} - -/** - * Implementation of signer_t.allocate_signature. - */ -static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk_t *chunk) -{ - chunk_t signature; - u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)]; - - this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac); - - signature.ptr = malloc(BLOCK_SIZE); - signature.len = BLOCK_SIZE; - - /* copy signature */ - memcpy(signature.ptr,full_mac,BLOCK_SIZE); - - *chunk = signature; -} - -/** - * Implementation of signer_t.verify_signature. - */ -static bool verify_signature (private_hmac_signer_t *this, chunk_t data, chunk_t signature) -{ - u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)]; - - this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac); - - if (signature.len != BLOCK_SIZE) - { - return FALSE; - } - - /* compare mac aka signature :-) */ - if (memcmp(signature.ptr,full_mac,BLOCK_SIZE) == 0) - { - return TRUE; - } - else - { - return FALSE; - } -} - -/** - * Implementation of signer_t.get_key_size. - */ -static size_t get_key_size (private_hmac_signer_t *this) -{ - /* for HMAC signer, IKEv2 uses block size as key size */ - return this->hmac_prf->get_block_size(this->hmac_prf); -} - -/** - * Implementation of signer_t.get_block_size. - */ -static size_t get_block_size (private_hmac_signer_t *this) -{ - return BLOCK_SIZE; -} - -/** - * Implementation of signer_t.set_key. - */ -static void set_key (private_hmac_signer_t *this, chunk_t key) -{ - this->hmac_prf->set_key(this->hmac_prf,key); -} - -/** - * Implementation of signer_t.destroy. - */ -static status_t destroy(private_hmac_signer_t *this) -{ - this->hmac_prf->destroy(this->hmac_prf); - free(this); - return SUCCESS; -} - -/* - * Described in header - */ -hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm) -{ - private_hmac_signer_t *this = malloc_thing(private_hmac_signer_t); - - this->hmac_prf = (prf_t *) hmac_prf_create(hash_algoritm); - - if (this->hmac_prf == NULL) - { - /* algorithm not supported */ - free(this); - return NULL; - } - - /* interface functions */ - this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; - this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; - this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature; - this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size; - this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; - this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; - this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; - - return &(this->public); -} diff --git a/Source/lib/crypto/signers/hmac_signer.h b/Source/lib/crypto/signers/hmac_signer.h deleted file mode 100644 index 62427167e..000000000 --- a/Source/lib/crypto/signers/hmac_signer.h +++ /dev/null @@ -1,58 +0,0 @@ -/** - * @file hmac_signer.h - * - * @brief Interface of hmac_signer_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef HMAC_SIGNER_H_ -#define HMAC_SIGNER_H_ - -#include <crypto/signers/signer.h> -#include <crypto/hashers/hasher.h> - -typedef struct hmac_signer_t hmac_signer_t; - -/** - * @brief Implementation of signer_t interface using the - * HMAC algorithm in combination with either MD5 or SHA1. - * - * @ingroup signers - */ -struct hmac_signer_t { - - /** - * generic signer_t interface for this signer - */ - signer_t signer_interface; -}; - -/** - * @brief Creates a new hmac_signer_t. - * - * @param hash_algoritm Hash algorithm to use with signer - * @return - * - hmac_signer_t - * - NULL if hash algorithm not supported - * - * @ingroup signers - */ -hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm); - - -#endif /*HMAC_SIGNER_H_*/ diff --git a/Source/lib/crypto/signers/signer.c b/Source/lib/crypto/signers/signer.c deleted file mode 100644 index 3e6378957..000000000 --- a/Source/lib/crypto/signers/signer.c +++ /dev/null @@ -1,59 +0,0 @@ -/** - * @file signer.c - * - * @brief Implementation of generic signer_t constructor. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "signer.h" - -#include <crypto/signers/hmac_signer.h> - -/** - * String mappings for integrity_algorithm_t. - */ -mapping_t integrity_algorithm_m[] = { - {AUTH_UNDEFINED, "AUTH_UNDEFINED"}, - {AUTH_HMAC_MD5_96, "AUTH_HMAC_MD5_96"}, - {AUTH_HMAC_SHA1_96, "AUTH_HMAC_SHA1_96"}, - {AUTH_DES_MAC, "AUTH_DES_MAC"}, - {AUTH_KPDK_MD5, "AUTH_KPDK_MD5"}, - {AUTH_AES_XCBC_96, "AUTH_AES_XCBC_96"}, - {MAPPING_END, NULL} -}; - - -/* - * Described in header. - */ -signer_t *signer_create(integrity_algorithm_t integrity_algorithm) -{ - switch(integrity_algorithm) - { - case AUTH_HMAC_SHA1_96: - { - return ((signer_t *) hmac_signer_create(HASH_SHA1)); - } - case AUTH_HMAC_MD5_96: - { - return ((signer_t *) hmac_signer_create(HASH_MD5)); - } - default: - return NULL; - } -} diff --git a/Source/lib/crypto/signers/signer.h b/Source/lib/crypto/signers/signer.h deleted file mode 100644 index 9625af813..000000000 --- a/Source/lib/crypto/signers/signer.h +++ /dev/null @@ -1,147 +0,0 @@ -/** - * @file signer.h - * - * @brief Interface for signer_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef SIGNER_H_ -#define SIGNER_H_ - -#include <types.h> -#include <definitions.h> - -typedef enum integrity_algorithm_t integrity_algorithm_t; - -/** - * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2. - * - * Currently only the following algorithms are implemented and therefore supported: - * - AUTH_HMAC_MD5_96 - * - AUTH_HMAC_SHA1_96 - * - * @ingroup signers - */ -enum integrity_algorithm_t { - AUTH_UNDEFINED = 1024, - /** - * Implemented in class hmac_signer_t. - */ - AUTH_HMAC_MD5_96 = 1, - /** - * Implemented in class hmac_signer_t. - */ - AUTH_HMAC_SHA1_96 = 2, - AUTH_DES_MAC = 3, - AUTH_KPDK_MD5 = 4, - AUTH_AES_XCBC_96 = 5 -}; - -/** - * String mappings for integrity_algorithm_t. - */ -extern mapping_t integrity_algorithm_m[]; - - -typedef struct signer_t signer_t; - -/** - * @brief Generig interface for a symmetric signature algorithm. - * - * @b Constructors: - * - signer_create() - * - hmac_signer_create() - * - * @todo Implement more integrity algorithms - * - * @ingroup signers - */ -struct signer_t { - /** - * @brief Generate a signature. - * - * @param this calling object - * @param data a chunk containing the data to sign - * @param[out] buffer pointer where the signature will be written - */ - void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer); - - /** - * @brief Generate a signature and allocate space for it. - * - * @param this calling object - * @param data a chunk containing the data to sign - * @param[out] chunk chunk which will hold the allocated signature - */ - void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk); - - /** - * @brief Verify a signature. - * - * @param this calling object - * @param data a chunk containing the data to verify - * @param signature a chunk containing the signature - * @return TRUE, if signature is valid, FALSE otherwise - */ - bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature); - - /** - * @brief Get the block size of this signature algorithm. - * - * @param this calling object - * @return block size in bytes - */ - size_t (*get_block_size) (signer_t *this); - - /** - * @brief Get the key size of the signature algorithm. - * - * @param this calling object - * @return key size in bytes - */ - size_t (*get_key_size) (signer_t *this); - - /** - * @brief Set the key for this object. - * - * @param this calling object - * @param key key to set - */ - void (*set_key) (signer_t *this, chunk_t key); - - /** - * @brief Destroys a signer_t object. - * - * @param this calling object - */ - void (*destroy) (signer_t *this); -}; - -/** - * @brief Creates a new signer_t object. - * - * @param integrity_algorithm Algorithm to use for signing and verifying. - * @return - * - signer_t object - * - NULL if signer not supported - * - * @ingroup signers - */ -signer_t *signer_create(integrity_algorithm_t integrity_algorithm); - -#endif /*SIGNER_H_*/ |