2 * Copyright (C) 2017 Tobias Brunner
3 * Copyright (C) 2007 Martin Willi
5 * Copyright (C) secunet Security Networks AG
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * @defgroup private_key private_key
23 #ifndef PRIVATE_KEY_H_
24 #define PRIVATE_KEY_H_
26 typedef struct private_key_t private_key_t
;
28 #include <credentials/cred_encoding.h>
29 #include <credentials/keys/public_key.h>
32 * Abstract private key interface.
34 struct private_key_t
{
39 * @return type of the key
41 key_type_t (*get_type
)(private_key_t
*this);
44 * Get signature schemes supported by this key.
46 * This is useful for keys that only support certain hash algorithms or
47 * require specific parameters for RSA/PSS signatures.
49 * @note Implementing this method is optional. If multiple schemes are
50 * returned, they should be ordered by decreasing preference.
52 * @return enumerator over signature_params_t*
54 enumerator_t
*(*supported_signature_schemes
)(private_key_t
*this);
57 * Create a signature over a chunk of data.
59 * @param scheme signature scheme to use
60 * @param params optional parameters required by the specified scheme
61 * @param data chunk of data to sign
62 * @param signature where to allocate created signature
63 * @return TRUE if signature created
65 bool (*sign
)(private_key_t
*this, signature_scheme_t scheme
, void *params
,
66 chunk_t data
, chunk_t
*signature
);
68 * Decrypt a chunk of data.
70 * @param scheme expected encryption scheme used
71 * @param params optional parameters required by the specified scheme
72 * @param crypto chunk containing encrypted data
73 * @param plain where to allocate decrypted data
74 * @return TRUE if data decrypted and plaintext allocated
76 bool (*decrypt
)(private_key_t
*this, encryption_scheme_t scheme
,
77 void *params
, chunk_t crypto
, chunk_t
*plain
);
80 * Get the strength of the key in bits.
82 * @return strength of the key in bits
84 int (*get_keysize
) (private_key_t
*this);
87 * Get the public part from the private key.
91 public_key_t
* (*get_public_key
)(private_key_t
*this);
94 * Check if two private keys are equal.
96 * @param other other private key
97 * @return TRUE, if equality
99 bool (*equals
) (private_key_t
*this, private_key_t
*other
);
102 * Check if a private key belongs to a public key.
104 * @param public public key
105 * @return TRUE, if keys belong together
107 bool (*belongs_to
) (private_key_t
*this, public_key_t
*public);
110 * Get the fingerprint of the key.
112 * @param type type of fingerprint, one of KEYID_*
113 * @param fp fingerprint, points to internal data
114 * @return TRUE if fingerprint type supported
116 bool (*get_fingerprint
)(private_key_t
*this, cred_encoding_type_t type
,
120 * Check if a key has a given fingerprint of any kind.
122 * @param fp fingerprint to check
123 * @return TRUE if key has given fingerprint
125 bool (*has_fingerprint
)(private_key_t
*this, chunk_t fp
);
128 * Get the key in an encoded form as a chunk.
130 * @param type type of the encoding, one of PRIVKEY_*
131 * @param encoding encoding of the key, allocated
132 * @return TRUE if encoding supported
134 bool (*get_encoding
)(private_key_t
*this, cred_encoding_type_t type
,
138 * Increase the refcount to this private key.
140 * @return this, with an increased refcount
142 private_key_t
* (*get_ref
)(private_key_t
*this);
145 * Decrease refcount, destroy private_key if no more references.
147 void (*destroy
)(private_key_t
*this);
151 * Generic private key equals() implementation, usable by implementers.
153 * @param private private key to check
154 * @param other key to compare
155 * @return TRUE if this is equal to other
157 bool private_key_equals(private_key_t
*private, private_key_t
*other
);
160 * Generic private key belongs_to() implementation, usable by implementers.
162 * @param private private key to check
163 * @param public public key to compare
164 * @return TRUE if this is equal to other
166 bool private_key_belongs_to(private_key_t
*private, public_key_t
*public);
169 * Generic private key has_fingerprint() implementation, usable by implementers.
171 * @param private private key to check
172 * @param fingerprint fingerprint to check
173 * @return TRUE if key has given fingerprint
175 bool private_key_has_fingerprint(private_key_t
*private, chunk_t fingerprint
);
177 #endif /** PRIVATE_KEY_H_ @}*/