1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/**
* @file signer.h
*
* @brief Interface for signer_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef SIGNER_H_
#define SIGNER_H_
#include <types.h>
#include <definitions.h>
typedef enum integrity_algorithm_t integrity_algorithm_t;
/**
* @brief Integrity algorithm, as in IKEv2 draft 3.3.2.
*
*/
enum integrity_algorithm_t {
AUTH_UNDEFINED = 1024,
AUTH_HMAC_MD5_96 = 1,
AUTH_HMAC_SHA1_96 = 2,
AUTH_DES_MAC = 3,
AUTH_KPDK_MD5 = 4,
AUTH_AES_XCBC_96 = 5
};
/**
* string mappings for integrity_algorithm_t
*/
extern mapping_t integrity_algorithm_m[];
typedef struct signer_t signer_t;
/**
* @brief Generig interface for a symmetric signature algorithm.
*
* @ingroup signers
*/
struct signer_t {
/**
* @brief Generate a signature.
*
* @param this calling signer
* @param data a chunk containing the data to sign
* @param[out] buffer pointer where the signature will be written
*/
void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
/**
* @brief Generate a signature and allocate space for it.
*
* @param this calling signer
* @param data a chunk containing the data to sign
* @param[out] chunk chunk which will hold the allocated signature
*/
void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk);
/**
* @brief Verify a signature.
*
* @param this calling signer
* @param data a chunk containing the data to verify
* @param signature a chunk containing the signature
* @param[out] vaild set to TRUE, if signature is valid, to FALSE otherwise
*/
void (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature, bool *valid);
/**
* @brief Get the block size of this signature algorithm.
*
* @param this calling signer
* @return block size in bytes
*/
size_t (*get_block_size) (signer_t *this);
/**
* @brief Set the key for this signer.
*
* @param this calling signer
* @param key key to set
*/
void (*set_key) (signer_t *this, chunk_t key);
/**
* @brief Destroys a signer object.
*
* @param this signer_t object to destroy
*/
void (*destroy) (signer_t *this);
};
/**
* @brief Creates a new signer_t object.
*
* @param integrity_algorithm Algorithm to use for signing and verifying.
* @return
* - signer_t if successfully,
* - NULL if signer not supported
*
* @ingroup signers
*/
signer_t *signer_create(integrity_algorithm_t integrity_algorithm);
#endif /*SIGNER_H_*/
|
