lib/silccrypt/silcpkcs.h

   1 /*
   2
   3   silcpkcs.h
   4
   5   Author: Pekka Riikonen <priikone@silcnet.org>
   6
   7   Copyright (C) 1997 - 2007 Pekka Riikonen
   8
   9   This program is free software; you can redistribute it and/or modify
  10   it under the terms of the GNU General Public License as published by
  11   the Free Software Foundation; version 2 of the License.
  12
  13   This program is distributed in the hope that it will be useful,
  14   but WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16   GNU General Public License for more details.
  17
  18 */
  19
  20 /****h* silccrypt/SILC PKCS Interface
  21  *
  22  * DESCRIPTION
  23  *
  24  * SILC PKCS API provides generic interface for performing various
  25  * public key cryptography related operations with different types of
  26  * public and private keys.  Support for loading and saving of different
  27  * types of public key and private keys are also provided.
  28  *
  29  ***/
  30
  31 #ifndef SILCPKCS_H
  32 #define SILCPKCS_H
  33
  34 /* Forward declarations */
  35 typedef struct SilcPKCSObjectStruct SilcPKCSObject;
  36
  37 /****d* silccrypt/SilcPKCSAPI/SilcPKCSType
  38  *
  39  * NAME
  40  *
  41  *    typedef enum { ... } SilcPKCSType;
  42  *
  43  * DESCRIPTION
  44  *
  45  *    Supported public key cryptosystem types.
  46  *
  47  * SOURCE
  48  */
  49 typedef enum {
  50   SILC_PKCS_SILC    = 1,        /* SILC PKCS */
  51   SILC_PKCS_SSH2    = 2,        /* SSH2 PKCS (not supported) */
  52   SILC_PKCS_X509V3  = 3,        /* X.509v3 PKCS (not supported) */
  53   SILC_PKCS_OPENPGP = 4,        /* OpenPGP PKCS (not supported) */
  54   SILC_PKCS_SPKI    = 5,        /* SPKI PKCS (not supported) */
  55 } SilcPKCSType;
  56 /***/
  57
  58 /****s* silccrypt/SilcPKCSAPI/SilcPublicKey
  59  *
  60  * NAME
  61  *
  62  *    typedef struct { ... } *SilcPublicKey;
  63  *
  64  * DESCRIPTION
  65  *
  66  *    This context represents any kind of PKCS public key.  It can be
  67  *    allocated by silc_pkcs_public_key_alloc and is freed by the
  68  *    silc_pkcs_public_key_free.  The PKCS specific public key context
  69  *    can be retrieved by calling silc_pkcs_get_context.
  70  *
  71  * SOURCE
  72  */
  73 typedef struct SilcPublicKeyStruct {
  74   const SilcPKCSObject *pkcs;   /* PKCS */
  75   void *public_key;             /* PKCS specific public key */
  76 } *SilcPublicKey;
  77 /***/
  78
  79 /****s* silccrypt/SilcPKCSAPI/SilcPrivateKey
  80  *
  81  * NAME
  82  *
  83  *    typedef struct { ... } *SilcPrivateKey;
  84  *
  85  * DESCRIPTION
  86  *
  87  *    This context represents any kind of PKCS private key.
  88  *
  89  * SOURCE
  90  */
  91 typedef struct SilcPrivateKeyStruct {
  92   const SilcPKCSObject *pkcs;   /* PKCS */
  93   void *private_key;            /* PKCS specific private key */
  94 } *SilcPrivateKey;
  95 /***/
  96
  97 /****d* silccrypt/SilcPKCSAPI/SilcPKCSFileEncoding
  98  *
  99  * NAME
 100  *
 101  *    typedef enum { ... } SilcPKCSType
 102  *
 103  * DESCRIPTION
 104  *
 105  *    Public and private key file encoding types.
