5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2008 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
20 /****h* silccrypt/PKCS Interface
24 * SILC PKCS API provides generic interface for performing various
25 * public key cryptography related operations with different types of
26 * public and private keys. Support for loading and saving of different
27 * types of public key and private keys are also provided.
29 * This interface is used to perform operations with public keys and private
30 * keys but the interface cannot be used to generate new key pairs. Instead,
31 * PKCS implementations provide functions to generate key pairs. Call
32 * silc_pkcs_silc_generate_key to generate SILC protocol key pair. Call
33 * silc_ssh_generate_key to generate SSH2 protocol key pair. Call
34 * silc_pgp_generate_key to generate OpenPGP key pair.
38 * // Load public and private keys
39 * SilcPublicKey public_key;
40 * SilcPrivateKey private_key;
42 * silc_pkcs_load_public_key("pubkey.pub", SILC_PKCS_ANY, &public_key);
43 * silc_pkcs_load_private_key("privkey, prv", passphrase, passphrase_len,
44 * SILC_PKCS_ANY, &public_key);
46 * // Compute signature
47 * unsigned char dst[2048];
50 * silc_pkcs_sign(private_key, src, src_len, dst, sizeof(dst), &sig_len,
54 * silc_pkcs_public_key_free(public_key);
55 * silc_pkcs_private_key_free(private_key);
62 /* Forward declarations */
63 typedef struct SilcPKCSAlgorithmStruct SilcPKCSAlgorithm;
64 typedef struct SilcPKCSObjectStruct SilcPKCSObject;
66 /****d* silccrypt/SilcPKCSType
70 * typedef enum { ... } SilcPKCSType;
74 * Supported public key cryptosystem types.
79 SILC_PKCS_SILC = 1, /* SILC PKCS */
80 SILC_PKCS_SSH2 = 2, /* SSH2 PKCS */
81 SILC_PKCS_X509V3 = 3, /* X.509v3 PKCS */
82 SILC_PKCS_OPENPGP = 4, /* OpenPGP PKCS */
83 SILC_PKCS_SPKI = 5, /* SPKI PKCS (not supported) */
88 /****d* silccrypt/PKCS-Algorithms
96 * Supported PKCS algorithm names. These names can be given as argument
97 * to silc_pkcs_find_algorithm. See also SilcPKCSSchemes.
101 #define SILC_PKCS_ALG_RSA "rsa" /* RSA algorithm */
102 #define SILC_PKCS_ALG_DSA "dsa" /* DSA algorithm */
105 /****d* silccrypt/PKCS-Schemes
109 * PKCS Algorithm Schemes
113 * Supported PKCS algorithm scheme names. Different algorithms can be
114 * implemented in different ways to conform differnet standards and
115 * protocols. The scheme defines these ways. The scheme is given as
116 * argument to silc_pkcs_find_algorithm.
121 /* PKCS #1 version 2.x. This performs RSASSA-PKCS-v1_5 and RSAES-PKCS-v1_5
122 with hash OID in the signature data (signature with appendix). This can
123 be used with SILC_PKCS_ALG_RSA. Default hash function used with
124 signatures is SHA-1. */
125 #define SILC_PKCS_SCHEME_PKCS1 "pkcs1"
127 /* PKCS #1 version 2.x. Same as SILC_PKCS_SCHEME_PKCS1 but the hash OID
128 is not present in the signature data. This can be used with
129 SILC_PKCS_ALG_RSA. Default hash function used with signatures is SHA-1. */
130 #define SILC_PKCS_SCHEME_PKCS1_NO_OID "pkcs1-no-oid"
132 /* The Digital Signature Standard, FIPS 186-3. The latest DSS standard
133 version. The key parameters and hash function used are derived
134 automatically by the key length and the signature length is variable.
