1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
/**
* @file encryption_payload.h
*
* @brief Interface of encryption_payload_t.
*/
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef ENCRYPTION_PAYLOAD_H_
#define ENCRYPTION_PAYLOAD_H_
typedef struct encryption_payload_t encryption_payload_t;
#include <library.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
#include <encoding/payloads/payload.h>
#include <utils/linked_list.h>
/**
* Encrpytion payload length in bytes without IV and following data.
*
* @ingroup payloads
*/
#define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
/**
* @brief The encryption payload as described in RFC section 3.14.
*
* Before any crypt/decrypt/sign/verify operation can occur,
* the transforms must be set. After that, a parsed encryption payload
* can be decrypted, which also will parse the contained payloads.
* Encryption is done the same way, added payloads will get generated
* and then encrypted.
* For signature building, there is the FULL packet needed. Meaning it
* must be builded after generation of all payloads and the encryption
* of the encryption payload.
* Signature verificatin is done before decryption.
*
* @b Constructors:
* - encryption_payload_create()
*
* @ingroup payloads
*/
struct encryption_payload_t {
/**
* Implements payload_t interface.
*/
payload_t payload_interface;
/**
* @brief Creates an iterator for all contained payloads.
*
* @warning iterator_t object has to get destroyed by the caller.
*
* @param this calling encryption_payload_t object
* @param[in] forward iterator direction (TRUE: front to end)
* return created iterator_t object
*/
iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
/**
* @brief Adds a payload to this encryption payload.
*
* @param this calling encryption_payload_t object
* @param payload payload_t object to add
*/
void (*add_payload) (encryption_payload_t *this, payload_t *payload);
/**
* @brief Reove the last payload in the contained payload list.
*
* @param this calling encryption_payload_t object
* @param[out] payload removed payload
* @return
* - SUCCESS, or
* - NOT_FOUND if list empty
*/
status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
/**
* @brief Get the number of payloads.
*
* @param this calling encryption_payload_t object
* @return number of contained payloads
*/
size_t (*get_payload_count) (encryption_payload_t *this);
/**
* @brief Set transforms to use.
*
* To decryption, encryption, signature building and verifying,
* the payload needs a crypter and a signer object.
*
* @warning Do NOT call this function again after encryption, since
* the signer must be the same while encrypting and signature building!
*
* @param this calling encryption_payload_t
* @param crypter crypter_t to use for data de-/encryption
* @param signer signer_t to use for data signing/verifying
*/
void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
/**
* @brief Generate and encrypt contained payloads.
*
* This function generates the content for added payloads
* and encrypts them. Signature is not built, since we need
* additional data (the full message).
*
* @param this calling encryption_payload_t
* @return
* - SUCCESS, or
* - INVALID_STATE if transforms not set
*/
status_t (*encrypt) (encryption_payload_t *this);
/**
* @brief Decrypt and parse contained payloads.
*
* This function decrypts the contained data. After,
* the payloads are parsed internally and are accessible
* via the iterator.
*
* @param this calling encryption_payload_t
* @return
* - SUCCESS, or
* - INVALID_STATE if transforms not set, or
* - FAILED if data is invalid
*/
status_t (*decrypt) (encryption_payload_t *this);
/**
* @brief Build the signature.
*
* The signature is built over the FULL message, so the header
* and every payload (inclusive this one) must already be generated.
* The generated message is supplied via the data paramater.
*
* @param this calling encryption_payload_t
* @param data chunk contains the already generated message
* @return
* - SUCCESS, or
* - INVALID_STATE if transforms not set
*/
status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
/**
* @brief Verify the signature.
*
* Since the signature is built over the full message, we need
* this data to do the verification. The message data
* is supplied via the data argument.
*
* @param this calling encryption_payload_t
* @param data chunk contains the message
* @return
* - SUCCESS, or
* - FAILED if signature invalid, or
* - INVALID_STATE if transforms not set
*/
status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
/**
* @brief Destroys an encryption_payload_t object.
*
* @param this encryption_payload_t object to destroy
*/
void (*destroy) (encryption_payload_t *this);
};
/**
* @brief Creates an empty encryption_payload_t object.
*
* @return encryption_payload_t object
*
* @ingroup payloads
*/
encryption_payload_t *encryption_payload_create(void);
#endif /*ENCRYPTION_PAYLOAD_H_*/
|