signers implemented with HMAC now support NULL output parameters
[strongswan.git] / src / libstrongswan / crypto / signers / signer.h
1 /**
2 * @file signer.h
3 *
4 * @brief Interface for signer_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2006 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef SIGNER_H_
25 #define SIGNER_H_
26
27 typedef enum integrity_algorithm_t integrity_algorithm_t;
28 typedef struct signer_t signer_t;
29
30 #include <library.h>
31
32 /**
33 * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
34 *
35 * Algorithms not specified in IKEv2 are allocated in private use space.
36 *
37 * @ingroup signers
38 */
39 enum integrity_algorithm_t {
40 AUTH_UNDEFINED = 1024,
41 /** Implemented via hmac_signer_t */
42 AUTH_HMAC_MD5_96 = 1,
43 /** Implemented via hmac_signer_t */
44 AUTH_HMAC_SHA1_96 = 2,
45 AUTH_DES_MAC = 3,
46 AUTH_KPDK_MD5 = 4,
47 AUTH_AES_XCBC_96 = 5,
48 /** Implemented via hmac_signer_t */
49 AUTH_HMAC_SHA2_256_128 = 12,
50 /** Implemented via hmac_signer_t */
51 AUTH_HMAC_SHA2_384_192 = 13,
52 /** Implemented via hmac_signer_t */
53 AUTH_HMAC_SHA2_512_256 = 14,
54 /** Implemented via hmac_signer_t */
55 AUTH_HMAC_SHA1_128 = 1025,
56 };
57
58 /**
59 * enum names for integrity_algorithm_t.
60 */
61 extern enum_name_t *integrity_algorithm_names;
62
63 /**
64 * @brief Generig interface for a symmetric signature algorithm.
65 *
66 * @b Constructors:
67 * - signer_create()
68 * - hmac_signer_create()
69 *
70 * @todo Implement more integrity algorithms
71 *
72 * @ingroup signers
73 */
74 struct signer_t {
75 /**
76 * @brief Generate a signature.
77 *
78 * If buffer is NULL, data is processed and prepended to a next call until
79 * buffer is a valid pointer.
80 *
81 * @param this calling object
82 * @param data a chunk containing the data to sign
83 * @param[out] buffer pointer where the signature will be written
84 */
85 void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
86
87 /**
88 * @brief Generate a signature and allocate space for it.
89 *
90 * If chunk is NULL, data is processed and prepended to a next call until
91 * chunk is a valid chunk pointer.
92 *
93 * @param this calling object
94 * @param data a chunk containing the data to sign
95 * @param[out] chunk chunk which will hold the allocated signature
96 */
97 void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
98
99 /**
100 * @brief Verify a signature.
101 *
102 * @param this calling object
103 * @param data a chunk containing the data to verify
104 * @param signature a chunk containing the signature
105 * @return TRUE, if signature is valid, FALSE otherwise
106 */
107 bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature);
108
109 /**
110 * @brief Get the block size of this signature algorithm.
111 *
112 * @param this calling object
113 * @return block size in bytes
114 */
115 size_t (*get_block_size) (signer_t *this);
116
117 /**
118 * @brief Get the key size of the signature algorithm.
119 *
120 * @param this calling object
121 * @return key size in bytes
122 */
123 size_t (*get_key_size) (signer_t *this);
124
125 /**
126 * @brief Set the key for this object.
127 *
128 * @param this calling object
129 * @param key key to set
130 */
131 void (*set_key) (signer_t *this, chunk_t key);
132
133 /**
134 * @brief Destroys a signer_t object.
135 *
136 * @param this calling object
137 */
138 void (*destroy) (signer_t *this);
139 };
140
141 /**
142 * @brief Creates a new signer_t object.
143 *
144 * @param integrity_algorithm Algorithm to use for signing and verifying.
145 * @return
146 * - signer_t object
147 * - NULL if signer not supported
148 *
149 * @ingroup signers
150 */
151 signer_t *signer_create(integrity_algorithm_t integrity_algorithm);
152
153 #endif /*SIGNER_H_*/