mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
Use mac_t and PRF and signer wrappers in cmac plugin
This commit is contained in:
Tobias Brunner
parent
83cb52b044
commit
738b9121cb
@ -10,7 +10,6 @@ plugin_LTLIBRARIES = libstrongswan-cmac.la
|
||||
endif
|
||||
|
||||
libstrongswan_cmac_la_SOURCES = \
|
||||
cmac_plugin.h cmac_plugin.c cmac.h cmac.c \
|
||||
cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c
|
||||
cmac_plugin.h cmac_plugin.c cmac.h cmac.c
|
||||
|
||||
libstrongswan_cmac_la_LDFLAGS = -module -avoid-version
|
||||
|
||||
@ -18,20 +18,23 @@
|
||||
#include "cmac.h"
|
||||
|
||||
#include <debug.h>
|
||||
#include <crypto/mac.h>
|
||||
#include <crypto/prfs/mac_prf.h>
|
||||
#include <crypto/signers/mac_signer.h>
|
||||
|
||||
typedef struct private_cmac_t private_cmac_t;
|
||||
typedef struct private_mac_t private_mac_t;
|
||||
|
||||
/**
|
||||
* Private data of a cmac_t object.
|
||||
* Private data of a mac_t object.
|
||||
*
|
||||
* The variable names are the same as in the RFC.
|
||||
*/
|
||||
struct private_cmac_t {
|
||||
struct private_mac_t {
|
||||
|
||||
/**
|
||||
* Public interface.
|
||||
*/
|
||||
cmac_t public;
|
||||
mac_t public;
|
||||
|
||||
/**
|
||||
* Block size, in bytes
|
||||
@ -72,7 +75,7 @@ struct private_cmac_t {
|
||||
/**
|
||||
* process supplied data, but do not run final operation
|
||||
*/
|
||||
static void update(private_cmac_t *this, chunk_t data)
|
||||
static void update(private_mac_t *this, chunk_t data)
|
||||
{
|
||||
chunk_t iv;
|
||||
|
||||
@ -116,7 +119,7 @@ static void update(private_cmac_t *this, chunk_t data)
|
||||
/**
|
||||
* process last block M_last
|
||||
*/
|
||||
static void final(private_cmac_t *this, u_int8_t *out)
|
||||
static void final(private_mac_t *this, u_int8_t *out)
|
||||
{
|
||||
chunk_t iv;
|
||||
|
||||
@ -162,8 +165,8 @@ static void final(private_cmac_t *this, u_int8_t *out)
|
||||
this->remaining_bytes = 0;
|
||||
}
|
||||
|
||||
METHOD(cmac_t, get_mac, void,
|
||||
private_cmac_t *this, chunk_t data, u_int8_t *out)
|
||||
METHOD(mac_t, get_mac, void,
|
||||
private_mac_t *this, chunk_t data, u_int8_t *out)
|
||||
{
|
||||
/* update T, do not process last block */
|
||||
update(this, data);
|
||||
@ -174,8 +177,8 @@ METHOD(cmac_t, get_mac, void,
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(cmac_t, get_block_size, size_t,
|
||||
private_cmac_t *this)
|
||||
METHOD(mac_t, get_mac_size, size_t,
|
||||
private_mac_t *this)
|
||||
{
|
||||
return this->b;
|
||||
}
|
||||
@ -222,8 +225,8 @@ static void derive_key(chunk_t chunk)
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(cmac_t, set_key, void,
|
||||
private_cmac_t *this, chunk_t key)
|
||||
METHOD(mac_t, set_key, void,
|
||||
private_mac_t *this, chunk_t key)
|
||||
{
|
||||
chunk_t resized, iv, l;
|
||||
|
||||
@ -265,8 +268,8 @@ METHOD(cmac_t, set_key, void,
|
||||
memwipe(l.ptr, l.len);
|
||||
}
|
||||
|
||||
METHOD(cmac_t, destroy, void,
|
||||
private_cmac_t *this)
|
||||
METHOD(mac_t, destroy, void,
|
||||
private_mac_t *this)
|
||||
{
|
||||
this->k->destroy(this->k);
|
||||
memwipe(this->k1, this->b);
|
||||
@ -281,9 +284,9 @@ METHOD(cmac_t, destroy, void,
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
|
||||
mac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
|
||||
{
|
||||
private_cmac_t *this;
|
||||
private_mac_t *this;
|
||||
crypter_t *crypter;
|
||||
u_int8_t b;
|
||||
|
||||
@ -303,7 +306,7 @@ cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
|
||||
INIT(this,
|
||||
.public = {
|
||||
.get_mac = _get_mac,
|
||||
.get_block_size = _get_block_size,
|
||||
.get_mac_size = _get_mac_size,
|
||||
.set_key = _set_key,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
@ -319,3 +322,48 @@ cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
prf_t *cmac_prf_create(pseudo_random_function_t algo)
|
||||
{
|
||||
mac_t *cmac;
|
||||
|
||||
switch (algo)
|
||||
{
|
||||
case PRF_AES128_CMAC:
|
||||
cmac = cmac_create(ENCR_AES_CBC, 16);
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
if (cmac)
|
||||
{
|
||||
return mac_prf_create(cmac);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
signer_t *cmac_signer_create(integrity_algorithm_t algo)
|
||||
{
|
||||
size_t truncation;
|
||||
mac_t *cmac;
|
||||
|
||||
switch (algo)
|
||||
{
|
||||
case AUTH_AES_CMAC_96:
|
||||
cmac = cmac_create(ENCR_AES_CBC, 16);
|
||||
truncation = 12;
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
if (cmac)
|
||||
{
|
||||
return mac_signer_create(cmac, truncation);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -14,6 +14,11 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* Cipher-based Message Authentication Code (CMAC).
