17 files changed, 1141 insertions, 23 deletions
diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am
new file mode 100644
index 000000000..ce0104f11
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-cmac.la
+else
+plugin_LTLIBRARIES = libstrongswan-cmac.la
+endif
+
+libstrongswan_cmac_la_SOURCES = \
+	cmac_plugin.h cmac_plugin.c cmac.h cmac.c \
+	cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c
+
+libstrongswan_cmac_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c
new file mode 100644
index 000000000..5ec7073c7
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac.h"
+
+#include <debug.h>
+
+typedef struct private_cmac_t private_cmac_t;
+
+/**
+ * Private data of a cmac_t object.
+ *
+ * The variable names are the same as in the RFC.
+ */
+struct private_cmac_t {
+
+	/**
+	 * Public interface.
+	 */
+	cmac_t public;
+
+	/**
+	 * Block size, in bytes
+	 */
+	u_int8_t b;
+
+	/**
+	 * Crypter with key K
+	 */
+	crypter_t *k;
+
+	/**
+	 * K1
+	 */
+	u_int8_t *k1;
+
+	/**
+	 * K2
+	 */
+	u_int8_t *k2;
+
+	/**
+	 * T
+	 */
+	u_int8_t *t;
+
+	/**
+	 * remaining, unprocessed bytes in append mode
+	 */
+	u_int8_t *remaining;
+
+	/**
+	 * number of bytes in remaining
+	 */
+	int remaining_bytes;
+};
+
+/**
+ * process supplied data, but do not run final operation
+ */
+static void update(private_cmac_t *this, chunk_t data)
+{
+	chunk_t iv;
+
+	if (this->remaining_bytes + data.len <= this->b)
+	{	/* no complete block (or last block), just copy into remaining */
+		memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
+		this->remaining_bytes += data.len;
+		return;
+	}
+
+	iv = chunk_alloca(this->b);
+	memset(iv.ptr, 0, iv.len);
+
+	/* T := 0x00000000000000000000000000000000 (initially)
+	 * for each block M_i (except the last)
+	 *   X := T XOR M_i;
+	 *   T := AES-128(K, X);
+	 */
+
+	/* append data to remaining bytes, process block M_1 */
+	memcpy(this->remaining + this->remaining_bytes, data.ptr,
+		   this->b - this->remaining_bytes);
+	data = chunk_skip(data, this->b - this->remaining_bytes);
+	memxor(this->t, this->remaining, this->b);
+	this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+	/* process blocks M_2 ... M_n-1 */
+	while (data.len > this->b)
+	{
+		memcpy(this->remaining, data.ptr, this->b);
+		data = chunk_skip(data, this->b);
+		memxor(this->t, this->remaining, this->b);
+		this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+	}
+
+	/* store remaining bytes of block M_n */
+	memcpy(this->remaining, data.ptr, data.len);
+	this->remaining_bytes = data.len;
+}
+
+/**
+ * process last block M_last
+ */
+static void final(private_cmac_t *this, u_int8_t *out)
+{
+	chunk_t iv;
+
+	iv = chunk_alloca(this->b);
+	memset(iv.ptr, 0, iv.len);
+
+	/* if last block is complete
+	 *   M_last := M_n XOR K1;
+	 * else
+	 *   M_last := padding(M_n) XOR K2;
+	 */
+	if (this->remaining_bytes == this->b)
+	{
+		memxor(this->remaining, this->k1, this->b);
+	}
+	else
+	{
+		/* padding(x) = x || 10^i  where i is 128-8*r-1
+		 * That is, padding(x) is the concatenation of x and a single '1',
+		 * followed by the minimum number of '0's, so that the total length is
+		 * equal to 128 bits.
+		 */
+		if (this->remaining_bytes < this->b)
+		{
+			this->remaining[this->remaining_bytes] = 0x80;
+			while (++this->remaining_bytes < this->b)
+			{
+				this->remaining[this->remaining_bytes] = 0x00;
+			}
+		}
+		memxor(this->remaining, this->k2, this->b);
+	}
+	/* T := M_last XOR T;
+	 * T := AES-128(K,T);
+	 */
+	memxor(this->t, this->remaining, this->b);
+	this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+	memcpy(out, this->t, this->b);
+
+	/* reset state */
+	memset(this->t, 0, this->b);
+	this->remaining_bytes = 0;
+}
+
+METHOD(cmac_t, get_mac, void,
+	private_cmac_t *this, chunk_t data, u_int8_t *out)
+{
+	/* update T, do not process last block */
+	update(this, data);
+
+	if (out)
+	{	/* if not in append mode, process last block and output result */
+		final(this, out);
+	}
+}
+
+METHOD(cmac_t, get_block_size, size_t,
+	private_cmac_t *this)
+{
+	return this->b;
+}
+
+/**
+ * Left-shift the given chunk by one bit.
+ */
+static void bit_shift(chunk_t chunk)
+{
+	size_t i;
+
+	for (i = 0; i < chunk.len; i++)
+	{
+		chunk.ptr[i] <<= 1;
+		if (i < chunk.len - 1 && chunk.ptr[i + 1] & 0x80)
+		{
+			chunk.ptr[i] |= 0x01;
+		}
+	}
+}
+
+/**
+ * Apply the following key derivation (in-place):
+ * if MSB(C) == 0
+ *   C := C << 1
+ * else
