renamed eme_pkcs1_decrypt() to pkcs1_decrypt()
[strongswan.git] / src / libstrongswan / crypto / pkcs7.c
1 /**
2 * @file pkcs7.c
3 *
4 * @brief Implementation of pkcs7_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Copyright (C) 2002-2005 Andreas Steffen
11 * Hochschule fuer Technik Rapperswil, Switzerland
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 *
23 * RCSID $Id$
24 */
25
26 #include <stdlib.h>
27 #include <string.h>
28
29 #include <library.h>
30 #include "debug.h"
31
32 #include <asn1/asn1.h>
33 #include <asn1/oid.h>
34 #include <crypto/x509.h>
35 #include <crypto/hashers/hasher.h>
36 #include <crypto/crypters/crypter.h>
37 #include <utils/linked_list.h>
38
39 #include "pkcs7.h"
40
41 typedef struct private_pkcs7_t private_pkcs7_t;
42
43 /**
44 * Private data of a pkcs7_t object.
45 */
46 struct private_pkcs7_t {
47 /**
48 * Public interface for this certificate.
49 */
50 pkcs7_t public;
51
52 /**
53 * contentInfo type
54 */
55 int type;
56
57 /**
58 * ASN.1 encoded content
59 */
60 chunk_t content;
61
62 /**
63 * Has the content already been parsed?
64 */
65 bool parsed;
66
67 /**
68 * ASN.1 parsing start level
69 */
70 u_int level;
71
72 /**
73 * retrieved data
74 */
75 chunk_t data;
76
77 /**
78 * ASN.1 encoded attributes
79 */
80 chunk_t attributes;
81
82 /**
83 * Linked list of X.509 certificates
84 */
85 linked_list_t *certs;
86 };
87
88 /**
89 * ASN.1 definition of the PKCS#7 ContentInfo type
90 */
91 static const asn1Object_t contentInfoObjects[] = {
92 { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
93 { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
94 { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT |
95 ASN1_BODY }, /* 2 */
96 { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
97 };
98
99 #define PKCS7_INFO_TYPE 1
100 #define PKCS7_INFO_CONTENT 2
101 #define PKCS7_INFO_ROOF 4
102
103 /**
104 * ASN.1 definition of the PKCS#7 signedData type
105 */
106 static const asn1Object_t signedDataObjects[] = {
107 { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
108 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
109 { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
110 { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
111 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
112 { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
113 { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
114 ASN1_LOOP }, /* 6 */
115 { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
116 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
117 { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
118 ASN1_LOOP }, /* 9 */
119 { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
120 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
121 { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
122 { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
123 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
124 { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
125 { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
126 { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
127 { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
128 { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
129 ASN1_OBJ }, /* 19 */
130 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
131 { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
132 { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
133 { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
134 { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
135 { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */
136 };
137
138 #define PKCS7_DIGEST_ALG 3
139 #define PKCS7_SIGNED_CONTENT_INFO 5
140 #define PKCS7_SIGNED_CERT 7
141 #define PKCS7_SIGNER_INFO 13
142 #define PKCS7_SIGNED_ISSUER 16
143 #define PKCS7_SIGNED_SERIAL_NUMBER 17
144 #define PKCS7_DIGEST_ALGORITHM 18
145 #define PKCS7_AUTH_ATTRIBUTES 19
146 #define PKCS7_DIGEST_ENC_ALGORITHM 21
147 #define PKCS7_ENCRYPTED_DIGEST 22
148 #define PKCS7_SIGNED_ROOF 26
149
150 /**
151 * ASN.1 definition of the PKCS#7 envelopedData type
152 */
153 static const asn1Object_t envelopedDataObjects[] = {
154 { 0, "envelopedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
