- tested encryption payload
[strongswan.git] / Source / charon / encoding / payloads / encryption_payload.h
1 /**
2 * @file encryption_payload.h
3 *
4 * @brief Interface of encryption_payload_t.
5 */
6
7 /*
8 * Copyright (C) 2005 Jan Hutter, Martin Willi
9 * Hochschule fuer Technik Rapperswil
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
15 *
16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
18 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * for more details.
20 */
21
22 #ifndef ENCRYPTION_PAYLOAD_H_
23 #define ENCRYPTION_PAYLOAD_H_
24
25 #include <types.h>
26 #include <transforms/crypters/crypter.h>
27 #include <transforms/signers/signer.h>
28 #include <encoding/payloads/payload.h>
29 #include <utils/linked_list.h>
30
31 /**
32 * Encrpytion payload length in bytes without IV and following data.
33 */
34 #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
35
36
37 typedef struct encryption_payload_t encryption_payload_t;
38
39 /**
40 * @brief The encryption payload as described in RFC section 3.14.
41 *
42 * @ingroup payloads
43 */
44 struct encryption_payload_t {
45 /**
46 * Implements payload_t interface.
47 */
48 payload_t payload_interface;
49
50 /**
51 * @brief Creates an iterator for all contained payloads.
52 *
53 * @warning iterator_t object has to get destroyed by the caller.
54 *
55 * @param this calling encryption_payload_t object
56 * @param[in] forward iterator direction (TRUE: front to end)
57 * return created iterator_t object
58 */
59 iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
60
61 /**
62 * @brief Adds a payload to this encryption payload.
63 *
64 * @param this calling encryption_payload_t object
65 * @param payload payload_t object to add
66 */
67 void (*add_payload) (encryption_payload_t *this, payload_t *payload);
68
69 /**
70 * @brief Set transforms to use.
71 *
72 * To decryption, encryption, signature building and verifying,
73 * the payload needs a crypter and a signer object.
74 *
75 * @warning Do NOT call this function twice!
76 *
77 * @param this calling encryption_payload_t
78 * @param crypter crypter_t to use for data de-/encryption
79 * @param signer signer_t to use for data signing/verifying
80 */
81 void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
82
83 /**
84 * @brief Generate and encrypt contained payloads.
85 *
86 * This function generates the content for added payloads
87 * and encrypts them. Signature is not built, since we need
88 * additional data (the full message).
89 *
90 * @param this calling encryption_payload_t
91 * @return
92 * - SUCCESS, or
93 * - INVALID_STATE if transforms not set
94 */
95 status_t (*encrypt) (encryption_payload_t *this);
96
97 /**
98 * @brief Decrypt and parse contained payloads.
99 *
100 * This function decrypts the contained data. After,
101 * the payloads are parsed internally and are accessible
102 * via the iterator.
103 *
104 * @param this calling encryption_payload_t
105 * @return
106 * - SUCCESS, or
107 * - INVALID_STATE if transforms not set, or
108 * - FAILED if data is invalid
109 */
110 status_t (*decrypt) (encryption_payload_t *this);
111
112 /**
113 * @brief Build the signature.
114 *
115 * The signature is built over the FULL message, so the header
116 * and every payload (inclusive this one) must already be generated.
117 * The generated message is supplied via the data paramater.
118 *
119 * @param this calling encryption_payload_t
120 * @param data chunk contains the already generated message
121 * @return
122 * - SUCCESS, or
123 * - INVALID_STATE if transforms not set
124 */
125 status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
126
127 /**
128 * @brief Verify the signature.
129 *
130 * Since the signature is built over the full message, we need
131 * this data to do the verification. The message data
132 * is supplied via the data argument.
133 *
134 * @param this calling encryption_payload_t
135 * @param data chunk contains the message
136 * @return
137 * - SUCCESS, or
138 * - FAILED if signature invalid, or
139 * - INVALID_STATE if transforms not set
140 */
141 status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
142
143 /**
144 * @brief Destroys an encryption_payload_t object.
145 *
146 * @param this encryption_payload_t object to destroy
147 */
148 void (*destroy) (encryption_payload_t *this);
149 };
150
151 /**
152 * @brief Creates an empty encryption_payload_t object.
153 *
154 * @return created encryption_payload_t object
155 *
156 * @ingroup payloads
157 */
158
159 encryption_payload_t *encryption_payload_create();
160
161 #endif /*ENCRYPTION_PAYLOAD_H_*/