Add a generic interface for crypto containers and a more specific PKCS#7 interface
This commit is contained in:
parent
67ca44ccbd
commit
fc67a932ba
|
@ -16,6 +16,7 @@ credentials/cred_encoding.c credentials/keys/private_key.c \
|
|||
credentials/keys/public_key.c credentials/keys/shared_key.c \
|
||||
credentials/certificates/certificate.c credentials/certificates/crl.c \
|
||||
credentials/certificates/ocsp_response.c \
|
||||
credentials/containers/container.c \
|
||||
credentials/ietf_attributes/ietf_attributes.c credentials/credential_manager.c \
|
||||
credentials/sets/auth_cfg_wrapper.c credentials/sets/ocsp_response_wrapper.c \
|
||||
credentials/sets/cert_cache.c credentials/sets/mem_cred.c \
|
||||
|
@ -54,6 +55,7 @@ credentials/certificates/ac.h credentials/certificates/crl.h \
|
|||
credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \
|
||||
credentials/certificates/ocsp_response.h \
|
||||
credentials/certificates/pgp_certificate.h \
|
||||
credentials/containers/container.h credentials/containers/pkcs7.h \
|
||||
credentials/ietf_attributes/ietf_attributes.h \
|
||||
credentials/credential_manager.h credentials/sets/auth_cfg_wrapper.h \
|
||||
credentials/sets/ocsp_response_wrapper.h credentials/sets/cert_cache.h \
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Martin Willi
|
||||
* Copyright (C) 2012 revosec AG
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "container.h"
|
||||
|
||||
ENUM(container_type_names, CONTAINER_PKCS7_DATA, CONTAINER_PKCS7_ENVELOPED_DATA,
|
||||
"PKCS7",
|
||||
"PKCS7_DATA",
|
||||
"PKCS7_SIGNED_DATA",
|
||||
"PKCS7_ENVELOPED_DATA",
|
||||
);
|
|
@ -0,0 +1,93 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Martin Willi
|
||||
* Copyright (C) 2012 revosec AG
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup container container
|
||||
* @{ @ingroup containers
|
||||
*/
|
||||
|
||||
#ifndef CONTAINER_H_
|
||||
#define CONTAINER_H_
|
||||
|
||||
typedef struct container_t container_t;
|
||||
typedef enum container_type_t container_type_t;
|
||||
|
||||
#include <utils/chunk.h>
|
||||
#include <collections/enumerator.h>
|
||||
|
||||
/**
|
||||
* Type of the container.
|
||||
*/
|
||||
enum container_type_t {
|
||||
/* Any kind of PKCS7/CMS container */
|
||||
CONTAINER_PKCS7,
|
||||
/* PKCS7/CMS plain "data" */
|
||||
CONTAINER_PKCS7_DATA,
|
||||
/* PKCS7/CMS "signed-data" */
|
||||
CONTAINER_PKCS7_SIGNED_DATA,
|
||||
/* PKCS7/CMS "enveloped-data" */
|
||||
CONTAINER_PKCS7_ENVELOPED_DATA,
|
||||
};
|
||||
|
||||
/**
|
||||
* Enum names for container_type_t
|
||||
*/
|
||||
extern enum_name_t *container_type_names;
|
||||
|
||||
/**
|
||||
* Generic interface for cryptographic containers.
|
||||
*/
|
||||
struct container_t {
|
||||
|
||||
/**
|
||||
* Get the type of the container.
|
||||
*
|
||||
* @return container type
|
||||
*/
|
||||
container_type_t (*get_type)(container_t *this);
|
||||
|
||||
/**
|
||||
* Create an enumerator over trustchains for valid container signatures.
|
||||
*
|
||||
* @return enumerator over auth_cfg_t*
|
||||
*/
|
||||
enumerator_t* (*create_signature_enumerator)(container_t *this);
|
||||
|
||||
/**
|
||||
* Get signed/decrypted data wrapped in this container.
|
||||
*
|
||||
* This function does not verify any associated signatures, use
|
||||
* create_signature_enumerator() to verify them.
