Changeset View
Changeset View
Standalone View
Standalone View
include/QtCrypto/qca_publickey.h
Show All 30 Lines | |||||
31 | */ | 31 | */ | ||
32 | 32 | | |||
33 | #ifndef QCA_PUBLICKEY_H | 33 | #ifndef QCA_PUBLICKEY_H | ||
34 | #define QCA_PUBLICKEY_H | 34 | #define QCA_PUBLICKEY_H | ||
35 | 35 | | |||
36 | #include <QObject> | 36 | #include <QObject> | ||
37 | #include "qca_core.h" | 37 | #include "qca_core.h" | ||
38 | 38 | | |||
39 | namespace QCA { | 39 | namespace QCA | ||
40 | { | ||||
40 | 41 | | |||
41 | class PublicKey; | 42 | class PublicKey; | ||
42 | class PrivateKey; | 43 | class PrivateKey; | ||
43 | class KeyGenerator; | 44 | class KeyGenerator; | ||
44 | class RSAPublicKey; | 45 | class RSAPublicKey; | ||
45 | class RSAPrivateKey; | 46 | class RSAPrivateKey; | ||
46 | class DSAPublicKey; | 47 | class DSAPublicKey; | ||
47 | class DSAPrivateKey; | 48 | class DSAPrivateKey; | ||
48 | class DHPublicKey; | 49 | class DHPublicKey; | ||
49 | class DHPrivateKey; | 50 | class DHPrivateKey; | ||
50 | 51 | | |||
51 | /** | 52 | /** | ||
52 | Encryption algorithms | 53 | Encryption algorithms | ||
53 | */ | 54 | */ | ||
54 | enum EncryptionAlgorithm | 55 | enum EncryptionAlgorithm { | ||
55 | { | | |||
56 | EME_PKCS1v15, ///< Block type 2 (PKCS#1, Version 1.5) | 56 | EME_PKCS1v15, ///< Block type 2 (PKCS#1, Version 1.5) | ||
57 | EME_PKCS1_OAEP, ///< Optimal asymmetric encryption padding (PKCS#1, Version 2.0) | 57 | EME_PKCS1_OAEP, ///< Optimal asymmetric encryption padding (PKCS#1, Version 2.0) | ||
58 | EME_PKCS1v15_SSL, ///< PKCS#1, Version 1.5 with an SSL-specific modification | 58 | EME_PKCS1v15_SSL, ///< PKCS#1, Version 1.5 with an SSL-specific modification | ||
59 | EME_NO_PADDING ///< Raw RSA encryption | 59 | EME_NO_PADDING ///< Raw RSA encryption | ||
60 | }; | 60 | }; | ||
61 | 61 | | |||
62 | /** | 62 | /** | ||
63 | Signature algorithm variants | 63 | Signature algorithm variants | ||
64 | 64 | | |||
65 | Note that most signature algorithms follow a process of first hashing the | 65 | Note that most signature algorithms follow a process of first hashing the | ||
66 | plaintext data to be signed, creating a payload format that wraps the hash | 66 | plaintext data to be signed, creating a payload format that wraps the hash | ||
67 | value (among other things), and then signing the payload with the private | 67 | value (among other things), and then signing the payload with the private | ||
68 | key. So, for example, an EMSA3(SHA1) signature outputted by QCA cannot be | 68 | key. So, for example, an EMSA3(SHA1) signature outputted by QCA cannot be | ||
69 | verified by merely performing RSA and SHA1 operations (e.g. | 69 | verified by merely performing RSA and SHA1 operations (e.g. | ||
70 | "openssl rsautl -verify" and comparing with sha1sum), because that would not | 70 | "openssl rsautl -verify" and comparing with sha1sum), because that would not | ||
71 | take the EMSA3 payload format into consideration. | 71 | take the EMSA3 payload format into consideration. | ||
72 | */ | 72 | */ | ||
73 | enum SignatureAlgorithm | 73 | enum SignatureAlgorithm { | ||
74 | { | | |||
75 | SignatureUnknown, ///< Unknown signing algorithm | 74 | SignatureUnknown, ///< Unknown signing algorithm | ||
76 | EMSA1_SHA1, ///< SHA1, with EMSA1 (IEEE1363-2000) encoding (this is the usual DSA algorithm - FIPS186) | 75 | EMSA1_SHA1, ///< SHA1, with EMSA1 (IEEE1363-2000) encoding (this is the usual DSA algorithm - FIPS186) | ||
77 | EMSA3_SHA1, ///< SHA1, with EMSA3 (ie PKCS#1 Version 1.5) encoding | 76 | EMSA3_SHA1, ///< SHA1, with EMSA3 (ie PKCS#1 Version 1.5) encoding | ||
78 | EMSA3_MD5, ///< MD5, with EMSA3 (ie PKCS#1 Version 1.5) encoding (this is the usual RSA algorithm) | 77 | EMSA3_MD5, ///< MD5, with EMSA3 (ie PKCS#1 Version 1.5) encoding (this is the usual RSA algorithm) | ||
79 | EMSA3_MD2, ///< MD2, with EMSA3 (ie PKCS#1 Version 1.5) encoding | 78 | EMSA3_MD2, ///< MD2, with EMSA3 (ie PKCS#1 Version 1.5) encoding | ||
80 | EMSA3_RIPEMD160, ///< RIPEMD160, with EMSA3 (ie PKCS#1 Version 1.5) encoding | 79 | EMSA3_RIPEMD160, ///< RIPEMD160, with EMSA3 (ie PKCS#1 Version 1.5) encoding | ||
81 | EMSA3_Raw, ///< EMSA3 without computing a message digest or a DigestInfo encoding (identical to PKCS#11's CKM_RSA_PKCS mechanism) | 80 | EMSA3_Raw, ///< EMSA3 without computing a message digest or a DigestInfo encoding (identical to PKCS#11's CKM_RSA_PKCS mechanism) | ||
82 | EMSA3_SHA224, ///< SHA224, with EMSA3 (ie PKCS#1 Version 1.5) encoding | 81 | EMSA3_SHA224, ///< SHA224, with EMSA3 (ie PKCS#1 Version 1.5) encoding | ||
83 | EMSA3_SHA256, ///< SHA256, with EMSA3 (ie PKCS#1 Version 1.5) encoding | 82 | EMSA3_SHA256, ///< SHA256, with EMSA3 (ie PKCS#1 Version 1.5) encoding | ||
84 | EMSA3_SHA384, ///< SHA384, with EMSA3 (ie PKCS#1 Version 1.5) encoding | 83 | EMSA3_SHA384, ///< SHA384, with EMSA3 (ie PKCS#1 Version 1.5) encoding | ||
85 | EMSA3_SHA512 ///< SHA512, with EMSA3 (ie PKCS#1 Version 1.5) encoding | 84 | EMSA3_SHA512 ///< SHA512, with EMSA3 (ie PKCS#1 Version 1.5) encoding | ||
86 | }; | 85 | }; | ||
87 | 86 | | |||
88 | /** | 87 | /** | ||
89 | Signature formats (DSA only) | 88 | Signature formats (DSA only) | ||
90 | */ | 89 | */ | ||
91 | enum SignatureFormat | 90 | enum SignatureFormat { | ||
92 | { | | |||
93 | DefaultFormat, ///< For DSA, this is the same as IEEE_1363 | 91 | DefaultFormat, ///< For DSA, this is the same as IEEE_1363 | ||
94 | IEEE_1363, ///< 40-byte format from IEEE 1363 (Botan/.NET) | 92 | IEEE_1363, ///< 40-byte format from IEEE 1363 (Botan/.NET) | ||
95 | DERSequence ///< Signature wrapped in DER formatting (OpenSSL/Java) | 93 | DERSequence ///< Signature wrapped in DER formatting (OpenSSL/Java) | ||
96 | }; | 94 | }; | ||
97 | 95 | | |||
98 | /** | 96 | /** | ||
99 | Password-based encryption | 97 | Password-based encryption | ||
100 | */ | 98 | */ | ||
101 | enum PBEAlgorithm | 99 | enum PBEAlgorithm { | ||
102 | { | | |||
103 | PBEDefault, ///< Use modern default (same as PBES2_TripleDES_SHA1) | 100 | PBEDefault, ///< Use modern default (same as PBES2_TripleDES_SHA1) | ||
104 | PBES2_DES_SHA1, ///< PKCS#5 v2.0 DES/CBC,SHA1 | 101 | PBES2_DES_SHA1, ///< PKCS#5 v2.0 DES/CBC,SHA1 | ||
105 | PBES2_TripleDES_SHA1, ///< PKCS#5 v2.0 TripleDES/CBC,SHA1 | 102 | PBES2_TripleDES_SHA1, ///< PKCS#5 v2.0 TripleDES/CBC,SHA1 | ||
106 | PBES2_AES128_SHA1, ///< PKCS#5 v2.0 AES-128/CBC,SHA1 | 103 | PBES2_AES128_SHA1, ///< PKCS#5 v2.0 AES-128/CBC,SHA1 | ||
107 | PBES2_AES192_SHA1, ///< PKCS#5 v2.0 AES-192/CBC,SHA1 | 104 | PBES2_AES192_SHA1, ///< PKCS#5 v2.0 AES-192/CBC,SHA1 | ||
108 | PBES2_AES256_SHA1 ///< PKCS#5 v2.0 AES-256/CBC,SHA1 | 105 | PBES2_AES256_SHA1 ///< PKCS#5 v2.0 AES-256/CBC,SHA1 | ||
109 | }; | 106 | }; | ||
110 | 107 | | |||
111 | /** | 108 | /** | ||
112 | Return value from a format conversion | 109 | Return value from a format conversion | ||
113 | 110 | | |||
114 | Note that if you are checking for any result other than ConvertGood, | 111 | Note that if you are checking for any result other than ConvertGood, | ||
115 | then you may be introducing a provider specific dependency. | 112 | then you may be introducing a provider specific dependency. | ||
116 | */ | 113 | */ | ||
117 | enum ConvertResult | 114 | enum ConvertResult { | ||
118 | { | | |||
119 | ConvertGood, ///< Conversion succeeded, results should be valid | 115 | ConvertGood, ///< Conversion succeeded, results should be valid | ||
120 | ErrorDecode, ///< General failure in the decode stage | 116 | ErrorDecode, ///< General failure in the decode stage | ||
121 | ErrorPassphrase, ///< Failure because of incorrect passphrase | 117 | ErrorPassphrase, ///< Failure because of incorrect passphrase | ||
122 | ErrorFile ///< Failure because of incorrect file | 118 | ErrorFile ///< Failure because of incorrect file | ||
123 | }; | 119 | }; | ||
124 | 120 | | |||
125 | /** | 121 | /** | ||
126 | Well known discrete logarithm group sets | 122 | Well known discrete logarithm group sets | ||
127 | 123 | | |||
128 | These sets are derived from three main sources: | 124 | These sets are derived from three main sources: | ||
129 | Java Cryptographic Extensions, | 125 | Java Cryptographic Extensions, | ||
130 | <a href="http://www.ietf.org/rfc/rfc2412.txt">RFC2412</a> and | 126 | <a href="http://www.ietf.org/rfc/rfc2412.txt">RFC2412</a> and | ||
131 | <a href="http://www.ietf.org/rfc/rfc3526.txt">RFC3526</a>. | 127 | <a href="http://www.ietf.org/rfc/rfc3526.txt">RFC3526</a>. | ||
132 | */ | 128 | */ | ||
133 | enum DLGroupSet | 129 | enum DLGroupSet { | ||
134 | { | | |||
135 | DSA_512, ///< 512 bit group, for compatibility with JCE | 130 | DSA_512, ///< 512 bit group, for compatibility with JCE | ||
136 | DSA_768, ///< 768 bit group, for compatibility with JCE | 131 | DSA_768, ///< 768 bit group, for compatibility with JCE | ||
137 | DSA_1024, ///< 1024 bit group, for compatibility with JCE | 132 | DSA_1024, ///< 1024 bit group, for compatibility with JCE | ||
138 | IETF_768, ///< Group 1 from RFC 2412, Section E.1 | 133 | IETF_768, ///< Group 1 from RFC 2412, Section E.1 | ||
139 | IETF_1024, ///< Group 2 from RFC 2412, Section E.2 | 134 | IETF_1024, ///< Group 2 from RFC 2412, Section E.2 | ||
140 | IETF_1536, ///< 1536-bit MODP Group ("group 5") from RFC3526 Section 2. | 135 | IETF_1536, ///< 1536-bit MODP Group ("group 5") from RFC3526 Section 2. | ||
141 | IETF_2048, ///< 2048-bit MODP Group ("group 14") from RFC3526 Section 3. | 136 | IETF_2048, ///< 2048-bit MODP Group ("group 14") from RFC3526 Section 3. | ||
142 | IETF_3072, ///< 3072-bit MODP Group ("group 15") from RFC3526 Section 4. | 137 | IETF_3072, ///< 3072-bit MODP Group ("group 15") from RFC3526 Section 4. | ||
▲ Show 20 Lines • Show All 54 Lines • ▼ Show 20 Line(s) | 167 | public: | |||
197 | DLGroup(const DLGroup &from); | 192 | DLGroup(const DLGroup &from); | ||
198 | ~DLGroup(); | 193 | ~DLGroup(); | ||
199 | 194 | | |||
200 | /** | 195 | /** | ||
201 | Standard assignment operator | 196 | Standard assignment operator | ||
202 | 197 | | |||
203 | \param from the DLGroup to copy from | 198 | \param from the DLGroup to copy from | ||
204 | */ | 199 | */ | ||
205 | DLGroup & operator=(const DLGroup &from); | 200 | DLGroup &operator=(const DLGroup &from); | ||
206 | 201 | | |||
207 | /** | 202 | /** | ||
208 | Provide a list of the supported group sets | 203 | Provide a list of the supported group sets | ||
209 | 204 | | |||
210 | \param provider the provider to report which group sets are | 205 | \param provider the provider to report which group sets are | ||
211 | available. If not specified, all providers will be checked | 206 | available. If not specified, all providers will be checked | ||
212 | */ | 207 | */ | ||
213 | static QList<DLGroupSet> supportedGroupSets(const QString &provider = QString()); | 208 | static QList<DLGroupSet> supportedGroupSets(const QString &provider = QString()); | ||
▲ Show 20 Lines • Show All 58 Lines • ▼ Show 20 Line(s) | 246 | public: | |||
272 | 267 | | |||
273 | ~PKey(); | 268 | ~PKey(); | ||
274 | 269 | | |||
275 | /** | 270 | /** | ||
276 | Standard assignment operator | 271 | Standard assignment operator | ||
277 | 272 | | |||
278 | \param from the PKey to copy from | 273 | \param from the PKey to copy from | ||
279 | */ | 274 | */ | ||
280 | PKey & operator=(const PKey &from); | 275 | PKey &operator=(const PKey &from); | ||
281 | 276 | | |||
282 | /** | 277 | /** | ||
283 | Test what types of keys are supported. | 278 | Test what types of keys are supported. | ||
284 | 279 | | |||
285 | Normally you would just test if the capability is present, however | 280 | Normally you would just test if the capability is present, however | ||
286 | for PKey, you also need to test which types of keys are available. | 281 | for PKey, you also need to test which types of keys are available. | ||
287 | So if you want to figure out if RSA keys are supported, you need to | 282 | So if you want to figure out if RSA keys are supported, you need to | ||
288 | do something like: | 283 | do something like: | ||
▲ Show 20 Lines • Show All 267 Lines • ▼ Show 20 Line(s) | 523 | public: | |||
556 | 551 | | |||
557 | ~PublicKey(); | 552 | ~PublicKey(); | ||
558 | 553 | | |||
559 | /** | 554 | /** | ||
560 | Assignment operator | 555 | Assignment operator | ||
561 | 556 | | |||
562 | \param from the PublicKey to copy from | 557 | \param from the PublicKey to copy from | ||
563 | */ | 558 | */ | ||
564 | PublicKey & operator=(const PublicKey &from); | 559 | PublicKey &operator=(const PublicKey &from); | ||
565 | 560 | | |||
566 | /** | 561 | /** | ||
567 | Convenience method to convert this key to an RSAPublicKey | 562 | Convenience method to convert this key to an RSAPublicKey | ||
568 | 563 | | |||
569 | Note that if the key is not an RSA key (eg it is DSA or DH), | 564 | Note that if the key is not an RSA key (eg it is DSA or DH), | ||
570 | then this will produce a null key. | 565 | then this will produce a null key. | ||
571 | */ | 566 | */ | ||
572 | RSAPublicKey toRSA() const; | 567 | RSAPublicKey toRSA() const; | ||
▲ Show 20 Lines • Show All 280 Lines • ▼ Show 20 Line(s) | 823 | public: | |||
853 | 848 | | |||
854 | ~PrivateKey(); | 849 | ~PrivateKey(); | ||
855 | 850 | | |||
856 | /** | 851 | /** | ||
857 | Assignment operator | 852 | Assignment operator | ||
858 | 853 | | |||
859 | \param from the PrivateKey to copy from | 854 | \param from the PrivateKey to copy from | ||
860 | */ | 855 | */ | ||
861 | PrivateKey & operator=(const PrivateKey &from); | 856 | PrivateKey &operator=(const PrivateKey &from); | ||
862 | 857 | | |||
863 | /** | 858 | /** | ||
864 | Interpret / convert the key to an RSA key | 859 | Interpret / convert the key to an RSA key | ||
865 | */ | 860 | */ | ||
866 | RSAPrivateKey toRSA() const; | 861 | RSAPrivateKey toRSA() const; | ||
867 | 862 | | |||
868 | /** | 863 | /** | ||
869 | Interpret / convert the key to a DSA key | 864 | Interpret / convert the key to a DSA key | ||
▲ Show 20 Lines • Show All 671 Lines • Show Last 20 Lines |