 106  *
 107  * SOURCE
 108  */
 109 typedef enum {
 110   SILC_PKCS_FILE_BIN,           /* Binary encoding */
 111   SILC_PKCS_FILE_BASE64         /* Base64 encoding */
 112 } SilcPKCSFileEncoding;
 113 /***/
 114
 115 /* The PKCS Algorithm object to represent any PKCS algorithm. */
 116 typedef struct {
 117   /* Algorithm name and scheme */
 118   char *name;
 119   char *scheme;
 120
 121   /* Supported hash functions, comma separated list */
 122   char *hash;
 123
 124   /* Generate new key pair. Returns PKCS algorithm specific public key
 125      and private key contexts. */
 126   SilcBool (*generate_key)(SilcUInt32 keylen,
 127                            SilcRng rng,
 128                            void **ret_public_key,
 129                            void **ret_private_key);
 130
 131   /* Public key routines. */
 132   int (*import_public_key)(unsigned char *key,
 133                            SilcUInt32 key_len,
 134                            void **ret_public_key);
 135   unsigned char *(*export_public_key)(void *public_key,
 136                                       SilcUInt32 *ret_len);
 137   SilcUInt32 (*public_key_bitlen)(void *public_key);
 138   void *(*public_key_copy)(void *public_key);
 139   SilcBool (*public_key_compare)(void *key1, void *key2);
 140   void (*public_key_free)(void *public_key);
 141
 142   /* Private key routines */
 143   int (*import_private_key)(unsigned char *key,
 144                             SilcUInt32 key_len,
 145                             void **ret_private_key);
 146   unsigned char *(*export_private_key)(void *private_key,
 147                                        SilcUInt32 *ret_len);
 148   SilcUInt32 (*private_key_bitlen)(void *public_key);
 149   void (*private_key_free)(void *private_key);
 150
 151   /* Encrypt and decrypt operations */
 152   SilcBool (*encrypt)(void *public_key,
 153                       unsigned char *src,
 154                       SilcUInt32 src_len,
 155                       unsigned char *dst,
 156                       SilcUInt32 dst_size,
 157                       SilcUInt32 *ret_dst_len,
 158                       SilcRng rng);
 159   SilcBool (*decrypt)(void *private_key,
 160                       unsigned char *src,
 161                       SilcUInt32 src_len,
 162                       unsigned char *dst,
 163                       SilcUInt32 dst_size,
 164                       SilcUInt32 *ret_dst_len);
 165
 166   /* Signature and verification operations */
 167   SilcBool (*sign)(void *private_key,
 168                    unsigned char *src,
 169                    SilcUInt32 src_len,
 170                    unsigned char *signature,
 171                    SilcUInt32 signature_size,
 172                    SilcUInt32 *ret_signature_len,
 173                    SilcBool compute_hash,
 174                    SilcHash hash);
 175   SilcBool (*verify)(void *public_key,
 176                      unsigned char *signature,
 177                      SilcUInt32 signature_len,
 178                      unsigned char *data,
 179                      SilcUInt32 data_len,
 180                      SilcHash hash);
 181 } SilcPKCSAlgorithm;
 182
 183 /* The PKCS (Public Key Cryptosystem) object to represent any PKCS. */
 184 struct SilcPKCSObjectStruct {
 185   /* PKCS type */
 186   SilcPKCSType type;
 187
 188   /* Public key routines */
 189
 190   /* Returns PKCS algorithm context from public key */
 191   const SilcPKCSAlgorithm *(*get_algorithm)(void *public_key);
 192
 193   /* Imports from public key file */
 194   SilcBool (*import_public_key_file)(unsigned char *filedata,
 195                                      SilcUInt32 filedata_len,
 196                                      SilcPKCSFileEncoding encoding,
 197                                      void **ret_public_key);
 198
 199   /* Imports from public key binary data.  Returns the amount of bytes
 200      imported from `key' or 0 on error. */
 201   int (*import_public_key)(unsigned char *key,
 202                            SilcUInt32 key_len,
 203                            void **ret_public_key);
 204
 205   /* Exports public key to file */
 206   unsigned char *(*export_public_key_file)(void *public_key,
 207                                            SilcPKCSFileEncoding encoding,
 208                                            SilcUInt32 *ret_len);
 209
 210   /* Export public key as binary data */
 211   unsigned char *(*export_public_key)(void *public_key,
 212                                       SilcUInt32 *ret_len);
