diff options
Diffstat (limited to 'Source/charon/transforms/signers/signer.h')
| -rw-r--r-- | Source/charon/transforms/signers/signer.h | 72 |
1 files changed, 49 insertions, 23 deletions
diff --git a/Source/charon/transforms/signers/signer.h b/Source/charon/transforms/signers/signer.h index b0a107e2f..5eb4c1875 100644 --- a/Source/charon/transforms/signers/signer.h +++ b/Source/charon/transforms/signers/signer.h @@ -1,7 +1,7 @@ /** * @file signer.h * - * @brief Generic interface for integrity algorithms + * @brief Interface for signer_t. * */ @@ -23,33 +23,55 @@ #ifndef SIGNER_H_ #define SIGNER_H_ -#include <encoding/payloads/transform_substructure.h> +#include <types.h> +#include <definitions.h> + +typedef enum integrity_algorithm_t integrity_algorithm_t; + +/** + * @brief Integrity algorithm, as in IKEv2 draft 3.3.2. + * + */ +enum integrity_algorithm_t { + AUTH_UNDEFINED = 1024, + AUTH_HMAC_MD5_96 = 1, + AUTH_HMAC_SHA1_96 = 2, + AUTH_DES_MAC = 3, + AUTH_KPDK_MD5 = 4, + AUTH_AES_XCBC_96 = 5 +}; + +/** + * string mappings for integrity_algorithm_t + */ +extern mapping_t integrity_algorithm_m[]; typedef struct signer_t signer_t; /** - * Object representing a diffie hellman exchange + * @brief Generig interface for a symmetric signature algorithm. + * + * @ingroup signers */ struct signer_t { /** - * @brief generates pseudo random bytes and writes them - * in the buffer + * @brief Generate a signature. * * @param this calling signer - * @param seed a chunk containing the seed for the next bytes - * @param [out]buffer pointer where the generated bytes will be written + * @param data a chunk containing the data to sign + * @param[out] buffer pointer where the signature will be written * @return * - SUCCESS in any case */ status_t (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer); /** - * @brief generates pseudo random bytes and allocate space for them + * @brief Generate a signature and allocate space for it. * * @param this calling signer - * @param seed a chunk containing the seed for the next bytes - * @param [out]chunk chunk which will hold generated bytes + * @param data a chunk containing the data to sign + * @param[out] chunk chunk which will hold the allocated signature * @return * - SUCCESS in any case * - OUT_OF_RES if space could not be allocated @@ -57,19 +79,19 @@ struct signer_t { status_t (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk); /** - * @brief generates pseudo random bytes and writes them - * in the buffer + * @brief Verify a signature. * * @param this calling signer - * @param seed a chunk containing the seed for the next bytes - * @param [out]buffer pointer where the generated bytes will be written + * @param data a chunk containing the data to verify + * @param signature a chunk containing the signature + * @param[out] vaild set to TRUE, if signature is valid, to FALSE otherwise * @return * - SUCCESS in any case */ status_t (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature, bool *valid); /** - * @brief get the block size of this signer + * @brief Get the block size of this signature algorithm. * * @param this calling signer * @return block size in bytes @@ -77,30 +99,34 @@ struct signer_t { size_t (*get_block_size) (signer_t *this); /** - * @brief Set the key for this signer + * @brief Set the key for this signer. * * @param this calling signer - * @return block size in bytes + * @param key key to set + * @return + * - SUCCESS in any case */ status_t (*set_key) (signer_t *this, chunk_t key); /** * @brief Destroys a signer object. * - * @param this signer_t object to destroy + * @param this signer_t object to destroy * @return - * SUCCESS in any case + * - SUCCESS in any case */ status_t (*destroy) (signer_t *this); }; /** - * Creates a new signer_t object + * @brief Creates a new signer_t object. * - * @param pseudo_random_function Algorithm to use + * @param integrity_algorithm Algorithm to use for signing and verifying. * @return - * - signer_t if successfully - * - NULL if out of ressources or signer not supported + * - signer_t if successfully + * - NULL if out of ressources or signer not supported + * + * @ingroup signers */ signer_t *signer_create(integrity_algorithm_t integrity_algorithm); |