src/libstrongswan/crypto/signers/signer.h

   1 /*
   2  * Copyright (C) 2005-2009 Martin Willi
   3  * Copyright (C) 2005 Jan Hutter
   4  * Hochschule fuer Technik Rapperswil
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 /**
  18  * @defgroup signer signer
  19  * @{ @ingroup crypto
  20  */
  21
  22 #ifndef SIGNER_H_
  23 #define SIGNER_H_
  24
  25 typedef enum integrity_algorithm_t integrity_algorithm_t;
  26 typedef struct signer_t signer_t;
  27
  28 #include <library.h>
  29
  30 /**
  31  * Integrity algorithm, as in IKEv2 RFC 3.3.2.
  32  *
  33  * Algorithms not specified in IKEv2 are allocated in private use space.
  34  */
  35 enum integrity_algorithm_t {
  36         AUTH_UNDEFINED = 1024,
  37         /** RFC4306 */
  38         AUTH_HMAC_MD5_96 = 1,
  39         /** RFC4306 */
  40         AUTH_HMAC_SHA1_96 = 2,
  41         /** RFC4306 */
  42         AUTH_DES_MAC = 3,
  43         /** RFC1826 */
  44         AUTH_KPDK_MD5 = 4,
  45         /** RFC4306 */
  46         AUTH_AES_XCBC_96 = 5,
  47         /** RFC4595 */
  48         AUTH_HMAC_MD5_128 = 6,
  49         /** RFC4595 */
  50         AUTH_HMAC_SHA1_160 = 7,
  51         /** RFC4494 */
  52         AUTH_AES_CMAC_96 = 8,
  53         /** RFC4543 */
  54         AUTH_AES_128_GMAC = 9,
  55         /** RFC4543 */
  56         AUTH_AES_192_GMAC = 10,
  57         /** RFC4543 */
  58         AUTH_AES_256_GMAC = 11,
  59         /** RFC4868 */
  60         AUTH_HMAC_SHA2_256_128 = 12,
  61         /** RFC4868 */
  62         AUTH_HMAC_SHA2_384_192 = 13,
  63         /** RFC4868 */
  64         AUTH_HMAC_SHA2_512_256 = 14,
  65         /** private use */
  66         AUTH_HMAC_SHA1_128 = 1025,
  67         /** SHA256 96 bit truncation variant, supported by Linux kernels */
  68         AUTH_HMAC_SHA2_256_96 = 1026,
  69         /** SHA256 full length truncation variant, as used in TLS */
  70         AUTH_HMAC_SHA2_256_256 = 1027,
  71         /** SHA384 full length truncation variant, as used in TLS */
  72         AUTH_HMAC_SHA2_384_384 = 1028,
  73         /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
  74         AUTH_CAMELLIA_XCBC_96 = 1029,
  75 };
  76
  77 /**
  78  * enum names for integrity_algorithm_t.
  79  */
  80 extern enum_name_t *integrity_algorithm_names;
  81
  82 /**
  83  * Generic interface for a symmetric signature algorithm.
  84  */
  85 struct signer_t {
  86         /**
  87          * Generate a signature.
  88          *
  89          * If buffer is NULL, data is processed and prepended to a next call until
  90          * buffer is a valid pointer.
  91          *
  92          * @param data          a chunk containing the data to sign
  93          * @param buffer        pointer where the signature will be written
  94          * @return                      TRUE if signature created successfully
  95          */
  96         bool (*get_signature)(signer_t *this, chunk_t data,
  97                                                   u_int8_t *buffer) __attribute__((warn_unused_result));
  98
  99         /**
 100          * Generate a signature and allocate space for it.
 101          *
 102          * If chunk is NULL, data is processed and prepended to a next call until
 103          * chunk is a valid chunk pointer.
 104          *
 105          * @param data          a chunk containing the data to sign
 106          * @param chunk         chunk which will hold the allocated signature
 107          * @return                      TRUE if signature allocated successfully
 108          */
 109         bool (*allocate_signature)(signer_t *this, chunk_t data,
 110                                                   chunk_t *chunk) __attribute__((warn_unused_result));
 111
 112         /**
 113          * Verify a signature.
 114          *
 115          * To verify a signature of multiple chunks of data, pass the
 116          * data to get_signature() with a NULL buffer. verify_signature() acts
 117          * as a final call and includes all data fed to get_signature().
 118          *
 119          * @param data          a chunk containing the data to verify
 120          * @param signature     a chunk containing the signature
 121          * @return                      TRUE, if signature is valid, FALSE otherwise
 122          */
 123         bool (*verify_signature)(signer_t *this, chunk_t data, chunk_t signature);
 124
 125         /**
 126          * Get the block size of this signature algorithm.
 127          *
 128          * @return                      block size in bytes
 129          */
 130         size_t (*get_block_size)(signer_t *this);
 131
 132         /**
 133          * Get the key size of the signature algorithm.
 134          *
 135          * @return                      key size in bytes
 136          */
 137         size_t (*get_key_size)(signer_t *this);
 138
 139         /**
 140          * Set the key for this object.
 141          *
 142          * @param key           key to set
 143          * @return                      TRUE if key set
 144          */
 145         bool (*set_key)(signer_t *this,
 146                                         chunk_t key) __attribute__((warn_unused_result));
 147
 148         /**
 149          * Destroys a signer_t object.
 150          */
 151         void (*destroy)(signer_t *this);
 152 };
 153
 154 #endif /** SIGNER_H_ @}*/