[thirdparty/strongswan.git] / src / libstrongswan / credentials / keys / public_key.h

/*
 * Copyright (C) 2015-2017 Tobias Brunner
 * Copyright (C) 2014-2017 Andreas Steffen
 * Copyright (C) 2007 Martin Willi
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup public_key public_key
 * @{ @ingroup keys
 */

#ifndef PUBLIC_KEY_H_
#define PUBLIC_KEY_H_

typedef struct public_key_t public_key_t;
typedef enum key_type_t key_type_t;
typedef enum signature_scheme_t signature_scheme_t;
typedef enum encryption_scheme_t encryption_scheme_t;

#include <utils/identification.h>
#include <credentials/cred_encoding.h>

/**
 * Type of a key pair, the used crypto system
 */
enum key_type_t {
	/** key type wildcard */
	KEY_ANY     = 0,
	/** RSA crypto system as in PKCS#1 */
	KEY_RSA     = 1,
	/** ECDSA as in ANSI X9.62 */
	KEY_ECDSA   = 2,
	/** DSA */
	KEY_DSA     = 3,
	/** Ed25519 PureEdDSA instance as in RFC 8032 */
	KEY_ED25519 = 4,
	/** Ed448   PureEdDSA instance as in RFC 8032 */
	KEY_ED448   = 5,
	/** BLISS */
	KEY_BLISS = 6,
};

/**
 * Enum names for key_type_t
 */
extern enum_name_t *key_type_names;

/**
 * Signature scheme for signature creation
 *
 * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
 * A prepended ASN.1 encoded digestInfo field contains the
 * OID of the used hash algorithm.
 */
enum signature_scheme_t {
	/** Unknown signature scheme                                       */
	SIGN_UNKNOWN,
	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo       */
	SIGN_RSA_EMSA_PKCS1_NULL,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5       */
	SIGN_RSA_EMSA_PKCS1_MD5,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
	SIGN_RSA_EMSA_PKCS1_SHA1,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
	SIGN_RSA_EMSA_PKCS1_SHA2_224,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
	SIGN_RSA_EMSA_PKCS1_SHA2_256,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
	SIGN_RSA_EMSA_PKCS1_SHA2_384,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
	SIGN_RSA_EMSA_PKCS1_SHA2_512,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
	SIGN_RSA_EMSA_PKCS1_SHA3_224,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
	SIGN_RSA_EMSA_PKCS1_SHA3_256,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
	SIGN_RSA_EMSA_PKCS1_SHA3_384,
	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
	SIGN_RSA_EMSA_PKCS1_SHA3_512,
	/** EMSA-PSS signature as in PKCS#1 using RSA                      */
	SIGN_RSA_EMSA_PSS,
	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
	SIGN_ECDSA_WITH_SHA1_DER,
	/** ECDSA with SHA-256 using DER encoding as in RFC 3279           */
	SIGN_ECDSA_WITH_SHA256_DER,
	/** ECDSA with SHA-384 using DER encoding as in RFC 3279           */
	SIGN_ECDSA_WITH_SHA384_DER,
	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
	SIGN_ECDSA_WITH_SHA512_DER,
	/** ECDSA over precomputed digest, signature as in RFC 4754        */
	SIGN_ECDSA_WITH_NULL,
	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754           */
	SIGN_ECDSA_256,
	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754           */
	SIGN_ECDSA_384,
	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
	SIGN_ECDSA_521,
	/** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */
	SIGN_ED25519,
	/** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA)   */
	SIGN_ED448,
	/** BLISS with SHA-2_256                                           */
	SIGN_BLISS_WITH_SHA2_256,
	/** BLISS with SHA-2_384                                           */
	SIGN_BLISS_WITH_SHA2_384,
	/** BLISS with SHA-2_512                                           */
	SIGN_BLISS_WITH_SHA2_512,
	/** BLISS with SHA-3_256                                           */
	SIGN_BLISS_WITH_SHA3_256,
	/** BLISS with SHA-3_384                                           */
	SIGN_BLISS_WITH_SHA3_384,
	/** BLISS with SHA-3_512                                           */
	SIGN_BLISS_WITH_SHA3_512,
};

/**
 * Enum names for signature_scheme_t
 */
extern enum_name_t *signature_scheme_names;

/**
 * Encryption scheme for public key data encryption.
 */
enum encryption_scheme_t {
	/** Unknown encryption scheme                                      */
	ENCRYPT_UNKNOWN,
	/** RSAES-PKCS1-v1_5 as in PKCS#1                                  */
	ENCRYPT_RSA_PKCS1,
	/** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label          */
	ENCRYPT_RSA_OAEP_SHA1,
	/** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA224,
	/** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA256,
	/** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA384,
	/** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label       */
	ENCRYPT_RSA_OAEP_SHA512,
};

/**
 * Enum names for encryption_scheme_t
 */
extern enum_name_t *encryption_scheme_names;

/**
 * Abstract interface of a public key.
 */
struct public_key_t {

	/**
	 * Get the key type.
	 *
	 * @return			type of the key
	 */
	key_type_t (*get_type)(public_key_t *this);

	/**
	 * Verifies a signature against a chunk of data.
	 *
	 * @param scheme	signature scheme to use for verification
	 * @param params	optional parameters required by the specified scheme
	 * @param data		data to check signature against
	 * @param signature	signature to check
	 * @return			TRUE if signature matches
	 */
	bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params,
				   chunk_t data, chunk_t signature);

	/**
	 * Encrypt a chunk of data.
	 *
	 * @param scheme	encryption scheme to use
	 * @param plain		chunk containing plaintext data
	 * @param crypto	where to allocate encrypted data
	 * @return			TRUE if data successfully encrypted
	 */
	bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
					chunk_t plain, chunk_t *crypto);

	/**
	 * Check if two public keys are equal.
	 *
	 * @param other		other public key
	 * @return			TRUE, if equality
	 */
	bool (*equals)(public_key_t *this, public_key_t *other);

	/**
	 * Get the strength of the key in bits.
	 *
	 * @return			strength of the key in bits
	 */
	int (*get_keysize) (public_key_t *this);

	/**
	 * Get the fingerprint of the key.
	 *
	 * @param type		type of fingerprint, one of KEYID_*
	 * @param fp		fingerprint, points to internal data
	 * @return			TRUE if fingerprint type supported
	 */
	bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
							chunk_t *fp);

	/**
	 * Check if a key has a given fingerprint of any kind.
	 *
	 * @param fp		fingerprint to check
	 * @return			TRUE if key has given fingerprint
	 */
	bool (*has_fingerprint)(public_key_t *this, chunk_t fp);

	/**
	 * Get the key in an encoded form as a chunk.
	 *
	 * @param type		type of the encoding, one of PUBKEY_*
	 * @param encoding	encoding of the key, allocated
	 * @return			TRUE if encoding supported
	 */
	bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
						 chunk_t *encoding);

	/**
	 * Increase the refcount of the key.
	 *
	 * @return			this with an increased refcount
	 */
	public_key_t* (*get_ref)(public_key_t *this);

	/**
	 * Destroy a public_key instance.
	 */
	void (*destroy)(public_key_t *this);
};

/**
 * Generic public key equals() implementation, usable by implementors.
 *
 * @param public		public key to check
 * @param other			key to compare
 * @return				TRUE if this is equal to other
 */
bool public_key_equals(public_key_t *public, public_key_t *other);

/**
 * Generic public key has_fingerprint() implementation, usable by implementors.
 *
 * @param public		public key to check
 * @param fingerprint	fingerprint to check
 * @return				TRUE if key has given fingerprint
 */
bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);

/**
 * Conversion of ASN.1 signature or hash OID to signature scheme.
 *
 * @param oid			ASN.1 OID
 * @return				signature scheme, SIGN_UNKNOWN if OID is unsupported
 */
signature_scheme_t signature_scheme_from_oid(int oid);

/**
 * Conversion of signature scheme to ASN.1 signature OID.
 *
 * @param scheme		signature scheme
 * @return				ASN.1 OID, OID_UNKNOWN if not supported
 */
int signature_scheme_to_oid(signature_scheme_t scheme);

/**
 * Enumerate signature schemes that are appropriate for a key of the given type
 * and size|strength ordered by increasing strength.
 *
 * @param type			type of the key
 * @param size			size or strength of the key
 * @return				enumerator over signature_params_t* (by strength)
 */
enumerator_t *signature_schemes_for_key(key_type_t type, int size);

/**
 * Determine the type of key associated with a given signature scheme.
 *
 * @param scheme		signature scheme
 * @return				key type (could be KEY_ANY)
 */
key_type_t key_type_from_signature_scheme(signature_scheme_t scheme);


