2 * Copyright (C) 2015 Tobias Brunner
3 * Copyright (C) 2007 Martin Willi
4 * Copyright (C) 2014 Andreas Steffen
5 * HSR Hochschule fuer Technik Rapperswil
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 #include "public_key.h"
22 ENUM(key_type_names
, KEY_ANY
, KEY_BLISS
,
30 ENUM(signature_scheme_names
, SIGN_UNKNOWN
, SIGN_BLISS_WITH_SHA512
,
32 "RSA_EMSA_PKCS1_NULL",
34 "RSA_EMSA_PKCS1_SHA1",
35 "RSA_EMSA_PKCS1_SHA224",
36 "RSA_EMSA_PKCS1_SHA256",
37 "RSA_EMSA_PKCS1_SHA384",
38 "RSA_EMSA_PKCS1_SHA512",
39 "ECDSA_WITH_SHA1_DER",
40 "ECDSA_WITH_SHA256_DER",
41 "ECDSA_WITH_SHA384_DER",
42 "ECDSA_WITH_SHA512_DER",
52 ENUM(encryption_scheme_names
, ENCRYPT_UNKNOWN
, ENCRYPT_RSA_OAEP_SHA512
,
55 "ENCRYPT_RSA_OAEP_SHA1",
56 "ENCRYPT_RSA_OAEP_SHA224",
57 "ENCRYPT_RSA_OAEP_SHA256",
58 "ENCRYPT_RSA_OAEP_SHA384",
59 "ENCRYPT_RSA_OAEP_SHA512",
65 bool public_key_equals(public_key_t
*this, public_key_t
*other
)
67 cred_encoding_type_t type
;
75 for (type
= 0; type
< CRED_ENCODING_MAX
; type
++)
77 if (this->get_fingerprint(this, type
, &a
) &&
78 other
->get_fingerprint(other
, type
, &b
))
80 return chunk_equals(a
, b
);
89 bool public_key_has_fingerprint(public_key_t
*public, chunk_t fingerprint
)
91 cred_encoding_type_t type
;
94 for (type
= 0; type
< KEYID_MAX
; type
++)
96 if (public->get_fingerprint(public, type
, ¤t
) &&
97 chunk_equals(current
, fingerprint
))
108 signature_scheme_t
signature_scheme_from_oid(int oid
)
112 case OID_MD5_WITH_RSA
:
114 return SIGN_RSA_EMSA_PKCS1_MD5
;
115 case OID_SHA1_WITH_RSA
:
117 return SIGN_RSA_EMSA_PKCS1_SHA1
;
118 case OID_SHA224_WITH_RSA
:
120 return SIGN_RSA_EMSA_PKCS1_SHA224
;
121 case OID_SHA256_WITH_RSA
:
123 return SIGN_RSA_EMSA_PKCS1_SHA256
;
124 case OID_SHA384_WITH_RSA
:
126 return SIGN_RSA_EMSA_PKCS1_SHA384
;
127 case OID_SHA512_WITH_RSA
:
129 return SIGN_RSA_EMSA_PKCS1_SHA512
;
130 case OID_ECDSA_WITH_SHA1
:
131 case OID_EC_PUBLICKEY
:
132 return SIGN_ECDSA_WITH_SHA1_DER
;
133 case OID_ECDSA_WITH_SHA256
:
134 return SIGN_ECDSA_WITH_SHA256_DER
;
135 case OID_ECDSA_WITH_SHA384
:
136 return SIGN_ECDSA_WITH_SHA384_DER
;
137 case OID_ECDSA_WITH_SHA512
:
138 return SIGN_ECDSA_WITH_SHA512_DER
;
139 case OID_BLISS_PUBLICKEY
:
140 case OID_BLISS_WITH_SHA512
:
141 return SIGN_BLISS_WITH_SHA512
;
142 case OID_BLISS_WITH_SHA256
:
143 return SIGN_BLISS_WITH_SHA256
;
144 case OID_BLISS_WITH_SHA384
:
145 return SIGN_BLISS_WITH_SHA384
;
153 int signature_scheme_to_oid(signature_scheme_t scheme
)
158 case SIGN_RSA_EMSA_PKCS1_NULL
:
159 case SIGN_ECDSA_WITH_NULL
:
164 case SIGN_RSA_EMSA_PKCS1_MD5
:
165 return OID_MD5_WITH_RSA
;
166 case SIGN_RSA_EMSA_PKCS1_SHA1
:
167 return OID_SHA1_WITH_RSA
;
168 case SIGN_RSA_EMSA_PKCS1_SHA224
:
169 return OID_SHA224_WITH_RSA
;
170 case SIGN_RSA_EMSA_PKCS1_SHA256
:
171 return OID_SHA256_WITH_RSA
;
172 case SIGN_RSA_EMSA_PKCS1_SHA384
:
173 return OID_SHA384_WITH_RSA
;
174 case SIGN_RSA_EMSA_PKCS1_SHA512
:
175 return OID_SHA512_WITH_RSA
;
176 case SIGN_ECDSA_WITH_SHA1_DER
:
177 return OID_ECDSA_WITH_SHA1
;
178 case SIGN_ECDSA_WITH_SHA256_DER
:
179 return OID_ECDSA_WITH_SHA256
;
180 case SIGN_ECDSA_WITH_SHA384_DER
:
181 return OID_ECDSA_WITH_SHA384
;
182 case SIGN_ECDSA_WITH_SHA512_DER
:
183 return OID_ECDSA_WITH_SHA512
;
184 case SIGN_BLISS_WITH_SHA256
:
185 return OID_BLISS_WITH_SHA256
;
186 case SIGN_BLISS_WITH_SHA384
:
187 return OID_BLISS_WITH_SHA384
;
188 case SIGN_BLISS_WITH_SHA512
:
189 return OID_BLISS_WITH_SHA512
;
195 * Map for signature schemes to the key type and maximum key size allowed.
196 * We only cover schemes with hash algorithms supported by IKEv2 signature
200 signature_scheme_t scheme
;
204 { SIGN_RSA_EMSA_PKCS1_SHA256
, KEY_RSA
, 3072 },
205 { SIGN_RSA_EMSA_PKCS1_SHA384
, KEY_RSA
, 7680 },
206 { SIGN_RSA_EMSA_PKCS1_SHA512
, KEY_RSA
, 0 },
207 { SIGN_ECDSA_WITH_SHA256_DER
, KEY_ECDSA
, 256 },
208 { SIGN_ECDSA_WITH_SHA384_DER
, KEY_ECDSA
, 384 },
209 { SIGN_ECDSA_WITH_SHA512_DER
, KEY_ECDSA
, 0 },
210 { SIGN_BLISS_WITH_SHA256
, KEY_BLISS
, 128 },
211 { SIGN_BLISS_WITH_SHA384
, KEY_BLISS
, 192 },
212 { SIGN_BLISS_WITH_SHA512
, KEY_BLISS
, 0 },
216 * Private data for signature scheme enumerator
223 } private_enumerator_t
;
225 METHOD(enumerator_t
, signature_schemes_enumerate
, bool,
226 private_enumerator_t
*this, signature_scheme_t
*scheme
)
228 while (++this->index
< countof(scheme_map
))
230 if (this->type
== scheme_map
[this->index
].type
&&
231 (this->size
<= scheme_map
[this->index
].max_keysize
||
232 !scheme_map
[this->index
].max_keysize
))
234 *scheme
= scheme_map
[this->index
].scheme
;
244 enumerator_t
*signature_schemes_for_key(key_type_t type
, int size
)
246 private_enumerator_t
*this;
250 .enumerate
= (void*)_signature_schemes_enumerate
,
251 .destroy
= (void*)free
,
258 return &this->public;
264 key_type_t
key_type_from_signature_scheme(signature_scheme_t scheme
)
270 case SIGN_RSA_EMSA_PKCS1_NULL
:
271 case SIGN_RSA_EMSA_PKCS1_MD5
:
272 case SIGN_RSA_EMSA_PKCS1_SHA1
:
273 case SIGN_RSA_EMSA_PKCS1_SHA224
:
274 case SIGN_RSA_EMSA_PKCS1_SHA256
:
275 case SIGN_RSA_EMSA_PKCS1_SHA384
:
276 case SIGN_RSA_EMSA_PKCS1_SHA512
:
278 case SIGN_ECDSA_WITH_SHA1_DER
:
279 case SIGN_ECDSA_WITH_SHA256_DER
:
280 case SIGN_ECDSA_WITH_SHA384_DER
:
281 case SIGN_ECDSA_WITH_SHA512_DER
:
282 case SIGN_ECDSA_WITH_NULL
:
287 case SIGN_BLISS_WITH_SHA256
:
288 case SIGN_BLISS_WITH_SHA384
:
289 case SIGN_BLISS_WITH_SHA512
: