Use centralized hasher names in openssl plugin
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_hmac.c
index 07f5f6b..5d05425 100644 (file)
 
 #include "openssl_hmac.h"
 
-#include <crypto/hmacs/hmac.h>
-#include <crypto/hmacs/hmac_prf.h>
-#include <crypto/hmacs/hmac_signer.h>
+#include <crypto/mac.h>
+#include <crypto/prfs/mac_prf.h>
+#include <crypto/signers/mac_signer.h>
 
-typedef struct private_hmac_t private_hmac_t;
+typedef struct private_mac_t private_mac_t;
 
 /**
- * Private data of a hmac_t object.
+ * Private data of a mac_t object.
  */
-struct private_hmac_t {
+struct private_mac_t {
 
        /**
         * Public interface
         */
-       hmac_t public;
+       mac_t public;
 
        /**
         * Hasher to use
@@ -65,64 +65,72 @@ struct private_hmac_t {
         * Current HMAC context
         */
        HMAC_CTX hmac;
-
-       /**
-        * Key
-        */
-       chunk_t key;
 };
 
-/**
- * Resets HMAC context
- */
-static void reset(private_hmac_t *this)
+METHOD(mac_t, set_key, bool,
+       private_mac_t *this, chunk_t key)
 {
-       HMAC_Init_ex(&this->hmac, this->key.ptr, this->key.len, this->hasher, NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+       return HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL);
+#else /* OPENSSL_VERSION_NUMBER < 1.0 */
+       HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL);
+       return TRUE;
+#endif
 }
 
-METHOD(hmac_t, get_mac, void,
-       private_hmac_t *this, chunk_t data, u_int8_t *out)
+METHOD(mac_t, get_mac, bool,
+       private_mac_t *this, chunk_t data, u_int8_t *out)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+       if (!HMAC_Update(&this->hmac, data.ptr, data.len))
+       {
+               return FALSE;
+       }
        if (out == NULL)
        {
-               HMAC_Update(&this->hmac, data.ptr, data.len);
+               return TRUE;
        }
-       else
+       if (!HMAC_Final(&this->hmac, out, NULL))
        {
-               HMAC_Update(&this->hmac, data.ptr, data.len);
-               HMAC_Final(&this->hmac, out, NULL);
-               reset(this);
+               return FALSE;
        }
+#else /* OPENSSL_VERSION_NUMBER < 1.0 */
+       HMAC_Update(&this->hmac, data.ptr, data.len);
+       if (out == NULL)
+       {
+               return TRUE;
+       }
+       HMAC_Final(&this->hmac, out, NULL);
+#endif
+       return set_key(this, chunk_empty);
 }
 
-METHOD(hmac_t, get_mac_size, size_t,
-       private_hmac_t *this)
+METHOD(mac_t, get_mac_size, size_t,
+       private_mac_t *this)
 {
        return EVP_MD_size(this->hasher);
 }
 
-METHOD(hmac_t, set_key, void,
-       private_hmac_t *this, chunk_t key)
-{
-       chunk_clear(&this->key);
-       this->key = chunk_clone(key);
-       reset(this);
-}
-
-METHOD(hmac_t, destroy, void,
-       private_hmac_t *this)
+METHOD(mac_t, destroy, void,
+       private_mac_t *this)
 {
        HMAC_CTX_cleanup(&this->hmac);
-       chunk_clear(&this->key);
        free(this);
 }
 
 /*
- * Create an OpenSSL-backed implementation of the hmac_t interface
+ * Create an OpenSSL-backed implementation of the mac_t interface
  */
-static hmac_t *hmac_create(hash_algorithm_t algo)
+static mac_t *hmac_create(hash_algorithm_t algo)
 {
-       private_hmac_t *this;
+       private_mac_t *this;
+       char *name;
+
+       name = enum_to_name(hash_algorithm_short_names, algo);
+       if (!name)
+       {
+               return NULL;
+       }
 
        INIT(this,
                .public = {
@@ -131,29 +139,9 @@ static hmac_t *hmac_create(hash_algorithm_t algo)
                        .set_key = _set_key,
                        .destroy = _destroy,
                },
+               .hasher = EVP_get_digestbyname(name),
        );
 