#endif /** PUBLIC_KEY_H_ @}*/
Commit	Line	Data
552cc11b	1	/*
a413571f	2	* Copyright (C) 2015-2017 Tobias Brunner
db1ab1cd	3	* Copyright (C) 2014-2017 Andreas Steffen
a413571f	4	* Copyright (C) 2007 Martin Willi
9d5b91d1	5	* HSR Hochschule fuer Technik Rapperswil
552cc11b MW	6	*
	7	* This program is free software; you can redistribute it and/or modify it
	8	* under the terms of the GNU General Public License as published by the
	9	* Free Software Foundation; either version 2 of the License, or (at your
	10	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	11	*
	12	* This program is distributed in the hope that it will be useful, but
	13	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	14	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	15	* for more details.
552cc11b	16	*/
7daf5226	17
552cc11b MW	18	/**
	19	* @defgroup public_key public_key
	20	* @{ @ingroup keys
	21	*/
	22
	23	#ifndef PUBLIC_KEY_H_
	24	#define PUBLIC_KEY_H_
	25
	26	typedef struct public_key_t public_key_t;
	27	typedef enum key_type_t key_type_t;
552cc11b	28	typedef enum signature_scheme_t signature_scheme_t;
33ddaaab	29	typedef enum encryption_scheme_t encryption_scheme_t;
552cc11b	30
552cc11b	31	#include <utils/identification.h>
24d327ab	32	#include <credentials/cred_encoding.h>
552cc11b MW	33
	34	/**
	35	* Type of a key pair, the used crypto system
	36	*/
	37	enum key_type_t {
	38	/** key type wildcard */
35bc60cc	39	KEY_ANY = 0,
552cc11b	40	/** RSA crypto system as in PKCS#1 */
35bc60cc	41	KEY_RSA = 1,
ea0823df	42	/** ECDSA as in ANSI X9.62 */
35bc60cc	43	KEY_ECDSA = 2,
8b799d55	44	/** DSA */
35bc60cc	45	KEY_DSA = 3,
db1ab1cd	46	/** Ed25519 PureEdDSA instance as in RFC 8032 */
35bc60cc	47	KEY_ED25519 = 4,
db1ab1cd	48	/** Ed448 PureEdDSA instance as in RFC 8032 */
35bc60cc	49	KEY_ED448 = 5,
9d5b91d1	50	/** BLISS */
35bc60cc	51	KEY_BLISS = 6,
552cc11b MW	52	};
	53
	54	/**
	55	* Enum names for key_type_t
	56	*/
	57	extern enum_name_t *key_type_names;
	58
	59	/**
	60	* Signature scheme for signature creation
	61	*
8b799d55	62	* EMSA-PKCS1 signatures are defined in PKCS#1 standard.
7daf5226	63	* A prepended ASN.1 encoded digestInfo field contains the
472cb4ce	64	* OID of the used hash algorithm.
552cc11b MW	65	*/
552cc11b MW	66	enum signature_scheme_t {
f3e87f59 AS	67	/** Unknown signature scheme */
f3e87f59 AS	68	SIGN_UNKNOWN,
8b799d55 AS	69	/** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
	70	SIGN_RSA_EMSA_PKCS1_NULL,
	71	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
552cc11b	72	SIGN_RSA_EMSA_PKCS1_MD5,
8b799d55	73	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
552cc11b	74	SIGN_RSA_EMSA_PKCS1_SHA1,
40f2589a AS	75	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
	76	SIGN_RSA_EMSA_PKCS1_SHA2_224,
	77	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
	78	SIGN_RSA_EMSA_PKCS1_SHA2_256,
	79	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
	80	SIGN_RSA_EMSA_PKCS1_SHA2_384,
	81	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
	82	SIGN_RSA_EMSA_PKCS1_SHA2_512,
	83	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
	84	SIGN_RSA_EMSA_PKCS1_SHA3_224,
	85	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
	86	SIGN_RSA_EMSA_PKCS1_SHA3_256,
	87	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
	88	SIGN_RSA_EMSA_PKCS1_SHA3_384,
	89	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
	90	SIGN_RSA_EMSA_PKCS1_SHA3_512,
677072ac TB	91	/** EMSA-PSS signature as in PKCS#1 using RSA */
677072ac TB	92	SIGN_RSA_EMSA_PSS,
472cb4ce MW	93	/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
	94	SIGN_ECDSA_WITH_SHA1_DER,
	95	/** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
	96	SIGN_ECDSA_WITH_SHA256_DER,
	97	/** ECDSA with SHA-384 using DER encoding as in RFC 3279 */
	98	SIGN_ECDSA_WITH_SHA384_DER,
	99	/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
	100	SIGN_ECDSA_WITH_SHA512_DER,
	101	/** ECDSA over precomputed digest, signature as in RFC 4754 */
11e6d285	102	SIGN_ECDSA_WITH_NULL,
8b799d55	103	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
ea0823df	104	SIGN_ECDSA_256,
8b799d55	105	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
ea0823df	106	SIGN_ECDSA_384,
8b799d55	107	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
ea0823df	108	SIGN_ECDSA_521,
db1ab1cd	109	/** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */
35bc60cc	110	SIGN_ED25519,
db1ab1cd	111	/** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA) */
35bc60cc	112	SIGN_ED448,
a88d9589 AS	113	/** BLISS with SHA-2_256 */
	114	SIGN_BLISS_WITH_SHA2_256,
	115	/** BLISS with SHA-2_384 */
	116	SIGN_BLISS_WITH_SHA2_384,
	117	/** BLISS with SHA-2_512 */
	118	SIGN_BLISS_WITH_SHA2_512,
f6fede93 AS	119	/** BLISS with SHA-3_256 */
	120	SIGN_BLISS_WITH_SHA3_256,
	121	/** BLISS with SHA-3_384 */
	122	SIGN_BLISS_WITH_SHA3_384,
	123	/** BLISS with SHA-3_512 */
	124	SIGN_BLISS_WITH_SHA3_512,
552cc11b MW	125	};
	126
	127	/**
	128	* Enum names for signature_scheme_t
	129	*/
	130	extern enum_name_t *signature_scheme_names;
	131
33ddaaab MW	132	/**
	133	* Encryption scheme for public key data encryption.
	134	*/
	135	enum encryption_scheme_t {
	136	/** Unknown encryption scheme */
	137	ENCRYPT_UNKNOWN,
	138	/** RSAES-PKCS1-v1_5 as in PKCS#1 */
	139	ENCRYPT_RSA_PKCS1,
	140	/** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
	141	ENCRYPT_RSA_OAEP_SHA1,
	142	/** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
	143	ENCRYPT_RSA_OAEP_SHA224,
	144	/** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
	145	ENCRYPT_RSA_OAEP_SHA256,
	146	/** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
	147	ENCRYPT_RSA_OAEP_SHA384,
	148	/** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
	149	ENCRYPT_RSA_OAEP_SHA512,
	150	};
	151
	152	/**
	153	* Enum names for encryption_scheme_t
	154	*/
	155	extern enum_name_t *encryption_scheme_names;
	156
552cc11b MW	157	/**
	158	* Abstract interface of a public key.
	159	*/
	160	struct public_key_t {
	161
	162	/**
	163	* Get the key type.
	164	*
	165	* @return type of the key
	166	*/
	167	key_type_t (get_type)(public_key_t this);
7daf5226	168
552cc11b MW	169	/**
	170	* Verifies a signature against a chunk of data.
	171	*
a413571f TB	172	* @param scheme signature scheme to use for verification
a413571f TB	173	* @param params optional parameters required by the specified scheme
552cc11b MW	174	* @param data data to check signature against
	175	* @param signature signature to check
	176	* @return TRUE if signature matches
	177	*/
a413571f	178	bool (verify)(public_key_t this, signature_scheme_t scheme, void *params,
552cc11b	179	chunk_t data, chunk_t signature);
7daf5226	180
552cc11b MW	181	/**
	182	* Encrypt a chunk of data.
	183	*
33ddaaab	184	* @param scheme encryption scheme to use
8b799d55 AS	185	* @param plain chunk containing plaintext data
8b799d55 AS	186	* @param crypto where to allocate encrypted data
cbf5c2c6	187	* @return TRUE if data successfully encrypted
552cc11b	188	*/
33ddaaab MW	189	bool (encrypt)(public_key_t this, encryption_scheme_t scheme,
33ddaaab MW	190	chunk_t plain, chunk_t *crypto);
7daf5226	191
8b799d55 AS	192	/**
8b799d55 AS	193	* Check if two public keys are equal.
7daf5226	194	*
8b799d55 AS	195	* @param other other public key
	196	* @return TRUE, if equality
	197	*/
	198	bool (equals)(public_key_t this, public_key_t *other);
	199
552cc11b	200	/**
a944d209	201	* Get the strength of the key in bits.
7daf5226	202	*
a944d209	203	* @return strength of the key in bits
552cc11b	204	*/
a944d209	205	int (get_keysize) (public_key_t this);
7daf5226	206
552cc11b	207	/**
1384a42e MW	208	* Get the fingerprint of the key.
1384a42e MW	209	*
da9724e6	210	* @param type type of fingerprint, one of KEYID_*
1384a42e MW	211	* @param fp fingerprint, points to internal data
1384a42e MW	212	* @return TRUE if fingerprint type supported
552cc11b	213	*/
da9724e6	214	bool (get_fingerprint)(public_key_t this, cred_encoding_type_t type,
1384a42e	215	chunk_t *fp);
7daf5226	216
640ed4d5 MW	217	/**
	218	* Check if a key has a given fingerprint of any kind.
	219	*
	220	* @param fp fingerprint to check
	221	* @return TRUE if key has given fingerprint
	222	*/
	223	bool (has_fingerprint)(public_key_t this, chunk_t fp);
	224
552cc11b	225	/**
1384a42e	226	* Get the key in an encoded form as a chunk.
552cc11b	227	*
0ceb2888	228	* @param type type of the encoding, one of PUBKEY_*
1384a42e MW	229	* @param encoding encoding of the key, allocated
1384a42e MW	230	* @return TRUE if encoding supported
552cc11b	231	*/
da9724e6	232	bool (get_encoding)(public_key_t this, cred_encoding_type_t type,
1384a42e	233	chunk_t *encoding);
7daf5226	234
552cc11b MW	235	/**
	236	* Increase the refcount of the key.
	237	*
	238	* @return this with an increased refcount
	239	*/
	240	public_key_t* (get_ref)(public_key_t this);
7daf5226	241
552cc11b MW	242	/**
	243	* Destroy a public_key instance.
	244	*/
	245	void (destroy)(public_key_t this);
	246	};
	247
edd354db MW	248	/**
	249	* Generic public key equals() implementation, usable by implementors.
	250	*
cbf5c2c6	251	* @param public public key to check
28623fc5	252	* @param other key to compare
edd354db MW	253	* @return TRUE if this is equal to other
edd354db MW	254	*/
cbf5c2c6	255	bool public_key_equals(public_key_t public, public_key_t other);
edd354db	256
640ed4d5 MW	257	/**
	258	* Generic public key has_fingerprint() implementation, usable by implementors.
	259	*
cbf5c2c6	260	* @param public public key to check
4952dc11	261	* @param fingerprint fingerprint to check
640ed4d5 MW	262	* @return TRUE if key has given fingerprint
640ed4d5 MW	263	*/
cbf5c2c6	264	bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);
640ed4d5	265
f3e87f59 AS	266	/**
f3e87f59 AS	267	* Conversion of ASN.1 signature or hash OID to signature scheme.
7daf5226	268	*
f3e87f59	269	* @param oid ASN.1 OID
353294ea	270	* @return signature scheme, SIGN_UNKNOWN if OID is unsupported
f3e87f59 AS	271	*/
	272	signature_scheme_t signature_scheme_from_oid(int oid);
	273
353294ea TB	274	/**
	275	* Conversion of signature scheme to ASN.1 signature OID.
	276	*
	277	* @param scheme signature scheme
	278	* @return ASN.1 OID, OID_UNKNOWN if not supported
	279	*/
	280	int signature_scheme_to_oid(signature_scheme_t scheme);
	281
1f648d75 TB	282	/**
1f648d75 TB	283	* Enumerate signature schemes that are appropriate for a key of the given type
6f97c0d5	284	* and size\|strength ordered by increasing strength.
1f648d75 TB	285	*
	286	* @param type type of the key
	287	* @param size size or strength of the key
6f97c0d5	288	* @return enumerator over signature_params_t* (by strength)
1f648d75 TB	289	*/
	290	enumerator_t *signature_schemes_for_key(key_type_t type, int size);
	291
0f29f5ed TB	292	/**
	293	* Determine the type of key associated with a given signature scheme.
	294	*
	295	* @param scheme signature scheme
	296	* @return key type (could be KEY_ANY)
	297	*/
	298	key_type_t key_type_from_signature_scheme(signature_scheme_t scheme);
	299
1f648d75	300
1490ff4d	301	#endif /** PUBLIC_KEY_H_ @}*/