summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/keys
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials/keys')
-rw-r--r--src/libstrongswan/credentials/keys/private_key.c2
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h10
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c45
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h66
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.c2
5 files changed, 91 insertions, 34 deletions
diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
index 018cab1c0..0a01d0385 100644
--- a/src/libstrongswan/credentials/keys/private_key.c
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: private_key.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "private_key.h"
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 219926af1..f38af8ff4 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -82,6 +80,14 @@ struct private_key_t {
public_key_t* (*get_public_key)(private_key_t *this);
/**
+ * Check if two private keys are equal.
+ *
+ * @param other other private key
+ * @return TRUE, if equality
+ */
+ bool (*equals) (private_key_t *this, private_key_t *other);
+
+ /**
* Check if a private key belongs to a public key.
*
* @param public public key
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 80b9f03c3..c94c27f0a 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -11,27 +11,60 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: public_key.c 4051 2008-06-10 09:08:27Z tobias $
*/
+#include <asn1/oid.h>
+
#include "public_key.h"
-ENUM(key_type_names, KEY_RSA, KEY_ECDSA,
+ENUM(key_type_names, KEY_RSA, KEY_DSA,
"RSA",
- "ECDSA"
+ "ECDSA",
+ "DSA"
);
-ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521,
- "DEFAULT",
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
+ "UNKNOWN",
+ "RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"RSA_EMSA_PKCS1_SHA1",
"RSA_EMSA_PKCS1_SHA256",
"RSA_EMSA_PKCS1_SHA384",
"RSA_EMSA_PKCS1_SHA512",
+ "ECDSA_WITH_NULL",
"ECDSA_WITH_SHA1",
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
);
+/*
+ * Defined in header.
+ */
+signature_scheme_t signature_scheme_from_oid(int oid)
+{
+ switch (oid)
+ {
+ case OID_MD5_WITH_RSA:
+ case OID_MD5:
+ return SIGN_RSA_EMSA_PKCS1_MD5;
+ case OID_SHA1_WITH_RSA:
+ case OID_SHA1:
+ return SIGN_RSA_EMSA_PKCS1_SHA1;
+ case OID_SHA256_WITH_RSA:
+ case OID_SHA256:
+ return SIGN_RSA_EMSA_PKCS1_SHA256;
+ case OID_SHA384_WITH_RSA:
+ case OID_SHA384:
+ return SIGN_RSA_EMSA_PKCS1_SHA384;
+ case OID_SHA512_WITH_RSA:
+ case OID_SHA512:
+ return SIGN_RSA_EMSA_PKCS1_SHA512;
+ case OID_ECDSA_WITH_SHA1:
+ case OID_EC_PUBLICKEY:
+ return SIGN_ECDSA_WITH_SHA1;
+ default:
+ return SIGN_UNKNOWN;
+ }
+}
+
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 65bb5f64d..c58531b73 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -36,12 +34,14 @@ typedef enum signature_scheme_t signature_scheme_t;
*/
enum key_type_t {
/** key type wildcard */
- KEY_ANY,
+ KEY_ANY = 0,
/** RSA crypto system as in PKCS#1 */
- KEY_RSA,
+ KEY_RSA = 1,
/** ECDSA as in ANSI X9.62 */
- KEY_ECDSA,
- /** DSS, ElGamal, ... */
+ KEY_ECDSA = 2,
+ /** DSA */
+ KEY_DSA = 3,
+ /** ElGamal, ... */
};
/**
@@ -52,29 +52,35 @@ extern enum_name_t *key_type_names;
/**
* Signature scheme for signature creation
*
- * EMSA-PKCS1 signatures are from the PKCS#1 standard. They include
- * the ASN1-OID of the used hash algorithm.
+ * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
+ * A prepended ASN.1 encoded digestInfo field contains the
+ * OID of the used hash algorithm. The ASN.1 type of the PKCS#7
+ * variants is OCTET_STRING instead of the default BIT_STRING.
*/
enum signature_scheme_t {
- /** default scheme of that underlying crypto system */
- SIGN_DEFAULT,
- /** EMSA-PKCS1 with MD5 */
+ /** Unknown signature scheme */
+ SIGN_UNKNOWN,
+ /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
+ SIGN_RSA_EMSA_PKCS1_NULL,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
SIGN_RSA_EMSA_PKCS1_MD5,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
SIGN_RSA_EMSA_PKCS1_SHA1,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
SIGN_RSA_EMSA_PKCS1_SHA256,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
SIGN_RSA_EMSA_PKCS1_SHA384,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
SIGN_RSA_EMSA_PKCS1_SHA512,
- /** ECDSA using SHA-1 as hash. */
+ /** ECDSA over precomputed digest */
+ SIGN_ECDSA_WITH_NULL,
+ /** ECDSA with SHA-1 */
SIGN_ECDSA_WITH_SHA1,
- /** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */
+ /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
SIGN_ECDSA_256,
- /** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */
+ /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
SIGN_ECDSA_384,
- /** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */
+ /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
};
@@ -109,13 +115,21 @@ struct public_key_t {
/**
* Encrypt a chunk of data.
*
- * @param crypto chunk containing plaintext data
- * @param plain where to allocate encrypted data
+ * @param plain chunk containing plaintext data
+ * @param crypto where to allocate encrypted data
* @return TRUE if data successfully encrypted
*/
- bool (*encrypt)(public_key_t *this, chunk_t crypto, chunk_t *plain);
+ bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
/**
+ * Check if two public keys are equal.
+ *
+ * @param other other public key
+ * @return TRUE, if equality
+ */
+ bool (*equals)(public_key_t *this, public_key_t *other);
+
+ /**
* Get the strength of the key in bytes.
*
* @return strength of the key in bytes
@@ -152,4 +166,12 @@ struct public_key_t {
void (*destroy)(public_key_t *this);
};
+/**
+ * Conversion of ASN.1 signature or hash OID to signature scheme.
+ *
+ * @param oid ASN.1 OID
+ * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
+ */
+signature_scheme_t signature_scheme_from_oid(int oid);
+
#endif /** PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index f55b52c3a..c6f141446 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: shared_key.c 3600 2008-03-14 15:11:29Z martin $
*/
#include "shared_key.h"