summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/keys
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials/keys')
-rw-r--r--src/libstrongswan/credentials/keys/private_key.c19
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h114
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c37
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h155
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.c111
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.h95
6 files changed, 531 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
new file mode 100644
index 000000000..018cab1c0
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: private_key.c 3488 2008-02-21 15:10:02Z martin $
+ */
+
+#include "private_key.h"
+
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
new file mode 100644
index 000000000..c28988309
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: private_key.h 3620 2008-03-19 14:21:56Z martin $
+ */
+
+/**
+ * @defgroup private_key private_key
+ * @{ @ingroup keys
+ */
+
+#ifndef PRIVATE_KEY_H_
+#define PRIVATE_KEY_H_
+
+typedef struct private_key_t private_key_t;
+
+#include <utils/identification.h>
+#include <credentials/keys/public_key.h>
+
+/**
+ * Abstract private key interface.
+ */
+struct private_key_t {
+
+ /**
+ * Get the key type.
+ *
+ * @return type of the key
+ */
+ key_type_t (*get_type)(private_key_t *this);
+
+ /**
+ * Create a signature over a chunk of data.
+ *
+ * @param scheme signature scheme to use
+ * @param data chunk of data to sign
+ * @param signature where to allocate created signature
+ * @return TRUE if signature created
+ */
+ bool (*sign)(private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature);
+ /**
+ * Decrypt a chunk of data.
+ *
+ * @param crypto chunk containing encrypted data
+ * @param plain where to allocate decrypted data
+ * @return TRUE if data decrypted and plaintext allocated
+ */
+ bool (*decrypt)(private_key_t *this, chunk_t crypto, chunk_t *plain);
+
+ /**
+ * Get the strength of the key in bytes.
+ *
+ * @return strength of the key in bytes
+ */
+ size_t (*get_keysize) (private_key_t *this);
+
+ /**
+ * Get a unique key identifier, such as a hash over the public key.
+ *
+ * @param type type of the key ID to get
+ * @return unique ID of the key as identification_t, or NULL
+ */
+ identification_t* (*get_id) (private_key_t *this, id_type_t type);
+
+ /**
+ * Get the public part from the private key.
+ *
+ * @return public key
+ */
+ public_key_t* (*get_public_key)(private_key_t *this);
+
+ /**
+ * Check if a private key belongs to a public key.
+ *
+ * @param public public key
+ * @return TRUE, if keys belong together
+ */
+ bool (*belongs_to) (private_key_t *this, public_key_t *public);
+
+ /**
+ * Get an encoded form of the private key.
+ *
+ * @todo Do we need a encoding type specification?
+ *
+ * @return allocated chunk containing encoded private key
+ */
+ chunk_t (*get_encoding)(private_key_t *this);
+
+ /**
+ * Increase the refcount to this private key.
+ *
+ * @return this, with an increased refcount
+ */
+ private_key_t* (*get_ref)(private_key_t *this);
+
+ /**
+ * Decrease refcount, destroy private_key if no more references.
+ */
+ void (*destroy)(private_key_t *this);
+};
+
+#endif /* PRIVATE_KEY_H_ @} */
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
new file mode 100644
index 000000000..80b9f03c3
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: public_key.c 4051 2008-06-10 09:08:27Z tobias $
+ */
+
+#include "public_key.h"
+
+ENUM(key_type_names, KEY_RSA, KEY_ECDSA,
+ "RSA",
+ "ECDSA"
+);
+
+ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521,
+ "DEFAULT",
+ "RSA_EMSA_PKCS1_MD5",
+ "RSA_EMSA_PKCS1_SHA1",
+ "RSA_EMSA_PKCS1_SHA256",
+ "RSA_EMSA_PKCS1_SHA384",
+ "RSA_EMSA_PKCS1_SHA512",
+ "ECDSA_WITH_SHA1",
+ "ECDSA-256",
+ "ECDSA-384",
+ "ECDSA-521",
+);
+
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
new file mode 100644
index 000000000..62dbe4303
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: public_key.h 4051 2008-06-10 09:08:27Z tobias $
+ */
+
+/**
+ * @defgroup public_key public_key
+ * @{ @ingroup keys
+ */
+
+#ifndef PUBLIC_KEY_H_
+#define PUBLIC_KEY_H_
+
+typedef struct public_key_t public_key_t;
+typedef enum key_type_t key_type_t;
+typedef enum key_id_type_t key_id_type_t;
+typedef enum signature_scheme_t signature_scheme_t;
+
+#include <library.h>
+#include <utils/identification.h>
+
+/**
+ * Type of a key pair, the used crypto system
+ */
+enum key_type_t {
+ /** key type wildcard */
+ KEY_ANY,
+ /** RSA crypto system as in PKCS#1 */
+ KEY_RSA,
+ /** ECDSA as in ANSI X9.62 */
+ KEY_ECDSA,
+ /** DSS, ElGamal, ... */
+};
+
+/**
+ * Enum names for key_type_t
+ */
+extern enum_name_t *key_type_names;
+
+/**
+ * Signature scheme for signature creation
+ *
+ * EMSA-PKCS1 signatures are from the PKCS#1 standard. They include
+ * the ASN1-OID of the used hash algorithm.
