Return to signer.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / crypto / signers |
1.1 misho 1: /* 2: * Copyright (C) 2005-2009 Martin Willi 3: * Copyright (C) 2005 Jan Hutter 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: /** 18: * @defgroup signer signer 19: * @{ @ingroup crypto 20: */ 21: 22: #ifndef SIGNER_H_ 23: #define SIGNER_H_ 24: 25: typedef enum integrity_algorithm_t integrity_algorithm_t; 26: typedef struct signer_t signer_t; 27: 28: #include <utils/utils.h> 29: #include <utils/chunk.h> 30: 31: /** 32: * Integrity algorithm, as in IKEv2 RFC 3.3.2. 33: * 34: * Algorithms not specified in IKEv2 are allocated in private use space. 35: */ 36: enum integrity_algorithm_t { 37: AUTH_UNDEFINED = 1024, 38: /** RFC4306 */ 39: AUTH_HMAC_MD5_96 = 1, 40: /** RFC4306 */ 41: AUTH_HMAC_SHA1_96 = 2, 42: /** RFC4306 */ 43: AUTH_DES_MAC = 3, 44: /** RFC1826 */ 45: AUTH_KPDK_MD5 = 4, 46: /** RFC4306 */ 47: AUTH_AES_XCBC_96 = 5, 48: /** RFC4595 */ 49: AUTH_HMAC_MD5_128 = 6, 50: /** RFC4595 */ 51: AUTH_HMAC_SHA1_160 = 7, 52: /** RFC4494 */ 53: AUTH_AES_CMAC_96 = 8, 54: /** RFC4543 */ 55: AUTH_AES_128_GMAC = 9, 56: /** RFC4543 */ 57: AUTH_AES_192_GMAC = 10, 58: /** RFC4543 */ 59: AUTH_AES_256_GMAC = 11, 60: /** RFC4868 */ 61: AUTH_HMAC_SHA2_256_128 = 12, 62: /** RFC4868 */ 63: AUTH_HMAC_SHA2_384_192 = 13, 64: /** RFC4868 */ 65: AUTH_HMAC_SHA2_512_256 = 14, 66: /** private use */ 67: AUTH_HMAC_SHA1_128 = 1025, 68: /** SHA256 96 bit truncation variant, supported by Linux kernels */ 69: AUTH_HMAC_SHA2_256_96 = 1026, 70: /** SHA256 full length truncation variant, as used in TLS */ 71: AUTH_HMAC_SHA2_256_256 = 1027, 72: /** SHA384 full length truncation variant, as used in TLS */ 73: AUTH_HMAC_SHA2_384_384 = 1028, 74: /** SHA512 full length truncation variant */ 75: AUTH_HMAC_SHA2_512_512 = 1029, 76: /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */ 77: AUTH_CAMELLIA_XCBC_96 = 1030, 78: }; 79: 80: /** 81: * enum names for integrity_algorithm_t. 82: */ 83: extern enum_name_t *integrity_algorithm_names; 84: 85: /** 86: * Generic interface for a symmetric signature algorithm. 87: */ 88: struct signer_t { 89: /** 90: * Generate a signature. 91: * 92: * If buffer is NULL, data is processed and prepended to a next call until 93: * buffer is a valid pointer. 94: * 95: * @param data a chunk containing the data to sign 96: * @param buffer pointer where the signature will be written 97: * @return TRUE if signature created successfully 98: */ 99: bool (*get_signature)(signer_t *this, chunk_t data, 100: uint8_t *buffer) __attribute__((warn_unused_result)); 101: 102: /** 103: * Generate a signature and allocate space for it. 104: * 105: * If chunk is NULL, data is processed and prepended to a next call until 106: * chunk is a valid chunk pointer. 107: * 108: * @param data a chunk containing the data to sign 109: * @param chunk chunk which will hold the allocated signature 110: * @return TRUE if signature allocated successfully 111: */ 112: bool (*allocate_signature)(signer_t *this, chunk_t data, 113: chunk_t *chunk) __attribute__((warn_unused_result)); 114: 115: /** 116: * Verify a signature. 117: * 118: * To verify a signature of multiple chunks of data, pass the 119: * data to get_signature() with a NULL buffer. verify_signature() acts 120: * as a final call and includes all data fed to get_signature(). 121: * 122: * @param data a chunk containing the data to verify 123: * @param signature a chunk containing the signature 124: * @return TRUE, if signature is valid, FALSE otherwise 125: */ 126: bool (*verify_signature)(signer_t *this, chunk_t data, chunk_t signature); 127: 128: /** 129: * Get the block size of this signature algorithm. 130: * 131: * @return block size in bytes 132: */ 133: size_t (*get_block_size)(signer_t *this); 134: 135: /** 136: * Get the key size of the signature algorithm. 137: * 138: * @return key size in bytes 139: */ 140: size_t (*get_key_size)(signer_t *this); 141: 142: /** 143: * Set the key for this object. 144: * 145: * @param key key to set 146: * @return TRUE if key set 147: */ 148: bool (*set_key)(signer_t *this, 149: chunk_t key) __attribute__((warn_unused_result)); 150: 151: /** 152: * Destroys a signer_t object. 153: */ 154: void (*destroy)(signer_t *this); 155: }; 156: 157: #endif /** SIGNER_H_ @}*/