Annotation of embedaddon/strongswan/src/libstrongswan/credentials/keys/public_key.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2015-2017 Tobias Brunner
3: * Copyright (C) 2014-2017 Andreas Steffen
4: * Copyright (C) 2007 Martin Willi
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup public_key public_key
20: * @{ @ingroup keys
21: */
22:
23: #ifndef PUBLIC_KEY_H_
24: #define PUBLIC_KEY_H_
25:
26: typedef struct public_key_t public_key_t;
27: typedef enum key_type_t key_type_t;
28: typedef enum signature_scheme_t signature_scheme_t;
29: typedef enum encryption_scheme_t encryption_scheme_t;
30:
31: #include <utils/identification.h>
32: #include <credentials/cred_encoding.h>
33:
34: /**
35: * Type of a key pair, the used crypto system
36: */
37: enum key_type_t {
38: /** key type wildcard */
39: KEY_ANY = 0,
40: /** RSA crypto system as in PKCS#1 */
41: KEY_RSA = 1,
42: /** ECDSA as in ANSI X9.62 */
43: KEY_ECDSA = 2,
44: /** DSA */
45: KEY_DSA = 3,
46: /** Ed25519 PureEdDSA instance as in RFC 8032 */
47: KEY_ED25519 = 4,
48: /** Ed448 PureEdDSA instance as in RFC 8032 */
49: KEY_ED448 = 5,
50: /** BLISS */
51: KEY_BLISS = 6,
52: };
53:
54: /**
55: * Enum names for key_type_t
56: */
57: extern enum_name_t *key_type_names;
58:
59: /**
60: * Signature scheme for signature creation
61: *
62: * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
63: * A prepended ASN.1 encoded digestInfo field contains the
64: * OID of the used hash algorithm.
65: */
66: enum signature_scheme_t {
67: /** Unknown signature scheme */
68: SIGN_UNKNOWN,
69: /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
70: SIGN_RSA_EMSA_PKCS1_NULL,
71: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
72: SIGN_RSA_EMSA_PKCS1_MD5,
73: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
74: SIGN_RSA_EMSA_PKCS1_SHA1,
75: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
76: SIGN_RSA_EMSA_PKCS1_SHA2_224,
77: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
78: SIGN_RSA_EMSA_PKCS1_SHA2_256,
79: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
80: SIGN_RSA_EMSA_PKCS1_SHA2_384,
81: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
82: SIGN_RSA_EMSA_PKCS1_SHA2_512,
83: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
84: SIGN_RSA_EMSA_PKCS1_SHA3_224,
85: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
86: SIGN_RSA_EMSA_PKCS1_SHA3_256,
87: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
88: SIGN_RSA_EMSA_PKCS1_SHA3_384,
89: /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
90: SIGN_RSA_EMSA_PKCS1_SHA3_512,
91: /** EMSA-PSS signature as in PKCS#1 using RSA */
92: SIGN_RSA_EMSA_PSS,
93: /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
94: SIGN_ECDSA_WITH_SHA1_DER,
95: /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
96: SIGN_ECDSA_WITH_SHA256_DER,
97: /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */
98: SIGN_ECDSA_WITH_SHA384_DER,
99: /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
100: SIGN_ECDSA_WITH_SHA512_DER,
101: /** ECDSA over precomputed digest, signature as in RFC 4754 */
102: SIGN_ECDSA_WITH_NULL,
103: /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
104: SIGN_ECDSA_256,
105: /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
106: SIGN_ECDSA_384,
107: /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
108: SIGN_ECDSA_521,
109: /** PureEdDSA on Curve25519 as in RFC 8410 */
110: SIGN_ED25519,
111: /** PureEdDSA on Curve448 as in RFC 8410 */
112: SIGN_ED448,
113: /** BLISS with SHA-2_256 */
114: SIGN_BLISS_WITH_SHA2_256,
115: /** BLISS with SHA-2_384 */
116: SIGN_BLISS_WITH_SHA2_384,
117: /** BLISS with SHA-2_512 */
118: SIGN_BLISS_WITH_SHA2_512,
119: /** BLISS with SHA-3_256 */
120: SIGN_BLISS_WITH_SHA3_256,
121: /** BLISS with SHA-3_384 */
122: SIGN_BLISS_WITH_SHA3_384,
123: /** BLISS with SHA-3_512 */
124: SIGN_BLISS_WITH_SHA3_512,
125: };
126:
127: /**
128: * Enum names for signature_scheme_t
129: */
130: extern enum_name_t *signature_scheme_names;
131:
132: /**
133: * Encryption scheme for public key data encryption.
