[thirdparty/strongswan.git] / src / libstrongswan / credentials / keys / public_key.h

/*
 * Copyright (C) 2015-2017 Tobias Brunner
 * Copyright (C) 2014-2017 Andreas Steffen
 * Copyright (C) 2007 Martin Willi
 *
 * Copyright (C) secunet Security Networks AG
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup public_key public_key
 * @{ @ingroup keys
 */

#ifndef PUBLIC_KEY_H_
#define PUBLIC_KEY_H_

typedef struct public_key_t public_key_t;
typedef enum key_type_t key_type_t;
typedef enum signature_scheme_t signature_scheme_t;
typedef enum encryption_scheme_t encryption_scheme_t;

#include <utils/identification.h>
#include <credentials/cred_encoding.h>

/**
 * Type of a key pair, the used crypto system
 */
enum key_type_t {
	/** key type wildcard */
	KEY_ANY     = 0,
	/** RSA crypto system as in PKCS#1 */
	KEY_RSA     = 1,
	/** ECDSA as in ANSI X9.62 */
	KEY_ECDSA   = 2,
	/** DSA */
	KEY_DSA     = 3,
	/** Ed25519 PureEdDSA instance as in RFC 8032 */
	KEY_ED25519 = 4,
	/** Ed448   PureEdDSA instance as in RFC 8032 */
	KEY_ED448   = 5,
	/** BLISS */
	KEY_BLISS = 6,
};

/**
 * Enum names for key_type_t
 */
extern enum_name_t *key_type_names;

/**
 * Signature scheme for signature creation
 *
 * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
 * A prepended ASN.1 encoded digestInfo field contains the
 * OID of the used hash algorithm.
 */
enum signature_scheme_t {
	/** Unknown signature scheme                                       */
	SIGN_UNKNOWN,
	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo       */
	SIGN_RSA_EMSA_PKCS1_NULL,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5       */
	SIGN_RSA_EMSA_PKCS1_MD5,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
	SIGN_RSA_EMSA_PKCS1_SHA1,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
	SIGN_RSA_EMSA_PKCS1_SHA2_224,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
	SIGN_RSA_EMSA_PKCS1_SHA2_256,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
	SIGN_RSA_EMSA_PKCS1_SHA2_384,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
	SIGN_RSA_EMSA_PKCS1_SHA2_512,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
	SIGN_RSA_EMSA_PKCS1_SHA3_224,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
	SIGN_RSA_EMSA_PKCS1_SHA3_256,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
	SIGN_RSA_EMSA_PKCS1_SHA3_384,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
	SIGN_RSA_EMSA_PKCS1_SHA3_512,
	/** EMSA-PSS signature as in PKCS#1 using RSA                      */
	SIGN_RSA_EMSA_PSS,
	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
	SIGN_ECDSA_WITH_SHA1_DER,
	/** ECDSA with SHA-256 using DER encoding as in RFC 3279           */
	SIGN_ECDSA_WITH_SHA256_DER,
	/** ECDSA with SHA-384 using DER encoding as in RFC 3279           */
	SIGN_ECDSA_WITH_SHA384_DER,
	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
	SIGN_ECDSA_WITH_SHA512_DER,
	/** ECDSA over precomputed digest, signature as in RFC 4754        */
	SIGN_ECDSA_WITH_NULL,
	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754           */
	SIGN_ECDSA_256,
	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754           */
	SIGN_ECDSA_384,
	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
	SIGN_ECDSA_521,
	/** PureEdDSA on Curve25519 as in RFC 8410                         */
	SIGN_ED25519,
	/** PureEdDSA on Curve448 as in RFC 8410                           */
	SIGN_ED448,
	/** BLISS with SHA-2_256                                           */
	SIGN_BLISS_WITH_SHA2_256,
	/** BLISS with SHA-2_384                                           */
	SIGN_BLISS_WITH_SHA2_384,
	/** BLISS with SHA-2_512                                           */
	SIGN_BLISS_WITH_SHA2_512,
	/** BLISS with SHA-3_256                                           */
	SIGN_BLISS_WITH_SHA3_256,
	/** BLISS with SHA-3_384                                           */
	SIGN_BLISS_WITH_SHA3_384,
	/** BLISS with SHA-3_512                                           */
	SIGN_BLISS_WITH_SHA3_512,
};

/**
 * Enum names for signature_scheme_t
 */
extern enum_name_t *signature_scheme_names;

