diff options
Diffstat (limited to 'src/libstrongswan/credentials')
| -rw-r--r-- | src/libstrongswan/credentials/containers/container.c | 23 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/containers/container.h | 93 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/containers/pkcs7.h | 39 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/credential_factory.c | 21 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/credential_factory.h | 5 |
5 files changed, 176 insertions, 5 deletions
diff --git a/src/libstrongswan/credentials/containers/container.c b/src/libstrongswan/credentials/containers/container.c new file mode 100644 index 000000000..619e71339 --- /dev/null +++ b/src/libstrongswan/credentials/containers/container.c @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "container.h" + +ENUM(container_type_names, CONTAINER_PKCS7_DATA, CONTAINER_PKCS7_ENVELOPED_DATA, + "PKCS7", + "PKCS7_DATA", + "PKCS7_SIGNED_DATA", + "PKCS7_ENVELOPED_DATA", +); diff --git a/src/libstrongswan/credentials/containers/container.h b/src/libstrongswan/credentials/containers/container.h new file mode 100644 index 000000000..3421e7783 --- /dev/null +++ b/src/libstrongswan/credentials/containers/container.h @@ -0,0 +1,93 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup container container + * @{ @ingroup containers + */ + +#ifndef CONTAINER_H_ +#define CONTAINER_H_ + +typedef struct container_t container_t; +typedef enum container_type_t container_type_t; + +#include <utils/chunk.h> +#include <collections/enumerator.h> + +/** + * Type of the container. + */ +enum container_type_t { + /* Any kind of PKCS7/CMS container */ + CONTAINER_PKCS7, + /* PKCS7/CMS plain "data" */ + CONTAINER_PKCS7_DATA, + /* PKCS7/CMS "signed-data" */ + CONTAINER_PKCS7_SIGNED_DATA, + /* PKCS7/CMS "enveloped-data" */ + CONTAINER_PKCS7_ENVELOPED_DATA, +}; + +/** + * Enum names for container_type_t + */ +extern enum_name_t *container_type_names; + +/** + * Generic interface for cryptographic containers. + */ +struct container_t { + + /** + * Get the type of the container. + * + * @return container type + */ + container_type_t (*get_type)(container_t *this); + + /** + * Create an enumerator over trustchains for valid container signatures. + * + * @return enumerator over auth_cfg_t* + */ + enumerator_t* (*create_signature_enumerator)(container_t *this); + + /** + * Get signed/decrypted data wrapped in this container. + * + * This function does not verify any associated signatures, use + * create_signature_enumerator() to verify them. + * + * @param data allocated data wrapped in this container + * @return TRUE if data decrypted successfully + */ + bool (*get_data)(container_t *this, chunk_t *data); + + /** + * Get the encoding of the full signed/encrypted container. + * + * @param data allocated container encoding + * @return TRUE if encodign successful + */ + bool (*get_encoding)(container_t *this, chunk_t *encoding); + + /** + * Destroy a container_t. + */ + void (*destroy)(container_t *this); +}; + +#endif /** CONTAINER_H_ @}*/ diff --git a/src/libstrongswan/credentials/containers/pkcs7.h b/src/libstrongswan/credentials/containers/pkcs7.h new file mode 100644 index 000000000..eed340f48 --- /dev/null +++ b/src/libstrongswan/credentials/containers/pkcs7.h @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2012 Martin Willi + * Copyright (C) 2012 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs7 pkcs7 + * @{ @ingroup containers + */ + +#ifndef PKCS7_H_ +#define PKCS7_H_ + +#include <credentials/containers/container.h> + +typedef struct pkcs7_t pkcs7_t; + +/** + * PKCS#7/CMS container type. + */ +struct pkcs7_t { + + /** + * Implements container_t. + */ + container_t container; +}; + +#endif /** PKCS7_H_ @}*/ diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c index 71a3f9e07..94c7820e1 100644 --- a/src/libstrongswan/credentials/credential_factory.c +++ b/src/libstrongswan/credentials/credential_factory.c @@ -22,12 +22,13 @@ #include <threading/thread_value.h> #include <threading/rwlock.h> #include <credentials/certificates/x509.h> +#include <credentials/containers/container.h> -ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CERTIFICATE, +ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CONTAINER, "CRED_PRIVATE_KEY", "CRED_PUBLIC_KEY", "CRED_CERTIFICATE", - "CRED_PLUTO_CERT", + "CRED_CONTAINER", ); typedef struct private_credential_factory_t private_credential_factory_t; @@ -139,11 +140,21 @@ METHOD(credential_factory_t, create, void*, if (!construct && !level) { - enum_name_t *names = key_type_names; + enum_name_t *names; - if (type == CRED_CERTIFICATE) + switch (type) { - names = certificate_type_names; + case CRED_CERTIFICATE: + names = certificate_type_names; + break; + case CRED_CONTAINER: + names = container_type_names; + break; + case CRED_PRIVATE_KEY: + case CRED_PUBLIC_KEY: + default: + names = key_type_names; + break; } DBG1(DBG_LIB, "building %N - %N failed, tried %d builders", credential_type_names, type, names, subtype, failures); diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h index c31601245..55b669529 100644 --- a/src/libstrongswan/credentials/credential_factory.h +++ b/src/libstrongswan/credentials/credential_factory.h @@ -28,6 +28,9 @@ typedef enum credential_type_t credential_type_t; /** * Kind of credential. + * + * While crypto containers are not really credentials, we still use the + * credential factory and builders create them. */ enum credential_type_t { /** private key, implemented in private_key_t */ @@ -36,6 +39,8 @@ enum credential_type_t { CRED_PUBLIC_KEY, /** certificates, implemented in certificate_t */ CRED_CERTIFICATE, + /** crypto container, implemented in container_t */ + CRED_CONTAINER, }; /** |