programs/charon/lib/crypto/signers/signer.h

   1 /**
   2  * @file signer.h
   3  *
   4  * @brief Interface for signer_t.
   5  *
   6  */
   7
   8 /*
   9  * Copyright (C) 2005 Jan Hutter, Martin Willi
  10  * Hochschule fuer Technik Rapperswil
  11  *
  12  * This program is free software; you can redistribute it and/or modify it
  13  * under the terms of the GNU General Public License as published by the
  14  * Free Software Foundation; either version 2 of the License, or (at your
  15  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  16  *
  17  * This program is distributed in the hope that it will be useful, but
  18  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  19  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  20  * for more details.
  21  */
  22
  23 #ifndef SIGNER_H_
  24 #define SIGNER_H_
  25
  26 #include <types.h>
  27 #include <definitions.h>
  28
  29 typedef enum integrity_algorithm_t integrity_algorithm_t;
  30
  31 /**
  32  * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
  33  *
  34  * Currently only the following algorithms are implemented and therefore supported:
  35  * - AUTH_HMAC_MD5_96
  36  * - AUTH_HMAC_SHA1_96
  37  *
  38  * @ingroup signers
  39  */
  40 enum integrity_algorithm_t {
  41         AUTH_UNDEFINED = 1024,
  42         /**
  43          * Implemented in class hmac_signer_t.
  44          */
  45         AUTH_HMAC_MD5_96 = 1,
  46         /**
  47          * Implemented in class hmac_signer_t.
  48          */
  49         AUTH_HMAC_SHA1_96 = 2,
  50         AUTH_DES_MAC = 3,
  51         AUTH_KPDK_MD5 = 4,
  52         AUTH_AES_XCBC_96 = 5
  53 };
  54
  55 /**
  56  * String mappings for integrity_algorithm_t.
  57  */
  58 extern mapping_t integrity_algorithm_m[];
  59
  60
  61 typedef struct signer_t signer_t;
  62
  63 /**
  64  * @brief Generig interface for a symmetric signature algorithm.
  65  *
  66  * @b Constructors:
  67  *  - signer_create()
  68  *  - hmac_signer_create()
  69  *
  70  * @todo Implement more integrity algorithms
  71  *
  72  * @ingroup signers
  73  */
  74 struct signer_t {
  75         /**
  76          * @brief Generate a signature.
  77          *
  78          * @param this                  calling object
  79          * @param data                  a chunk containing the data to sign
  80          * @param[out] buffer   pointer where the signature will be written
  81          */
  82         void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
  83
  84         /**
  85          * @brief Generate a signature and allocate space for it.
  86          *
  87          * @param this                  calling object
  88          * @param data                  a chunk containing the data to sign
  89          * @param[out] chunk    chunk which will hold the allocated signature
  90          */
  91         void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
  92
  93         /**
  94          * @brief Verify a signature.
  95          *
  96          * @param this                  calling object
  97          * @param data                  a chunk containing the data to verify
  98          * @param signature             a chunk containing the signature
  99          * @return                              TRUE, if signature is valid, FALSE otherwise
 100          */
 101         bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature);
 102
 103         /**
 104          * @brief Get the block size of this signature algorithm.
 105          *
 106          * @param this                  calling object
 107          * @return                              block size in bytes
 108          */
 109         size_t (*get_block_size) (signer_t *this);
 110
 111         /**
 112          * @brief Get the key size of the signature algorithm.
 113          *
 114          * @param this                  calling object
 115          * @return                              key size in bytes
 116          */
 117         size_t (*get_key_size) (signer_t *this);
 118
 119         /**
 120          * @brief Set the key for this object.
 121          *
 122          * @param this                  calling object
 123          * @param key                   key to set
 124          */
 125         void (*set_key) (signer_t *this, chunk_t key);
 126
 127         /**
 128          * @brief Destroys a signer_t object.
 129          *
 130          * @param this                  calling object
 131          */
 132         void (*destroy) (signer_t *this);
 133 };
 134
 135 /**
 136  * @brief Creates a new signer_t object.
 137  *
 138  * @param integrity_algorithm   Algorithm to use for signing and verifying.
 139  * @return
 140  *                                                              - signer_t object
 141  *                                                              - NULL if signer not supported
 142  *
 143  * @ingroup signers
 144  */
 145 signer_t *signer_create(integrity_algorithm_t integrity_algorithm);
 146
 147 #endif /*SIGNER_H_*/