135 This can be used with SILC_PKCS_ALG_DSA. */
136 #define SILC_PKCS_SCHEME_DSS "dss"
138 /* The Digital Signature Standard, FIPS 186-2. Same as the
139 SILC_PKCS_SCHEME_DSS but the signature length is always 160 bits and
140 hash function used is SHA-1. This is the most widely used DSS version
141 (<= year 2008). This can be used with SILC_PKCS_ALG_DSA. This is
142 compatible with SILC_PKCS_ALG_DSS when verifying signatures, but cannot
143 necessarily create compatible signature. */
144 #define SILC_PKCS_SCHEME_DSS_FIPS186_2 "dss-fips186-2"
147 /* The SSH2 protocol scheme. This can be used with SILC_PKCS_ALG_RSA and
148 SILC_PKCS_ALG_DSA. When used the algorithms behave as defined in the
150 #define SILC_PKCS_SCHEME_SSH "ssh"
151 #endif /* SILC_DIST_SSH */
154 /* The OpenPGP protocol scheme. This can be used with SILC_PKCS_ALG_RSA and
155 SILC_PKCS_ALG_DSA. When used the algorithms behave as defined in the
157 #define SILC_PKCS_SCHEME_OPENPGP "openpgp"
158 #endif /* SILC_DIST_PGP */
161 /****s* silccrypt/SilcPublicKey
165 * typedef struct { ... } *SilcPublicKey;
169 * This context represents any kind of PKCS public key. It can be
170 * allocated by silc_pkcs_public_key_alloc or silc_pkcs_load_public_key
171 * and is freed by the silc_pkcs_public_key_free. The PKCS specific
172 * public key context can be retrieved by calling
173 * silc_pkcs_public_key_get_pkcs.
177 typedef struct SilcPublicKeyStruct {
178 SilcPKCSObject *pkcs; /* PKCS */
179 const SilcPKCSAlgorithm *alg; /* PKCS algorithm */
180 void *public_key; /* PKCS specific public key */
184 /****s* silccrypt/SilcPrivateKey
188 * typedef struct { ... } *SilcPrivateKey;
192 * This context represents any kind of PKCS private key. It can be
193 * allocated by silc_pkcs_private_key_alloc or more commonly by calling
194 * silc_pkcs_load_private_key. The PKCS specific key context can be
195 * retrieved by calling silc_pkcs_private_key_get_pkcs.
199 typedef struct SilcPrivateKeyStruct {
200 SilcPKCSObject *pkcs; /* PKCS */
201 const SilcPKCSAlgorithm *alg; /* PKCS algorithm */
202 void *private_key; /* PKCS specific private key */
206 /****d* silccrypt/SilcPKCSFileEncoding
210 * typedef enum { ... } SilcPKCSType
214 * Public and private key file encoding types.
219 SILC_PKCS_FILE_BIN, /* Binary encoding */
220 SILC_PKCS_FILE_BASE64 /* Base64 encoding */
221 } SilcPKCSFileEncoding;
224 /****f* silccrypt/SilcPKCSEncryptCb
228 * typedef void (*SilcPKCSEncryptCb)(SilcBool success,
229 * const unsigned char *encrypted,
230 * SilcUInt32 encrypted_len,
235 * Encryption callback. This callback is given as argument to the
236 * silc_pkcs_encrypt_async and the encrypted data is delivered to the
237 * caller in this callback. The `encrypted' is the encrypted data. If
238 * the `success' is FALSE the encryption operation failed.
241 typedef void (*SilcPKCSEncryptCb)(SilcBool success,
242 const unsigned char *encrypted,
243 SilcUInt32 encrypted_len,
246 /****f* silccrypt/SilcPKCSDecryptCb
250 * typedef void (*SilcPKCSDecryptCb)(SilcBool success,
251 * const unsigned char *decrypted,
252 * SilcUInt32 decrypted_len,
257 * Decryption callback. This callback is given as argument to the
258 * silc_pkcs_decrypt_async and the decrypted data is delivered to the
259 * caller in this callback. The `decrypted' is the decrypted data. If
260 * the `success' is FALSE the decryption operation failed.
263 typedef void (*SilcPKCSDecryptCb)(SilcBool success,
264 const unsigned char *decrypted,
265 SilcUInt32 decrypted_len,
268 /****f* silccrypt/SilcPKCSSignCb
272 * typedef void (*SilcPKCSSignCb)(SilcBool success,
273 * const unsigned char *signature,
274 * SilcUInt32 signature_len,
279 * Signature callback. This callback is given as argument to the
280 * silc_pkcs_sign_async and the digitally signed data is delivered to
281 * the caller in this callback. The `signature' is the signature data.
