]>
Commit | Line | Data |
---|---|---|
552cc11b MW |
1 | /* |
2 | * Copyright (C) 2007 Martin Willi | |
9d5b91d1 AS |
3 | * Copyright (C) 2014 Andreas Steffen |
4 | * HSR Hochschule fuer Technik Rapperswil | |
552cc11b MW |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2 of the License, or (at your | |
9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
14 | * for more details. | |
552cc11b | 15 | */ |
7daf5226 | 16 | |
552cc11b MW |
17 | /** |
18 | * @defgroup public_key public_key | |
19 | * @{ @ingroup keys | |
20 | */ | |
21 | ||
22 | #ifndef PUBLIC_KEY_H_ | |
23 | #define PUBLIC_KEY_H_ | |
24 | ||
25 | typedef struct public_key_t public_key_t; | |
26 | typedef enum key_type_t key_type_t; | |
552cc11b | 27 | typedef enum signature_scheme_t signature_scheme_t; |
33ddaaab | 28 | typedef enum encryption_scheme_t encryption_scheme_t; |
552cc11b MW |
29 | |
30 | #include <library.h> | |
31 | #include <utils/identification.h> | |
24d327ab | 32 | #include <credentials/cred_encoding.h> |
552cc11b MW |
33 | |
34 | /** | |
35 | * Type of a key pair, the used crypto system | |
36 | */ | |
37 | enum key_type_t { | |
38 | /** key type wildcard */ | |
8b799d55 | 39 | KEY_ANY = 0, |
552cc11b | 40 | /** RSA crypto system as in PKCS#1 */ |
8b799d55 | 41 | KEY_RSA = 1, |
ea0823df | 42 | /** ECDSA as in ANSI X9.62 */ |
8b799d55 AS |
43 | KEY_ECDSA = 2, |
44 | /** DSA */ | |
45 | KEY_DSA = 3, | |
9d5b91d1 AS |
46 | /** BLISS */ |
47 | KEY_BLISS = 4, | |
8b799d55 | 48 | /** ElGamal, ... */ |
552cc11b MW |
49 | }; |
50 | ||
51 | /** | |
52 | * Enum names for key_type_t | |
53 | */ | |
54 | extern enum_name_t *key_type_names; | |
55 | ||
56 | /** | |
57 | * Signature scheme for signature creation | |
58 | * | |
8b799d55 | 59 | * EMSA-PKCS1 signatures are defined in PKCS#1 standard. |
7daf5226 | 60 | * A prepended ASN.1 encoded digestInfo field contains the |
472cb4ce | 61 | * OID of the used hash algorithm. |
552cc11b MW |
62 | */ |
63 | enum signature_scheme_t { | |
f3e87f59 AS |
64 | /** Unknown signature scheme */ |
65 | SIGN_UNKNOWN, | |
8b799d55 AS |
66 | /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */ |
67 | SIGN_RSA_EMSA_PKCS1_NULL, | |
68 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */ | |
552cc11b | 69 | SIGN_RSA_EMSA_PKCS1_MD5, |
8b799d55 | 70 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */ |
552cc11b | 71 | SIGN_RSA_EMSA_PKCS1_SHA1, |
b6f739c1 AS |
72 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */ |
73 | SIGN_RSA_EMSA_PKCS1_SHA224, | |
8b799d55 | 74 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */ |
ea0823df | 75 | SIGN_RSA_EMSA_PKCS1_SHA256, |
8b799d55 | 76 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */ |
ea0823df | 77 | SIGN_RSA_EMSA_PKCS1_SHA384, |
8b799d55 | 78 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */ |
ea0823df | 79 | SIGN_RSA_EMSA_PKCS1_SHA512, |
472cb4ce MW |
80 | /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ |
81 | SIGN_ECDSA_WITH_SHA1_DER, | |
82 | /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */ | |
83 | SIGN_ECDSA_WITH_SHA256_DER, | |
84 | /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */ | |
85 | SIGN_ECDSA_WITH_SHA384_DER, | |
86 | /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ | |
87 | SIGN_ECDSA_WITH_SHA512_DER, | |
88 | /** ECDSA over precomputed digest, signature as in RFC 4754 */ | |
11e6d285 | 89 | SIGN_ECDSA_WITH_NULL, |
8b799d55 | 90 | /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */ |
ea0823df | 91 | SIGN_ECDSA_256, |
8b799d55 | 92 | /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */ |
ea0823df | 93 | SIGN_ECDSA_384, |
8b799d55 | 94 | /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ |
ea0823df | 95 | SIGN_ECDSA_521, |
27bd0fed AS |
96 | /** BLISS with SHA-256 */ |
97 | SIGN_BLISS_WITH_SHA256, | |
98 | /** BLISS with SHA-384 */ | |
99 | SIGN_BLISS_WITH_SHA384, | |
f673966b AS |
100 | /** BLISS with SHA-512 */ |
101 | SIGN_BLISS_WITH_SHA512, | |
552cc11b MW |
102 | }; |
103 | ||
104 | /** | |
105 | * Enum names for signature_scheme_t | |
106 | */ | |
107 | extern enum_name_t *signature_scheme_names; | |
108 | ||
33ddaaab MW |
109 | /** |
110 | * Encryption scheme for public key data encryption. | |
111 | */ | |
112 | enum encryption_scheme_t { | |
113 | /** Unknown encryption scheme */ | |
114 | ENCRYPT_UNKNOWN, | |
115 | /** RSAES-PKCS1-v1_5 as in PKCS#1 */ | |
116 | ENCRYPT_RSA_PKCS1, | |
117 | /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */ | |
118 | ENCRYPT_RSA_OAEP_SHA1, | |
119 | /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */ | |
120 | ENCRYPT_RSA_OAEP_SHA224, | |
121 | /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */ | |
122 | ENCRYPT_RSA_OAEP_SHA256, | |
123 | /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */ | |
124 | ENCRYPT_RSA_OAEP_SHA384, | |
125 | /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */ | |
126 | ENCRYPT_RSA_OAEP_SHA512, | |
127 | }; | |
128 | ||
129 | /** | |
130 | * Enum names for encryption_scheme_t | |
131 | */ | |
132 | extern enum_name_t *encryption_scheme_names; | |
133 | ||
552cc11b MW |
134 | /** |
135 | * Abstract interface of a public key. | |
136 | */ | |
137 | struct public_key_t { | |
138 | ||
139 | /** | |
140 | * Get the key type. | |
141 | * | |
142 | * @return type of the key | |
143 | */ | |
144 | key_type_t (*get_type)(public_key_t *this); | |
7daf5226 | 145 | |
552cc11b MW |
146 | /** |
147 | * Verifies a signature against a chunk of data. | |
148 | * | |
149 | * @param scheme signature scheme to use for verification, may be default | |
150 | * @param data data to check signature against | |
151 | * @param signature signature to check | |
152 | * @return TRUE if signature matches | |
153 | */ | |
7daf5226 | 154 | bool (*verify)(public_key_t *this, signature_scheme_t scheme, |
552cc11b | 155 | chunk_t data, chunk_t signature); |
7daf5226 | 156 | |
552cc11b MW |
157 | /** |
158 | * Encrypt a chunk of data. | |
159 | * | |
33ddaaab | 160 | * @param scheme encryption scheme to use |
8b799d55 AS |
161 | * @param plain chunk containing plaintext data |
162 | * @param crypto where to allocate encrypted data | |
cbf5c2c6 | 163 | * @return TRUE if data successfully encrypted |
552cc11b | 164 | */ |
33ddaaab MW |
165 | bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme, |
166 | chunk_t plain, chunk_t *crypto); | |
7daf5226 | 167 | |
8b799d55 AS |
168 | /** |
169 | * Check if two public keys are equal. | |
