diff options
Diffstat (limited to 'src/libstrongswan/credentials/keys')
| -rw-r--r-- | src/libstrongswan/credentials/keys/private_key.h | 10 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/keys/public_key.c | 10 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/keys/public_key.h | 36 |
3 files changed, 48 insertions, 8 deletions
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index 27f4ab098..e57d3f5a5 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -51,18 +51,20 @@ struct private_key_t { /** * Decrypt a chunk of data. * + * @param scheme expected encryption scheme used * @param crypto chunk containing encrypted data * @param plain where to allocate decrypted data * @return TRUE if data decrypted and plaintext allocated */ - bool (*decrypt)(private_key_t *this, chunk_t crypto, chunk_t *plain); + bool (*decrypt)(private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain); /** - * Get the strength of the key in bytes. + * Get the strength of the key in bits. * - * @return strength of the key in bytes + * @return strength of the key in bits */ - size_t (*get_keysize) (private_key_t *this); + int (*get_keysize) (private_key_t *this); /** * Get the public part from the private key. diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index ce342de33..22df5dd1b 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -42,6 +42,16 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521, "ECDSA-521", ); +ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512, + "ENCRYPT_UNKNOWN", + "ENCRYPT_RSA_PKCS1", + "ENCRYPT_RSA_OAEP_SHA1", + "ENCRYPT_RSA_OAEP_SHA224", + "ENCRYPT_RSA_OAEP_SHA256", + "ENCRYPT_RSA_OAEP_SHA384", + "ENCRYPT_RSA_OAEP_SHA512", +); + /** * See header. */ diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index ff827a189..d20d2736b 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -24,6 +24,7 @@ typedef struct public_key_t public_key_t; typedef enum key_type_t key_type_t; typedef enum signature_scheme_t signature_scheme_t; +typedef enum encryption_scheme_t encryption_scheme_t; #include <library.h> #include <utils/identification.h> @@ -97,6 +98,31 @@ enum signature_scheme_t { extern enum_name_t *signature_scheme_names; /** + * Encryption scheme for public key data encryption. + */ +enum encryption_scheme_t { + /** Unknown encryption scheme */ + ENCRYPT_UNKNOWN, + /** RSAES-PKCS1-v1_5 as in PKCS#1 */ + ENCRYPT_RSA_PKCS1, + /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */ + ENCRYPT_RSA_OAEP_SHA1, + /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */ + ENCRYPT_RSA_OAEP_SHA224, + /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */ + ENCRYPT_RSA_OAEP_SHA256, + /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */ + ENCRYPT_RSA_OAEP_SHA384, + /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */ + ENCRYPT_RSA_OAEP_SHA512, +}; + +/** + * Enum names for encryption_scheme_t + */ +extern enum_name_t *encryption_scheme_names; + +/** * Abstract interface of a public key. */ struct public_key_t { @@ -122,11 +148,13 @@ struct public_key_t { /** * Encrypt a chunk of data. * + * @param scheme encryption scheme to use * @param plain chunk containing plaintext data * @param crypto where to allocate encrypted data * @return TRUE if data successfully encrypted */ - bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto); + bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto); /** * Check if two public keys are equal. @@ -137,11 +165,11 @@ struct public_key_t { bool (*equals)(public_key_t *this, public_key_t *other); /** - * Get the strength of the key in bytes. + * Get the strength of the key in bits. * - * @return strength of the key in bytes + * @return strength of the key in bits */ - size_t (*get_keysize) (public_key_t *this); + int (*get_keysize) (public_key_t *this); /** * Get the fingerprint of the key. |