5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2007 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
20 /****h* silccrypt/SILC PKCS Interface
24 * SILC PKCS API provides generic interface for performing various
25 * public key cryptography related operations with different types of
26 * public and private keys. Support for loading and saving of different
27 * types of public key and private keys are also provided.
34 /* Forward declarations */
35 typedef struct SilcPKCSAlgorithmStruct SilcPKCSAlgorithm;
36 typedef struct SilcPKCSObjectStruct SilcPKCSObject;
38 /****d* silccrypt/SilcPKCSAPI/SilcPKCSType
42 * typedef enum { ... } SilcPKCSType;
46 * Supported public key cryptosystem types.
51 SILC_PKCS_SILC = 1, /* SILC PKCS */
52 SILC_PKCS_SSH2 = 2, /* SSH2 PKCS (not supported) */
53 SILC_PKCS_X509V3 = 3, /* X.509v3 PKCS (not supported) */
54 SILC_PKCS_OPENPGP = 4, /* OpenPGP PKCS (not supported) */
55 SILC_PKCS_SPKI = 5, /* SPKI PKCS (not supported) */
59 /****s* silccrypt/SilcPKCSAPI/SilcPublicKey
63 * typedef struct { ... } *SilcPublicKey;
67 * This context represents any kind of PKCS public key. It can be
68 * allocated by silc_pkcs_public_key_alloc and is freed by the
69 * silc_pkcs_public_key_free. The PKCS specific public key context
70 * can be retrieved by calling silc_pkcs_get_context.
74 typedef struct SilcPublicKeyStruct {
75 SilcPKCSObject *pkcs; /* PKCS */
76 const SilcPKCSAlgorithm *alg; /* PKCS algorithm */
77 void *public_key; /* PKCS specific public key */
81 /****s* silccrypt/SilcPKCSAPI/SilcPrivateKey
85 * typedef struct { ... } *SilcPrivateKey;
89 * This context represents any kind of PKCS private key.
93 typedef struct SilcPrivateKeyStruct {
94 SilcPKCSObject *pkcs; /* PKCS */
95 const SilcPKCSAlgorithm *alg; /* PKCS algorithm */
96 void *private_key; /* PKCS specific private key */
100 /****d* silccrypt/SilcPKCSAPI/SilcPKCSFileEncoding
104 * typedef enum { ... } SilcPKCSType
108 * Public and private key file encoding types.
113 SILC_PKCS_FILE_BIN, /* Binary encoding */
114 SILC_PKCS_FILE_BASE64 /* Base64 encoding */
115 } SilcPKCSFileEncoding;
118 /****f* silccrypt/SilcPKCSAPI/SilcPKCSEncryptCb
122 * typedef void (*SilcPKCSEncryptCb)(SilcBool success,
123 * const unsigned char *encrypted,
124 * SilcUInt32 encrypted_len,
129 * Encryption callback. This callback is given as argument to the
130 * silc_pkcs_encrypt and the encrypted data is delivered to the caller
131 * in this callback. The `encrypted' is the encrypted data. If the
132 * `success' is FALSE the encryption operation failed.
135 typedef void (*SilcPKCSEncryptCb)(SilcBool success,
136 const unsigned char *encrypted,
137 SilcUInt32 encrypted_len,
140 /****f* silccrypt/SilcPKCSAPI/SilcPKCSDecryptCb
144 * typedef void (*SilcPKCSDecryptCb)(SilcBool success,
145 * const unsigned char *decrypted,
146 * SilcUInt32 decrypted_len,
151 * Decryption callback. This callback is given as argument to the
152 * silc_pkcs_decrypt and the decrypted data is delivered to the caller
153 * in this callback. The `decrypted' is the decrypted data. If the
154 * `success' is FALSE the decryption operation failed.
157 typedef void (*SilcPKCSDecryptCb)(SilcBool success,
158 const unsigned char *decrypted,
159 SilcUInt32 decrypted_len,
162 /****f* silccrypt/SilcPKCSAPI/SilcPKCSSignCb
166 * typedef void (*SilcPKCSSignCb)(SilcBool success,
167 * const unsigned char *signature,
168 * SilcUInt32 signature_len,
173 * Signature callback. This callback is given as argument to the
174 * silc_pkcs_sign and the digitally signed data is delivered to the caller
175 * in this callback. The `signature' is the signature data. If the
176 * `success' is FALSE the signature operation failed.
179 typedef void (*SilcPKCSSignCb)(SilcBool success,
180 const unsigned char *signature,
181 SilcUInt32 signature_len,
184 /****f* silccrypt/SilcPKCSAPI/SilcPKCSVerifyCb
188 * typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
192 * Verification callback. This callback is given as argument to the
193 * silc_pkcs_verify and the result of the signature verification is
194 * deliver to the caller in this callback. If the `success' is FALSE
195 * the signature verification failed.
198 typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
200 #include "silcpkcs_i.h"
202 /* Marks for all PKCS in. This can be used in silc_pkcs_unregister to
203 unregister all PKCS at once. */
204 #define SILC_ALL_PKCS ((SilcPKCSObject *)1)
205 #define SILC_ALL_PKCS_ALG ((SilcPKCSAlgorithm *)1)
207 /* Static lists of PKCS and PKCS algorithms. */
208 extern DLLAPI const SilcPKCSObject silc_default_pkcs[];
209 extern DLLAPI const SilcPKCSAlgorithm silc_default_pkcs_alg[];
213 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_register
217 * SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
221 * Registers a new PKCS into the crypto library. This function is used
222 * at the initialization of an application. All registered PKCSs
223 * should be unregistered with silc_pkcs_unregister. The `pkcs' includes
224 * the name of the PKCS and member functions for the algorithm. Usually
225 * this function is not called directly. Instead, application can call
226 * the silc_pkcs_register_default to register all PKCSs that are
227 * builtin the sources. Returns FALSE on error.
230 SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs);
232 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister
236 * SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
240 * Unregister a PKCS from the crypto library. Returns FALSE on error.
243 SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs);
245 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_register
249 * SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
253 * Registers a new PKCS Algorithm into crypto library. This function
254 * is used at the initialization of an application. All registered PKCS
255 * algorithms should be unregistered with silc_pkcs_unregister.
258 SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs);
260 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_algorithm_unregister
264 * SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
268 * Unregister a PKCS from the crypto library. Returns FALSE on error.
271 SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs);
273 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_register_default
277 * SilcBool silc_pkcs_register_default(void);
281 * Registers all the default PKCS (all builtin PKCS) and PKCS algorithms.
282 * The application may use this to register the default PKCS if specific
283 * PKCS in any specific order is not wanted. Returns FALSE on error.
286 SilcBool silc_pkcs_register_default(void);
288 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_unregister_all
292 * SilcBool silc_pkcs_unregister_all(void);
296 * Unregister all PKCS and PKCS algorithms. Returns FALSE on error.
299 SilcBool silc_pkcs_unregister_all(void);
301 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_supported
305 * char *silc_pkcs_get_supported(void);
309 * Returns comma separated list of supported PKCS algorithms.
312 char *silc_pkcs_get_supported(void);
314 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_pkcs
318 * const SilcPKCSObject *silc_pkcs_get_pkcs(SilcPKCSType type);
322 * Finds PKCS context by the PKCS type.
325 const SilcPKCSObject *silc_pkcs_find_pkcs(SilcPKCSType type);
327 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_find_algorithm
331 * const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
332 * const char *scheme);
336 * Finds PKCS algorithm context by the algorithm name `algorithm' and
337 * the algorithm scheme `scheme'. The `scheme' may be NULL.
340 const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm,
343 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_pkcs
347 * const SilcPKCSObject *silc_pkcs_get_pkcs(void *key);
351 * Returns the PKCS object from `key', which may be SilcPublicKey or
352 * SilcPrivateKey pointer.
355 const SilcPKCSObject *silc_pkcs_get_pkcs(void *key);
357 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_algorithm
361 * const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key);
365 * Returns the PKCS algorithm object from `key', which may be SilcPublicKey
366 * or SilcPrivateKey pointer.
369 const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key);
371 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_name
375 * const char *silc_pkcs_get_name(void *key);
379 * Returns PKCS algorithm name from the `key', which may be SilcPublicKey
380 * or SilcPrivateKey pointer.
383 const char *silc_pkcs_get_name(void *key);
385 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_type
389 * SilcPKCSType silc_pkcs_get_type(void *key);
393 * Returns PKCS type from the `key', which may be SilcPublicKey or
394 * SilcPrivateKey pointer.
397 SilcPKCSType silc_pkcs_get_type(void *key);
399 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_get_context
403 * void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key);
407 * Returns the internal PKCS `type' specific public key context from the
408 * `public_key'. The caller needs to explicitly type cast it to correct
409 * type. Returns NULL on error.
411 * For SILC_PKCS_SILC the returned context is SilcSILCPublicKey.
414 void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key);
416 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_alloc
420 * SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
421 * unsigned char *key,
423 * SilcPublicKey *ret_public_key);
427 * Allocates SilcPublicKey of the type of `type' from the key data
428 * `key' of length of `key_len' bytes. Returns FALSE if the `key'
429 * is malformed or unsupported public key type. This function can be
430 * used to create public key from any kind of PKCS public keys that
431 * the implementation supports.
434 SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type,
437 SilcPublicKey *ret_public_key);
439 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_free
443 * void silc_pkcs_public_key_free(SilcPublicKey public_key);
447 * Frees the public key.
450 void silc_pkcs_public_key_free(SilcPublicKey public_key);
452 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_export
456 * unsigned char *silc_pkcs_public_key_encode(SilcStack stack,
457 * SilcPublicKey public_key,
458 * SilcUInt32 *ret_len);
462 * Encodes the `public_key' into a binary format and returns it. Returns
463 * NULL on error. Caller must free the returned buffer.
465 * If the `stack' is non-NULL the returned buffer is allocated from the
466 * `stack'. This call will consume `stack' so caller should push the stack
467 * before calling and then later pop it.
470 unsigned char *silc_pkcs_public_key_encode(SilcStack stack,
471 SilcPublicKey public_key,
472 SilcUInt32 *ret_len);
474 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_get_len
478 * SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
482 * Returns the key length in bits from the public key.
485 SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key);
487 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_compare
491 * SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1,
492 * SilcPublicKey key2);
496 * Compares two public keys and returns TRUE if they are same key, and
497 * FALSE if they are not same.
500 SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2);
502 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_public_key_copy
506 * SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
510 * Copies the public key indicated by `public_key' and returns new
511 * allocated public key which is indentical to the `public_key'.
514 SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key);
516 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_alloc
520 * SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
521 * unsigned char *key,
522 * SilcUInt32 key_len,
523 * SilcPrivateKey *ret_private_key);
527 * Allocates SilcPrivateKey of the type of `type' from the key data
528 * `key' of length of `key_len' bytes. Returns FALSE if the `key'
529 * is malformed or unsupported private key type.
532 SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type,
535 SilcPrivateKey *ret_private_key);
537 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_get_len
541 * SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
545 * Returns the key length in bits from the private key.
548 SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key);
550 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_private_key_free
554 * void silc_pkcs_private_key_free(SilcPrivateKey private_key;
558 * Frees the private key.
561 void silc_pkcs_private_key_free(SilcPrivateKey private_key);
563 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_encrypt
567 * SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key,
568 * unsigned char *src,
569 * SilcUInt32 src_len, SilcRng rng,
570 * SilcPKCSEncryptCb encrypt_cb,
575 * Encrypts with the public key. The `encrypt_cb' will be called to
576 * deliver the encrypted data. The encryption operation may be asynchronous
577 * if the `public_key' is accelerated public key. If this returns NULL
578 * the asynchronous operation cannot be controlled.
581 SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key,
583 SilcUInt32 src_len, SilcRng rng,
584 SilcPKCSEncryptCb encrypt_cb,
587 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_decrypt
591 * SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key,
592 * unsigned char *src,
593 * SilcUInt32 src_len,
594 * SilcPKCSDecryptCb decrypt_cb,
599 * Decrypts with the private key. The `decrypt_cb' will be called to
600 * deliver the decrypted data. The decryption operation may be asynchronous
601 * if the `private_key' is accelerated private key. If this returns NULL
602 * the asynchronous operation cannot be controlled.
605 SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key,
606 unsigned char *src, SilcUInt32 src_len,
607 SilcPKCSDecryptCb decrypt_cb,
610 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_sign
614 * SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key,
615 * unsigned char *src,
616 * SilcUInt32 src_len,
617 * SilcBool compute_hash,
619 * SilcPKCSSignCb sign_cb,
624 * Computes signature with the private key. The `sign_cb' will be called
625 * to deliver the signature data. If `compute_hash' is TRUE the `hash'
626 * will be used to compute a message digest over the `src'. The `hash'
627 * must always be valid. The signature operation may be asynchronous if
628 * the `private_key' is accelerated private key. If this returns NULL the
629 * asynchronous operation cannot be controlled.
632 SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key,
635 SilcBool compute_hash,
637 SilcPKCSSignCb sign_cb,
640 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_verify
644 * SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key,
645 * unsigned char *signature,
646 * SilcUInt32 signature_len,
647 * unsigned char *data,
648 * SilcUInt32 data_len,
650 * SilcPKCSVerifyCb verify_cb,
655 * Verifies signature. The `verify_cb' will be called to deliver the
656 * result of the verification process. The 'signature' is verified against
657 * the 'data'. If the `hash' is non-NULL then the `data' will hashed
658 * before verification. If the `hash' is NULL, then the hash algorithm
659 * to be used is retrieved from the signature. If it isn't present in the
660 * signature the verification is done as is without hashing. If this
661 * returns NULL the asynchronous operation cannot be controlled.
664 SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key,
665 unsigned char *signature,
666 SilcUInt32 signature_len,
670 SilcPKCSVerifyCb verify_cb,
673 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_public_key
677 * SilcBool silc_pkcs_load_public_key(const char *filename,
678 * SilcPublicKey *ret_public_key);
682 * Loads public key from file and allocates new public key. Returns TRUE
683 * if loading was successful.
686 SilcBool silc_pkcs_load_public_key(const char *filename,
687 SilcPublicKey *ret_public_key);
689 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_public_key
693 * SilcBool silc_pkcs_save_public_key(const char *filename,
694 * SilcPublicKey public_key,
695 * SilcPKCSFileEncoding encoding);
699 * Saves public key into file with specified encoding. Returns FALSE
703 SilcBool silc_pkcs_save_public_key(const char *filename,
704 SilcPublicKey public_key,
705 SilcPKCSFileEncoding encoding);
707 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_load_private_key
711 * SilcBool silc_pkcs_load_private_key(const char *filename,
712 * const unsigned char *passphrase,
713 * SilcUInt32 passphrase_len,
714 * SilcPrivateKey *ret_private_key);
718 * Loads private key from file and allocates new private key. Returns TRUE
719 * if loading was successful. The `passphrase' is used as decryption
720 * key of the private key file, in case it is encrypted.
723 SilcBool silc_pkcs_load_private_key(const char *filename,
724 const unsigned char *passphrase,
725 SilcUInt32 passphrase_len,
726 SilcPrivateKey *ret_private_key);
728 /****f* silccrypt/SilcPKCSAPI/silc_pkcs_save_private_key
732 * SilcBool silc_pkcs_save_private_key(const char *filename,
733 * SilcPrivateKey private_key,
734 * const unsigned char *passphrase,
735 * SilcUInt32 passphrase_len,
736 * SilcPKCSFileEncoding encoding,
741 * Saves private key into file. The private key is encrypted into
742 * the file with the `passphrase' as a key, if PKCS supports encrypted
743 * private keys. Returns FALSE on error.
746 SilcBool silc_pkcs_save_private_key(const char *filename,
747 SilcPrivateKey private_key,
748 const unsigned char *passphrase,
749 SilcUInt32 passphrase_len,
750 SilcPKCSFileEncoding encoding,
753 /****f* silccrypt/SilcPKCSAPI/silc_hash_public_key
757 * SilcUInt32 silc_hash_public_key(void *key, void *user_context);
761 * An utility function for hashing public key for SilcHashTable. Give
762 * this as argument as the hash function for SilcHashTable.
765 SilcUInt32 silc_hash_public_key(void *key, void *user_context);
767 /****f* silccrypt/SilcPKCSAPI/silc_hash_public_key_compare
771 * SilcBool silc_hash_public_key_compare(void *key1, void *key2,
772 * void *user_context);
776 * An utility function for comparing public keys for SilcHashTable. Give
777 * this as argument as the compare function for SilcHashTable.
780 SilcBool silc_hash_public_key_compare(void *key1, void *key2,
783 #endif /* !SILCPKCS_H */