10 files changed, 922 insertions, 0 deletions
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index d3c360b47..7bb0812bd 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -215,6 +215,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_CMAC
+  SUBDIRS += plugins/cmac
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/cmac/libstrongswan-cmac.la
+endif
+endif
+
 if USE_XCBC
   SUBDIRS += plugins/xcbc
 if MONOLITHIC
diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am
new file mode 100644
index 000000000..ce0104f11
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-cmac.la
+else
+plugin_LTLIBRARIES = libstrongswan-cmac.la
+endif
+
+libstrongswan_cmac_la_SOURCES = \
+	cmac_plugin.h cmac_plugin.c cmac.h cmac.c \
+	cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c
+
+libstrongswan_cmac_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c
new file mode 100644
index 000000000..5ec7073c7
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac.h"
+
+#include <debug.h>
+
+typedef struct private_cmac_t private_cmac_t;
+
+/**
+ * Private data of a cmac_t object.
+ *
+ * The variable names are the same as in the RFC.
+ */
+struct private_cmac_t {
+
+	/**
+	 * Public interface.
+	 */
+	cmac_t public;
+
+	/**
+	 * Block size, in bytes
+	 */
+	u_int8_t b;
+
+	/**
+	 * Crypter with key K
+	 */
+	crypter_t *k;
+
+	/**
+	 * K1
+	 */
+	u_int8_t *k1;
+
+	/**
+	 * K2
+	 */
+	u_int8_t *k2;
+
+	/**
+	 * T
+	 */
+	u_int8_t *t;
+
+	/**
+	 * remaining, unprocessed bytes in append mode
+	 */
+	u_int8_t *remaining;
+
+	/**
+	 * number of bytes in remaining
+	 */
+	int remaining_bytes;
+};
+
+/**
+ * process supplied data, but do not run final operation
+ */
+static void update(private_cmac_t *this, chunk_t data)
+{
+	chunk_t iv;
+
+	if (this->remaining_bytes + data.len <= this->b)
+	{	/* no complete block (or last block), just copy into remaining */
+		memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
+		this->remaining_bytes += data.len;
+		return;
+	}
+
+	iv = chunk_alloca(this->b);
+	memset(iv.ptr, 0, iv.len);
+
+	/* T := 0x00000000000000000000000000000000 (initially)
+	 * for each block M_i (except the last)
+	 *   X := T XOR M_i;
+	 *   T := AES-128(K, X);
+	 */
+
+	/* append data to remaining bytes, process block M_1 */
+	memcpy(this->remaining + this->remaining_bytes, data.ptr,
+		   this->b - this->remaining_bytes);
+	data = chunk_skip(data, this->b - this->remaining_bytes);
+	memxor(this->t, this->remaining, this->b);
+	this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+	/* process blocks M_2 ... M_n-1 */
+	while (data.len > this->b)
+	{
+		memcpy(this->remaining, data.ptr, this->b);
+		data = chunk_skip(data, this->b);
+		memxor(this->t, this->remaining, this->b);
+		this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+	}
+
+	/* store remaining bytes of block M_n */
+	memcpy(this->remaining, data.ptr, data.len);
+	this->remaining_bytes = data.len;
+}
+
+/**
+ * process last block M_last
+ */
+static void final(private_cmac_t *this, u_int8_t *out)
+{
+	chunk_t iv;
+
+	iv = chunk_alloca(this->b);
+	memset(iv.ptr, 0, iv.len);
+
+	/* if last block is complete
+	 *   M_last := M_n XOR K1;
+	 * else
+	 *   M_last := padding(M_n) XOR K2;
+	 */
+	if (this->remaining_bytes == this->b)
+	{
+		memxor(this->remaining, this->k1, this->b);
+	}
+	else
+	{
+		/* padding(x) = x || 10^i  where i is 128-8*r-1
+		 * That is, padding(x) is the concatenation of x and a single '1',
+		 * followed by the minimum number of '0's, so that the total length is
+		 * equal to 128 bits.