134: */
135: enum encryption_scheme_t {
136: /** Unknown encryption scheme */
137: ENCRYPT_UNKNOWN,
138: /** RSAES-PKCS1-v1_5 as in PKCS#1 */
139: ENCRYPT_RSA_PKCS1,
140: /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
141: ENCRYPT_RSA_OAEP_SHA1,
142: /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
143: ENCRYPT_RSA_OAEP_SHA224,
144: /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
145: ENCRYPT_RSA_OAEP_SHA256,
146: /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
147: ENCRYPT_RSA_OAEP_SHA384,
148: /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
149: ENCRYPT_RSA_OAEP_SHA512,
150: };
151:
152: /**
153: * Enum names for encryption_scheme_t
154: */
155: extern enum_name_t *encryption_scheme_names;
156:
157: /**
158: * Abstract interface of a public key.
159: */
160: struct public_key_t {
161:
162: /**
163: * Get the key type.
164: *
165: * @return type of the key
166: */
167: key_type_t (*get_type)(public_key_t *this);
168:
169: /**
170: * Verifies a signature against a chunk of data.
171: *
172: * @param scheme signature scheme to use for verification
173: * @param params optional parameters required by the specified scheme
174: * @param data data to check signature against
175: * @param signature signature to check
176: * @return TRUE if signature matches
177: */
178: bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params,
179: chunk_t data, chunk_t signature);
180:
181: /**
182: * Encrypt a chunk of data.
183: *
184: * @param scheme encryption scheme to use
185: * @param plain chunk containing plaintext data
186: * @param crypto where to allocate encrypted data
187: * @return TRUE if data successfully encrypted
188: */
189: bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
190: chunk_t plain, chunk_t *crypto);
191:
192: /**
193: * Check if two public keys are equal.
194: *
195: * @param other other public key
196: * @return TRUE, if equality
197: */
198: bool (*equals)(public_key_t *this, public_key_t *other);
199:
200: /**
201: * Get the strength of the key in bits.
202: *
203: * @return strength of the key in bits
204: */
205: int (*get_keysize) (public_key_t *this);
206:
207: /**
208: * Get the fingerprint of the key.
209: *
210: * @param type type of fingerprint, one of KEYID_*
211: * @param fp fingerprint, points to internal data
212: * @return TRUE if fingerprint type supported
213: */
214: bool (*get_fingerprint)(public_key_t *this, cred_encoding_type_t type,
215: chunk_t *fp);
216:
217: /**
218: * Check if a key has a given fingerprint of any kind.
219: *
220: * @param fp fingerprint to check
221: * @return TRUE if key has given fingerprint
222: */
223: bool (*has_fingerprint)(public_key_t *this, chunk_t fp);
224:
225: /**
226: * Get the key in an encoded form as a chunk.
227: *
228: * @param type type of the encoding, one of PUBKEY_*
229: * @param encoding encoding of the key, allocated
230: * @return TRUE if encoding supported
231: */
232: bool (*get_encoding)(public_key_t *this, cred_encoding_type_t type,
233: chunk_t *encoding);
234:
235: /**
236: * Increase the refcount of the key.
237: *
238: * @return this with an increased refcount
239: */
240: public_key_t* (*get_ref)(public_key_t *this);
241:
242: /**
243: * Destroy a public_key instance.
244: */
245: void (*destroy)(public_key_t *this);
246: };
247:
248: /**
249: * Generic public key equals() implementation, usable by implementers.
250: *
251: * @param public public key to check
252: * @param other key to compare
253: * @return TRUE if this is equal to other
254: */
255: bool public_key_equals(public_key_t *public, public_key_t *other);
256:
257: /**
258: * Generic public key has_fingerprint() implementation, usable by implementers.
259: *
260: * @param public public key to check
261: * @param fingerprint fingerprint to check
262: * @return TRUE if key has given fingerprint
263: */
264: bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint);
265:
266: /**
267: * Conversion of ASN.1 signature or hash OID to signature scheme.
268: *
269: * @param oid ASN.1 OID
270: * @return signature scheme, SIGN_UNKNOWN if OID is unsupported
271: */
272: signature_scheme_t signature_scheme_from_oid(int oid);
273:
274: /**
275: * Conversion of signature scheme to ASN.1 signature OID.
276: *
277: * @param scheme signature scheme
278: * @return ASN.1 OID, OID_UNKNOWN if not supported
279: */
280: int signature_scheme_to_oid(signature_scheme_t scheme);
281:
282: /**
283: * Enumerate signature schemes that are appropriate for a key of the given type
284: * and size|strength ordered by increasing strength.
285: *
286: * @param type type of the key
287: * @param size size or strength of the key
288: * @return enumerator over signature_params_t* (by strength)
289: */
290: enumerator_t *signature_schemes_for_key(key_type_t type, int size);
291:
292: /**
293: * Determine the type of key associated with a given signature scheme.
294: *
295: * @param scheme signature scheme
296: * @return key type (could be KEY_ANY)
297: */
298: key_type_t key_type_from_signature_scheme(signature_scheme_t scheme);
299:
300:
301: #endif /** PUBLIC_KEY_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>