From 63420c6e136cd9dc46e2a61f5ea178ed7e434c0d Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 22 Jun 2012 10:38:37 +0200 Subject: [PATCH] Use simple wrappers for HMAC based PRF and signer in hmac plugin --- src/libstrongswan/plugins/hmac/Makefile.am | 3 +- src/libstrongswan/plugins/hmac/hmac.h | 93 --------- .../plugins/hmac/{hmac.c => hmac_hmac.c} | 133 +++++++++--- .../plugins/hmac/{hmac_prf.h => hmac_hmac.h} | 38 ++-- src/libstrongswan/plugins/hmac/hmac_plugin.c | 7 +- src/libstrongswan/plugins/hmac/hmac_prf.c | 126 ----------- src/libstrongswan/plugins/hmac/hmac_signer.c | 197 ------------------ src/libstrongswan/plugins/hmac/hmac_signer.h | 54 ----- 8 files changed, 127 insertions(+), 524 deletions(-) delete mode 100644 src/libstrongswan/plugins/hmac/hmac.h rename src/libstrongswan/plugins/hmac/{hmac.c => hmac_hmac.c} (62%) rename src/libstrongswan/plugins/hmac/{hmac_prf.h => hmac_hmac.h} (51%) delete mode 100644 src/libstrongswan/plugins/hmac/hmac_prf.c delete mode 100644 src/libstrongswan/plugins/hmac/hmac_signer.c delete mode 100644 src/libstrongswan/plugins/hmac/hmac_signer.h diff --git a/src/libstrongswan/plugins/hmac/Makefile.am b/src/libstrongswan/plugins/hmac/Makefile.am index 77aa0ffd1f..f563d78bef 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.am +++ b/src/libstrongswan/plugins/hmac/Makefile.am @@ -10,7 +10,6 @@ plugin_LTLIBRARIES = libstrongswan-hmac.la endif libstrongswan_hmac_la_SOURCES = \ - hmac_plugin.h hmac_plugin.c hmac.h hmac.c \ - hmac_prf.h hmac_prf.c hmac_signer.h hmac_signer.c + hmac_plugin.h hmac_plugin.c hmac_hmac.h hmac_hmac.c libstrongswan_hmac_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h deleted file mode 100644 index 1ed041596a..0000000000 --- a/src/libstrongswan/plugins/hmac/hmac.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (C) 2005-2008 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup hmac hmac - * @{ @ingroup hmac_p - */ - -#ifndef HMAC_H_ -#define HMAC_H_ - -typedef struct hmac_t hmac_t; - -#include - -/** - * Message authentication using hash functions. - * - * This class implements the message authentication algorithm - * described in RFC2104. It uses a hash function, which must - * be implemented as a hasher_t class. - */ -struct hmac_t { - /** - * Generate message authentication code. - * - * If buffer is NULL, no result is given back. A next call will - * append the data to already supplied data. If buffer is not NULL, - * the mac of all apended data is calculated, returned and the - * state of the hmac_t is reseted. - * - * @param data chunk of data to authenticate - * @param buffer pointer where the generated bytes will be written - */ - void (*get_mac) (hmac_t *this, chunk_t data, u_int8_t *buffer); - - /** - * Generates message authentication code and allocate space for them. - * - * If chunk is NULL, no result is given back. A next call will - * append the data to already supplied. If chunk is not NULL, - * the mac of all apended data is calculated, returned and the - * state of the hmac_t reset; - * - * @param data chunk of data to authenticate - * @param chunk chunk which will hold generated bytes - */ - void (*allocate_mac) (hmac_t *this, chunk_t data, chunk_t *chunk); - - /** - * Get the block size of this hmac_t object. - * - * @return block size in bytes - */ - size_t (*get_block_size) (hmac_t *this); - - /** - * Set the key for this hmac_t object. - * - * Any key length is accepted. - * - * @param key key to set - */ - void (*set_key) (hmac_t *this, chunk_t key); - - /** - * Destroys a hmac_t object. - */ - void (*destroy) (hmac_t *this); -}; - -/** - * Creates a new hmac_t object. - * - * @param hash_algorithm hash algorithm to use - * @return hmac_t object, NULL if not supported - */ -hmac_t *hmac_create(hash_algorithm_t hash_algorithm); - -#endif /** HMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac_hmac.c similarity index 62% rename from src/libstrongswan/plugins/hmac/hmac.c rename to src/libstrongswan/plugins/hmac/hmac_hmac.c index 91294305e4..871a294d9a 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac_hmac.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -14,21 +15,23 @@ * for more details. */ -#include - -#include "hmac.h" +#include "hmac_hmac.h" +#include +#include +#include typedef struct private_hmac_t private_hmac_t; /** - * Private data of a hmac_t object. + * Private data of a hmac_hmac_t object. * * The variable names are the same as in the RFC. */ struct private_hmac_t { + /** - * Public hmac_t interface. + * Implements hmac_t interface */ hmac_t public; @@ -89,24 +92,7 @@ METHOD(hmac_t, get_mac, void, } } -METHOD(hmac_t, allocate_mac, void, - private_hmac_t *this, chunk_t data, chunk_t *out) -{ - /* allocate space and use get_mac */ - if (out == NULL) - { - /* append mode */ - get_mac(this, data, NULL); - } - else - { - out->len = this->h->get_hash_size(this->h); - out->ptr = malloc(out->len); - get_mac(this, data, out->ptr); - } -} - -METHOD(hmac_t, get_block_size, size_t, +METHOD(hmac_t, get_mac_size, size_t, private_hmac_t *this) { return this->h->get_hash_size(this->h); @@ -153,17 +139,16 @@ METHOD(hmac_t, destroy, void, } /* - * Described in header + * Creates an hmac_t object */ -hmac_t *hmac_create(hash_algorithm_t hash_algorithm) +static hmac_t *hmac_create(hash_algorithm_t hash_algorithm) { private_hmac_t *this; INIT(this, .public = { .get_mac = _get_mac, - .allocate_mac = _allocate_mac, - .get_block_size = _get_block_size, + .get_mac_size = _get_mac_size, .set_key = _set_key, .destroy = _destroy, }, @@ -202,3 +187,97 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) return &this->public; } + +/* + * Described in header + */ +prf_t *hmac_hmac_prf_create(pseudo_random_function_t algo) +{ + hmac_t *hmac = NULL; + + switch (algo) + { + case PRF_HMAC_SHA1: + hmac = hmac_create(HASH_SHA1); + break; + case PRF_HMAC_MD5: + hmac = hmac_create(HASH_MD5); + break; + case PRF_HMAC_SHA2_256: + hmac = hmac_create(HASH_SHA256); + break; + case PRF_HMAC_SHA2_384: + hmac = hmac_create(HASH_SHA384); + break; + case PRF_HMAC_SHA2_512: + hmac = hmac_create(HASH_SHA512); + break; + default: + break; + } + if (hmac) + { + return hmac_prf_create(hmac); + } + return NULL; +} + +/* + * Described in header + */ +signer_t *hmac_hmac_signer_create(integrity_algorithm_t algo) +{ + hmac_t *hmac = NULL; + size_t trunc = 0; + + switch (algo) + { + case AUTH_HMAC_MD5_96: + hmac = hmac_create(HASH_MD5); + trunc = 12; + break; + case AUTH_HMAC_MD5_128: + hmac = hmac_create(HASH_MD5); + trunc = 16; + break; + case AUTH_HMAC_SHA1_96: + hmac = hmac_create(HASH_SHA1); + trunc = 12; + break; + case AUTH_HMAC_SHA1_128: + hmac = hmac_create(HASH_SHA1); + trunc = 16; + break; + case AUTH_HMAC_SHA1_160: + hmac = hmac_create(HASH_SHA1); + trunc = 20; + break; + case AUTH_HMAC_SHA2_256_128: + hmac = hmac_create(HASH_SHA256); + trunc = 16; + break; + case AUTH_HMAC_SHA2_256_256: + hmac = hmac_create(HASH_SHA256); + trunc = 32; + break; + case AUTH_HMAC_SHA2_384_192: + hmac = hmac_create(HASH_SHA384); + trunc = 24; + break; + case AUTH_HMAC_SHA2_384_384: + hmac = hmac_create(HASH_SHA384); + trunc = 48; + break; + case AUTH_HMAC_SHA2_512_256: + hmac = hmac_create(HASH_SHA512); + trunc = 32; + break; + default: + break; + } + if (hmac) + { + return hmac_signer_create(hmac, trunc); + } + return NULL; +} diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_hmac.h similarity index 51% rename from src/libstrongswan/plugins/hmac/hmac_prf.h rename to src/libstrongswan/plugins/hmac/hmac_hmac.h index 29d7269aed..fdafabe1ea 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.h +++ b/src/libstrongswan/plugins/hmac/hmac_hmac.h @@ -1,6 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi - * Copyright (C) 2005 Jan Hutter + * Copyright (C) 2012 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,37 +14,34 @@ */ /** - * @defgroup hmac_prf hmac_prf + * Implements the message authentication algorithm described in RFC2104. + * + * It uses a hash function, which must be implemented as a hasher_t class. + * + * @defgroup hmac_hmac hmac * @{ @ingroup hmac_p */ -#ifndef PRF_HMAC_H_ -#define PRF_HMAC_H_ - -typedef struct hmac_prf_t hmac_prf_t; +#ifndef HMAC_HMAC_H_ +#define HMAC_HMAC_H_ #include +#include /** - * Implementation of prf_t interface using the HMAC algorithm. + * Creates a new prf_t object based on an HMAC. * - * This simply wraps a hmac_t in a prf_t. More a question of - * interface matching. + * @param algo algorithm to implement + * @return prf_t object, NULL if not supported */ -struct hmac_prf_t { - - /** - * Implements prf_t interface. - */ - prf_t prf; -}; +prf_t *hmac_hmac_prf_create(pseudo_random_function_t algo); /** - * Creates a new hmac_prf_t object. + * Creates a new signer_t object based on an HMAC. * * @param algo algorithm to implement - * @return hmac_prf_t object, NULL if hash not supported + * @return signer_t, NULL if not supported */ -hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo); +signer_t *hmac_hmac_signer_create(integrity_algorithm_t algo); -#endif /** PRF_HMAC_SHA1_H_ @}*/ +#endif /** HMAC_HMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index 7d9ff3c67e..fe30a4cbf3 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -16,8 +16,7 @@ #include "hmac_plugin.h" #include -#include "hmac_signer.h" -#include "hmac_prf.h" +#include "hmac_hmac.h" typedef struct private_hmac_plugin_t private_hmac_plugin_t; @@ -42,7 +41,7 @@ METHOD(plugin_t, get_features, int, private_hmac_plugin_t *this, plugin_feature_t *features[]) { static plugin_feature_t f[] = { - PLUGIN_REGISTER(PRF, hmac_prf_create), + PLUGIN_REGISTER(PRF, hmac_hmac_prf_create), PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1), PLUGIN_DEPENDS(HASHER, HASH_SHA1), PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5), @@ -53,7 +52,7 @@ METHOD(plugin_t, get_features, int, PLUGIN_DEPENDS(HASHER, HASH_SHA384), PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), - PLUGIN_REGISTER(SIGNER, hmac_signer_create), + PLUGIN_REGISTER(SIGNER, hmac_hmac_signer_create), PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96), PLUGIN_DEPENDS(HASHER, HASH_SHA1), PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128), diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c deleted file mode 100644 index ca10612f9f..0000000000 --- a/src/libstrongswan/plugins/hmac/hmac_prf.