4b03fc38815e80da4dab052011fcdf07c88ffec7
[strongswan.git] / src / libstrongswan / crypto / signers / signer.h
1 /**
2 * @file signer.h
3 *
4 * @brief Interface for signer_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2006 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #ifndef SIGNER_H_
25 #define SIGNER_H_
26
27 #include <types.h>
28 #include <definitions.h>
29
30 typedef enum integrity_algorithm_t integrity_algorithm_t;
31
32 /**
33 * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
34 *
35 * Currently only the following algorithms are implemented and therefore supported:
36 * - AUTH_HMAC_MD5_96
37 * - AUTH_HMAC_SHA1_96
38 *
39 * @ingroup signers
40 */
41 enum integrity_algorithm_t {
42 AUTH_UNDEFINED = 1024,
43 /**
44 * Implemented in class hmac_signer_t.
45 */
46 AUTH_HMAC_MD5_96 = 1,
47 /**
48 * Implemented in class hmac_signer_t.
49 */
50 AUTH_HMAC_SHA1_96 = 2,
51 AUTH_DES_MAC = 3,
52 AUTH_KPDK_MD5 = 4,
53 AUTH_AES_XCBC_96 = 5
54 };
55
56 /**
57 * String mappings for integrity_algorithm_t.
58 */
59 extern mapping_t integrity_algorithm_m[];
60
61
62 typedef struct signer_t signer_t;
63
64 /**
65 * @brief Generig interface for a symmetric signature algorithm.
66 *
67 * @b Constructors:
68 * - signer_create()
69 * - hmac_signer_create()
70 *
71 * @todo Implement more integrity algorithms
72 *
73 * @ingroup signers
74 */
75 struct signer_t {
76 /**
77 * @brief Generate a signature.
78 *
79 * @param this calling object
80 * @param data a chunk containing the data to sign
81 * @param[out] buffer pointer where the signature will be written
82 */
83 void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
84
85 /**
86 * @brief Generate a signature and allocate space for it.
87 *
88 * @param this calling object
89 * @param data a chunk containing the data to sign
90 * @param[out] chunk chunk which will hold the allocated signature
91 */
92 void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
93
94 /**
95 * @brief Verify a signature.
96 *
97 * @param this calling object
98 * @param data a chunk containing the data to verify
99 * @param signature a chunk containing the signature
100 * @return TRUE, if signature is valid, FALSE otherwise
101 */
102 bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature);
103
104 /**
105 * @brief Get the block size of this signature algorithm.
106 *
107 * @param this calling object
108 * @return block size in bytes
109 */
110 size_t (*get_block_size) (signer_t *this);
111
112 /**
113 * @brief Get the key size of the signature algorithm.
114 *
115 * @param this calling object
116 * @return key size in bytes
117 */
118 size_t (*get_key_size) (signer_t *this);
119
120 /**
121 * @brief Set the key for this object.
122 *
123 * @param this calling object
124 * @param key key to set
125 */
126 void (*set_key) (signer_t *this, chunk_t key);
127
128 /**
129 * @brief Destroys a signer_t object.
130 *
131 * @param this calling object
132 */
133 void (*destroy) (signer_t *this);
134 };
135
136 /**
137 * @brief Creates a new signer_t object.
138 *
139 * @param integrity_algorithm Algorithm to use for signing and verifying.
140 * @return
141 * - signer_t object
142 * - NULL if signer not supported
143 *
144 * @ingroup signers
145 */
146 signer_t *signer_create(integrity_algorithm_t integrity_algorithm);
147
148 #endif /*SIGNER_H_*/