Test append mode for signers verify_signature

author Martin Willi <martin@revosec.ch>

Tue, 17 Aug 2010 08:12:20 +0000 (10:12 +0200)

committer Martin Willi <martin@revosec.ch>

Thu, 19 Aug 2010 10:35:53 +0000 (12:35 +0200)
author Martin Willi <martin@revosec.ch>
Tue, 17 Aug 2010 08:12:20 +0000 (10:12 +0200)
committer Martin Willi <martin@revosec.ch>
Thu, 19 Aug 2010 10:35:53 +0000 (12:35 +0200)
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c

index 13e186a5ab1099ea6aeb0dbfdcd46c2b570c3360..a5434cff0f82516ce7e519da8c7bfd3f1bb83b29 100644 (file)
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -361,11 +361,10 @@ METHOD(crypto_tester_t, test_signer, bool,
                 /* signature to existing buffer, using append mode */
                 if (data.len > 2)
                 {
-                       memset(mac.ptr, 0, mac.len);
                         signer->allocate_signature(signer, chunk_create(data.ptr, 1), NULL);
                         signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
-                       signer->get_signature(signer, chunk_skip(data, 2), mac.ptr);
-                       if (!memeq(vector->mac, mac.ptr, mac.len))
+                       if (!signer->verify_signature(signer, chunk_skip(data, 2),
+                                                                                 chunk_create(vector->mac, mac.len)))
                         {
                                 failed = TRUE;
                         }
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h

index 17bd0f889e25d3fa051f8df3d85ae34d3e73ae81..0304c611dcdff860fa5634299524f066fca1f6a4 100644 (file)
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -106,6 +106,10 @@ struct signer_t {
         /**
          * Verify a signature.
          *
+        * To verify a signature of multiple chunks of data, pass the
+        * data to get_signature() with a NULL buffer. verify_signature() acts
+        * as a final call and includes all data fed to get_signature().
+        *
          * @param data          a chunk containing the data to verify
          * @param signature     a chunk containing the signature
          * @return                      TRUE, if signature is valid, FALSE otherwise
author	Martin Willi <martin@revosec.ch>
	Tue, 17 Aug 2010 08:12:20 +0000 (10:12 +0200)
committer	Martin Willi <martin@revosec.ch>
	Thu, 19 Aug 2010 10:35:53 +0000 (12:35 +0200)
src/libstrongswan/crypto/crypto_tester.c		patch \| blob \| blame \| history
src/libstrongswan/crypto/signers/signer.h		patch \| blob \| blame \| history