+ *   C := (C << 1) XOR 0x00000000000000000000000000000087
+ */
+static void derive_key(chunk_t chunk)
+{
+	if (chunk.ptr[0] & 0x80)
+	{
+		chunk_t rb;
+
+		rb = chunk_alloca(chunk.len);
+		memset(rb.ptr, 0, rb.len);
+		rb.ptr[rb.len - 1] = 0x87;
+		bit_shift(chunk);
+		memxor(chunk.ptr, rb.ptr, chunk.len);
+	}
+	else
+	{
+		bit_shift(chunk);
+	}
+}
+
+METHOD(cmac_t, set_key, void,
+	private_cmac_t *this, chunk_t key)
+{
+	chunk_t resized, iv, l;
+
+	/* we support variable keys as defined in RFC 4615 */
+	if (key.len == this->b)
+	{
+		resized = key;
+	}
+	else
+	{	/* use cmac recursively to resize longer or shorter keys */
+		resized = chunk_alloca(this->b);
+		memset(resized.ptr, 0, resized.len);
+		set_key(this, resized);
+		get_mac(this, key, resized.ptr);
+	}
+
+	/*
+	 * Rb = 0x00000000000000000000000000000087
+	 * L = 0x00000000000000000000000000000000 encrypted with K
+	 * if MSB(L) == 0
+	 *   K1 = L << 1
+	 * else
+	 *   K1 = (L << 1) XOR Rb
+	 * if MSB(K1) == 0
+	 *   K2 = K1 << 1
+	 * else
+	 *   K2 = (K1 << 1) XOR Rb
+	 */
+	iv = chunk_alloca(this->b);
+	memset(iv.ptr, 0, iv.len);
+	l = chunk_alloca(this->b);
+	memset(l.ptr, 0, l.len);
+	this->k->set_key(this->k, resized);
+	this->k->encrypt(this->k, l, iv, NULL);
+	derive_key(l);
+	memcpy(this->k1, l.ptr, l.len);
+	derive_key(l);
+	memcpy(this->k2, l.ptr, l.len);
+	memwipe(l.ptr, l.len);
+}
+
+METHOD(cmac_t, destroy, void,
+	private_cmac_t *this)
+{
+	this->k->destroy(this->k);
+	memwipe(this->k1, this->b);
+	free(this->k1);
+	memwipe(this->k2, this->b);
+	free(this->k2);
+	free(this->t);
+	free(this->remaining);
+	free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
+{
+	private_cmac_t *this;
+	crypter_t *crypter;
+	u_int8_t b;
+
+	crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
+	if (!crypter)
+	{
+		return NULL;
+	}
+	b = crypter->get_block_size(crypter);
+	/* input and output of crypter must be equal for cmac */
+	if (b != key_size)
+	{
+		crypter->destroy(crypter);
+		return NULL;
+	}
+
+	INIT(this,
+		.public = {
+			.get_mac = _get_mac,
+			.get_block_size = _get_block_size,
+			.set_key = _set_key,
+			.destroy = _destroy,
+		},
+		.b = b,
+		.k = crypter,
+		.k1 = malloc(b),
+		.k2 = malloc(b),
+		.t = malloc(b),
+		.remaining = malloc(b),
+	);
+	memset(this->t, 0, b);
+
+	return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h
new file mode 100644
index 000000000..061609127
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac cmac
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_H_
+#define CMAC_H_
+
+#include <crypto/crypters/crypter.h>
+
+typedef struct cmac_t cmac_t;
+
+/**
+ * Cipher-based Message Authentication Code (CMAC).
+ *
+ * This class implements the message authentication algorithm
+ * described in RFC 4493.
+ */
+struct cmac_t {
+
+	/**
+	 * Generate message authentication code.
+	 *
+	 * If buffer is NULL, no result is given back. A next call will
+	 * append the data to already supplied data. If buffer is not NULL,
+	 * the mac of all apended data is calculated, returned and the internal
+	 * state is reset.
+	 *
+	 * @param data		chunk of data to authenticate
+	 * @param buffer	pointer where the generated bytes will be written
+	 */
+	void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer);
+
+	/**
+	 * Get the block size of this cmac_t object.
+	 *
+	 * @return			block size in bytes
+	 */
+	size_t (*get_block_size) (cmac_t *this);
+
+	/**
+	 * Set the key for this cmac_t object.
+	 *
+	 * @param key		key to set
+	 */
+	void (*set_key) (cmac_t *this, chunk_t key);
+
+	/**
+	 * Destroys a cmac_t object.
+	 */
+	void (*destroy) (cmac_t *this);
+};
+
+/**
+ * Creates a new cmac_t object.
+ *
+ * @param algo			underlying crypto algorithm
+ * @param key_size		key size to use, if required for algorithm
+ * @return				cmac_t object, NULL if not supported
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c
new file mode 100644
index 000000000..5b42c5002
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_plugin.h"
+
+#include <library.h>
+#include "cmac_prf.h"
+#include "cmac_signer.h"
+
+typedef struct private_cmac_plugin_t private_cmac_plugin_t;
+
+/**
+ * private data of cmac_plugin
+ */
+struct private_cmac_plugin_t {
+
+	/**
+	 * public functions
+	 */
+	cmac_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+	private_cmac_plugin_t *this)
+{
+	return "cmac";
+}
+
+METHOD(plugin_t, get_features, int,
+	private_cmac_plugin_t *this, plugin_feature_t *features[])
