]>
Commit | Line | Data |
---|---|---|
552cc11b | 1 | /* |
a413571f | 2 | * Copyright (C) 2015-2017 Tobias Brunner |
db1ab1cd | 3 | * Copyright (C) 2014-2017 Andreas Steffen |
a413571f | 4 | * Copyright (C) 2007 Martin Willi |
19ef2aec TB |
5 | * |
6 | * Copyright (C) secunet Security Networks AG | |
552cc11b MW |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2 of the License, or (at your | |
11 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
15 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
16 | * for more details. | |
552cc11b | 17 | */ |
7daf5226 | 18 | |
552cc11b MW |
19 | /** |
20 | * @defgroup public_key public_key | |
21 | * @{ @ingroup keys | |
22 | */ | |
23 | ||
24 | #ifndef PUBLIC_KEY_H_ | |
25 | #define PUBLIC_KEY_H_ | |
26 | ||
27 | typedef struct public_key_t public_key_t; | |
28 | typedef enum key_type_t key_type_t; | |
552cc11b | 29 | typedef enum signature_scheme_t signature_scheme_t; |
33ddaaab | 30 | typedef enum encryption_scheme_t encryption_scheme_t; |
552cc11b | 31 | |
552cc11b | 32 | #include <utils/identification.h> |
24d327ab | 33 | #include <credentials/cred_encoding.h> |
552cc11b MW |
34 | |
35 | /** | |
36 | * Type of a key pair, the used crypto system | |
37 | */ | |
38 | enum key_type_t { | |
39 | /** key type wildcard */ | |
35bc60cc | 40 | KEY_ANY = 0, |
552cc11b | 41 | /** RSA crypto system as in PKCS#1 */ |
35bc60cc | 42 | KEY_RSA = 1, |
ea0823df | 43 | /** ECDSA as in ANSI X9.62 */ |
35bc60cc | 44 | KEY_ECDSA = 2, |
8b799d55 | 45 | /** DSA */ |
35bc60cc | 46 | KEY_DSA = 3, |
db1ab1cd | 47 | /** Ed25519 PureEdDSA instance as in RFC 8032 */ |
35bc60cc | 48 | KEY_ED25519 = 4, |
db1ab1cd | 49 | /** Ed448 PureEdDSA instance as in RFC 8032 */ |
35bc60cc | 50 | KEY_ED448 = 5, |
9d5b91d1 | 51 | /** BLISS */ |
35bc60cc | 52 | KEY_BLISS = 6, |
552cc11b MW |
53 | }; |
54 | ||
55 | /** | |
56 | * Enum names for key_type_t | |
57 | */ | |
58 | extern enum_name_t *key_type_names; | |
59 | ||
60 | /** | |
61 | * Signature scheme for signature creation | |
62 | * | |
8b799d55 | 63 | * EMSA-PKCS1 signatures are defined in PKCS#1 standard. |
7daf5226 | 64 | * A prepended ASN.1 encoded digestInfo field contains the |
472cb4ce | 65 | * OID of the used hash algorithm. |
552cc11b MW |
66 | */ |
67 | enum signature_scheme_t { | |
f3e87f59 AS |
68 | /** Unknown signature scheme */ |
69 | SIGN_UNKNOWN, | |
8b799d55 AS |
70 | /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */ |
71 | SIGN_RSA_EMSA_PKCS1_NULL, | |
72 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */ | |
552cc11b | 73 | SIGN_RSA_EMSA_PKCS1_MD5, |
8b799d55 | 74 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */ |
552cc11b | 75 | SIGN_RSA_EMSA_PKCS1_SHA1, |
40f2589a AS |
76 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */ |
77 | SIGN_RSA_EMSA_PKCS1_SHA2_224, | |
78 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */ | |
79 | SIGN_RSA_EMSA_PKCS1_SHA2_256, | |
80 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */ | |
81 | SIGN_RSA_EMSA_PKCS1_SHA2_384, | |
82 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */ | |
83 | SIGN_RSA_EMSA_PKCS1_SHA2_512, | |
84 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */ | |
85 | SIGN_RSA_EMSA_PKCS1_SHA3_224, | |
86 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */ | |
87 | SIGN_RSA_EMSA_PKCS1_SHA3_256, | |
88 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */ | |
89 | SIGN_RSA_EMSA_PKCS1_SHA3_384, | |
90 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */ | |
91 | SIGN_RSA_EMSA_PKCS1_SHA3_512, | |
677072ac TB |
92 | /** EMSA-PSS signature as in PKCS#1 using RSA */ |
93 | SIGN_RSA_EMSA_PSS, | |
472cb4ce MW |
94 | /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ |
95 | SIGN_ECDSA_WITH_SHA1_DER, | |
96 | /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */ | |
97 | SIGN_ECDSA_WITH_SHA256_DER, | |
98 | /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */ | |
99 | SIGN_ECDSA_WITH_SHA384_DER, | |
100 | /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ | |
101 | SIGN_ECDSA_WITH_SHA512_DER, | |
