Removed strayed code fragment
[strongswan.git] / src / charon / encoding / payloads / encryption_payload.h
1 /*
2 * Copyright (C) 2005-2006 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup encryption_payload encryption_payload
19 * @{ @ingroup payloads
20 */
21
22 #ifndef ENCRYPTION_PAYLOAD_H_
23 #define ENCRYPTION_PAYLOAD_H_
24
25 typedef struct encryption_payload_t encryption_payload_t;
26
27 #include <library.h>
28 #include <crypto/crypters/crypter.h>
29 #include <crypto/signers/signer.h>
30 #include <encoding/payloads/payload.h>
31 #include <utils/linked_list.h>
32
33 /**
34 * Encrpytion payload length in bytes without IV and following data.
35 */
36 #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
37
38
39 /**
40 * The encryption payload as described in RFC section 3.14.
41 *
42 * Before any crypt/decrypt/sign/verify operation can occur,
43 * the transforms must be set. After that, a parsed encryption payload
44 * can be decrypted, which also will parse the contained payloads.
45 * Encryption is done the same way, added payloads will get generated
46 * and then encrypted.
47 * For signature building, there is the FULL packet needed. Meaning it
48 * must be builded after generation of all payloads and the encryption
49 * of the encryption payload.
50 * Signature verificatin is done before decryption.
51 */
52 struct encryption_payload_t {
53 /**
54 * Implements payload_t interface.
55 */
56 payload_t payload_interface;
57
58 /**
59 * Creates an iterator for all contained payloads.
60 *
61 * iterator_t object has to get destroyed by the caller.
62 *
63 * @param forward iterator direction (TRUE: front to end)
64 * return created iterator_t object
65 */
66 iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
67
68 /**
69 * Adds a payload to this encryption payload.
70 *
71 * @param payload payload_t object to add
72 */
73 void (*add_payload) (encryption_payload_t *this, payload_t *payload);
74
75 /**
76 * Reove the last payload in the contained payload list.
77 *
78 * @param payload removed payload
79 * @return
80 * - SUCCESS, or
81 * - NOT_FOUND if list empty
82 */
83 status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
84
85 /**
86 * Get the number of payloads.
87 *
88 * @return number of contained payloads
89 */
90 size_t (*get_payload_count) (encryption_payload_t *this);
91
92 /**
93 * Set transforms to use.
94 *
95 * To decryption, encryption, signature building and verifying,
96 * the payload needs a crypter and a signer object.
97 *
98 * @warning Do NOT call this function again after encryption, since
99 * the signer must be the same while encrypting and signature building!
100 *
101 * @param crypter crypter_t to use for data de-/encryption
102 * @param signer signer_t to use for data signing/verifying
103 */
104 void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
105
106 /**
107 * Generate and encrypt contained payloads.
108 *
109 * This function generates the content for added payloads
110 * and encrypts them. Signature is not built, since we need
111 * additional data (the full message).
112 *
113 * @return SUCCESS, or INVALID_STATE if transforms not set
114 */
115 status_t (*encrypt) (encryption_payload_t *this);
116
117 /**
118 * Decrypt and parse contained payloads.
119 *
120 * This function decrypts the contained data. After,
121 * the payloads are parsed internally and are accessible
122 * via the iterator.
123 *
124 * @return
125 * - SUCCESS, or
126 * - INVALID_STATE if transforms not set, or
127 * - FAILED if data is invalid
128 */
129 status_t (*decrypt) (encryption_payload_t *this);
130
131 /**
132 * Build the signature.
133 *
134 * The signature is built over the FULL message, so the header
135 * and every payload (inclusive this one) must already be generated.
136 * The generated message is supplied via the data paramater.
137 *
138 * @param data chunk contains the already generated message
139 * @return
140 * - SUCCESS, or
141 * - INVALID_STATE if transforms not set
142 */
143 status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
144
145 /**
146 * Verify the signature.
147 *
148 * Since the signature is built over the full message, we need
149 * this data to do the verification. The message data
150 * is supplied via the data argument.
151 *
152 * @param data chunk contains the message
153 * @return
154 * - SUCCESS, or
155 * - FAILED if signature invalid, or
156 * - INVALID_STATE if transforms not set
157 */
158 status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
159
160 /**
161 * Destroys an encryption_payload_t object.
162 */
163 void (*destroy) (encryption_payload_t *this);
164 };
165
166 /**
167 * Creates an empty encryption_payload_t object.
168 *
169 * @return encryption_payload_t object
170 */
171 encryption_payload_t *encryption_payload_create(void);
172
173 #endif /** ENCRYPTION_PAYLOAD_H_ @}*/