7daf5226 | 170 | * |
8b799d55 AS |
171 | * @param other other public key |
172 | * @return TRUE, if equality | |
173 | */ | |
174 | bool (*equals)(public_key_t *this, public_key_t *other); | |
175 | ||
552cc11b | 176 | /** |
a944d209 | 177 | * Get the strength of the key in bits. |
7daf5226 | 178 | * |
a944d209 | 179 | * @return strength of the key in bits |
552cc11b | 180 | */ |
a944d209 | 181 | int (*get_keysize) (public_key_t *this); |
7daf5226 | 182 | |
552cc11b | 183 | /** |
1384a42e MW |
184 | * Get the fingerprint of the key. |
185 | * | |
da9724e6 | 186 | * @param type type of fingerprint, one of KEYID_* |
1384a42e MW |
187 | * @param fp fingerprint, points to internal data |
188 | * @return TRUE if fingerprint type supported | |
552cc11b | 189 | */ |
da9724e6 | 190 | bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type, |
1384a42e | 191 | chunk_t *fp); |
7daf5226 | 192 | |
640ed4d5 MW |
193 | /** |
194 | * Check if a key has a given fingerprint of any kind. | |
195 | * | |
196 | * @param fp fingerprint to check | |
197 | * @return TRUE if key has given fingerprint | |
198 | */ | |
199 | bool (*has_fingerprint)(public_key_t *this, chunk_t fp); | |
200 | ||
552cc11b | 201 | /** |
1384a42e | 202 | * Get the key in an encoded form as a chunk. |
552cc11b | 203 | * |
0ceb2888 | 204 | * @param type type of the encoding, one of PUBKEY_* |
1384a42e MW |
205 | * @param encoding encoding of the key, allocated |
206 | * @return TRUE if encoding supported | |
552cc11b | 207 | */ |
da9724e6 | 208 | bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type, |
1384a42e | 209 | chunk_t *encoding); |
7daf5226 | 210 | |
552cc11b MW |
211 | /** |
212 | * Increase the refcount of the key. | |
213 | * | |
214 | * @return this with an increased refcount | |
215 | */ | |
216 | public_key_t* (*get_ref)(public_key_t *this); | |
7daf5226 | 217 | |
552cc11b MW |
218 | /** |
219 | * Destroy a public_key instance. | |
220 | */ | |
221 | void (*destroy)(public_key_t *this); | |
222 | }; | |
223 | ||
edd354db MW |
224 | /** |
225 | * Generic public key equals() implementation, usable by implementors. | |
226 | * | |
cbf5c2c6 | 227 | * @param public public key to check |
28623fc5 | 228 | * @param other key to compare |
edd354db MW |
229 | * @return TRUE if this is equal to other |
230 | */ | |
cbf5c2c6 | 231 | bool public_key_equals(public_key_t *public, public_key_t *other); |
edd354db | 232 | |
640ed4d5 MW |
233 | /** |
234 | * Generic public key has_fingerprint() implementation, usable by implementors. | |
235 | * | |
cbf5c2c6 | 236 | * @param public public key to check |
4952dc11 | 237 | * @param fingerprint fingerprint to check |
640ed4d5 MW |
238 | * @return TRUE if key has given fingerprint |
239 | */ | |
cbf5c2c6 | 240 | bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint); |
640ed4d5 | 241 | |
f3e87f59 AS |
242 | /** |
243 | * Conversion of ASN.1 signature or hash OID to signature scheme. | |
7daf5226 | 244 | * |
f3e87f59 AS |
245 | * @param oid ASN.1 OID |
246 | * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported | |
247 | */ | |
248 | signature_scheme_t signature_scheme_from_oid(int oid); | |
249 | ||
1490ff4d | 250 | #endif /** PUBLIC_KEY_H_ @}*/ |