-       switch (algo)
-       {
-               case HASH_MD5:
-                       this->hasher = EVP_get_digestbyname("md5");
-                       break;
-               case HASH_SHA1:
-                       this->hasher = EVP_get_digestbyname("sha1");
-                       break;
-               case HASH_SHA256:
-                       this->hasher = EVP_get_digestbyname("sha256");
-                       break;
-               case HASH_SHA384:
-                       this->hasher = EVP_get_digestbyname("sha384");
-                       break;
-               case HASH_SHA512:
-                       this->hasher = EVP_get_digestbyname("sha512");
-                       break;
-               default:
-                       break;
-       }
-
        if (!this->hasher)
        {
                free(this);
@@ -161,6 +149,11 @@ static hmac_t *hmac_create(hash_algorithm_t algo)
        }
 
        HMAC_CTX_init(&this->hmac);
+       if (!set_key(this, chunk_empty))
+       {
+               destroy(this);
+               return NULL;
+       }
 
        return &this->public;
 }
@@ -170,31 +163,12 @@ static hmac_t *hmac_create(hash_algorithm_t algo)
  */
 prf_t *openssl_hmac_prf_create(pseudo_random_function_t algo)
 {
-       hmac_t *hmac = NULL;
+       mac_t *hmac;
 
-       switch (algo)
-       {
-               case PRF_HMAC_SHA1:
-                       hmac = hmac_create(HASH_SHA1);
-                       break;
-               case PRF_HMAC_MD5:
-                       hmac = hmac_create(HASH_MD5);
-                       break;
-               case PRF_HMAC_SHA2_256:
-                       hmac = hmac_create(HASH_SHA256);
-                       break;
-               case PRF_HMAC_SHA2_384:
-                       hmac = hmac_create(HASH_SHA384);
-                       break;
-               case PRF_HMAC_SHA2_512:
-                       hmac = hmac_create(HASH_SHA512);
-                       break;
-               default:
-                       break;
-       }
+       hmac = hmac_create(hasher_algorithm_from_prf(algo));
        if (hmac)
        {
-               return hmac_prf_create(hmac);
+               return mac_prf_create(hmac);
        }
        return NULL;
 }
@@ -204,59 +178,14 @@ prf_t *openssl_hmac_prf_create(pseudo_random_function_t algo)
  */
 signer_t *openssl_hmac_signer_create(integrity_algorithm_t algo)
 {
-       hmac_t *hmac = NULL;
-       size_t trunc = 0;
+       mac_t *hmac;
+       size_t trunc;
 
-       switch (algo)
-       {
-               case AUTH_HMAC_MD5_96:
-                       hmac = hmac_create(HASH_MD5);
-                       trunc = 12;
-                       break;
-               case AUTH_HMAC_MD5_128:
-                       hmac = hmac_create(HASH_MD5);
-                       trunc = 16;
-                       break;
-               case AUTH_HMAC_SHA1_96:
-                       hmac = hmac_create(HASH_SHA1);
-                       trunc = 12;
-                       break;
-               case AUTH_HMAC_SHA1_128:
-                       hmac = hmac_create(HASH_SHA1);
-                       trunc = 16;
-                       break;
-               case AUTH_HMAC_SHA1_160:
-                       hmac = hmac_create(HASH_SHA1);
-                       trunc = 20;
-                       break;
-               case AUTH_HMAC_SHA2_256_128:
-                       hmac = hmac_create(HASH_SHA256);
-                       trunc = 16;
-                       break;
-               case AUTH_HMAC_SHA2_256_256:
-                       hmac = hmac_create(HASH_SHA256);
-                       trunc = 32;
-                       break;
-               case AUTH_HMAC_SHA2_384_192:
-                       hmac = hmac_create(HASH_SHA384);
-                       trunc = 24;
-                       break;
-               case AUTH_HMAC_SHA2_384_384:
-                       hmac = hmac_create(HASH_SHA384);
-                       trunc = 48;
-                       break;
-               case AUTH_HMAC_SHA2_512_256:
-                       hmac = hmac_create(HASH_SHA512);
-                       trunc = 32;
-                       break;
-               default:
-                       break;
-       }
+       hmac = hmac_create(hasher_algorithm_from_integrity(algo, &trunc));
        if (hmac)
        {
-               return hmac_signer_create(hmac, trunc);
+               return mac_signer_create(hmac, trunc);
        }
        return NULL;
 }
 
-