/**
 * Encryption scheme for public key data encryption.
 */
enum encryption_scheme_t {
	/** Unknown encryption scheme                                      */
	ENCRYPT_UNKNOWN,
	/** RSAES-PKCS1-v1_5 as in PKCS#1                                  */
	ENCRYPT_RSA_PKCS1,
	/** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label          */
	ENCRYPT_RSA_OAEP_SHA1,
	/** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA224,
	/** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA256,
	/** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA384,
	/** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA512,
};

/**
 * Enum names for encryption_scheme_t
 */
extern enum_name_t *encryption_scheme_names;

/**
 * Abstract interface of a public key.
 */
struct public_key_t {

	/**
	 * Get the key type.
	 *
	 * @return			type of the key
	 */
	key_type_t (*get_type)(public_key_t *this);

	/**
	 * Verifies a signature against a chunk of data.
	 *
	 * @param scheme	signature scheme to use for verification
	 * @param params	optional parameters required by the specified scheme
	 * @param data		data to check signature against
	 * @param signature	signature to check
	 * @return			TRUE if signature matches
	 */
	bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params,
				   chunk_t data, chunk_t signature);

	/**
	 * Encrypt a chunk of data.
	 *
	 * @param scheme	encryption scheme to use
	 * @param params	optional parameters required by the specified scheme
	 * @param plain		chunk containing plaintext data
	 * @param crypto	where to allocate encrypted data
	 * @return			TRUE if data successfully encrypted
	 */
	bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
					void *params, chunk_t plain, chunk_t *crypto);

	/**
	 * Check if two public keys are equal.
	 *
	 * @param other		other public key
	 * @return			TRUE, if equality
	 */
	bool (*equals)(public_key_t *this, public_key_t *other);

	/**
	 * Get the strength of the key in bits.
	 *
	 * @return			strength of the key in bits
	 */
	int (*get_keysize) (public_key_t *this);

	/**
	 * Get the fingerprint of the key.
	 *
	 * @param type		type of fingerprint, one of KEYID_*
	 * @param fp		fingerprint, points to internal data
	 * @return			TRUE if fingerprint type supported
	 */
	bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
							chunk_t *fp);

	/**
	 * Check if a key has a given fingerprint of any kind.
	 *
	 * @param fp		fingerprint to check
	 * @return			TRUE if key has given fingerprint
	 */
	bool (*has_fingerprint)(public_key_t *this, chunk_t fp);

	/**
	 * Get the key in an encoded form as a chunk.
	 *
	 * @param type		type of the encoding, one of PUBKEY_*
	 * @param encoding	encoding of the key, allocated
	 * @return			TRUE if encoding supported
	 */
	bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
						 chunk_t *encoding);

	/**
	 * Increase the refcount of the key.
	 *
	 * @return			this with an increased refcount
	 */
	public_key_t* (*get_ref)(public_key_t *this);

	/**
	 * Destroy a public_key instance.
	 */
	void (*destroy)(public_key_t *this);
};

/**
 * Generic public key equals() implementation, usable by implementers.
 *
 * @param public		public key to check
 * @param other			key to compare
 * @return				TRUE if this is equal to other
 */
bool public_key_equals(public_key_t *public, public_key_t *other);

/**
 * Generic public key has_fingerprint() implementation, usable by implementers.
 *
 * @param public		public key to check
 * @param fingerprint	fingerprint to check
 * @return				TRUE if key has given fingerprint
 */
bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);

/**
 * Conversion of ASN.1 signature or hash OID to signature scheme.
 *
 * @param oid			ASN.1 OID
 * @return				signature scheme, SIGN_UNKNOWN if OID is unsupported
 */
signature_scheme_t signature_scheme_from_oid(int oid);

/**
 * Conversion of signature scheme to ASN.1 signature OID.
 *
 * @param scheme		signature scheme
 * @return				ASN.1 OID, OID_UNKNOWN if not supported
 */
int signature_scheme_to_oid(signature_scheme_t scheme);

/**
 * Enumerate signature schemes that are appropriate for a key of the given type
 * and size|strength ordered by increasing strength.
 *
 * @param type			type of the key
 * @param size			size or strength of the key
 * @return				enumerator over signature_params_t* (by strength)
 */
enumerator_t *signature_schemes_for_key(key_type_t type, int size);

/**
 * Determine the type of key associated with a given signature scheme.
 *
 * @param scheme		signature scheme
 * @return				key type (could be KEY_ANY)
 */
key_type_t key_type_from_signature_scheme(signature_scheme_t scheme);


#endif /** PUBLIC_KEY_H_ @}*/
Commit	Line	Data
552cc11b	1	/*
a413571f	2	* Copyright (C) 2015-2017 Tobias Brunner
db1ab1cd	3	* Copyright (C) 2014-2017 Andreas Steffen
a413571f	4	* Copyright (C) 2007 Martin Willi
19ef2aec TB	5	*
19ef2aec TB	6	* Copyright (C) secunet Security Networks AG
552cc11b MW	7	*
	8	* This program is free software; you can redistribute it and/or modify it
	9	* under the terms of the GNU General Public License as published by the
	10	* Free Software Foundation; either version 2 of the License, or (at your
	11	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	12	*
	13	* This program is distributed in the hope that it will be useful, but
	14	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	15	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	16	* for more details.
552cc11b	17	*/
7daf5226	18
552cc11b MW	19	/**
	20	* @defgroup public_key public_key
	21	* @{ @ingroup keys
	22	*/
	23
	24	#ifndef PUBLIC_KEY_H_
	25	#define PUBLIC_KEY_H_
	26
	27	typedef struct public_key_t public_key_t;
	28	typedef enum key_type_t key_type_t;
552cc11b	29	typedef enum signature_scheme_t signature_scheme_t;
33ddaaab	30	typedef enum encryption_scheme_t encryption_scheme_t;
552cc11b	31
552cc11b	32	#include <utils/identification.h>
24d327ab	33	#include <credentials/cred_encoding.h>
552cc11b MW	34
	35	/**
	36	* Type of a key pair, the used crypto system
	37	*/
	38	enum key_type_t {
	39	/** key type wildcard */
35bc60cc	40	KEY_ANY = 0,
552cc11b	41	/** RSA crypto system as in PKCS#1 */
35bc60cc	42	KEY_RSA = 1,
ea0823df	43	/** ECDSA as in ANSI X9.62 */
35bc60cc	44	KEY_ECDSA = 2,
8b799d55	45	/** DSA */
35bc60cc	46	KEY_DSA = 3,
db1ab1cd	47	/** Ed25519 PureEdDSA instance as in RFC 8032 */
35bc60cc	48	KEY_ED25519 = 4,
db1ab1cd	49	/** Ed448 PureEdDSA instance as in RFC 8032 */
35bc60cc	50	KEY_ED448 = 5,
9d5b91d1	51	/** BLISS */
35bc60cc	52	KEY_BLISS = 6,
552cc11b MW	53	};
	54
	55	/**
	56	* Enum names for key_type_t
	57	*/
	58	extern enum_name_t *key_type_names;
	59
	60	/**
	61	* Signature scheme for signature creation
	62	*
8b799d55	63	* EMSA-PKCS1 signatures are defined in PKCS#1 standard.
7daf5226	64	* A prepended ASN.1 encoded digestInfo field contains the
472cb4ce	65	* OID of the used hash algorithm.
552cc11b MW	66	*/
552cc11b MW	67	enum signature_scheme_t {
f3e87f59 AS	68	/** Unknown signature scheme */
f3e87f59 AS	69	SIGN_UNKNOWN,
8b799d55 AS	70	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
	71	SIGN_RSA_EMSA_PKCS1_NULL,
	72	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
552cc11b	73	SIGN_RSA_EMSA_PKCS1_MD5,
8b799d55	74	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
552cc11b	75	SIGN_RSA_EMSA_PKCS1_SHA1,
40f2589a AS	76	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
	77	SIGN_RSA_EMSA_PKCS1_SHA2_224,
	78	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
	79	SIGN_RSA_EMSA_PKCS1_SHA2_256,
	80	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
	81	SIGN_RSA_EMSA_PKCS1_SHA2_384,
	82	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
	83	SIGN_RSA_EMSA_PKCS1_SHA2_512,
	84	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
	85	SIGN_RSA_EMSA_PKCS1_SHA3_224,
	86	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
	87	SIGN_RSA_EMSA_PKCS1_SHA3_256,
	88	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
	89	SIGN_RSA_EMSA_PKCS1_SHA3_384,
	90	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
	91	SIGN_RSA_EMSA_PKCS1_SHA3_512,
677072ac TB	92	/** EMSA-PSS signature as in PKCS#1 using RSA */
677072ac TB	93	SIGN_RSA_EMSA_PSS,
472cb4ce MW	94	/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
	95	SIGN_ECDSA_WITH_SHA1_DER,
	96	/** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
	97	SIGN_ECDSA_WITH_SHA256_DER,