 213
 214   /* Returns key length in bits */
 215   SilcUInt32 (*public_key_bitlen)(void *public_key);
 216
 217   /* Copy public key */
 218   void *(*public_key_copy)(void *public_key);
 219
 220   /* Compares public keys */
 221   SilcBool (*public_key_compare)(void *key1, void *key2);
 222
 223   /* Free public key */
 224   void (*public_key_free)(void *public_key);
 225
 226   /* Private key routines */
 227
 228   /* Imports from private key file */
 229   SilcBool (*import_private_key_file)(unsigned char *filedata,
 230                                       SilcUInt32 filedata_len,
 231                                       const char *passphrase,
 232                                       SilcUInt32 passphrase_len,
 233                                       SilcPKCSFileEncoding encoding,
 234                                       void **ret_private_key);
 235
 236   /* Imports from private key binary data.  Returns the amount of bytes
 237      imported from `key' or 0 on error. */
 238   int (*import_private_key)(unsigned char *key,
 239                             SilcUInt32 key_len,
 240                             void **ret_private_key);
 241
 242   /* Exports private key to file */
 243   unsigned char *(*export_private_key_file)(void *private_key,
 244                                             const char *passphrase,
 245                                             SilcUInt32 passphrase_len,
 246                                             SilcPKCSFileEncoding encoding,
 247                                             SilcRng rng,
 248                                             SilcUInt32 *ret_len);
 249
 250   /* Export private key as binary data */
 251   unsigned char *(*export_private_key)(void *private_key,
 252                                        SilcUInt32 *ret_len);
 253
 254   /* Returns key length in bits */
 255   SilcUInt32 (*private_key_bitlen)(void *private_key);
 256
 257   /* Free private key */
 258   void (*private_key_free)(void *private_key);
 259
 260   /* Encrypt and decrypt operations */
 261   SilcBool (*encrypt)(void *public_key,
 262                       unsigned char *src,
 263                       SilcUInt32 src_len,
 264                       unsigned char *dst,
 265                       SilcUInt32 dst_size,
 266                       SilcUInt32 *ret_dst_len,
 267                       SilcRng rng);
 268   SilcBool (*decrypt)(void *private_key,
 269                       unsigned char *src,
 270                       SilcUInt32 src_len,
 271                       unsigned char *dst,
 272                       SilcUInt32 dst_size,
 273                       SilcUInt32 *ret_dst_len);
 274
 275   /* Signature and verification operations */
 276   SilcBool (*sign)(void *private_key,
 277                    unsigned char *src,
 278                    SilcUInt32 src_len,
 279                    unsigned char *signature,
 280                    SilcUInt32 signature_size,
 281                    SilcUInt32 *ret_signature_len,
 282                    SilcBool compute_hash,
 283                    SilcHash hash);
 284   SilcBool (*verify)(void *public_key,
 285                      unsigned char *signature,
 286                      SilcUInt32 signature_len,
 287                      unsigned char *data,
 288                      SilcUInt32 data_len,
 289                      SilcHash hash);
 290 };
 291
 292 /* Marks for all PKCS in. This can be used in silc_pkcs_unregister to
 293    unregister all PKCS at once. */
 294 #define SILC_ALL_PKCS ((SilcPKCSObject *)1)
 295 #define SILC_ALL_PKCS_ALG ((SilcPKCSAlgorithm *)1)
 296
 297 /* Static lists of PKCS and PKCS algorithms. */
 298 extern DLLAPI const SilcPKCSObject silc_default_pkcs[];
 299 extern DLLAPI const SilcPKCSAlgorithm silc_default_pkcs_alg[];
 300
 301 /* Prototypes */
 302
 303 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_register
 304  *
 305  * SYNOPSIS
 306  *
 307  *    SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
 308  *
 309  * DESCRIPTION
 310  *
 311  *    Registers a new PKCS into the SILC.  This function is used
 312  *    at the initialization of the SILC.  All registered PKCSs
 313  *    should be unregistered with silc_pkcs_unregister.  The `pkcs' includes
 314  *    the name of the PKCS and member functions for the algorithm.  Usually
 315  *    this function is not called directly.  Instead, application can call
 316  *    the silc_pkcs_register_default to register all PKCSs that are
 317  *    builtin the sources.  Returns FALSE on error.
 318  *
 319  ***/
 320 SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
 321
 322 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister
 323  *
 324  * SYNOPSIS
 325  *
 326  *    SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
 327  *
 328  * DESCRIPTION
 329  *
 330  *    Unregister a PKCS from the SILC. Returns FALSE on error.
 331  *
 332  ***/
 333 SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
 334
 335 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_register
 336  *
 337  * SYNOPSIS
 338  *
 339  *    SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
 340  *
 341  * DESCRIPTION
 342  *
 343  *    Registers a new PKCS Algorithm into the SILC.  This function is used
 344  *    at the initialization of the SILC.  All registered PKCS algorithms
 345  *    should be unregistered with silc_pkcs_unregister.
 346  *
 347  ***/
 348 SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
 349
 350 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_unregister
 351  *
 352  * SYNOPSIS
 353  *
 354  *    SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
 355  *
 356  * DESCRIPTION
 357  *
 358  *    Unregister a PKCS from the SILC. Returns FALSE on error.
 359  *
 360  ***/
 361 SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
 362
 363 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_register_default
 364  *
 365  * SYNOPSIS
 366  *
 367  *    SilcBool silc_pkcs_register_default(void);
 368  *
 369  * DESCRIPTION
 370  *
 371  *    Registers all the default PKCS (all builtin PKCS) and PKCS algorithms.
 372  *    The application may use this to register the default PKCS if specific
 373  *    PKCS in any specific order is not wanted.  Returns FALSE on error.
 374  *
 375  ***/
 376 SilcBool silc_pkcs_register_default(void);
 377
 378 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister_all
 379  *
 380  * SYNOPSIS
 381  *
 382  *    SilcBool silc_pkcs_unregister_all(void);
 383  *
 384  * DESCRIPTION
 385  *
 386  *    Unregister all PKCS and PKCS algorithms. Returns FALSE on error.
 387  *
 388  ***/
 389 SilcBool silc_pkcs_unregister_all(void);
 390
 391 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_supported
 392  *
 393  * SYNOPSIS
 394  *
 395  *    char *silc_pkcs_get_supported(void);
 396  *
 397  * DESCRIPTION
 398  *
 399  *    Returns comma separated list of supported PKCS algorithms.
 400  *
 401  ***/
 402 char *silc_pkcs_get_supported(void);
 403
 404 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_pkcs
 405  *
 406  * SYNOPSIS
 407  *
 408  *    const SilcPKCSObject *silc_pkcs_get_pkcs(SilcPKCSType type);
 409  *
 410  * DESCRIPTION
 411  *
 412  *    Finds PKCS context by the PKCS type.
 413  *
 414  ***/
 415 const SilcPKCSObject *silc_pkcs_find_pkcs(SilcPKCSType type);
 416
 417 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_algorithm
 418  *
 419  * SYNOPSIS
 420  *
 421  *    const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
 422  *                                                      const char *scheme);
 423  *
 424  * DESCRIPTION
 425  *
 426  *    Finds PKCS algorithm context by the algorithm name `algorithm' and
 427  *    the algorithm scheme `scheme'.  The `scheme' may be NULL.
 428  *
 429  ***/
 430 const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
 431                                                   const char *scheme);
 432
 433 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_pkcs
 434  *
 435  * SYNOPSIS
 436  *
 437  *    const SilcPKCSObject *silc_pkcs_get_pkcs(void *key);
 438  *
 439  * DESCRIPTION
 440  *
 441  *    Returns the PKCS object from `key', which may be SilcPublicKey or
 442  *    SilcPrivateKey pointer.
