From d29a82a9d4b517fada07d220c730d4d9b5fd210e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 2 Sep 2010 19:15:16 +0200 Subject: Added generic TLS data sign/verify, hash/sig algorithm construction --- src/libtls/tls_crypto.h | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'src/libtls/tls_crypto.h') diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h index be4005dad..833928a8a 100644 --- a/src/libtls/tls_crypto.h +++ b/src/libtls/tls_crypto.h @@ -328,6 +328,13 @@ struct tls_crypto_t { tls_cipher_suite_t (*select_cipher_suite)(tls_crypto_t *this, tls_cipher_suite_t *suites, int count); + /** + * Write the list of supported hash/sig algorithms to writer. + * + * @param writer writer to write supported hash/sig algorithms + */ + void (*get_signature_algorithms)(tls_crypto_t *this, tls_writer_t *writer); + /** * Set the protection layer of the TLS stack to control it. * @@ -344,6 +351,29 @@ struct tls_crypto_t { void (*append_handshake)(tls_crypto_t *this, tls_handshake_type_t type, chunk_t data); + /** + * Sign a blob of data, append signature to writer. + * + * @param key private key to use for signature + * @param writer TLS writer to write signature to + * @param data data to sign + * @param hashsig list of TLS1.2 hash/sig algorithms to select from + * @return TRUE if signature create successfully + */ + bool (*sign)(tls_crypto_t *this, private_key_t *key, + tls_writer_t *writer, chunk_t data, chunk_t hashsig); + + /** + * Verify a blob of data, read signature from a reader. + * + * @param key public key to verify signature with + * @param reader TLS reader to read signature from + * @param data data to verify signature + * @return TRUE if signature valid + */ + bool (*verify)(tls_crypto_t *this, public_key_t *key, + tls_reader_t *reader, chunk_t data); + /** * Create a signature of the handshake data using a given private key. * -- cgit v1.2.3