	98	/** ECDSA with SHA-384 using DER encoding as in RFC 3279 */
	99	SIGN_ECDSA_WITH_SHA384_DER,
	100	/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
	101	SIGN_ECDSA_WITH_SHA512_DER,
	102	/** ECDSA over precomputed digest, signature as in RFC 4754 */
11e6d285	103	SIGN_ECDSA_WITH_NULL,
8b799d55	104	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
ea0823df	105	SIGN_ECDSA_256,
8b799d55	106	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
ea0823df	107	SIGN_ECDSA_384,
8b799d55	108	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
ea0823df	109	SIGN_ECDSA_521,
375dfb90	110	/** PureEdDSA on Curve25519 as in RFC 8410 */
35bc60cc	111	SIGN_ED25519,
375dfb90	112	/** PureEdDSA on Curve448 as in RFC 8410 */
35bc60cc	113	SIGN_ED448,
a88d9589 AS	114	/** BLISS with SHA-2_256 */
	115	SIGN_BLISS_WITH_SHA2_256,
	116	/** BLISS with SHA-2_384 */
	117	SIGN_BLISS_WITH_SHA2_384,
	118	/** BLISS with SHA-2_512 */
	119	SIGN_BLISS_WITH_SHA2_512,
f6fede93 AS	120	/** BLISS with SHA-3_256 */
	121	SIGN_BLISS_WITH_SHA3_256,
	122	/** BLISS with SHA-3_384 */
	123	SIGN_BLISS_WITH_SHA3_384,
	124	/** BLISS with SHA-3_512 */
	125	SIGN_BLISS_WITH_SHA3_512,
552cc11b MW	126	};
	127
	128	/**
	129	* Enum names for signature_scheme_t
	130	*/
	131	extern enum_name_t *signature_scheme_names;
	132
33ddaaab MW	133	/**
	134	* Encryption scheme for public key data encryption.
	135	*/
	136	enum encryption_scheme_t {
	137	/** Unknown encryption scheme */
	138	ENCRYPT_UNKNOWN,
	139	/** RSAES-PKCS1-v1_5 as in PKCS#1 */
	140	ENCRYPT_RSA_PKCS1,
	141	/** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
	142	ENCRYPT_RSA_OAEP_SHA1,
	143	/** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
	144	ENCRYPT_RSA_OAEP_SHA224,
	145	/** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
	146	ENCRYPT_RSA_OAEP_SHA256,
	147	/** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
	148	ENCRYPT_RSA_OAEP_SHA384,
	149	/** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
	150	ENCRYPT_RSA_OAEP_SHA512,
	151	};
	152
	153	/**
	154	* Enum names for encryption_scheme_t
	155	*/
	156	extern enum_name_t *encryption_scheme_names;
	157
552cc11b MW	158	/**
	159	* Abstract interface of a public key.
	160	*/
	161	struct public_key_t {
	162
	163	/**
	164	* Get the key type.
	165	*
	166	* @return type of the key
	167	*/
	168	key_type_t (get_type)(public_key_t this);
7daf5226	169
552cc11b MW	170	/**
	171	* Verifies a signature against a chunk of data.
	172	*
a413571f TB	173	* @param scheme signature scheme to use for verification
a413571f TB	174	* @param params optional parameters required by the specified scheme
552cc11b MW	175	* @param data data to check signature against
	176	* @param signature signature to check
	177	* @return TRUE if signature matches
	178	*/
a413571f	179	bool (verify)(public_key_t this, signature_scheme_t scheme, void *params,
552cc11b	180	chunk_t data, chunk_t signature);
7daf5226	181
552cc11b MW	182	/**
	183	* Encrypt a chunk of data.
	184	*
33ddaaab	185	* @param scheme encryption scheme to use
4abb29f6	186	* @param params optional parameters required by the specified scheme
8b799d55 AS	187	* @param plain chunk containing plaintext data
8b799d55 AS	188	* @param crypto where to allocate encrypted data
cbf5c2c6	189	* @return TRUE if data successfully encrypted
552cc11b	190	*/
33ddaaab	191	bool (encrypt)(public_key_t this, encryption_scheme_t scheme,
4abb29f6	192	void params, chunk_t plain, chunk_t crypto);
7daf5226	193
8b799d55 AS	194	/**
8b799d55 AS	195	* Check if two public keys are equal.
7daf5226	196	*
8b799d55 AS	197	* @param other other public key
	198	* @return TRUE, if equality
	199	*/
	200	bool (equals)(public_key_t this, public_key_t *other);
	201