 443  *
 444  ***/
 445 const SilcPKCSObject *silc_pkcs_get_pkcs(void *key);
 446
 447 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_algorithm
 448  *
 449  * SYNOPSIS
 450  *
 451  *    const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key);
 452  *
 453  * DESCRIPTION
 454  *
 455  *    Returns the PKCS algorithm object from `key', which may be SilcPublicKey
 456  *    or SilcPrivateKey pointer.
 457  *
 458  ***/
 459 const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key);
 460
 461 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_name
 462  *
 463  * SYNOPSIS
 464  *
 465  *    const char *silc_pkcs_get_name(void *key);
 466  *
 467  * DESCRIPTION
 468  *
 469  *    Returns PKCS algorithm name from the `key', which may be SilcPublicKey
 470  *    or SilcPrivateKey pointer.
 471  *
 472  ***/
 473 const char *silc_pkcs_get_name(void *key);
 474
 475 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_type
 476  *
 477  * SYNOPSIS
 478  *
 479  *    SilcPKCSType silc_pkcs_get_type(void *key);
 480  *
 481  * DESCRIPTION
 482  *
 483  *    Returns PKCS type from the `key', which may be SilcPublicKey or
 484  *    SilcPrivateKey pointer.
 485  *
 486  ***/
 487 SilcPKCSType silc_pkcs_get_type(void *key);
 488
 489 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_context
 490  *
 491  * SYNOPSIS
 492  *
 493  *    void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key);
 494  *
 495  * DESCRIPTION
 496  *
 497  *    Returns the internal PKCS `type' specific public key context from the
 498  *    `public_key'.  The caller needs to explicitly type cast it to correct
 499  *    type.  Returns NULL on error.
 500  *
 501  *    For SILC_PKCS_SILC the returned context is SilcSILCPublicKey.
 502  *
 503  ***/
 504 void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key);
 505
 506 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_alloc
 507  *
 508  * SYNOPSIS
 509  *
 510  *    SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
 511  *                                        unsigned char *key,
 512  *                                        SilcUInt32 key_len
 513  *                                        SilcPublicKey *ret_public_key);
 514  *
 515  * DESCRIPTION
 516  *
 517  *    Allocates SilcPublicKey of the type of `type' from the key data
 518  *    `key' of length of `key_len' bytes.  Returns FALSE if the `key'
 519  *    is malformed or unsupported public key type.  This function can be
 520  *    used to create public key from any kind of PKCS public keys that
 521  *    the implementation supports.
 522  *
 523  ***/
 524 SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
 525                                     unsigned char *key,
 526                                     SilcUInt32 key_len,
 527                                     SilcPublicKey *ret_public_key);
 528
 529 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_free
 530  *
 531  * SYNOPSIS
 532  *
 533  *    void silc_pkcs_public_key_free(SilcPublicKey public_key);
 534  *
 535  * DESCRIPTION
 536  *
 537  *    Frees the public key.
 538  *
 539  ***/
 540 void silc_pkcs_public_key_free(SilcPublicKey public_key);
 541
 542 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_export
 543  *
 544  * SYNOPSIS
 545  *
 546  *    unsigned char *silc_pkcs_public_key_encode(SilcPublicKey public_key,
 547  *                                               SilcUInt32 *ret_len);
 548  *
 549  * DESCRIPTION
 550  *
 551  *    Encodes the `public_key' into a binary format and returns it.  Returns
 552  *    NULL on error.  Caller must free the returned buffer.
 553  *
 554  ***/
 555 unsigned char *silc_pkcs_public_key_encode(SilcPublicKey public_key,
 556                                            SilcUInt32 *ret_len);
 557
 558 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_get_len
 559  *
 560  * SYNOPSIS
 561  *
 562  *    SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
 563  *
 564  * DESCRIPTION
 565  *
 566  *    Returns the key length in bits from the public key.
 567  *
 568  ***/
 569 SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
 570
 571 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_compare
 572  *
 573  * SYNOPSIS
 574  *
 575  *    SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1,
 576  *                                          SilcPublicKey key2);
 577  *
 578  * DESCRIPTION
 579  *
 580  *    Compares two public keys and returns TRUE if they are same key, and
 581  *    FALSE if they are not same.
 582  *
 583  ***/
 584 SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2);
 585
 586 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_copy
 587  *
 588  * SYNOPSIS
 589  *
 590  *    SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
 591  *
 592  * DESCRIPTION
 593  *
 594  *    Copies the public key indicated by `public_key' and returns new
 595  *    allocated public key which is indentical to the `public_key'.
 596  *
 597  ***/
 598 SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
 599
 600 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_alloc
 601  *
 602  * SYNOPSIS
 603  *
 604  *    SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
 605  *                                         unsigned char *key,
 606  *                                         SilcUInt32 key_len,
 607  *                                         SilcPrivateKey *ret_private_key);
 608  *
 609  * DESCRIPTION
 610  *
 611  *    Allocates SilcPrivateKey of the type of `type' from the key data
 612  *    `key' of length of `key_len' bytes.  Returns FALSE if the `key'
 613  *    is malformed or unsupported private key type.
 614  *
 615  ***/
 616 SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
 617                                      unsigned char *key,
 618                                      SilcUInt32 key_len,
 619                                      SilcPrivateKey *ret_private_key);
 620
 621 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_get_len
 622  *
 623  * SYNOPSIS
 624  *
 625  *    SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
 626  *
 627  * DESCRIPTION
 628  *
 629  *    Returns the key length in bits from the private key.
 630  *
 631  ***/
 632 SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
 633
 634 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_free
 635  *
 636  * SYNOPSIS
 637  *
 638  *    void silc_pkcs_private_key_free(SilcPrivateKey private_key;
 639  *
 640  * DESCRIPTION
 641  *
 642  *    Frees the private key.
 643  *
 644  ***/
 645 void silc_pkcs_private_key_free(SilcPrivateKey private_key);
 646
 647 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_encrypt
 648  *
 649  * SYNOPSIS
 650  *
 651  *    SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
 652  *                               unsigned char *src, SilcUInt32 src_len,
 653  *                               unsigned char *dst, SilcUInt32 dst_size,
 654  *                               SilcUInt32 *dst_len);
 655  *
 656  * DESCRIPTION
 657  *
 658  *    Encrypts with the public key. Returns FALSE on error.
 659  *
 660  ***/
 661 SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
 662                            unsigned char *src, SilcUInt32 src_len,
 663                            unsigned char *dst, SilcUInt32 dst_size,
 664                            SilcUInt32 *dst_len, SilcRng rng);
 665
 666 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_decrypt
 667  *
 668  * SYNOPSIS
 669  *
 670  *    SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
 671  *                               unsigned char *src, SilcUInt32 src_len,
 672  *                               unsigned char *dst, SilcUInt32 dst_size,
 673  *                               SilcUInt32 *dst_len);
 674  *
 675  * DESCRIPTION
 676  *
 677  *    Decrypts with the private key.  Returns FALSE on error.
 678  *
 679  ***/
 680 SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
 681                            unsigned char *src, SilcUInt32 src_len,
 682                            unsigned char *dst, SilcUInt32 dst_size,
 683                            SilcUInt32 *dst_len);
 684
 685 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_sign
 686  *
 687  * SYNOPSIS
 688  *
 689  *    SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
 690  *                            unsigned char *src, SilcUInt32 src_len,
 691  *                            unsigned char *dst, SilcUInt32 dst_size,
 692  *                            SilcUInt32 *dst_len, SilcBool compute_hash,
 693  *                            SilcHash hash);
 694  *
 695  * DESCRIPTION
 696  *
 697  *    Generates signature with the private key.  Returns FALSE on error.
 698  *    If `compute_hash' is TRUE the `hash' will be used to compute a
 699  *    digest over the `src'.  The `hash' must always be valid.