+ */
+enum signature_scheme_t {
+ /** default scheme of that underlying crypto system */
+ SIGN_DEFAULT,
+ /** EMSA-PKCS1 with MD5 */
+ SIGN_RSA_EMSA_PKCS1_MD5,
+ /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash. */
+ SIGN_RSA_EMSA_PKCS1_SHA1,
+ /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */
+ SIGN_RSA_EMSA_PKCS1_SHA256,
+ /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */
+ SIGN_RSA_EMSA_PKCS1_SHA384,
+ /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */
+ SIGN_RSA_EMSA_PKCS1_SHA512,
+ /** ECDSA using SHA-1 as hash. */
+ SIGN_ECDSA_WITH_SHA1,
+ /** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */
+ SIGN_ECDSA_256,
+ /** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */
+ SIGN_ECDSA_384,
+ /** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */
+ SIGN_ECDSA_521,
+};
+
+/**
+ * Enum names for signature_scheme_t
+ */
+extern enum_name_t *signature_scheme_names;
+
+/**
+ * Abstract interface of a public key.
+ */
+struct public_key_t {
+
+ /**
+ * Get the key type.
+ *
+ * @return type of the key
+ */
+ key_type_t (*get_type)(public_key_t *this);
+
+ /**
+ * Verifies a signature against a chunk of data.
+ *
+ * @param scheme signature scheme to use for verification, may be default
+ * @param data data to check signature against
+ * @param signature signature to check
+ * @return TRUE if signature matches
+ */
+ bool (*verify)(public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature);
+
+ /**
+ * Encrypt a chunk of data.
+ *
+ * @param crypto chunk containing plaintext data
+ * @param plain where to allocate encrypted data
+ * @return TRUE if data successfully encrypted
+ */
+ bool (*encrypt)(public_key_t *this, chunk_t crypto, chunk_t *plain);
+
+ /**
+ * Get the strength of the key in bytes.
+ *
+ * @return strength of the key in bytes
+ */
+ size_t (*get_keysize) (public_key_t *this);
+
+ /**
+ * Get a unique key identifier, such as a hash over the key.
+ *
+ * @param type type of the key ID to get
+ * @return unique ID of the key as identification_t, or NULL
+ */
+ identification_t* (*get_id) (public_key_t *this, id_type_t type);
+
+ /**
+ * Get an encoded form of the key.
+ *
+ * @todo Do we need a encoding type specification?
+ *
+ * @return allocated chunk containing encoded key
+ */
+ chunk_t (*get_encoding)(public_key_t *this);
+
+ /**
+ * Increase the refcount of the key.
+ *
+ * @return this with an increased refcount
+ */
+ public_key_t* (*get_ref)(public_key_t *this);
+
+ /**
+ * Destroy a public_key instance.
