The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
[strongswan.git] / src / libstrongswan / fips / fips.c
index d97e51c..6701e1f 100644 (file)
@@ -1,10 +1,3 @@
-/**
- * @file fips.c
- * 
- * @brief Implementation of the libstrongswan integrity test.
- * 
- */
-
 /*
  * Copyright (C) 2007 Bruno Krieg, Daniel Wydler
  * Hochschule fuer Technik Rapperswil
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id$
  */
 
-#include "fips.h"
+#include <stdio.h>
+
 #include <debug.h>
 #include <crypto/signers/hmac_signer.h>
+#include "fips.h"
 
 extern const u_char FIPS_rodata_start[];
 extern const u_char FIPS_rodata_end[];
@@ -36,8 +33,7 @@ bool fips_compute_hmac_signature(const char *key, char *signature)
 {
        u_char *text_start = (u_char *)FIPS_text_start();
        u_char *text_end   = (u_char *)FIPS_text_end();
-       size_t text_len;
-       size_t rodata_len;
+       size_t text_len, rodata_len;
        signer_t *signer;
 
        if (text_start > text_end)
@@ -46,7 +42,7 @@ bool fips_compute_hmac_signature(const char *key, char *signature)
                                text_start, text_end);
                return FALSE;
        }
-       text_len = (size_t)text_end - (size_t)text_start;
+       text_len = text_end - text_start;
     DBG1("  TEXT:   %p + %6d = %p",
                        text_start, (int)text_len, text_end);
 
@@ -56,7 +52,7 @@ bool fips_compute_hmac_signature(const char *key, char *signature)
                                FIPS_rodata_start, FIPS_rodata_end);
                return FALSE;
        }
-       rodata_len = (size_t)FIPS_rodata_end - (size_t)FIPS_rodata_start;
+       rodata_len = FIPS_rodata_end - FIPS_rodata_start;
     DBG1("  RODATA: %p + %6d = %p",
                        FIPS_rodata_start, (int)rodata_len, FIPS_rodata_end);
 
@@ -74,8 +70,8 @@ bool fips_compute_hmac_signature(const char *key, char *signature)
                chunk_t signature_chunk = chunk_empty;
 
                signer->set_key(signer, hmac_key);
-               /* TODO include rodata_chunk in HMAC */
-               signer->allocate_signature(signer, text_chunk, &signature_chunk);
+               signer->allocate_signature(signer, text_chunk, NULL);
+               signer->allocate_signature(signer, rodata_chunk, &signature_chunk);
                signer->destroy(signer);
 
                sprintf(signature, "%#B", &signature_chunk);