build_signedData() now computes messageDigest attribute
[strongswan.git] / src / libstrongswan / crypto / pkcs7.h
1 /**
2 * @file pkcs7.h
3 *
4 * @brief Interface of pkcs7_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Copyright (C) 2002-2008 Andreas Steffen
11 *
12 * Hochschule fuer Technik Rapperswil, Switzerland
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 *
24 * RCSID $Id$
25 */
26
27 #ifndef _PKCS7_H
28 #define _PKCS7_H
29
30 typedef struct pkcs7_t pkcs7_t;
31
32 #include <library.h>
33 #include <crypto/x509.h>
34 #include <crypto/pkcs9.h>
35 #include <crypto/rsa/rsa_private_key.h>
36 #include <crypto/crypters/crypter.h>
37 #include <utils/iterator.h>
38
39 /**
40 * @brief PKCS#7 contentInfo object.
41 *
42 * @b Constructors:
43 * -pkcs7_create_from_chunk()
44 * -pkcs7_create_from_data()
45 *
46 * @ingroup crypto
47 */
48 struct pkcs7_t {
49 /**
50 * @brief Check if the PKCS#7 contentType is data
51 *
52 * @param this calling object
53 * @return TRUE if the contentType is data
54 */
55 bool (*is_data) (pkcs7_t *this);
56
57 /**
58 * @brief Check if the PKCS#7 contentType is signedData
59 *
60 * @param this calling object
61 * @return TRUE if the contentType is signedData
62 */
63 bool (*is_signedData) (pkcs7_t *this);
64
65 /**
66 * @brief Check if the PKCS#7 contentType is envelopedData
67 *
68 * @param this calling object
69 * @return TRUE if the contentType is envelopedData
70 */
71 bool (*is_envelopedData) (pkcs7_t *this);
72
73 /**
74 * @brief Parse a PKCS#7 data content.
75 *
76 * @param this calling object
77 * @return TRUE if parsing was successful
78 */
79 bool (*parse_data) (pkcs7_t *this);
80
81 /**
82 * @brief Parse a PKCS#7 signedData content.
83 *
84 * @param this calling object
85 * @param cacert cacert used to verify the signature
86 * @return TRUE if parsing was successful
87 */
88 bool (*parse_signedData) (pkcs7_t *this, x509_t *cacert);
89
90 /**
91 * @brief Parse a PKCS#7 envelopedData content.
92 *
93 * @param this calling object
94 * @param serialNumber serialNumber of the request
95 * @param key RSA private key used to decrypt the symmetric key
96 * @return TRUE if parsing was successful
97 */
98 bool (*parse_envelopedData) (pkcs7_t *this, chunk_t serialNumber, rsa_private_key_t *key);
99
100 /**
101 * @brief Returns the parsed data object
102 *
103 * @param this calling object
104 * @return chunk containing the data object
105 */
106 chunk_t (*get_data) (pkcs7_t *this);
107
108 /**
109 * @brief Returns the a DER-encoded contentInfo object
110 *
111 * @param this calling object
112 * @return chunk containing the contentInfo object
113 */
114 chunk_t (*get_contentInfo) (pkcs7_t *this);
115
116 /**
117 * @brief Create an iterator for the certificates.
118 *
119 * @param this calling object
120 * @return iterator for the certificates
121 */
122 iterator_t *(*create_certificate_iterator) (pkcs7_t *this);
123
124 /**
125 * @brief Add a certificate.
126 *
127 * @param this calling object
128 * @param cert certificate to be included
129 */
130 void (*set_certificate) (pkcs7_t *this, x509_t *cert);
131
132 /**
133 * @brief Add authenticated attributes.
134 *
135 * @param this calling object
136 * @param attributes attributes to be included
137 */
138 void (*set_attributes) (pkcs7_t *this, pkcs9_t *attributes);
139
140 /**
141 * @brief Build a data object
142 *
143 * @param this PKCS#7 data to be built
144 * @return TRUE if build was successful
145 */
146 bool (*build_data) (pkcs7_t *this);
147
148 /**
149 * @brief Build an envelopedData object
150 *
151 * @param this PKCS#7 data object to envelop
152 * @param cert receivers's certificate
153 * @param alg encryption algorithm
154 * @return TRUE if build was successful
155 */
156 bool (*build_envelopedData) (pkcs7_t *this, x509_t *cert, encryption_algorithm_t alg);
157
158 /**
159 * @brief Build an signedData object
160 *
161 * @param this PKCS#7 data object to sign
162 * @param key signer's RSA private key
163 * @param alg digest algorithm used for signature
164 * @return TRUE if build was successful
165 */
166 bool (*build_signedData) (pkcs7_t *this, rsa_private_key_t *key, hash_algorithm_t alg);
167
168 /**
169 * @brief Destroys the contentInfo object.
170 *
171 * @param this PKCS#7 contentInfo object to destroy
172 */
173 void (*destroy) (pkcs7_t *this);
174 };
175
176 /**
177 * @brief Read a PKCS#7 contentInfo object from a DER encoded chunk.
178 *
179 * @param chunk chunk containing DER encoded data
180 * @param level ASN.1 parsing start level
181 * @return created pkcs7_contentInfo object, or NULL if invalid.
182 *
183 * @ingroup crypto
184 */
185 pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level);
186
187 /**
188 * @brief Create a PKCS#7 contentInfo object
189 *
190 * @param chunk chunk containing data
191 * @return created pkcs7_contentInfo object.
192 *
193 * @ingroup crypto
194 */
195 pkcs7_t *pkcs7_create_from_data(chunk_t data);
196
197 /**
198 * @brief Read a X.509 certificate from a DER encoded file.
199 *
200 * @param filename file containing DER encoded data
201 * @param label label describing kind of PKCS#7 file
202 * @return created pkcs7_t object, or NULL if invalid.
203 *
204 * @ingroup crypto
205 */
206 pkcs7_t *pkcs7_create_from_file(const char *filename, const char *label);
207
208
209 #endif /* _PKCS7_H */