Created framework for BLISS post-quantum signature algorithm
[strongswan.git] / src / libstrongswan / credentials / keys / public_key.h
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Copyright (C) 2014 Andreas Steffen
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 /**
18 * @defgroup public_key public_key
19 * @{ @ingroup keys
20 */
21
22 #ifndef PUBLIC_KEY_H_
23 #define PUBLIC_KEY_H_
24
25 typedef struct public_key_t public_key_t;
26 typedef enum key_type_t key_type_t;
27 typedef enum signature_scheme_t signature_scheme_t;
28 typedef enum encryption_scheme_t encryption_scheme_t;
29
30 #include <library.h>
31 #include <utils/identification.h>
32 #include <credentials/cred_encoding.h>
33
34 /**
35 * Type of a key pair, the used crypto system
36 */
37 enum key_type_t {
38 /** key type wildcard */
39 KEY_ANY = 0,
40 /** RSA crypto system as in PKCS#1 */
41 KEY_RSA = 1,
42 /** ECDSA as in ANSI X9.62 */
43 KEY_ECDSA = 2,
44 /** DSA */
45 KEY_DSA = 3,
46 /** BLISS */
47 KEY_BLISS = 4,
48 /** ElGamal, ... */
49 };
50
51 /**
52 * Enum names for key_type_t
53 */
54 extern enum_name_t *key_type_names;
55
56 /**
57 * Signature scheme for signature creation
58 *
59 * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
60 * A prepended ASN.1 encoded digestInfo field contains the
61 * OID of the used hash algorithm.
62 */
63 enum signature_scheme_t {
64 /** Unknown signature scheme */
65 SIGN_UNKNOWN,
66 /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
67 SIGN_RSA_EMSA_PKCS1_NULL,
68 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
69 SIGN_RSA_EMSA_PKCS1_MD5,
70 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
71 SIGN_RSA_EMSA_PKCS1_SHA1,
72 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224 */
73 SIGN_RSA_EMSA_PKCS1_SHA224,
74 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
75 SIGN_RSA_EMSA_PKCS1_SHA256,
76 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
77 SIGN_RSA_EMSA_PKCS1_SHA384,
78 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
79 SIGN_RSA_EMSA_PKCS1_SHA512,
80 /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
81 SIGN_ECDSA_WITH_SHA1_DER,
82 /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
83 SIGN_ECDSA_WITH_SHA256_DER,
84 /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */
85 SIGN_ECDSA_WITH_SHA384_DER,
86 /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
87 SIGN_ECDSA_WITH_SHA512_DER,
88 /** ECDSA over precomputed digest, signature as in RFC 4754 */
89 SIGN_ECDSA_WITH_NULL,
90 /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
91 SIGN_ECDSA_256,
92 /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
93 SIGN_ECDSA_384,
94 /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
95 SIGN_ECDSA_521,
96 /** BLISS-I with SHA-256 */
97 SIGN_BLISS_I_SHA256,
98 /** BLISS-IV with SHA-384 */
99 SIGN_BLISS_IV_SHA384,
100 };
101
102 /**
103 * Enum names for signature_scheme_t
104 */
105 extern enum_name_t *signature_scheme_names;
106
107 /**
108 * Encryption scheme for public key data encryption.
109 */
110 enum encryption_scheme_t {
111 /** Unknown encryption scheme */
112 ENCRYPT_UNKNOWN,
113 /** RSAES-PKCS1-v1_5 as in PKCS#1 */
114 ENCRYPT_RSA_PKCS1,
115 /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
116 ENCRYPT_RSA_OAEP_SHA1,
117 /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
118 ENCRYPT_RSA_OAEP_SHA224,
119 /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
120 ENCRYPT_RSA_OAEP_SHA256,
121 /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
122 ENCRYPT_RSA_OAEP_SHA384,
123 /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
124 ENCRYPT_RSA_OAEP_SHA512,
125 };
126
127 /**
128 * Enum names for encryption_scheme_t
129 */
130 extern enum_name_t *encryption_scheme_names;
131
132 /**
133 * Abstract interface of a public key.
134 */
135 struct public_key_t {
136
137 /**
138 * Get the key type.
139 *
140 * @return type of the key
141 */
142 key_type_t (*get_type)(public_key_t *this);
143
144 /**
145 * Verifies a signature against a chunk of data.
146 *
147 * @param scheme signature scheme to use for verification, may be default
148 * @param data data to check signature against
149 * @param signature signature to check
150 * @return TRUE if signature matches
151 */
152 bool (*verify)(public_key_t *this, signature_scheme_t scheme,
153 chunk_t data, chunk_t signature);
154
155 /**
156 * Encrypt a chunk of data.
157 *
158 * @param scheme encryption scheme to use
159 * @param plain chunk containing plaintext data
160 * @param crypto where to allocate encrypted data
161 * @return TRUE if data successfully encrypted
162 */
163 bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
164 chunk_t plain, chunk_t *crypto);
165
166 /**
167 * Check if two public keys are equal.
168 *
169 * @param other other public key
170 * @return TRUE, if equality
171 */
172 bool (*equals)(public_key_t *this, public_key_t *other);
173
174 /**
175 * Get the strength of the key in bits.
176 *
177 * @return strength of the key in bits
178 */
179 int (*get_keysize) (public_key_t *this);
180
181 /**
182 * Get the fingerprint of the key.
183 *
184 * @param type type of fingerprint, one of KEYID_*
185 * @param fp fingerprint, points to internal data
186 * @return TRUE if fingerprint type supported
187 */
188 bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
189 chunk_t *fp);
190
191 /**
192 * Check if a key has a given fingerprint of any kind.
193 *
194 * @param fp fingerprint to check
195 * @return TRUE if key has given fingerprint
196 */
197 bool (*has_fingerprint)(public_key_t *this, chunk_t fp);
198
199 /**
200 * Get the key in an encoded form as a chunk.
201 *
202 * @param type type of the encoding, one of PUBKEY_*
203 * @param encoding encoding of the key, allocated
204 * @return TRUE if encoding supported
205 */
206 bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
207 chunk_t *encoding);
208
209 /**
210 * Increase the refcount of the key.
211 *
212 * @return this with an increased refcount
213 */
214 public_key_t* (*get_ref)(public_key_t *this);
215
216 /**
217 * Destroy a public_key instance.
218 */
219 void (*destroy)(public_key_t *this);
220 };
221
222 /**
223 * Generic public key equals() implementation, usable by implementors.
224 *
225 * @param public public key to check
226 * @param other key to compare
227 * @return TRUE if this is equal to other
228 */
229 bool public_key_equals(public_key_t *public, public_key_t *other);
230
231 /**
232 * Generic public key has_fingerprint() implementation, usable by implementors.
233 *
234 * @param public public key to check
235 * @param fingerprint fingerprint to check
236 * @return TRUE if key has given fingerprint
237 */
238 bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);
239
240 /**
241 * Conversion of ASN.1 signature or hash OID to signature scheme.
242 *
243 * @param oid ASN.1 OID
244 * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
245 */
246 signature_scheme_t signature_scheme_from_oid(int oid);
247
248 #endif /** PUBLIC_KEY_H_ @}*/