src/libstrongswan/crypto/rsa/rsa_public_key.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

/**
 * @file rsa_public_key.h
 * 
 * @brief Interface of rsa_public_key_t.
 * 
 */

/*
 * Copyright (C) 2005-2006 Martin Willi
 * Copyright (C) 2005 Jan Hutter
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#ifndef RSA_PUBLIC_KEY_H_
#define RSA_PUBLIC_KEY_H_

typedef struct rsa_public_key_t rsa_public_key_t;

#include <gmp.h>

#include <library.h>

/**
 * @brief RSA public key with associated functions.
 * 
 * Currently only supports signature verification using
 * the EMSA encoding (see PKCS1)
 * 
 * @b Constructors:
 * - rsa_public_key_create_from_chunk()
 * - rsa_public_key_create_from_file()
 * - rsa_private_key_t.get_public_key()
 * 
 * @see rsa_private_key_t
 * 
 * @todo Implement getkey() and savekey()
 * 
 * @ingroup rsa
 */
struct rsa_public_key_t {

	/**
	 * @brief Verify a EMSA-PKCS1 encodined signature.
	 * 
	 * Processes the supplied signature with the RSAVP1 function,
	 * selects the hash algorithm form the resultign ASN1-OID and
	 * verifies the hash against the supplied data.
	 * 
	 * @param this				rsa_public_key to use
	 * @param data				data to sign
	 * @param signature			signature to verify
	 * @return
	 * 							- SUCCESS, if signature ok
	 * 							- INVALID_STATE, if key not set
	 * 							- NOT_SUPPORTED, if hash algorithm not supported
	 * 							- INVALID_ARG, if signature is not a signature
	 * 							- FAILED if signature invalid or unable to verify
	 */
	status_t (*verify_emsa_pkcs1_signature) (const rsa_public_key_t *this, chunk_t data, chunk_t signature);
	
	/**
	 * @brief Gets the key.
	 * 
	 * Currently uses a proprietary format which is only inteded
	 * for testing. This should be replaced with a proper
	 * ASN1 encoded key format, when charon gets the ASN1 
	 * capabilities.
	 * 
	 * @param this				calling object
	 * @param key				key (in a propriarity format)
	 * @return					
	 * 							- SUCCESS
	 * 							- INVALID_STATE, if key not set
	 */
	status_t (*get_key) (const rsa_public_key_t *this, chunk_t *key);
	
	/**
	 * @brief Saves a key to a file.
	 * 
	 * Not implemented!
	 * 
	 * @param this				calling object
	 * @param file				file to which the key should be written.
	 * @return					NOT_SUPPORTED
	 */
	status_t (*save_key) (const rsa_public_key_t *this, char *file);
	
	/**
	 * @brief Get the modulus of the key.
	 * 
	 * @param this				calling object
	 * @return					modulus (n) of the key
	 */
	mpz_t *(*get_modulus) (const rsa_public_key_t *this);
	
	/**
	 * @brief Get the size of the modulus in bytes.
	 * 
	 * @param this				calling object
	 * @return					size of the modulus (n) in bytes
	 */
	size_t (*get_keysize) (const rsa_public_key_t *this);

	/**
	 * @brief Get the keyid formed as the SHA-1 hash of a publicKeyInfo object.
	 * 
	 * @param this				calling object
	 * @return					keyid in the form of a SHA-1 hash
	 */
	chunk_t (*get_keyid) (const rsa_public_key_t *this);

	/**
	 * @brief Clone the public key.
	 * 
	 * @param this				public key to clone
	 * @return					clone of this
	 */
	rsa_public_key_t *(*clone) (const rsa_public_key_t *this);
	
	/**
	 * @brief Destroys the public key.
	 * 
	 * @param this				public key to destroy
	 */
	void (*destroy) (rsa_public_key_t *this);
};

/**
 * @brief Load an RSA public key from a chunk.
 * 
 * Load a key from a chunk, encoded in the more frequently
 * used publicKeyInfo object (ASN1 DER encoded).
 * 
 * @param chunk				chunk containing the DER encoded key
 * @return 					loaded rsa_public_key_t, or NULL
  * 
 * @ingroup rsa
 */
rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk);

/**
 * @brief Load an RSA public key from a file.
 * 
 * Load a key from a file, which is either in binary
 * format (DER), or in PEM format. 
 * 
 * @param filename			filename which holds the key
 * @return 					loaded rsa_public_key_t, or NULL
 * 
 * @ingroup rsa
 */
rsa_public_key_t *rsa_public_key_create_from_file(char *filename);

#endif /*RSA_PUBLIC_KEY_H_*/