|
||||
*
|
||||
* This class implements the message authentication algorithm
|
||||
* described in RFC 4493.
|
||||
*
|
||||
* @defgroup cmac cmac
|
||||
* @{ @ingroup cmac_p
|
||||
*/
|
||||
@ -21,58 +26,23 @@
|
||||
#ifndef CMAC_H_
|
||||
#define CMAC_H_
|
||||
|
||||
#include <crypto/crypters/crypter.h>
|
||||
|
||||
typedef struct cmac_t cmac_t;
|
||||
#include <crypto/prfs/prf.h>
|
||||
#include <crypto/signers/signer.h>
|
||||
|
||||
/**
|
||||
* Cipher-based Message Authentication Code (CMAC).
|
||||
* Creates a new prf_t object based on a CMAC.
|
||||
*
|
||||
* This class implements the message authentication algorithm
|
||||
* described in RFC 4493.
|
||||
* @param algo algorithm to implement
|
||||
* @return prf_t object, NULL if not supported
|
||||
*/
|
||||
struct cmac_t {
|
||||
|
||||
/**
|
||||
* Generate message authentication code.
|
||||
*
|
||||
* If buffer is NULL, no result is given back. A next call will
|
||||
* append the data to already supplied data. If buffer is not NULL,
|
||||
* the mac of all apended data is calculated, returned and the internal
|
||||
* state is reset.
|
||||
*
|
||||
* @param data chunk of data to authenticate
|
||||
* @param buffer pointer where the generated bytes will be written
|
||||
*/
|
||||
void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer);
|
||||
|
||||
/**
|
||||
* Get the block size of this cmac_t object.
|
||||
*
|
||||
* @return block size in bytes
|
||||
*/
|
||||
size_t (*get_block_size) (cmac_t *this);
|
||||
|
||||
/**
|
||||
* Set the key for this cmac_t object.
|
||||
*
|
||||
* @param key key to set
|
||||
*/
|
||||
void (*set_key) (cmac_t *this, chunk_t key);
|
||||
|
||||
/**
|
||||
* Destroys a cmac_t object.
|
||||
*/
|
||||
void (*destroy) (cmac_t *this);
|
||||
};
|
||||
prf_t *cmac_prf_create(pseudo_random_function_t algo);
|
||||
|
||||
/**
|
||||
* Creates a new cmac_t object.
|
||||
* Creates a new signer_t object based on a CMAC.
|
||||
*
|
||||
* @param algo underlying crypto algorithm
|
||||
* @param key_size key size to use, if required for algorithm
|
||||
* @return cmac_t object, NULL if not supported
|
||||
* @param algo algorithm to implement
|
||||
* @return signer_t, NULL if not supported
|
||||
*/
|
||||
cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size);
|
||||
signer_t *cmac_signer_create(integrity_algorithm_t algo);
|
||||
|
||||
#endif /** CMAC_H_ @}*/
|
||||
|
||||
@ -16,8 +16,7 @@
|
||||
#include "cmac_plugin.h"
|
||||
|
||||
#include <library.h>
|
||||
#include "cmac_prf.h"
|
||||
#include "cmac_signer.h"
|
||||
#include "cmac.h"
|
||||
|
||||
typedef struct private_cmac_plugin_t private_cmac_plugin_t;
|
||||
|
||||
|
||||
@ -1,121 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "cmac_prf.h"
|
||||
|
||||
#include "cmac.h"
|
||||
|
||||
typedef struct private_cmac_prf_t private_cmac_prf_t;
|
||||
|
||||
/**
|
||||
* Private data of a cmac_prf_t object.
