- fixed message decryption
[strongswan.git] / Source / charon / encoding / payloads / encryption_payload.h
1 /**
2 * @file encryption_payload.h
3 *
4 * @brief Interface of encryption_payload_t.
5 */
6
7 /*
8 * Copyright (C) 2005 Jan Hutter, Martin Willi
9 * Hochschule fuer Technik Rapperswil
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
15 *
16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
18 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * for more details.
20 */
21
22 #ifndef ENCRYPTION_PAYLOAD_H_
23 #define ENCRYPTION_PAYLOAD_H_
24
25 #include <types.h>
26 #include <transforms/crypters/crypter.h>
27 #include <transforms/signers/signer.h>
28 #include <encoding/payloads/payload.h>
29 #include <utils/linked_list.h>
30
31 /**
32 * Encrpytion payload length in bytes without IV and following data.
33 */
34 #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
35
36
37 typedef struct encryption_payload_t encryption_payload_t;
38
39 /**
40 * @brief The encryption payload as described in RFC section 3.14.
41 *
42 * @ingroup payloads
43 */
44 struct encryption_payload_t {
45 /**
46 * Implements payload_t interface.
47 */
48 payload_t payload_interface;
49
50 /**
51 * @brief Creates an iterator for all contained payloads.
52 *
53 * @warning iterator_t object has to get destroyed by the caller.
54 *
55 * @param this calling encryption_payload_t object
56 * @param[in] forward iterator direction (TRUE: front to end)
57 * return created iterator_t object
58 */
59 iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
60
61 /**
62 * @brief Adds a payload to this encryption payload.
63 *
64 * @param this calling encryption_payload_t object
65 * @param payload payload_t object to add
66 */
67 void (*add_payload) (encryption_payload_t *this, payload_t *payload);
68
69 /**
70 * @brief Reove the last payload in the contained payload list.
71 *
72 * @param this calling encryption_payload_t object
73 * @param[out] payload removed payload
74 * @return
75 * - SUCCESS, or
76 * - NOT_FOUND if list empty
77 */
78 status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
79
80 /**
81 * @brief Get the number of payloads.
82 *
83 * @param this calling encryption_payload_t object
84 * @return number of contained payloads
85 */
86 size_t (*get_payload_count) (encryption_payload_t *this);
87
88 /**
89 * @brief Set transforms to use.
90 *
91 * To decryption, encryption, signature building and verifying,
92 * the payload needs a crypter and a signer object.
93 *
94 * @warning Do NOT call this function twice!
95 *
96 * @param this calling encryption_payload_t
97 * @param crypter crypter_t to use for data de-/encryption
98 * @param signer signer_t to use for data signing/verifying
99 */
100 void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
101
102 /**
103 * @brief Generate and encrypt contained payloads.
104 *
105 * This function generates the content for added payloads
106 * and encrypts them. Signature is not built, since we need
107 * additional data (the full message).
108 *
109 * @param this calling encryption_payload_t
110 * @return
111 * - SUCCESS, or
112 * - INVALID_STATE if transforms not set
113 */
114 status_t (*encrypt) (encryption_payload_t *this);
115
116 /**
117 * @brief Decrypt and parse contained payloads.
118 *
119 * This function decrypts the contained data. After,
120 * the payloads are parsed internally and are accessible
121 * via the iterator.
122 *
123 * @param this calling encryption_payload_t
124 * @return
125 * - SUCCESS, or
126 * - INVALID_STATE if transforms not set, or
127 * - FAILED if data is invalid
128 */
129 status_t (*decrypt) (encryption_payload_t *this);
130
131 /**
132 * @brief Build the signature.
133 *
134 * The signature is built over the FULL message, so the header
135 * and every payload (inclusive this one) must already be generated.
136 * The generated message is supplied via the data paramater.
137 *
138 * @param this calling encryption_payload_t
139 * @param data chunk contains the already generated message
140 * @return
141 * - SUCCESS, or
142 * - INVALID_STATE if transforms not set
143 */
144 status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
145
146 /**
147 * @brief Verify the signature.
148 *
149 * Since the signature is built over the full message, we need
150 * this data to do the verification. The message data
151 * is supplied via the data argument.
152 *
153 * @param this calling encryption_payload_t
154 * @param data chunk contains the message
155 * @return
156 * - SUCCESS, or
157 * - FAILED if signature invalid, or
158 * - INVALID_STATE if transforms not set
159 */
160 status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
161
162 /**
163 * @brief Destroys an encryption_payload_t object.
164 *
165 * @param this encryption_payload_t object to destroy
166 */
167 void (*destroy) (encryption_payload_t *this);
168 };
169
170 /**
171 * @brief Creates an empty encryption_payload_t object.
172 *
173 * @return created encryption_payload_t object
174 *
175 * @ingroup payloads
176 */
177
178 encryption_payload_t *encryption_payload_create();
179
180 #endif /*ENCRYPTION_PAYLOAD_H_*/