summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/keys
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-11-28 11:42:20 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-11-28 11:42:20 +0000
commitf73fba54dc8b30c6482e1e8abf15bbf455592fcd (patch)
treea449515607c5e51a5c703d7a9b1149c9e4a11560 /src/libstrongswan/credentials/keys
parentb8064f4099997a9e2179f3ad4ace605f5ccac3a1 (diff)
downloadvyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.tar.gz
vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.zip
[svn-upgrade] new version strongswan (4.5.0)
Diffstat (limited to 'src/libstrongswan/credentials/keys')
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h10
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c10
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h36
3 files changed, 48 insertions, 8 deletions
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 27f4ab098..e57d3f5a5 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -51,18 +51,20 @@ struct private_key_t {
/**
* Decrypt a chunk of data.
*
+ * @param scheme expected encryption scheme used
* @param crypto chunk containing encrypted data
* @param plain where to allocate decrypted data
* @return TRUE if data decrypted and plaintext allocated
*/
- bool (*decrypt)(private_key_t *this, chunk_t crypto, chunk_t *plain);
+ bool (*decrypt)(private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain);
/**
- * Get the strength of the key in bytes.
+ * Get the strength of the key in bits.
*
- * @return strength of the key in bytes
+ * @return strength of the key in bits
*/
- size_t (*get_keysize) (private_key_t *this);
+ int (*get_keysize) (private_key_t *this);
/**
* Get the public part from the private key.
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index ce342de33..22df5dd1b 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -42,6 +42,16 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
"ECDSA-521",
);
+ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
+ "ENCRYPT_UNKNOWN",
+ "ENCRYPT_RSA_PKCS1",
+ "ENCRYPT_RSA_OAEP_SHA1",
+ "ENCRYPT_RSA_OAEP_SHA224",
+ "ENCRYPT_RSA_OAEP_SHA256",
+ "ENCRYPT_RSA_OAEP_SHA384",
+ "ENCRYPT_RSA_OAEP_SHA512",
+);
+
/**
* See header.
*/
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index ff827a189..d20d2736b 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -24,6 +24,7 @@
typedef struct public_key_t public_key_t;
typedef enum key_type_t key_type_t;
typedef enum signature_scheme_t signature_scheme_t;
+typedef enum encryption_scheme_t encryption_scheme_t;
#include <library.h>
#include <utils/identification.h>
@@ -97,6 +98,31 @@ enum signature_scheme_t {
extern enum_name_t *signature_scheme_names;
/**
+ * Encryption scheme for public key data encryption.
+ */
+enum encryption_scheme_t {
+ /** Unknown encryption scheme */
+ ENCRYPT_UNKNOWN,
+ /** RSAES-PKCS1-v1_5 as in PKCS#1 */
+ ENCRYPT_RSA_PKCS1,
+ /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA1,
+ /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA224,
+ /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA256,
+ /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA384,
+ /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA512,
+};
+
+/**
+ * Enum names for encryption_scheme_t
+ */
+extern enum_name_t *encryption_scheme_names;
+
+/**
* Abstract interface of a public key.
*/
struct public_key_t {
@@ -122,11 +148,13 @@ struct public_key_t {
/**
* Encrypt a chunk of data.
*
+ * @param scheme encryption scheme to use
* @param plain chunk containing plaintext data
* @param crypto where to allocate encrypted data
* @return TRUE if data successfully encrypted
*/
- bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
+ bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto);
/**
* Check if two public keys are equal.
@@ -137,11 +165,11 @@ struct public_key_t {
bool (*equals)(public_key_t *this, public_key_t *other);
/**
- * Get the strength of the key in bytes.
+ * Get the strength of the key in bits.
*
- * @return strength of the key in bytes
+ * @return strength of the key in bits
*/
- size_t (*get_keysize) (public_key_t *this);
+ int (*get_keysize) (public_key_t *this);
/**
* Get the fingerprint of the key.