|
||||
*/
|
||||
struct private_cmac_prf_t {
|
||||
|
||||
/**
|
||||
* Public cmac_prf_t interface.
|
||||
*/
|
||||
cmac_prf_t public;
|
||||
|
||||
/**
|
||||
* cmac to use for generation.
|
||||
*/
|
||||
cmac_t *cmac;
|
||||
};
|
||||
|
||||
METHOD(prf_t, get_bytes, void,
|
||||
private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
|
||||
{
|
||||
this->cmac->get_mac(this->cmac, seed, buffer);
|
||||
}
|
||||
|
||||
METHOD(prf_t, allocate_bytes, void,
|
||||
private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk)
|
||||
{
|
||||
if (chunk)
|
||||
{
|
||||
*chunk = chunk_alloc(this->cmac->get_block_size(this->cmac));
|
||||
get_bytes(this, seed, chunk->ptr);
|
||||
}
|
||||
else
|
||||
{
|
||||
get_bytes(this, seed, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(prf_t, get_block_size, size_t,
|
||||
private_cmac_prf_t *this)
|
||||
{
|
||||
return this->cmac->get_block_size(this->cmac);
|
||||
}
|
||||
|
||||
METHOD(prf_t, get_key_size, size_t,
|
||||
private_cmac_prf_t *this)
|
||||
{
|
||||
/* in cmac, block and key size are always equal */
|
||||
return this->cmac->get_block_size(this->cmac);
|
||||
}
|
||||
|
||||
METHOD(prf_t, set_key, void,
|
||||
private_cmac_prf_t *this, chunk_t key)
|
||||
{
|
||||
this->cmac->set_key(this->cmac, key);
|
||||
}
|
||||
|
||||
METHOD(prf_t, destroy, void,
|
||||
private_cmac_prf_t *this)
|
||||
{
|
||||
this->cmac->destroy(this->cmac);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo)
|
||||
{
|
||||
private_cmac_prf_t *this;
|
||||
cmac_t *cmac;
|
||||
|
||||
switch (algo)
|
||||
{
|
||||
case PRF_AES128_CMAC:
|
||||
cmac = cmac_create(ENCR_AES_CBC, 16);
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
if (!cmac)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.prf = {
|
||||
.get_bytes = _get_bytes,
|
||||
.allocate_bytes = _allocate_bytes,
|
||||
.get_block_size = _get_block_size,
|
||||
.get_key_size = _get_key_size,
|
||||
.set_key = _set_key,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.cmac = cmac,
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
@ -1,50 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup cmac_prf cmac_prf
|
||||
* @{ @ingroup cmac_p
|
||||
*/
|
||||
|
||||
#ifndef PRF_CMAC_H_
|
||||
#define PRF_CMAC_H_
|
||||
|
||||
typedef struct cmac_prf_t cmac_prf_t;
|
||||
|
||||
#include <crypto/prfs/prf.h>
|
||||
|
||||
/**
|
||||
* Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615.
|
||||
*
|
||||
* This simply wraps a cmac_t in a prf_t. More a question of
|
||||
* interface matching.
|
||||
*/
|
||||
struct cmac_prf_t {
|
||||
|
||||
/**
|
||||
* Implements prf_t interface.
|
||||
*/
|
||||
prf_t prf;
|
||||
};
|
||||
|
||||
/**
|
||||
* Creates a new cmac_prf_t object.
|
||||
*
|
||||
* @param algo algorithm to implement
|
||||
* @return cmac_prf_t object, NULL if hash not supported
|
||||
*/
|
||||
cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo);
|
||||
|
||||
#endif /** PRF_CMAC_H_ @}*/
|
||||
@ -1,159 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "cmac_signer.h"
|
||||
#include "cmac.h"
|
||||
|
||||
typedef struct private_cmac_signer_t private_cmac_signer_t;
|
||||
|
||||
/**
|
||||
* Private data structure with signing context.
|
||||
*/
|
||||
struct private_cmac_signer_t {
|
||||
|
||||
/**
|
||||
* Public interface.
|
||||
*/
|
||||
cmac_signer_t public;
|
||||
|
||||
/**
|
||||
* Assigned cmac function.
