privcache: New closure for signature key handling

[secnet.git] / secnet.h

diff --git a/secnet.h b/secnet.h
index b72bfc7fc42bc6ca26b65017851b8ffb6147f323..84e732d88fd2c952d5cbf5ddd9069b79246f67a1 100644 (file)
--- a/secnet.h
+++ b/secnet.h
@@ -55,6 +55,10 @@ struct hash_if;
 struct comm_if;
 struct comm_addr;
 struct priomsg;
+struct log_if;
+struct buffer_if;
+struct sigpubkey_if;
+struct sigprivkey_if;
 
 typedef char *string_t;
 typedef const char *cstring_t;
@@ -387,9 +391,46 @@ extern init_module slip_module;
 extern init_module tun_module;
 extern init_module sha1_module;
 extern init_module log_module;
+extern init_module privcache_module;
 
 /***** END of module support *****/
 
+/***** SIGNATURE SCHEMES *****/
+
+struct sigscheme_info;
+
+typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo,
+                                struct buffer_if *pubkeydata,
+                                struct sigpubkey_if **sigpub_r,
+                                struct log_if *log);
+  /* pubkeydata is (supposedly) for this algorithm.
+   * loadpub should log an error if it fails.
+   * pubkeydata may be modified (but not freed) */
+
+typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo,
+                                 struct buffer_if *privkeydata,
+                                 struct sigprivkey_if **sigpriv_r,
+                                 struct log_if *log);
+  /* privkeydata may contain data for any algorithm, not necessarily
+   * this one!  If it is not for this algorithm, return False and do
+   * not log anything (other than at M_DEBUG).  If it *is* for this
+   * algorithm but is wrong, log at M_ERROR.
+   * On entry privkeydata->base==start.  loadpriv may modify base and
+   * size, but not anything else.  So it may use unprepend and
+   * unappend. */
+
+struct sigscheme_info {
+    const char *name;
+    const uint8_t algid;
+    sigscheme_loadpub *loadpub;
+    sigscheme_loadpriv *loadpriv;
+};
+
+extern const struct sigscheme_info rsa1_sigscheme;
+extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */
+
+/***** END of signature schemes *****/
+
 /***** CLOSURE TYPES and interface definitions *****/
 
 #define CL_PURE         0
@@ -406,6 +447,7 @@ extern init_module log_module;
 #define CL_HASH        12
 #define CL_BUFFER      13
 #define CL_NETLINK     14
+#define CL_PRIVCACHE   15
 
 struct buffer_if;
 
@@ -451,6 +493,8 @@ struct random_if {
 /* SIGPUBKEY interface */
 
 typedef void sig_sethash_fn(void *st, struct hash_if *hash);
+typedef void sig_dispose_fn(void *st);
+
 typedef bool_t sig_unpick_fn(void *sst, struct buffer_if *msg,
                             struct alg_msg_data *sig);
 typedef bool_t sig_checksig_fn(void *st, uint8_t *data, int32_t datalen,
@@ -461,6 +505,7 @@ struct sigpubkey_if {
     sig_unpick_fn *unpick;
     sig_checksig_fn *check;
     const struct hash_if *hash;
+    sig_dispose_fn *dispose;
 };
 
 /* SIGPRIVKEY interface */
@@ -474,6 +519,20 @@ struct sigprivkey_if {
     sig_sethash_fn *sethash; /* must be called before use, if non-0 */
     sig_makesig_fn *sign;
     const struct hash_if *hash;
+    sig_dispose_fn *dispose;
+};
+
+/* PRIVCACHE interface */
+
+typedef struct sigprivkey_if *privcache_lookup_fn(void *st,
+                                          const struct sigkeyid *id,
+                                          struct log_if*);
+  /* Return is valid only until you return from the current event!
+   * You do not need to call ->sethash. */
+
+struct privcache_if {
+    void *st;
+    privcache_lookup_fn *lookup;
 };
 
 /* COMM interface */