updated integrity algorithm identifiers
[strongswan.git] / src / libstrongswan / crypto / signers / signer.h
1 /*
2 * Copyright (C) 2005-2009 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup signer signer
19 * @{ @ingroup crypto
20 */
21
22 #ifndef SIGNER_H_
23 #define SIGNER_H_
24
25 typedef enum integrity_algorithm_t integrity_algorithm_t;
26 typedef struct signer_t signer_t;
27
28 #include <library.h>
29
30 /**
31 * Integrity algorithm, as in IKEv2 RFC 3.3.2.
32 *
33 * Algorithms not specified in IKEv2 are allocated in private use space.
34 */
35 enum integrity_algorithm_t {
36 AUTH_UNDEFINED = 1024,
37 /** RFC4306 */
38 AUTH_HMAC_MD5_96 = 1,
39 /** RFC4306 */
40 AUTH_HMAC_SHA1_96 = 2,
41 /** RFC4306 */
42 AUTH_DES_MAC = 3,
43 /** RFC1826 */
44 AUTH_KPDK_MD5 = 4,
45 /** RFC4306 */
46 AUTH_AES_XCBC_96 = 5,
47 /** RFC4595 */
48 AUTH_HMAC_MD5_128 = 6,
49 /** RFC4595 */
50 AUTH_HMAC_SHA1_160 = 7,
51 /** RFC4494 */
52 AUTH_AES_CMAC_96 = 8,
53 /** RFC4543 */
54 AUTH_AES_128_GMAC = 9,
55 /** RFC4543 */
56 AUTH_AES_192_GMAC = 10,
57 /** RFC4543 */
58 AUTH_AES_256_GMAC = 11,
59 /** RFC4868 */
60 AUTH_HMAC_SHA2_256_128 = 12,
61 /** RFC4868 */
62 AUTH_HMAC_SHA2_384_192 = 13,
63 /** RFC4868 */
64 AUTH_HMAC_SHA2_512_256 = 14,
65 /** private use */
66 AUTH_HMAC_SHA1_128 = 1025,
67 };
68
69 /**
70 * enum names for integrity_algorithm_t.
71 */
72 extern enum_name_t *integrity_algorithm_names;
73
74 /**
75 * Generic interface for a symmetric signature algorithm.
76 */
77 struct signer_t {
78 /**
79 * Generate a signature.
80 *
81 * If buffer is NULL, data is processed and prepended to a next call until
82 * buffer is a valid pointer.
83 *
84 * @param data a chunk containing the data to sign
85 * @param buffer pointer where the signature will be written
86 */
87 void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
88
89 /**
90 * Generate a signature and allocate space for it.
91 *
92 * If chunk is NULL, data is processed and prepended to a next call until
93 * chunk is a valid chunk pointer.
94 *
95 * @param data a chunk containing the data to sign
96 * @param chunk chunk which will hold the allocated signature
97 */
98 void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
99
100 /**
101 * Verify a signature.
102 *
103 * @param data a chunk containing the data to verify
104 * @param signature a chunk containing the signature
105 * @return TRUE, if signature is valid, FALSE otherwise
106 */
107 bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature);
108
109 /**
110 * Get the block size of this signature algorithm.
111 *
112 * @return block size in bytes
113 */
114 size_t (*get_block_size) (signer_t *this);
115
116 /**
117 * Get the key size of the signature algorithm.
118 *
119 * @return key size in bytes
120 */
121 size_t (*get_key_size) (signer_t *this);
122
123 /**
124 * Set the key for this object.
125 *
126 * @param key key to set
127 */
128 void (*set_key) (signer_t *this, chunk_t key);
129
130 /**
131 * Destroys a signer_t object.
132 */
133 void (*destroy) (signer_t *this);
134 };
135
136 #endif /** SIGNER_H_ @}*/