552cc11b	202	/**
a944d209	203	* Get the strength of the key in bits.
7daf5226	204	*
a944d209	205	* @return strength of the key in bits
552cc11b	206	*/
a944d209	207	int (get_keysize) (public_key_t this);
7daf5226	208
552cc11b	209	/**
1384a42e MW	210	* Get the fingerprint of the key.
1384a42e MW	211	*
da9724e6	212	* @param type type of fingerprint, one of KEYID_*
1384a42e MW	213	* @param fp fingerprint, points to internal data
1384a42e MW	214	* @return TRUE if fingerprint type supported
552cc11b	215	*/
da9724e6	216	bool (get_fingerprint)(public_key_t this, cred_encoding_type_t type,
1384a42e	217	chunk_t *fp);
7daf5226	218
640ed4d5 MW	219	/**
	220	* Check if a key has a given fingerprint of any kind.
	221	*
	222	* @param fp fingerprint to check
	223	* @return TRUE if key has given fingerprint
	224	*/
	225	bool (has_fingerprint)(public_key_t this, chunk_t fp);
	226
552cc11b	227	/**
1384a42e	228	* Get the key in an encoded form as a chunk.
552cc11b	229	*
0ceb2888	230	* @param type type of the encoding, one of PUBKEY_*
1384a42e MW	231	* @param encoding encoding of the key, allocated
1384a42e MW	232	* @return TRUE if encoding supported
552cc11b	233	*/
da9724e6	234	bool (get_encoding)(public_key_t this, cred_encoding_type_t type,
1384a42e	235	chunk_t *encoding);
7daf5226	236
552cc11b MW	237	/**
	238	* Increase the refcount of the key.
	239	*
	240	* @return this with an increased refcount
	241	*/
	242	public_key_t* (get_ref)(public_key_t this);
7daf5226	243
552cc11b MW	244	/**
	245	* Destroy a public_key instance.
	246	*/
	247	void (destroy)(public_key_t this);
	248	};
	249
edd354db	250	/**
b3ab7a48	251	* Generic public key equals() implementation, usable by implementers.
edd354db	252	*
cbf5c2c6	253	* @param public public key to check
28623fc5	254	* @param other key to compare
edd354db MW	255	* @return TRUE if this is equal to other
edd354db MW	256	*/
cbf5c2c6	257	bool public_key_equals(public_key_t public, public_key_t other);
edd354db	258
640ed4d5	259	/**
b3ab7a48	260	* Generic public key has_fingerprint() implementation, usable by implementers.
640ed4d5	261	*
cbf5c2c6	262	* @param public public key to check
4952dc11	263	* @param fingerprint fingerprint to check
640ed4d5 MW	264	* @return TRUE if key has given fingerprint
640ed4d5 MW	265	*/
cbf5c2c6	266	bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);
640ed4d5	267
f3e87f59 AS	268	/**
f3e87f59 AS	269	* Conversion of ASN.1 signature or hash OID to signature scheme.
7daf5226	270	*
f3e87f59	271	* @param oid ASN.1 OID
353294ea	272	* @return signature scheme, SIGN_UNKNOWN if OID is unsupported
f3e87f59 AS	273	*/
	274	signature_scheme_t signature_scheme_from_oid(int oid);
	275
353294ea TB	276	/**
	277	* Conversion of signature scheme to ASN.1 signature OID.
	278	*
	279	* @param scheme signature scheme
	280	* @return ASN.1 OID, OID_UNKNOWN if not supported
	281	*/
	282	int signature_scheme_to_oid(signature_scheme_t scheme);
	283
1f648d75 TB	284	/**
1f648d75 TB	285	* Enumerate signature schemes that are appropriate for a key of the given type
6f97c0d5	286	* and size\|strength ordered by increasing strength.
1f648d75 TB	287	*
	288	* @param type type of the key
	289	* @param size size or strength of the key
6f97c0d5	290	* @return enumerator over signature_params_t* (by strength)
1f648d75 TB	291	*/
	292	enumerator_t *signature_schemes_for_key(key_type_t type, int size);
	293
0f29f5ed TB	294	/**
	295	* Determine the type of key associated with a given signature scheme.
	296	*
	297	* @param scheme signature scheme
	298	* @return key type (could be KEY_ANY)
	299	*/
	300	key_type_t key_type_from_signature_scheme(signature_scheme_t scheme);
	301
1f648d75	302
1490ff4d	303	#endif /** PUBLIC_KEY_H_ @}*/