(no commit message)
[strongswan.git] / src / libstrongswan / crypto / signers / signer.h
1 /**
2 * @file signer.h
3 *
4 * @brief Interface for signer_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #ifndef SIGNER_H_
24 #define SIGNER_H_
25
26 #include <types.h>
27 #include <definitions.h>
28
29 typedef enum integrity_algorithm_t integrity_algorithm_t;
30
31 /**
32 * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
33 *
34 * Currently only the following algorithms are implemented and therefore supported:
35 * - AUTH_HMAC_MD5_96
36 * - AUTH_HMAC_SHA1_96
37 *
38 * @ingroup signers
39 */
40 enum integrity_algorithm_t {
41 AUTH_UNDEFINED = 1024,
42 /**
43 * Implemented in class hmac_signer_t.
44 */
45 AUTH_HMAC_MD5_96 = 1,
46 /**
47 * Implemented in class hmac_signer_t.
48 */
49 AUTH_HMAC_SHA1_96 = 2,
50 AUTH_DES_MAC = 3,
51 AUTH_KPDK_MD5 = 4,
52 AUTH_AES_XCBC_96 = 5
53 };
54
55 /**
56 * String mappings for integrity_algorithm_t.
57 */
58 extern mapping_t integrity_algorithm_m[];
59
60
61 typedef struct signer_t signer_t;
62
63 /**
64 * @brief Generig interface for a symmetric signature algorithm.
65 *
66 * @b Constructors:
67 * - signer_create()
68 * - hmac_signer_create()
69 *
70 * @todo Implement more integrity algorithms
71 *
72 * @ingroup signers
73 */
74 struct signer_t {
75 /**
76 * @brief Generate a signature.
77 *
78 * @param this calling object
79 * @param data a chunk containing the data to sign
80 * @param[out] buffer pointer where the signature will be written
81 */
82 void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
83
84 /**
85 * @brief Generate a signature and allocate space for it.
86 *
87 * @param this calling object
88 * @param data a chunk containing the data to sign
89 * @param[out] chunk chunk which will hold the allocated signature
90 */
91 void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
92
93 /**
94 * @brief Verify a signature.
95 *
96 * @param this calling object
97 * @param data a chunk containing the data to verify
98 * @param signature a chunk containing the signature
99 * @return TRUE, if signature is valid, FALSE otherwise
100 */
101 bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature);
102
103 /**
104 * @brief Get the block size of this signature algorithm.
105 *
106 * @param this calling object
107 * @return block size in bytes
108 */
109 size_t (*get_block_size) (signer_t *this);
110
111 /**
112 * @brief Get the key size of the signature algorithm.
113 *
114 * @param this calling object
115 * @return key size in bytes
116 */
117 size_t (*get_key_size) (signer_t *this);
118
119 /**
120 * @brief Set the key for this object.
121 *
122 * @param this calling object
123 * @param key key to set
124 */
125 void (*set_key) (signer_t *this, chunk_t key);
126
127 /**
128 * @brief Destroys a signer_t object.
129 *
130 * @param this calling object
131 */
132 void (*destroy) (signer_t *this);
133 };
134
135 /**
136 * @brief Creates a new signer_t object.
137 *
138 * @param integrity_algorithm Algorithm to use for signing and verifying.
139 * @return
140 * - signer_t object
141 * - NULL if signer not supported
142 *
143 * @ingroup signers
144 */
145 signer_t *signer_create(integrity_algorithm_t integrity_algorithm);
146
147 #endif /*SIGNER_H_*/