303d0b592b0959697739076268e51c4c6eb9cdd4
[strongswan.git] / src / libstrongswan / credentials / keys / public_key.h
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup public_key public_key
18 * @{ @ingroup keys
19 */
20
21 #ifndef PUBLIC_KEY_H_
22 #define PUBLIC_KEY_H_
23
24 typedef struct public_key_t public_key_t;
25 typedef enum key_type_t key_type_t;
26 typedef enum signature_scheme_t signature_scheme_t;
27 typedef enum encryption_scheme_t encryption_scheme_t;
28
29 #include <library.h>
30 #include <utils/identification.h>
31 #include <credentials/cred_encoding.h>
32
33 /**
34 * Type of a key pair, the used crypto system
35 */
36 enum key_type_t {
37 /** key type wildcard */
38 KEY_ANY = 0,
39 /** RSA crypto system as in PKCS#1 */
40 KEY_RSA = 1,
41 /** ECDSA as in ANSI X9.62 */
42 KEY_ECDSA = 2,
43 /** DSA */
44 KEY_DSA = 3,
45 /** ElGamal, ... */
46 };
47
48 /**
49 * Enum names for key_type_t
50 */
51 extern enum_name_t *key_type_names;
52
53 /**
54 * Signature scheme for signature creation
55 *
56 * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
57 * A prepended ASN.1 encoded digestInfo field contains the
58 * OID of the used hash algorithm.
59 */
60 enum signature_scheme_t {
61 /** Unknown signature scheme */
62 SIGN_UNKNOWN,
63 /** Generic PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
64 SIGN_RSA_SHA1,
65 /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
66 SIGN_RSA_EMSA_PKCS1_NULL,
67 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
68 SIGN_RSA_EMSA_PKCS1_MD5,
69 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
70 SIGN_RSA_EMSA_PKCS1_SHA1,
71 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */
72 SIGN_RSA_EMSA_PKCS1_SHA224,
73 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
74 SIGN_RSA_EMSA_PKCS1_SHA256,
75 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
76 SIGN_RSA_EMSA_PKCS1_SHA384,
77 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
78 SIGN_RSA_EMSA_PKCS1_SHA512,
79 /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
80 SIGN_ECDSA_WITH_SHA1_DER,
81 /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
82 SIGN_ECDSA_WITH_SHA256_DER,
83 /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */
84 SIGN_ECDSA_WITH_SHA384_DER,
85 /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
86 SIGN_ECDSA_WITH_SHA512_DER,
87 /** ECDSA over precomputed digest, signature as in RFC 4754 */
88 SIGN_ECDSA_WITH_NULL,
89 /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
90 SIGN_ECDSA_256,
91 /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
92 SIGN_ECDSA_384,
93 /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
94 SIGN_ECDSA_521,
95 };
96
97 /**
98 * Enum names for signature_scheme_t
99 */
100 extern enum_name_t *signature_scheme_names;
101
102 /**
103 * Encryption scheme for public key data encryption.
104 */
105 enum encryption_scheme_t {
106 /** Unknown encryption scheme */
107 ENCRYPT_UNKNOWN,
108 /** RSAES-PKCS1-v1_5 as in PKCS#1 */
109 ENCRYPT_RSA_PKCS1,
110 /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
111 ENCRYPT_RSA_OAEP_SHA1,
112 /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
113 ENCRYPT_RSA_OAEP_SHA224,
114 /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
115 ENCRYPT_RSA_OAEP_SHA256,
116 /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
117 ENCRYPT_RSA_OAEP_SHA384,
118 /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
119 ENCRYPT_RSA_OAEP_SHA512,
120 };
121
122 /**
123 * Enum names for encryption_scheme_t
124 */
125 extern enum_name_t *encryption_scheme_names;
126
127 /**
128 * Abstract interface of a public key.
129 */
130 struct public_key_t {
131
132 /**
133 * Get the key type.
134 *
135 * @return type of the key
136 */
137 key_type_t (*get_type)(public_key_t *this);
138
139 /**
140 * Verifies a signature against a chunk of data.
141 *
142 * @param scheme signature scheme to use for verification, may be default
143 * @param data data to check signature against
144 * @param signature signature to check
145 * @return TRUE if signature matches
146 */
147 bool (*verify)(public_key_t *this, signature_scheme_t scheme,
148 chunk_t data, chunk_t signature);
149
150 /**
151 * Encrypt a chunk of data.
152 *
153 * @param scheme encryption scheme to use
154 * @param plain chunk containing plaintext data
155 * @param crypto where to allocate encrypted data
156 * @return TRUE if data successfully encrypted
157 */
158 bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
159 chunk_t plain, chunk_t *crypto);
160
161 /**
162 * Check if two public keys are equal.
163 *
164 * @param other other public key
165 * @return TRUE, if equality
166 */
167 bool (*equals)(public_key_t *this, public_key_t *other);
168
169 /**
170 * Get the strength of the key in bits.
171 *
172 * @return strength of the key in bits
173 */
174 int (*get_keysize) (public_key_t *this);
175
176 /**
177 * Get the fingerprint of the key.
178 *
179 * @param type type of fingerprint, one of KEYID_*
180 * @param fp fingerprint, points to internal data
181 * @return TRUE if fingerprint type supported
182 */
183 bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
184 chunk_t *fp);
185
186 /**
187 * Check if a key has a given fingerprint of any kind.
188 *
189 * @param fp fingerprint to check
190 * @return TRUE if key has given fingerprint
191 */
192 bool (*has_fingerprint)(public_key_t *this, chunk_t fp);
193
194 /**
195 * Get the key in an encoded form as a chunk.
196 *
197 * @param type type of the encoding, one of PRIVKEY_*
198 * @param encoding encoding of the key, allocated
199 * @return TRUE if encoding supported
200 */
201 bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
202 chunk_t *encoding);
203
204 /**
205 * Increase the refcount of the key.
206 *
207 * @return this with an increased refcount
208 */
209 public_key_t* (*get_ref)(public_key_t *this);
210
211 /**
212 * Destroy a public_key instance.
213 */
214 void (*destroy)(public_key_t *this);
215 };
216
217 /**
218 * Generic public key equals() implementation, usable by implementors.
219 *
220 * @param public public key to check
221 * @param other key to compare
222 * @return TRUE if this is equal to other
223 */
224 bool public_key_equals(public_key_t *public, public_key_t *other);
225
226 /**
227 * Generic public key has_fingerprint() implementation, usable by implementors.
228 *
229 * @param public public key to check
230 * @param fingerprint fingerprint to check
231 * @return TRUE if key has given fingerprint
232 */
233 bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);
234
235 /**
236 * Conversion of ASN.1 signature or hash OID to signature scheme.
237 *
238 * @param oid ASN.1 OID
239 * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
240 */
241 signature_scheme_t signature_scheme_from_oid(int oid);
242
243 #endif /** PUBLIC_KEY_H_ @}*/