summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/keys/signature_params.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials/keys/signature_params.h')
-rw-r--r--src/libstrongswan/credentials/keys/signature_params.h129
1 files changed, 129 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/keys/signature_params.h b/src/libstrongswan/credentials/keys/signature_params.h
new file mode 100644
index 000000000..6934c5e88
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/signature_params.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup signature_params signature_params
+ * @{ @ingroup keys
+ */
+
+#ifndef SIGNATURE_PARAMS_H_
+#define SIGNATURE_PARAMS_H_
+
+typedef struct signature_params_t signature_params_t;
+typedef struct rsa_pss_params_t rsa_pss_params_t;
+
+#include <crypto/hashers/hasher.h>
+
+/**
+ * Signature scheme with parameters
+ */
+struct signature_params_t {
+ /** Signature scheme */
+ signature_scheme_t scheme;
+ /** Parameters, depending on scheme */
+ void *params;
+};
+
+/**
+ * Compare two signature schemes and their parameters
+ *
+ * @param a first scheme
+ * @param b second scheme
+ * @return TRUE if schemes and parameters are equal
+ */
+bool signature_params_equal(signature_params_t *a, signature_params_t *b);
+
+/**
+ * Compare two signature schemes and their parameters
+ *
+ * @param c constraint
+ * @param s scheme
+ * @return TRUE if scheme complies to constraint
+ */
+bool signature_params_comply(signature_params_t *c, signature_params_t *s);
+
+/**
+ * Clone the given scheme and parameters, if any
+ *
+ * @return cloned object
+ */
+signature_params_t *signature_params_clone(signature_params_t *this);
+
+/**
+ * Destroy the given scheme and parameters, if any
+ */
+void signature_params_destroy(signature_params_t *this);
+
+/**
+ * Clear the given parameters, if any, sets the scheme to SIGN_UNKNOWN
+ */
+void signature_params_clear(signature_params_t *this);
+
+/**
+ * Parse an ASN.1 algorithmIdentifier with parameters denoting a signature
+ * scheme.
+ *
+ * @param asn1 ASN.1 encoded RSASSA-PSS-params
+ * @param level0 current level of the ASN.1 parser
+ * @param params parsed parameters
+ * @return TRUE if successfully parsed
+ */
+bool signature_params_parse(chunk_t asn1, int level0,
+ signature_params_t *params);
+
+/**
+ * Build ASN.1 algorithmIdentifier with parameters denoting a signature scheme.
+ *
+ * @param params signature scheme and parameters to encode
+ * @param asn1 ASN.1 encoded algorithmIdentifier (allocated)
+ * @return TRUE if successfully built
+ */
+bool signature_params_build(signature_params_t *params, chunk_t *asn1);
+
+/**
+ * Parameters for SIGN_RSA_EMSA_PSS signature scheme
+ */
+struct rsa_pss_params_t {
+ /** Hash algorithm */
+ hash_algorithm_t hash;
+ /** Hash for the MGF1 function */
+ hash_algorithm_t mgf1_hash;
+ /** Salt length, use RSA_PSS_SALT_LEN_DEFAULT for length equal to hash */
+ ssize_t salt_len;
+ /** Salt value, for unit tests (not all implementations support this) */
+ chunk_t salt;
+#define RSA_PSS_SALT_LEN_DEFAULT -1
+};
+
+/**
+ * Parse the given ASN.1 algorithm identifier params
+ *
+ * @param asn1 ASN.1 encoded RSASSA-PSS-params
+ * @param level0 current level of the ASN.1 parser
+ * @param params parsed parameters
+ * @return TRUE if successfully parsed
+ */
+bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params);
+
+/**
+ * Build ASN.1 algorithm identifier params
+ *
+ * @param params parameters to encode
+ * @param asn1 ASN.1 encoded RSASSA-PSS-params (allocated)
+ * @return TRUE if successfully built
+ */
+bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1);
+
+#endif /** SIGNATURE_PARAMS_H_ @}*/