diff options
Diffstat (limited to 'Source/charon/transforms')
19 files changed, 374 insertions, 116 deletions
diff --git a/Source/charon/transforms/crypters/crypter.c b/Source/charon/transforms/crypters/crypter.c index e69de29bb..79a02cf02 100644 --- a/Source/charon/transforms/crypters/crypter.c +++ b/Source/charon/transforms/crypters/crypter.c @@ -0,0 +1,45 @@ +/** + * @file crypter.c + * + * @brief Generic constructor for crypter_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#include "crypter.h" + + +/** + * string mappings for encryption_algorithm_t + */ +mapping_t encryption_algorithm_m[] = { +{ENCR_UNDEFINED, "ENCR_UNDEFINED"}, +{ENCR_DES_IV64, "ENCR_DES_IV64"}, +{ENCR_DES, "ENCR_DES"}, +{ENCR_3DES, "ENCR_3DES"}, +{ENCR_RC5, "ENCR_RC5"}, +{ENCR_IDEA, "ENCR_IDEA"}, +{ENCR_CAST, "ENCR_CAST"}, +{ENCR_BLOWFISH, "ENCR_BLOWFISH"}, +{ENCR_3IDEA, "ENCR_3IDEA"}, +{ENCR_DES_IV32, "ENCR_DES_IV32"}, +{ENCR_NULL, "ENCR_NULL"}, +{ENCR_AES_CBC, "ENCR_AES_CBC"}, +{ENCR_AES_CTR, "ENCR_AES_CTR"}, +{MAPPING_END, NULL} +}; diff --git a/Source/charon/transforms/crypters/crypter.h b/Source/charon/transforms/crypters/crypter.h index 3d5a6869b..f9de213c4 100644 --- a/Source/charon/transforms/crypters/crypter.h +++ b/Source/charon/transforms/crypters/crypter.h @@ -1,7 +1,7 @@ /** * @file crypter.h * - * @brief Generic interface for encryption algorithms + * @brief Interface of crypter_t * */ @@ -23,13 +23,41 @@ #ifndef CRYPTER_H_ #define CRYPTER_H_ -#include <encoding/payloads/transform_substructure.h> +#include <types.h> +typedef enum encryption_algorithm_t encryption_algorithm_t; + +/** + * @brief Encryption algorithm, as in IKEv2 draft 3.3.2 + */ +enum encryption_algorithm_t { + ENCR_UNDEFINED = 1024, + ENCR_DES_IV64 = 1, + ENCR_DES = 2, + ENCR_3DES = 3, + ENCR_RC5 = 4, + ENCR_IDEA = 5, + ENCR_CAST = 6, + ENCR_BLOWFISH = 7, + ENCR_3IDEA = 8, + ENCR_DES_IV32 = 9, + RESERVED = 10, + ENCR_NULL = 11, + ENCR_AES_CBC = 12, + ENCR_AES_CTR = 13 +}; + +/** + * string mappings for encryption_algorithm_t + */ +extern mapping_t encryption_algorithm_m[]; typedef struct crypter_t crypter_t; /** - * Object representing a crypter object + * @brief Generic interface for symmetric encryption algorithms. + * + * @ingroup crypters */ struct crypter_t { /** @@ -59,36 +87,38 @@ struct crypter_t { /** * @brief get the block size of this crypter * - * @param this calling crypter - * @return block size in bytes + * @param this calling crypter + * @return block size in bytes */ size_t (*get_block_size) (crypter_t *this); /** * @brief Set the key for this crypter * - * @param this calling crypter - * @return block size in bytes + * @param this calling crypter + * @param key key to set + * @return + * - SUCCESS in any case */ status_t (*set_key) (crypter_t *this, chunk_t key); /** - * @brief Destroys a crypter object. + * @brief Destroys a crypter_t object. * - * @param this crypter_t object to destroy + * @param this crypter_t object to destroy * @return - * SUCCESS in any case + * - SUCCESS in any case */ status_t (*destroy) (crypter_t *this); }; /** - * Creates a new crypter_t object + * @brief Generic constructor for crypter_t objects. * - * @param pseudo_random_function Algorithm to use + * @param encryption_algorithm Algorithm to use for crypter * @return - * - crypter_t if successfully - * - NULL if out of ressources or crypter not supported + * - crypter_t if successfully + * - NULL if out of