5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2005 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
20 /****h* silccrypt/SILC PKCS Interface
24 * SILC PKCS API provides generic interface for performing various
25 * public key cryptography related operations with different types of
26 * public and private keys. Support for loading and saving of different
27 * types of public key and private keys are also provided.
34 /* Forward declarations */
35 typedef struct SilcPKCSObjectStruct SilcPKCSObject;
37 /****d* silccrypt/SilcPKCSAPI/SilcPKCSType
41 * typedef enum { ... } SilcPKCSType;
45 * Public key cryptosystem types. These are defined by the SILC
46 * Key Exchange protocol.
51 SILC_PKCS_SILC = 1, /* SILC PKCS */
52 SILC_PKCS_SSH2 = 2, /* SSH2 PKCS (not supported) */
53 SILC_PKCS_X509V3 = 3, /* X.509v3 PKCS (not supported) */
54 SILC_PKCS_OPENPGP = 4, /* OpenPGP PKCS (not supported) */
55 SILC_PKCS_SPKI = 5, /* SPKI PKCS (not supported) */
59 /****s* silccrypt/SilcPKCSAPI/SilcPublicKey
63 * typedef struct { ... } *SilcPublicKey;
67 * This context represents any kind of PKCS public key. It can be
68 * allocated by silc_pkcs_public_key_alloc and is freed by the
69 * silc_pkcs_public_key_free. The PKCS specific public key context
70 * can be retrieved by calling silc_pkcs_get_context.
75 const SilcPKCSObject *pkcs; /* PKCS */
76 void *public_key; /* PKCS specific public key */
80 /****s* silccrypt/SilcPKCSAPI/SilcPrivateKey
84 * typedef struct { ... } *SilcPrivateKey;
88 * This context represents any kind of PKCS private key.
93 const SilcPKCSObject *pkcs; /* PKCS */
94 void *private_key; /* PKCS specific private key */
98 /****d* silccrypt/SilcPKCSAPI/SilcPKCSFileEncoding
102 * typedef enum { ... } SilcPKCSType
106 * Public and private key file encoding types.
111 SILC_PKCS_FILE_BIN, /* Binary encoding */
112 SILC_PKCS_FILE_BASE64 /* Base64 encoding */
113 } SilcPKCSFileEncoding;
116 /* The PKCS Algorithm object to represent any PKCS algorithm. */
118 /* Algorithm name and scheme */
122 /* Supported hash functions, comma separated list */
125 /* Generate new key pair. Returns PKCS algorithm specific public key
126 and private key contexts. */
127 SilcBool (*generate_key)(SilcUInt32 keylen,
129 void **ret_public_key,
130 void **ret_private_key);
132 /* Public key routines */
133 SilcBool (*import_public_key)(unsigned char *key,
135 void **ret_public_key);
136 unsigned char *(*export_public_key)(void *public_key,
137 SilcUInt32 *ret_len);
138 SilcUInt32 (*public_key_bitlen)(void *public_key);
139 void *(*public_key_copy)(void *public_key);
140 SilcBool (*public_key_compare)(void *key1, void *key2);
141 void (*public_key_free)(void *public_key);
143 /* Private key routines */
144 SilcBool (*import_private_key)(unsigned char *key,
146 void **ret_private_key);
147 unsigned char *(*export_private_key)(void *private_key,
148 SilcUInt32 *ret_len);
149 SilcUInt32 (*private_key_bitlen)(void *public_key);
150 void (*private_key_free)(void *private_key);
152 /* Encrypt and decrypt operations */
153 SilcBool (*encrypt)(void *public_key,
158 SilcUInt32 *ret_dst_len);
159 SilcBool (*decrypt)(void *private_key,
164 SilcUInt32 *ret_dst_len);
166 /* Signature and verification operations */
167 SilcBool (*sign)(void *private_key,
170 unsigned char *signature,
171 SilcUInt32 signature_size,
172 SilcUInt32 *ret_signature_len,
174 SilcBool (*verify)(void *public_key,
175 unsigned char *signature,
176 SilcUInt32 signature_len,
182 /* The PKCS (Public Key Cryptosystem) object to represent any PKCS. */
183 struct SilcPKCSObjectStruct {
187 /* Public key routines */
189 /* Returns PKCS algorithm context from public key */
190 const SilcPKCSAlgorithm *(*get_algorithm)(void *public_key);
192 /* Imports from public key file */
193 SilcBool (*import_public_key_file)(unsigned char *filedata,
194 SilcUInt32 filedata_len,
195 SilcPKCSFileEncoding encoding,
196 void **ret_public_key);
198 /* Imports from public key binary data */
199 SilcBool (*import_public_key)(unsigned char *key,
201 void **ret_public_key);
203 /* Exports public key to file */
204 unsigned char *(*export_public_key_file)(void *public_key,
205 SilcPKCSFileEncoding encoding,
