2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * @defgroup public_key public_key
24 typedef struct public_key_t public_key_t
;
25 typedef enum key_type_t key_type_t
;
26 typedef enum key_id_type_t key_id_type_t
;
27 typedef enum signature_scheme_t signature_scheme_t
;
30 #include <utils/identification.h>
31 #include <credentials/keys/key_encoding.h>
34 * Type of a key pair, the used crypto system
37 /** key type wildcard */
39 /** RSA crypto system as in PKCS#1 */
41 /** ECDSA as in ANSI X9.62 */
49 * Enum names for key_type_t
51 extern enum_name_t
*key_type_names
;
54 * Signature scheme for signature creation
56 * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
57 * A prepended ASN.1 encoded digestInfo field contains the
58 * OID of the used hash algorithm.
60 enum signature_scheme_t
{
61 /** Unknown signature scheme */
63 /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
64 SIGN_RSA_EMSA_PKCS1_NULL
,
65 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
66 SIGN_RSA_EMSA_PKCS1_MD5
,
67 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
68 SIGN_RSA_EMSA_PKCS1_SHA1
,
69 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */
70 SIGN_RSA_EMSA_PKCS1_SHA224
,
71 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
72 SIGN_RSA_EMSA_PKCS1_SHA256
,
73 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
74 SIGN_RSA_EMSA_PKCS1_SHA384
,
75 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
76 SIGN_RSA_EMSA_PKCS1_SHA512
,
77 /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
78 SIGN_ECDSA_WITH_SHA1_DER
,
79 /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
80 SIGN_ECDSA_WITH_SHA256_DER
,
81 /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */
82 SIGN_ECDSA_WITH_SHA384_DER
,
83 /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
84 SIGN_ECDSA_WITH_SHA512_DER
,
85 /** ECDSA over precomputed digest, signature as in RFC 4754 */
87 /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
89 /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
91 /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
96 * Enum names for signature_scheme_t
98 extern enum_name_t
*signature_scheme_names
;
101 * Abstract interface of a public key.
103 struct public_key_t
{
108 * @return type of the key
110 key_type_t (*get_type
)(public_key_t
*this);
113 * Verifies a signature against a chunk of data.
115 * @param scheme signature scheme to use for verification, may be default
116 * @param data data to check signature against
117 * @param signature signature to check
118 * @return TRUE if signature matches
120 bool (*verify
)(public_key_t
*this, signature_scheme_t scheme
,
121 chunk_t data
, chunk_t signature
);
124 * Encrypt a chunk of data.
126 * @param plain chunk containing plaintext data
127 * @param crypto where to allocate encrypted data
128 * @return TRUE if data successfully encrypted
130 bool (*encrypt
)(public_key_t
*this, chunk_t plain
, chunk_t
*crypto
);
133 * Check if two public keys are equal.
135 * @param other other public key
136 * @return TRUE, if equality
138 bool (*equals
)(public_key_t
*this, public_key_t
*other
);
141 * Get the strength of the key in bytes.
143 * @return strength of the key in bytes
145 size_t (*get_keysize
) (public_key_t
*this);
148 * Get the fingerprint of the key.
150 * @param type type of fingerprint, one of KEY_ID_*
151 * @param fp fingerprint, points to internal data
152 * @return TRUE if fingerprint type supported
154 bool (*get_fingerprint
)(public_key_t
*this, key_encoding_type_t type
,
158 * Check if a key has a given fingerprint of any kind.
160 * @param fp fingerprint to check
161 * @return TRUE if key has given fingerprint
163 bool (*has_fingerprint
)(public_key_t
*this, chunk_t fp
);
166 * Get the key in an encoded form as a chunk.
168 * @param type type of the encoding, one of KEY_PRIV_*
169 * @param encoding encoding of the key, allocated
170 * @return TRUE if encoding supported
172 bool (*get_encoding
)(public_key_t
*this, key_encoding_type_t type
,
176 * Increase the refcount of the key.
178 * @return this with an increased refcount
180 public_key_t
* (*get_ref
)(public_key_t
*this);
183 * Destroy a public_key instance.
185 void (*destroy
)(public_key_t
*this);
189 * Generic public key equals() implementation, usable by implementors.
191 * @param this first key to compare
192 * @param other second key to compare
193 * @return TRUE if this is equal to other
195 bool public_key_equals(public_key_t
*this, public_key_t
*other
);
198 * Generic public key has_fingerprint() implementation, usable by implementors.
200 * @param this key to check fingerprint
201 * @param fp fingerprint to check
202 * @return TRUE if key has given fingerprint
204 bool public_key_has_fingerprint(public_key_t
*this, chunk_t fingerprint
);
207 * Conversion of ASN.1 signature or hash OID to signature scheme.
209 * @param oid ASN.1 OID
210 * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
212 signature_scheme_t
signature_scheme_from_oid(int oid
);
214 #endif /** PUBLIC_KEY_H_ @}*/