ressources or crypter not supported */ crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm); diff --git a/Source/charon/transforms/diffie_hellman.c b/Source/charon/transforms/diffie_hellman.c index e018675fe..1992e5719 100644 --- a/Source/charon/transforms/diffie_hellman.c +++ b/Source/charon/transforms/diffie_hellman.c @@ -32,6 +32,23 @@ #include <utils/gmp_helper.h> +/** + * string mappings for diffie_hellman_group_t + */ +mapping_t diffie_hellman_group_m[] = { + {MODP_UNDEFINED, "MODP_UNDEFINED"}, + {MODP_768_BIT, "MODP_768_BIT"}, + {MODP_1024_BIT, "MODP_1024_BIT"}, + {MODP_1536_BIT, "MODP_1536_BIT"}, + {MODP_2048_BIT, "MODP_2048_BIT"}, + {MODP_3072_BIT, "MODP_3072_BIT"}, + {MODP_4096_BIT, "MODP_4096_BIT"}, + {MODP_6144_BIT, "MODP_6144_BIT"}, + {MODP_8192_BIT, "MODP_8192_BIT"}, + {MAPPING_END, NULL} +}; + + /** * Modulus of Group 1 (MODP_768_BIT) */ diff --git a/Source/charon/transforms/diffie_hellman.h b/Source/charon/transforms/diffie_hellman.h index ab1672d32..04cfb98d9 100644 --- a/Source/charon/transforms/diffie_hellman.h +++ b/Source/charon/transforms/diffie_hellman.h @@ -1,7 +1,7 @@ /** * @file diffie_hellman.h * - * @brief Class to represent a diffie hellman exchange. + * @brief Interface of diffie_hellman_t. * */ @@ -24,52 +24,81 @@ #define DIFFIE_HELLMAN_H_ #include <types.h> -#include <encoding/payloads/transform_substructure.h> + + +typedef enum diffie_hellman_group_t diffie_hellman_group_t; + +/** + * @brief Diffie-Hellman group. + * + * The modulus (or group) to use for a Diffie-Hellman calculation. + * + * @see IKEv2 draft 3.3.2 and RFC 3526. + */ +enum diffie_hellman_group_t { + MODP_UNDEFINED = 1024, + MODP_768_BIT = 1, + MODP_1024_BIT = 2, + MODP_1536_BIT = 5, + MODP_2048_BIT = 14, + MODP_3072_BIT = 15, + MODP_4096_BIT = 16, + MODP_6144_BIT = 17, + MODP_8192_BIT = 18 +}; + +/** + * string mappings for diffie_hellman_group_t + */ +extern mapping_t diffie_hellman_group_m[]; + typedef struct diffie_hellman_t diffie_hellman_t; /** - * Object representing a diffie hellman exchange + * @brief Implementation of the widely used Diffie-Hellman algorithm. * + * @ingroup transforms */ struct diffie_hellman_t { /** - * @brief Returns the shared secret of this diffie hellman exchange + * @brief Returns the shared secret of this diffie hellman exchange. * - * @warning Space for returned secret is allocated and has to get freed by the caller + * @warning Space for returned secret is allocated and must be + * freed by the caller. * * @param this calling diffie_hellman_t object * @param[out] secret shared secret will be written into this chunk * @return - * - SUCCESS + * - SUCCESS, or * - FAILED if not both DH values are set * - OUT_OF_RES if out of ressources */ status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret); /** - * @brief Sets the public value of partner + * @brief Sets the public value of partner. * * @warning chunk gets copied * * @param this calling diffie_hellman_t object * @param public_value public value of partner * @return - * - SUCCESS + * - SUCCESS, or * - OUT_OF_RES if out of ressources */ status_t (*set_other_public_value) (diffie_hellman_t *this, chunk_t public_value); /** - * @brief Gets the public value of partner + * @brief Gets the public value of partner. * * @warning chunk gets copied * * @param this calling diffie_hellman_t object - * @param[out] public_value public value of partner is stored at this location + * @param[out] public_value