2 * Copyright (C) 2005-2009 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * @defgroup signer signer
25 typedef enum integrity_algorithm_t integrity_algorithm_t
;
26 typedef struct signer_t signer_t
;
31 * Integrity algorithm, as in IKEv2 RFC 3.3.2.
33 * Algorithms not specified in IKEv2 are allocated in private use space.
35 enum integrity_algorithm_t
{
36 AUTH_UNDEFINED
= 1024,
40 AUTH_HMAC_SHA1_96
= 2,
48 AUTH_HMAC_MD5_128
= 6,
50 AUTH_HMAC_SHA1_160
= 7,
54 AUTH_AES_128_GMAC
= 9,
56 AUTH_AES_192_GMAC
= 10,
58 AUTH_AES_256_GMAC
= 11,
60 AUTH_HMAC_SHA2_256_128
= 12,
62 AUTH_HMAC_SHA2_384_192
= 13,
64 AUTH_HMAC_SHA2_512_256
= 14,
66 AUTH_HMAC_SHA1_128
= 1025,
67 /** SHA256 96 bit truncation variant, supported by Linux kernels */
68 AUTH_HMAC_SHA2_256_96
= 1026,
69 /** SHA256 full length truncation variant, as used in TLS */
70 AUTH_HMAC_SHA2_256_256
= 1027,
71 /** SHA384 full length truncation variant, as used in TLS */
72 AUTH_HMAC_SHA2_384_384
= 1028,
73 /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
74 AUTH_CAMELLIA_XCBC_96
= 1029,
78 * enum names for integrity_algorithm_t.
80 extern enum_name_t
*integrity_algorithm_names
;
83 * Generic interface for a symmetric signature algorithm.
87 * Generate a signature.
89 * If buffer is NULL, data is processed and prepended to a next call until
90 * buffer is a valid pointer.
92 * @param data a chunk containing the data to sign
93 * @param buffer pointer where the signature will be written
94 * @return TRUE if signature created successfully
96 bool (*get_signature
)(signer_t
*this, chunk_t data
,
97 u_int8_t
*buffer
) __attribute__((warn_unused_result
));
100 * Generate a signature and allocate space for it.
102 * If chunk is NULL, data is processed and prepended to a next call until
103 * chunk is a valid chunk pointer.
105 * @param data a chunk containing the data to sign
106 * @param chunk chunk which will hold the allocated signature
107 * @return TRUE if signature allocated successfully
109 bool (*allocate_signature
)(signer_t
*this, chunk_t data
,
110 chunk_t
*chunk
) __attribute__((warn_unused_result
));
113 * Verify a signature.
115 * To verify a signature of multiple chunks of data, pass the
116 * data to get_signature() with a NULL buffer. verify_signature() acts
117 * as a final call and includes all data fed to get_signature().
119 * @param data a chunk containing the data to verify
120 * @param signature a chunk containing the signature
121 * @return TRUE, if signature is valid, FALSE otherwise
123 bool (*verify_signature
)(signer_t
*this, chunk_t data
, chunk_t signature
);
126 * Get the block size of this signature algorithm.
128 * @return block size in bytes
130 size_t (*get_block_size
)(signer_t
*this);
133 * Get the key size of the signature algorithm.
135 * @return key size in bytes
137 size_t (*get_key_size
)(signer_t
*this);
140 * Set the key for this object.
142 * @param key key to set
143 * @return TRUE if key set
145 bool (*set_key
)(signer_t
*this,
146 chunk_t key
) __attribute__((warn_unused_result
));
149 * Destroys a signer_t object.
151 void (*destroy
)(signer_t
*this);
154 #endif /** SIGNER_H_ @}*/