removing svn keyword $Id$ from all files
[strongswan.git] / src / libstrongswan / crypto / pkcs7.h
1 /*
2 * Copyright (C) 2005 Jan Hutter, Martin Willi
3 * Copyright (C) 2002-2008 Andreas Steffen
4 *
5 * Hochschule fuer Technik Rapperswil, Switzerland
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 /**
19 * @defgroup pkcs7 pkcs7
20 * @{ @ingroup crypto
21 */
22
23 #ifndef PKCS7_H_
24 #define PKCS7_H_
25
26 typedef struct pkcs7_t pkcs7_t;
27
28 #include <library.h>
29 #include <credentials/certificates/x509.h>
30 #include <credentials/keys/private_key.h>
31 #include <crypto/pkcs9.h>
32 #include <crypto/crypters/crypter.h>
33 #include <utils/iterator.h>
34
35 /**
36 * PKCS#7 contentInfo object.
37 */
38 struct pkcs7_t {
39 /**
40 * Check if the PKCS#7 contentType is data
41 *
42 * @return TRUE if the contentType is data
43 */
44 bool (*is_data) (pkcs7_t *this);
45
46 /**
47 * Check if the PKCS#7 contentType is signedData
48 *
49 * @return TRUE if the contentType is signedData
50 */
51 bool (*is_signedData) (pkcs7_t *this);
52
53 /**
54 * Check if the PKCS#7 contentType is envelopedData
55 *
56 * @return TRUE if the contentType is envelopedData
57 */
58 bool (*is_envelopedData) (pkcs7_t *this);
59
60 /**
61 * Parse a PKCS#7 data content.
62 *
63 * @return TRUE if parsing was successful
64 */
65 bool (*parse_data) (pkcs7_t *this);
66
67 /**
68 * Parse a PKCS#7 signedData content.
69 *
70 * @param cacert cacert used to verify the signature
71 * @return TRUE if parsing was successful
72 */
73 bool (*parse_signedData) (pkcs7_t *this, x509_t *cacert);
74
75 /**
76 * Parse a PKCS#7 envelopedData content.
77 *
78 * @param serialNumber serialNumber of the request
79 * @param key private key used to decrypt the symmetric key
80 * @return TRUE if parsing was successful
81 */
82 bool (*parse_envelopedData) (pkcs7_t *this, chunk_t serialNumber, private_key_t *key);
83
84 /**
85 * Returns the parsed data object
86 *
87 * @return chunk containing the data object
88 */
89 chunk_t (*get_data) (pkcs7_t *this);
90
91 /**
92 * Returns the a DER-encoded contentInfo object
93 *
94 * @return chunk containing the contentInfo object
95 */
96 chunk_t (*get_contentInfo) (pkcs7_t *this);
97
98 /**
99 * Create an iterator for the certificates.
100 *
101 * @return iterator for the certificates
102 */
103 iterator_t *(*create_certificate_iterator) (pkcs7_t *this);
104
105 /**
106 * Add a certificate.
107 *
108 * @param cert certificate to be included
109 */
110 void (*set_certificate) (pkcs7_t *this, x509_t *cert);
111
112 /**
113 * Add authenticated attributes.
114 *
115 * @param attributes attributes to be included
116 */
117 void (*set_attributes) (pkcs7_t *this, pkcs9_t *attributes);
118
119 /**
120 * Build a data object
121 *
122 * @return TRUE if build was successful
123 */
124 bool (*build_data) (pkcs7_t *this);
125
126 /**
127 * Build an envelopedData object
128 *
129 * @param cert receivers's certificate
130 * @param alg encryption algorithm
131 * @return TRUE if build was successful
132 */
133 bool (*build_envelopedData) (pkcs7_t *this, x509_t *cert,
134 encryption_algorithm_t alg);
135
136 /**
137 * Build an signedData object
138 *
139 * @param key signer's private key
140 * @param alg digest algorithm used for signature
141 * @return TRUE if build was successful
142 */
143 bool (*build_signedData) (pkcs7_t *this, private_key_t *key,
144 hash_algorithm_t alg);
145
146 /**
147 * Destroys the contentInfo object.
148 */
149 void (*destroy) (pkcs7_t *this);
150 };
151
152 /**
153 * Read a PKCS#7 contentInfo object from a DER encoded chunk.
154 *
155 * @param chunk chunk containing DER encoded data
156 * @param level ASN.1 parsing start level
157 * @return created pkcs7_contentInfo object, or NULL if invalid.
158 */
159 pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level);
160
161 /**
162 * Create a PKCS#7 contentInfo object
163 *
164 * @param data chunk containing data
165 * @return created pkcs7_contentInfo object.
166 */
167 pkcs7_t *pkcs7_create_from_data(chunk_t data);
168
169 /**
170 * Read a X.509 certificate from a DER encoded file.
171 *
172 * @param filename file containing DER encoded data
173 * @param label label describing kind of PKCS#7 file
174 * @return created pkcs7_t object, or NULL if invalid.
175 */
176 pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label);
177
178 #endif /** PKCS7_H_ @}*/