+		 */
+		if (this->remaining_bytes < this->b)
+		{
+			this->remaining[this->remaining_bytes] = 0x80;
+			while (++this->remaining_bytes < this->b)
+			{
+				this->remaining[this->remaining_bytes] = 0x00;
+			}
+		}
+		memxor(this->remaining, this->k2, this->b);
+	}
+	/* T := M_last XOR T;
+	 * T := AES-128(K,T);
+	 */
+	memxor(this->t, this->remaining, this->b);
+	this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+	memcpy(out, this->t, this->b);
+
+	/* reset state */
+	memset(this->t, 0, this->b);
+	this->remaining_bytes = 0;
+}
+
+METHOD(cmac_t, get_mac, void,
+	private_cmac_t *this, chunk_t data, u_int8_t *out)
+{
+	/* update T, do not process last block */
+	update(this, data);
+
+	if (out)
+	{	/* if not in append mode, process last block and output result */
+		final(this, out);
+	}
+}
+
+METHOD(cmac_t, get_block_size, size_t,
+	private_cmac_t *this)
+{
+	return this->b;
+}
+
+/**
+ * Left-shift the given chunk by one bit.
+ */
+static void bit_shift(chunk_t chunk)
+{
+	size_t i;
+
+	for (i = 0; i < chunk.len; i++)
+	{
+		chunk.ptr[i] <<= 1;
+		if (i < chunk.len - 1 && chunk.ptr[i + 1] & 0x80)
+		{
+			chunk.ptr[i] |= 0x01;
+		}
+	}
+}
+
+/**
+ * Apply the following key derivation (in-place):
+ * if MSB(C) == 0
+ *   C := C << 1
+ * else
+ *   C := (C << 1) XOR 0x00000000000000000000000000000087
+ */
+static void derive_key(chunk_t chunk)
+{
+	if (chunk.ptr[0] & 0x80)
+	{
+		chunk_t rb;
+
+		rb = chunk_alloca(chunk.len);
+		memset(rb.ptr, 0, rb.len);
+		rb.ptr[rb.len - 1] = 0x87;
+		bit_shift(chunk);
+		memxor(chunk.ptr, rb.ptr, chunk.len);
+	}
+	else
+	{
+		bit_shift(chunk);
+	}
+}
+
+METHOD(cmac_t, set_key, void,
+	private_cmac_t *this, chunk_t key)
+{
+	chunk_t resized, iv, l;
+
+	/* we support variable keys as defined in RFC 4615 */
+	if (key.len == this->b)
+	{
+		resized = key;
+	}
+	else
+	{	/* use cmac recursively to resize longer or shorter keys */
+		resized = chunk_alloca(this->b);
+		memset(resized.ptr, 0, resized.len);
+		set_key(this, resized);
+		get_mac(this, key, resized.ptr);
+	}
+
+	/*
+	 * Rb = 0x00000000000000000000000000000087
+	 * L = 0x00000000000000000000000000000000 encrypted with K
+	 * if MSB(L) == 0
+	 *   K1 = L << 1
+	 * else
+	 *   K1 = (L << 1) XOR Rb
+	 * if MSB(K1) == 0
+	 *   K2 = K1 << 1
+	 * else
+	 *   K2 = (K1 << 1) XOR Rb
+	 */
+	iv = chunk_alloca(this->b);
+	memset(iv.ptr, 0, iv.len);
+	l = chunk_alloca(this->b);
+	memset(l.ptr, 0, l.len);
+	this->k->set_key(this->k, resized);
+	this->k->encrypt(this->k, l, iv, NULL);
+	derive_key(l);
+	memcpy(this->k1, l.ptr, l.len);
+	derive_key(l);
+	memcpy(this->k2, l.ptr, l.len);
+	memwipe(l.ptr, l.len);
+}
+
+METHOD(cmac_t, destroy, void,
+	private_cmac_t *this)
+{
+	this->k->destroy(this->k);
+	memwipe(this->k1, this->b);
+	free(this->k1);
+	memwipe(this->k2, this->b);
+	free(this->k2);
+	free(this->t);
+	free(this->remaining);
+	free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
+{
+	private_cmac_t *this;
+	crypter_t *crypter;
+	u_int8_t b;
+
+	crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
+	if (!crypter)
+	{
+		return NULL;
+	}
+	b = crypter->get_block_size(crypter);
+	/* input and output of crypter must be equal for cmac */
+	if (b != key_size)
+	{
+		crypter->destroy(crypter);
+		return NULL;
+	}
+
+	INIT(this,
+		.public = {
+			.get_mac = _get_mac,
+			.get_block_size = _get_block_size,
+			.set_key = _set_key,
+			.destroy = _destroy,
+		},
+		.b = b,
+		.k = crypter,
+		.k1 = malloc(b),
+		.k2 = malloc(b),
