X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilccrypt%2Fsilcpkcs.h;h=78812b0f870bd3fcbbb1571fd7be6659d1f28932;hb=9905799a86c606304fd7df2cd401de1740a272a1;hp=baaff0c68decd32b878637111e63cd3aa7a756f7;hpb=72cfa31520ebc0058763a30e21c13f6e9a964aa0;p=silc.git diff --git a/lib/silccrypt/silcpkcs.h b/lib/silccrypt/silcpkcs.h index baaff0c6..78812b0f 100644 --- a/lib/silccrypt/silcpkcs.h +++ b/lib/silccrypt/silcpkcs.h @@ -2,15 +2,14 @@ silcpkcs.h - Author: Pekka Riikonen + Author: Pekka Riikonen - Copyright (C) 1997 - 2001 Pekka Riikonen + Copyright (C) 1997 - 2007 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - + the Free Software Foundation; version 2 of the License. + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -18,222 +17,792 @@ */ +/****h* silccrypt/SILC PKCS Interface + * + * DESCRIPTION + * + * SILC PKCS API provides generic interface for performing various + * public key cryptography related operations with different types of + * public and private keys. Support for loading and saving of different + * types of public key and private keys are also provided. + * + ***/ + #ifndef SILCPKCS_H #define SILCPKCS_H -/* The default SILC PKCS (Public Key Cryptosystem) object to represent - any PKCS in SILC. */ -typedef struct SilcPKCSObjectStruct { - char *name; - void *data_context; - - int (*init)(void *, uint32, SilcRng); - void (*clear_keys)(void *); - unsigned char *(*get_public_key)(void *, uint32 *); - unsigned char *(*get_private_key)(void *, uint32 *); - int (*set_public_key)(void *, unsigned char *, uint32); - int (*set_private_key)(void *, unsigned char *, uint32); - uint32 (*context_len)(); - uint32 (*data_context_len)(); - int (*set_arg)(void *, void *, int, SilcInt); - int (*encrypt)(void *, unsigned char *, uint32, - unsigned char *, uint32 *); - int (*decrypt)(void *, unsigned char *, uint32, - unsigned char *, uint32 *); - int (*sign)(void *, unsigned char *, uint32, - unsigned char *, uint32 *); - int (*verify)(void *, unsigned char *, uint32, - unsigned char *, uint32); -} SilcPKCSObject; - -/* The main SILC PKCS structure. Use SilcPKCS instead of SilcPKCSStruct. - Also remember that SilcPKCS is a pointer. */ -typedef struct SilcPKCSStruct { - void *context; - SilcPKCSObject *pkcs; - uint32 key_len; - - uint32 (*get_key_len)(struct SilcPKCSStruct *); -} *SilcPKCS; - -/* List of all PKCS in SILC. */ -extern SilcPKCSObject silc_pkcs_list[]; - -/* SILC style public key object. Public key is read from file to this - object. Public keys received from network must be in this format as - well. */ +/* Forward declarations */ +typedef struct SilcPKCSObjectStruct SilcPKCSObject; + +/****d* silccrypt/SilcPKCSAPI/SilcPKCSType + * + * NAME + * + * typedef enum { ... } SilcPKCSType; + * + * DESCRIPTION + * + * Public key cryptosystem types. These are defined by the SILC + * Key Exchange protocol. + * + * SOURCE + */ +typedef enum { + SILC_PKCS_SILC = 1, /* SILC PKCS */ + SILC_PKCS_SSH2 = 2, /* SSH2 PKCS (not supported) */ + SILC_PKCS_X509V3 = 3, /* X.509v3 PKCS (not supported) */ + SILC_PKCS_OPENPGP = 4, /* OpenPGP PKCS (not supported) */ + SILC_PKCS_SPKI = 5, /* SPKI PKCS (not supported) */ +} SilcPKCSType; +/***/ + +/****s* silccrypt/SilcPKCSAPI/SilcPublicKey + * + * NAME + * + * typedef struct { ... } *SilcPublicKey; + * + * DESCRIPTION + * + * This context represents any kind of PKCS public key. It can be + * allocated by silc_pkcs_public_key_alloc and is freed by the + * silc_pkcs_public_key_free. The PKCS specific public key context + * can be retrieved by calling silc_pkcs_get_context. + * + * SOURCE + */ typedef struct { - uint32 len; - char *name; - char *identifier; - unsigned char *pk; - uint32 pk_len; + const SilcPKCSObject *pkcs; /* PKCS */ + void *public_key; /* PKCS specific public key */ } *SilcPublicKey; +/***/ -/* SILC style private key object. Private key is read from file to this - object. */ +/****s* silccrypt/SilcPKCSAPI/SilcPrivateKey + * + * NAME + * + * typedef struct { ... } *SilcPrivateKey; + * + * DESCRIPTION + * + * This context represents any kind of PKCS private key. + * + * SOURCE + */ typedef struct { - char *name; - unsigned char *prv; - uint32 prv_len; + const SilcPKCSObject *pkcs; /* PKCS */ + void *private_key; /* PKCS specific private key */ } *SilcPrivateKey; +/***/ -/* Public and private key file headers */ -#define SILC_PKCS_PUBLIC_KEYFILE_BEGIN "-----BEGIN SILC PUBLIC KEY-----\n" -#define SILC_PKCS_PUBLIC_KEYFILE_END "\n-----END SILC PUBLIC KEY-----\n" -#define SILC_PKCS_PRIVATE_KEYFILE_BEGIN "-----BEGIN SILC PRIVATE KEY-----\n" -#define SILC_PKCS_PRIVATE_KEYFILE_END "\n-----END SILC PRIVATE KEY-----\n" - -/* Public and private key file encoding types */ -#define SILC_PKCS_FILE_BIN 0 -#define SILC_PKCS_FILE_PEM 1 - -/* Macros */ - -/* Macros used to implement the SILC PKCS API */ - -/* XXX: This needs slight redesigning. These needs to be made even - more generic. I don't like that the actual prime generation is done - in PKCS_API_INIT. The primes used in key generation should be sent - as argument to the init function. By doing this we would achieve - that PKCS could be used as SIM's. The only requirement would be - that they are compiled against GMP (well, actually even that would - not be a requirement, but the most generic case anyway). The new init - would look something like this: - - #define SILC_PKCS_API_INIT(pkcs) \ - inline int silc_##pkcs##_init(void *context, uint32 keylen, \ - void *p1, void *p2) - - Now we wouldn't have to send the SilcRng object since the primes are - provided as arguments. To send them as void * they could actually be - used as in anyway for real (MP_INT (SilcInt) or even something else - (the pointer could be kludged to be something else in the module)) - (Plus, the SilcRng object management in prime generation would be - simpler and better what it is now (in silcprimegen.c, that is)). -*/ +/****d* silccrypt/SilcPKCSAPI/SilcPKCSFileEncoding + * + * NAME + * + * typedef enum { ... } SilcPKCSType + * + * DESCRIPTION + * + * Public and private key file encoding types. + * + * SOURCE + */ +typedef enum { + SILC_PKCS_FILE_BIN, /* Binary encoding */ + SILC_PKCS_FILE_BASE64 /* Base64 encoding */ +} SilcPKCSFileEncoding; +/***/ + +/* The PKCS Algorithm object to represent any PKCS algorithm. */ +typedef struct { + /* Algorithm name and scheme */ + char *name; + char *scheme; + + /* Supported hash functions, comma separated list */ + char *hash; + + /* Generate new key pair. Returns PKCS algorithm specific public key + and private key contexts. */ + SilcBool (*generate_key)(SilcUInt32 keylen, + SilcRng rng, + void **ret_public_key, + void **ret_private_key); + + /* Public key routines */ + SilcBool (*import_public_key)(unsigned char *key, + SilcUInt32 key_len, + void **ret_public_key); + unsigned char *(*export_public_key)(void *public_key, + SilcUInt32 *ret_len); + SilcUInt32 (*public_key_bitlen)(void *public_key); + void *(*public_key_copy)(void *public_key); + SilcBool (*public_key_compare)(void *key1, void *key2); + void (*public_key_free)(void *public_key); + + /* Private key routines */ + SilcBool (*import_private_key)(unsigned char *key, + SilcUInt32 key_len, + void **ret_private_key); + unsigned char *(*export_private_key)(void *private_key, + SilcUInt32 *ret_len); + SilcUInt32 (*private_key_bitlen)(void *public_key); + void (*private_key_free)(void *private_key); + + /* Encrypt and decrypt operations */ + SilcBool (*encrypt)(void *public_key, + unsigned char *src, + SilcUInt32 src_len, + unsigned char *dst, + SilcUInt32 dst_size, + SilcUInt32 *ret_dst_len, + SilcRng rng); + SilcBool (*decrypt)(void *private_key, + unsigned char *src, + SilcUInt32 src_len, + unsigned char *dst, + SilcUInt32 dst_size, + SilcUInt32 *ret_dst_len); + + /* Signature and verification operations */ + SilcBool (*sign)(void *private_key, + unsigned char *src, + SilcUInt32 src_len, + unsigned char *signature, + SilcUInt32 signature_size, + SilcUInt32 *ret_signature_len, + SilcHash hash); + SilcBool (*verify)(void *public_key, + unsigned char *signature, + SilcUInt32 signature_len, + unsigned char *data, + SilcUInt32 data_len, + SilcHash hash); +} SilcPKCSAlgorithm; + +/* The PKCS (Public Key Cryptosystem) object to represent any PKCS. */ +struct SilcPKCSObjectStruct { + /* PKCS type */ + SilcPKCSType type; + + /* Public key routines */ + + /* Returns PKCS algorithm context from public key */ + const SilcPKCSAlgorithm *(*get_algorithm)(void *public_key); + + /* Imports from public key file */ + SilcBool (*import_public_key_file)(unsigned char *filedata, + SilcUInt32 filedata_len, + SilcPKCSFileEncoding encoding, + void **ret_public_key); + + /* Imports from public key binary data */ + SilcBool (*import_public_key)(unsigned char *key, + SilcUInt32 key_len, + void **ret_public_key); + + /* Exports public key to file */ + unsigned char *(*export_public_key_file)(void *public_key, + SilcPKCSFileEncoding encoding, + SilcUInt32 *ret_len); + + /* Export public key as binary data */ + unsigned char *(*export_public_key)(void *public_key, + SilcUInt32 *ret_len); + + /* Returns key length in bits */ + SilcUInt32 (*public_key_bitlen)(void *public_key); + + /* Copy public key */ + void *(*public_key_copy)(void *public_key); + + /* Compares public keys */ + SilcBool (*public_key_compare)(void *key1, void *key2); + + /* Free public key */ + void (*public_key_free)(void *public_key); + + /* Private key routines */ + + /* Imports from private key file */ + SilcBool (*import_private_key_file)(unsigned char *filedata, + SilcUInt32 filedata_len, + const char *passphrase, + SilcUInt32 passphrase_len, + SilcPKCSFileEncoding encoding, + void **ret_private_key); + + /* Imports from private key binary data */ + SilcBool (*import_private_key)(unsigned char *key, + SilcUInt32 key_len, + void **ret_private_key); + + /* Exports private key to file */ + unsigned char *(*export_private_key_file)(void *private_key, + const char *passphrase, + SilcUInt32 passphrase_len, + SilcPKCSFileEncoding encoding, + SilcRng rng, + SilcUInt32 *ret_len); + + /* Export private key as binary data */ + unsigned char *(*export_private_key)(void *private_key, + SilcUInt32 *ret_len); + + /* Returns key length in bits */ + SilcUInt32 (*private_key_bitlen)(void *private_key); + + /* Free private key */ + void (*private_key_free)(void *private_key); -#define SILC_PKCS_API_INIT(pkcs) \ -int silc_##pkcs##_init(void *context, uint32 keylen, \ - SilcRng rng) -#define SILC_PKCS_API_CLEAR_KEYS(pkcs) \ -void silc_##pkcs##_clear_keys(void *context) -#define SILC_PKCS_API_GET_PUBLIC_KEY(pkcs) \ -unsigned char *silc_##pkcs##_get_public_key(void *context, \ - uint32 *ret_len) -#define SILC_PKCS_API_GET_PRIVATE_KEY(pkcs) \ -unsigned char *silc_##pkcs##_get_private_key(void *context, \ - uint32 *ret_len) -#define SILC_PKCS_API_SET_PUBLIC_KEY(pkcs) \ -int silc_##pkcs##_set_public_key(void *context, unsigned char *key_data, \ - uint32 key_len) -#define SILC_PKCS_API_SET_PRIVATE_KEY(pkcs) \ -int silc_##pkcs##_set_private_key(void *context, unsigned char *key_data, \ - uint32 key_len) -#define SILC_PKCS_API_CONTEXT_LEN(pkcs) \ -uint32 silc_##pkcs##_context_len() -#define SILC_PKCS_API_DATA_CONTEXT_LEN(pkcs) \ -uint32 silc_##pkcs##_data_context_len() -#define SILC_PKCS_API_SET_ARG(pkcs) \ -int silc_##pkcs##_set_arg(void *context, \ - void *data_context, \ - int argnum, \ - SilcInt val) -#define SILC_PKCS_API_ENCRYPT(pkcs) \ -int silc_##pkcs##_encrypt(void *context, \ - unsigned char *src, \ - uint32 src_len, \ - unsigned char *dst, \ - uint32 *dst_len) -#define SILC_PKCS_API_DECRYPT(pkcs) \ -int silc_##pkcs##_decrypt(void *context, \ - unsigned char *src, \ - uint32 src_len, \ - unsigned char *dst, \ - uint32 *dst_len) -#define SILC_PKCS_API_SIGN(pkcs) \ -int silc_##pkcs##_sign(void *context, \ - unsigned char *src, \ - uint32 src_len, \ - unsigned char *dst, \ - uint32 *dst_len) -#define SILC_PKCS_API_VERIFY(pkcs) \ -int silc_##pkcs##_verify(void *context, \ - unsigned char *signature, \ - uint32 signature_len, \ - unsigned char *data, \ - uint32 data_len) + /* Encrypt and decrypt operations */ + SilcBool (*encrypt)(void *public_key, + unsigned char *src, + SilcUInt32 src_len, + unsigned char *dst, + SilcUInt32 dst_size, + SilcUInt32 *ret_dst_len, + SilcRng rng); + SilcBool (*decrypt)(void *private_key, + unsigned char *src, + SilcUInt32 src_len, + unsigned char *dst, + SilcUInt32 dst_size, + SilcUInt32 *ret_dst_len); + + /* Signature and verification operations */ + SilcBool (*sign)(void *private_key, + unsigned char *src, + SilcUInt32 src_len, + unsigned char *signature, + SilcUInt32 signature_size, + SilcUInt32 *ret_signature_len, + SilcHash hash); + SilcBool (*verify)(void *public_key, + unsigned char *signature, + SilcUInt32 signature_len, + unsigned char *data, + SilcUInt32 data_len, + SilcHash hash); +}; + +/* Marks for all PKCS in silc. This can be used in silc_pkcs_unregister + to unregister all PKCS at once. */ +#define SILC_ALL_PKCS ((SilcPKCSObject *)1) +#define SILC_ALL_PKCS_ALG ((SilcPKCSAlgorithm *)1) + +/* Static lists of PKCS and PKCS algorithms. */ +extern DLLAPI const SilcPKCSObject silc_default_pkcs[]; +extern DLLAPI const SilcPKCSAlgorithm silc_default_pkcs_alg[]; /* Prototypes */ -int silc_pkcs_alloc(const unsigned char *name, SilcPKCS *new_pkcs); -void silc_pkcs_free(SilcPKCS pkcs); -int silc_pkcs_is_supported(const unsigned char *name); -char *silc_pkcs_get_supported(); -uint32 silc_pkcs_get_key_len(SilcPKCS self); -unsigned char *silc_pkcs_get_public_key(SilcPKCS pkcs, uint32 *len); -unsigned char *silc_pkcs_get_private_key(SilcPKCS pkcs, uint32 *len); -int silc_pkcs_public_key_set(SilcPKCS pkcs, SilcPublicKey public_key); -int silc_pkcs_public_key_data_set(SilcPKCS pkcs, unsigned char *pk, - uint32 pk_len); -int silc_pkcs_private_key_set(SilcPKCS pkcs, SilcPrivateKey private_key); -int silc_pkcs_private_key_data_set(SilcPKCS pkcs, unsigned char *prv, - uint32 prv_len); -int silc_pkcs_encrypt(SilcPKCS pkcs, unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len); -int silc_pkcs_decrypt(SilcPKCS pkcs, unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len); -int silc_pkcs_sign(SilcPKCS pkcs, unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len); -int silc_pkcs_verify(SilcPKCS pkcs, unsigned char *signature, - uint32 signature_len, unsigned char *data, - uint32 data_len); -int silc_pkcs_sign_with_hash(SilcPKCS pkcs, SilcHash hash, - unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len); -int silc_pkcs_verify_with_hash(SilcPKCS pkcs, SilcHash