"this" removed from comments.
[strongswan.git] / src / libstrongswan / credentials / keys / public_key.h
index 9ec3eb4..79765ef 100644 (file)
 
 typedef struct public_key_t public_key_t;
 typedef enum key_type_t key_type_t;
-typedef enum key_id_type_t key_id_type_t;
 typedef enum signature_scheme_t signature_scheme_t;
+typedef enum encryption_scheme_t encryption_scheme_t;
 
 #include <library.h>
 #include <utils/identification.h>
-#include <credentials/keys/key_encoding.h>
+#include <credentials/cred_encoding.h>
 
 /**
  * Type of a key pair, the used crypto system
@@ -98,6 +98,31 @@ enum signature_scheme_t {
 extern enum_name_t *signature_scheme_names;
 
 /**
+ * Encryption scheme for public key data encryption.
+ */
+enum encryption_scheme_t {
+       /** Unknown encryption scheme                                      */
+       ENCRYPT_UNKNOWN,
+       /** RSAES-PKCS1-v1_5 as in PKCS#1                                  */
+       ENCRYPT_RSA_PKCS1,
+       /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label          */
+       ENCRYPT_RSA_OAEP_SHA1,
+       /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label       */
+       ENCRYPT_RSA_OAEP_SHA224,
+       /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label       */
+       ENCRYPT_RSA_OAEP_SHA256,
+       /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label       */
+       ENCRYPT_RSA_OAEP_SHA384,
+       /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label       */
+       ENCRYPT_RSA_OAEP_SHA512,
+};
+
+/**
+ * Enum names for encryption_scheme_t
+ */
+extern enum_name_t *encryption_scheme_names;
+
+/**
  * Abstract interface of a public key.
  */
 struct public_key_t {
@@ -123,11 +148,13 @@ struct public_key_t {
        /**
         * Encrypt a chunk of data.
         *
+        * @param scheme        encryption scheme to use
         * @param plain         chunk containing plaintext data
         * @param crypto        where to allocate encrypted data
         * @return                      TRUE if data successfully encrypted
         */
-       bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
+       bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
+                                       chunk_t plain, chunk_t *crypto);
 
        /**
         * Check if two public keys are equal.
@@ -138,30 +165,38 @@ struct public_key_t {
        bool (*equals)(public_key_t *this, public_key_t *other);
 
        /**
-        * Get the strength of the key in bytes.
+        * Get the strength of the key in bits.
         *
-        * @return                      strength of the key in bytes
+        * @return                      strength of the key in bits
         */
-       size_t (*get_keysize) (public_key_t *this);
+       int (*get_keysize) (public_key_t *this);
 
        /**
         * Get the fingerprint of the key.
         *
-        * @param type          type of fingerprint, one of KEY_ID_*
+        * @param type          type of fingerprint, one of KEYID_*
         * @param fp            fingerprint, points to internal data
         * @return                      TRUE if fingerprint type supported
         */
-       bool (*get_fingerprint)(public_key_t *this, key_encoding_type_t type,
+       bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
                                                        chunk_t *fp);
 
        /**
+        * Check if a key has a given fingerprint of any kind.
+        *
+        * @param fp            fingerprint to check
+        * @return                      TRUE if key has given fingerprint
+        */
+       bool (*has_fingerprint)(public_key_t *this, chunk_t fp);
+
+       /**
         * Get the key in an encoded form as a chunk.
         *
-        * @param type          type of the encoding, one of KEY_PRIV_*
+        * @param type          type of the encoding, one of PRIVKEY_*
         * @param encoding      encoding of the key, allocated
         * @return                      TRUE if encoding supported
         */
-       bool (*get_encoding)(public_key_t *this, key_encoding_type_t type,
+       bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
                                                 chunk_t *encoding);
 
        /**
@@ -180,13 +215,20 @@ struct public_key_t {
 /**
  * Generic public key equals() implementation, usable by implementors.
  *
- * @param this                 first key to compare
- * @param other                        second key to compare
+ * @param other                        key to compare
  * @return                             TRUE if this is equal to other
  */
 bool public_key_equals(public_key_t *this, public_key_t *other);
 
 /**
+ * Generic public key has_fingerprint() implementation, usable by implementors.
+ *
+ * @param fingerprint  fingerprint to check
+ * @return                             TRUE if key has given fingerprint
+ */
+bool public_key_has_fingerprint(public_key_t *this, chunk_t fingerprint);
+
+/**
  * Conversion of ASN.1 signature or hash OID to signature scheme.
  *
  * @param oid                  ASN.1 OID