+		.t = malloc(b),
+		.remaining = malloc(b),
+	);
+	memset(this->t, 0, b);
+
+	return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h
new file mode 100644
index 000000000..061609127
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac cmac
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_H_
+#define CMAC_H_
+
+#include <crypto/crypters/crypter.h>
+
+typedef struct cmac_t cmac_t;
+
+/**
+ * Cipher-based Message Authentication Code (CMAC).
+ *
+ * This class implements the message authentication algorithm
+ * described in RFC 4493.
+ */
+struct cmac_t {
+
+	/**
+	 * Generate message authentication code.
+	 *
+	 * If buffer is NULL, no result is given back. A next call will
+	 * append the data to already supplied data. If buffer is not NULL,
+	 * the mac of all apended data is calculated, returned and the internal
+	 * state is reset.
+	 *
+	 * @param data		chunk of data to authenticate
+	 * @param buffer	pointer where the generated bytes will be written
+	 */
+	void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer);
+
+	/**
+	 * Get the block size of this cmac_t object.
+	 *
+	 * @return			block size in bytes
+	 */
+	size_t (*get_block_size) (cmac_t *this);
+
+	/**
+	 * Set the key for this cmac_t object.
+	 *
+	 * @param key		key to set
+	 */
+	void (*set_key) (cmac_t *this, chunk_t key);
+
+	/**
+	 * Destroys a cmac_t object.
+	 */
+	void (*destroy) (cmac_t *this);
+};
+
+/**
+ * Creates a new cmac_t object.
+ *
+ * @param algo			underlying crypto algorithm
+ * @param key_size		key size to use, if required for algorithm
+ * @return				cmac_t object, NULL if not supported
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c
new file mode 100644
index 000000000..5b42c5002
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_plugin.h"
+
+#include <library.h>
+#include "cmac_prf.h"
+#include "cmac_signer.h"
+
+typedef struct private_cmac_plugin_t private_cmac_plugin_t;
+
+/**
+ * private data of cmac_plugin
+ */
+struct private_cmac_plugin_t {
+
+	/**
+	 * public functions
+	 */
+	cmac_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+	private_cmac_plugin_t *this)
+{
+	return "cmac";
+}
+
+METHOD(plugin_t, get_features, int,
+	private_cmac_plugin_t *this, plugin_feature_t *features[])
+{
+	static plugin_feature_t f[] = {
+		PLUGIN_REGISTER(PRF, cmac_prf_create),
+			PLUGIN_PROVIDE(PRF, PRF_AES128_CMAC),
+				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+		PLUGIN_REGISTER(SIGNER, cmac_signer_create),
+			PLUGIN_PROVIDE(SIGNER, AUTH_AES_CMAC_96),
+				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+	};
+	*features = f;
+	return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+	private_cmac_plugin_t *this)
+{
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *cmac_plugin_create()
+{
+	private_cmac_plugin_t *this;
+
+	INIT(this,
+		.public = {
+			.plugin = {
+				.get_name = _get_name,
+				.get_features = _get_features,
+				.destroy = _destroy,
+			},
+		},
+	);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.h b/src/libstrongswan/plugins/cmac/cmac_plugin.h
new file mode 100644
index 000000000..a31e1077d
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_p cmac
+ * @ingroup plugins
+ *
+ * @defgroup cmac_plugin cmac_plugin
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_PLUGIN_H_
+#define CMAC_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct cmac_plugin_t cmac_plugin_t;
+
+/**
+ * Plugin implementing CMAC algorithm to provide crypter based PRF and signer.