hash, - unsigned char *signature, - uint32 signature_len, - unsigned char *data, - uint32 data_len); -char *silc_pkcs_encode_identifier(char *username, char *host, char *realname, - char *email, char *org, char *country); -SilcPublicKey silc_pkcs_public_key_alloc(char *name, char *identifier, - unsigned char *pk, - uint32 pk_len); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_register + * + * SYNOPSIS + * + * SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs); + * + * DESCRIPTION + * + * Registers a new PKCS into the SILC. This function is used + * at the initialization of the SILC. All registered PKCSs + * should be unregistered with silc_pkcs_unregister. The `pkcs' includes + * the name of the PKCS and member functions for the algorithm. Usually + * this function is not called directly. Instead, application can call + * the silc_pkcs_register_default to register all PKCSs that are + * builtin the sources. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister + * + * SYNOPSIS + * + * SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs); + * + * DESCRIPTION + * + * Unregister a PKCS from the SILC. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_register + * + * SYNOPSIS + * + * SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs); + * + * DESCRIPTION + * + * Registers a new PKCS Algorithm into the SILC. This function is used + * at the initialization of the SILC. All registered PKCS algorithms + * should be unregistered with silc_pkcs_unregister. + * + ***/ +SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_unregister + * + * SYNOPSIS + * + * SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs); + * + * DESCRIPTION + * + * Unregister a PKCS from the SILC. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_register_default + * + * SYNOPSIS + * + * SilcBool silc_pkcs_register_default(void); + * + * DESCRIPTION + * + * Registers all the default PKCS (all builtin PKCS) and PKCS algorithms. + * The application may use this to register the default PKCS if specific + * PKCS in any specific order is not wanted. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_register_default(void); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister_all + * + * SYNOPSIS + * + * SilcBool silc_pkcs_unregister_all(void); + * + * DESCRIPTION + * + * Unregister all PKCS and PKCS algorithms. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_unregister_all(void); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_supported + * + * SYNOPSIS + * + * char *silc_pkcs_get_supported(void); + * + * DESCRIPTION + * + * Returns comma separated list of supported PKCS algorithms. + * + ***/ +char *silc_pkcs_get_supported(void); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_pkcs + * + * SYNOPSIS + * + * const SilcPKCSObject *silc_pkcs_get_pkcs(SilcPKCSType type); + * + * DESCRIPTION + * + * Finds PKCS context by the PKCS type. + * + ***/ +const SilcPKCSObject *silc_pkcs_find_pkcs(SilcPKCSType type); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_algorithm + * + * SYNOPSIS + * + * const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm, + * const char *scheme); + * + * DESCRIPTION + * + * Finds PKCS algorithm context by the algorithm name `algorithm' and + * the algorithm scheme `scheme'. The `scheme' may be NULL. + * + ***/ +const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm, + const char *scheme); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_pkcs + * + * SYNOPSIS + * + * const SilcPKCSObject *silc_pkcs_get_pkcs(void *key); + * + * DESCRIPTION + * + * Returns the PKCS object from `key', which may be SilcPublicKey or + * SilcPrivateKey pointer. + * + ***/ +const SilcPKCSObject *silc_pkcs_get_pkcs(void *key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_algorithm + * + * SYNOPSIS + * + * const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key); + * + * DESCRIPTION + * + * Returns the PKCS algorithm object from `key', which may be SilcPublicKey + * or SilcPrivateKey pointer. + * + ***/ +const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_name + * + * SYNOPSIS + * + * const char *silc_pkcs_get_name(void *key); + * + * DESCRIPTION + * + * Returns PKCS algorithm name from the `key', which may be SilcPublicKey + * or SilcPrivateKey pointer. + * + ***/ +const char *silc_pkcs_get_name(void *key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_type + * + * SYNOPSIS + * + * SilcPKCSType silc_pkcs_get_type(void *key); + * + * DESCRIPTION + * + * Returns PKCS type from the `key', which may be SilcPublicKey or + * SilcPrivateKey pointer. + * + ***/ +SilcPKCSType silc_pkcs_get_type(void *key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_context + * + * SYNOPSIS + * + * void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key); + * + * DESCRIPTION + * + * Returns the internal PKCS `type' specific public key context from the + * `public_key'. The caller needs to explicitly type cast it to correct + * type. Returns NULL on error. + * + * For SILC_PKCS_SILC the returned context is SilcSILCPublicKey. + * + ***/ +void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_alloc + * + * SYNOPSIS + * + * SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type, + * unsigned char *key, + * SilcUInt32 key_len + * SilcPublicKey *ret_public_key); + * + * DESCRIPTION + * + * Allocates SilcPublicKey of the type of `type' from the key data + * `key' of length of `key_len' bytes. Returns FALSE if the `key' + * is malformed or unsupported public key type. This function can be + * used to create public key from any kind of PKCS public keys that + * the implementation supports. + * + ***/ +SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type, + unsigned char *key, + SilcUInt32 key_len, + SilcPublicKey *ret_public_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_free + * + * SYNOPSIS + * + * void silc_pkcs_public_key_free(SilcPublicKey public_key); + * + * DESCRIPTION + * + * Frees the public key. + * + ***/ void silc_pkcs_public_key_free(SilcPublicKey public_key); -SilcPrivateKey silc_pkcs_private_key_alloc(char *name, unsigned char *prv, - uint32 prv_len); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_export + * + * SYNOPSIS + * + * unsigned char *silc_pkcs_public_key_encode(SilcPublicKey public_key, + * SilcUInt32 *ret_len); + * + * DESCRIPTION + * + * Encodes the `public_key' into a binary format and returns it. Returns + * NULL on error. Caller must free the returned buffer. + * + ***/ +unsigned char *silc_pkcs_public_key_encode(SilcPublicKey public_key, + SilcUInt32 *ret_len); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_get_len + * + * SYNOPSIS + * + * SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key); + * + * DESCRIPTION + * + * Returns the key length in bits from the public key. + * + ***/ +SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_compare + * + * SYNOPSIS + * + * SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, + * SilcPublicKey key2); + * + * DESCRIPTION + * + * Compares two public keys and returns TRUE if they are same key, and + * FALSE if they are not same. + * + ***/ +SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_copy + * + * SYNOPSIS + * + * SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key); + * + * DESCRIPTION + * + * Copies the public key indicated by `public_key' and returns new + * allocated public key which is indentical to the `public_key'. + * + ***/ +SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_alloc + * + * SYNOPSIS + * + * SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type, + * unsigned char *key, + * SilcUInt32 key_len, + * SilcPrivateKey *ret_private_key); + * + * DESCRIPTION + * + * Allocates SilcPrivateKey of the type of `type' from the key data + * `key' of length of `key_len' bytes. Returns FALSE if the `key' + * is malformed or unsupported private key type. + * + ***/ +SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type, + unsigned char *key, + SilcUInt32 key_len, + SilcPrivateKey *ret_private_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_get_len + * + * SYNOPSIS + * + * SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key); + * + * DESCRIPTION + * + * Returns the key length in bits from the private key. + * + ***/ +SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_free + * + * SYNOPSIS + * + * void silc_pkcs_private_key_free(SilcPrivateKey private_key; + * + * DESCRIPTION + * + * Frees the private key. + * + ***/ void silc_pkcs_private_key_free(SilcPrivateKey private_key); -unsigned char * -silc_pkcs_public_key_encode(SilcPublicKey public_key, uint32 *len); -unsigned char * -silc_pkcs_public_key_data_encode(unsigned char *pk, uint32 pk_len, - char *pkcs, char *identifier, - uint32 *len); -int silc_pkcs_public_key_decode(unsigned char *data, uint32 data_len, - SilcPublicKey *public_key); -unsigned char * -silc_pkcs_private_key_encode(SilcPrivateKey private_key, uint32 *len); -unsigned char * -silc_pkcs_private_key_data_encode(unsigned char *prv, uint32 prv_len, - char *pkcs, uint32 *len); -int silc_pkcs_private_key_decode(unsigned char *data, uint32 data_len, - SilcPrivateKey *private_key); -int silc_pkcs_save_public_key(char *filename, SilcPublicKey public_key, - uint32 encoding); -int silc_pkcs_save_public_key_data(char *filename, unsigned char *data, - uint32 data_len, - uint32 encoding); -int silc_pkcs_save_private_key(char *filename, SilcPrivateKey private_key, - unsigned char *passphrase, - uint32 encoding); -int silc_pkcs_save_private_key_data(char *filename, unsigned char *data, - uint32 data_len, - unsigned char *passphrase, - uint32 encoding); -int silc_pkcs_load_public_key(char *filename, SilcPublicKey *public_key, - uint32 encoding); -int silc_pkcs_load_private_key(char *filename, SilcPrivateKey *private_key, - uint32 encoding); - -#endif + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_encrypt + * + * SYNOPSIS + * + * SilcBool silc_pkcs_encrypt(SilcPublicKey public_key, + * unsigned char *src, SilcUInt32 src_len, + * unsigned char *dst, SilcUInt32 dst_size, + * SilcUInt32 *dst_len); + * + * DESCRIPTION + * + * Encrypts with the public key. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_encrypt(SilcPublicKey public_key, + unsigned char *src, SilcUInt32 src_len, + unsigned char *dst, SilcUInt32 dst_size, + SilcUInt32 *dst_len, SilcRng rng); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_decrypt + * + * SYNOPSIS + * + * SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key, + * unsigned char *src, SilcUInt32 src_len, + * unsigned char *dst, SilcUInt32 dst_size, + * SilcUInt32 *dst_len); + * + * DESCRIPTION + * + * Decrypts with the private key. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key, + unsigned char *src, SilcUInt32 src_len, + unsigned char *dst, SilcUInt32 dst_size, + SilcUInt32 *dst_len); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_sign + * + * SYNOPSIS + * + * SilcBool silc_pkcs_sign(SilcPrivateKey private_key, + * unsigned char *src, SilcUInt32 src_len, + * unsigned char *dst, SilcUInt32 dst_size, + * SilcUInt32 *dst_len, SilcHash hash); + * + * DESCRIPTION + * + * Generates signature with the private key. Returns FALSE on error. + * If `hash' is non-NULL the `src' will be hashed before signing. + * + ***/ +SilcBool silc_pkcs_sign(SilcPrivateKey private_key, + unsigned char *src, SilcUInt32 src_len, + unsigned char *dst, SilcUInt32 dst_size, + SilcUInt32 *dst_len, SilcHash hash); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_verify + * + * SYNOPSIS + * + * SilcBool silc_pkcs_verify(SilcPublicKey public_key, + * unsigned char *signature, + * SilcUInt32 signature_len, + * unsigned char *data, + * SilcUInt32 data_len, SilcHash hash); + * + * DESCRIPTION + * + * Verifies signature. Returns FALSE on error. The 'signature' is + * verified against the 'data'. If the `hash' is non-NULL then the `data' + * will hashed before verification. If the `hash' is NULL, then the + * hash algorithm to be used is retrieved from the signature. If it + * isn't present in the signature the verification is done as is without + * hashing. + * + ***/ +SilcBool silc_pkcs_verify(SilcPublicKey public_key, + unsigned char *signature, + SilcUInt32 signature_len, + unsigned char *data, + SilcUInt32 data_len, SilcHash hash); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_public_key + * + * SYNOPSIS + * + * SilcBool silc_pkcs_load_public_key(const char *filename, + * SilcPublicKey *ret_public_key); + * + * DESCRIPTION + * + * Loads public key from file and allocates new public key. Returns TRUE + * if loading was successful. + * + ***/ +SilcBool silc_pkcs_load_public_key(const char *filename, + SilcPublicKey *ret_public_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_public_key + * + * SYNOPSIS + * + * SilcBool silc_pkcs_save_public_key(const char *filename, + * SilcPublicKey public_key, + * SilcPKCSFileEncoding encoding); + * + * DESCRIPTION + * + * Saves public key into file with specified encoding. Returns FALSE + * on error. + * + ***/ +SilcBool silc_pkcs_save_public_key(const char *filename, + SilcPublicKey public_key, + SilcPKCSFileEncoding encoding); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_private_key + * + * SYNOPSIS + * + * SilcBool silc_pkcs_load_private_key(const char *filename, + * const unsigned char *passphrase, + * SilcUInt32 passphrase_len, + * SilcPrivateKey *ret_private_key); + * + * DESCRIPTION + * + * Loads private key from file and allocates new private key. Returns TRUE + * if loading was successful. The `passphrase' is used as decryption + * key of the private key file, in case it is encrypted. + * + ***/ +SilcBool silc_pkcs_load_private_key(const char *filename, + const unsigned char *passphrase, + SilcUInt32 passphrase_len, + SilcPrivateKey *ret_private_key); + +/****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_private_key + * + * SYNOPSIS + * + * SilcBool silc_pkcs_save_private_key(const char *filename, + * SilcPrivateKey private_key, + * const unsigned char *passphrase, + * SilcUInt32 passphrase_len, + * SilcPKCSFileEncoding encoding, + * SilcRng rng); + * + * DESCRIPTION + * + * Saves private key into file. The private key is encrypted into + * the file with the `passphrase' as a key, if PKCS supports encrypted + * private keys. Returns FALSE on error. + * + ***/ +SilcBool silc_pkcs_save_private_key(const char *filename, + SilcPrivateKey private_key, + const unsigned char *passphrase, + SilcUInt32 passphrase_len, + SilcPKCSFileEncoding encoding, + SilcRng rng); + +#endif /* !SILCPKCS_H */