build checksums for charon plugins
[strongswan.git] / src / libstrongswan / fips / fips.c
1 /*
2 * Copyright (C) 2007 Bruno Krieg, Daniel Wydler
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <stdio.h>
17
18 #include <debug.h>
19 #include <crypto/signers/signer.h>
20 #include "fips.h"
21
22 extern const u_char FIPS_rodata_start[];
23 extern const u_char FIPS_rodata_end[];
24 extern const void *FIPS_text_start();
25 extern const void *FIPS_text_end();
26
27 /**
28 * Described in header
29 */
30 bool fips_compute_hmac_signature(const char *key, char *signature)
31 {
32 u_char *text_start = (u_char *)FIPS_text_start();
33 u_char *text_end = (u_char *)FIPS_text_end();
34 size_t text_len, rodata_len;
35 signer_t *signer;
36
37 if (text_start > text_end)
38 {
39 DBG1(" TEXT start (%p) > TEXT end (%p",
40 text_start, text_end);
41 return FALSE;
42 }
43 text_len = text_end - text_start;
44 DBG1(" TEXT: %p + %6d = %p",
45 text_start, (int)text_len, text_end);
46
47 if (FIPS_rodata_start > FIPS_rodata_end)
48 {
49 DBG1(" RODATA start (%p) > RODATA end (%p",
50 FIPS_rodata_start, FIPS_rodata_end);
51 return FALSE;
52 }
53 rodata_len = FIPS_rodata_end - FIPS_rodata_start;
54 DBG1(" RODATA: %p + %6d = %p",
55 FIPS_rodata_start, (int)rodata_len, FIPS_rodata_end);
56
57 signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128);
58 if (signer == NULL)
59 {
60 DBG1(" SHA-1 HMAC signer could not be created");
61 return FALSE;
62 }
63 else
64 {
65 chunk_t hmac_key = { (u_char *)key, strlen(key) };
66 chunk_t text_chunk = { text_start, text_len };
67 chunk_t rodata_chunk = { (u_char *)FIPS_rodata_start, rodata_len };
68 chunk_t signature_chunk = chunk_empty;
69
70 signer->set_key(signer, hmac_key);
71 signer->allocate_signature(signer, text_chunk, NULL);
72 signer->allocate_signature(signer, rodata_chunk, &signature_chunk);
73 signer->destroy(signer);
74
75 sprintf(signature, "%#B", &signature_chunk);
76 DBG1(" SHA-1 HMAC key: %s", key);
77 DBG1(" SHA-1 HMAC sig: %s", signature);
78 free(signature_chunk.ptr);
79 return TRUE;
80 }
81 }
82
83 /**
84 * Described in header
85 */
86 bool fips_verify_hmac_signature(const char *key,
87 const char *signature)
88 {
89 char current_signature[BUF_LEN];
90
91 if (!fips_compute_hmac_signature(key, current_signature))
92 {
93 return FALSE;
94 }
95 return streq(signature, current_signature);
96 }