[thirdparty/strongswan.git] / src / libstrongswan / credentials / keys / public_key.h

/*
 * Copyright (C) 2007 Martin Willi
 * Copyright (C) 2014 Andreas Steffen
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup public_key public_key
 * @{ @ingroup keys
 */

#ifndef PUBLIC_KEY_H_
#define PUBLIC_KEY_H_

typedef struct public_key_t public_key_t;
typedef enum key_type_t key_type_t;
typedef enum signature_scheme_t signature_scheme_t;
typedef enum encryption_scheme_t encryption_scheme_t;

#include <library.h>
#include <utils/identification.h>
#include <credentials/cred_encoding.h>

/**
 * Type of a key pair, the used crypto system
 */
enum key_type_t {
	/** key type wildcard */
	KEY_ANY   = 0,
	/** RSA crypto system as in PKCS#1 */
	KEY_RSA   = 1,
	/** ECDSA as in ANSI X9.62 */
	KEY_ECDSA = 2,
	/** DSA */
	KEY_DSA   = 3,
	/** BLISS */
	KEY_BLISS = 4,
	/** ElGamal, ... */
};

/**
 * Enum names for key_type_t
 */
extern enum_name_t *key_type_names;

/**
 * Signature scheme for signature creation
 *
 * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
 * A prepended ASN.1 encoded digestInfo field contains the
 * OID of the used hash algorithm.
 */
enum signature_scheme_t {
	/** Unknown signature scheme                                       */
	SIGN_UNKNOWN,
	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo       */
	SIGN_RSA_EMSA_PKCS1_NULL,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5       */
	SIGN_RSA_EMSA_PKCS1_MD5,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
	SIGN_RSA_EMSA_PKCS1_SHA1,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224   */
	SIGN_RSA_EMSA_PKCS1_SHA224,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256   */
	SIGN_RSA_EMSA_PKCS1_SHA256,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384   */
	SIGN_RSA_EMSA_PKCS1_SHA384,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
	SIGN_RSA_EMSA_PKCS1_SHA512,
	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
	SIGN_ECDSA_WITH_SHA1_DER,
	/** ECDSA with SHA-256 using DER encoding as in RFC 3279           */
	SIGN_ECDSA_WITH_SHA256_DER,
	/** ECDSA with SHA-384 using DER encoding as in RFC 3279           */
	SIGN_ECDSA_WITH_SHA384_DER,
	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
	SIGN_ECDSA_WITH_SHA512_DER,
	/** ECDSA over precomputed digest, signature as in RFC 4754        */
	SIGN_ECDSA_WITH_NULL,
	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754           */
	SIGN_ECDSA_256,
	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754           */
	SIGN_ECDSA_384,
	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
	SIGN_ECDSA_521,
	/** BLISS with SHA-256                                             */
	SIGN_BLISS_WITH_SHA256,
	/** BLISS with SHA-384                                             */
	SIGN_BLISS_WITH_SHA384,
	/** BLISS with SHA-512                                             */
	SIGN_BLISS_WITH_SHA512,
};

/**
 * Enum names for signature_scheme_t
 */
extern enum_name_t *signature_scheme_names;

/**
 * Encryption scheme for public key data encryption.
 */
enum encryption_scheme_t {
	/** Unknown encryption scheme                                      */
	ENCRYPT_UNKNOWN,
	/** RSAES-PKCS1-v1_5 as in PKCS#1                                  */
	ENCRYPT_RSA_PKCS1,
	/** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label          */
	ENCRYPT_RSA_OAEP_SHA1,
	/** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA224,
	/** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA256,
	/** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA384,
	/** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA512,
};

/**
 * Enum names for encryption_scheme_t
 */
extern enum_name_t *encryption_scheme_names;

/**
 * Abstract interface of a public key.
 */
struct public_key_t {

	/**
	 * Get the key type.
	 *
	 * @return			type of the key
	 */
	key_type_t (*get_type)(public_key_t *this);

	/**
	 * Verifies a signature against a chunk of data.
	 *
	 * @param scheme	signature scheme to use for verification, may be default
	 * @param data		data to check signature against
	 * @param signature	signature to check
	 * @return			TRUE if signature matches
	 */
	bool (*verify)(public_key_t *this, signature_scheme_t scheme,
				   chunk_t data, chunk_t signature);

	/**
	 * Encrypt a chunk of data.
	 *
	 * @param scheme	encryption scheme to use
	 * @param plain		chunk containing plaintext data
	 * @param crypto	where to allocate encrypted data
	 * @return			TRUE if data successfully encrypted
	 */
	bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
					chunk_t plain, chunk_t *crypto);

	/**
	 * Check if two public keys are equal.
	 *
	 * @param other		other public key
	 * @return			TRUE, if equality
	 */
	bool (*equals)(public_key_t *this, public_key_t *other);

	/**
	 * Get the strength of the key in bits.
	 *
	 * @return			strength of the key in bits
	 */
	int (*get_keysize) (public_key_t *this);

	/**
	 * Get the fingerprint of the key.
	 *
	 * @param type		type of fingerprint, one of KEYID_*
	 * @param fp		fingerprint, points to internal data
	 * @return			TRUE if fingerprint type supported
	 */
	bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
							chunk_t *fp);

	/**
	 * Check if a key has a given fingerprint of any kind.
	 *
	 * @param fp		fingerprint to check
	 * @return			TRUE if key has given fingerprint
	 */
	bool (*has_fingerprint)(public_key_t *this, chunk_t fp);

	/**
	 * Get the key in an encoded form as a chunk.
	 *
	 * @param type		type of the encoding, one of PUBKEY_*
	 * @param encoding	encoding of the key, allocated
	 * @return			TRUE if encoding supported
	 */
	bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
						 chunk_t *encoding);

	/**
	 * Increase the refcount of the key.
	 *
	 * @return			this with an increased refcount
	 */
	public_key_t* (*get_ref)(public_key_t *this);

	/**
	 * Destroy a public_key instance.
	 */
	void (*destroy)(public_key_t *this);
};

/**
 * Generic public key equals() implementation, usable by implementors.
 *
 * @param public		public key to check
 * @param other			key to compare
 * @return				TRUE if this is equal to other
 */
bool public_key_equals(public_key_t *public, public_key_t *other);

/**
 * Generic public key has_fingerprint() implementation, usable by implementors.
 *
 * @param public		public key to check
 * @param fingerprint	fingerprint to check
 * @return				TRUE if key has given fingerprint
 */
bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);

/**
 * Conversion of ASN.1 signature or hash OID to signature scheme.
 *
 * @param oid			ASN.1 OID
 * @return				signature_scheme, SIGN_UNKNOWN if OID is unsupported
 */
signature_scheme_t signature_scheme_from_oid(int oid);

#endif /** PUBLIC_KEY_H_ @}*/
Commit	Line	Data
552cc11b MW	1	/*
552cc11b MW	2	* Copyright (C) 2007 Martin Willi
9d5b91d1 AS	3	* Copyright (C) 2014 Andreas Steffen
9d5b91d1 AS	4	* HSR Hochschule fuer Technik Rapperswil
552cc11b MW	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2 of the License, or (at your
	9	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	10	*
	11	* This program is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	13	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	14	* for more details.
552cc11b	15	*/
7daf5226	16
552cc11b MW	17	/**
	18	* @defgroup public_key public_key
	19	* @{ @ingroup keys
	20	*/
	21
	22	#ifndef PUBLIC_KEY_H_
	23	#define PUBLIC_KEY_H_
	24
	25	typedef struct public_key_t public_key_t;
	26	typedef enum key_type_t key_type_t;
552cc11b	27	typedef enum signature_scheme_t signature_scheme_t;
33ddaaab	28	typedef enum encryption_scheme_t encryption_scheme_t;
552cc11b MW	29
	30	#include <library.h>
	31	#include <utils/identification.h>
24d327ab	32	#include <credentials/cred_encoding.h>
552cc11b MW	33
	34	/**
	35	* Type of a key pair, the used crypto system
	36	*/
	37	enum key_type_t {
	38	/** key type wildcard */
8b799d55	39	KEY_ANY = 0,
552cc11b	40	/** RSA crypto system as in PKCS#1 */
8b799d55	41	KEY_RSA = 1,
ea0823df	42	/** ECDSA as in ANSI X9.62 */
8b799d55 AS	43	KEY_ECDSA = 2,
	44	/** DSA */
	45	KEY_DSA = 3,
9d5b91d1 AS	46	/** BLISS */
9d5b91d1 AS	47	KEY_BLISS = 4,
8b799d55	48	/** ElGamal, ... */
552cc11b MW	49	};
	50
	51	/**
	52	* Enum names for key_type_t
	53	*/
	54	extern enum_name_t *key_type_names;
	55
	56	/**
	57	* Signature scheme for signature creation
	58	*
8b799d55	59	* EMSA-PKCS1 signatures are defined in PKCS#1 standard.
7daf5226	60	* A prepended ASN.1 encoded digestInfo field contains the
472cb4ce	61	* OID of the used hash algorithm.
552cc11b MW	62	*/
552cc11b MW	63	enum signature_scheme_t {
f3e87f59 AS	64	/** Unknown signature scheme */
f3e87f59 AS	65	SIGN_UNKNOWN,
8b799d55 AS	66	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
	67	SIGN_RSA_EMSA_PKCS1_NULL,
	68	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
552cc11b	69	SIGN_RSA_EMSA_PKCS1_MD5,
8b799d55	70	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
552cc11b	71	SIGN_RSA_EMSA_PKCS1_SHA1,
b6f739c1 AS	72	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */
b6f739c1 AS	73	SIGN_RSA_EMSA_PKCS1_SHA224,
8b799d55	74	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
ea0823df	75	SIGN_RSA_EMSA_PKCS1_SHA256,
8b799d55	76	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
ea0823df	77	SIGN_RSA_EMSA_PKCS1_SHA384,
8b799d55	78	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
ea0823df	79	SIGN_RSA_EMSA_PKCS1_SHA512,
472cb4ce MW	80	/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
	81	SIGN_ECDSA_WITH_SHA1_DER,
	82	/** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
	83	SIGN_ECDSA_WITH_SHA256_DER,
	84	/** ECDSA with SHA-384 using DER encoding as in RFC 3279 */
	85	SIGN_ECDSA_WITH_SHA384_DER,
	86	/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
	87	SIGN_ECDSA_WITH_SHA512_DER,
	88	/** ECDSA over precomputed digest, signature as in RFC 4754 */
11e6d285	89	SIGN_ECDSA_WITH_NULL,
8b799d55	90	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
ea0823df	91	SIGN_ECDSA_256,
8b799d55	92	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
ea0823df	93	SIGN_ECDSA_384,
8b799d55	94	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
ea0823df	95	SIGN_ECDSA_521,
27bd0fed AS	96	/** BLISS with SHA-256 */
	97	SIGN_BLISS_WITH_SHA256,
	98	/** BLISS with SHA-384 */
	99	SIGN_BLISS_WITH_SHA384,
f673966b AS	100	/** BLISS with SHA-512 */
f673966b AS	101	SIGN_BLISS_WITH_SHA512,
552cc11b MW	102	};
	103
	104	/**
	105	* Enum names for signature_scheme_t
	106	*/
	107	extern enum_name_t *signature_scheme_names;
	108
33ddaaab MW	109	/**
	110	* Encryption scheme for public key data encryption.
	111	*/
	112	enum encryption_scheme_t {
	113	/** Unknown encryption scheme */
	114	ENCRYPT_UNKNOWN,
	115	/** RSAES-PKCS1-v1_5 as in PKCS#1 */
	116	ENCRYPT_RSA_PKCS1,
	117	/** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
	118	ENCRYPT_RSA_OAEP_SHA1,
	119	/** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
	120	ENCRYPT_RSA_OAEP_SHA224,
	121	/** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
	122	ENCRYPT_RSA_OAEP_SHA256,
	123	/** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
	124	ENCRYPT_RSA_OAEP_SHA384,
	125	/** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
	126	ENCRYPT_RSA_OAEP_SHA512,
	127	};
	128
	129	/**
	130	* Enum names for encryption_scheme_t
	131	*/
	132	extern enum_name_t *encryption_scheme_names;
	133
552cc11b MW	134	/**
	135	* Abstract interface of a public key.
	136	*/
	137	struct public_key_t {
	138
	139	/**
	140	* Get the key type.
	141	*
	142	* @return type of the key
	143	*/
	144	key_type_t (get_type)(public_key_t this);
7daf5226	145
552cc11b MW	146	/**
	147	* Verifies a signature against a chunk of data.
	148	*
	149	* @param scheme signature scheme to use for verification, may be default
	150	* @param data data to check signature against
	151	* @param signature signature to check
	152	* @return TRUE if signature matches
	153	*/
7daf5226	154	bool (verify)(public_key_t this, signature_scheme_t scheme,
552cc11b	155	chunk_t data, chunk_t signature);
7daf5226	156
552cc11b MW	157	/**
	158	* Encrypt a chunk of data.
	159	*
33ddaaab	160	* @param scheme encryption scheme to use
8b799d55 AS	161	* @param plain chunk containing plaintext data
8b799d55 AS	162	* @param crypto where to allocate encrypted data
cbf5c2c6	163	* @return TRUE if data successfully encrypted
552cc11b	164	*/
33ddaaab MW	165	bool (encrypt)(public_key_t this, encryption_scheme_t scheme,
33ddaaab MW	166	chunk_t plain, chunk_t *crypto);
7daf5226	167
8b799d55 AS	168	/**
8b799d55 AS	169	* Check if two public keys are equal.
7daf5226	170	*
8b799d55 AS	171	* @param other other public key
	172	* @return TRUE, if equality
	173	*/
	174	bool (equals)(public_key_t this, public_key_t *other);
	175
552cc11b	176	/**
a944d209	177	* Get the strength of the key in bits.
7daf5226	178	*
a944d209	179	* @return strength of the key in bits
552cc11b	180	*/
a944d209	181	int (get_keysize) (public_key_t this);
7daf5226	182
552cc11b	183	/**
1384a42e MW	184	* Get the fingerprint of the key.
1384a42e MW	185	*
da9724e6	186	* @param type type of fingerprint, one of KEYID_*
1384a42e MW	187	* @param fp fingerprint, points to internal data
1384a42e MW	188	* @return TRUE if fingerprint type supported
552cc11b	189	*/
da9724e6	190	bool (get_fingerprint)(public_key_t this, cred_encoding_type_t type,
1384a42e	191	chunk_t *fp);
7daf5226	192
640ed4d5 MW	193	/**
	194	* Check if a key has a given fingerprint of any kind.
	195	*
	196	* @param fp fingerprint to check
	197	* @return TRUE if key has given fingerprint
	198	*/
	199	bool (has_fingerprint)(public_key_t this, chunk_t fp);
	200
552cc11b	201	/**
1384a42e	202	* Get the key in an encoded form as a chunk.
552cc11b	203	*
0ceb2888	204	* @param type type of the encoding, one of PUBKEY_*
1384a42e MW	205	* @param encoding encoding of the key, allocated
1384a42e MW	206	* @return TRUE if encoding supported
552cc11b	207	*/
da9724e6	208	bool (get_encoding)(public_key_t this, cred_encoding_type_t type,
1384a42e	209	chunk_t *encoding);
7daf5226	210
552cc11b MW	211	/**
	212	* Increase the refcount of the key.
	213	*
	214	* @return this with an increased refcount
	215	*/
	216	public_key_t* (get_ref)(public_key_t this);
7daf5226	217
552cc11b MW	218	/**
	219	* Destroy a public_key instance.
	220	*/
	221	void (destroy)(public_key_t this);
	222	};
	223
edd354db MW	224	/**
	225	* Generic public key equals() implementation, usable by implementors.
	226	*
cbf5c2c6	227	* @param public public key to check
28623fc5	228	* @param other key to compare
edd354db MW	229	* @return TRUE if this is equal to other
edd354db MW	230	*/
cbf5c2c6	231	bool public_key_equals(public_key_t public, public_key_t other);
edd354db	232
640ed4d5 MW	233	/**
	234	* Generic public key has_fingerprint() implementation, usable by implementors.
	235	*
cbf5c2c6	236	* @param public public key to check
4952dc11	237	* @param fingerprint fingerprint to check
640ed4d5 MW	238	* @return TRUE if key has given fingerprint
640ed4d5 MW	239	*/
cbf5c2c6	240	bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);
640ed4d5	241
f3e87f59 AS	242	/**
f3e87f59 AS	243	* Conversion of ASN.1 signature or hash OID to signature scheme.
7daf5226	244	*
f3e87f59 AS	245	* @param oid ASN.1 OID
	246	* @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
	247	*/
	248	signature_scheme_t signature_scheme_from_oid(int oid);
	249
1490ff4d	250	#endif /** PUBLIC_KEY_H_ @}*/