|
||||
*
|
||||
* @param data allocated data wrapped in this container
|
||||
* @return TRUE if data decrypted successfully
|
||||
*/
|
||||
bool (*get_data)(container_t *this, chunk_t *data);
|
||||
|
||||
/**
|
||||
* Get the encoding of the full signed/encrypted container.
|
||||
*
|
||||
* @param data allocated container encoding
|
||||
* @return TRUE if encodign successful
|
||||
*/
|
||||
bool (*get_encoding)(container_t *this, chunk_t *encoding);
|
||||
|
||||
/**
|
||||
* Destroy a container_t.
|
||||
*/
|
||||
void (*destroy)(container_t *this);
|
||||
};
|
||||
|
||||
#endif /** CONTAINER_H_ @}*/
|
|
@ -0,0 +1,39 @@
|
|||
/*
|
||||
* Copyright (C) 2012 Martin Willi
|
||||
* Copyright (C) 2012 revosec AG
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup pkcs7 pkcs7
|
||||
* @{ @ingroup containers
|
||||
*/
|
||||
|
||||
#ifndef PKCS7_H_
|
||||
#define PKCS7_H_
|
||||
|
||||
#include <credentials/containers/container.h>
|
||||
|
||||
typedef struct pkcs7_t pkcs7_t;
|
||||
|
||||
/**
|
||||
* PKCS#7/CMS container type.
|
||||
*/
|
||||
struct pkcs7_t {
|
||||
|
||||
/**
|
||||
* Implements container_t.
|
||||
*/
|
||||
container_t container;
|
||||
};
|
||||
|
||||
#endif /** PKCS7_H_ @}*/
|
|
@ -22,12 +22,13 @@
|
|||
#include <threading/thread_value.h>
|
||||
#include <threading/rwlock.h>
|
||||
#include <credentials/certificates/x509.h>
|
||||
#include <credentials/containers/container.h>
|
||||
|
||||
ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CERTIFICATE,
|
||||
ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CONTAINER,
|
||||
"CRED_PRIVATE_KEY",
|
||||
"CRED_PUBLIC_KEY",
|
||||
"CRED_CERTIFICATE",
|
||||
"CRED_PLUTO_CERT",
|
||||
"CRED_CONTAINER",
|
||||
);
|
||||
|
||||
typedef struct private_credential_factory_t private_credential_factory_t;
|
||||
|
@ -139,11 +140,21 @@ METHOD(credential_factory_t, create, void*,
|
|||
|
||||
if (!construct && !level)
|
||||
{
|
||||
enum_name_t *names = key_type_names;
|
||||
enum_name_t *names;
|
||||
|
||||
if (type == CRED_CERTIFICATE)
|
||||
switch (type)
|
||||
{
|
||||
names = certificate_type_names;
|
||||
case CRED_CERTIFICATE:
|
||||
names = certificate_type_names;
|
||||
break;
|
||||
case CRED_CONTAINER:
|
||||
names = container_type_names;
|
||||
break;
|
||||
case CRED_PRIVATE_KEY:
|
||||
case CRED_PUBLIC_KEY:
|
||||
default:
|
||||
names = key_type_names;
|
||||
break;
|
||||
}
|
||||
DBG1(DBG_LIB, "building %N - %N failed, tried %d builders",
|
||||
credential_type_names, type, names, subtype, failures);
|
||||
|
|
|
@ -28,6 +28,9 @@ typedef enum credential_type_t credential_type_t;
|
|||
|
||||
/**
|
||||
* Kind of credential.
|
||||
*
|
||||
* While crypto containers are not really credentials, we still use the
|
||||
* credential factory and builders create them.
|
||||
*/
|
||||
enum credential_type_t {
|
||||
/** private key, implemented in private_key_t */
|
||||
|
@ -36,6 +39,8 @@ enum credential_type_t {
|
|||
CRED_PUBLIC_KEY,
|
||||
/** certificates, implemented in certificate_t */
|
||||
CRED_CERTIFICATE,
|
||||
/** crypto container, implemented in container_t */
|
||||
CRED_CONTAINER,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue