Added support for different encryption schemes to private/public keys

3 files changed, 42 insertions, 2 deletions

diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 27f4ab098..cec920b02 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -51,11 +51,13 @@ struct private_key_t {
 	/**
 	 * Decrypt a chunk of data.
 	 *
+	 * @param scheme	expected encryption scheme used
 	 * @param crypto	chunk containing encrypted data
 	 * @param plain		where to allocate decrypted data
 	 * @return			TRUE if data decrypted and plaintext allocated
 	 */
-	bool (*decrypt)(private_key_t *this, chunk_t crypto, chunk_t *plain);
+	bool (*decrypt)(private_key_t *this, encryption_scheme_t scheme,
+					chunk_t crypto, chunk_t *plain);
 
 	/**
 	 * Get the strength of the key in bytes.
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index ce342de33..22df5dd1b 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -42,6 +42,16 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
 	"ECDSA-521",
 );
 
+ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
+	"ENCRYPT_UNKNOWN",
+	"ENCRYPT_RSA_PKCS1",
+	"ENCRYPT_RSA_OAEP_SHA1",
+	"ENCRYPT_RSA_OAEP_SHA224",
+	"ENCRYPT_RSA_OAEP_SHA256",
+	"ENCRYPT_RSA_OAEP_SHA384",
+	"ENCRYPT_RSA_OAEP_SHA512",
+);
+
 /**
  * See header.
  */
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index ff827a189..3b45b6c3e 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -24,6 +24,7 @@
 typedef struct public_key_t public_key_t;
 typedef enum key_type_t key_type_t;
 typedef enum signature_scheme_t signature_scheme_t;
+typedef enum encryption_scheme_t encryption_scheme_t;
 
 #include <library.h>
 #include <utils/identification.h>
@@ -97,6 +98,31 @@ enum signature_scheme_t {
 extern enum_name_t *signature_scheme_names;
 
 /**
+ * Encryption scheme for public key data encryption.
+ */
+enum encryption_scheme_t {
+	/** Unknown encryption scheme                                      */
+	ENCRYPT_UNKNOWN,
+	/** RSAES-PKCS1-v1_5 as in PKCS#1                                  */
+	ENCRYPT_RSA_PKCS1,
+	/** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label          */
+	ENCRYPT_RSA_OAEP_SHA1,
+	/** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label       */
+	ENCRYPT_RSA_OAEP_SHA224,
+	/** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label       */
+	ENCRYPT_RSA_OAEP_SHA256,
+	/** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label       */
+	ENCRYPT_RSA_OAEP_SHA384,
+	/** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label       */
+	ENCRYPT_RSA_OAEP_SHA512,
+};
+
+/**
+ * Enum names for encryption_scheme_t
+ */
+extern enum_name_t *encryption_scheme_names;
+
+/**
  * Abstract interface of a public key.
  */
 struct public_key_t {
@@ -122,11 +148,13 @@ struct public_key_t {
 	/**
 	 * Encrypt a chunk of data.
 	 *
+	 * @param scheme	encryption scheme to use
 	 * @param plain		chunk containing plaintext data
 	 * @param crypto	where to allocate encrypted data
 	 * @return 			TRUE if data successfully encrypted
 	 */
-	bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
+	bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
+					chunk_t plain, chunk_t *crypto);
 
 	/**
 	 * Check if two public keys are equal.