src/dnssec-crypto.h

#ifndef DNSSEC_CRYPTO_H
#define DNSSEC_CRYPTO_H

/* 
 * vtable for a signature verification algorithm.
 *
 * Each algorithm verifies that a certain signature over a (possibly non-contigous)
 * array of data has been made with the specified key.
 *
 * Sample of usage:
 *
 *    // First, set the signature we need to check. Notice: data is not copied
 *    // nor consumed, so the pointer must stay valid.
 *    alg->set_signature(sig, 16);
 *
 *    // Second, push the data in; data is consumed immediately, so the buffer
 *    // can be freed or modified.
 *    alg->begin_data();
 *    alg->add_data(buf1, 123);
 *    alg->add_data(buf2, 45);
 *    alg->add_data(buf3, 678);
 *    alg->end_data();
 *
 *    // Third, verify if we got the correct key for this signature.
 *    alg->verify(key1, 16);
 *    alg->verify(key2, 16);
 */ 

typedef struct VerifyAlgCtx VerifyAlgCtx;

typedef struct
{
  int (*set_signature)(VerifyAlgCtx *ctx, unsigned char *data, unsigned len);
  void (*begin_data)(VerifyAlgCtx *ctx);
  void (*add_data)(VerifyAlgCtx *ctx, void *data, unsigned len);
  void (*end_data)(VerifyAlgCtx *ctx);
  int (*verify)(VerifyAlgCtx *ctx, unsigned char *key, unsigned key_len);
} VerifyAlg;

struct VerifyAlgCtx
{
   const VerifyAlg *vtbl;
};

int verifyalg_supported(int algo);
VerifyAlgCtx* verifyalg_alloc(int algo);
void verifyalg_free(VerifyAlgCtx *a);
int verifyalg_algonum(VerifyAlgCtx *a);

#endif /* DNSSEC_CRYPTO_H */