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (C) 2005-2006 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "hmac_prf.h" - -#include "hmac.h" - - -typedef struct private_hmac_prf_t private_hmac_prf_t; - -/** - * Private data of a hma_prf_t object. - */ -struct private_hmac_prf_t { - /** - * Public hmac_prf_t interface. - */ - hmac_prf_t public; - - /** - * Hmac to use for generation. - */ - hmac_t *hmac; -}; - -METHOD(prf_t, get_bytes, void, - private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer) -{ - this->hmac->get_mac(this->hmac, seed, buffer); -} - -METHOD(prf_t, allocate_bytes, void, - private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk) -{ - this->hmac->allocate_mac(this->hmac, seed, chunk); -} - -METHOD(prf_t, get_block_size, size_t, - private_hmac_prf_t *this) -{ - return this->hmac->get_block_size(this->hmac); -} - -METHOD(prf_t, get_key_size, size_t, - private_hmac_prf_t *this) -{ - /* for HMAC prfs, IKEv2 uses block size as key size */ - return this->hmac->get_block_size(this->hmac); -} - -METHOD(prf_t, set_key, void, - private_hmac_prf_t *this, chunk_t key) -{ - this->hmac->set_key(this->hmac, key); -} - -METHOD(prf_t, destroy, void, - private_hmac_prf_t *this) -{ - this->hmac->destroy(this->hmac); - free(this); -} - -/* - * Described in header. - */ -hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo) -{ - private_hmac_prf_t *this; - hmac_t *hmac; - - switch (algo) - { - case PRF_HMAC_SHA1: - hmac = hmac_create(HASH_SHA1); - break; - case PRF_HMAC_MD5: - hmac = hmac_create(HASH_MD5); - break; - case PRF_HMAC_SHA2_256: - hmac = hmac_create(HASH_SHA256); - break; - case PRF_HMAC_SHA2_384: - hmac = hmac_create(HASH_SHA384); - break; - case PRF_HMAC_SHA2_512: - hmac = hmac_create(HASH_SHA512); - break; - default: - return NULL; - } - if (hmac == NULL) - { - return NULL; - } - - INIT(this, - .public = { - .prf = { - .get_bytes = _get_bytes, - .allocate_bytes = _allocate_bytes, - .get_block_size = _get_block_size, - .get_key_size = _get_key_size, - .set_key = _set_key, - .destroy = _destroy, - }, - }, - .hmac = hmac, - ); - - return &this->public; -} - diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c deleted file mode 100644 index 511a3e3a5b..0000000000 --- a/src/libstrongswan/plugins/hmac/hmac_signer.c +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright (C) 2005-2008 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include - -#include "hmac_signer.h" -#include "hmac.h" - -typedef struct private_hmac_signer_t private_hmac_signer_t; - -/** - * Private data structure with signing context. - */ -struct private_hmac_signer_t { - /** - * Public interface of hmac_signer_t. - */ - hmac_signer_t public; - - /** - * Assigned hmac function. - */ - hmac_t *hmac; - - /** - * Block size (truncation of HMAC Hash) - */ - size_t block_size; -}; - -METHOD(signer_t, get_signature, void, - private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer) -{ - if (buffer == NULL) - { /* append mode */ - this->hmac->get_mac(this->hmac, data, NULL); - } - else - { - u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - - this->hmac->get_mac(this->hmac, data, mac); - memcpy(buffer, mac, this->block_size); - } -} - -METHOD(signer_t, allocate_signature, void, - private_hmac_signer_t *this, chunk_t data, chunk_t *chunk) -{ - if (chunk == NULL) - { /* append mode */ - this->hmac->get_mac(this->hmac, data, NULL); - } - else - { - u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - - this->hmac->get_mac(this->hmac, data, mac); - - chunk->ptr = malloc(this->block_size); - chunk->len = this->block_size; - - memcpy(chunk->ptr, mac, this->block_size); - } -} - -METHOD(signer_t, verify_signature, bool, - private_hmac_signer_t *this, chunk_t data, chunk_t signature) -{ - u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - - this->hmac->get_mac(this->hmac, data, mac); - - if (signature.len != this->block_size) - { - return FALSE; - } - return memeq(signature.ptr, mac, this->block_size); -} - -METHOD(signer_t, get_key_size, size_t, - private_hmac_signer_t *this) -{ - return this->hmac->get_block_size(this->hmac); -} - -METHOD(signer_t, get_block_size, size_t, - private_hmac_signer_t *this) -{ - return this->block_size; -} - -METHOD(signer_t, set_key, void, - private_hmac_signer_t *this, chunk_t key) -{ - this->hmac->set_key(this->hmac, key); -} - -METHOD(signer_t, destroy, void, - private_hmac_signer_t *this) -{ - this->hmac->destroy(this->hmac); - free(this); -} - -/* - * Described in header - */ -hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) -{ - private_hmac_signer_t *this; - hmac_t *hmac; - size_t trunc; - - switch (algo) - { - case AUTH_HMAC_SHA1_96: - hmac = hmac_create(HASH_SHA1); - trunc = 12; - break; - case AUTH_HMAC_SHA1_128: - hmac = hmac_create(HASH_SHA1); - trunc = 16; - break; - case AUTH_HMAC_SHA1_160: - hmac = hmac_create(HASH_SHA1); - trunc = 20; - break; - case AUTH_HMAC_MD5_96: - hmac = hmac_create(HASH_MD5); - trunc = 12; - break; - case AUTH_HMAC_MD5_128: - hmac = hmac_create(HASH_MD5); - trunc = 16; - break; - case AUTH_HMAC_SHA2_256_128: - hmac = hmac_create(HASH_SHA256); - trunc = 16; - break; - case AUTH_HMAC_SHA2_384_192: - hmac = hmac_create(HASH_SHA384); - trunc = 24; - break; - case AUTH_HMAC_SHA2_512_256: - hmac = hmac_create(HASH_SHA512); - trunc = 32; - break; - case AUTH_HMAC_SHA2_256_256: - hmac = hmac_create(HASH_SHA256); - trunc = 32; - break; - case AUTH_HMAC_SHA2_384_384: - hmac = hmac_create(HASH_SHA384); - trunc = 48; - break; - default: - return NULL; - } - - if (hmac == NULL) - { - return NULL; - } - - INIT(this, - .public = { - .signer = { - .get_signature = _get_signature, - .allocate_signature = _allocate_signature, - .verify_signature = _verify_signature, - .get_key_size = _get_key_size, - .get_block_size = _get_block_size, - .set_key = _set_key, - .destroy = _destroy, - }, - }, - .block_size = min(trunc, hmac->get_block_size(hmac)), - .hmac = hmac, - ); - - return &this->public; -} - diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h deleted file mode 100644 index 5e798683bd..0000000000 --- a/src/libstrongswan/plugins/hmac/hmac_signer.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (C) 2005-2008 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup hmac_signer hmac_signer - * @{ @ingroup hmac_p - */ - -#ifndef HMAC_SIGNER_H_ -#define HMAC_SIGNER_H_ - -typedef struct hmac_signer_t hmac_signer_t; - -#include - -/** - * Implementation of signer_t interface using HMAC. - * - * HMAC uses a standard hash function implemented in a hasher_t to build a MAC. - */ -struct hmac_signer_t { - - /** - * Implements signer_t interface. - */ - signer_t signer; -}; - -/** - * Creates a new hmac_signer_t. - * - * HMAC signatures are often truncated to shorten them to a more usable, but - * still secure enough length. - * Block size must be equal or smaller then the hash algorithms hash. - * - * @param algo algorithm to implement - * @return hmac_signer_t, NULL if not supported - */ -hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo); - -#endif /** HMAC_SIGNER_H_ @}*/ -- 2.47.2