Implemented AES-CMAC based PRF and signer.
authorTobias Brunner <tobias@strongswan.org>
Tue, 3 Apr 2012 08:40:47 +0000 (10:40 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 3 Apr 2012 08:40:47 +0000 (10:40 +0200)
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.

configure.in
src/libstrongswan/Makefile.am
src/libstrongswan/plugins/cmac/Makefile.am [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac.c [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac.h [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac_plugin.c [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac_plugin.h [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac_prf.c [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac_prf.h [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac_signer.c [new file with mode: 0644]
src/libstrongswan/plugins/cmac/cmac_signer.h [new file with mode: 0644]

index f0f41c0..5c65853 100644 (file)
@@ -97,6 +97,7 @@ ARG_DISBL_SET([pgp],            [disable PGP key decoding plugin.])
 ARG_DISBL_SET([dnskey],         [disable DNS RR key decoding plugin.])
 ARG_DISBL_SET([pem],            [disable PEM decoding plugin.])
 ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
+ARG_DISBL_SET([cmac],           [disable CMAC crypto implementation plugin.])
 ARG_DISBL_SET([xcbc],           [disable xcbc crypto implementation plugin.])
 ARG_ENABL_SET([af-alg],         [enable AF_ALG crypto interface to Linux Crypto API.])
 ARG_ENABL_SET([test-vectors],   [enable plugin providing crypto test vectors.])
@@ -833,6 +834,7 @@ ADD_PLUGIN([fips-prf],             [s libcharon])
 ADD_PLUGIN([gmp],                  [s libcharon pluto openac scepclient pki scripts manager medsrv attest])
 ADD_PLUGIN([agent],                [s libcharon])
 ADD_PLUGIN([xcbc],                 [s libcharon])
+ADD_PLUGIN([cmac],                 [s libcharon])
 ADD_PLUGIN([hmac],                 [s libcharon pluto scripts])
 ADD_PLUGIN([ctr],                  [s libcharon scripts])
 ADD_PLUGIN([ccm],                  [s libcharon scripts])
@@ -943,6 +945,7 @@ AM_CONDITIONAL(USE_PGP, test x$pgp = xtrue)
 AM_CONDITIONAL(USE_DNSKEY, test x$dnskey = xtrue)
 AM_CONDITIONAL(USE_PEM, test x$pem = xtrue)
 AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
+AM_CONDITIONAL(USE_CMAC, test x$cmac = xtrue)
 AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue)
 AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
 AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
@@ -1095,6 +1098,7 @@ AC_OUTPUT(
        src/include/Makefile
        src/libstrongswan/Makefile
        src/libstrongswan/plugins/aes/Makefile
+       src/libstrongswan/plugins/cmac/Makefile
        src/libstrongswan/plugins/des/Makefile
        src/libstrongswan/plugins/blowfish/Makefile
        src/libstrongswan/plugins/md4/Makefile
index d3c360b..7bb0812 100644 (file)
@@ -215,6 +215,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_CMAC
+  SUBDIRS += plugins/cmac
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/cmac/libstrongswan-cmac.la
+endif
+endif
+
 if USE_XCBC
   SUBDIRS += plugins/xcbc
 if MONOLITHIC
diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am
new file mode 100644 (file)
index 0000000..ce0104f
--- /dev/null
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-cmac.la
+else
+plugin_LTLIBRARIES = libstrongswan-cmac.la
+endif
+
+libstrongswan_cmac_la_SOURCES = \
+       cmac_plugin.h cmac_plugin.c cmac.h cmac.c \
+       cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c
+
+libstrongswan_cmac_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c
new file mode 100644 (file)
index 0000000..5ec7073
--- /dev/null
@@ -0,0 +1,321 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac.h"
+
+#include <debug.h>
+
+typedef struct private_cmac_t private_cmac_t;
+
+/**
+ * Private data of a cmac_t object.
+ *
+ * The variable names are the same as in the RFC.
+ */
+struct private_cmac_t {
+
+       /**
+        * Public interface.
+        */
+       cmac_t public;
+
+       /**
+        * Block size, in bytes
+        */
+       u_int8_t b;
+
+       /**
+        * Crypter with key K
+        */
+       crypter_t *k;
+
+       /**
+        * K1
+        */
+       u_int8_t *k1;
+
+       /**
+        * K2
+        */
+       u_int8_t *k2;
+
+       /**
+        * T
+        */
+       u_int8_t *t;
+
+       /**
+        * remaining, unprocessed bytes in append mode
+        */
+       u_int8_t *remaining;
+
+       /**
+        * number of bytes in remaining
+        */
+       int remaining_bytes;
+};
+
+/**
+ * process supplied data, but do not run final operation
+ */
+static void update(private_cmac_t *this, chunk_t data)
+{
+       chunk_t iv;
+
+       if (this->remaining_bytes + data.len <= this->b)
+       {       /* no complete block (or last block), just copy into remaining */
+               memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
+               this->remaining_bytes += data.len;
+               return;
+       }
+
+       iv = chunk_alloca(this->b);
+       memset(iv.ptr, 0, iv.len);
+
+       /* T := 0x00000000000000000000000000000000 (initially)
+        * for each block M_i (except the last)
+        *   X := T XOR M_i;
+        *   T := AES-128(K, X);
+        */
+
+       /* append data to remaining bytes, process block M_1 */
+       memcpy(this->remaining + this->remaining_bytes, data.ptr,
+                  this->b - this->remaining_bytes);
+       data = chunk_skip(data, this->b - this->remaining_bytes);
+       memxor(this->t, this->remaining, this->b);
+       this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+       /* process blocks M_2 ... M_n-1 */
+       while (data.len > this->b)
+       {
+               memcpy(this->remaining, data.ptr, this->b);
+               data = chunk_skip(data, this->b);
+               memxor(this->t, this->remaining, this->b);
+               this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+       }
+
+       /* store remaining bytes of block M_n */
+       memcpy(this->remaining, data.ptr, data.len);
+       this->remaining_bytes = data.len;
+}
+
+/**
+ * process last block M_last
+ */
+static void final(private_cmac_t *this, u_int8_t *out)
+{
+       chunk_t iv;
+
+       iv = chunk_alloca(this->b);
+       memset(iv.ptr, 0, iv.len);
+
+       /* if last block is complete
+        *   M_last := M_n XOR K1;
+        * else
+        *   M_last := padding(M_n) XOR K2;
+        */
+       if (this->remaining_bytes == this->b)
+       {
+               memxor(this->remaining, this->k1, this->b);
+       }
+       else
+       {
+               /* padding(x) = x || 10^i  where i is 128-8*r-1
+                * That is, padding(x) is the concatenation of x and a single '1',
+                * followed by the minimum number of '0's, so that the total length is
+                * equal to 128 bits.
+                */
+               if (this->remaining_bytes < this->b)
+               {
+                       this->remaining[this->remaining_bytes] = 0x80;
+                       while (++this->remaining_bytes < this->b)
+                       {
+                               this->remaining[this->remaining_bytes] = 0x00;
+                       }
+               }
+               memxor(this->remaining, this->k2, this->b);
+       }
+       /* T := M_last XOR T;
+        * T := AES-128(K,T);
+        */
+       memxor(this->t, this->remaining, this->b);
+       this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+       memcpy(out, this->t, this->b);
+
+       /* reset state */
+       memset(this->t, 0, this->b);
+       this->remaining_bytes = 0;
+}
+
+METHOD(cmac_t, get_mac, void,
+       private_cmac_t *this, chunk_t data, u_int8_t *out)
+{
+       /* update T, do not process last block */
+       update(this, data);
+
+       if (out)
+       {       /* if not in append mode, process last block and output result */
+               final(this, out);
+       }
+}
+
+METHOD(cmac_t, get_block_size, size_t,
+       private_cmac_t *this)
+{
+       return this->b;
+}
+
+/**
+ * Left-shift the given chunk by one bit.
+ */
+static void bit_shift(chunk_t chunk)
+{
+       size_t i;
+
+       for (i = 0; i < chunk.len; i++)
+       {
+               chunk.ptr[i] <<= 1;
+               if (i < chunk.len - 1 && chunk.ptr[i + 1] & 0x80)
+               {
+                       chunk.ptr[i] |= 0x01;
+               }
+       }
+}
+
+/**
+ * Apply the following key derivation (in-place):
+ * if MSB(C) == 0
+ *   C := C << 1
+ * else
+ *   C := (C << 1) XOR 0x00000000000000000000000000000087
+ */
+static void derive_key(chunk_t chunk)
+{
+       if (chunk.ptr[0] & 0x80)
+       {
+               chunk_t rb;
+
+               rb = chunk_alloca(chunk.len);
+               memset(rb.ptr, 0, rb.len);
+               rb.ptr[rb.len - 1] = 0x87;
+               bit_shift(chunk);
+               memxor(chunk.ptr, rb.ptr, chunk.len);
+       }
+       else
+       {
+               bit_shift(chunk);
+       }
+}
+
+METHOD(cmac_t, set_key, void,
+       private_cmac_t *this, chunk_t key)
+{
+       chunk_t resized, iv, l;
+
+       /* we support variable keys as defined in RFC 4615 */
+       if (key.len == this->b)
+       {
+               resized = key;
+       }
+       else
+       {       /* use cmac recursively to resize longer or shorter keys */
+               resized = chunk_alloca(this->b);
+               memset(resized.ptr, 0, resized.len);
+               set_key(this, resized);
+               get_mac(this, key, resized.ptr);
+       }
+
+       /*
+        * Rb = 0x00000000000000000000000000000087
+        * L = 0x00000000000000000000000000000000 encrypted with K
+        * if MSB(L) == 0
+        *   K1 = L << 1
+        * else
+        *   K1 = (L << 1) XOR Rb
+        * if MSB(K1) == 0
+        *   K2 = K1 << 1
+        * else
+        *   K2 = (K1 << 1) XOR Rb
+        */
+       iv = chunk_alloca(this->b);
+       memset(iv.ptr, 0, iv.len);
+       l = chunk_alloca(this->b);
+       memset(l.ptr, 0, l.len);
+       this->k->set_key(this->k, resized);
+       this->k->encrypt(this->k, l, iv, NULL);
+       derive_key(l);
+       memcpy(this->k1, l.ptr, l.len);
+       derive_key(l);
+       memcpy(this->k2, l.ptr, l.len);
+       memwipe(l.ptr, l.len);
+}
+
+METHOD(cmac_t, destroy, void,
+       private_cmac_t *this)
+{
+       this->k->destroy(this->k);
+       memwipe(this->k1, this->b);
+       free(this->k1);
+       memwipe(this->k2, this->b);
+       free(this->k2);
+       free(this->t);
+       free(this->remaining);
+       free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
+{
+       private_cmac_t *this;
+       crypter_t *crypter;
+       u_int8_t b;
+
+       crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
+       if (!crypter)
+       {
+               return NULL;
+       }
+       b = crypter->get_block_size(crypter);
+       /* input and output of crypter must be equal for cmac */
+       if (b != key_size)
+       {
+               crypter->destroy(crypter);
+               return NULL;
+       }
+
+       INIT(this,
+               .public = {
+                       .get_mac = _get_mac,
+                       .get_block_size = _get_block_size,
+                       .set_key = _set_key,
+                       .destroy = _destroy,
+               },
+               .b = b,
+               .k = crypter,
+               .k1 = malloc(b),
+               .k2 = malloc(b),
+               .t = malloc(b),
+               .remaining = malloc(b),
+       );
+       memset(this->t, 0, b);
+
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h
new file mode 100644 (file)
index 0000000..0616091
--- /dev/null
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac cmac
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_H_
+#define CMAC_H_
+
+#include <crypto/crypters/crypter.h>
+
+typedef struct cmac_t cmac_t;
+
+/**
+ * Cipher-based Message Authentication Code (CMAC).
+ *
+ * This class implements the message authentication algorithm
+ * described in RFC 4493.
+ */
+struct cmac_t {
+
+       /**
+        * Generate message authentication code.
+        *
+        * If buffer is NULL, no result is given back. A next call will
+        * append the data to already supplied data. If buffer is not NULL,
+        * the mac of all apended data is calculated, returned and the internal
+        * state is reset.
+        *
+        * @param data          chunk of data to authenticate
+        * @param buffer        pointer where the generated bytes will be written
+        */
+       void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer);
+
+       /**
+        * Get the block size of this cmac_t object.
+        *
+        * @return                      block size in bytes
+        */
+       size_t (*get_block_size) (cmac_t *this);
+
+       /**
+        * Set the key for this cmac_t object.
+        *
+        * @param key           key to set
+        */
+       void (*set_key) (cmac_t *this, chunk_t key);
+
+       /**
+        * Destroys a cmac_t object.
+        */
+       void (*destroy) (cmac_t *this);
+};
+
+/**
+ * Creates a new cmac_t object.
+ *
+ * @param algo                 underlying crypto algorithm
+ * @param key_size             key size to use, if required for algorithm
+ * @return                             cmac_t object, NULL if not supported
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c
new file mode 100644 (file)
index 0000000..5b42c50
--- /dev/null
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_plugin.h"
+
+#include <library.h>
+#include "cmac_prf.h"
+#include "cmac_signer.h"
+
+typedef struct private_cmac_plugin_t private_cmac_plugin_t;
+
+/**
+ * private data of cmac_plugin
+ */
+struct private_cmac_plugin_t {
+
+       /**
+        * public functions
+        */
+       cmac_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+       private_cmac_plugin_t *this)
+{
+       return "cmac";
+}
+
+METHOD(plugin_t, get_features, int,
+       private_cmac_plugin_t *this, plugin_feature_t *features[])
+{
+       static plugin_feature_t f[] = {
+               PLUGIN_REGISTER(PRF, cmac_prf_create),
+                       PLUGIN_PROVIDE(PRF, PRF_AES128_CMAC),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+               PLUGIN_REGISTER(SIGNER, cmac_signer_create),
+                       PLUGIN_PROVIDE(SIGNER, AUTH_AES_CMAC_96),
+                               PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+       };
+       *features = f;
+       return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+       private_cmac_plugin_t *this)
+{
+       free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *cmac_plugin_create()
+{
+       private_cmac_plugin_t *this;
+
+       INIT(this,
+               .public = {
+                       .plugin = {
+                               .get_name = _get_name,
+                               .get_features = _get_features,
+                               .destroy = _destroy,
+                       },
+               },
+       );
+
+       return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.h b/src/libstrongswan/plugins/cmac/cmac_plugin.h
new file mode 100644 (file)
index 0000000..a31e107
--- /dev/null
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_p cmac
+ * @ingroup plugins
+ *
+ * @defgroup cmac_plugin cmac_plugin
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_PLUGIN_H_
+#define CMAC_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct cmac_plugin_t cmac_plugin_t;
+
+/**
+ * Plugin implementing CMAC algorithm to provide crypter based PRF and signer.
+ */
+struct cmac_plugin_t {
+
+       /**
+        * implements plugin interface
+        */
+       plugin_t plugin;
+};
+
+#endif /** CMAC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.c b/src/libstrongswan/plugins/cmac/cmac_prf.c
new file mode 100644 (file)
index 0000000..17affe4
--- /dev/null
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_prf.h"
+
+#include "cmac.h"
+
+typedef struct private_cmac_prf_t private_cmac_prf_t;
+
+/**
+ * Private data of a cmac_prf_t object.
+ */
+struct private_cmac_prf_t {
+
+       /**
+        * Public cmac_prf_t interface.
+        */
+       cmac_prf_t public;
+
+       /**
+        * cmac to use for generation.
+        */
+       cmac_t *cmac;
+};
+
+METHOD(prf_t, get_bytes, void,
+       private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
+{
+       this->cmac->get_mac(this->cmac, seed, buffer);
+}
+
+METHOD(prf_t, allocate_bytes, void,
+       private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk)
+{
+       if (chunk)
+       {
+               *chunk = chunk_alloc(this->cmac->get_block_size(this->cmac));
+               get_bytes(this, seed, chunk->ptr);
+       }
+       else
+       {
+               get_bytes(this, seed, NULL);
+       }
+}
+
+METHOD(prf_t, get_block_size, size_t,
+       private_cmac_prf_t *this)
+{
+       return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, get_key_size, size_t,
+       private_cmac_prf_t *this)
+{
+       /* in cmac, block and key size are always equal */
+       return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, set_key, void,
+       private_cmac_prf_t *this, chunk_t key)
+{
+       this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(prf_t, destroy, void,
+       private_cmac_prf_t *this)
+{
+       this->cmac->destroy(this->cmac);
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo)
+{
+       private_cmac_prf_t *this;
+       cmac_t *cmac;
+
+       switch (algo)
+       {
+               case PRF_AES128_CMAC:
+                       cmac = cmac_create(ENCR_AES_CBC, 16);
+                       break;
+               default:
+                       return NULL;
+       }
+       if (!cmac)
+       {
+               return NULL;
+       }
+
+       INIT(this,
+               .public = {
+                       .prf = {
+                               .get_bytes = _get_bytes,
+                               .allocate_bytes = _allocate_bytes,
+                               .get_block_size = _get_block_size,
+                               .get_key_size = _get_key_size,
+                               .set_key = _set_key,
+                               .destroy = _destroy,
+                       },
+               },
+               .cmac = cmac,
+       );
+
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.h b/src/libstrongswan/plugins/cmac/cmac_prf.h
new file mode 100644 (file)
index 0000000..a53cc59
--- /dev/null
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_prf cmac_prf
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef PRF_CMAC_H_
+#define PRF_CMAC_H_
+
+typedef struct cmac_prf_t cmac_prf_t;
+
+#include <crypto/prfs/prf.h>
+
+/**
+ * Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615.
+ *
+ * This simply wraps a cmac_t in a prf_t. More a question of
+ * interface matching.
+ */
+struct cmac_prf_t {
+
+       /**
+        * Implements prf_t interface.
+        */
+       prf_t prf;
+};
+
+/**
+ * Creates a new cmac_prf_t object.
+ *
+ * @param algo         algorithm to implement
+ * @return                     cmac_prf_t object, NULL if hash not supported
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo);
+
+#endif /** PRF_CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.c b/src/libstrongswan/plugins/cmac/cmac_signer.c
new file mode 100644 (file)
index 0000000..82e8885
--- /dev/null
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac_signer.h"
+#include "cmac.h"
+
+typedef struct private_cmac_signer_t private_cmac_signer_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_cmac_signer_t {
+
+       /**
+        * Public interface.
+        */
+       cmac_signer_t public;
+
+       /**
+        * Assigned cmac function.
+        */
+       cmac_t *cmac;
+
+       /**
+        * Block size (truncation of CMAC MAC)
+        */
+       size_t block_size;
+};
+
+METHOD(signer_t, get_signature, void,
+       private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer)
+{
+       if (buffer == NULL)
+       {       /* append mode */
+               this->cmac->get_mac(this->cmac, data, NULL);
+       }
+       else
+       {
+               u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+               this->cmac->get_mac(this->cmac, data, mac);
+               memcpy(buffer, mac, this->block_size);
+       }
+}
+
+METHOD(signer_t, allocate_signature, void,
+       private_cmac_signer_t *this, chunk_t data, chunk_t *chunk)
+{
+       if (chunk == NULL)
+       {       /* append mode */
+               this->cmac->get_mac(this->cmac, data, NULL);
+       }
+       else
+       {
+               u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+               this->cmac->get_mac(this->cmac, data, mac);
+
+               chunk->ptr = malloc(this->block_size);
+               chunk->len = this->block_size;
+
+               memcpy(chunk->ptr, mac, this->block_size);
+       }
+}
+
+METHOD(signer_t, verify_signature, bool,
+       private_cmac_signer_t *this, chunk_t data, chunk_t signature)
+{
+       u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+       if (signature.len != this->block_size)
+       {
+               return FALSE;
+       }
+
+       this->cmac->get_mac(this->cmac, data, mac);
+       return memeq(signature.ptr, mac, this->block_size);
+}
+
+METHOD(signer_t, get_key_size, size_t,
+       private_cmac_signer_t *this)
+{
+       return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(signer_t, get_block_size, size_t,
+       private_cmac_signer_t *this)
+{
+       return this->block_size;
+}
+
+METHOD(signer_t, set_key, void,
+       private_cmac_signer_t *this, chunk_t key)
+{
+       this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(signer_t, destroy, void,
+       private_cmac_signer_t *this)
+{
+       this->cmac->destroy(this->cmac);
+       free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo)
+{
+       private_cmac_signer_t *this;
+       size_t truncation;
+       cmac_t *cmac;
+
+       switch (algo)
+       {
+               case AUTH_AES_CMAC_96:
+                       cmac = cmac_create(ENCR_AES_CBC, 16);
+                       truncation = 12;
+                       break;
+               default:
+                       return NULL;
+       }
+       if (cmac == NULL)
+       {
+               return NULL;
+       }
+
+       INIT(this,
+               .public = {
+                       .signer = {
+                               .get_signature = _get_signature,
+                               .allocate_signature = _allocate_signature,
+                               .verify_signature = _verify_signature,
+                               .get_key_size = _get_key_size,
+                               .get_block_size = _get_block_size,
+                               .set_key = _set_key,
+                               .destroy = _destroy,
+                       },
+               },
+               .cmac = cmac,
+               .block_size = min(truncation, cmac->get_block_size(cmac)),
+       );
+
+       return &this->public;
+}
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.h b/src/libstrongswan/plugins/cmac/cmac_signer.h
new file mode 100644 (file)
index 0000000..2e37244
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_signer cmac_signer
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_SIGNER_H_
+#define CMAC_SIGNER_H_
+
+typedef struct cmac_signer_t cmac_signer_t;
+
+#include <crypto/signers/signer.h>
+
+/**
+ * Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494.
+ */
+struct cmac_signer_t {
+
+       /**
+        * Implements signer_t interface.
+        */
+       signer_t signer;
+};
+
+/**
+ * Creates a new cmac_signer_t.
+ *
+ * @param algo         algorithm to implement
+ * @return                     cmac_signer_t, NULL if  not supported
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo);
+
+#endif /** CMAC_SIGNER_H_ @}*/