+{
+	static plugin_feature_t f[] = {
+		PLUGIN_REGISTER(PRF, cmac_prf_create),
+			PLUGIN_PROVIDE(PRF, PRF_AES128_CMAC),
+				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+		PLUGIN_REGISTER(SIGNER, cmac_signer_create),
+			PLUGIN_PROVIDE(SIGNER, AUTH_AES_CMAC_96),
+				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+	};
+	*features = f;
+	return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+	private_cmac_plugin_t *this)
+{
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *cmac_plugin_create()
+{
+	private_cmac_plugin_t *this;
+
+	INIT(this,
+		.public = {
+			.plugin = {
+				.get_name = _get_name,
+				.get_features = _get_features,
+				.destroy = _destroy,
+			},
+		},
+	);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.h b/src/libstrongswan/plugins/cmac/cmac_plugin.h
new file mode 100644
index 000000000..a31e1077d
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_p cmac
+ * @ingroup plugins
+ *
+ * @defgroup cmac_plugin cmac_plugin
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_PLUGIN_H_
+#define CMAC_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct cmac_plugin_t cmac_plugin_t;
+
+/**
+ * Plugin implementing CMAC algorithm to provide crypter based PRF and signer.
+ */
+struct cmac_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** CMAC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.c b/src/libstrongswan/plugins/cmac/cmac_prf.c
new file mode 100644
index 000000000..17affe439
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_prf.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_prf.h"
+
+#include "cmac.h"
+
+typedef struct private_cmac_prf_t private_cmac_prf_t;
+
+/**
+ * Private data of a cmac_prf_t object.
+ */
+struct private_cmac_prf_t {
+
+	/**
+	 * Public cmac_prf_t interface.
+	 */
+	cmac_prf_t public;
+
+	/**
+	 * cmac to use for generation.
+	 */
+	cmac_t *cmac;
+};
+
+METHOD(prf_t, get_bytes, void,
+	private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
+{
+	this->cmac->get_mac(this->cmac, seed, buffer);
+}
+
+METHOD(prf_t, allocate_bytes, void,
+	private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk)
+{
+	if (chunk)
+	{
+		*chunk = chunk_alloc(this->cmac->get_block_size(this->cmac));
+		get_bytes(this, seed, chunk->ptr);
+	}
+	else
+	{
+		get_bytes(this, seed, NULL);
+	}
+}
+
+METHOD(prf_t, get_block_size, size_t,
+	private_cmac_prf_t *this)
+{
+	return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, get_key_size, size_t,
+	private_cmac_prf_t *this)
+{
+	/* in cmac, block and key size are always equal */
+	return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, set_key, void,
+	private_cmac_prf_t *this, chunk_t key)
+{
+	this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(prf_t, destroy, void,
+	private_cmac_prf_t *this)
+{
+	this->cmac->destroy(this->cmac);
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo)
+{
+	private_cmac_prf_t *this;
+	cmac_t *cmac;
+
+	switch (algo)
+	{
+		case PRF_AES128_CMAC:
+			cmac = cmac_create(ENCR_AES_CBC, 16);
+			break;
+		default:
+			return NULL;
+	}
+	if (!cmac)
+	{
+		return NULL;
+	}
+
+	INIT(this,
+		.public = {
+			.prf = {
+				.get_bytes = _get_bytes,
+				.allocate_bytes = _allocate_bytes,
+				.get_block_size = _get_block_size,
+				.get_key_size = _get_key_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.cmac = cmac,
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.h b/src/libstrongswan/plugins/cmac/cmac_prf.h
new file mode 100644
index 000000000..a53cc5947
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_prf.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_prf cmac_prf
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef PRF_CMAC_H_
+#define PRF_CMAC_H_
+
+typedef struct cmac_prf_t cmac_prf_t;
+
+#include <crypto/prfs/prf.h>
+
+/**
+ * Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615.
+ *
+ * This simply wraps a cmac_t in a prf_t. More a question of
+ * interface matching.
+ */
+struct cmac_prf_t {
+
+	/**
+	 * Implements prf_t interface.
+	 */
+	prf_t prf;
+};
+
+/**
+ * Creates a new cmac_prf_t object.
+ *
+ * @param algo		algorithm to implement
+ * @return			cmac_prf_t object, NULL if hash not supported
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo);
+
+#endif /** PRF_CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.c b/src/libstrongswan/plugins/cmac/cmac_signer.c
new file mode 100644
index 000000000..82e8885d6