+ */
+struct cmac_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** CMAC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.c b/src/libstrongswan/plugins/cmac/cmac_prf.c
new file mode 100644
index 000000000..17affe439
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_prf.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_prf.h"
+
+#include "cmac.h"
+
+typedef struct private_cmac_prf_t private_cmac_prf_t;
+
+/**
+ * Private data of a cmac_prf_t object.
+ */
+struct private_cmac_prf_t {
+
+	/**
+	 * Public cmac_prf_t interface.
+	 */
+	cmac_prf_t public;
+
+	/**
+	 * cmac to use for generation.
+	 */
+	cmac_t *cmac;
+};
+
+METHOD(prf_t, get_bytes, void,
+	private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
+{
+	this->cmac->get_mac(this->cmac, seed, buffer);
+}
+
+METHOD(prf_t, allocate_bytes, void,
+	private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk)
+{
+	if (chunk)
+	{
+		*chunk = chunk_alloc(this->cmac->get_block_size(this->cmac));
+		get_bytes(this, seed, chunk->ptr);
+	}
+	else
+	{
+		get_bytes(this, seed, NULL);
+	}
+}
+
+METHOD(prf_t, get_block_size, size_t,
+	private_cmac_prf_t *this)
+{
+	return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, get_key_size, size_t,
+	private_cmac_prf_t *this)
+{
+	/* in cmac, block and key size are always equal */
+	return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, set_key, void,
+	private_cmac_prf_t *this, chunk_t key)
+{
+	this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(prf_t, destroy, void,
+	private_cmac_prf_t *this)
+{
+	this->cmac->destroy(this->cmac);
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo)
+{
+	private_cmac_prf_t *this;
+	cmac_t *cmac;
+
+	switch (algo)
+	{
+		case PRF_AES128_CMAC:
+			cmac = cmac_create(ENCR_AES_CBC, 16);
+			break;
+		default:
+			return NULL;
+	}
+	if (!cmac)
+	{
+		return NULL;
+	}
+
+	INIT(this,
+		.public = {
+			.prf = {
+				.get_bytes = _get_bytes,
+				.allocate_bytes = _allocate_bytes,
+				.get_block_size = _get_block_size,
+				.get_key_size = _get_key_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.cmac = cmac,
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.h b/src/libstrongswan/plugins/cmac/cmac_prf.h
new file mode 100644
index 000000000..a53cc5947
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_prf.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_prf cmac_prf
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef PRF_CMAC_H_
+#define PRF_CMAC_H_
+
+typedef struct cmac_prf_t cmac_prf_t;
+
+#include <crypto/prfs/prf.h>
+
+/**
+ * Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615.
+ *
+ * This simply wraps a cmac_t in a prf_t. More a question of
+ * interface matching.
+ */
+struct cmac_prf_t {
+
+	/**
+	 * Implements prf_t interface.
+	 */
+	prf_t prf;
+};
+
+/**
+ * Creates a new cmac_prf_t object.
+ *
+ * @param algo		algorithm to implement
+ * @return			cmac_prf_t object, NULL if hash not supported
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo);
+
+#endif /** PRF_CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.c b/src/libstrongswan/plugins/cmac/cmac_signer.c
new file mode 100644
index 000000000..82e8885d6
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_signer.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac_signer.h"
+#include "cmac.h"
+
+typedef struct private_cmac_signer_t private_cmac_signer_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_cmac_signer_t {
+
+	/**
+	 * Public interface.
