8170064095c4d2058e1de225b723e6c47411d0fe
[strongswan.git] / src / charon / encoding / payloads / encryption_payload.h
1 /*
2 * Copyright (C) 2005-2006 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * $Id$
17 */
18
19 /**
20 * @defgroup encryption_payload encryption_payload
21 * @{ @ingroup payloads
22 */
23
24 #ifndef ENCRYPTION_PAYLOAD_H_
25 #define ENCRYPTION_PAYLOAD_H_
26
27 typedef struct encryption_payload_t encryption_payload_t;
28
29 #include <library.h>
30 #include <crypto/crypters/crypter.h>
31 #include <crypto/signers/signer.h>
32 #include <encoding/payloads/payload.h>
33 #include <utils/linked_list.h>
34
35 /**
36 * Encrpytion payload length in bytes without IV and following data.
37 */
38 #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
39
40
41 /**
42 * The encryption payload as described in RFC section 3.14.
43 *
44 * Before any crypt/decrypt/sign/verify operation can occur,
45 * the transforms must be set. After that, a parsed encryption payload
46 * can be decrypted, which also will parse the contained payloads.
47 * Encryption is done the same way, added payloads will get generated
48 * and then encrypted.
49 * For signature building, there is the FULL packet needed. Meaning it
50 * must be builded after generation of all payloads and the encryption
51 * of the encryption payload.
52 * Signature verificatin is done before decryption.
53 */
54 struct encryption_payload_t {
55 /**
56 * Implements payload_t interface.
57 */
58 payload_t payload_interface;
59
60 /**
61 * Creates an iterator for all contained payloads.
62 *
63 * iterator_t object has to get destroyed by the caller.
64 *
65 * @param forward iterator direction (TRUE: front to end)
66 * return created iterator_t object
67 */
68 iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
69
70 /**
71 * Adds a payload to this encryption payload.
72 *
73 * @param payload payload_t object to add
74 */
75 void (*add_payload) (encryption_payload_t *this, payload_t *payload);
76
77 /**
78 * Reove the last payload in the contained payload list.
79 *
80 * @param payload removed payload
81 * @return
82 * - SUCCESS, or
83 * - NOT_FOUND if list empty
84 */
85 status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
86
87 /**
88 * Get the number of payloads.
89 *
90 * @return number of contained payloads
91 */
92 size_t (*get_payload_count) (encryption_payload_t *this);
93
94 /**
95 * Set transforms to use.
96 *
97 * To decryption, encryption, signature building and verifying,
98 * the payload needs a crypter and a signer object.
99 *
100 * @warning Do NOT call this function again after encryption, since
101 * the signer must be the same while encrypting and signature building!
102 *
103 * @param crypter crypter_t to use for data de-/encryption
104 * @param signer signer_t to use for data signing/verifying
105 */
106 void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
107
108 /**
109 * Generate and encrypt contained payloads.
110 *
111 * This function generates the content for added payloads
112 * and encrypts them. Signature is not built, since we need
113 * additional data (the full message).
114 *
115 * @return SUCCESS, or INVALID_STATE if transforms not set
116 */
117 status_t (*encrypt) (encryption_payload_t *this);
118
119 /**
120 * Decrypt and parse contained payloads.
121 *
122 * This function decrypts the contained data. After,
123 * the payloads are parsed internally and are accessible
124 * via the iterator.
125 *
126 * @return
127 * - SUCCESS, or
128 * - INVALID_STATE if transforms not set, or
129 * - FAILED if data is invalid
130 */
131 status_t (*decrypt) (encryption_payload_t *this);
132
133 /**
134 * Build the signature.
135 *
136 * The signature is built over the FULL message, so the header
137 * and every payload (inclusive this one) must already be generated.
138 * The generated message is supplied via the data paramater.
139 *
140 * @param data chunk contains the already generated message
141 * @return
142 * - SUCCESS, or
143 * - INVALID_STATE if transforms not set
144 */
145 status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
146
147 /**
148 * Verify the signature.
149 *
150 * Since the signature is built over the full message, we need
151 * this data to do the verification. The message data
152 * is supplied via the data argument.
153 *
154 * @param data chunk contains the message
155 * @return
156 * - SUCCESS, or
157 * - FAILED if signature invalid, or
158 * - INVALID_STATE if transforms not set
159 */
160 status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
161
162 /**
163 * Destroys an encryption_payload_t object.
164 */
165 void (*destroy) (encryption_payload_t *this);
166 };
167
168 /**
169 * Creates an empty encryption_payload_t object.
170 *
171 * @return encryption_payload_t object
172 */
173 encryption_payload_t *encryption_payload_create(void);
174
175 #endif /*ENCRYPTION_PAYLOAD_H_ @} */