summaryrefslogtreecommitdiff
path: root/src/libstrongswan/crypto/hashers/hasher.h
blob: ec0c6320b96c6faa635fe5c6428f224858cc24bf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
/*
 * Copyright (C) 2016-2017 Andreas Steffen
 * Copyright (C) 2012-2015 Tobias Brunner
 * Copyright (C) 2005-2006 Martin Willi
 * Copyright (C) 2005 Jan Hutter
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup hasher hasher
 * @{ @ingroup crypto
 */

#ifndef HASHER_H_
#define HASHER_H_

typedef enum hash_algorithm_t hash_algorithm_t;
typedef struct hasher_t hasher_t;

#include <library.h>
#include <crypto/prfs/prf.h>
#include <crypto/signers/signer.h>
#include <credentials/keys/public_key.h>

/**
 * Hash algorithms as defined for IKEv2
 */
enum hash_algorithm_t {
	/* RFC 7427 */
	HASH_SHA1 			= 1,
	HASH_SHA256			= 2,
	HASH_SHA384			= 3,
	HASH_SHA512			= 4,
	/* draft-ietf-ipsecme-eddsa (RFC TBA) */
	HASH_IDENTITY		= 5,
	/* use private use range for algorithms not defined/permitted by RFC 7427 */
	HASH_UNKNOWN 		= 1024,
	HASH_MD2 			= 1025,
	HASH_MD4			= 1026,
	HASH_MD5 			= 1027,
	HASH_SHA224			= 1028,
	HASH_SHA3_224		= 1029,
	HASH_SHA3_256		= 1030,
	HASH_SHA3_384		= 1031,
	HASH_SHA3_512		= 1032
};

#define HASH_SIZE_MD2		16
#define HASH_SIZE_MD4		16
#define HASH_SIZE_MD5		16
#define HASH_SIZE_SHA1		20
#define HASH_SIZE_SHA224	28
#define HASH_SIZE_SHA256	32
#define HASH_SIZE_SHA384	48
#define HASH_SIZE_SHA512	64

/**
 * enum names for hash_algorithm_t.
 */
extern enum_name_t *hash_algorithm_names;

/**
 * Short names for hash_algorithm_names
 */
extern enum_name_t *hash_algorithm_short_names;

/**
 * Generic interface for all hash functions.
 */
struct hasher_t {

	/**
	 * Hash data and write it in the buffer.
	 *
	 * If the parameter hash is NULL, no result is written back
	 * and more data can be appended to already hashed data.
	 * If not, the result is written back and the hasher is reset.
	 *
	 * The hash output parameter must hold at least
	 * hash_t.get_block_size() bytes.
	 *
	 * @param data		data to hash
	 * @param hash		pointer where the hash will be written
	 * @return			TRUE if hash created successfully
	 */
	bool (*get_hash)(hasher_t *this, chunk_t data,
					 uint8_t *hash) __attribute__((warn_unused_result));

	/**
	 * Hash data and allocate space for the hash.
	 *
	 * If the parameter hash is NULL, no result is written back
	 * and more data can be appended to already hashed data.
	 * If not, the result is written back and the hasher is reset.
	 *
	 * @param data		chunk with data to hash
	 * @param hash		chunk which will hold allocated hash
	 * @return			TRUE if hash allocated successfully
	 */
	bool (*allocate_hash)(hasher_t *this, chunk_t data,
						  chunk_t *hash) __attribute__((warn_unused_result));

	/**
	 * Get the size of the resulting hash.
	 *
	 * @return			hash size in bytes
	 */
	size_t (*get_hash_size)(hasher_t *this);

	/**
	 * Resets the hasher's state.
	 *
	 * @return			TRUE if hasher reset successfully
	 */
	bool (*reset)(hasher_t *this) __attribute__((warn_unused_result));

	/**
	 * Destroys a hasher object.
	 */
	void (*destroy)(hasher_t *this);
};

/**
 * Conversion of ASN.1 OID to hash algorithm.
 *
 * @param oid			ASN.1 OID
 * @return				hash algorithm, HASH_UNKNOWN if OID unsupported
 */
hash_algorithm_t hasher_algorithm_from_oid(int oid);

/**
 * Conversion of PRF algorithm to hash algorithm (if based on one).
 *
 * @param alg			prf algorithm
 * @return				hash algorithm, HASH_UNKNOWN if not based on a hash
 */
hash_algorithm_t hasher_algorithm_from_prf(pseudo_random_function_t alg);

/**
 * Conversion of integrity algorithm to hash algorithm (if based on one).
 *
 * If length is not NULL the length of the resulting signature is returned,
 * which might be smaller than the output size of the underlying hash.
 *
 * @param alg			integrity algorithm
 * @param length		returns signature length, if not NULL
 * @return				hash algorithm, HASH_UNKNOWN if not based on a hash
 */
hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
												 size_t *length);

/**
 * Conversion of hash algorithm to integrity algorithm (if based on a hash).
 *
 * @param alg			hash algorithm
 * @param length		length of the signature
 * @return				integrity algorithm, AUTH_UNDEFINED if none is known
 * 						based on the given hash function
 */
integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
													size_t length);

/**
 * Check if the given algorithm may be used for IKEv2 signature authentication.
 *
 * @param alg			hash algorithm
 * @return				TRUE if algorithm may be used, FALSE otherwise
 */
bool hasher_algorithm_for_ikev2(hash_algorithm_t alg);

/**
 * Conversion of hash algorithm into ASN.1 OID.
 *
 * @param alg			hash algorithm
 * @return				ASN.1 OID, or OID_UNKNOW
 */
int hasher_algorithm_to_oid(hash_algorithm_t alg);

/**
 * Conversion of hash signature algorithm into ASN.1 OID.
 *
 * @param alg			hash algorithm
 * @param key			public key type
 * @return				ASN.1 OID if, or OID_UNKNOW
 */
int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key);

/**
 * Determine the hash algorithm associated with a given signature scheme.
 *
 * @param scheme		signature scheme
 * @return				hash algorithm (could be HASH_UNKNOWN)
 */
hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme);

#endif /** HASHER_H_ @}*/