charon-nm: Set DPD/close action to restart and enable indefinite keying tries
[strongswan.git] / src / libstrongswan / credentials / keys / signature_params.h
1 /*
2 * Copyright (C) 2017-2018 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup signature_params signature_params
18 * @{ @ingroup keys
19 */
20
21 #ifndef SIGNATURE_PARAMS_H_
22 #define SIGNATURE_PARAMS_H_
23
24 typedef struct signature_params_t signature_params_t;
25 typedef struct rsa_pss_params_t rsa_pss_params_t;
26
27 #include <crypto/hashers/hasher.h>
28
29 /**
30 * Signature scheme with parameters
31 */
32 struct signature_params_t {
33 /** Signature scheme */
34 signature_scheme_t scheme;
35 /** Parameters, depending on scheme */
36 void *params;
37 };
38
39 /**
40 * Compare two signature schemes and their parameters
41 *
42 * @param a first scheme
43 * @param b second scheme
44 * @return TRUE if schemes and parameters are equal
45 */
46 bool signature_params_equal(signature_params_t *a, signature_params_t *b);
47
48 /**
49 * Compare two signature schemes and their parameters
50 *
51 * @param c constraint
52 * @param s scheme
53 * @return TRUE if scheme complies to constraint
54 */
55 bool signature_params_comply(signature_params_t *c, signature_params_t *s);
56
57 /**
58 * Clone the given scheme and parameters, if any
59 *
60 * @return cloned object
61 */
62 signature_params_t *signature_params_clone(signature_params_t *this);
63
64 /**
65 * Destroy the given scheme and parameters, if any
66 */
67 void signature_params_destroy(signature_params_t *this);
68
69 /**
70 * Clear the given parameters, if any, sets the scheme to SIGN_UNKNOWN
71 */
72 void signature_params_clear(signature_params_t *this);
73
74 /**
75 * Parse an ASN.1 algorithmIdentifier with parameters denoting a signature
76 * scheme.
77 *
78 * @param asn1 ASN.1 encoded RSASSA-PSS-params
79 * @param level0 current level of the ASN.1 parser
80 * @param params parsed parameters
81 * @return TRUE if successfully parsed
82 */
83 bool signature_params_parse(chunk_t asn1, int level0,
84 signature_params_t *params);
85
86 /**
87 * Build ASN.1 algorithmIdentifier with parameters denoting a signature scheme.
88 *
89 * @param params signature scheme and parameters to encode
90 * @param asn1 ASN.1 encoded algorithmIdentifier (allocated)
91 * @return TRUE if successfully built
92 */
93 bool signature_params_build(signature_params_t *params, chunk_t *asn1);
94
95 /**
96 * Parameters for SIGN_RSA_EMSA_PSS signature scheme
97 */
98 struct rsa_pss_params_t {
99 /** Hash algorithm */
100 hash_algorithm_t hash;
101 /** Hash for the MGF1 function */
102 hash_algorithm_t mgf1_hash;
103 /** Salt length, use the constants below for special lengths resolved
104 * via rsa_pss_params_set_salt_len() */
105 ssize_t salt_len;
106 /** Salt value, for unit tests (not all implementations support this) */
107 chunk_t salt;
108 /** Use a salt length equal to the length of the hash */
109 #define RSA_PSS_SALT_LEN_DEFAULT -1
110 /** Use the maximum salt length depending on the hash and key length */
111 #define RSA_PSS_SALT_LEN_MAX -2
112 };
113
114 /**
115 * Parse the given ASN.1 algorithm identifier params
116 *
117 * @param asn1 ASN.1 encoded RSASSA-PSS-params
118 * @param level0 current level of the ASN.1 parser
119 * @param params parsed parameters
120 * @return TRUE if successfully parsed
121 */
122 bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params);
123
124 /**
125 * Build ASN.1 algorithm identifier params
126 *
127 * @param params parameters to encode
128 * @param asn1 ASN.1 encoded RSASSA-PSS-params (allocated)
129 * @return TRUE if successfully built
130 */
131 bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1);
132
133 /**
134 * Determine and set the salt length for the given params in case constants
135 * are used
136 *
137 * @param params parameters to update
138 * @param modbits RSA modulus length in bits (required if RSA_PSS_SALT_LEN_MAX
139 * is used)
140 * @return salt length to use, negative on error
141 */
142 bool rsa_pss_params_set_salt_len(rsa_pss_params_t *params, size_t modbits);
143
144 #endif /** SIGNATURE_PARAMS_H_ @}*/