diff options
Diffstat (limited to 'src/libstrongswan/credentials/containers')
-rw-r--r-- | src/libstrongswan/credentials/containers/container.c | 23 | ||||
-rw-r--r-- | src/libstrongswan/credentials/containers/container.h | 93 | ||||
-rw-r--r-- | src/libstrongswan/credentials/containers/pkcs7.h | 63 |
3 files changed, 179 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/containers/container.c b/src/libstrongswan/credentials/containers/container.c new file mode 100644 index 000000000..d1e67b21b --- /dev/null +++ b/src/libstrongswan/credentials/containers/container.c @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "container.h" + +ENUM(container_type_names, CONTAINER_PKCS7, CONTAINER_PKCS7_ENVELOPED_DATA, + "PKCS7", + "PKCS7_DATA", + "PKCS7_SIGNED_DATA", + "PKCS7_ENVELOPED_DATA", +); diff --git a/src/libstrongswan/credentials/containers/container.h b/src/libstrongswan/credentials/containers/container.h new file mode 100644 index 000000000..fc5c09041 --- /dev/null +++ b/src/libstrongswan/credentials/containers/container.h @@ -0,0 +1,93 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup container container + * @{ @ingroup containers + */ + +#ifndef CONTAINER_H_ +#define CONTAINER_H_ + +typedef struct container_t container_t; +typedef enum container_type_t container_type_t; + +#include <utils/chunk.h> +#include <collections/enumerator.h> + +/** + * Type of the container. + */ +enum container_type_t { + /** Any kind of PKCS7/CMS container */ + CONTAINER_PKCS7, + /** PKCS7/CMS plain "data" */ + CONTAINER_PKCS7_DATA, + /** PKCS7/CMS "signed-data" */ + CONTAINER_PKCS7_SIGNED_DATA, + /** PKCS7/CMS "enveloped-data" */ + CONTAINER_PKCS7_ENVELOPED_DATA, +}; + +/** + * Enum names for container_type_t + */ +extern enum_name_t *container_type_names; + +/** + * Generic interface for cryptographic containers. + */ +struct container_t { + + /** + * Get the type of the container. + * + * @return container type + */ + container_type_t (*get_type)(container_t *this); + + /** + * Create an enumerator over trustchains for valid container signatures. + * + * @return enumerator over auth_cfg_t* + */ + enumerator_t* (*create_signature_enumerator)(container_t *this); + + /** + * Get signed/decrypted data wrapped in this container. + * + * This function does not verify any associated signatures, use + * create_signature_enumerator() to verify them. + * + * @param data allocated data wrapped in this container + * @return TRUE if data decrypted successfully + */ + bool (*get_data)(container_t *this, chunk_t *data); + + /** + * Get the encoding of the full signed/encrypted container. + * + * @param data allocated container encoding + * @return TRUE if encodign successful + */ + bool (*get_encoding)(container_t *this, chunk_t *encoding); + + /** + * Destroy a container_t. + */ + void (*destroy)(container_t *this); +}; + +#endif /** CONTAINER_H_ @}*/ diff --git a/src/libstrongswan/credentials/containers/pkcs7.h b/src/libstrongswan/credentials/containers/pkcs7.h new file mode 100644 index 000000000..d42d82b0b --- /dev/null +++ b/src/libstrongswan/credentials/containers/pkcs7.h @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs7 pkcs7 + * @{ @ingroup containers + */ + +#ifndef PKCS7_H_ +#define PKCS7_H_ + +#include <credentials/containers/container.h> + +typedef struct pkcs7_t pkcs7_t; + +/** + * PKCS#7/CMS container type. + */ +struct pkcs7_t { + + /** + * Implements container_t. + */ + container_t container; + + /** + * Get an authenticated PKCS#9 attribute from PKCS#7 signerInfo. + * + * To select the signerInfo structure to get the attribute from, pass + * the enumerator position from container_t.create_signature_enumerator(). + * + * The attribute returned does not contain type information and must be + * freed after use. + * + * @param oid OID from the attribute to get + * @param enumerator enumerator to select signerInfo + * @param value chunk receiving attribute value, allocated + * @return TRUE if attribute found + */ + bool (*get_attribute)(pkcs7_t *this, int oid, enumerator_t *enumerator, + chunk_t *value); + + /** + * Create an enumerator over attached certificates. + * + * @return enumerator over certificate_t + */ + enumerator_t* (*create_cert_enumerator)(pkcs7_t *this); +}; + +#endif /** PKCS7_H_ @}*/ |