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_signer.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac_signer.h"
+#include "cmac.h"
+
+typedef struct private_cmac_signer_t private_cmac_signer_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_cmac_signer_t {
+
+	/**
+	 * Public interface.
+	 */
+	cmac_signer_t public;
+
+	/**
+	 * Assigned cmac function.
+	 */
+	cmac_t *cmac;
+
+	/**
+	 * Block size (truncation of CMAC MAC)
+	 */
+	size_t block_size;
+};
+
+METHOD(signer_t, get_signature, void,
+	private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer)
+{
+	if (buffer == NULL)
+	{	/* append mode */
+		this->cmac->get_mac(this->cmac, data, NULL);
+	}
+	else
+	{
+		u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+		this->cmac->get_mac(this->cmac, data, mac);
+		memcpy(buffer, mac, this->block_size);
+	}
+}
+
+METHOD(signer_t, allocate_signature, void,
+	private_cmac_signer_t *this, chunk_t data, chunk_t *chunk)
+{
+	if (chunk == NULL)
+	{	/* append mode */
+		this->cmac->get_mac(this->cmac, data, NULL);
+	}
+	else
+	{
+		u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+		this->cmac->get_mac(this->cmac, data, mac);
+
+		chunk->ptr = malloc(this->block_size);
+		chunk->len = this->block_size;
+
+		memcpy(chunk->ptr, mac, this->block_size);
+	}
+}
+
+METHOD(signer_t, verify_signature, bool,
+	private_cmac_signer_t *this, chunk_t data, chunk_t signature)
+{
+	u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+	if (signature.len != this->block_size)
+	{
+		return FALSE;
+	}
+
+	this->cmac->get_mac(this->cmac, data, mac);
+	return memeq(signature.ptr, mac, this->block_size);
+}
+
+METHOD(signer_t, get_key_size, size_t,
+	private_cmac_signer_t *this)
+{
+	return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(signer_t, get_block_size, size_t,
+	private_cmac_signer_t *this)
+{
+	return this->block_size;
+}
+
+METHOD(signer_t, set_key, void,
+	private_cmac_signer_t *this, chunk_t key)
+{
+	this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(signer_t, destroy, void,
+	private_cmac_signer_t *this)
+{
+	this->cmac->destroy(this->cmac);
+	free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo)
+{
+	private_cmac_signer_t *this;
+	size_t truncation;
+	cmac_t *cmac;
+
+	switch (algo)
+	{
+		case AUTH_AES_CMAC_96:
+			cmac = cmac_create(ENCR_AES_CBC, 16);
+			truncation = 12;
+			break;
+		default:
+			return NULL;
+	}
+	if (cmac == NULL)
+	{
+		return NULL;
+	}
+
+	INIT(this,
+		.public = {
+			.signer = {
+				.get_signature = _get_signature,
+				.allocate_signature = _allocate_signature,
+				.verify_signature = _verify_signature,
+				.get_key_size = _get_key_size,
+				.get_block_size = _get_block_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.cmac = cmac,
+		.block_size = min(truncation, cmac->get_block_size(cmac)),
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.h b/src/libstrongswan/plugins/cmac/cmac_signer.h
new file mode 100644
index 000000000..2e3724471
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_signer.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_signer cmac_signer
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_SIGNER_H_
+#define CMAC_SIGNER_H_
+
+typedef struct cmac_signer_t cmac_signer_t;
+
+#include <crypto/signers/signer.h>
+
+/**
+ * Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494.
+ */
+struct cmac_signer_t {
+
+	/**
+	 * Implements signer_t interface.
+	 */
+	signer_t signer;
+};
+
+/**
+ * Creates a new cmac_signer_t.
+ *
+ * @param algo		algorithm to implement
+ * @return			cmac_signer_t, NULL if  not supported
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo);
+
+#endif /** CMAC_SIGNER_H_ @}*/
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index ee71f6efd..c0666367a 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -127,14 +127,14 @@ METHOD(prf_t, get_bytes, void,
 	{
 		/* a. XVAL = (XKEY + XSEED j) mod 2^b */
 		add_mod(this->b, xkey, xseed, xval);
-		DBG3(DBG_LIB, "XVAL %b", xval, this->b);
+		DBG3(DBG_LIB, "XVAL %b", xval, (u_int)this->b);
 		/* b. wi = G(t, XVAL ) */
 		this->g(this, chunk_create(xval, this->b), &w[i * this->b]);
-		DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], this->b);
+		DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], (u_int)this->b);
 		/* c. XKEY = (1 + XKEY + wi) mod 2b */
 		add_mod(this->b, xkey, &w[i * this->b], sum);
 		add_mod(this->b, sum, one, xkey);
-		DBG3(DBG_LIB, "XKEY %b", xkey, this->b);
+		DBG3(DBG_LIB, "XKEY %b", xkey, (u_int)this->b);
 	}
 
