src/libstrongswan/crypto/rsa/rsa_public_key.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

/**
 * @file rsa_public_key.h
 * 
 * @brief Interface of rsa_public_key_t.
 * 
 */

/*
 * Copyright (C) 2005 Jan Hutter
 * Copyright (C) 2005-2006 Martin Willi
 * Copyright (C) 2007-2008 Andreas Steffen
 *
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * RCSID $Id: rsa_public_key.h 3423 2008-01-22 10:32:37Z andreas $
 */

#ifndef RSA_PUBLIC_KEY_H_
#define RSA_PUBLIC_KEY_H_

typedef struct rsa_public_key_t rsa_public_key_t;

#include <gmp.h>

#include <library.h>
#include <crypto/hashers/hasher.h>

/**
 * @brief RSA public key with associated functions.
 * 
 * Currently only supports signature verification using
 * the EMSA encoding (see PKCS1)
 * 
 * @b Constructors:
 * - rsa_public_key_create()
 * - rsa_public_key_create_from_chunk()
 * - rsa_public_key_create_from_file()
 *
 * @ingroup rsa
 */
struct rsa_public_key_t {

	/**
	 * @brief Encrypt a data block using EME-PKCS1 encoding.
	 * 
	 * 
	 * @param this				calling object
	 * @param data				plaintext input data
	 * @param out				encrypted output data
	 * @return
	 * 							- SUCCESS
	 * 							- FAILED if data block is too large
	 */
	status_t (*pkcs1_encrypt) (rsa_public_key_t *this, chunk_t in, chunk_t *out);

	/**
	 * @brief Verify an EMSA-PKCS1 encoded signature.
	 * 
	 * Processes the supplied signature with the RSAVP1 function,
	 * selects the hash algorithm form the resultign ASN1-OID and
	 * verifies the hash against the supplied data.
	 * 
	 * @param this				rsa_public_key to use
	 * @param data				data to sign
	 # @param algorithm			hash algorithm the signature is based on
	 * @param signature			signature to verify
	 * @return
	 * 							- SUCCESS, if signature ok
	 * 							- INVALID_STATE, if key not set
	 * 							- NOT_SUPPORTED, if hash algorithm not supported
	 * 							- INVALID_ARG, if signature is not a signature
	 * 							- FAILED if signature invalid or unable to verify
	 */
	status_t (*verify_emsa_pkcs1_signature) (const rsa_public_key_t *this,
											 hash_algorithm_t algorithm,
											 chunk_t data, chunk_t signature);
	
	/**
	 * @brief Get the modulus of the key.
	 * 
	 * @param this				calling object
	 * @return					modulus (n) of the key
	 */
	mpz_t *(*get_modulus) (const rsa_public_key_t *this);
	
	/**
	 * @brief Get the size of the modulus in bytes.
	 * 
	 * @param this				calling object
	 * @return					size of the modulus (n) in bytes
	 */
	size_t (*get_keysize) (const rsa_public_key_t *this);

	/**
	 * @brief Get the DER encoded publicKeyInfo object.
	 * 
	 * @param this				calling object
	 * @return					DER encoded publicKeyInfo object
	 */
	chunk_t (*get_publicKeyInfo) (const rsa_public_key_t *this);

	/**
	 * @brief Get the keyid formed as the SHA-1 hash of a publicKeyInfo object.
	 * 
	 * @param this				calling object
	 * @return					keyid in the form of a SHA-1 hash
	 */
	chunk_t (*get_keyid) (const rsa_public_key_t *this);

	/**
	 * @brief Clone the public key.
	 * 
	 * @param this				public key to clone
	 * @return					clone of this
	 */
	rsa_public_key_t *(*clone) (const rsa_public_key_t *this);
	
	/**
	 * @brief Destroys the public key.
	 * 
	 * @param this				public key to destroy
	 */
	void (*destroy) (rsa_public_key_t *this);
};

/**
 * @brief Create a RSA public key from modulus and public exponent.
 *
 * @param n					modulus
 * @param e					public exponent
 * @return 					created rsa_public_key_t
 * 
 * @ingroup rsa
 */
rsa_public_key_t *rsa_public_key_create(mpz_t n, mpz_t e);

/**
 * @brief Load an RSA public key from a chunk.
 * 
 * Load a key from a chunk, encoded in the more frequently
 * used publicKeyInfo object (ASN1 DER encoded).
 * 
 * @param chunk				chunk containing the DER encoded key
 * @return 					loaded rsa_public_key_t, or NULL
  * 
 * @ingroup rsa
 */
rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk);

/**
 * @brief Load an RSA public key from a file.
 * 
 * Load a key from a file, which is either in binary
 * format (DER), or in PEM format. 
 * 
 * @param filename			filename which holds the key
 * @return 					loaded rsa_public_key_t, or NULL
 * 
 * @ingroup rsa
 */
rsa_public_key_t *rsa_public_key_create_from_file(char *filename);

#endif /*RSA_PUBLIC_KEY_H_*/