a7a39402702dfb2e75ce0a79a62f49f3867d6fc2
[strongswan.git] / src / libstrongswan / crypto / pkcs7.h
1 /*
2 * Copyright (C) 2005 Jan Hutter, Martin Willi
3 * Copyright (C) 2002-2008 Andreas Steffen
4 *
5 * Hochschule fuer Technik Rapperswil, Switzerland
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 *
17 * $Id$
18 */
19
20 /**
21 * @defgroup pkcs7 pkcs7
22 * @{ @ingroup crypto
23 */
24
25 #ifndef _PKCS7_H_
26 #define _PKCS7_H_
27
28 typedef struct pkcs7_t pkcs7_t;
29
30 #include <library.h>
31 #include <credentials/certificates/x509.h>
32 #include <credentials/keys/private_key.h>
33 #include <crypto/pkcs9.h>
34 #include <crypto/crypters/crypter.h>
35 #include <utils/iterator.h>
36
37 /**
38 * PKCS#7 contentInfo object.
39 */
40 struct pkcs7_t {
41 /**
42 * Check if the PKCS#7 contentType is data
43 *
44 * @return TRUE if the contentType is data
45 */
46 bool (*is_data) (pkcs7_t *this);
47
48 /**
49 * Check if the PKCS#7 contentType is signedData
50 *
51 * @return TRUE if the contentType is signedData
52 */
53 bool (*is_signedData) (pkcs7_t *this);
54
55 /**
56 * Check if the PKCS#7 contentType is envelopedData
57 *
58 * @return TRUE if the contentType is envelopedData
59 */
60 bool (*is_envelopedData) (pkcs7_t *this);
61
62 /**
63 * Parse a PKCS#7 data content.
64 *
65 * @return TRUE if parsing was successful
66 */
67 bool (*parse_data) (pkcs7_t *this);
68
69 /**
70 * Parse a PKCS#7 signedData content.
71 *
72 * @param cacert cacert used to verify the signature
73 * @return TRUE if parsing was successful
74 */
75 bool (*parse_signedData) (pkcs7_t *this, x509_t *cacert);
76
77 /**
78 * Parse a PKCS#7 envelopedData content.
79 *
80 * @param serialNumber serialNumber of the request
81 * @param key private key used to decrypt the symmetric key
82 * @return TRUE if parsing was successful
83 */
84 bool (*parse_envelopedData) (pkcs7_t *this, chunk_t serialNumber, private_key_t *key);
85
86 /**
87 * Returns the parsed data object
88 *
89 * @return chunk containing the data object
90 */
91 chunk_t (*get_data) (pkcs7_t *this);
92
93 /**
94 * Returns the a DER-encoded contentInfo object
95 *
96 * @return chunk containing the contentInfo object
97 */
98 chunk_t (*get_contentInfo) (pkcs7_t *this);
99
100 /**
101 * Create an iterator for the certificates.
102 *
103 * @return iterator for the certificates
104 */
105 iterator_t *(*create_certificate_iterator) (pkcs7_t *this);
106
107 /**
108 * Add a certificate.
109 *
110 * @param cert certificate to be included
111 */
112 void (*set_certificate) (pkcs7_t *this, x509_t *cert);
113
114 /**
115 * Add authenticated attributes.
116 *
117 * @param attributes attributes to be included
118 */
119 void (*set_attributes) (pkcs7_t *this, pkcs9_t *attributes);
120
121 /**
122 * Build a data object
123 *
124 * @return TRUE if build was successful
125 */
126 bool (*build_data) (pkcs7_t *this);
127
128 /**
129 * Build an envelopedData object
130 *
131 * @param cert receivers's certificate
132 * @param alg encryption algorithm
133 * @return TRUE if build was successful
134 */
135 bool (*build_envelopedData) (pkcs7_t *this, x509_t *cert,
136 encryption_algorithm_t alg);
137
138 /**
139 * Build an signedData object
140 *
141 * @param key signer's private key
142 * @param alg digest algorithm used for signature
143 * @return TRUE if build was successful
144 */
145 bool (*build_signedData) (pkcs7_t *this, private_key_t *key,
146 hash_algorithm_t alg);
147
148 /**
149 * Destroys the contentInfo object.
150 */
151 void (*destroy) (pkcs7_t *this);
152 };
153
154 /**
155 * Read a PKCS#7 contentInfo object from a DER encoded chunk.
156 *
157 * @param chunk chunk containing DER encoded data
158 * @param level ASN.1 parsing start level
159 * @return created pkcs7_contentInfo object, or NULL if invalid.
160 */
161 pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level);
162
163 /**
164 * Create a PKCS#7 contentInfo object
165 *
166 * @param chunk chunk containing data
167 * @return created pkcs7_contentInfo object.
168 */
169 pkcs7_t *pkcs7_create_from_data(chunk_t data);
170
171 /**
172 * Read a X.509 certificate from a DER encoded file.
173 *
174 * @param filename file containing DER encoded data
175 * @param label label describing kind of PKCS#7 file
176 * @return created pkcs7_t object, or NULL if invalid.
177 */
178 pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label);
179
180 #endif /* _PKCS7_H_ @} */