Annotation of embedaddon/strongswan/src/libstrongswan/crypto/signers/signer.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2005-2009 Martin Willi
! 3: * Copyright (C) 2005 Jan Hutter
! 4: * HSR Hochschule fuer Technik Rapperswil
! 5: *
! 6: * This program is free software; you can redistribute it and/or modify it
! 7: * under the terms of the GNU General Public License as published by the
! 8: * Free Software Foundation; either version 2 of the License, or (at your
! 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 10: *
! 11: * This program is distributed in the hope that it will be useful, but
! 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 14: * for more details.
! 15: */
! 16:
! 17: /**
! 18: * @defgroup signer signer
! 19: * @{ @ingroup crypto
! 20: */
! 21:
! 22: #ifndef SIGNER_H_
! 23: #define SIGNER_H_
! 24:
! 25: typedef enum integrity_algorithm_t integrity_algorithm_t;
! 26: typedef struct signer_t signer_t;
! 27:
! 28: #include <utils/utils.h>
! 29: #include <utils/chunk.h>
! 30:
! 31: /**
! 32: * Integrity algorithm, as in IKEv2 RFC 3.3.2.
! 33: *
! 34: * Algorithms not specified in IKEv2 are allocated in private use space.
! 35: */
! 36: enum integrity_algorithm_t {
! 37: AUTH_UNDEFINED = 1024,
! 38: /** RFC4306 */
! 39: AUTH_HMAC_MD5_96 = 1,
! 40: /** RFC4306 */
! 41: AUTH_HMAC_SHA1_96 = 2,
! 42: /** RFC4306 */
! 43: AUTH_DES_MAC = 3,
! 44: /** RFC1826 */
! 45: AUTH_KPDK_MD5 = 4,
! 46: /** RFC4306 */
! 47: AUTH_AES_XCBC_96 = 5,
! 48: /** RFC4595 */
! 49: AUTH_HMAC_MD5_128 = 6,
! 50: /** RFC4595 */
! 51: AUTH_HMAC_SHA1_160 = 7,
! 52: /** RFC4494 */
! 53: AUTH_AES_CMAC_96 = 8,
! 54: /** RFC4543 */
! 55: AUTH_AES_128_GMAC = 9,
! 56: /** RFC4543 */
! 57: AUTH_AES_192_GMAC = 10,
! 58: /** RFC4543 */
! 59: AUTH_AES_256_GMAC = 11,
! 60: /** RFC4868 */
! 61: AUTH_HMAC_SHA2_256_128 = 12,
! 62: /** RFC4868 */
! 63: AUTH_HMAC_SHA2_384_192 = 13,
! 64: /** RFC4868 */
! 65: AUTH_HMAC_SHA2_512_256 = 14,
! 66: /** private use */
! 67: AUTH_HMAC_SHA1_128 = 1025,
! 68: /** SHA256 96 bit truncation variant, supported by Linux kernels */
! 69: AUTH_HMAC_SHA2_256_96 = 1026,
! 70: /** SHA256 full length truncation variant, as used in TLS */
! 71: AUTH_HMAC_SHA2_256_256 = 1027,
! 72: /** SHA384 full length truncation variant, as used in TLS */
! 73: AUTH_HMAC_SHA2_384_384 = 1028,
! 74: /** SHA512 full length truncation variant */
! 75: AUTH_HMAC_SHA2_512_512 = 1029,
! 76: /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
! 77: AUTH_CAMELLIA_XCBC_96 = 1030,
! 78: };
! 79:
! 80: /**
! 81: * enum names for integrity_algorithm_t.
! 82: */
! 83: extern enum_name_t *integrity_algorithm_names;
! 84:
! 85: /**
! 86: * Generic interface for a symmetric signature algorithm.
! 87: */
! 88: struct signer_t {
! 89: /**
! 90: * Generate a signature.
! 91: *
! 92: * If buffer is NULL, data is processed and prepended to a next call until
! 93: * buffer is a valid pointer.
! 94: *
! 95: * @param data a chunk containing the data to sign
! 96: * @param buffer pointer where the signature will be written
! 97: * @return TRUE if signature created successfully
! 98: */
! 99: bool (*get_signature)(signer_t *this, chunk_t data,
! 100: uint8_t *buffer) __attribute__((warn_unused_result));
! 101:
! 102: /**
! 103: * Generate a signature and allocate space for it.
! 104: *
! 105: * If chunk is NULL, data is processed and prepended to a next call until
! 106: * chunk is a valid chunk pointer.
! 107: *
! 108: * @param data a chunk containing the data to sign
! 109: * @param chunk chunk which will hold the allocated signature
! 110: * @return TRUE if signature allocated successfully
! 111: */
! 112: bool (*allocate_signature)(signer_t *this, chunk_t data,
! 113: chunk_t *chunk) __attribute__((warn_unused_result));
! 114:
! 115: /**
! 116: * Verify a signature.
! 117: *
! 118: * To verify a signature of multiple chunks of data, pass the
! 119: * data to get_signature() with a NULL buffer. verify_signature() acts
! 120: * as a final call and includes all data fed to get_signature().
! 121: *
! 122: * @param data a chunk containing the data to verify
! 123: * @param signature a chunk containing the signature
! 124: * @return TRUE, if signature is valid, FALSE otherwise
! 125: */
! 126: bool (*verify_signature)(signer_t *this, chunk_t data, chunk_t signature);
! 127:
! 128: /**
! 129: * Get the block size of this signature algorithm.
! 130: *
! 131: * @return block size in bytes
! 132: */
! 133: size_t (*get_block_size)(signer_t *this);
! 134:
! 135: /**
! 136: * Get the key size of the signature algorithm.
! 137: *
! 138: * @return key size in bytes
! 139: */
! 140: size_t (*get_key_size)(signer_t *this);
! 141:
! 142: /**
! 143: * Set the key for this object.
! 144: *
! 145: * @param key key to set
! 146: * @return TRUE if key set
! 147: */
! 148: bool (*set_key)(signer_t *this,
! 149: chunk_t key) __attribute__((warn_unused_result));
! 150:
! 151: /**
! 152: * Destroys a signer_t object.
! 153: */
! 154: void (*destroy)(signer_t *this);
! 155: };
! 156:
! 157: #endif /** SIGNER_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>