+	 */
+	cmac_signer_t public;
+
+	/**
+	 * Assigned cmac function.
+	 */
+	cmac_t *cmac;
+
+	/**
+	 * Block size (truncation of CMAC MAC)
+	 */
+	size_t block_size;
+};
+
+METHOD(signer_t, get_signature, void,
+	private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer)
+{
+	if (buffer == NULL)
+	{	/* append mode */
+		this->cmac->get_mac(this->cmac, data, NULL);
+	}
+	else
+	{
+		u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+		this->cmac->get_mac(this->cmac, data, mac);
+		memcpy(buffer, mac, this->block_size);
+	}
+}
+
+METHOD(signer_t, allocate_signature, void,
+	private_cmac_signer_t *this, chunk_t data, chunk_t *chunk)
+{
+	if (chunk == NULL)
+	{	/* append mode */
+		this->cmac->get_mac(this->cmac, data, NULL);
+	}
+	else
+	{
+		u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+		this->cmac->get_mac(this->cmac, data, mac);
+
+		chunk->ptr = malloc(this->block_size);
+		chunk->len = this->block_size;
+
+		memcpy(chunk->ptr, mac, this->block_size);
+	}
+}
+
+METHOD(signer_t, verify_signature, bool,
+	private_cmac_signer_t *this, chunk_t data, chunk_t signature)
+{
+	u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+	if (signature.len != this->block_size)
+	{
+		return FALSE;
+	}
+
+	this->cmac->get_mac(this->cmac, data, mac);
+	return memeq(signature.ptr, mac, this->block_size);
+}
+
+METHOD(signer_t, get_key_size, size_t,
+	private_cmac_signer_t *this)
+{
+	return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(signer_t, get_block_size, size_t,
+	private_cmac_signer_t *this)
+{
+	return this->block_size;
+}
+
+METHOD(signer_t, set_key, void,
+	private_cmac_signer_t *this, chunk_t key)
+{
+	this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(signer_t, destroy, void,
+	private_cmac_signer_t *this)
+{
+	this->cmac->destroy(this->cmac);
+	free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo)
+{
+	private_cmac_signer_t *this;
+	size_t truncation;
+	cmac_t *cmac;
+
+	switch (algo)
+	{
+		case AUTH_AES_CMAC_96:
+			cmac = cmac_create(ENCR_AES_CBC, 16);
+			truncation = 12;
+			break;
+		default:
+			return NULL;
+	}
+	if (cmac == NULL)
+	{
+		return NULL;
+	}
+
+	INIT(this,
+		.public = {
+			.signer = {
+				.get_signature = _get_signature,
+				.allocate_signature = _allocate_signature,
+				.verify_signature = _verify_signature,
+				.get_key_size = _get_key_size,
+				.get_block_size = _get_block_size,
+				.set_key = _set_key,
+				.destroy = _destroy,
+			},
+		},
+		.cmac = cmac,
+		.block_size = min(truncation, cmac->get_block_size(cmac)),
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.h b/src/libstrongswan/plugins/cmac/cmac_signer.h
new file mode 100644
index 000000000..2e3724471
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_signer.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_signer cmac_signer
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_SIGNER_H_
+#define CMAC_SIGNER_H_
+
+typedef struct cmac_signer_t cmac_signer_t;
+
+#include <crypto/signers/signer.h>
+
+/**
+ * Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494.
+ */
+struct cmac_signer_t {
+
+	/**
+	 * Implements signer_t interface.
+	 */
+	signer_t signer;
+};
+
+/**
+ * Creates a new cmac_signer_t.
+ *
+ * @param algo		algorithm to implement
+ * @return			cmac_signer_t, NULL if  not supported
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo);
+
+#endif /** CMAC_SIGNER_H_ @}*/