155 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
156 { 1, "recipientInfos", ASN1_SET, ASN1_LOOP }, /* 2 */
157 { 2, "recipientInfo", ASN1_SEQUENCE, ASN1_BODY }, /* 3 */
158 { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 4 */
159 { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
160 { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
161 { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 7 */
162 { 3, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 8 */
163 { 3, "encryptedKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 9 */
164 { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
165 { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
166 { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */
167 { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */
168 { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */
169 };
170
171 #define PKCS7_ENVELOPED_VERSION 1
172 #define PKCS7_RECIPIENT_INFO_VERSION 4
173 #define PKCS7_ISSUER 6
174 #define PKCS7_SERIAL_NUMBER 7
175 #define PKCS7_ENCRYPTION_ALG 8
176 #define PKCS7_ENCRYPTED_KEY 9
177 #define PKCS7_CONTENT_TYPE 12
178 #define PKCS7_CONTENT_ENC_ALGORITHM 13
179 #define PKCS7_ENCRYPTED_CONTENT 14
180 #define PKCS7_ENVELOPED_ROOF 15
181
182 /**
183 * PKCS7 contentInfo OIDs
184 */
185 static u_char ASN1_pkcs7_data_oid_str[] = {
186 0x06, 0x09,
187 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
188 };
189
190 static u_char ASN1_pkcs7_signed_data_oid_str[] = {
191 0x06, 0x09,
192 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02
193 };
194
195 static u_char ASN1_pkcs7_enveloped_data_oid_str[] = {
196 0x06, 0x09,
197 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03
198 };
199
200 static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = {
201 0x06, 0x09,
202 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04
203 };
204
205 static u_char ASN1_pkcs7_digested_data_oid_str[] = {
206 0x06, 0x09,
207 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05
208 };
209
210 static char ASN1_pkcs7_encrypted_data_oid_str[] = {
211 0x06, 0x09,
212 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06
213 };
214
215 static const chunk_t ASN1_pkcs7_data_oid =
216 chunk_from_buf(ASN1_pkcs7_data_oid_str);
217 static const chunk_t ASN1_pkcs7_signed_data_oid =
218 chunk_from_buf(ASN1_pkcs7_signed_data_oid_str);
219 static const chunk_t ASN1_pkcs7_enveloped_data_oid =
220 chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str);
221 static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid =
222 chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str);
223 static const chunk_t ASN1_pkcs7_digested_data_oid =
224 chunk_from_buf(ASN1_pkcs7_digested_data_oid_str);
225 static const chunk_t ASN1_pkcs7_encrypted_data_oid =
226 chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
227
228 /**
229 * 3DES and DES encryption OIDs
230 */
231 static u_char ASN1_3des_ede_cbc_oid_str[] = {
232 0x06, 0x08,
233 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07
234 };
235
236 static u_char ASN1_des_cbc_oid_str[] = {
237 0x06, 0x05,
238 0x2B, 0x0E, 0x03, 0x02, 0x07
239 };
240
241 static const chunk_t ASN1_3des_ede_cbc_oid =
242 chunk_from_buf(ASN1_3des_ede_cbc_oid_str);
243 static const chunk_t ASN1_des_cbc_oid =
244 chunk_from_buf(ASN1_des_cbc_oid_str);
245
246 /**
247 * PKCS#7 attribute type OIDs
248 */
249 static u_char ASN1_contentType_oid_str[] = {
250 0x06, 0x09,
251 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
252 };
253
254 static u_char ASN1_messageDigest_oid_str[] = {
255 0x06, 0x09,
256 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
257 };
258
259 static const chunk_t ASN1_contentType_oid =
260 chunk_from_buf(ASN1_contentType_oid_str);
261 static const chunk_t ASN1_messageDigest_oid =
262 chunk_from_buf(ASN1_messageDigest_oid_str);
263
264 /**
265 * Implements pkcs7_t.is_signedData.
266 */
267 static bool is_data(private_pkcs7_t *this)
268 {
269 return this->type == OID_PKCS7_DATA;
270 }
271
272 /**
273 * Implements pkcs7_t.is_signedData.
274 */
275 static bool is_signedData(private_pkcs7_t *this)
276 {
277 return this->type == OID_PKCS7_SIGNED_DATA;
278 }
279
280 /**
281 * Implements pkcs7_t.is_signedData.
282 */
283 static bool is_envelopedData(private_pkcs7_t *this)
284 {
285 return this->type == OID_PKCS7_ENVELOPED_DATA;
286 }
287
288 /**
289 * Check whether to abort the requested parsing
290 */
291 static bool abort_parsing(private_pkcs7_t *this, int type)
292 {
293 if (this->type != type)
294 {
295 DBG1("pkcs7 content to be parsed is not of type '%s'",
296 oid_names[type]);
297 return TRUE;
298 }
299 if (this->parsed)
300 {
301 DBG1("pkcs7 content has already been parsed");
302 return TRUE;
303 }
304 this->parsed = TRUE;
305 return FALSE;
306 }
307
308 /**
309 * Implements pkcs7_t.parse_data.
310 */
311 static bool parse_data(private_pkcs7_t *this)
312 {
313 chunk_t data = this->content;
314
315 if (abort_parsing(this, OID_PKCS7_DATA))
316 {
317 return FALSE;
318 }
319 if (parse_asn1_simple_object(&data, ASN1_OCTET_STRING, this->level, "data"))
320 {
321 this->data = chunk_clone(data);
322 return TRUE;
323 }
324 else
325 {
326 return FALSE;
327 }
328 }
329
330 /**
331 * Parse PKCS#7 signedData content
332 */
333 static bool parse_signedData(private_pkcs7_t *this, x509_t *cacert)
334 {
335 asn1_ctx_t ctx;
336 chunk_t object;
337 u_int level;
338 int objectID = 0;
339
340 int digest_alg = OID_UNKNOWN;
341 int enc_alg = OID_UNKNOWN;
342 int signerInfos = 0;
343
344 chunk_t encrypted_digest = chunk_empty;
345
346 if (abort_parsing(this, OID_PKCS7_SIGNED_DATA))
347 {
348 return FALSE;
349 }
350
351 asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
352
353 while (objectID < PKCS7_SIGNED_ROOF)
354 {
355 if (!extract_object(signedDataObjects, &objectID, &object, &level, &ctx))
356 {
357 return FALSE;
358 }
359
360 switch (objectID)
361 {
362 case PKCS7_DIGEST_ALG:
363 digest_alg = parse_algorithmIdentifier(object, level, NULL);
364 break;
365 case PKCS7_SIGNED_CONTENT_INFO:
366 this->data = chunk_clone(object);
367 break;
368 case PKCS7_SIGNED_CERT:
369 {
370 x509_t *cert = x509_create_from_chunk(object, level+1);
371
372 if (cert)
373 {
374 this->certs->insert_last(this->certs, (void*)cert);
375 }
376 }
377 break;
378 case PKCS7_SIGNER_INFO:
379 signerInfos++;
380 DBG2(" signer #%d", signerInfos);
381 break;
382 case PKCS7_SIGNED_ISSUER:
383 {
384 identification_t *issuer;
385
386 issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
387 DBG2(" '%D'", issuer);
388 issuer->destroy(issuer);
389 }
390 break;
391 case PKCS7_AUTH_ATTRIBUTES:
392 this->attributes = object;
393 *this->attributes.ptr = ASN1_SET;
394 break;
395 case PKCS7_DIGEST_ALGORITHM:
396 digest_alg = parse_algorithmIdentifier(object, level, NULL);
397 break;
398 case PKCS7_DIGEST_ENC_ALGORITHM:
399 enc_alg = parse_algorithmIdentifier(object, level, NULL);
400 break;
401 case PKCS7_ENCRYPTED_DIGEST:
402 encrypted_digest = object;
403 }
404 objectID++;
405 }
406
407 /* check the signature only if a cacert is available */
408 if (cacert != NULL)
409 {
410 rsa_public_key_t *signer = cacert->get_public_key(cacert);
411 hash_algorithm_t algorithm = hasher_algorithm_from_oid(digest_alg);
412
413 if (signerInfos == 0)
414 {
415 DBG1("no signerInfo object found");
416 return FALSE;
417 }
418 else if (signerInfos > 1)
419 {
420 DBG1("more than one signerInfo object found");
421 return FALSE;
422 }
423 if (this->attributes.ptr == NULL)
424 {
425 DBG1("no authenticatedAttributes object found");
426 return FALSE;
427 }
428 if (enc_alg != OID_RSA_ENCRYPTION)
429 {
430 DBG1("only RSA digest encryption supported");
431 return FALSE;
432 }
433 if (signer->verify_emsa_pkcs1_signature(signer, algorithm,
434 this->attributes, encrypted_digest) != SUCCESS)
435 {
436 DBG1("invalid digest signature");
437 return FALSE;
438 }
439 else
440 {
441 DBG2("digest signature is valid");
442 }
443 }
444 return TRUE;
445 }
446
447 /**
448 * Parse PKCS#7 envelopedData content
449 */
450 static bool parse_envelopedData(private_pkcs7_t *this, chunk_t serialNumber,
451 rsa_private_key_t *key)
452 {
453 asn1_ctx_t ctx;
454 chunk_t object;
455 u_int level;
456 int objectID = 0;
457
458 chunk_t iv = chunk_empty;
459 chunk_t symmetric_key = chunk_empty;
460 chunk_t encrypted_content = chunk_empty;
461
462 crypter_t *crypter = NULL;
463
464 if (abort_parsing(this, OID_PKCS7_ENVELOPED_DATA))
465 {
466 return FALSE;
467 }
468
469 asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
470
471 while (objectID < PKCS7_ENVELOPED_ROOF)
472 {
473 if (!extract_object(envelopedDataObjects, &objectID, &object, &level, &ctx))
474 {
475 goto failed;
476 }
477
478 switch (objectID)
479 {
480 case PKCS7_ENVELOPED_VERSION:
481 if (*object.ptr != 0)
482 {
483 DBG1("envelopedData version is not 0");
484 goto failed;
485 }
486 break;
487 case PKCS7_RECIPIENT_INFO_VERSION:
488 if (*object.ptr != 0)
489 {
490 DBG1("recipient info version is not 0");
491 goto failed;
492 }
493 break;
494 case PKCS7_ISSUER:
495 {
496 identification_t *issuer;
497
498 issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
499 DBG2(" '%D'", issuer);
500 issuer->destroy(issuer);
501 }
502 break;
503 case PKCS7_SERIAL_NUMBER:
504 if (!chunk_equals(serialNumber, object))
505 {
506 DBG1("serial numbers do not match");
507 goto failed;
508 }
509 break;
510 case PKCS7_ENCRYPTION_ALG:
511 {
512 int alg = parse_algorithmIdentifier(object, level, NULL);
513
514 if (alg != OID_RSA_ENCRYPTION)
515 {
516 DBG1("only rsa encryption supported");
517 goto failed;
518 }
519 }
520 break;
521 case PKCS7_ENCRYPTED_KEY:
522 if (key->pkcs1_decrypt(key, object, &symmetric_key) != SUCCESS)
523 {
524 DBG1("symmetric key could not be decrypted with rsa");
525 goto failed;
526 }
527 DBG4("symmetric key : %B", &symmetric_key);
528 break;
529 case PKCS7_CONTENT_TYPE:
530 if (known_oid(object) != OID_PKCS7_DATA)
531 {
532 DBG1("encrypted content not of type pkcs7 data");
533 goto failed;
534 }
535 break;
536 case PKCS7_CONTENT_ENC_ALGORITHM:
537 {
538 int alg = parse_algorithmIdentifier(object, level, &iv);
539
540 switch (alg)
541 {
542 case OID_DES_CBC:
543 crypter = crypter_create(ENCR_DES, 0);
544 break;
545 case OID_3DES_EDE_CBC:
546 crypter = crypter_create(ENCR_3DES, 0);
547 break;
548 default:
549 DBG1("Only DES and 3DES supported for symmetric encryption");
550 goto failed;
551 }
552 if (symmetric_key.len != crypter->get_key_size(crypter))
553 {
554 DBG1("symmetric key has wrong length");
555 goto failed;
556 }
557 if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
558 {
559 DBG1("IV could not be parsed");
560 goto failed;
561 }
562 if (iv.len != crypter->get_block_size(crypter))
563 {
564 DBG1("IV has wrong length");
565 goto failed;
566 }
567 }
568 break;
569 case PKCS7_ENCRYPTED_CONTENT:
570 encrypted_content = object;
571 break;
572 }
573 objectID++;
574 }
575
576 /* decrypt the content */
577 crypter->decrypt(crypter, encrypted_content, iv, &this->data);
578 DBG4("decrypted content with padding: %B", &this->data);
579
580 /* remove the padding */
581 {
582 u_char *pos = this->data.ptr + this->data.len - 1;
583 u_char pattern = *pos;
584 size_t padding = pattern;
585
586 if (padding > this->data.len)
587 {
588 DBG1("padding greater than data length");
589 goto failed;
590 }
591 this->data.len -= padding;
592
593 while (padding-- > 0)
594 {
595 if (*pos-- != pattern)
596 {
597 DBG1("wrong padding pattern");
598 goto failed;
599 }
600 }
601 }
602 crypter->destroy(crypter);
603 free(symmetric_key.ptr);
604 return TRUE;
605
606 failed:
607 DESTROY_IF(crypter);
608 free(symmetric_key.ptr);
609 chunk_free(&this->data);
610 return FALSE;
611 }
612
613 /**
614 * Implements pkcs7_t.destroy
615 */
616 static void destroy(private_pkcs7_t *this)
617 {
618 this->certs->destroy(this->certs);
619 free(this->data.ptr);
620 free(this);
621 }
622
623 /**
624 * Parse PKCS#7 contentInfo object
625 */
626 static bool parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_t *cInfo)
627 {
628 asn1_ctx_t ctx;
629 chunk_t object;
630 u_int level;
631 int objectID = 0;
632
633 asn1_init(&ctx, blob, level0, FALSE, FALSE);
634
635 while (objectID < PKCS7_INFO_ROOF)
636 {
637 if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx))
638 {
639 return FALSE;
640 }
641
642 if (objectID == PKCS7_INFO_TYPE)
643 {
644 cInfo->type = known_oid(object);
645 if (cInfo->type < OID_PKCS7_DATA
646 || cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
647 {
648 DBG1("unknown pkcs7 content type");
649 return FALSE;
650 }
651 }
652 else if (objectID == PKCS7_INFO_CONTENT)
653 {
654 cInfo->content = object;
655 }
656 objectID++;
657 }
658 return TRUE;
659 }
660
661 /*
662 * Described in header.
663 */
664 pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level)
665 {
666 private_pkcs7_t *this = malloc_thing(private_pkcs7_t);
667
668 /* initialize */
669 this->type = OID_UNKNOWN;
670 this->content = chunk_empty;
671 this->parsed = FALSE;
672 this->level = level + 2;
673 this->data = chunk_empty;
674 this->attributes = chunk_empty;
675 this->certs = linked_list_create();
676
677 /*public functions */
678 this->public.is_data = (bool (*) (pkcs7_t*))is_data;
679 this->public.is_signedData = (bool (*) (pkcs7_t*))is_signedData;
680 this->public.is_envelopedData = (bool (*) (pkcs7_t*))is_envelopedData;
681 this->public.parse_data = (bool (*) (pkcs7_t*))parse_data;
682 this->public.parse_signedData = (bool (*) (pkcs7_t*,x509_t*))parse_signedData;
683 this->public.parse_envelopedData = (bool (*) (pkcs7_t*,chunk_t,rsa_private_key_t*))parse_envelopedData;
684 this->public.destroy = (void (*) (pkcs7_t*))destroy;
685
686 if (!parse_contentInfo(chunk, level, this))
687 {
688 destroy(this);
689 return NULL;
690 }
691 return &this->public;
692 }