102 | /** ECDSA over precomputed digest, signature as in RFC 4754 */ | |
11e6d285 | 103 | SIGN_ECDSA_WITH_NULL, |
8b799d55 | 104 | /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */ |
ea0823df | 105 | SIGN_ECDSA_256, |
8b799d55 | 106 | /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */ |
ea0823df | 107 | SIGN_ECDSA_384, |
8b799d55 | 108 | /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ |
ea0823df | 109 | SIGN_ECDSA_521, |
375dfb90 | 110 | /** PureEdDSA on Curve25519 as in RFC 8410 */ |
35bc60cc | 111 | SIGN_ED25519, |
375dfb90 | 112 | /** PureEdDSA on Curve448 as in RFC 8410 */ |
35bc60cc | 113 | SIGN_ED448, |
a88d9589 AS |
114 | /** BLISS with SHA-2_256 */ |
115 | SIGN_BLISS_WITH_SHA2_256, | |
116 | /** BLISS with SHA-2_384 */ | |
117 | SIGN_BLISS_WITH_SHA2_384, | |
118 | /** BLISS with SHA-2_512 */ | |
119 | SIGN_BLISS_WITH_SHA2_512, | |
f6fede93 AS |
120 | /** BLISS with SHA-3_256 */ |
121 | SIGN_BLISS_WITH_SHA3_256, | |
122 | /** BLISS with SHA-3_384 */ | |
123 | SIGN_BLISS_WITH_SHA3_384, | |
124 | /** BLISS with SHA-3_512 */ | |
125 | SIGN_BLISS_WITH_SHA3_512, | |
552cc11b MW |
126 | }; |
127 | ||
128 | /** | |
129 | * Enum names for signature_scheme_t | |
130 | */ | |
131 | extern enum_name_t *signature_scheme_names; | |
132 | ||
33ddaaab MW |
133 | /** |
134 | * Encryption scheme for public key data encryption. | |
135 | */ | |
136 | enum encryption_scheme_t { | |
137 | /** Unknown encryption scheme */ | |
138 | ENCRYPT_UNKNOWN, | |
139 | /** RSAES-PKCS1-v1_5 as in PKCS#1 */ | |
140 | ENCRYPT_RSA_PKCS1, | |
141 | /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */ | |
142 | ENCRYPT_RSA_OAEP_SHA1, | |
143 | /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */ | |
144 | ENCRYPT_RSA_OAEP_SHA224, | |
145 | /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */ | |
146 | ENCRYPT_RSA_OAEP_SHA256, | |
147 | /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */ | |
148 | ENCRYPT_RSA_OAEP_SHA384, | |
149 | /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */ | |
150 | ENCRYPT_RSA_OAEP_SHA512, | |
151 | }; | |
152 | ||
153 | /** | |
154 | * Enum names for encryption_scheme_t | |
155 | */ | |
156 | extern enum_name_t *encryption_scheme_names; | |
157 | ||
552cc11b MW |
158 | /** |
159 | * Abstract interface of a public key. | |
160 | */ | |
161 | struct public_key_t { | |
162 | ||
163 | /** | |
164 | * Get the key type. | |
165 | * | |
166 | * @return type of the key | |
167 | */ | |
168 | key_type_t (*get_type)(public_key_t *this); | |
7daf5226 | 169 | |
552cc11b MW |
170 | /** |
171 | * Verifies a signature against a chunk of data. | |
172 | * | |
a413571f TB |
173 | * @param scheme signature scheme to use for verification |
174 | * @param params optional parameters required by the specified scheme | |
552cc11b MW |
175 | * @param data data to check signature against |
176 | * @param signature signature to check | |
177 | * @return TRUE if signature matches | |
178 | */ | |
a413571f | 179 | bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params, |
552cc11b | 180 | chunk_t data, chunk_t signature); |
7daf5226 | 181 | |
552cc11b MW |
182 | /** |
183 | * Encrypt a chunk of data. | |
184 | * | |
33ddaaab | 185 | * @param scheme encryption scheme to use |
4abb29f6 | 186 | * @param params optional parameters required by the specified scheme |
8b799d55 AS |
187 | * @param plain chunk containing plaintext data |
188 | * @param crypto where to allocate encrypted data | |
cbf5c2c6 | 189 | * @return TRUE if data successfully encrypted |
552cc11b | 190 | */ |
33ddaaab | 191 | bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme, |
4abb29f6 | 192 | void *params, chunk_t plain, chunk_t *crypto); |
7daf5226 | 193 | |
8b799d55 AS |
194 | /** |
195 | * Check if two public keys are equal. | |
7daf5226 | 196 | * |
8b799d55 AS |
197 | * @param other other public key |
198 | * @return TRUE, if equality | |
199 | */ | |
200 | bool (*equals)(public_key_t *this, public_key_t *other); | |
201 | ||
552cc11b | 202 | /** |
a944d209 | 203 | * Get the strength of the key in bits. |
7daf5226 | 204 | * |
a944d209 | 205 | * @return strength of the key in bits |
552cc11b | 206 | */ |
a944d209 | 207 | int (*get_keysize) (public_key_t *this); |
7daf5226 | 208 | |
552cc11b | 209 | /** |
1384a42e MW |
210 | * Get the fingerprint of the key. |
211 | * | |
da9724e6 | 212 | * @param type type of fingerprint, one of KEYID_* |
1384a42e MW |
213 | * @param fp fingerprint, points to internal data |
214 | * @return TRUE if fingerprint type supported | |
552cc11b | 215 | */ |
da9724e6 | 216 | bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type, |
1384a42e | 217 | chunk_t *fp); |
7daf5226 | 218 | |
640ed4d5 MW |
219 | /** |
220 | * Check if a key has a given fingerprint of any kind. | |
221 | * | |
222 | * @param fp fingerprint to check | |
223 | * @return TRUE if key has given fingerprint | |
224 | */ | |
225 | bool (*has_fingerprint)(public_key_t *this, chunk_t fp); | |
226 | ||
552cc11b | 227 | /** |
1384a42e | 228 | * Get the key in an encoded form as a chunk. |
552cc11b | 229 | * |
0ceb2888 | 230 | * @param type type of the encoding, one of PUBKEY_* |
1384a42e MW |
231 | * @param encoding encoding of the key, allocated |
232 | * @return TRUE if encoding supported | |
552cc11b | 233 | */ |
da9724e6 | 234 | bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type, |
1384a42e | 235 | chunk_t *encoding); |
7daf5226 | 236 | |
552cc11b MW |
237 | /** |
238 | * Increase the refcount of the key. | |
239 | * | |
240 | * @return this with an increased refcount | |
241 | */ | |
242 | public_key_t* (*get_ref)(public_key_t *this); | |
7daf5226 | 243 | |
552cc11b MW |
244 | /** |
245 | * Destroy a public_key instance. | |
246 | */ | |
247 | void (*destroy)(public_key_t *this); | |
248 | }; | |
249 | ||
edd354db | 250 | /** |
b3ab7a48 | 251 | * Generic public key equals() implementation, usable by implementers. |
edd354db | 252 | * |
cbf5c2c6 | 253 | * @param public public key to check |
28623fc5 | 254 | * @param other key to compare |
edd354db MW |
255 | * @return TRUE if this is equal to other |
256 | */ | |
cbf5c2c6 | 257 | bool public_key_equals(public_key_t *public, public_key_t *other); |
edd354db | 258 | |
640ed4d5 | 259 | /** |
b3ab7a48 | 260 | * Generic public key has_fingerprint() implementation, usable by implementers. |
640ed4d5 | 261 | * |
cbf5c2c6 | 262 | * @param public public key to check |
4952dc11 | 263 | * @param fingerprint fingerprint to check |
640ed4d5 MW |
264 | * @return TRUE if key has given fingerprint |
265 | */ | |
cbf5c2c6 | 266 | bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint); |
640ed4d5 | 267 | |
f3e87f59 AS |
268 | /** |
269 | * Conversion of ASN.1 signature or hash OID to signature scheme. | |
7daf5226 | 270 | * |
f3e87f59 | 271 | * @param oid ASN.1 OID |
353294ea | 272 | * @return signature scheme, SIGN_UNKNOWN if OID is unsupported |
f3e87f59 AS |
273 | */ |
274 | signature_scheme_t signature_scheme_from_oid(int oid); | |
275 | ||
353294ea TB |
276 | /** |
277 | * Conversion of signature scheme to ASN.1 signature OID. | |
278 | * | |
279 | * @param scheme signature scheme | |
280 | * @return ASN.1 OID, OID_UNKNOWN if not supported | |
281 | */ | |
282 | int signature_scheme_to_oid(signature_scheme_t scheme); | |
283 | ||
1f648d75 TB |
284 | /** |
285 | * Enumerate signature schemes that are appropriate for a key of the given type | |
6f97c0d5 | 286 | * and size|strength ordered by increasing strength. |
1f648d75 TB |
287 | * |
288 | * @param type type of the key | |
289 | * @param size size or strength of the key | |
6f97c0d5 | 290 | * @return enumerator over signature_params_t* (by strength) |
1f648d75 TB |
291 | */ |
292 | enumerator_t *signature_schemes_for_key(key_type_t type, int size); | |
293 | ||
0f29f5ed TB |
294 | /** |
295 | * Determine the type of key associated with a given signature scheme. | |
296 | * | |
297 | * @param scheme signature scheme | |
298 | * @return key type (could be KEY_ANY) | |
299 | */ | |
300 | key_type_t key_type_from_signature_scheme(signature_scheme_t scheme); | |
301 | ||
1f648d75 | 302 | |
1490ff4d | 303 | #endif /** PUBLIC_KEY_H_ @}*/ |