206 SilcUInt32 *ret_len);
208 /* Export public key as binary data */
209 unsigned char *(*export_public_key)(void *public_key,
210 SilcUInt32 *ret_len);
212 /* Returns key length in bits */
213 SilcUInt32 (*public_key_bitlen)(void *public_key);
215 /* Copy public key */
216 void *(*public_key_copy)(void *public_key);
218 /* Compares public keys */
219 SilcBool (*public_key_compare)(void *key1, void *key2);
221 /* Free public key */
222 void (*public_key_free)(void *public_key);
224 /* Private key routines */
226 /* Imports from private key file */
227 SilcBool (*import_private_key_file)(unsigned char *filedata,
228 SilcUInt32 filedata_len,
229 const char *passphrase,
230 SilcUInt32 passphrase_len,
231 SilcPKCSFileEncoding encoding,
232 void **ret_private_key);
234 /* Imports from private key binary data */
235 SilcBool (*import_private_key)(unsigned char *key,
237 void **ret_private_key);
239 /* Exports private key to file */
240 unsigned char *(*export_private_key_file)(void *private_key,
241 const char *passphrase,
242 SilcUInt32 passphrase_len,
243 SilcPKCSFileEncoding encoding,
245 SilcUInt32 *ret_len);
247 /* Export private key as binary data */
248 unsigned char *(*export_private_key)(void *private_key,
249 SilcUInt32 *ret_len);
251 /* Returns key length in bits */
252 SilcUInt32 (*private_key_bitlen)(void *private_key);
254 /* Free private key */
255 void (*private_key_free)(void *private_key);
257 /* Encrypt and decrypt operations */
258 SilcBool (*encrypt)(void *public_key,
263 SilcUInt32 *ret_dst_len);
264 SilcBool (*decrypt)(void *private_key,
269 SilcUInt32 *ret_dst_len);
271 /* Signature and verification operations */
272 SilcBool (*sign)(void *private_key,
275 unsigned char *signature,
276 SilcUInt32 signature_size,
277 SilcUInt32 *ret_signature_len,
279 SilcBool (*verify)(void *public_key,
280 unsigned char *signature,
281 SilcUInt32 signature_len,
287 /* Marks for all PKCS in silc. This can be used in silc_pkcs_unregister
288 to unregister all PKCS at once. */
289 #define SILC_ALL_PKCS ((SilcPKCSObject *)1)
290 #define SILC_ALL_PKCS_ALG ((SilcPKCSAlgorithm *)1)
292 /* Static lists of PKCS and PKCS algorithms. */
293 extern DLLAPI const SilcPKCSObject silc_default_pkcs[];
294 extern DLLAPI const SilcPKCSAlgorithm silc_default_pkcs_alg[];
298 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_register
302 * SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
306 * Registers a new PKCS into the SILC. This function is used
307 * at the initialization of the SILC. All registered PKCSs
308 * should be unregistered with silc_pkcs_unregister. The `pkcs' includes
309 * the name of the PKCS and member functions for the algorithm. Usually
310 * this function is not called directly. Instead, application can call
311 * the silc_pkcs_register_default to register all PKCSs that are
312 * builtin the sources. Returns FALSE on error.
315 SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
317 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister
321 * SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
325 * Unregister a PKCS from the SILC. Returns FALSE on error.
328 SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
330 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_register
334 * SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
338 * Registers a new PKCS Algorithm into the SILC. This function is used
339 * at the initialization of the SILC. All registered PKCS algorithms
340 * should be unregistered with silc_pkcs_unregister.
343 SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
345 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_unregister
349 * SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
353 * Unregister a PKCS from the SILC. Returns FALSE on error.
356 SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
358 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_register_default
362 * SilcBool silc_pkcs_register_default(void);
366 * Registers all the default PKCS (all builtin PKCS) and PKCS algorithms.
367 * The application may use this to register the default PKCS if specific
368 * PKCS in any specific order is not wanted. Returns FALSE on error.
371 SilcBool silc_pkcs_register_default(void);
373 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister_all
377 * SilcBool silc_pkcs_unregister_all(void);
381 * Unregister all PKCS and PKCS algorithms. Returns FALSE on error.
384 SilcBool silc_pkcs_unregister_all(void);
386 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_supported
390 * char *silc_pkcs_get_supported(void);
394 * Returns comma separated list of supported PKCS algorithms.
397 char *silc_pkcs_get_supported(void);
399 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_pkcs
403 * const SilcPKCSObject *silc_pkcs_get_pkcs(SilcPKCSType type);
407 * Finds PKCS context by the PKCS type.
410 const SilcPKCSObject *silc_pkcs_find_pkcs(SilcPKCSType type);
412 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_algorithm
416 * const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
417 * const char *scheme);
421 * Finds PKCS algorithm context by the algorithm name `algorithm' and
422 * the algorithm scheme `scheme'. The `scheme' may be NULL.
425 const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
428 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_pkcs
432 * const SilcPKCSObject *silc_pkcs_get_pkcs(SilcPublicKey public_key);
436 * Returns the PKCS object from `public_key'.
439 const SilcPKCSObject *silc_pkcs_get_pkcs(SilcPublicKey public_key);
441 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_algorithm
445 * const SilcPKCSObject *silc_pkcs_get_algorithm(SilcPublicKey public_key);
449 * Returns the PKCS algorithm object from `public_key'.
452 const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(SilcPublicKey public_key);
454 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_name
458 * const char *silc_pkcs_get_name(SilcPublicKey public_key)
462 * Returns PKCS algorithm name from the public key.
465 const char *silc_pkcs_get_name(SilcPublicKey public_key);
467 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_type
471 * SilcPKCSType silc_pkcs_get_type(SilcPublicKey public_key);
475 * Returns PKCS type from the public key.
478 SilcPKCSType silc_pkcs_get_type(SilcPublicKey public_key);
480 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_context
484 * void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key);
488 * Returns the internal PKCS `type' specific public key context from the
489 * `public_key'. The caller needs to explicitly type cast it to correct
490 * type. Returns NULL on error.
492 * For SILC_PKCS_SILC the returned context is SilcSILCPublicKey.
495 void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key);
497 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_alloc
501 * SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
502 * unsigned char *key,
504 * SilcPublicKey *ret_public_key);
508 * Allocates SilcPublicKey of the type of `type' from the key data
509 * `key' of length of `key_len' bytes. Returns FALSE if the `key'
510 * is malformed or unsupported public key type. This function can be
511 * used to create public key from any kind of PKCS public keys that
512 * the implementation supports.
515 SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
518 SilcPublicKey *ret_public_key);
520 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_free
524 * void silc_pkcs_public_key_free(SilcPublicKey public_key);
528 * Frees the public key.
531 void silc_pkcs_public_key_free(SilcPublicKey public_key);
533 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_export
537 * unsigned char *silc_pkcs_public_key_encode(SilcPublicKey public_key,
538 * SilcUInt32 *ret_len);
542 * Encodes the `public_key' into a binary format and returns it. Returns
543 * NULL on error. Caller must free the returned buffer.
546 unsigned char *silc_pkcs_public_key_encode(SilcPublicKey public_key,
547 SilcUInt32 *ret_len);
549 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_get_len
553 * SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
557 * Returns the key length in bits from the public key.
560 SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
562 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_compare
566 * SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1,
567 * SilcPublicKey key2);
571 * Compares two public keys and returns TRUE if they are same key, and
572 * FALSE if they are not same.
575 SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2);
577 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_copy
581 * SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
585 * Copies the public key indicated by `public_key' and returns new
586 * allocated public key which is indentical to the `public_key'.
589 SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
591 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_alloc
595 * SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
596 * unsigned char *key,
597 * SilcUInt32 key_len,
598 * SilcPrivateKey *ret_private_key);
602 * Allocates SilcPrivateKey of the type of `type' from the key data
603 * `key' of length of `key_len' bytes. Returns FALSE if the `key'
604 * is malformed or unsupported private key type.
607 SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
610 SilcPrivateKey *ret_private_key);
612 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_get_len
616 * SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
620 * Returns the key length in bits from the public key.
623 SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
625 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_free
629 * void silc_pkcs_private_key_free(SilcPrivateKey private_key;
633 * Frees the private key.
636 void silc_pkcs_private_key_free(SilcPrivateKey private_key);
638 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_encrypt
642 * SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
643 * unsigned char *src, SilcUInt32 src_len,
644 * unsigned char *dst, SilcUInt32 dst_size,
645 * SilcUInt32 *dst_len);
649 * Encrypts with the public key. Returns FALSE on error.
652 SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
653 unsigned char *src, SilcUInt32 src_len,
654 unsigned char *dst, SilcUInt32 dst_size,
655 SilcUInt32 *dst_len);
657 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_decrypt
661 * SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
662 * unsigned char *src, SilcUInt32 src_len,
663 * unsigned char *dst, SilcUInt32 dst_size,
664 * SilcUInt32 *dst_len);
668 * Decrypts with the private key. Returns FALSE on error.
671 SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
672 unsigned char *src, SilcUInt32 src_len,
673 unsigned char *dst, SilcUInt32 dst_size,
674 SilcUInt32 *dst_len);
676 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_sign
680 * SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
681 * unsigned char *src, SilcUInt32 src_len,
682 * unsigned char *dst, SilcUInt32 dst_size,
683 * SilcUInt32 *dst_len, SilcHash hash);
687 * Generates signature with the private key. Returns FALSE on error.
688 * If `hash' is non-NULL the `src' will be hashed before signing.
691 SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
692 unsigned char *src, SilcUInt32 src_len,
693 unsigned char *dst, SilcUInt32 dst_size,
694 SilcUInt32 *dst_len, SilcHash hash);
696 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_verify
700 * SilcBool silc_pkcs_verify(SilcPublicKey public_key,
701 * unsigned char *signature,
702 * SilcUInt32 signature_len,
703 * unsigned char *data,
704 * SilcUInt32 data_len, SilcHash hash);
708 * Verifies signature. Returns FALSE on error. The 'signature' is
709 * verified against the 'data'. If the `hash' is non-NULL then the `data'
710 * will hashed before verification. If the `hash' is NULL, then the
711 * hash algorithm to be used is retrieved from the signature. If it
712 * isn't present in the signature the verification is done as is without
716 SilcBool silc_pkcs_verify(SilcPublicKey public_key,
717 unsigned char *signature,
718 SilcUInt32 signature_len,
720 SilcUInt32 data_len, SilcHash hash);
722 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_public_key
726 * SilcBool silc_pkcs_load_public_key(const char *filename,
727 * SilcPublicKey *ret_public_key);
731 * Loads public key from file and allocates new public key. Returns TRUE
732 * if loading was successful.
735 SilcBool silc_pkcs_load_public_key(const char *filename,
736 SilcPublicKey *ret_public_key);
738 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_public_key
742 * SilcBool silc_pkcs_save_public_key(const char *filename,
743 * SilcPublicKey public_key,
744 * SilcPKCSFileEncoding encoding);
748 * Saves public key into file with specified encoding. Returns FALSE
752 SilcBool silc_pkcs_save_public_key(const char *filename,
753 SilcPublicKey public_key,
754 SilcPKCSFileEncoding encoding);
756 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_private_key
760 * SilcBool silc_pkcs_load_private_key(const char *filename,
761 * const unsigned char *passphrase,
762 * SilcUInt32 passphrase_len,
763 * SilcPrivateKey *ret_private_key);
767 * Loads private key from file and allocates new private key. Returns TRUE
768 * if loading was successful. The `passphrase' is used as decryption
769 * key of the private key file, in case it is encrypted.
772 SilcBool silc_pkcs_load_private_key(const char *filename,
773 const unsigned char *passphrase,
774 SilcUInt32 passphrase_len,
775 SilcPrivateKey *ret_private_key);
777 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_private_key
781 * SilcBool silc_pkcs_save_private_key(const char *filename,
782 * SilcPrivateKey private_key,
783 * const unsigned char *passphrase,
784 * SilcUInt32 passphrase_len,
785 * SilcPKCSFileEncoding encoding,
790 * Saves private key into file. The private key is encrypted into
791 * the file with the `passphrase' as a key, if PKCS supports encrypted
792 * private keys. Returns FALSE on error.
795 SilcBool silc_pkcs_save_private_key(const char *filename,
796 SilcPrivateKey private_key,
797 const unsigned char *passphrase,
798 SilcUInt32 passphrase_len,
799 SilcPKCSFileEncoding encoding,
802 #endif /* !SILCPKCS_H */