282 * If the `success' is FALSE the signature operation failed.
285 typedef void (*SilcPKCSSignCb)(SilcBool success,
286 const unsigned char *signature,
287 SilcUInt32 signature_len,
290 /****f* silccrypt/SilcPKCSVerifyCb
294 * typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
298 * Verification callback. This callback is given as argument to the
299 * silc_pkcs_verify_async and the result of the signature verification is
300 * deliver to the caller in this callback. If the `success' is FALSE
301 * the signature verification failed.
304 typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
306 #include "silcpkcs_i.h"
308 /* Marks for all PKCS in. This can be used in silc_pkcs_unregister to
309 unregister all PKCS at once. */
310 #define SILC_ALL_PKCS ((SilcPKCSObject *)1)
311 #define SILC_ALL_PKCS_ALG ((SilcPKCSAlgorithm *)1)
313 /* Static lists of PKCS and PKCS algorithms. */
314 extern DLLAPI const SilcPKCSObject silc_default_pkcs[];
315 extern DLLAPI const SilcPKCSAlgorithm silc_default_pkcs_alg[];
319 /****f* silccrypt/silc_pkcs_register
323 * SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
327 * Registers a new PKCS into the crypto library. This function can be
328 * used at the initialization of an application. All registered PKCSs
329 * should be unregistered with silc_pkcs_unregister. Usually this
330 * function is not needed. The default PKCSs are automatically
331 * registered. This can be used to change the order of the registered
332 * PKCSs by re-registering them in desired order, or add new PKCSs.
333 * Returns FALSE on error.
336 SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
338 /****f* silccrypt/silc_pkcs_unregister
342 * SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
346 * Unregister a PKCS from the crypto library. Returns FALSE on error.
349 SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
351 /****f* silccrypt/silc_pkcs_algorithm_register
355 * SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
359 * Registers a new PKCS Algorithm into crypto library. This function
360 * can be used at the initialization of an application. All registered
361 * PKCS algorithms should be unregistered with silc_pkcs_unregister.
364 SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
366 /****f* silccrypt/silc_pkcs_algorithm_unregister
370 * SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
374 * Unregister a PKCS from the crypto library. Returns FALSE on error.
377 SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
379 /****f* silccrypt/silc_pkcs_register_default
383 * SilcBool silc_pkcs_register_default(void);
387 * Registers all the default PKCS (all builtin PKCS) and PKCS algorithms.
388 * Application need not call this directly. By calling silc_crypto_init
389 * this function is called.
392 SilcBool silc_pkcs_register_default(void);
394 /****f* silccrypt/silc_pkcs_unregister_all
398 * SilcBool silc_pkcs_unregister_all(void);
402 * Unregister all PKCS and PKCS algorithms. Returns FALSE on error.
403 * Application need not call this directly. By calling silc_crypto_init
404 * this function is called.
407 SilcBool silc_pkcs_unregister_all(void);
409 /****f* silccrypt/silc_pkcs_load_public_key
413 * SilcBool silc_pkcs_load_public_key(const char *filename,
415 * SilcPublicKey *ret_public_key);
419 * Loads public key from file and allocates new public key. Returns TRUE
420 * if loading was successful. If `type' is SILC_PKCS_ANY this attempts
421 * to automatically detect the public key type. If `type' is some other
422 * PKCS type, the key is expected to be of that type.
425 SilcBool silc_pkcs_load_public_key(const char *filename,
427 SilcPublicKey *ret_public_key);
429 /****f* silccrypt/silc_pkcs_save_public_key
433 * SilcBool silc_pkcs_save_public_key(const char *filename,
434 * SilcPublicKey public_key,
435 * SilcPKCSFileEncoding encoding);
439 * Saves public key into file with specified encoding. Returns FALSE
443 SilcBool silc_pkcs_save_public_key(const char *filename,
444 SilcPublicKey public_key,
445 SilcPKCSFileEncoding encoding);
447 /****f* silccrypt/silc_pkcs_load_private_key
451 * SilcBool silc_pkcs_load_private_key(const char *filename,
452 * const unsigned char *passphrase,
453 * SilcUInt32 passphrase_len,
455 * SilcPrivateKey *ret_private_key);
459 * Loads private key from file and allocates new private key. Returns TRUE
460 * if loading was successful. The `passphrase' is used as decryption
461 * key of the private key file, in case it is encrypted. If `type' is
462 * SILC_PKCS_ANY this attempts to automatically detect the private key type.
