changed interface of fips_verify_hmac_signature

diff --git a/src/charon/daemon.c b/src/charon/daemon.c
index 5193c91..79ba39e 100644 (file)
--- a/src/charon/daemon.c
+++ b/src/charon/daemon.c
@@ -296,7 +296,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 
 #ifdef INTEGRITY_TEST
        DBG1(DBG_DMN, "integrity check of libstrongswan code");
-       if (fips_verify_hmac_signature(hmac_signature, hmac_key) != SUCCESS)
+       if (fips_verify_hmac_signature(hmac_key, hmac_signature) != SUCCESS)
        {
                DBG1(DBG_DMN, "  integrity check failed");
                return FALSE;

diff --git a/src/libstrongswan/fips/fips.c b/src/libstrongswan/fips/fips.c
index 121b708..1e8950d 100644 (file)
--- a/src/libstrongswan/fips/fips.c
+++ b/src/libstrongswan/fips/fips.c
@@ -40,28 +40,30 @@ char* fips_compute_hmac_signature(const char *key)
 
     DBG1("  TEXT:   %p + %6d = %p",
                 FIPS_text_start(),
-               (int)( (size_t)FIPS_text_end() - (size_t)FIPS_text_start() ),
-               FIPS_text_end());
+                (int)( (size_t)FIPS_text_end() - (size_t)FIPS_text_start() ),
+                FIPS_text_end());
     DBG1("  RODATA: %p + %6d = %p",
-               FIPS_rodata_start,
-        (int)( (size_t)FIPS_rodata_end - (size_t)FIPS_rodata_start ),
-        FIPS_rodata_end);
+                FIPS_rodata_start,
+                (int)( (size_t)FIPS_rodata_end - (size_t)FIPS_rodata_start ),
+                FIPS_rodata_end);
 
        if (signer == NULL)
        {
-           DBG1("  fips hmac signer could not be created");
+           DBG1("  sha-1 hmac_signer could not be created");
                return NULL;
        }
        signer->signer_interface.set_key((signer_t *)signer, hmac_key);
        signer->signer_interface.destroy((signer_t *)signer);
+
+       /* TODO compute a HMAC over two separate chunks */
        return strdup("01020304050607080901011121314151617181920");
 }
 
 /**
  * Described in header
  */
-status_t fips_verify_hmac_signature(const char *signature,
-                                                                       const char *key)
+status_t fips_verify_hmac_signature(const char *key,
+                                                                       const char *signature)
 {
        status_t status;
        char *current_signature = fips_compute_hmac_signature(key);

diff --git a/src/libstrongswan/fips/fips.h b/src/libstrongswan/fips/fips.h
index bda1c82..e91d5e4 100644 (file)
--- a/src/libstrongswan/fips/fips.h
+++ b/src/libstrongswan/fips/fips.h
@@ -27,20 +27,20 @@
 #include <library.h>
 
 /**
- * @brief compute SHA-1 HMAC signature over RODATA and TEXT sections of libstrongswan
+ * @brief compute HMAC signature over RODATA and TEXT sections of libstrongswan
  *
- * @param  key         key used for SHA-1 HMAC signature in string format
- * @return             SHA-1 HMAC signature in HEX format
+ * @param  key         key used for HMAC signature in ASCII string format
+ * @return             HMAC signature in HEX string format
  */
 char* fips_compute_hmac_signature(const char *key);
 
 /**
  * @brief verify HMAC signature over RODATA and TEXT sections of libstrongswan
  *
- * @param  signature   signature value from fips_hmac.h in HEX format
- * @param  key         key used for SHA-1 HMAC signature in string format
+ * @param  key         key used for HMAC signature in ASCII string format
+ * @param  signature   signature value from fips_signature.h in HEX string format
  * @return             SUCCESS if signatures agree
  */
-status_t fips_verify_hmac_signature(const char *signature, const char *key);
+status_t fips_verify_hmac_signature(const char *key, const char *signature);
 
 #endif /*FIPS_H_*/