summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/keys/signature_params.h
blob: 6934c5e889dfe22379d7a24cff9bdcad863886ab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/*
 * Copyright (C) 2017 Tobias Brunner
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup signature_params signature_params
 * @{ @ingroup keys
 */

#ifndef SIGNATURE_PARAMS_H_
#define SIGNATURE_PARAMS_H_

typedef struct signature_params_t signature_params_t;
typedef struct rsa_pss_params_t rsa_pss_params_t;

#include <crypto/hashers/hasher.h>

/**
 * Signature scheme with parameters
 */
struct signature_params_t {
	/** Signature scheme */
	signature_scheme_t scheme;
	/** Parameters, depending on scheme */
	void *params;
};

/**
 * Compare two signature schemes and their parameters
 *
 * @param a			first scheme
 * @param b			second scheme
 * @return			TRUE if schemes and parameters are equal
 */
bool signature_params_equal(signature_params_t *a, signature_params_t *b);

/**
 * Compare two signature schemes and their parameters
 *
 * @param c			constraint
 * @param s			scheme
 * @return			TRUE if scheme complies to constraint
 */
bool signature_params_comply(signature_params_t *c, signature_params_t *s);

/**
 * Clone the given scheme and parameters, if any
 *
 * @return			cloned object
 */
signature_params_t *signature_params_clone(signature_params_t *this);

/**
 * Destroy the given scheme and parameters, if any
 */
void signature_params_destroy(signature_params_t *this);

/**
 * Clear the given parameters, if any, sets the scheme to SIGN_UNKNOWN
 */
void signature_params_clear(signature_params_t *this);

/**
 * Parse an ASN.1 algorithmIdentifier with parameters denoting a signature
 * scheme.
 *
 * @param asn1		ASN.1 encoded RSASSA-PSS-params
 * @param level0	current level of the ASN.1 parser
 * @param params	parsed parameters
 * @return			TRUE if successfully parsed
 */
bool signature_params_parse(chunk_t asn1, int level0,
							signature_params_t *params);

/**
 * Build ASN.1 algorithmIdentifier with parameters denoting a signature scheme.
 *
 * @param params	signature scheme and parameters to encode
 * @param asn1		ASN.1 encoded algorithmIdentifier (allocated)
 * @return			TRUE if successfully built
 */
bool signature_params_build(signature_params_t *params, chunk_t *asn1);

/**
 * Parameters for SIGN_RSA_EMSA_PSS signature scheme
 */
struct rsa_pss_params_t {
	/** Hash algorithm */
	hash_algorithm_t hash;
	/** Hash for the MGF1 function */
	hash_algorithm_t mgf1_hash;
	/** Salt length, use RSA_PSS_SALT_LEN_DEFAULT for length equal to hash */
	ssize_t salt_len;
	/** Salt value, for unit tests (not all implementations support this) */
	chunk_t salt;
#define RSA_PSS_SALT_LEN_DEFAULT -1
};

/**
 * Parse the given ASN.1 algorithm identifier params
 *
 * @param asn1		ASN.1 encoded RSASSA-PSS-params
 * @param level0	current level of the ASN.1 parser
 * @param params	parsed parameters
 * @return			TRUE if successfully parsed
 */
bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params);

/**
 * Build ASN.1 algorithm identifier params
 *
 * @param params	parameters to encode
 * @param asn1		ASN.1 encoded RSASSA-PSS-params (allocated)
 * @return			TRUE if successfully built
 */
bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1);

#endif /** SIGNATURE_PARAMS_H_ @}*/