+ */
+ void (*destroy)(public_key_t *this);
+};
+
+#endif /* PUBLIC_KEY_H_ @} */
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
new file mode 100644
index 000000000..f55b52c3a
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id: shared_key.c 3600 2008-03-14 15:11:29Z martin $
+ */
+
+#include "shared_key.h"
+
+ENUM(shared_key_type_names, SHARED_ANY, SHARED_PIN,
+ "ANY",
+ "IKE",
+ "EAP",
+ "PRIVATE_KEY_PASS",
+ "PIN",
+);
+
+typedef struct private_shared_key_t private_shared_key_t;
+
+/**
+ * private data of shared_key
+ */
+struct private_shared_key_t {
+
+ /**
+ * public functions
+ */
+ shared_key_t public;
+
+ /**
+ * type of this shared key
+ */
+ shared_key_type_t type;
+
+ /**
+ * associated shared key data
+ */
+ chunk_t key;
+
+ /**
+ * reference counter
+ */
+ refcount_t ref;
+};
+
+/**
+ * Implements shared_key_t.get_type
+ */
+static shared_key_type_t get_type(private_shared_key_t *this)
+{
+ return this->type;
+}
+
+/**
+ * Implements shared_key_t.get_key
+ */
+static chunk_t get_key(private_shared_key_t *this)
+{
+ return this->key;
+}
+
+/**
+ * Implements shared_key_t.get_ref
+ */
+static shared_key_t* get_ref(private_shared_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public;
+}
+
+/**
+ * Implementation of shared_key_t.destroy
+ */
+static void destroy(private_shared_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->key.ptr);
+ free(this);
+ }
+}
+
+/*
+ * see header file
+ */
+shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key)
+{
+ private_shared_key_t *this = malloc_thing(private_shared_key_t);
+
+ this->public.get_type = (shared_key_type_t (*)(shared_key_t *this))get_type;
+ this->public.get_key = (chunk_t (*)(shared_key_t *this))get_key;
+ this->public.get_ref = (shared_key_t* (*)(shared_key_t *this))get_ref;
+ this->public.destroy = (void(*)(shared_key_t*))destroy;
+
+ this->type = type;
+ this->key = key;
+ this->ref = 1;
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h
new file mode 100644
index 000000000..ceb1309b7
--- /dev/null
+++ b/src/libstrongswan/credentials/keys/shared_key.h
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup shared_key shared_key
+ * @{ @ingroup keys
+ */
+
+#ifndef SHARED_KEY_H_
+#define SHARED_KEY_H_
+
+#include <utils/enumerator.h>
+#include <utils/identification.h>
+
+typedef struct shared_key_t shared_key_t;
+typedef enum shared_key_type_t shared_key_type_t;
+
+/**
+ * Type of a shared key.
+ */
+enum shared_key_type_t {
+ /** wildcard for all keys */
+ SHARED_ANY,
+ /** PSK for IKE authentication */
+ SHARED_IKE,
+ /** key for a EAP authentication method */
+ SHARED_EAP,
+ /** key to decrypt encrypted private keys */
+ SHARED_PRIVATE_KEY_PASS,
+ /** PIN to unlock a smartcard */
+ SHARED_PIN,
+};
+
+/**
+ * enum names for shared_key_type_t
+ */
+extern enum_name_t *shared_key_type_names;
+
+/**
+ * A symmetric key shared between multiple owners.
+ *
+ * This class is not thread save, do not add owners while others might be
+ * reading.
+ */
+struct shared_key_t {
+
+ /**
+ * Get the kind of this key.
+ *
+ * @return type of the key
+ */
+ shared_key_type_t (*get_type)(shared_key_t *this);
+
+ /**
+ * Get the shared key data.
+ *
+ * @return chunk pointing to the internal key
+ */
+ chunk_t (*get_key)(shared_key_t *this);
+
+ /**
+ * Increase refcount of the key.
+ *
+ * @return this with an increased refcount
+ */
+ shared_key_t* (*get_ref)(shared_key_t *this);
+
+ /**
+ * Destroy a shared_key instance if all references are gone.
+ */
+ void (*destroy)(shared_key_t *this);
+};
+
+/**
+ * A simple private key implementation
+ *
+ * @param type type of the shared key
+ * @param key key data, gets owned by instance
+ * @return simple shared key instance
+ */
+shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key);
+
+#endif /** SHARED_KEY_H_ @} */