 	/* 3.3 done already, mod q not used */
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index 397a1ea11..91294305e 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -4,13 +4,13 @@
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General hmac License as published by the
+ * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General hmac License
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
 
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index f05d348ee..c5d96be47 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -355,7 +355,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
  * load the credential from a blob
  */
 static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
-							x509_flag_t flags)
+							identification_t *subject, x509_flag_t flags)
 {
 	void *cred = NULL;
 	bool pgp = FALSE;
@@ -381,10 +381,19 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
 	{
 		subtype = pgp ? CERT_GPG : CERT_X509;
 	}
-	cred = lib->creds->create(lib->creds, type, subtype,
+	if (type == CRED_CERTIFICATE && subtype == CERT_TRUSTED_PUBKEY && subject)
+	{
+		cred = lib->creds->create(lib->creds, type, subtype,
+							  BUILD_BLOB_ASN1_DER, blob, BUILD_SUBJECT, subject,
+							  BUILD_END);
+	}
+	else
+	{
+		cred = lib->creds->create(lib->creds, type, subtype,
 							  pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
 							  flags ? BUILD_X509_FLAG : BUILD_END,
 							  flags, BUILD_END);
+	}
 	chunk_clear(&blob);
 	return cred;
 }
@@ -393,7 +402,7 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
  * load the credential from a file
  */
 static void *load_from_file(char *file, credential_type_t type, int subtype,
-							x509_flag_t flags)
+							identification_t *subject, x509_flag_t flags)
 {
 	void *cred = NULL;
 	struct stat sb;
@@ -423,7 +432,8 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
 		return NULL;
 	}
 
