extended and debugged PKCS#7 signedData support
[strongswan.git] / src / libstrongswan / crypto / pkcs7.h
1 /**
2 * @file pkcs7.h
3 *
4 * @brief Interface of pkcs7_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Copyright (C) 2002-2008 Andreas Steffen
11 *
12 * Hochschule fuer Technik Rapperswil, Switzerland
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 *
24 * RCSID $Id$
25 */
26
27 #ifndef _PKCS7_H
28 #define _PKCS7_H
29
30 typedef struct pkcs7_t pkcs7_t;
31
32 #include <library.h>
33 #include <crypto/x509.h>
34 #include <crypto/pkcs9.h>
35 #include <crypto/rsa/rsa_private_key.h>
36 #include <crypto/crypters/crypter.h>
37 #include <utils/iterator.h>
38
39 extern const chunk_t ASN1_pkcs7_data_oid;
40
41 /**
42 * @brief PKCS#7 contentInfo object.
43 *
44 * @b Constructors:
45 * -pkcs7_create_from_chunk()
46 * -pkcs7_create_from_data()
47 *
48 * @ingroup crypto
49 */
50 struct pkcs7_t {
51 /**
52 * @brief Check if the PKCS#7 contentType is data
53 *
54 * @param this calling object
55 * @return TRUE if the contentType is data
56 */
57 bool (*is_data) (pkcs7_t *this);
58
59 /**
60 * @brief Check if the PKCS#7 contentType is signedData
61 *
62 * @param this calling object
63 * @return TRUE if the contentType is signedData
64 */
65 bool (*is_signedData) (pkcs7_t *this);
66
67 /**
68 * @brief Check if the PKCS#7 contentType is envelopedData
69 *
70 * @param this calling object
71 * @return TRUE if the contentType is envelopedData
72 */
73 bool (*is_envelopedData) (pkcs7_t *this);
74
75 /**
76 * @brief Parse a PKCS#7 data content.
77 *
78 * @param this calling object
79 * @return TRUE if parsing was successful
80 */
81 bool (*parse_data) (pkcs7_t *this);
82
83 /**
84 * @brief Parse a PKCS#7 signedData content.
85 *
86 * @param this calling object
87 * @param cacert cacert used to verify the signature
88 * @return TRUE if parsing was successful
89 */
90 bool (*parse_signedData) (pkcs7_t *this, x509_t *cacert);
91
92 /**
93 * @brief Parse a PKCS#7 envelopedData content.
94 *
95 * @param this calling object
96 * @param serialNumber serialNumber of the request
97 * @param key RSA private key used to decrypt the symmetric key
98 * @return TRUE if parsing was successful
99 */
100 bool (*parse_envelopedData) (pkcs7_t *this, chunk_t serialNumber, rsa_private_key_t *key);
101
102 /**
103 * @brief Returns the parsed data object
104 *
105 * @param this calling object
106 * @return chunk containing the data object
107 */
108 chunk_t (*get_data) (pkcs7_t *this);
109
110 /**
111 * @brief Returns the a DER-encoded contentInfo object
112 *
113 * @param this calling object
114 * @return chunk containing the contentInfo object
115 */
116 chunk_t (*get_contentInfo) (pkcs7_t *this);
117
118 /**
119 * @brief Create an iterator for the certificates.
120 *
121 * @param this calling object
122 * @return iterator for the certificates
123 */
124 iterator_t *(*create_certificate_iterator) (pkcs7_t *this);
125
126 /**
127 * @brief Add a certificate.
128 *
129 * @param this calling object
130 * @param cert certificate to be included
131 */
132 void (*set_certificate) (pkcs7_t *this, x509_t *cert);
133
134 /**
135 * @brief Add authenticated attributes.
136 *
137 * @param this calling object
138 * @param attributes attributes to be included
139 */
140 void (*set_attributes) (pkcs7_t *this, pkcs9_t *attributes);
141
142 /**
143 * @brief Build a data object
144 *
145 * @param this PKCS#7 data to be built
146 * @return TRUE if build was successful
147 */
148 bool (*build_data) (pkcs7_t *this);
149
150 /**
151 * @brief Build an envelopedData object
152 *
153 * @param this PKCS#7 data object to envelop
154 * @param cert receivers's certificate
155 * @param alg encryption algorithm
156 * @return TRUE if build was successful
157 */
158 bool (*build_envelopedData) (pkcs7_t *this, x509_t *cert, encryption_algorithm_t alg);
159
160 /**
161 * @brief Build an signedData object
162 *
163 * @param this PKCS#7 data object to sign
164 * @param key signer's RSA private key
165 * @param alg digest algorithm used for signature
166 * @return TRUE if build was successful
167 */
168 bool (*build_signedData) (pkcs7_t *this, rsa_private_key_t *key, hash_algorithm_t alg);
169
170 /**
171 * @brief Destroys the contentInfo object.
172 *
173 * @param this PKCS#7 contentInfo object to destroy
174 */
175 void (*destroy) (pkcs7_t *this);
176 };
177
178 /**
179 * @brief Read a PKCS#7 contentInfo object from a DER encoded chunk.
180 *
181 * @param chunk chunk containing DER encoded data
182 * @param level ASN.1 parsing start level
183 * @return created pkcs7_contentInfo object, or NULL if invalid.
184 *
185 * @ingroup crypto
186 */
187 pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level);
188
189 /**
190 * @brief Create a PKCS#7 contentInfo object
191 *
192 * @param chunk chunk containing data
193 * @return created pkcs7_contentInfo object.
194 *
195 * @ingroup crypto
196 */
197 pkcs7_t *pkcs7_create_from_data(chunk_t data);
198
199 /**
200 * @brief Read a X.509 certificate from a DER encoded file.
201 *
202 * @param filename file containing DER encoded data
203 * @param label label describing kind of PKCS#7 file
204 * @return created pkcs7_t object, or NULL if invalid.
205 *
206 * @ingroup crypto
207 */
208 pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label);
209
210
211 #endif /* _PKCS7_H */