463 * If `type' is some other PKCS type, the key is expected to be of that
467 SilcBool silc_pkcs_load_private_key(const char *filename,
468 const unsigned char *passphrase,
469 SilcUInt32 passphrase_len,
471 SilcPrivateKey *ret_private_key);
473 /****f* silccrypt/silc_pkcs_save_private_key
477 * SilcBool silc_pkcs_save_private_key(const char *filename,
478 * SilcPrivateKey private_key,
479 * const unsigned char *passphrase,
480 * SilcUInt32 passphrase_len,
481 * SilcPKCSFileEncoding encoding,
486 * Saves private key into file. The private key is encrypted into
487 * the file with the `passphrase' as a key, if PKCS supports encrypted
488 * private keys. Returns FALSE on error.
491 SilcBool silc_pkcs_save_private_key(const char *filename,
492 SilcPrivateKey private_key,
493 const unsigned char *passphrase,
494 SilcUInt32 passphrase_len,
495 SilcPKCSFileEncoding encoding,
498 /****f* silccrypt/silc_pkcs_public_key_alloc
502 * SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
503 * unsigned char *key,
505 * SilcPublicKey *ret_public_key);
509 * Allocates SilcPublicKey of the type of `type' from the key data
510 * `key' of length of `key_len' bytes. Returns FALSE if the `key'
511 * is malformed or unsupported public key type. This function can be
512 * used to create public key from any kind of PKCS public keys that
513 * the implementation supports.
516 SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
519 SilcPublicKey *ret_public_key);
521 /****f* silccrypt/silc_pkcs_public_key_free
525 * void silc_pkcs_public_key_free(SilcPublicKey public_key);
529 * Frees the public key. This will also automatically free the underlaying
530 * PKCS specific public key. All public keys allocated through the
531 * PKCS API must be freed by calling this function.
534 void silc_pkcs_public_key_free(SilcPublicKey public_key);
536 /****f* silccrypt/silc_pkcs_public_key_encode
540 * unsigned char *silc_pkcs_public_key_encode(SilcStack stack,
541 * SilcPublicKey public_key,
542 * SilcUInt32 *ret_len);
546 * Encodes the `public_key' into a binary format and returns it. Returns
547 * NULL on error. Caller must free the returned buffer.
549 * If the `stack' is non-NULL the returned buffer is allocated from the
550 * `stack'. This call will consume `stack' so caller should push the stack
551 * before calling and then later pop it.
554 unsigned char *silc_pkcs_public_key_encode(SilcStack stack,
555 SilcPublicKey public_key,
556 SilcUInt32 *ret_len);
558 /****f* silccrypt/silc_pkcs_public_key_get_len
562 * SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
566 * Returns the key length in bits from the public key.
569 SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
571 /****f* silccrypt/silc_pkcs_public_key_compare
575 * SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1,
576 * SilcPublicKey key2);
580 * Compares two public keys and returns TRUE if they are same key, and
581 * FALSE if they are not same.
584 SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2);
586 /****f* silccrypt/silc_pkcs_public_key_copy
590 * SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
594 * Copies the public key indicated by `public_key' and returns new
595 * allocated public key which is indentical to the `public_key'.
598 SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
600 /****f* silccrypt/silc_pkcs_private_key_alloc
604 * SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
605 * unsigned char *key,
606 * SilcUInt32 key_len,
607 * SilcPrivateKey *ret_private_key);
611 * Allocates SilcPrivateKey of the type of `type' from the key data
612 * `key' of length of `key_len' bytes. Returns FALSE if the `key'
613 * is malformed or unsupported private key type.
615 * Usually this function is not needed. Typical application calls
616 * silc_pkcs_load_private_key instead.
619 SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
622 SilcPrivateKey *ret_private_key);
624 /****f* silccrypt/silc_pkcs_private_key_get_len
628 * SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
632 * Returns the key length in bits from the private key.
635 SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
637 /****f* silccrypt/silc_pkcs_private_key_free
641 * void silc_pkcs_private_key_free(SilcPrivateKey private_key;
645 * Frees the public key. This will also automatically free the underlaying
646 * PKCS specific private key. All private keys allocated through the
647 * PKCS API must be freed by calling this function.
650 void silc_pkcs_private_key_free(SilcPrivateKey private_key);
652 /****f* silccrypt/silc_pkcs_encrypt
656 * SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
657 * unsigned char *src, SilcUInt32 src_len,
658 * unsigned char *dst, SilcUInt32 dst_size,
659 * SilcUInt32 *dst_len, SilcRng rng);
663 * Encrypts with the public key. Returns FALSE on error. The length
664 * the encrypted data is returned to `dst_len' if it is non-NULL.
666 * This call cannot be used if `public_key' is accelerated. All
667 * accelerators are usually asynchronous and the function will return
668 * before the encryption has been done. In this case the
669 * silc_pkcs_encrypt_async should be used.
672 SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
673 unsigned char *src, SilcUInt32 src_len,
674 unsigned char *dst, SilcUInt32 dst_size,
675 SilcUInt32 *dst_len, SilcRng rng);
677 /****f* silccrypt/silc_pkcs_encrypt_async
682 * silc_pkcs_encrypt_async(SilcPublicKey public_key,
683 * unsigned char *src,
684 * SilcUInt32 src_len, SilcRng rng,
685 * SilcPKCSEncryptCb encrypt_cb,
690 * Encrypts with the public key. The `encrypt_cb' will be called to
691 * deliver the encrypted data. The encryption operation may be asynchronous
692 * if the `public_key' is accelerated public key. If this returns NULL
693 * the asynchronous operation cannot be controlled.
696 SilcAsyncOperation silc_pkcs_encrypt_async(SilcPublicKey public_key,
698 SilcUInt32 src_len, SilcRng rng,
699 SilcPKCSEncryptCb encrypt_cb,
702 /****f* silccrypt/silc_pkcs_decrypt
706 * SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
707 * unsigned char *src, SilcUInt32 src_len,
708 * unsigned char *dst, SilcUInt32 dst_size,
709 * SilcUInt32 *dst_len);
713 * Decrypts with the private key. Returns FALSE on error. The length
714 * of the decrypted data is returned to `dst_len' if it is non-NULL.
716 * This call cannot be used if `public_key' is accelerated. All
717 * accelerators are usually asynchronous and the function will return
718 * before the decryption has been done. In this case the
719 * silc_pkcs_decrypt_async should be used.
722 SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
723 unsigned char *src, SilcUInt32 src_len,
724 unsigned char *dst, SilcUInt32 dst_size,
725 SilcUInt32 *dst_len);
727 /****f* silccrypt/silc_pkcs_decrypt_async
732 * silc_pkcs_decrypt_async(SilcPrivateKey private_key,
733 * unsigned char *src,
734 * SilcUInt32 src_len,
735 * SilcPKCSDecryptCb decrypt_cb,
740 * Decrypts with the private key. The `decrypt_cb' will be called to
741 * deliver the decrypted data. The decryption operation may be asynchronous
742 * if the `private_key' is accelerated private key. If this returns NULL
743 * the asynchronous operation cannot be controlled.
747 silc_pkcs_decrypt_async(SilcPrivateKey private_key,
748 unsigned char *src, SilcUInt32 src_len,
749 SilcPKCSDecryptCb decrypt_cb,
752 /****f* silccrypt/silc_pkcs_sign
756 * SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
757 * unsigned char *src, SilcUInt32 src_len,
758 * unsigned char *dst, SilcUInt32 dst_size,
759 * SilcUInt32 *dst_len, SilcBool compute_hash,
760 * SilcHash hash, SilcRng rng);
764 * Computes signature with the private key. If `compute_hash' is TRUE
765 * the `hash' will be used to compute a message digest over the `src'.
766 * The `hash' is NULL the default hash function is used. The `rng'
767 * should always be provided. The length of the signature is returned
768 * to `dst_len' is it is non-NULL.
770 * This call cannot be used if `public_key' is accelerated. All
771 * accelerators are usually asynchronous and the function will return
772 * before the signagture has been done. In this case the
773 * silc_pkcs_sign_async should be used.
776 SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
777 unsigned char *src, SilcUInt32 src_len,
778 unsigned char *dst, SilcUInt32 dst_size,
779 SilcUInt32 *dst_len, SilcBool compute_hash,
780 SilcHash hash, SilcRng rng);
782 /****f* silccrypt/silc_pkcs_sign_async
786 * SilcAsyncOperation silc_pkcs_sign_async(SilcPrivateKey private_key,
787 * unsigned char *src,
788 * SilcUInt32 src_len,
789 * SilcBool compute_hash,
792 * SilcPKCSSignCb sign_cb,
797 * Computes signature with the private key. The `sign_cb' will be called
798 * to deliver the signature data. If `compute_hash' is TRUE the `hash'
799 * will be used to compute a message digest over the `src'. The `hash'
800 * is NULL the default hash function is used. The `rng' should always
801 * be provided. The signature operation may be asynchronous if the
802 * `private_key' is accelerated private key. If this returns NULL the
803 * asynchronous operation cannot be controlled.
806 SilcAsyncOperation silc_pkcs_sign_async(SilcPrivateKey private_key,
809 SilcBool compute_hash,
812 SilcPKCSSignCb sign_cb,
815 /****f* silccrypt/silc_pkcs_verify
819 * SilcBool silc_pkcs_verify(SilcPublicKey public_key,
820 * unsigned char *signature,
821 * SilcUInt32 signature_len,
822 * unsigned char *data,
823 * SilcUInt32 data_len,
824 * SilcBool compute_hash,
829 * Verifies signature. The 'signature' is verified against the 'data'.
830 * If `compute_hash' hash is TRUE the `hash' will be used in verification.
831 * If `hash' is NULL, the hash algorithm to be used is retrieved from the
832 * signature. If it isn't present in the signature the default hash
833 * function is used. The `rng' is usually not needed and may be NULL.
835 * This call cannot be used if `public_key' is accelerated. All
836 * accelerators are usually asynchronous and the function will return
837 * before the verification has been done. In this case the
838 * silc_pkcs_verify_async should be used.
841 SilcBool silc_pkcs_verify(SilcPublicKey public_key,
842 unsigned char *signature,
843 SilcUInt32 signature_len,
846 SilcBool compute_hash,
849 /****f* silccrypt/silc_pkcs_verify_async
853 * SilcAsyncOperation silc_pkcs_verify_async(SilcPublicKey public_key,
854 * unsigned char *signature,
855 * SilcUInt32 signature_len,
856 * unsigned char *data,
857 * SilcUInt32 data_len,
858 * SilcBool compute_hash,
860 * SilcPKCSVerifyCb verify_cb,
865 * Verifies signature. The `verify_cb' will be called to deliver the
866 * result of the verification process. The 'signature' is verified against
867 * the 'data'. If `compute_hash' hash is TRUE the `hash' will be used in
868 * verification. If `hash' is NULL, the hash algorithm to be used is
869 * retrieved from the signature. If it isn't present in the signature the
870 * default hash function is used. The `rng' is usually not needed and
871 * may be NULL. If this returns NULL the asynchronous operation cannot
875 SilcAsyncOperation silc_pkcs_verify_async(SilcPublicKey public_key,
876 unsigned char *signature,
877 SilcUInt32 signature_len,
880 SilcBool compute_hash,
882 SilcPKCSVerifyCb verify_cb,
885 /****f* silccrypt/silc_pkcs_public_key_get_pkcs
889 * void *silc_pkcs_public_key_get_pkcs(SilcPKCSType type,
890 * SilcPublicKey public_key);
894 * Returns the internal PKCS `type' specific public key context from the
895 * `public_key'. The caller needs to explicitly type cast it to correct
896 * type. Returns NULL on error.
898 * For SILC_PKCS_SILC the returned context is SilcSILCPublicKey.
899 * For SILC_PKCS_SSH2 the returned context is SilcSshPublicKey.
902 void *silc_pkcs_public_key_get_pkcs(SilcPKCSType type,
903 SilcPublicKey public_key);
905 /****f* silccrypt/silc_pkcs_private_key_get_pkcs
909 * void *silc_pkcs_private_key_get_pkcs(SilcPKCSType type,
910 * SilcPublicKey public_key);
914 * Returns the internal PKCS `type' specific private key context from the
915 * `private_key'. The caller needs to explicitly type cast it to correct
916 * type. Returns NULL on error.
918 * For SILC_PKCS_SILC the returned context is SilcSILCPrivateKey.
919 * For SILC_PKCS_SSH2 the returned context is SilcSshPrivateKey.
922 void *silc_pkcs_private_key_get_pkcs(SilcPKCSType type,
923 SilcPrivateKey private_key);
925 /****f* silccrypt/silc_pkcs_find_pkcs
929 * const SilcPKCSObject *silc_pkcs_get_pkcs(SilcPKCSType type);
933 * Finds PKCS context by the PKCS type.
936 const SilcPKCSObject *silc_pkcs_find_pkcs(SilcPKCSType type);
938 /****f* silccrypt/silc_pkcs_find_algorithm
942 * const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
943 * const char *scheme);
947 * Finds PKCS algorithm context by the algorithm name `algorithm' and
948 * the algorithm scheme `scheme'. The `scheme' may be NULL. Usually
949 * this function is not needed unless you need low level access to the
950 * algorithm implementations. Usually this is used when implementing
951 * support to new PKCS type.
954 const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
957 /****f* silccrypt/silc_pkcs_get_pkcs
961 * const SilcPKCSObject *silc_pkcs_get_pkcs(void *key);
965 * Returns the PKCS object from `key', which may be SilcPublicKey or
966 * SilcPrivateKey pointer.
969 const SilcPKCSObject *silc_pkcs_get_pkcs(void *key);
971 /****f* silccrypt/silc_pkcs_get_algorithm
975 * const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key);
979 * Returns the PKCS algorithm object from `key', which may be SilcPublicKey
980 * or SilcPrivateKey pointer.
983 const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key);
985 /****f* silccrypt/silc_pkcs_get_name
989 * const char *silc_pkcs_get_name(void *key);
993 * Returns PKCS algorithm name from the `key', which may be SilcPublicKey
994 * or SilcPrivateKey pointer.
997 const char *silc_pkcs_get_name(void *key);
999 /****f* silccrypt/silc_pkcs_get_type
1003 * SilcPKCSType silc_pkcs_get_type(void *key);
1007 * Returns PKCS type from the `key', which may be SilcPublicKey or
1008 * SilcPrivateKey pointer.
1011 SilcPKCSType silc_pkcs_get_type(void *key);
1013 /****f* silccrypt/silc_pkcs_get_supported
1017 * char *silc_pkcs_get_supported(void);
1021 * Returns comma separated list of supported PKCS algorithms.
1024 char *silc_pkcs_get_supported(void);
1026 /****f* silccrypt/silc_hash_public_key
1030 * SilcUInt32 silc_hash_public_key(void *key, void *user_context);
1034 * An utility function for hashing public key for SilcHashTable. Give
1035 * this as argument as the hash function for SilcHashTable.
1038 SilcUInt32 silc_hash_public_key(void *key, void *user_context);
1040 /****f* silccrypt/silc_hash_public_key_compare
1044 * SilcBool silc_hash_public_key_compare(void *key1, void *key2,
1045 * void *user_context);
1049 * An utility function for comparing public keys for SilcHashTable. Give
1050 * this as argument as the compare function for SilcHashTable.
1053 SilcBool silc_hash_public_key_compare(void *key1, void *key2,
1054 void *user_context);
1056 #endif /* !SILCPKCS_H */