-	cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, flags);
+	cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
+									   subject, flags);
 
 	munmap(addr, sb.st_size);
 	close(fd);
@@ -434,7 +444,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
  * load the credential from a file descriptor
  */
 static void *load_from_fd(int fd, credential_type_t type, int subtype,
-						  x509_flag_t flags)
+						  identification_t *subject, x509_flag_t flags)
 {
 	char buf[8096];
 	char *pos = buf;
@@ -460,7 +470,8 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
 			return NULL;
 		}
 	}
-	return load_from_blob(chunk_create(buf, total), type, subtype, flags);
+	return load_from_blob(chunk_create(buf, total), type, subtype,
+						  subject, flags);
 }
 
 /**
@@ -471,6 +482,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
 	char *file = NULL;
 	int fd = -1;
 	chunk_t pem = chunk_empty;
+	identification_t *subject = NULL;
 	int flags = 0;
 
 	while (TRUE)
@@ -486,6 +498,9 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
 			case BUILD_BLOB_PEM:
 				pem = va_arg(args, chunk_t);
 				continue;
+			case BUILD_SUBJECT:
+				subject = va_arg(args, identification_t*);
+				continue;
 			case BUILD_X509_FLAG:
 				flags = va_arg(args, int);
 				continue;
@@ -499,15 +514,15 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
 
 	if (pem.len)
 	{
-		return load_from_blob(pem, type, subtype, flags);
+		return load_from_blob(pem, type, subtype, subject, flags);
 	}
 	if (file)
 	{
-		return load_from_file(file, type, subtype, flags);
+		return load_from_file(file, type, subtype, subject, flags);
 	}
 	if (fd != -1)
 	{
-		return load_from_fd(fd, type, subtype, flags);
+		return load_from_fd(fd, type, subtype, subject, flags);
 	}
 	return NULL;
 }
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
index 54c51a834..67240fe0c 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@@ -15,6 +15,8 @@
 
 #include "pubkey_cert.h"
 
+#include <time.h>
+
 #include <debug.h>
 
 typedef struct private_pubkey_cert_t private_pubkey_cert_t;
@@ -45,6 +47,16 @@ struct private_pubkey_cert_t {
 	identification_t *subject;
 
 	/**
+	 * key inception time
+	 */
+	time_t notBefore;
+
+	/**
+	 * key expiration time
+	 */
+	time_t notAfter;
+
+	/**
 	 * reference count
 	 */
 	refcount_t ref;
@@ -85,7 +97,8 @@ METHOD(certificate_t, has_subject, id_match_t,
 			}
 		}
 	}
-	return ID_MATCH_NONE;
+
+	return this->subject->matches(this->subject, subject);
 }
 
 METHOD(certificate_t, has_issuer, id_match_t,
@@ -129,15 +142,18 @@ METHOD(certificate_t, get_validity, bool,
 	private_pubkey_cert_t *this, time_t *when, time_t *not_before,
 	time_t *not_after)
 {
+	time_t t = when ? *when : time(NULL);
+
 	if (not_before)
 	{
-		*not_before = 0;
+		*not_before = this->notBefore;
 	}
 	if (not_after)
 	{
-		*not_after = ~0;
+		*not_after = this->notAfter;
 	}
-	return TRUE;
+	return ((this->notBefore == UNDEFINED_TIME || t >= this->notBefore) &&
+			(this->notAfter  == UNDEFINED_TIME || t <= this->notAfter));
 }
 
