1/*
2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
3 * Copyright (C) 2015 Red Hat, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GnuTLS.
8 *
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>
21 *
22 */
23
24/* This file contains the types and prototypes for the X.509
25 * certificate and CRL handling functions.
26 */
27
28#ifndef GNUTLS_PKCS7_H
29#define GNUTLS_PKCS7_H
30
31#include <gnutls/gnutls.h>
32#include <gnutls/x509.h>
33
34/* *INDENT-OFF* */
35#ifdef __cplusplus
36extern "C" {
37#endif
38/* *INDENT-ON* */
39
40/* PKCS7 structures handling
41 */
42struct gnutls_pkcs7_int;
43typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
44
45int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7);
46void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7);
47int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7,
48 const gnutls_datum_t * data,
49 gnutls_x509_crt_fmt_t format);
50int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
51 gnutls_x509_crt_fmt_t format,
52 void *output_data, size_t * output_data_size);
53int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
54 gnutls_x509_crt_fmt_t format,
55 gnutls_datum_t * out);
56
57int gnutls_pkcs7_get_signature_count(gnutls_pkcs7_t pkcs7);
58
59#define GNUTLS_PKCS7_EDATA_GET_RAW (1<<24)
60int gnutls_pkcs7_get_embedded_data(gnutls_pkcs7_t pkcs7, unsigned flags, gnutls_datum_t *data);
61
62const char *
63gnutls_pkcs7_get_embedded_data_oid(gnutls_pkcs7_t pkcs7);
64
65int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);
66int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, unsigned indx,
67 void *certificate, size_t * certificate_size);
68
69int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,
70 const gnutls_datum_t * crt);
71int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
72int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);
73
74int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
75 unsigned indx, void *crl, size_t * crl_size);
76int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
77
78int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
79 const gnutls_datum_t * crl);
80int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
81int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx);
82
83typedef struct gnutls_pkcs7_attrs_st *gnutls_pkcs7_attrs_t;
84
85typedef struct gnutls_pkcs7_signature_info_st {
86 gnutls_sign_algorithm_t algo;
87 gnutls_datum_t sig;
88 gnutls_datum_t issuer_dn;
89 gnutls_datum_t signer_serial;
90 gnutls_datum_t issuer_keyid;
91 time_t signing_time;
92 gnutls_pkcs7_attrs_t signed_attrs;
93 gnutls_pkcs7_attrs_t unsigned_attrs;
94 char pad[64];
95} gnutls_pkcs7_signature_info_st;
96
97void gnutls_pkcs7_signature_info_deinit(gnutls_pkcs7_signature_info_st *info);
98int gnutls_pkcs7_get_signature_info(gnutls_pkcs7_t pkcs7, unsigned idx, gnutls_pkcs7_signature_info_st *info);
99
100int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer,
101 unsigned idx, const gnutls_datum_t *data, unsigned flags);
102int gnutls_pkcs7_verify(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
103 gnutls_typed_vdata_st * vdata, unsigned int vdata_size,
104 unsigned idx, const gnutls_datum_t *data, unsigned flags);
105
106#define GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING 1
107int gnutls_pkcs7_add_attr(gnutls_pkcs7_attrs_t *list, const char *oid, gnutls_datum_t *data, unsigned flags);
108void gnutls_pkcs7_attrs_deinit(gnutls_pkcs7_attrs_t list);
109int gnutls_pkcs7_get_attr(gnutls_pkcs7_attrs_t list, unsigned idx, char **oid, gnutls_datum_t *data, unsigned flags);
110
111/**
112 * gnutls_pkcs7_sign_flags:
113 * @GNUTLS_PKCS7_EMBED_DATA: The signed data will be embedded in the structure.
114 * @GNUTLS_PKCS7_INCLUDE_TIME: The signing time will be included in the structure.
115 * @GNUTLS_PKCS7_INCLUDE_CERT: The signer's certificate will be included in the cert list.
116 * @GNUTLS_PKCS7_WRITE_SPKI: Use the signer's key identifier instead of name.
117 *
118 * Enumeration of the different PKCS #7 signature flags.
119 */
120typedef enum gnutls_pkcs7_sign_flags {
121 GNUTLS_PKCS7_EMBED_DATA = 1,
122 GNUTLS_PKCS7_INCLUDE_TIME = (1<<1),
123 GNUTLS_PKCS7_INCLUDE_CERT = (1<<2),
124 GNUTLS_PKCS7_WRITE_SPKI = (1<<3)
125} gnutls_pkcs7_sign_flags;
126
127int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
128 gnutls_x509_crt_t signer,
129 gnutls_privkey_t signer_key,
130 const gnutls_datum_t *data,
131 gnutls_pkcs7_attrs_t signed_attrs,
132 gnutls_pkcs7_attrs_t unsigned_attrs,
133 gnutls_digest_algorithm_t dig,
134 unsigned flags);
135
136int
137gnutls_pkcs7_get_crt_raw2(gnutls_pkcs7_t pkcs7,
138 unsigned indx, gnutls_datum_t *cert);
139int
140gnutls_pkcs7_get_crl_raw2(gnutls_pkcs7_t pkcs7,
141 unsigned indx, gnutls_datum_t *crl);
142
143int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7,
144 gnutls_certificate_print_formats_t format,
145 gnutls_datum_t * out);
146
147/* *INDENT-OFF* */
148#ifdef __cplusplus
149}
150#endif
151/* *INDENT-ON* */
152#endif /* GNUTLS_PKCS7_H */
153