summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials/containers
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials/containers')
-rw-r--r--src/libstrongswan/credentials/containers/container.c23
-rw-r--r--src/libstrongswan/credentials/containers/container.h93
-rw-r--r--src/libstrongswan/credentials/containers/pkcs7.h63
3 files changed, 179 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/containers/container.c b/src/libstrongswan/credentials/containers/container.c
new file mode 100644
index 000000000..d1e67b21b
--- /dev/null
+++ b/src/libstrongswan/credentials/containers/container.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "container.h"
+
+ENUM(container_type_names, CONTAINER_PKCS7, CONTAINER_PKCS7_ENVELOPED_DATA,
+ "PKCS7",
+ "PKCS7_DATA",
+ "PKCS7_SIGNED_DATA",
+ "PKCS7_ENVELOPED_DATA",
+);
diff --git a/src/libstrongswan/credentials/containers/container.h b/src/libstrongswan/credentials/containers/container.h
new file mode 100644
index 000000000..fc5c09041
--- /dev/null
+++ b/src/libstrongswan/credentials/containers/container.h
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup container container
+ * @{ @ingroup containers
+ */
+
+#ifndef CONTAINER_H_
+#define CONTAINER_H_
+
+typedef struct container_t container_t;
+typedef enum container_type_t container_type_t;
+
+#include <utils/chunk.h>
+#include <collections/enumerator.h>
+
+/**
+ * Type of the container.
+ */
+enum container_type_t {
+ /** Any kind of PKCS7/CMS container */
+ CONTAINER_PKCS7,
+ /** PKCS7/CMS plain "data" */
+ CONTAINER_PKCS7_DATA,
+ /** PKCS7/CMS "signed-data" */
+ CONTAINER_PKCS7_SIGNED_DATA,
+ /** PKCS7/CMS "enveloped-data" */
+ CONTAINER_PKCS7_ENVELOPED_DATA,
+};
+
+/**
+ * Enum names for container_type_t
+ */
+extern enum_name_t *container_type_names;
+
+/**
+ * Generic interface for cryptographic containers.
+ */
+struct container_t {
+
+ /**
+ * Get the type of the container.
+ *
+ * @return container type
+ */
+ container_type_t (*get_type)(container_t *this);
+
+ /**
+ * Create an enumerator over trustchains for valid container signatures.
+ *
+ * @return enumerator over auth_cfg_t*
+ */
+ enumerator_t* (*create_signature_enumerator)(container_t *this);
+
+ /**
+ * Get signed/decrypted data wrapped in this container.
+ *
+ * This function does not verify any associated signatures, use
+ * create_signature_enumerator() to verify them.
+ *
+ * @param data allocated data wrapped in this container
+ * @return TRUE if data decrypted successfully
+ */
+ bool (*get_data)(container_t *this, chunk_t *data);
+
+ /**
+ * Get the encoding of the full signed/encrypted container.
+ *
+ * @param data allocated container encoding
+ * @return TRUE if encodign successful
+ */
+ bool (*get_encoding)(container_t *this, chunk_t *encoding);
+
+ /**
+ * Destroy a container_t.
+ */
+ void (*destroy)(container_t *this);
+};
+
+#endif /** CONTAINER_H_ @}*/
diff --git a/src/libstrongswan/credentials/containers/pkcs7.h b/src/libstrongswan/credentials/containers/pkcs7.h
new file mode 100644
index 000000000..d42d82b0b
--- /dev/null
+++ b/src/libstrongswan/credentials/containers/pkcs7.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs7 pkcs7
+ * @{ @ingroup containers
+ */
+
+#ifndef PKCS7_H_
+#define PKCS7_H_
+
+#include <credentials/containers/container.h>
+
+typedef struct pkcs7_t pkcs7_t;
+
+/**
+ * PKCS#7/CMS container type.
+ */
+struct pkcs7_t {
+
+ /**
+ * Implements container_t.
+ */
+ container_t container;
+
+ /**
+ * Get an authenticated PKCS#9 attribute from PKCS#7 signerInfo.
+ *
+ * To select the signerInfo structure to get the attribute from, pass
+ * the enumerator position from container_t.create_signature_enumerator().
+ *
+ * The attribute returned does not contain type information and must be
+ * freed after use.
+ *
+ * @param oid OID from the attribute to get
+ * @param enumerator enumerator to select signerInfo
+ * @param value chunk receiving attribute value, allocated
+ * @return TRUE if attribute found
+ */
+ bool (*get_attribute)(pkcs7_t *this, int oid, enumerator_t *enumerator,
+ chunk_t *value);
+
+ /**
+ * Create an enumerator over attached certificates.
+ *
+ * @return enumerator over certificate_t
+ */
+ enumerator_t* (*create_cert_enumerator)(pkcs7_t *this);
+};
+
+#endif /** PKCS7_H_ @}*/