 METHOD(certificate_t, get_encoding, bool,
@@ -168,7 +184,9 @@ METHOD(certificate_t, destroy, void,
 /*
  * see header file
  */
-static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
+static pubkey_cert_t *pubkey_cert_create(public_key_t *key,
+										 time_t notBefore, time_t notAfter,
+										 identification_t *subject)
 {
 	private_pubkey_cert_t *this;
 	chunk_t fingerprint;
@@ -192,10 +210,16 @@ static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
 		},
 		.ref = 1,
 		.key = key,
+		.notBefore = notBefore,
+		.notAfter = notAfter,
 		.issuer = identification_create_from_encoding(ID_ANY, chunk_empty),
 	);
 
-	if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
+	if (subject)
+	{
+		this->subject = subject->clone(subject);
+	}
+	else if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
 	{
 		this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint);
 	}
@@ -214,6 +238,8 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
 {
 	public_key_t *key = NULL;
 	chunk_t blob = chunk_empty;
+	identification_t *subject = NULL;
+	time_t notBefore = UNDEFINED_TIME, notAfter = UNDEFINED_TIME;
 
 	while (TRUE)
 	{
@@ -225,6 +251,15 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
 			case BUILD_PUBLIC_KEY:
 				key = va_arg(args, public_key_t*);
 				continue;
+			case BUILD_NOT_BEFORE_TIME:
+				notBefore = va_arg(args, time_t);
+				continue;
+			case BUILD_NOT_AFTER_TIME:
+				notAfter = va_arg(args, time_t);
+				continue;
+			case BUILD_SUBJECT:
+				subject = va_arg(args, identification_t*);
+				continue;
 			case BUILD_END:
 				break;
 			default:
@@ -243,7 +278,7 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
 	}
 	if (key)
 	{
-		return pubkey_cert_create(key);
+		return pubkey_cert_create(key, notBefore, notAfter, subject);
 	}
 	return NULL;
 }
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 049301977..5280300a8 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -15,6 +15,7 @@ libstrongswan_test_vectors_la_SOURCES = \
 	test_vectors/aes_cbc.c \
 	test_vectors/aes_ctr.c \
 	test_vectors/aes_xcbc.c \
+	test_vectors/aes_cmac.c \
 	test_vectors/aes_ccm.c \
 	test_vectors/aes_gcm.c \
 	test_vectors/blowfish.c \
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index ab4689c1c..40fb51da6 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -91,6 +91,10 @@ TEST_VECTOR_SIGNER(aes_xcbc_s2)
 TEST_VECTOR_SIGNER(aes_xcbc_s3)
 TEST_VECTOR_SIGNER(aes_xcbc_s4)
 TEST_VECTOR_SIGNER(aes_xcbc_s5)
+TEST_VECTOR_SIGNER(aes_cmac_s1)
+TEST_VECTOR_SIGNER(aes_cmac_s2)
+TEST_VECTOR_SIGNER(aes_cmac_s3)
+TEST_VECTOR_SIGNER(aes_cmac_s4)
 TEST_VECTOR_SIGNER(camellia_xcbc_s1)
 TEST_VECTOR_SIGNER(md5_hmac_s1)
 TEST_VECTOR_SIGNER(md5_hmac_s2)
@@ -156,6 +160,13 @@ TEST_VECTOR_PRF(aes_xcbc_p4)
 TEST_VECTOR_PRF(aes_xcbc_p5)
 TEST_VECTOR_PRF(aes_xcbc_p6)
 TEST_VECTOR_PRF(aes_xcbc_p7)
+TEST_VECTOR_PRF(aes_cmac_p1)
+TEST_VECTOR_PRF(aes_cmac_p2)
+TEST_VECTOR_PRF(aes_cmac_p3)
+TEST_VECTOR_PRF(aes_cmac_p4)
+TEST_VECTOR_PRF(aes_cmac_p5)
+TEST_VECTOR_PRF(aes_cmac_p6)
+TEST_VECTOR_PRF(aes_cmac_p7)
 TEST_VECTOR_PRF(camellia_xcbc_p1)
 TEST_VECTOR_PRF(camellia_xcbc_p2)
 TEST_VECTOR_PRF(camellia_xcbc_p3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c
new file mode 100644
index 000000000..cc4121424
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c
@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * RFC 4493 Example #1: AES-CMAC with 0-byte input
+ */
+prf_test_vector_t aes_cmac_p1 = {
+	.alg = PRF_AES128_CMAC, .key_size = 16, .len = 0,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.seed	= "",
+	.out	= "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12\x9b\x75\x67\x46"
+};
+
+/**
+ * RFC 4493 Example #2: AES-CMAC with 16-byte input
+ */
+prf_test_vector_t aes_cmac_p2 = {
+	.alg = PRF_AES128_CMAC, .key_size = 16, .len = 16,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.seed	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
