summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/keys/public_key.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials/keys/public_key.h')
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 06c1aa488..877ed20a2 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
/*
- * Copyright (C) 2015 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
+ * Copyright (C) 2015-2017 Tobias Brunner
* Copyright (C) 2014-2017 Andreas Steffen
+ * Copyright (C) 2007 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -28,7 +28,6 @@ typedef enum key_type_t key_type_t;
typedef enum signature_scheme_t signature_scheme_t;
typedef enum encryption_scheme_t encryption_scheme_t;
-#include <library.h>
#include <utils/identification.h>
#include <credentials/cred_encoding.h>
@@ -89,6 +88,8 @@ enum signature_scheme_t {
SIGN_RSA_EMSA_PKCS1_SHA3_384,
/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
SIGN_RSA_EMSA_PKCS1_SHA3_512,
+ /** EMSA-PSS signature as in PKCS#1 using RSA */
+ SIGN_RSA_EMSA_PSS,
/** ECDSA with SHA-1 using DER encoding as in RFC 3279 */
SIGN_ECDSA_WITH_SHA1_DER,
/** ECDSA with SHA-256 using DER encoding as in RFC 3279 */
@@ -168,12 +169,13 @@ struct public_key_t {
/**
* Verifies a signature against a chunk of data.
*
- * @param scheme signature scheme to use for verification, may be default
+ * @param scheme signature scheme to use for verification
+ * @param params optional parameters required by the specified scheme
* @param data data to check signature against
* @param signature signature to check
* @return TRUE if signature matches
*/
- bool (*verify)(public_key_t *this, signature_scheme_t scheme,
+ bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t signature);
/**
@@ -279,11 +281,11 @@ int signature_scheme_to_oid(signature_scheme_t scheme);
/**
* Enumerate signature schemes that are appropriate for a key of the given type
- * and size|strength.
+ * and size|strength ordered by increasing strength.
*
* @param type type of the key
* @param size size or strength of the key
- * @return enumerator over signature_scheme_t (increasing strength)
+ * @return enumerator over signature_params_t* (by strength)
*/
enumerator_t *signature_schemes_for_key(key_type_t type, int size);