blob: c89dd25947ecd368d5be3787f127a8fe7bc8fc9e [file] [log] [blame]
#ifndef DNSSEC_CRYPTO_H
#define DNSSEC_CRYPTO_H
/*
* vtable for a signature verification algorithm.
*
* Each algorithm verifies that a certain signature over a (possibly non-contigous)
* array of data has been made with the specified key.
*
* Sample of usage:
*
* // First, set the signature we need to check. Notice: data is not copied
* // nor consumed, so the pointer must stay valid.
* alg->set_signature(sig, 16);
*
* // Second, push the data in; data is consumed immediately, so the buffer
* // can be freed or modified.
* alg->begin_data();
* alg->add_data(buf1, 123);
* alg->add_data(buf2, 45);
* alg->add_data(buf3, 678);
* alg->end_data();
*
* // Third, verify if we got the correct key for this signature.
* alg->verify(key1, 16);
* alg->verify(key2, 16);
*/
typedef struct VerifyAlgCtx VerifyAlgCtx;
typedef struct
{
int (*set_signature)(VerifyAlgCtx *ctx, unsigned char *data, unsigned len);
void (*begin_data)(VerifyAlgCtx *ctx);
void (*add_data)(VerifyAlgCtx *ctx, void *data, unsigned len);
void (*end_data)(VerifyAlgCtx *ctx);
int (*verify)(VerifyAlgCtx *ctx, unsigned char *key, unsigned key_len);
} VerifyAlg;
struct VerifyAlgCtx
{
const VerifyAlg *vtbl;
};
int verifyalg_supported(int algo);
VerifyAlgCtx* verifyalg_alloc(int algo);
void verifyalg_free(VerifyAlgCtx *a);
int verifyalg_algonum(VerifyAlgCtx *a);
#endif /* DNSSEC_CRYPTO_H */