public value of partner is stored at this location * @return - * - SUCCESS + * - SUCCESS, or * - OUT_OF_RES if out of ressources * - FAILED if other public value not set */ @@ -81,9 +110,9 @@ struct diffie_hellman_t { * @warning chunk gets copied * * @param this calling diffie_hellman_t object - * @param[out] public_value public value of caller is stored at this location + * @param[out] public_value public value of caller is stored at this location * @return - * - SUCCESS + * - SUCCESS, or * - OUT_OF_RES if out of ressources */ status_t (*get_my_public_value) (diffie_hellman_t *this, chunk_t *public_value); @@ -91,22 +120,24 @@ struct diffie_hellman_t { /** * @brief Destroys an diffie_hellman_t object. * - * @param this diffie_hellman_t object to destroy + * @param this diffie_hellman_t object to destroy * @return - * SUCCESS in any case + * - SUCCESS in any case */ status_t (*destroy) (diffie_hellman_t *this); }; /** - * Creates a new diffie_hellman_t object + * @brief Creates a new diffie_hellman_t object. * - * The first diffie hellman public value gets automatically created + * The first diffie hellman public value gets automatically created. * * @param dh_group_number Diffie Hellman group number to use * @return * - diffie_hellman_t if successfully * - NULL if out of ressources or dh_group not supported + * + * @ingroup transforms */ diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number); diff --git a/Source/charon/transforms/hashers/hasher.c b/Source/charon/transforms/hashers/hasher.c index 983ae4bed..e71424ed3 100644 --- a/Source/charon/transforms/hashers/hasher.c +++ b/Source/charon/transforms/hashers/hasher.c @@ -1,7 +1,7 @@ /** * @file hasher.c * - * @brief Generic interface for hash functions + * @brief Generic constructor for hasher_t * */ @@ -26,7 +26,14 @@ #include <transforms/hashers/hasher_sha1.h> #include <transforms/hashers/hasher_md5.h> - +/** + * mappings for hash_algorithm_t + */ +mapping_t hash_algorithm_m[] = { + {HASH_SHA1, "HASH_SHA1"}, + {HASH_MD5, "HASH_MD5"}, + {MAPPING_END, NULL} +}; /* * Described in header diff --git a/Source/charon/transforms/hashers/hasher.h b/Source/charon/transforms/hashers/hasher.h index 8b4699a3e..ed4e0ee8d 100644 --- a/Source/charon/transforms/hashers/hasher.h +++ b/Source/charon/transforms/hashers/hasher.h @@ -1,7 +1,7 @@ /** * @file hasher.h * - * @brief Generic interface for hash functions + * @brief Interface for hasher_t. * */ @@ -29,18 +29,25 @@ typedef enum hash_algorithm_t hash_algorithm_t; /** - * algorithms to use for hashing + * @brief Algorithms to use for hashing. */ enum hash_algorithm_t { HASH_SHA1, HASH_MD5 }; +/** + * string mappings for hash_algorithm_t + */ +extern mapping_t hash_algorithm_m[]; + typedef struct hasher_t hasher_t; /** - * Object representing a hasher + * @brief Generic interface for all hash functions. + * + * @ingroup hashers */ struct hasher_t { /** @@ -51,7 +58,7 @@ struct hasher_t { * If not, the result is written back and the hasher is reset. * * @warning: the hash output parameter must hold at least - * #hash_t.get_block_size bytes. + * hash_t.get_block_size bytes. * * @param this calling hasher * @param data data to hash @@ -78,7 +85,7 @@ struct hasher_t { status_t (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash); /** - * @brief get the block size of this hashing function + * @brief Get the block size of this hashing function. * * @param this calling hasher * @return block size in bytes @@ -86,7 +93,7 @@ struct hasher_t { size_t (*get_block_size) (hasher_t *this); /** - * @brief reset the hashers state, which allows + * @brief Resets the hashers state, which allows * computation of a completly new hash. * * @param this calling hasher @@ -105,12 +112,14 @@ struct hasher_t { }; /** - * Creates a new hasher_t object + * @brief Generic interface to create a hasher_t. * - * @param hash_algorithm Algorithm to use for hashing + * @param hash_algorithm Algorithm to use for hashing * @return - * - hasher_t if successfully - * - NULL if out of ressources + * - hasher_t if successfully + * - NULL if out of ressources + * + * @ingroup hashers */ hasher_t *hasher_create(hash_algorithm_t hash_algorithm); diff --git a/Source/charon/transforms/hashers/hasher_md5.c b/Source/charon/transforms/hashers/hasher_md5.c index bfdd96785..0011e92a2 100644 --- a/Source/charon/transforms/hashers/hasher_md5.c +++ b/Source/charon/transforms/hashers/hasher_md5.c @@ -1,8 +1,7 @@ /** * @file hasher_md5.c * - * @brief Implementation of hasher_t interface using the - * md5 algorithm. + * @brief Implementation of hasher_md5_t. * */ diff --git a/Source/charon/transforms/hashers/hasher_md5.h b/Source/charon/transforms/hashers/hasher_md5.h index d7e9124ee..9912d665c 100644 --- a/Source/charon/transforms/hashers/hasher_md5.h +++ b/Source/charon/transforms/hashers/hasher_md5.h @@ -1,8 +1,7 @@ /** * @file hasher_md5.h * - * @brief Implementation of hasher_t interface using the - * md5 algorithm. + * @brief Interface for hasher_md5_t. * */ @@ -30,8 +29,10 @@ typedef struct hasher_md5_t hasher_md5_t; /** - * Object representing the md5 hasher + * @brief Implementation of hasher_t interface using the + * MD5 algorithm. * + * @ingroup hashers */ struct hasher_md5_t { @@ -42,11 +43,13 @@ struct hasher_md5_t { }; /** - * Creates a new hasher_md5_t object + * @brief Creates a new hasher_md5_t. * * @return - * - hasher_md5_t if successfully - * - NULL if out of ressources + * - hasher_md5_t if successfully + * - NULL if out of ressources + * + * @ingroup hashers */ hasher_md5_t *hasher_md5_create(); diff --git a/Source/charon/transforms/hashers/hasher_sha1.c b/Source/charon/transforms/hashers/hasher_sha1.c index 75057457a..e9d27e8cb 100644 --- a/Source/charon/transforms/hashers/hasher_sha1.c +++ b/Source/charon/transforms/hashers/hasher_sha1.c @@ -1,8 +1,7 @@ /** * @file hasher_sha1.c * - * @brief Implementation of hasher_t interface using the - * SHA1 algorithm. + * @brief Implementation of hasher_sha_t. * */ diff --git a/Source/charon/transforms/hashers/hasher_sha1.h b/Source/charon/transforms/hashers/hasher_sha1.h index 1f96d5d72..446dc6561 100644 --- a/Source/charon/transforms/hashers/hasher_sha1.h +++ b/Source/charon/transforms/hashers/hasher_sha1.h @@ -1,8 +1,7 @@ /** * @file hasher_sha1.h * - * @brief Implementation of hasher_t interface using the - * SHA1 algorithm. + * @brief Interface for the hasher_sha1_t * */ @@ -30,8 +29,10 @@ typedef struct hasher_sha1_t hasher_sha1_t; /** - * Object representing the sha1 hasher + * @brief Implementation of hasher_t interface using the + * SHA1 algorithm. * + * @ingroup hashers */ struct hasher_sha1_t { @@ -42,11 +43,13 @@ struct hasher_sha1_t { }; /** - * Creates a new hasher_sha1_t object + * @brief Creates a new hasher_sha1_t. * * @return - * - hasher_sha1_t if successfully - * - NULL if out of ressources + * - hasher_sha1_t if successfully + * - NULL if out of ressources + * + * @ingroup hashers */ hasher_sha1_t *hasher_sha1_create(); diff --git a/Source/charon/transforms/hmac.h b/Source/charon/transforms/hmac.h index 6b71a5570..3df69e838 100644 --- a/Source/charon/transforms/hmac.h +++ b/Source/charon/transforms/hmac.h @@ -51,7 +51,7 @@ struct hmac_t { * * @param this calling hmac * @param data chunk of data to authenticate - * @param [out]buffer pointer where the generated bytes will be written + * @param[out] buffer pointer where the generated bytes will be written * @return * - SUCCESS in any case */ @@ -68,7 +68,7 @@ struct hmac_t { * * @param this calling hmac * @param data chunk of data to authenticate - * @param [out]chunk chunk which will hold generated bytes + * @param[out] chunk chunk which will hold generated bytes * @return * - SUCCESS, or * - OUT_OF_RES if space could not be allocated diff --git a/Source/charon/transforms/prf_plus.c b/Source/charon/transforms/prf_plus.c index 2c6e16b00..64783b129 100644 --- a/Source/charon/transforms/prf_plus.c +++ b/Source/charon/transforms/prf_plus.c @@ -1,7 +1,7 @@ /** * @file prf_plus.c * - * @brief Implements the prf+ function described in IKEv2 draft. + * @brief Implementation of prf_plus_t. * */ diff --git a/Source/charon/transforms/prf_plus.h b/Source/charon/transforms/prf_plus.h index fb0e4cac0..c7396b5fc 100644 --- a/Source/charon/transforms/prf_plus.h +++ b/Source/charon/transforms/prf_plus.h @@ -1,7 +1,7 @@ /** * @file prf_plus.h * - * @brief Implements the prf+ function described in IKEv2 draft. + * @brief Interface for prf_plus.h. * */ @@ -30,15 +30,25 @@ typedef struct prf_plus_t prf_plus_t; /** - * Object representing a prf_plus + * @brief Implementation of the prf+ function described in IKEv2 draft. + * + * This class implements the prf+ algorithm. Internalliy it uses a pseudo random + * function, which implements the prf_t interface. + * + * @see IKEv2 draft 2.13 + * + * @ingroup transforms */ struct prf_plus_t { /** * @brief Get pseudo random bytes. * + * Get the next few bytes of the prf+ output. Space + * must be allocated by the caller. + * * @param this calling prf_plus * @param length number of bytes to get - * @param [out]buffer pointer where the generated bytes will be written + * @param[out] buffer pointer where the generated bytes will be written * @return * - SUCCESS in any case */ @@ -47,9 +57,12 @@ struct prf_plus_t { /** * @brief Allocate pseudo random bytes. * + * Get the next few bytes of the prf+ output. This function + * will allocate the required space. + * * @param this calling prf_plus * @param length number of bytes to get - * @param [out]chunk chunk which will hold generated bytes + * @param[out] chunk chunk which will hold generated bytes * @return * - SUCCESS in any case * - OUT_OF_RES if space could not be allocated @@ -57,7 +70,7 @@ struct prf_plus_t { status_t (*allocate_bytes) (prf_plus_t *this, size_t length, chunk_t *chunk); /** - * @brief Destroys a prf_plus object. + * @brief Destroys a prf_plus_t object. * * @param this prf_plus_t object to destroy * @return @@ -67,7 +80,7 @@ struct prf_plus_t { }; /** - * Creates a new prf_plus_t object + * @brief Creates a new prf_plus_t object. * * Seed will be cloned. prf will * not be cloned, must be destroyed outside after @@ -77,7 +90,9 @@ struct prf_plus_t { * @param seed input seed for prf * @return * - prf_plus_t if successfully - * - NULL if out of ressources or hash not supported + * - NULL if out of ressources + * + * @ingroup transforms */ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed); diff --git a/Source/charon/transforms/prfs/prf.c b/Source/charon/transforms/prfs/prf.c index ebf28d5c9..e1cc13990 100644 --- a/Source/charon/transforms/prfs/prf.c +++ b/Source/charon/transforms/prfs/prf.c @@ -1,7 +1,7 @@ /** * @file prf.c * - * @brief Generic interface for pseudo-random-functions + * @brief Generic constructor for all prf_t * */ @@ -27,6 +27,19 @@ #include <transforms/prfs/prf_hmac.h> +/** + * string mappings for encryption_algorithm_t + */ +mapping_t pseudo_random_function_m[] = { +{PRF_UNDEFINED, "PRF_UNDEFINED"}, +{PRF_HMAC_MD5, "PRF_HMAC_MD5"}, +{PRF_HMAC_SHA1, "PRF_HMAC_SHA1"}, +{PRF_HMAC_TIGER, "PRF_HMAC_TIGER"}, +{PRF_AES128_CBC, "PRF_AES128_CBC"}, +{MAPPING_END, NULL} +}; + + /* * Described in header */ diff --git a/Source/charon/transforms/prfs/prf.h b/Source/charon/transforms/prfs/prf.h index 2b6aab46e..9a79c6047 100644 --- a/Source/charon/transforms/prfs/prf.h +++ b/Source/charon/transforms/prfs/prf.h @@ -1,7 +1,7 @@ /** * @file prf.h * - * @brief Generic interface for pseudo-random-functions + * @brief Interface of prf_t. * */ @@ -23,35 +23,53 @@ #ifndef PRF_H_ #define PRF_H_ -#include <encoding/payloads/transform_substructure.h> +#include <types.h> + +typedef enum pseudo_random_function_t pseudo_random_function_t; + +/** + * @brief Pseudo random function, as in IKEv2 draft 3.3.2. + */ +enum pseudo_random_function_t { + PRF_UNDEFINED = 1024, + PRF_HMAC_MD5 = 1, + PRF_HMAC_SHA1 = 2, + PRF_HMAC_TIGER = 3, + PRF_AES128_CBC = 4 +}; + +/** + * string mappings for encryption_algorithm_t + */ +extern mapping_t pseudo_random_function_m[]; typedef struct prf_t prf_t; /** - * Object representing a diffie hellman exchange + * @brief Generic interface for pseudo-random-functions. * * @ingroup prfs */ struct prf_t { /** * @brief generates pseudo random bytes and writes them - * in the buffer + * in the buffer. * * @param this calling prf * @param seed a chunk containing the seed for the next bytes - * @param [out]buffer pointer where the generated bytes will be written + * @param[out] buffer pointer where the generated bytes will be written * @return * - SUCCESS in any case */ status_t (*get_bytes) (prf_t *this, chunk_t seed, u_int8_t *buffer); /** - * @brief generates pseudo random bytes and allocate space for them + * @brief generates pseudo random bytes and allocate space for them. * * @param this calling prf * @param seed a chunk containing the seed for the next bytes - * @param [out]chunk chunk which will hold generated bytes + * @param[out] chunk chunk which will hold generated bytes * @return * - SUCCESS in any case * - OUT_OF_RES if space could not be allocated @@ -59,7 +77,7 @@ struct prf_t { status_t (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk); /** - * @brief get the block size of this prf + * @brief get the block size of this prf. * * @param this calling prf * @return block size in bytes @@ -67,25 +85,27 @@ struct prf_t { size_t (*get_block_size) (prf_t *this); /** - * @brief Set the key for this prf + * @brief Set the key for this prf. * * @param this calling prf - * @return block size in bytes + * @param key key to set + * @return + * - SUCCESS in any case */ status_t (*set_key) (prf_t *this, chunk_t key); /** - * @brief Destroys a prf object. + * @brief