Add features support to af_alg plugin
[strongswan.git] / src / libstrongswan / plugins / af_alg / af_alg_signer.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "af_alg_signer.h"
17 #include "af_alg_ops.h"
18
19 typedef struct private_af_alg_signer_t private_af_alg_signer_t;
20
21 /**
22 * Private data structure with signing context.
23 */
24 struct private_af_alg_signer_t {
25
26 /**
27 * Public interface of af_alg_signer_t.
28 */
29 af_alg_signer_t public;
30
31 /**
32 * AF_ALG operations
33 */
34 af_alg_ops_t *ops;
35
36 /**
37 * Size of the truncated signature
38 */
39 size_t block_size;
40
41 /**
42 * Default key size
43 */
44 size_t key_size;
45 };
46
47 /**
48 * Algorithm database
49 */
50 static struct {
51 integrity_algorithm_t id;
52 char *name;
53 size_t block_size;
54 size_t key_size;
55 } algs[AF_ALG_SIGNER] = {
56 {AUTH_HMAC_SHA1_96, "hmac(sha1)", 12, 20, },
57 {AUTH_HMAC_SHA1_128, "hmac(sha1)", 16, 20, },
58 {AUTH_HMAC_SHA1_160, "hmac(sha1)", 20, 20, },
59 {AUTH_HMAC_SHA2_256_96, "hmac(sha256)", 12, 32, },
60 {AUTH_HMAC_SHA2_256_128, "hmac(sha256)", 16, 32, },
61 {AUTH_HMAC_MD5_96, "hmac(md5)", 12, 16, },
62 {AUTH_HMAC_MD5_128, "hmac(md5)", 16, 16, },
63 {AUTH_HMAC_SHA2_256_256, "hmac(sha384)", 32, 32, },
64 {AUTH_HMAC_SHA2_384_192, "hmac(sha384)", 24, 48, },
65 {AUTH_HMAC_SHA2_384_384, "hmac(sha384)", 48, 48, },
66 {AUTH_HMAC_SHA2_512_256, "hmac(sha512)", 32, 64, },
67 {AUTH_AES_XCBC_96, "xcbc(aes)", 12, 16, },
68 {AUTH_CAMELLIA_XCBC_96, "xcbc(camellia)", 12, 16, },
69 };
70
71 /**
72 * See header.
73 */
74 void af_alg_signer_probe(plugin_feature_t *features, int *pos)
75 {
76 af_alg_ops_t *ops;
77 int i;
78
79 for (i = 0; i < countof(algs); i++)
80 {
81 ops = af_alg_ops_create("hash", algs[i].name);
82 if (ops)
83 {
84 ops->destroy(ops);
85 features[(*pos)++] = PLUGIN_PROVIDE(SIGNER, algs[i].id);
86 }
87 }
88 }
89
90 /**
91 * Get the kernel algorithm string and block/key size for our identifier
92 */
93 static size_t lookup_alg(integrity_algorithm_t algo, char **name,
94 size_t *key_size)
95 {
96 int i;
97
98 for (i = 0; i < countof(algs); i++)
99 {
100 if (algs[i].id == algo)
101 {
102 *name = algs[i].name;
103 *key_size = algs[i].key_size;
104 return algs[i].block_size;
105 }
106 }
107 return 0;
108 }
109
110 METHOD(signer_t, get_signature, void,
111 private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer)
112 {
113 this->ops->hash(this->ops, data, buffer, this->block_size);
114 }
115
116 METHOD(signer_t, allocate_signature, void,
117 private_af_alg_signer_t *this, chunk_t data, chunk_t *chunk)
118 {
119 if (chunk)
120 {
121 *chunk = chunk_alloc(this->block_size);
122 get_signature(this, data, chunk->ptr);
123 }
124 else
125 {
126 get_signature(this, data, NULL);
127 }
128 }
129
130 METHOD(signer_t, verify_signature, bool,
131 private_af_alg_signer_t *this, chunk_t data, chunk_t signature)
132 {
133 char sig[this->block_size];
134
135 if (signature.len != this->block_size)
136 {
137 return FALSE;
138 }
139 get_signature(this, data, sig);
140 return memeq(signature.ptr, sig, signature.len);
141 }
142
143 METHOD(signer_t, get_key_size, size_t,
144 private_af_alg_signer_t *this)
145 {
146 return this->key_size;
147 }
148
149 METHOD(signer_t, get_block_size, size_t,
150 private_af_alg_signer_t *this)
151 {
152 return this->block_size;
153 }
154
155 METHOD(signer_t, set_key, void,
156 private_af_alg_signer_t *this, chunk_t key)
157 {
158 this->ops->set_key(this->ops, key);
159 }
160
161 METHOD(signer_t, destroy, void,
162 private_af_alg_signer_t *this)
163 {
164 this->ops->destroy(this->ops);
165 free(this);
166 }
167
168 /*
169 * Described in header
170 */
171 af_alg_signer_t *af_alg_signer_create(integrity_algorithm_t algo)
172 {
173 private_af_alg_signer_t *this;
174 size_t block_size, key_size;
175 char *name;
176
177 block_size = lookup_alg(algo, &name, &key_size);
178 if (!block_size)
179 { /* not supported by kernel */
180 return NULL;
181 }
182
183 INIT(this,
184 .public = {
185 .signer = {
186 .get_signature = _get_signature,
187 .allocate_signature = _allocate_signature,
188 .verify_signature = _verify_signature,
189 .get_key_size = _get_key_size,
190 .get_block_size = _get_block_size,
191 .set_key = _set_key,
192 .destroy = _destroy,
193 },
194 },
195 .ops = af_alg_ops_create("hash", name),
196 .block_size = block_size,
197 .key_size = key_size,
198 );
199 if (!this->ops)
200 {
201 free(this);
202 return NULL;
203 }
204 return &this->public;
205 }