 700  *
 701  ***/
 702 SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
 703                         unsigned char *src, SilcUInt32 src_len,
 704                         unsigned char *dst, SilcUInt32 dst_size,
 705                         SilcUInt32 *dst_len, SilcBool compute_hash,
 706                         SilcHash hash);
 707
 708 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_verify
 709  *
 710  * SYNOPSIS
 711  *
 712  *    SilcBool silc_pkcs_verify(SilcPublicKey public_key,
 713  *                              unsigned char *signature,
 714  *                              SilcUInt32 signature_len,
 715  *                              unsigned char *data,
 716  *                              SilcUInt32 data_len, SilcHash hash);
 717  *
 718  * DESCRIPTION
 719  *
 720  *    Verifies signature.  Returns FALSE on error.  The 'signature' is
 721  *    verified against the 'data'.  If the `hash' is non-NULL then the `data'
 722  *    will hashed before verification.  If the `hash' is NULL, then the
 723  *    hash algorithm to be used is retrieved from the signature.  If it
 724  *    isn't present in the signature the verification is done as is without
 725  *    hashing.
 726  *
 727  ***/
 728 SilcBool silc_pkcs_verify(SilcPublicKey public_key,
 729                           unsigned char *signature,
 730                           SilcUInt32 signature_len,
 731                           unsigned char *data,
 732                           SilcUInt32 data_len, SilcHash hash);
 733
 734 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_public_key
 735  *
 736  * SYNOPSIS
 737  *
 738  *    SilcBool silc_pkcs_load_public_key(const char *filename,
 739  *                                       SilcPublicKey *ret_public_key);
 740  *
 741  * DESCRIPTION
 742  *
 743  *    Loads public key from file and allocates new public key.  Returns TRUE
 744  *    if loading was successful.
 745  *
 746  ***/
 747 SilcBool silc_pkcs_load_public_key(const char *filename,
 748                                    SilcPublicKey *ret_public_key);
 749
 750 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_public_key
 751  *
 752  * SYNOPSIS
 753  *
 754  *    SilcBool silc_pkcs_save_public_key(const char *filename,
 755  *                                       SilcPublicKey public_key,
 756  *                                       SilcPKCSFileEncoding encoding);
 757  *
 758  * DESCRIPTION
 759  *
 760  *    Saves public key into file with specified encoding.  Returns FALSE
 761  *    on error.
 762  *
 763  ***/
 764 SilcBool silc_pkcs_save_public_key(const char *filename,
 765                                    SilcPublicKey public_key,
 766                                    SilcPKCSFileEncoding encoding);
 767
 768 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_private_key
 769  *
 770  * SYNOPSIS
 771  *
 772  *    SilcBool silc_pkcs_load_private_key(const char *filename,
 773  *                                        const unsigned char *passphrase,
 774  *                                        SilcUInt32 passphrase_len,
 775  *                                        SilcPrivateKey *ret_private_key);
 776  *
 777  * DESCRIPTION
 778  *
 779  *    Loads private key from file and allocates new private key.  Returns TRUE
 780  *    if loading was successful.  The `passphrase' is used as decryption
 781  *    key of the private key file, in case it is encrypted.
 782  *
 783  ***/
 784 SilcBool silc_pkcs_load_private_key(const char *filename,
 785                                     const unsigned char *passphrase,
 786                                     SilcUInt32 passphrase_len,
 787                                     SilcPrivateKey *ret_private_key);
 788
 789 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_private_key
 790  *
 791  * SYNOPSIS
 792  *
 793  *    SilcBool silc_pkcs_save_private_key(const char *filename,
 794  *                                        SilcPrivateKey private_key,
 795  *                                        const unsigned char *passphrase,
 796  *                                        SilcUInt32 passphrase_len,
 797  *                                        SilcPKCSFileEncoding encoding,
 798  *                                        SilcRng rng);
 799  *
 800  * DESCRIPTION
 801  *
 802  *    Saves private key into file.  The private key is encrypted into
 803  *    the file with the `passphrase' as a key, if PKCS supports encrypted
 804  *    private keys.  Returns FALSE on error.
 805  *
 806  ***/
 807 SilcBool silc_pkcs_save_private_key(const char *filename,
 808                                     SilcPrivateKey private_key,
 809                                     const unsigned char *passphrase,
 810                                     SilcUInt32 passphrase_len,
 811                                     SilcPKCSFileEncoding encoding,
 812                                     SilcRng rng);
 813
 814 #endif  /* !SILCPKCS_H */