#ifdef INTEGRITY_TEST
DBG1(DBG_DMN, "integrity check of libstrongswan code");
- if (fips_verify_hmac_signature(hmac_signature, hmac_key) != SUCCESS)
+ if (fips_verify_hmac_signature(hmac_key, hmac_signature) != SUCCESS)
{
DBG1(DBG_DMN, " integrity check failed");
return FALSE;
DBG1(" TEXT: %p + %6d = %p",
FIPS_text_start(),
- (int)( (size_t)FIPS_text_end() - (size_t)FIPS_text_start() ),
- FIPS_text_end());
+ (int)( (size_t)FIPS_text_end() - (size_t)FIPS_text_start() ),
+ FIPS_text_end());
DBG1(" RODATA: %p + %6d = %p",
- FIPS_rodata_start,
- (int)( (size_t)FIPS_rodata_end - (size_t)FIPS_rodata_start ),
- FIPS_rodata_end);
+ FIPS_rodata_start,
+ (int)( (size_t)FIPS_rodata_end - (size_t)FIPS_rodata_start ),
+ FIPS_rodata_end);
if (signer == NULL)
{
- DBG1(" fips hmac signer could not be created");
+ DBG1(" sha-1 hmac_signer could not be created");
return NULL;
}
signer->signer_interface.set_key((signer_t *)signer, hmac_key);
signer->signer_interface.destroy((signer_t *)signer);
+
+ /* TODO compute a HMAC over two separate chunks */
return strdup("01020304050607080901011121314151617181920");
}
/**
* Described in header
*/
-status_t fips_verify_hmac_signature(const char *signature,
- const char *key)
+status_t fips_verify_hmac_signature(const char *key,
+ const char *signature)
{
status_t status;
char *current_signature = fips_compute_hmac_signature(key);
#include <library.h>
/**
- * @brief compute SHA-1 HMAC signature over RODATA and TEXT sections of libstrongswan
+ * @brief compute HMAC signature over RODATA and TEXT sections of libstrongswan
*
- * @param key key used for SHA-1 HMAC signature in string format
- * @return SHA-1 HMAC signature in HEX format
+ * @param key key used for HMAC signature in ASCII string format
+ * @return HMAC signature in HEX string format
*/
char* fips_compute_hmac_signature(const char *key);
/**
* @brief verify HMAC signature over RODATA and TEXT sections of libstrongswan
*
- * @param signature signature value from fips_hmac.h in HEX format
- * @param key key used for SHA-1 HMAC signature in string format
+ * @param key key used for HMAC signature in ASCII string format
+ * @param signature signature value from fips_signature.h in HEX string format
* @return SUCCESS if signatures agree
*/
-status_t fips_verify_hmac_signature(const char *signature, const char *key);
+status_t fips_verify_hmac_signature(const char *key, const char *signature);
#endif /*FIPS_H_*/