Annotation of embedaddon/strongswan/src/libstrongswan/crypto/signers/signer.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2005-2009 Martin Willi
3: * Copyright (C) 2005 Jan Hutter
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: /**
18: * @defgroup signer signer
19: * @{ @ingroup crypto
20: */
21:
22: #ifndef SIGNER_H_
23: #define SIGNER_H_
24:
25: typedef enum integrity_algorithm_t integrity_algorithm_t;
26: typedef struct signer_t signer_t;
27:
28: #include <utils/utils.h>
29: #include <utils/chunk.h>
30:
31: /**
32: * Integrity algorithm, as in IKEv2 RFC 3.3.2.
33: *
34: * Algorithms not specified in IKEv2 are allocated in private use space.
35: */
36: enum integrity_algorithm_t {
37: AUTH_UNDEFINED = 1024,
38: /** RFC4306 */
39: AUTH_HMAC_MD5_96 = 1,
40: /** RFC4306 */
41: AUTH_HMAC_SHA1_96 = 2,
42: /** RFC4306 */
43: AUTH_DES_MAC = 3,
44: /** RFC1826 */
45: AUTH_KPDK_MD5 = 4,
46: /** RFC4306 */
47: AUTH_AES_XCBC_96 = 5,
48: /** RFC4595 */
49: AUTH_HMAC_MD5_128 = 6,
50: /** RFC4595 */
51: AUTH_HMAC_SHA1_160 = 7,
52: /** RFC4494 */
53: AUTH_AES_CMAC_96 = 8,
54: /** RFC4543 */
55: AUTH_AES_128_GMAC = 9,
56: /** RFC4543 */
57: AUTH_AES_192_GMAC = 10,
58: /** RFC4543 */
59: AUTH_AES_256_GMAC = 11,
60: /** RFC4868 */
61: AUTH_HMAC_SHA2_256_128 = 12,
62: /** RFC4868 */
63: AUTH_HMAC_SHA2_384_192 = 13,
64: /** RFC4868 */
65: AUTH_HMAC_SHA2_512_256 = 14,
66: /** private use */
67: AUTH_HMAC_SHA1_128 = 1025,
68: /** SHA256 96 bit truncation variant, supported by Linux kernels */
69: AUTH_HMAC_SHA2_256_96 = 1026,
70: /** SHA256 full length truncation variant, as used in TLS */
71: AUTH_HMAC_SHA2_256_256 = 1027,
72: /** SHA384 full length truncation variant, as used in TLS */
73: AUTH_HMAC_SHA2_384_384 = 1028,
74: /** SHA512 full length truncation variant */
75: AUTH_HMAC_SHA2_512_512 = 1029,
76: /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
77: AUTH_CAMELLIA_XCBC_96 = 1030,
78: };
79:
80: /**
81: * enum names for integrity_algorithm_t.
82: */
83: extern enum_name_t *integrity_algorithm_names;
84:
85: /**
86: * Generic interface for a symmetric signature algorithm.
87: */
88: struct signer_t {
89: /**
90: * Generate a signature.
91: *
92: * If buffer is NULL, data is processed and prepended to a next call until
93: * buffer is a valid pointer.
94: *
95: * @param data a chunk containing the data to sign
96: * @param buffer pointer where the signature will be written
97: * @return TRUE if signature created successfully
98: */
99: bool (*get_signature)(signer_t *this, chunk_t data,
100: uint8_t *buffer) __attribute__((warn_unused_result));
101:
102: /**
103: * Generate a signature and allocate space for it.
104: *
105: * If chunk is NULL, data is processed and prepended to a next call until
106: * chunk is a valid chunk pointer.
107: *
108: * @param data a chunk containing the data to sign
109: * @param chunk chunk which will hold the allocated signature
110: * @return TRUE if signature allocated successfully
111: */
112: bool (*allocate_signature)(signer_t *this, chunk_t data,
113: chunk_t *chunk) __attribute__((warn_unused_result));
114:
115: /**
116: * Verify a signature.
117: *
118: * To verify a signature of multiple chunks of data, pass the
119: * data to get_signature() with a NULL buffer. verify_signature() acts
120: * as a final call and includes all data fed to get_signature().
121: *
122: * @param data a chunk containing the data to verify
123: * @param signature a chunk containing the signature
124: * @return TRUE, if signature is valid, FALSE otherwise
125: */
126: bool (*verify_signature)(signer_t *this, chunk_t data, chunk_t signature);
127:
128: /**
129: * Get the block size of this signature algorithm.
130: *
131: * @return block size in bytes
132: */
133: size_t (*get_block_size)(signer_t *this);
134:
135: /**
136: * Get the key size of the signature algorithm.
137: *
138: * @return key size in bytes
139: */
140: size_t (*get_key_size)(signer_t *this);
141:
142: /**
143: * Set the key for this object.
144: *
145: * @param key key to set
146: * @return TRUE if key set
147: */
148: bool (*set_key)(signer_t *this,
149: chunk_t key) __attribute__((warn_unused_result));
150:
151: /**
152: * Destroys a signer_t object.
153: */
154: void (*destroy)(signer_t *this);
155: };
156:
157: #endif /** SIGNER_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to signer.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / crypto / signers