sigscheme: Interface for signature schemes

There are no implementations yet.  This is split out like this for
review of the api.

We use struct buffer_if to feed key data into the scheme, in both
cases.  This will be convenient for implementations, The loadpub
caller will have the data from base91s, probably.  The loadpriv caller
will have it from a file, but we read the file in the common code.

The API we are introducing now expects each private key buffer to be
fed to the sig schemes one by one until they it finds one that likes
it.  This is in fact not necessary; it was needed in an earlier design
which does not otherwise survive in the published git history.  This
rather suboptimal API will be changed later.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/modules.c b/modules.c
index 24c145927c372d0d30d30c703625758cee016367..f63a149252997144320672f667962dbfae75294e 100644 (file)
--- a/modules.c
+++ b/modules.c
@@ -38,3 +38,7 @@ void init_builtin_modules(dict_t *dict)
     sha1_module(dict);
     log_module(dict);
 }
+
+const struct sigscheme_info sigschemes[]={
+    { 0 }
+};

diff --git a/secnet.h b/secnet.h
index 77ba017bbbdb1bf9b7f86581f7bcb95d35954f3d..ba3e45ddf3989eb97c99b71cc0b448e5dc3e6c71 100644 (file)
--- a/secnet.h
+++ b/secnet.h
@@ -55,6 +55,10 @@ struct hash_if;
 struct comm_if;
 struct comm_addr;
 struct priomsg;
+struct log_if;
+struct buffer_if;
+struct sigpubkey_if;
+struct sigprivkey_if;
 
 typedef char *string_t;
 typedef const char *cstring_t;
@@ -390,6 +394,42 @@ extern init_module log_module;
 
 /***** END of module support *****/
 
+/***** SIGNATURE SCHEMES *****/
+
+struct sigscheme_info;
+
+typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo,
+                                struct buffer_if *pubkeydata,
+                                struct sigpubkey_if **sigpub_r,
+                                struct log_if *log);
+  /* pubkeydata is (supposedly) for this algorithm.
+   * loadpub should log an error if it fails.
+   * pubkeydata may be modified (but not freed) */
+
+typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo,
+                                 struct buffer_if *privkeydata,
+                                 struct sigprivkey_if **sigpriv_r,
+                                 struct log_if *log);
+  /* privkeydata may contain data for any algorithm, not necessarily
+   * this one!  If it is not for this algorithm, return False and do
+   * not log anything (other than at M_DEBUG).  If it *is* for this
+   * algorithm but is wrong, log at M_ERROR.
+   * On entry privkeydata->base==start.  loadpriv may modify base and
+   * size, but not anything else.  So it may use unprepend and
+   * unappend. */
+
+struct sigscheme_info {
+    const char *name;
+    const uint8_t algid;
+    sigscheme_loadpub *loadpub;
+    sigscheme_loadpriv *loadpriv;
+};
+
+extern const struct sigscheme_info rsa1_sigscheme;
+extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */
+
+/***** END of signature schemes *****/
+
 /***** CLOSURE TYPES and interface definitions *****/
 
 #define CL_PURE         0