Test append mode for signers verify_signature
authorMartin Willi <martin@revosec.ch>
Tue, 17 Aug 2010 08:12:20 +0000 (10:12 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 19 Aug 2010 10:35:53 +0000 (12:35 +0200)
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/signers/signer.h

index 13e186a..a5434cf 100644 (file)
@@ -361,11 +361,10 @@ METHOD(crypto_tester_t, test_signer, bool,
                /* signature to existing buffer, using append mode */
                if (data.len > 2)
                {
-                       memset(mac.ptr, 0, mac.len);
                        signer->allocate_signature(signer, chunk_create(data.ptr, 1), NULL);
                        signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
-                       signer->get_signature(signer, chunk_skip(data, 2), mac.ptr);
-                       if (!memeq(vector->mac, mac.ptr, mac.len))
+                       if (!signer->verify_signature(signer, chunk_skip(data, 2),
+                                                                                 chunk_create(vector->mac, mac.len)))
                        {
                                failed = TRUE;
                        }
index 17bd0f8..0304c61 100644 (file)
@@ -106,6 +106,10 @@ struct signer_t {
        /**
         * Verify a signature.
         *
+        * To verify a signature of multiple chunks of data, pass the
+        * data to get_signature() with a NULL buffer. verify_signature() acts
+        * as a final call and includes all data fed to get_signature().
+        *
         * @param data          a chunk containing the data to verify
         * @param signature     a chunk containing the signature
         * @return                      TRUE, if signature is valid, FALSE otherwise