signers implemented with HMAC now support NULL output parameters
[strongswan.git] / src / libstrongswan / crypto / signers / hmac_signer.c
1 /**
2 * @file hmac_signer.c
3 *
4 * @brief Implementation of hmac_signer_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2006 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #include <string.h>
25
26 #include "hmac_signer.h"
27
28 #include <crypto/prfs/hmac_prf.h>
29
30 typedef struct private_hmac_signer_t private_hmac_signer_t;
31
32 /**
33 * Private data structure with signing context.
34 */
35 struct private_hmac_signer_t {
36 /**
37 * Public interface of hmac_signer_t.
38 */
39 hmac_signer_t public;
40
41 /**
42 * Assigned hmac function.
43 */
44 prf_t *hmac_prf;
45
46 /**
47 * Block size (truncation of HMAC Hash)
48 */
49 size_t block_size;
50 };
51
52 /**
53 * Implementation of signer_t.get_signature.
54 */
55 static void get_signature(private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
56 {
57 if (buffer == NULL)
58 { /* append mode */
59 this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
60 }
61 else
62 {
63 u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
64
65 this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
66 memcpy(buffer, full_mac, this->block_size);
67 }
68 }
69
70 /**
71 * Implementation of signer_t.allocate_signature.
72 */
73 static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
74 {
75 if (chunk == NULL)
76 { /* append mode */
77 this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
78 }
79 else
80 {
81 chunk_t signature;
82 u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
83
84 this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
85
86 signature.ptr = malloc(this->block_size);
87 signature.len = this->block_size;
88
89 memcpy(signature.ptr, full_mac, this->block_size);
90
91 *chunk = signature;
92 }
93 }
94
95 /**
96 * Implementation of signer_t.verify_signature.
97 */
98 static bool verify_signature(private_hmac_signer_t *this, chunk_t data, chunk_t signature)
99 {
100 u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
101
102 this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
103
104 if (signature.len != this->block_size)
105 {
106 return FALSE;
107 }
108
109 /* compare mac aka signature :-) */
110 if (memcmp(signature.ptr, full_mac, this->block_size) == 0)
111 {
112 return TRUE;
113 }
114 else
115 {
116 return FALSE;
117 }
118 }
119
120 /**
121 * Implementation of signer_t.get_key_size.
122 */
123 static size_t get_key_size(private_hmac_signer_t *this)
124 {
125 /* for HMAC signer, IKEv2 uses block size as key size */
126 return this->hmac_prf->get_block_size(this->hmac_prf);
127 }
128
129 /**
130 * Implementation of signer_t.get_block_size.
131 */
132 static size_t get_block_size(private_hmac_signer_t *this)
133 {
134 return this->block_size;
135 }
136
137 /**
138 * Implementation of signer_t.set_key.
139 */
140 static void set_key(private_hmac_signer_t *this, chunk_t key)
141 {
142 this->hmac_prf->set_key(this->hmac_prf, key);
143 }
144
145 /**
146 * Implementation of signer_t.destroy.
147 */
148 static status_t destroy(private_hmac_signer_t *this)
149 {
150 this->hmac_prf->destroy(this->hmac_prf);
151 free(this);
152 return SUCCESS;
153 }
154
155 /*
156 * Described in header
157 */
158 hmac_signer_t *hmac_signer_create(hash_algorithm_t hash_algoritm, size_t block_size)
159 {
160 size_t hmac_block_size;
161 private_hmac_signer_t *this = malloc_thing(private_hmac_signer_t);
162
163 this->hmac_prf = (prf_t *) hmac_prf_create(hash_algoritm);
164 if (this->hmac_prf == NULL)
165 {
166 /* algorithm not supported */
167 free(this);
168 return NULL;
169 }
170
171 /* prevent invalid truncation */
172 hmac_block_size = this->hmac_prf->get_block_size(this->hmac_prf);
173 this->block_size = min(block_size, hmac_block_size);
174
175 /* interface functions */
176 this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
177 this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
178 this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
179 this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
180 this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
181 this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
182 this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
183
184 return &(this->public);
185 }