+	.out	= "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c"
+};
+
+/**
+ * RFC 4493 Example #3: AES-CMAC with 40-byte input
+ */
+prf_test_vector_t aes_cmac_p3 = {
+	.alg = PRF_AES128_CMAC, .key_size = 16, .len = 40,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.seed	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11",
+	.out	= "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61\x14\x97\xc8\x27"
+};
+
+/**
+ * RFC 4493 Example #4: AES-CMAC with 64-byte input
+ */
+prf_test_vector_t aes_cmac_p4 = {
+	.alg = PRF_AES128_CMAC, .key_size = 16, .len = 64,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.seed	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+	.out	= "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92\xfc\x49\x74\x17\x79\x36\x3c\xfe"
+};
+
+/**
+ * RFC 4615 Test Case #1: AES-CMAC with 20-byte input, 18-byte key
+ */
+prf_test_vector_t aes_cmac_p5 = {
+	.alg = PRF_AES128_CMAC, .key_size = 18, .len = 20,
+	.key	= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+			  "\xed\xcb",
+	.seed	= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+			  "\x10\x11\x12\x13",
+	.out	= "\x84\xa3\x48\xa4\xa4\x5d\x23\x5b\xab\xff\xfc\x0d\x2b\x4d\xa0\x9a"
+};
+
+/**
+ * RFC 4615 Test Case #2: AES-CMAC with 20-byte input, 16-byte key
+ */
+prf_test_vector_t aes_cmac_p6 = {
+	.alg = PRF_AES128_CMAC, .key_size = 16, .len = 20,
+	.key	= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+	.seed	= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+			  "\x10\x11\x12\x13",
+	.out	= "\x98\x0a\xe8\x7b\x5f\x4c\x9c\x52\x14\xf5\xb6\xa8\x45\x5e\x4c\x2d"
+};
+
+/**
+ * RFC 4615 Test Case #3: AES-CMAC with 20-byte input, 10-byte key
+ */
+prf_test_vector_t aes_cmac_p7 = {
+	.alg = PRF_AES128_CMAC, .key_size = 10, .len = 20,
+	.key	= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09",
+	.seed	= "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+			  "\x10\x11\x12\x13",
+	.out	= "\x29\x0d\x9e\x11\x2e\xdb\x09\xee\x14\x1f\xcf\x64\xc0\xb7\x2f\x3d"
+};
+
+/**
+ * RFC 4494 Test Case #1: AES-CMAC-96 with 0-byte input
+ */
+signer_test_vector_t aes_cmac_s1 = {
+	.alg = AUTH_AES_CMAC_96, .len = 0,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.data	= "",
+	.mac	= "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12"
+};
+
+
+/**
+ * RFC 4494 Test Case #2: AES-CMAC-96 with 16-byte input
+ */
+signer_test_vector_t aes_cmac_s2 = {
+	.alg = AUTH_AES_CMAC_96, .len = 16,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.data	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
+	.mac	= "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d"
+};
+
+/**
+ * RFC 4494 Test Case #3: AES-CMAC-96 with 40-byte input
+ */
+signer_test_vector_t aes_cmac_s3 = {
+	.alg = AUTH_AES_CMAC_96, .len = 40,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.data	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11",
+	.mac	= "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61"
+};
+
+/**
+ * RFC 4494 Test Case #4: AES-CMAC-96 with 64-byte input
+ */
+signer_test_vector_t aes_cmac_s4 = {
+	.alg = AUTH_AES_CMAC_96, .len = 64,
+	.key	= "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+	.data	= "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+			  "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+			  "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+			  "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+	.mac	= "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92\xfc\x49\x74\x17"
+};
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index 8ddde962c..53629abe5 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -3,13 +3,13 @@
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General xcbc License as published by the
+ * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General xcbc License
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */