]>
Commit | Line | Data |
---|---|---|
552cc11b | 1 | /* |
a413571f | 2 | * Copyright (C) 2015-2017 Tobias Brunner |
db1ab1cd | 3 | * Copyright (C) 2014-2017 Andreas Steffen |
a413571f | 4 | * Copyright (C) 2007 Martin Willi |
9d5b91d1 | 5 | * HSR Hochschule fuer Technik Rapperswil |
552cc11b MW |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
552cc11b | 16 | */ |
7daf5226 | 17 | |
552cc11b MW |
18 | /** |
19 | * @defgroup public_key public_key | |
20 | * @{ @ingroup keys | |
21 | */ | |
22 | ||
23 | #ifndef PUBLIC_KEY_H_ | |
24 | #define PUBLIC_KEY_H_ | |
25 | ||
26 | typedef struct public_key_t public_key_t; | |
27 | typedef enum key_type_t key_type_t; | |
552cc11b | 28 | typedef enum signature_scheme_t signature_scheme_t; |
33ddaaab | 29 | typedef enum encryption_scheme_t encryption_scheme_t; |
552cc11b | 30 | |
552cc11b | 31 | #include <utils/identification.h> |
24d327ab | 32 | #include <credentials/cred_encoding.h> |
552cc11b MW |
33 | |
34 | /** | |
35 | * Type of a key pair, the used crypto system | |
36 | */ | |
37 | enum key_type_t { | |
38 | /** key type wildcard */ | |
35bc60cc | 39 | KEY_ANY = 0, |
552cc11b | 40 | /** RSA crypto system as in PKCS#1 */ |
35bc60cc | 41 | KEY_RSA = 1, |
ea0823df | 42 | /** ECDSA as in ANSI X9.62 */ |
35bc60cc | 43 | KEY_ECDSA = 2, |
8b799d55 | 44 | /** DSA */ |
35bc60cc | 45 | KEY_DSA = 3, |
db1ab1cd | 46 | /** Ed25519 PureEdDSA instance as in RFC 8032 */ |
35bc60cc | 47 | KEY_ED25519 = 4, |
db1ab1cd | 48 | /** Ed448 PureEdDSA instance as in RFC 8032 */ |
35bc60cc | 49 | KEY_ED448 = 5, |
9d5b91d1 | 50 | /** BLISS */ |
35bc60cc | 51 | KEY_BLISS = 6, |
552cc11b MW |
52 | }; |
53 | ||
54 | /** | |
55 | * Enum names for key_type_t | |
56 | */ | |
57 | extern enum_name_t *key_type_names; | |
58 | ||
59 | /** | |
60 | * Signature scheme for signature creation | |
61 | * | |
8b799d55 | 62 | * EMSA-PKCS1 signatures are defined in PKCS#1 standard. |
7daf5226 | 63 | * A prepended ASN.1 encoded digestInfo field contains the |
472cb4ce | 64 | * OID of the used hash algorithm. |
552cc11b MW |
65 | */ |
66 | enum signature_scheme_t { | |
f3e87f59 AS |
67 | /** Unknown signature scheme */ |
68 | SIGN_UNKNOWN, | |
8b799d55 AS |
69 | /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */ |
70 | SIGN_RSA_EMSA_PKCS1_NULL, | |
71 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */ | |
552cc11b | 72 | SIGN_RSA_EMSA_PKCS1_MD5, |
8b799d55 | 73 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */ |
552cc11b | 74 | SIGN_RSA_EMSA_PKCS1_SHA1, |
40f2589a AS |
75 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */ |
76 | SIGN_RSA_EMSA_PKCS1_SHA2_224, | |
77 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */ | |
78 | SIGN_RSA_EMSA_PKCS1_SHA2_256, | |
79 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */ | |
80 | SIGN_RSA_EMSA_PKCS1_SHA2_384, | |
81 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */ | |
82 | SIGN_RSA_EMSA_PKCS1_SHA2_512, | |
83 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */ | |
84 | SIGN_RSA_EMSA_PKCS1_SHA3_224, | |
85 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */ | |
86 | SIGN_RSA_EMSA_PKCS1_SHA3_256, | |
87 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */ | |
88 | SIGN_RSA_EMSA_PKCS1_SHA3_384, | |
89 | /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */ | |
90 | SIGN_RSA_EMSA_PKCS1_SHA3_512, | |
677072ac TB |
91 | /** EMSA-PSS signature as in PKCS#1 using RSA */ |
92 | SIGN_RSA_EMSA_PSS, | |
472cb4ce MW |
93 | /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ |
94 | SIGN_ECDSA_WITH_SHA1_DER, | |
95 | /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */ | |
96 | SIGN_ECDSA_WITH_SHA256_DER, | |
97 | /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */ | |
98 | SIGN_ECDSA_WITH_SHA384_DER, | |
99 | /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ | |
100 | SIGN_ECDSA_WITH_SHA512_DER, | |
101 | /** ECDSA over precomputed digest, signature as in RFC 4754 */ | |
11e6d285 | 102 | SIGN_ECDSA_WITH_NULL, |