Destroys a prf object.. * - * @param this prf_t object to destroy + * @param this prf_t object to destroy * @return - * SUCCESS in any case + * - SUCCESS in any case */ status_t (*destroy) (prf_t *this); }; /** - * Creates a new prf_t object + * @brief Generic constructor for a prf_t. * * @param pseudo_random_function Algorithm to use * @return diff --git a/Source/charon/transforms/prfs/prf_hmac.c b/Source/charon/transforms/prfs/prf_hmac.c index fdcce4af2..96e89ef80 100644 --- a/Source/charon/transforms/prfs/prf_hmac.c +++ b/Source/charon/transforms/prfs/prf_hmac.c @@ -1,8 +1,7 @@ /** * @file prf_hmac.c * - * @brief Implementation of prf_t interface using the - * a HMAC algorithm. This simply wraps a hmac in a prf. + * @brief Implementation for prf_hmac_t. * */ diff --git a/Source/charon/transforms/prfs/prf_hmac.h b/Source/charon/transforms/prfs/prf_hmac.h index 427cdd4d7..25ffd73ff 100644 --- a/Source/charon/transforms/prfs/prf_hmac.h +++ b/Source/charon/transforms/prfs/prf_hmac.h @@ -1,8 +1,7 @@ /** * @file prf_hmac.h * - * @brief Implementation of prf_t interface using the - * a HMAC algorithm. This simply wraps a hmac in a prf. + * @brief Interface for prf_hmac_t. * */ @@ -24,32 +23,38 @@ #ifndef PRF_HMAC_H_ #define PRF_HMAC_H_ -#include "prf.h" - #include <types.h> +#include <transforms/prfs/prf.h> #include <transforms/hashers/hasher.h> typedef struct prf_hmac_t prf_hmac_t; /** - * Object representing a prf using HMAC + * @brief Implementation of prf_t interface using the + * a HMAC algorithm. * + * This simply wraps a hmac_t in a prf_t. More a question of + * interface matchig. + * + * @ingroup prfs */ struct prf_hmac_t { /** - * generic prf_t interface for this prf + * Generic prf_t interface for this prf_hmac_t class. */ prf_t prf_interface; }; /** - * Creates a new prf_hmac_t object + * @brief Creates a new prf_hmac_t object * * @param hash_algorithm hmac's hash algorithm * @return * - prf_hmac_t if successfully * - NULL if out of ressources + * + * @ingroup prfs */ prf_hmac_t *prf_hmac_create(hash_algorithm_t hash_algorithm); diff --git a/Source/charon/transforms/signers/signer.c b/Source/charon/transforms/signers/signer.c index e69de29bb..3ecf58069 100644 --- a/Source/charon/transforms/signers/signer.c +++ b/Source/charon/transforms/signers/signer.c @@ -0,0 +1,37 @@ +/** + * @file signer.c + * + * @brief Implementation of generic signer_t constructor. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "signer.h" + + +/** + * string mappings for integrity_algorithm_t + */ +mapping_t integrity_algorithm_m[] = { + {AUTH_UNDEFINED, "AUTH_UNDEFINED"}, + {AUTH_HMAC_MD5_96, "AUTH_HMAC_MD5_96"}, + {AUTH_HMAC_SHA1_96, "AUTH_HMAC_SHA1_96"}, + {AUTH_DES_MAC, "AUTH_DES_MAC"}, + {AUTH_KPDK_MD5, "AUTH_KPDK_MD5"}, + {AUTH_AES_XCBC_96, "AUTH_AES_XCBC_96"}, + {MAPPING_END, NULL} +}; diff --git a/Source/charon/transforms/signers/signer.h b/Source/charon/transforms/signers/signer.h index b0a107e2f..5eb4c1875 100644 --- a/Source/charon/transforms/signers/signer.h +++ b/Source/charon/transforms/signers/signer.h @@ -1,7 +1,7 @@ /** * @file signer.h * - * @brief Generic interface for integrity algorithms + * @brief Interface for signer_t. * */ @@ -23,33 +23,55 @@ #ifndef SIGNER_H_ #define SIGNER_H_ -#include <encoding/payloads/transform_substructure.h> +#include <types.h> +#include <definitions.h> + +typedef enum integrity_algorithm_t integrity_algorithm_t; + +/** + * @brief Integrity algorithm, as in IKEv2 draft 3.3.2. + * + */ +enum integrity_algorithm_t { + AUTH_UNDEFINED = 1024, + AUTH_HMAC_MD5_96 = 1, + AUTH_HMAC_SHA1_96 = 2, + AUTH_DES_MAC = 3, + AUTH_KPDK_MD5 = 4, + AUTH_AES_XCBC_96 = 5 +}; + +/** + * string mappings for integrity_algorithm_t + */ +extern mapping_t integrity_algorithm_m[]; typedef struct signer_t signer_t; /** - * Object representing a diffie hellman exchange + * @brief Generig interface for a symmetric signature algorithm. + * + * @ingroup signers */ struct signer_t { /** - * @brief generates pseudo random bytes and writes them - * in the buffer + * @brief Generate a signature. * * @param this calling signer - * @param seed a chunk containing the seed for the next bytes - * @param [out]buffer pointer where the generated bytes will be written + * @param data a chunk containing the data to sign + * @param[out] buffer pointer where the signature will be written * @return * - SUCCESS in any case */ status_t (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer); /** - * @brief generates pseudo random bytes and allocate space for them + * @brief Generate a signature and allocate space for it. * * @param this calling signer - * @param seed a chunk containing the seed for the next bytes - * @param [out]chunk chunk which will hold generated bytes + * @param data a chunk containing the data to sign + * @param[out] chunk chunk which will hold the allocated signature * @return * - SUCCESS in any case * - OUT_OF_RES if space could not be allocated @@ -57,19 +79,19 @@ struct signer_t { status_t (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk); /** - * @brief generates pseudo random bytes and writes them - * in the buffer + * @brief Verify a signature. * * @param this calling signer - * @param seed a chunk containing the seed for the next bytes - * @param [out]buffer pointer where the generated bytes will be written + * @param data a chunk containing the data to verify + * @param signature a chunk containing the signature + * @param[out] vaild set to TRUE, if signature is valid, to FALSE otherwise * @return * - SUCCESS in any case */ status_t (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature, bool *valid); /** - * @brief get the block size of this signer + * @brief Get the block size of this signature algorithm. * * @param this calling signer * @return block size in bytes @@ -77,30 +99,34 @@ struct signer_t { size_t (*get_block_size) (signer_t *this); /** - * @brief Set the key for this signer + * @brief Set the key for this signer. * * @param this calling signer - * @return block size in bytes + * @param key key to set + * @return + * - SUCCESS in any case */ status_t (*set_key) (signer_t *this, chunk_t key); /** * @brief Destroys a signer object. * - * @param this signer_t object to destroy + * @param this signer_t object to destroy * @return - * SUCCESS in any case + * - SUCCESS in any case */ status_t (*destroy) (signer_t *this); }; /** - * Creates a new signer_t object + * @brief Creates a new signer_t object. * - * @param pseudo_random_function Algorithm to use + * @param integrity_algorithm Algorithm to use for signing and verifying. * @return - * - signer_t if successfully - * - NULL if out of ressources or signer not supported + * - signer_t if successfully + * - NULL if out of ressources or signer not supported + * + * @ingroup signers */ signer_t *signer_create(integrity_algorithm_t integrity_algorithm); |