created signature_scheme_from_oid() helper function
[strongswan.git] / src / libstrongswan / credentials / keys / public_key.h
1 /*
2 * Copyright (C) 2007 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup public_key public_key
18 * @{ @ingroup keys
19 */
20
21 #ifndef PUBLIC_KEY_H_
22 #define PUBLIC_KEY_H_
23
24 typedef struct public_key_t public_key_t;
25 typedef enum key_type_t key_type_t;
26 typedef enum key_id_type_t key_id_type_t;
27 typedef enum signature_scheme_t signature_scheme_t;
28
29 #include <library.h>
30 #include <utils/identification.h>
31
32 /**
33 * Type of a key pair, the used crypto system
34 */
35 enum key_type_t {
36 /** key type wildcard */
37 KEY_ANY = 0,
38 /** RSA crypto system as in PKCS#1 */
39 KEY_RSA = 1,
40 /** ECDSA as in ANSI X9.62 */
41 KEY_ECDSA = 2,
42 /** DSA */
43 KEY_DSA = 3,
44 /** ElGamal, ... */
45 };
46
47 /**
48 * Enum names for key_type_t
49 */
50 extern enum_name_t *key_type_names;
51
52 /**
53 * Signature scheme for signature creation
54 *
55 * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
56 * A prepended ASN.1 encoded digestInfo field contains the
57 * OID of the used hash algorithm. The ASN.1 type of the PKCS#7
58 * variants is OCTET_STRING instead of the default BIT_STRING.
59 */
60 enum signature_scheme_t {
61 /** Unknown signature scheme */
62 SIGN_UNKNOWN,
63 /** Default scheme of the underlying crypto system */
64 SIGN_DEFAULT,
65 /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
66 SIGN_RSA_EMSA_PKCS1_NULL,
67 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
68 SIGN_RSA_EMSA_PKCS1_MD5,
69 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
70 SIGN_RSA_EMSA_PKCS1_SHA1,
71 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
72 SIGN_RSA_EMSA_PKCS1_SHA256,
73 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
74 SIGN_RSA_EMSA_PKCS1_SHA384,
75 /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
76 SIGN_RSA_EMSA_PKCS1_SHA512,
77 /** ECDSA with SHA-1 */
78 SIGN_ECDSA_WITH_SHA1,
79 /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
80 SIGN_ECDSA_256,
81 /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
82 SIGN_ECDSA_384,
83 /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
84 SIGN_ECDSA_521,
85 };
86
87 /**
88 * Enum names for signature_scheme_t
89 */
90 extern enum_name_t *signature_scheme_names;
91
92 /**
93 * Abstract interface of a public key.
94 */
95 struct public_key_t {
96
97 /**
98 * Get the key type.
99 *
100 * @return type of the key
101 */
102 key_type_t (*get_type)(public_key_t *this);
103
104 /**
105 * Verifies a signature against a chunk of data.
106 *
107 * @param scheme signature scheme to use for verification, may be default
108 * @param data data to check signature against
109 * @param signature signature to check
110 * @return TRUE if signature matches
111 */
112 bool (*verify)(public_key_t *this, signature_scheme_t scheme,
113 chunk_t data, chunk_t signature);
114
115 /**
116 * Encrypt a chunk of data.
117 *
118 * @param plain chunk containing plaintext data
119 * @param crypto where to allocate encrypted data
120 * @return TRUE if data successfully encrypted
121 */
122 bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
123
124 /**
125 * Check if two public keys are equal.
126 *
127 * @param other other public key
128 * @return TRUE, if equality
129 */
130 bool (*equals)(public_key_t *this, public_key_t *other);
131
132 /**
133 * Get the strength of the key in bytes.
134 *
135 * @return strength of the key in bytes
136 */
137 size_t (*get_keysize) (public_key_t *this);
138
139 /**
140 * Get a unique key identifier, such as a hash over the key.
141 *
142 * @param type type of the key ID to get
143 * @return unique ID of the key as identification_t, or NULL
144 */
145 identification_t* (*get_id) (public_key_t *this, id_type_t type);
146
147 /**
148 * Get an encoded form of the key.
149 *
150 * @todo Do we need a encoding type specification?
151 *
152 * @return allocated chunk containing encoded key
153 */
154 chunk_t (*get_encoding)(public_key_t *this);
155
156 /**
157 * Increase the refcount of the key.
158 *
159 * @return this with an increased refcount
160 */
161 public_key_t* (*get_ref)(public_key_t *this);
162
163 /**
164 * Destroy a public_key instance.
165 */
166 void (*destroy)(public_key_t *this);
167 };
168
169 /**
170 * Conversion of ASN.1 signature or hash OID to signature scheme.
171 *
172 * @param oid ASN.1 OID
173 * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
174 */
175 signature_scheme_t signature_scheme_from_oid(int oid);
176
177 #endif /** PUBLIC_KEY_H_ @}*/