8b799d55 | 103 | /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */ |
ea0823df | 104 | SIGN_ECDSA_256, |
8b799d55 | 105 | /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */ |
ea0823df | 106 | SIGN_ECDSA_384, |
8b799d55 | 107 | /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ |
ea0823df | 108 | SIGN_ECDSA_521, |
375dfb90 | 109 | /** PureEdDSA on Curve25519 as in RFC 8410 */ |
35bc60cc | 110 | SIGN_ED25519, |
375dfb90 | 111 | /** PureEdDSA on Curve448 as in RFC 8410 */ |
35bc60cc | 112 | SIGN_ED448, |
a88d9589 AS |
113 | /** BLISS with SHA-2_256 */ |
114 | SIGN_BLISS_WITH_SHA2_256, | |
115 | /** BLISS with SHA-2_384 */ | |
116 | SIGN_BLISS_WITH_SHA2_384, | |
117 | /** BLISS with SHA-2_512 */ | |
118 | SIGN_BLISS_WITH_SHA2_512, | |
f6fede93 AS |
119 | /** BLISS with SHA-3_256 */ |
120 | SIGN_BLISS_WITH_SHA3_256, | |
121 | /** BLISS with SHA-3_384 */ | |
122 | SIGN_BLISS_WITH_SHA3_384, | |
123 | /** BLISS with SHA-3_512 */ | |
124 | SIGN_BLISS_WITH_SHA3_512, | |
552cc11b MW |
125 | }; |
126 | ||
127 | /** | |
128 | * Enum names for signature_scheme_t | |
129 | */ | |
130 | extern enum_name_t *signature_scheme_names; | |
131 | ||
33ddaaab MW |
132 | /** |
133 | * Encryption scheme for public key data encryption. | |
134 | */ | |
135 | enum encryption_scheme_t { | |
136 | /** Unknown encryption scheme */ | |
137 | ENCRYPT_UNKNOWN, | |
138 | /** RSAES-PKCS1-v1_5 as in PKCS#1 */ | |
139 | ENCRYPT_RSA_PKCS1, | |
140 | /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */ | |
141 | ENCRYPT_RSA_OAEP_SHA1, | |
142 | /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */ | |
143 | ENCRYPT_RSA_OAEP_SHA224, | |
144 | /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */ | |
145 | ENCRYPT_RSA_OAEP_SHA256, | |
146 | /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */ | |
147 | ENCRYPT_RSA_OAEP_SHA384, | |
148 | /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */ | |
149 | ENCRYPT_RSA_OAEP_SHA512, | |
150 | }; | |
151 | ||
152 | /** | |
153 | * Enum names for encryption_scheme_t | |
154 | */ | |
155 | extern enum_name_t *encryption_scheme_names; | |
156 | ||
552cc11b MW |
157 | /** |
158 | * Abstract interface of a public key. | |
159 | */ | |
160 | struct public_key_t { | |
161 | ||
162 | /** | |
163 | * Get the key type. | |
164 | * | |
165 | * @return type of the key | |
166 | */ | |
167 | key_type_t (*get_type)(public_key_t *this); | |
7daf5226 | 168 | |
552cc11b MW |
169 | /** |
170 | * Verifies a signature against a chunk of data. | |
171 | * | |
a413571f TB |
172 | * @param scheme signature scheme to use for verification |
173 | * @param params optional parameters required by the specified scheme | |
552cc11b MW |
174 | * @param data data to check signature against |
175 | * @param signature signature to check | |
176 | * @return TRUE if signature matches | |
177 | */ | |
a413571f | 178 | bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params, |
552cc11b | 179 | chunk_t data, chunk_t signature); |
7daf5226 | 180 | |
552cc11b MW |
181 | /** |
182 | * Encrypt a chunk of data. | |
183 | * | |
33ddaaab | 184 | * @param scheme encryption scheme to use |
4abb29f6 | 185 | * @param params optional parameters required by the specified scheme |
8b799d55 AS |
186 | * @param plain chunk containing plaintext data |
187 | * @param crypto where to allocate encrypted data | |
cbf5c2c6 | 188 | * @return TRUE if data successfully encrypted |
552cc11b | 189 | */ |
33ddaaab | 190 | bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme, |
4abb29f6 | 191 | void *params, chunk_t plain, chunk_t *crypto); |
7daf5226 | 192 | |
8b799d55 AS |
193 | /** |
194 | * Check if two public keys are equal. | |
7daf5226 | 195 | * |
8b799d55 AS |
196 | * @param other other public key |
197 | * @return TRUE, if equality | |
198 | */ | |
199 | bool (*equals)(public_key_t *this, public_key_t *other); | |
200 | ||
552cc11b | 201 | /** |
a944d209 | 202 | * Get the strength of the key in bits. |
7daf5226 | 203 | * |
a944d209 | 204 | * @return strength of the key in bits |
552cc11b | 205 | */ |
a944d209 | 206 | int (*get_keysize) (public_key_t *this); |
7daf5226 | 207 | |
552cc11b | 208 | /** |
1384a42e MW |
209 | * Get the fingerprint of the key. |
210 | * | |
da9724e6 | 211 | * @param type type of fingerprint, one of KEYID_* |
1384a42e MW |
212 | * @param fp fingerprint, points to internal data |
213 | * @return TRUE if fingerprint type supported | |
552cc11b | 214 | */ |
da9724e6 | 215 | bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type, |
1384a42e | 216 | chunk_t *fp); |
7daf5226 | 217 | |
640ed4d5 MW |
218 | /** |
219 | * Check if a key has a given fingerprint of any kind. | |
220 | * | |
221 | * @param fp fingerprint to check | |
222 | * @return TRUE if key has given fingerprint | |
223 | */ | |
224 | bool (*has_fingerprint)(public_key_t *this, chunk_t fp); | |
225 | ||
552cc11b | 226 | /** |
1384a42e | 227 | * Get the key in an encoded form as a chunk. |
552cc11b | 228 | * |
0ceb2888 | 229 | * @param type type of the encoding, one of PUBKEY_* |
1384a42e MW |
230 | * @param encoding encoding of the key, allocated |
231 | * @return TRUE if encoding supported | |
552cc11b | 232 | */ |
da9724e6 | 233 | bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type, |
1384a42e | 234 | chunk_t *encoding); |
7daf5226 | 235 | |
552cc11b MW |
236 | /** |
237 | * Increase the refcount of the key. | |
238 | * | |
239 | * @return this with an increased refcount | |
240 | */ | |
241 | public_key_t* (*get_ref)(public_key_t *this); | |
7daf5226 | 242 | |
552cc11b MW |
243 | /** |
244 | * Destroy a public_key instance. | |
245 | */ | |
246 | void (*destroy)(public_key_t *this); | |
247 | }; | |
248 | ||
edd354db | 249 | /** |
b3ab7a48 | 250 | * Generic public key equals() implementation, usable by implementers. |
edd354db | 251 | * |
cbf5c2c6 | 252 | * @param public public key to check |
28623fc5 | 253 | * @param other key to compare |
edd354db MW |
254 | * @return TRUE if this is equal to other |
255 | */ | |
cbf5c2c6 | 256 | bool public_key_equals(public_key_t *public, public_key_t *other); |
edd354db | 257 | |
640ed4d5 | 258 | /** |
b3ab7a48 | 259 | * Generic public key has_fingerprint() implementation, usable by implementers. |
640ed4d5 | 260 | * |
cbf5c2c6 | 261 | * @param public public key to check |
4952dc11 | 262 | * @param fingerprint fingerprint to check |
640ed4d5 MW |
263 | * @return TRUE if key has given fingerprint |
264 | */ | |
cbf5c2c6 | 265 | bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint); |
640ed4d5 | 266 | |
f3e87f59 AS |
267 | /** |
268 | * Conversion of ASN.1 signature or hash OID to signature scheme. | |
7daf5226 | 269 | * |
f3e87f59 | 270 | * @param oid ASN.1 OID |
353294ea | 271 | * @return signature scheme, SIGN_UNKNOWN if OID is unsupported |
f3e87f59 AS |
272 | */ |
273 | signature_scheme_t signature_scheme_from_oid(int oid); | |
274 | ||
353294ea TB |
275 | /** |
276 | * Conversion of signature scheme to ASN.1 signature OID. | |
277 | * | |
278 | * @param scheme signature scheme | |
279 | * @return ASN.1 OID, OID_UNKNOWN if not supported | |
280 | */ | |
281 | int signature_scheme_to_oid(signature_scheme_t scheme); | |
282 | ||
1f648d75 TB |
283 | /** |
284 | * Enumerate signature schemes that are appropriate for a key of the given type | |
6f97c0d5 | 285 | * and size|strength ordered by increasing strength. |
1f648d75 TB |
286 | * |
287 | * @param type type of the key | |
288 | * @param size size or strength of the key | |
6f97c0d5 | 289 | * @return enumerator over signature_params_t* (by strength) |
1f648d75 TB |
290 | */ |
291 | enumerator_t *signature_schemes_for_key(key_type_t type, int size); | |
292 | ||
0f29f5ed TB |
293 | /** |
294 | * Determine the type of key associated with a given signature scheme. | |
295 | * | |
296 | * @param scheme signature scheme | |
297 | * @return key type (could be KEY_ANY) | |
298 | */ | |
299 | key_type_t key_type_from_signature_scheme(signature_scheme_t scheme); | |
300 | ||
1f648d75 | 301 | |
1490ff4d | 302 | #endif /** PUBLIC_KEY_H_ @}*/ |