1 files changed, 61 insertions, 26 deletions
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index be5f3bde6..a421e7b5b 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
- 
+
 /**
  * @defgroup public_key public_key
  * @{ @ingroup keys
@@ -28,6 +28,7 @@ typedef enum signature_scheme_t signature_scheme_t;
 
 #include <library.h>
 #include <utils/identification.h>
+#include <credentials/keys/key_encoding.h>
 
 /**
  * Type of a key pair, the used crypto system
@@ -53,9 +54,8 @@ extern enum_name_t *key_type_names;
  * Signature scheme for signature creation
  *
  * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
- * A prepended ASN.1 encoded digestInfo field contains the 
- * OID of the used hash algorithm. The ASN.1 type of the PKCS#7
- * variants is OCTET_STRING instead of the default BIT_STRING.
+ * A prepended ASN.1 encoded digestInfo field contains the
+ * OID of the used hash algorithm.
  */
 enum signature_scheme_t {
 	/** Unknown signature scheme                                       */
@@ -74,10 +74,16 @@ enum signature_scheme_t {
 	SIGN_RSA_EMSA_PKCS1_SHA384,
 	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
 	SIGN_RSA_EMSA_PKCS1_SHA512,
-	/** ECDSA over precomputed digest                                  */
+	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
+	SIGN_ECDSA_WITH_SHA1_DER,
+	/** ECDSA with SHA-256 using DER encoding as in RFC 3279           */
+	SIGN_ECDSA_WITH_SHA256_DER,
+	/** ECDSA with SHA-384 using DER encoding as in RFC 3279           */
+	SIGN_ECDSA_WITH_SHA384_DER,
+	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
+	SIGN_ECDSA_WITH_SHA512_DER,
+	/** ECDSA over precomputed digest, signature as in RFC 4754        */
 	SIGN_ECDSA_WITH_NULL,
-	/** ECDSA with SHA-1                                               */
-	SIGN_ECDSA_WITH_SHA1,
 	/** ECDSA on the P-256 curve with SHA-256 as in RFC 4754           */
 	SIGN_ECDSA_256,
 	/** ECDSA on the P-384 curve with SHA-384 as in RFC 4754           */
@@ -102,7 +108,7 @@ struct public_key_t {
 	 * @return			type of the key
 	 */
 	key_type_t (*get_type)(public_key_t *this);
-	
+
 	/**
 	 * Verifies a signature against a chunk of data.
 	 *
@@ -111,9 +117,9 @@ struct public_key_t {
 	 * @param signature	signature to check
 	 * @return			TRUE if signature matches
 	 */
-	bool (*verify)(public_key_t *this, signature_scheme_t scheme, 
+	bool (*verify)(public_key_t *this, signature_scheme_t scheme,
 				   chunk_t data, chunk_t signature);
-	
+
 	/**
 	 * Encrypt a chunk of data.
 	 *
@@ -122,10 +128,10 @@ struct public_key_t {
 	 * @return 			TRUE if data successfully encrypted
 	 */
 	bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
-	
+
 	/**
 	 * Check if two public keys are equal.
-	 * 
+	 *
 	 * @param other		other public key
 	 * @return			TRUE, if equality
 	 */
@@ -133,35 +139,46 @@ struct public_key_t {
 
 	/**
 	 * Get the strength of the key in bytes.
-	 * 
+	 *
 	 * @return			strength of the key in bytes
 	 */
 	size_t (*get_keysize) (public_key_t *this);
 
 	/**
-	 * Get a unique key identifier, such as a hash over the key.
-	 * 
-	 * @param type		type of the key ID to get
-	 * @return			unique ID of the key as identification_t, or NULL
+	 * Get the fingerprint of the key.
+	 *
+	 * @param type		type of fingerprint, one of KEY_ID_*
+	 * @param fp		fingerprint, points to internal data
+	 * @return			TRUE if fingerprint type supported
 	 */
-	identification_t* (*get_id) (public_key_t *this, id_type_t type);
-	
+	bool (*get_fingerprint)(public_key_t *this, key_encoding_type_t type,
+							chunk_t *fp);
+
 	/**
-	 * Get an encoded form of the key.
+	 * Check if a key has a given fingerprint of any kind.
 	 *
-	 * @todo Do we need a encoding type specification?
+	 * @param fp		fingerprint to check
+	 * @return			TRUE if key has given fingerprint
+	 */
+	bool (*has_fingerprint)(public_key_t *this, chunk_t fp);
+
+	/**
+	 * Get the key in an encoded form as a chunk.
 	 *
-	 * @return			allocated chunk containing encoded key
+	 * @param type		type of the encoding, one of KEY_PRIV_*
+	 * @param encoding	encoding of the key, allocated
+	 * @return			TRUE if encoding supported
 	 */
-	chunk_t (*get_encoding)(public_key_t *this);	
-	
+	bool (*get_encoding)(public_key_t *this, key_encoding_type_t type,
+						 chunk_t *encoding);
+
 	/**
 	 * Increase the refcount of the key.
 	 *
 	 * @return			this with an increased refcount
 	 */
 	public_key_t* (*get_ref)(public_key_t *this);
-	
+
 	/**
 	 * Destroy a public_key instance.
 	 */
@@ -169,8 +186,26 @@ struct public_key_t {
 };
 
 /**
+ * Generic public key equals() implementation, usable by implementors.
+ *
+ * @param this			first key to compare
+ * @param other			second key to compare
+ * @return				TRUE if this is equal to other
+ */
+bool public_key_equals(public_key_t *this, public_key_t *other);
+
+/**
+ * Generic public key has_fingerprint() implementation, usable by implementors.
+ *
+ * @param this			key to check fingerprint
+ * @param fingerprint	fingerprint to check
+ * @return				TRUE if key has given fingerprint
+ */
+bool public_key_has_fingerprint(public_key_t *this, chunk_t fingerprint);
+
+/**
  * Conversion of ASN.1 signature or hash OID to signature scheme.
- * 
+ *
  * @param oid			ASN.1 OID
  * @return				signature_scheme, SIGN_UNKNOWN if OID is unsupported
  */