|
||||
*/
|
||||
cmac_t *cmac;
|
||||
|
||||
/**
|
||||
* Block size (truncation of CMAC MAC)
|
||||
*/
|
||||
size_t block_size;
|
||||
};
|
||||
|
||||
METHOD(signer_t, get_signature, void,
|
||||
private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer)
|
||||
{
|
||||
if (buffer == NULL)
|
||||
{ /* append mode */
|
||||
this->cmac->get_mac(this->cmac, data, NULL);
|
||||
}
|
||||
else
|
||||
{
|
||||
u_int8_t mac[this->cmac->get_block_size(this->cmac)];
|
||||
|
||||
this->cmac->get_mac(this->cmac, data, mac);
|
||||
memcpy(buffer, mac, this->block_size);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(signer_t, allocate_signature, void,
|
||||
private_cmac_signer_t *this, chunk_t data, chunk_t *chunk)
|
||||
{
|
||||
if (chunk == NULL)
|
||||
{ /* append mode */
|
||||
this->cmac->get_mac(this->cmac, data, NULL);
|
||||
}
|
||||
else
|
||||
{
|
||||
u_int8_t mac[this->cmac->get_block_size(this->cmac)];
|
||||
|
||||
this->cmac->get_mac(this->cmac, data, mac);
|
||||
|
||||
chunk->ptr = malloc(this->block_size);
|
||||
chunk->len = this->block_size;
|
||||
|
||||
memcpy(chunk->ptr, mac, this->block_size);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(signer_t, verify_signature, bool,
|
||||
private_cmac_signer_t *this, chunk_t data, chunk_t signature)
|
||||
{
|
||||
u_int8_t mac[this->cmac->get_block_size(this->cmac)];
|
||||
|
||||
if (signature.len != this->block_size)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
this->cmac->get_mac(this->cmac, data, mac);
|
||||
return memeq(signature.ptr, mac, this->block_size);
|
||||
}
|
||||
|
||||
METHOD(signer_t, get_key_size, size_t,
|
||||
private_cmac_signer_t *this)
|
||||
{
|
||||
return this->cmac->get_block_size(this->cmac);
|
||||
}
|
||||
|
||||
METHOD(signer_t, get_block_size, size_t,
|
||||
private_cmac_signer_t *this)
|
||||
{
|
||||
return this->block_size;
|
||||
}
|
||||
|
||||
METHOD(signer_t, set_key, void,
|
||||
private_cmac_signer_t *this, chunk_t key)
|
||||
{
|
||||
this->cmac->set_key(this->cmac, key);
|
||||
}
|
||||
|
||||
METHOD(signer_t, destroy, void,
|
||||
private_cmac_signer_t *this)
|
||||
{
|
||||
this->cmac->destroy(this->cmac);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header
|
||||
*/
|
||||
cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo)
|
||||
{
|
||||
private_cmac_signer_t *this;
|
||||
size_t truncation;
|
||||
cmac_t *cmac;
|
||||
|
||||
switch (algo)
|
||||
{
|
||||
case AUTH_AES_CMAC_96:
|
||||
cmac = cmac_create(ENCR_AES_CBC, 16);
|
||||
truncation = 12;
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
if (cmac == NULL)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.signer = {
|
||||
.get_signature = _get_signature,
|
||||
.allocate_signature = _allocate_signature,
|
||||
.verify_signature = _verify_signature,
|
||||
.get_key_size = _get_key_size,
|
||||
.get_block_size = _get_block_size,
|
||||
.set_key = _set_key,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
.cmac = cmac,
|
||||
.block_size = min(truncation, cmac->get_block_size(cmac)),
|
||||
);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
@ -1,47 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2012 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup cmac_signer cmac_signer
|
||||
* @{ @ingroup cmac_p
|
||||
*/
|
||||
|
||||
#ifndef CMAC_SIGNER_H_
|
||||
#define CMAC_SIGNER_H_
|
||||
|
||||
typedef struct cmac_signer_t cmac_signer_t;
|
||||
|
||||
#include <crypto/signers/signer.h>
|
||||
|
||||
/**
|
||||
* Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494.
|
||||
*/
|
||||
struct cmac_signer_t {
|
||||
|
||||
/**
|
||||
* Implements signer_t interface.
|
||||
*/
|
||||
signer_t signer;
|
||||
};
|
||||
|
||||
/**
|
||||
* Creates a new cmac_signer_t.
|
||||
*
|
||||
* @param algo algorithm to implement
|
||||
* @return cmac_signer_t, NULL if not supported
|
||||
*/
|
||||
cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo);
|
||||
|
||||
#endif /** CMAC_SIGNER_H_ @}*/
|
||||
Loading…
x
Reference in New Issue
Block a user