Move PKCS#9 attribute lists to pkcs7 plugin, as we currently use it there only
authorMartin Willi <martin@revosec.ch>
Thu, 29 Nov 2012 10:52:27 +0000 (11:52 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 19 Dec 2012 09:32:08 +0000 (10:32 +0100)
src/libstrongswan/Makefile.am
src/libstrongswan/crypto/pkcs9.c [deleted file]
src/libstrongswan/crypto/pkcs9.h [deleted file]
src/libstrongswan/plugins/pkcs7/Makefile.am
src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c [new file with mode: 0644]
src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h [new file with mode: 0644]
src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c
src/scepclient/scep.c

index 423f0d2..243ff55 100644 (file)
@@ -4,8 +4,7 @@ libstrongswan_la_SOURCES = \
 library.c \
 asn1/asn1.c asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c bio/bio_writer.c \
 collections/blocking_queue.c collections/enumerator.c collections/hashtable.c \
-collections/linked_list.c \
-crypto/crypters/crypter.c crypto/hashers/hasher.c crypto/pkcs9.c \
+collections/linked_list.c crypto/crypters/crypter.c crypto/hashers/hasher.c \
 crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \
 crypto/prfs/prf.c crypto/prfs/mac_prf.c \
 crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \
@@ -41,8 +40,7 @@ asn1/asn1.h asn1/asn1_parser.h asn1/oid.h bio/bio_reader.h bio/bio_writer.h \
 collections/blocking_queue.h collections/enumerator.h collections/hashtable.h \
 collections/linked_list.h \
 crypto/crypters/crypter.h crypto/hashers/hasher.h crypto/mac.h \
-crypto/pkcs9.h crypto/proposal/proposal_keywords.h \
-crypto/proposal/proposal_keywords_static.h \
+crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \
 crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \
 crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
 crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c
deleted file mode 100644 (file)
index b6bc7eb..0000000
+++ /dev/null
@@ -1,270 +0,0 @@
-/*
- * Copyright (C) 2012 Tobias Brunner
- * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <library.h>
-#include <utils/debug.h>
-
-#include <asn1/oid.h>
-#include <asn1/asn1.h>
-#include <asn1/asn1_parser.h>
-#include <collections/linked_list.h>
-
-#include "pkcs9.h"
-
-typedef struct private_pkcs9_t private_pkcs9_t;
-typedef struct attribute_t attribute_t;
-
-/**
- * Private data of a pkcs9_t attribute list.
- */
-struct private_pkcs9_t {
-       /**
-        * Public interface
-        */
-       pkcs9_t public;
-
-       /**
-        * DER encoding of PKCS#9 attributes
-        */
-       chunk_t encoding;
-
-       /**
-        * Linked list of PKCS#9 attributes
-        */
-       linked_list_t *attributes;
-};
-
-/**
- * Definition of an attribute_t object.
- */
-struct attribute_t {
-
-       /**
-        * Object Identifier (OID)
-        */
-       int oid;
-
-       /**
-        * Attribute value
-        */
-       chunk_t value;
-
-       /**
-        * ASN.1 encoding
-        */
-       chunk_t encoding;
-};
-
-/**
- * Destroy an attribute_t object.
- */
-static void attribute_destroy(attribute_t *this)
-{
-       free(this->value.ptr);
-       free(this);
-}
-
-/**
- * Create an attribute_t object.
- */
-static attribute_t *attribute_create(int oid, chunk_t value)
-{
-       attribute_t *this;
-
-       INIT(this,
-               .oid = oid,
-               .value = chunk_clone(value),
-       );
-
-       return this;
-}
-
-/**
- * Build encoding of the attribute list
- */
-static void build_encoding(private_pkcs9_t *this)
-{
-       enumerator_t *enumerator;
-       attribute_t *attribute;
-       u_int len = 0, count, i = 0;
-       chunk_t *chunks;
-       u_char *pos;
-
-       count = this->attributes->get_count(this->attributes);
-       chunks = malloc(sizeof(chunk_t) * count);
-
-       enumerator = this->attributes->create_enumerator(this->attributes);
-       while (enumerator->enumerate(enumerator, &attribute))
-       {
-               chunks[i] = asn1_wrap(ASN1_SEQUENCE, "mm",
-                                                               asn1_build_known_oid(attribute->oid),
-                                                               asn1_wrap(ASN1_SET, "c", attribute->value));
-               len += chunks[i].len;
-               i++;
-       }
-       enumerator->destroy(enumerator);
-
-       pos = asn1_build_object(&this->encoding, ASN1_SET, len);
-       for (i = 0; i < count; i++)
-       {
-               memcpy(pos, chunks[i].ptr, chunks[i].len);
-               pos += chunks[i].len;
-               free(chunks[i].ptr);
-       }
-       free(chunks);
-}
-
-METHOD(pkcs9_t, get_encoding, chunk_t,
-       private_pkcs9_t *this)
-{
-       if (!this->encoding.len)
-       {
-               build_encoding(this);
-       }
-       return this->encoding;
-}
-
-METHOD(pkcs9_t, get_attribute, chunk_t,
-       private_pkcs9_t *this, int oid)
-{
-       enumerator_t *enumerator;
-       chunk_t value = chunk_empty;
-       attribute_t *attribute;
-
-       enumerator = this->attributes->create_enumerator(this->attributes);
-       while (enumerator->enumerate(enumerator, &attribute))
-       {
-               if (attribute->oid == oid)
-               {
-                       value = attribute->value;
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       if (value.len && asn1_unwrap(&value, &value) != ASN1_INVALID)
-       {
-               return value;
-       }
-       return chunk_empty;
-}
-
-METHOD(pkcs9_t, add_attribute, void,
-       private_pkcs9_t *this, int oid, chunk_t value)
-{
-       this->attributes->insert_last(this->attributes,
-                                                                 attribute_create(oid, value));
-       chunk_free(&value);
-
-       /* rebuild encoding when adding attributes */
-       chunk_free(&this->encoding);
-}
-
-METHOD(pkcs9_t, destroy, void,
-       private_pkcs9_t *this)
-{
-       this->attributes->destroy_function(this->attributes,
-                                                                          (void*)attribute_destroy);
-       free(this->encoding.ptr);
-       free(this);
-}
-
-/*
- * Described in header.
- */
-pkcs9_t *pkcs9_create(void)
-{
-       private_pkcs9_t *this;
-
-       INIT(this,
-               .public = {
-                       .get_encoding = _get_encoding,
-                       .get_attribute = _get_attribute,
-                       .add_attribute = _add_attribute,
-                       .destroy = _destroy,
-               },
-               .attributes = linked_list_create(),
-       );
-
-       return &this->public;
-}
-
-/**
- * ASN.1 definition of the X.501 atttribute type
- */
-static const asn1Object_t attributesObjects[] = {
-       { 0, "attributes",              ASN1_SET,               ASN1_LOOP }, /* 0 */
-       { 1,   "attribute",             ASN1_SEQUENCE,  ASN1_NONE }, /* 1 */
-       { 2,     "type",                ASN1_OID,               ASN1_BODY }, /* 2 */
-       { 2,     "values",              ASN1_SET,               ASN1_LOOP }, /* 3 */
-       { 3,       "value",             ASN1_EOC,               ASN1_RAW  }, /* 4 */
-       { 2,     "end loop",    ASN1_EOC,               ASN1_END  }, /* 5 */
-       { 0, "end loop",                ASN1_EOC,               ASN1_END  }, /* 6 */
-       { 0, "exit",                    ASN1_EOC,               ASN1_EXIT }
-};
-#define ATTRIBUTE_OBJ_TYPE     2
-#define ATTRIBUTE_OBJ_VALUE    4
-
-/**
- * Parse a PKCS#9 attribute list
- */
-static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this)
-{
-       asn1_parser_t *parser;
-       chunk_t object;
-       int objectID;
-       int oid = OID_UNKNOWN;
-       bool success = FALSE;
-
-       parser = asn1_parser_create(attributesObjects, chunk);
-       parser->set_top_level(parser, level0);
-
-       while (parser->iterate(parser, &objectID, &object))
-       {
-               switch (objectID)
-               {
-                       case ATTRIBUTE_OBJ_TYPE:
-                               oid = asn1_known_oid(object);
-                               break;
-                       case ATTRIBUTE_OBJ_VALUE:
-                               if (oid != OID_UNKNOWN)
-                               {
-                                       this->attributes->insert_last(this->attributes,
-                                                                                                 attribute_create(oid, object));
-                               }
-                               break;
-               }
-       }
-       success = parser->success(parser);
-
-       parser->destroy(parser);
-       return success;
-}
-
- /*
- * Described in header.
- */
-pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level)
-{
-       private_pkcs9_t *this = (private_pkcs9_t*)pkcs9_create();
-
-       this->encoding = chunk_clone(chunk);
-       if (!parse_attributes(chunk, level, this))
-       {
-               destroy(this);
-               return NULL;
-       }
-       return &this->public;
-}
diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h
deleted file mode 100644 (file)
index 0c2a779..0000000
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (C) 2012 Tobias Brunner
- * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup pkcs9 pkcs9
- * @{ @ingroup crypto
- */
-
-#ifndef PKCS9_H_
-#define PKCS9_H_
-
-typedef struct pkcs9_t pkcs9_t;
-
-#include <library.h>
-
-/**
- * PKCS#9 attribute lists.
- */
-struct pkcs9_t {
-
-       /**
-        * Gets ASN.1 encoding of PKCS#9 attribute list.
-        *
-        * @return                              ASN.1 encoded PKCSI#9 list
-        */
-       chunk_t (*get_encoding) (pkcs9_t *this);
-
-       /**
-        * Gets a PKCS#9 attribute from the list.
-        *
-        * @param oid                   OID of the attribute
-        * @return                              value of the attribute (internal data)
-        */
-       chunk_t (*get_attribute) (pkcs9_t *this, int oid);
-
-       /**
-        * Adds a PKCS#9 attribute.
-        *
-        * @param oid                   OID of the attribute
-        * @param value                 value of the attribute, with ASN1 type (gets owned)
-        */
-       void (*add_attribute) (pkcs9_t *this, int oid, chunk_t value);
-
-       /**
-        * Destroys the PKCS#9 attribute list.
-        */
-       void (*destroy) (pkcs9_t *this);
-};
-
-/**
- * Read a PKCS#9 attribute list from a DER encoded chunk.
- *
- * @param chunk                chunk containing DER encoded data
- * @param level                ASN.1 parsing start level
- * @return                     created pkcs9 attribute list, or NULL if invalid.
- */
-pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level);
-
-/**
- * Create an empty PKCS#9 attribute list
- *
- * @return                             created pkcs9 attribute list.
- */
-pkcs9_t *pkcs9_create(void);
-
-#endif /** PKCS9_H_ @}*/
index 944f22c..6310dae 100644 (file)
@@ -14,6 +14,7 @@ libstrongswan_pkcs7_la_SOURCES = \
        pkcs7_signed_data.h pkcs7_signed_data.c \
        pkcs7_enveloped_data.h pkcs7_enveloped_data.c \
        pkcs7_data.h pkcs7_data.c \
+       pkcs7_attributes.h pkcs7_attributes.c \
        pkcs7_plugin.h pkcs7_plugin.c
 
 libstrongswan_pkcs7_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
new file mode 100644 (file)
index 0000000..ca68997
--- /dev/null
@@ -0,0 +1,273 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2008 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+#include <utils/debug.h>
+
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+#include <collections/linked_list.h>
+
+#include "pkcs7_attributes.h"
+
+typedef struct private_pkcs7_attributes_t private_pkcs7_attributes_t;
+typedef struct attribute_t attribute_t;
+
+/**
+ * Private data of a pkcs7_attributes_t attribute list.
+ */
+struct private_pkcs7_attributes_t {
+       /**
+        * Public interface
+        */
+       pkcs7_attributes_t public;
+
+       /**
+        * DER encoding of PKCS#9 attributes
+        */
+       chunk_t encoding;
+
+       /**
+        * Linked list of PKCS#9 attributes
+        */
+       linked_list_t *attributes;
+};
+
+/**
+ * Definition of an attribute_t object.
+ */
+struct attribute_t {
+
+       /**
+        * Object Identifier (OID)
+        */
+       int oid;
+
+       /**
+        * Attribute value
+        */
+       chunk_t value;
+
+       /**
+        * ASN.1 encoding
+        */
+       chunk_t encoding;
+};
+
+/**
+ * Destroy an attribute_t object.
+ */
+static void attribute_destroy(attribute_t *this)
+{
+       free(this->value.ptr);
+       free(this);
+}
+
+/**
+ * Create an attribute_t object.
+ */
+static attribute_t *attribute_create(int oid, chunk_t value)
+{
+       attribute_t *this;
+
+       INIT(this,
+               .oid = oid,
+               .value = chunk_clone(value),
+       );
+
+       return this;
+}
+
+/**
+ * Build encoding of the attribute list
+ */
+static void build_encoding(private_pkcs7_attributes_t *this)
+{
+       enumerator_t *enumerator;
+       attribute_t *attribute;
+       u_int len = 0, count, i = 0;
+       chunk_t *chunks;
+       u_char *pos;
+
+       count = this->attributes->get_count(this->attributes);
+       chunks = malloc(sizeof(chunk_t) * count);
+
+       enumerator = this->attributes->create_enumerator(this->attributes);
+       while (enumerator->enumerate(enumerator, &attribute))
+       {
+               chunks[i] = asn1_wrap(ASN1_SEQUENCE, "mm",
+                                                               asn1_build_known_oid(attribute->oid),
+                                                               asn1_wrap(ASN1_SET, "c", attribute->value));
+               len += chunks[i].len;
+               i++;
+       }
+       enumerator->destroy(enumerator);
+
+       pos = asn1_build_object(&this->encoding, ASN1_SET, len);
+       for (i = 0; i < count; i++)
+       {
+               memcpy(pos, chunks[i].ptr, chunks[i].len);
+               pos += chunks[i].len;
+               free(chunks[i].ptr);
+       }
+       free(chunks);
+}
+
+METHOD(pkcs7_attributes_t, get_encoding, chunk_t,
+       private_pkcs7_attributes_t *this)
+{
+       if (!this->encoding.len)
+       {
+               build_encoding(this);
+       }
+       return this->encoding;
+}
+
+METHOD(pkcs7_attributes_t, get_attribute, chunk_t,
+       private_pkcs7_attributes_t *this, int oid)
+{
+       enumerator_t *enumerator;
+       chunk_t value = chunk_empty;
+       attribute_t *attribute;
+
+       enumerator = this->attributes->create_enumerator(this->attributes);
+       while (enumerator->enumerate(enumerator, &attribute))
+       {
+               if (attribute->oid == oid)
+               {
+                       value = attribute->value;
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       if (value.len && asn1_unwrap(&value, &value) != ASN1_INVALID)
+       {
+               return value;
+       }
+       return chunk_empty;
+}
+
+METHOD(pkcs7_attributes_t, add_attribute, void,
+       private_pkcs7_attributes_t *this, int oid, chunk_t value)
+{
+       this->attributes->insert_last(this->attributes,
+                                                                 attribute_create(oid, value));
+       chunk_free(&value);
+
+       /* rebuild encoding when adding attributes */
+       chunk_free(&this->encoding);
+}
+
+METHOD(pkcs7_attributes_t, destroy, void,
+       private_pkcs7_attributes_t *this)
+{
+       this->attributes->destroy_function(this->attributes,
+                                                                          (void*)attribute_destroy);
+       free(this->encoding.ptr);
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+pkcs7_attributes_t *pkcs7_attributes_create(void)
+{
+       private_pkcs7_attributes_t *this;
+
+       INIT(this,
+               .public = {
+                       .get_encoding = _get_encoding,
+                       .get_attribute = _get_attribute,
+                       .add_attribute = _add_attribute,
+                       .destroy = _destroy,
+               },
+               .attributes = linked_list_create(),
+       );
+
+       return &this->public;
+}
+
+/**
+ * ASN.1 definition of the X.501 atttribute type
+ */
+static const asn1Object_t attributesObjects[] = {
+       { 0, "attributes",              ASN1_SET,               ASN1_LOOP }, /* 0 */
+       { 1,   "attribute",             ASN1_SEQUENCE,  ASN1_NONE }, /* 1 */
+       { 2,     "type",                ASN1_OID,               ASN1_BODY }, /* 2 */
+       { 2,     "values",              ASN1_SET,               ASN1_LOOP }, /* 3 */
+       { 3,       "value",             ASN1_EOC,               ASN1_RAW  }, /* 4 */
+       { 2,     "end loop",    ASN1_EOC,               ASN1_END  }, /* 5 */
+       { 0, "end loop",                ASN1_EOC,               ASN1_END  }, /* 6 */
+       { 0, "exit",                    ASN1_EOC,               ASN1_EXIT }
+};
+#define ATTRIBUTE_OBJ_TYPE     2
+#define ATTRIBUTE_OBJ_VALUE    4
+
+/**
+ * Parse a PKCS#9 attribute list
+ */
+static bool parse_attributes(chunk_t chunk, int level0,
+                                                        private_pkcs7_attributes_t* this)
+{
+       asn1_parser_t *parser;
+       chunk_t object;
+       int objectID;
+       int oid = OID_UNKNOWN;
+       bool success = FALSE;
+
+       parser = asn1_parser_create(attributesObjects, chunk);
+       parser->set_top_level(parser, level0);
+
+       while (parser->iterate(parser, &objectID, &object))
+       {
+               switch (objectID)
+               {
+                       case ATTRIBUTE_OBJ_TYPE:
+                               oid = asn1_known_oid(object);
+                               break;
+                       case ATTRIBUTE_OBJ_VALUE:
+                               if (oid != OID_UNKNOWN)
+                               {
+                                       this->attributes->insert_last(this->attributes,
+                                                                                                 attribute_create(oid, object));
+                               }
+                               break;
+               }
+       }
+       success = parser->success(parser);
+
+       parser->destroy(parser);
+       return success;
+}
+
+ /*
+ * Described in header.
+ */
+pkcs7_attributes_t *pkcs7_attributes_create_from_chunk(chunk_t chunk,
+                                                                                                          u_int level)
+{
+       private_pkcs7_attributes_t *this;
+
+       this = (private_pkcs7_attributes_t*)pkcs7_attributes_create();
+       this->encoding = chunk_clone(chunk);
+       if (!parse_attributes(chunk, level, this))
+       {
+               destroy(this);
+               return NULL;
+       }
+       return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h
new file mode 100644 (file)
index 0000000..2959194
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2008 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs7_attributes pkcs7_attributes
+ * @{ @ingroup pkcs7
+ */
+
+#ifndef PKCS7_ATTRIBUTES_H_
+#define PKCS7_ATTRIBUTES_H_
+
+typedef struct pkcs7_attributes_t pkcs7_attributes_t;
+
+#include <library.h>
+
+/**
+ * PKCS#7 attribute lists, aka PKCS#9.
+ */
+struct pkcs7_attributes_t {
+
+       /**
+        * Gets ASN.1 encoding of PKCS#9 attribute list.
+        *
+        * @return                              ASN.1 encoded PKCSI#9 list
+        */
+       chunk_t (*get_encoding) (pkcs7_attributes_t *this);
+
+       /**
+        * Gets a PKCS#9 attribute from the list.
+        *
+        * @param oid                   OID of the attribute
+        * @return                              value of the attribute (internal data)
+        */
+       chunk_t (*get_attribute) (pkcs7_attributes_t *this, int oid);
+
+       /**
+        * Adds a PKCS#9 attribute.
+        *
+        * @param oid                   OID of the attribute
+        * @param value                 value of the attribute, with ASN1 type (gets owned)
+        */
+       void (*add_attribute) (pkcs7_attributes_t *this, int oid, chunk_t value);
+
+       /**
+        * Destroys the PKCS#9 attribute list.
+        */
+       void (*destroy) (pkcs7_attributes_t *this);
+};
+
+/**
+ * Read a PKCS#7 attribute list (aka PKCS#9) from a DER encoded chunk.
+ *
+ * @param chunk                chunk containing DER encoded data
+ * @param level                ASN.1 parsing start level
+ * @return                     created pkcs9 attribute list, or NULL if invalid.
+ */
+pkcs7_attributes_t *pkcs7_attributes_create_from_chunk(chunk_t chunk, u_int level);
+
+/**
+ * Create an empty PKCS#7 attribute list, aka PKCS#9.
+ *
+ * @return                             created pkcs9 attribute list.
+ */
+pkcs7_attributes_t *pkcs7_attributes_create(void);
+
+#endif /** PKCS9_H_ @}*/
index 2ef9708..48fb5e6 100644 (file)
@@ -14,6 +14,7 @@
  */
 
 #include "pkcs7_signed_data.h"
+#include "pkcs7_attributes.h"
 
 #include <time.h>
 
@@ -21,7 +22,6 @@
 #include <asn1/oid.h>
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
-#include <crypto/pkcs9.h>
 #include <credentials/sets/mem_cred.h>
 #include <credentials/certificates/x509.h>
 #include <credentials/keys/private_key.h>
@@ -67,7 +67,7 @@ typedef struct {
        /**
         * Signed attributes of signerInfo
         */
-       pkcs9_t *attributes;
+       pkcs7_attributes_t *attributes;
 
        /**
         * Serial of signing certificate
@@ -455,7 +455,8 @@ static bool parse(private_pkcs7_signed_data_t *this, chunk_t content)
                                break;
                        case PKCS7_AUTH_ATTRIBUTES:
                                *object.ptr = ASN1_SET;
-                               info->attributes = pkcs9_create_from_chunk(object, level+1);
+                               info->attributes = pkcs7_attributes_create_from_chunk(
+                                                                                                               object, level+1);
                                *object.ptr = ASN1_CONTEXT_C_0;
                                break;
                        case PKCS7_DIGEST_ALGORITHM:
@@ -516,7 +517,8 @@ static chunk_t build_issuerAndSerialNumber(certificate_t *cert)
  * Generate a new PKCS#7 signed-data container
  */
 static bool generate(private_pkcs7_signed_data_t *this, private_key_t *key,
-                                        certificate_t *cert, hash_algorithm_t alg, pkcs9_t *pkcs9)
+                                        certificate_t *cert, hash_algorithm_t alg,
+                                        pkcs7_attributes_t *pkcs9)
 {
        chunk_t authenticatedAttributes = chunk_empty;
        chunk_t encryptedDigest = chunk_empty;
@@ -617,11 +619,11 @@ pkcs7_t *pkcs7_signed_data_gen(container_type_t type, va_list args)
        hash_algorithm_t alg = HASH_SHA1;
        private_key_t *key = NULL;
        certificate_t *cert = NULL;
-       pkcs9_t *pkcs9;
+       pkcs7_attributes_t *pkcs9;
        chunk_t value;
        int oid;
 
-       pkcs9 = pkcs9_create();
+       pkcs9 = pkcs7_attributes_create();
 
        while (TRUE)
        {
index 62b244e..f209027 100644 (file)
@@ -22,7 +22,6 @@
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
 #include <asn1/oid.h>
-#include <crypto/pkcs9.h>
 #include <crypto/rngs/rng.h>
 #include <crypto/hashers/hasher.h>