Move PKCS#9 attribute lists to pkcs7 plugin, as we currently use it there only

src/libstrongswan/Makefile.am

@@ -4,8 +4,7 @@ libstrongswan_la_SOURCES = \
 library.c \
 asn1/asn1.c asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c bio/bio_writer.c \
 collections/blocking_queue.c collections/enumerator.c collections/hashtable.c \
-collections/linked_list.c \
+collections/linked_list.c crypto/crypters/crypter.c crypto/hashers/hasher.c \
-crypto/crypters/crypter.c crypto/hashers/hasher.c crypto/pkcs9.c \
 crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \
 crypto/prfs/prf.c crypto/prfs/mac_prf.c \
 crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \
@@ -41,8 +40,7 @@ asn1/asn1.h asn1/asn1_parser.h asn1/oid.h bio/bio_reader.h bio/bio_writer.h \
 collections/blocking_queue.h collections/enumerator.h collections/hashtable.h \
 collections/linked_list.h \
 crypto/crypters/crypter.h crypto/hashers/hasher.h crypto/mac.h \
-crypto/pkcs9.h crypto/proposal/proposal_keywords.h \
+crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \
-crypto/proposal/proposal_keywords_static.h \
 crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \
 crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
 crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \

src/libstrongswan/plugins/pkcs7/Makefile.am

@@ -14,6 +14,7 @@ libstrongswan_pkcs7_la_SOURCES = \
 	pkcs7_signed_data.h pkcs7_signed_data.c \
 	pkcs7_enveloped_data.h pkcs7_enveloped_data.c \
 	pkcs7_data.h pkcs7_data.c \
+	pkcs7_attributes.h pkcs7_attributes.c \
 	pkcs7_plugin.h pkcs7_plugin.c
 
 libstrongswan_pkcs7_la_LDFLAGS = -module -avoid-version

src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c

@@ -22,19 +22,19 @@
 #include <asn1/asn1_parser.h>
 #include <collections/linked_list.h>
 
-#include "pkcs9.h"
+#include "pkcs7_attributes.h"
 
-typedef struct private_pkcs9_t private_pkcs9_t;
+typedef struct private_pkcs7_attributes_t private_pkcs7_attributes_t;
 typedef struct attribute_t attribute_t;
 
 /**
- * Private data of a pkcs9_t attribute list.
+ * Private data of a pkcs7_attributes_t attribute list.
  */
-struct private_pkcs9_t {
+struct private_pkcs7_attributes_t {
 	/**
 	 * Public interface
 	 */
-	pkcs9_t public;
+	pkcs7_attributes_t public;
 
 	/**
 	 * DER encoding of PKCS#9 attributes
@@ -95,7 +95,7 @@ static attribute_t *attribute_create(int oid, chunk_t value)
 /**
  * Build encoding of the attribute list
  */
-static void build_encoding(private_pkcs9_t *this)
+static void build_encoding(private_pkcs7_attributes_t *this)
 {
 	enumerator_t *enumerator;
 	attribute_t *attribute;
@@ -127,8 +127,8 @@ static void build_encoding(private_pkcs9_t *this)
 	free(chunks);
 }
 
-METHOD(pkcs9_t, get_encoding, chunk_t,
+METHOD(pkcs7_attributes_t, get_encoding, chunk_t,
-	private_pkcs9_t *this)
+	private_pkcs7_attributes_t *this)
 {
 	if (!this->encoding.len)
 	{
@@ -137,8 +137,8 @@ METHOD(pkcs9_t, get_encoding, chunk_t,
 	return this->encoding;
 }
 
-METHOD(pkcs9_t, get_attribute, chunk_t,
+METHOD(pkcs7_attributes_t, get_attribute, chunk_t,
-	private_pkcs9_t *this, int oid)
+	private_pkcs7_attributes_t *this, int oid)
 {
 	enumerator_t *enumerator;
 	chunk_t value = chunk_empty;
@@ -161,8 +161,8 @@ METHOD(pkcs9_t, get_attribute, chunk_t,
 	return chunk_empty;
 }
 
-METHOD(pkcs9_t, add_attribute, void,
+METHOD(pkcs7_attributes_t, add_attribute, void,
-	private_pkcs9_t *this, int oid, chunk_t value)
+	private_pkcs7_attributes_t *this, int oid, chunk_t value)
 {
 	this->attributes->insert_last(this->attributes,
 								  attribute_create(oid, value));
@@ -172,8 +172,8 @@ METHOD(pkcs9_t, add_attribute, void,
 	chunk_free(&this->encoding);
 }
 
-METHOD(pkcs9_t, destroy, void,
+METHOD(pkcs7_attributes_t, destroy, void,
-	private_pkcs9_t *this)
+	private_pkcs7_attributes_t *this)
 {
 	this->attributes->destroy_function(this->attributes,
 									   (void*)attribute_destroy);
@@ -184,9 +184,9 @@ METHOD(pkcs9_t, destroy, void,
 /*
  * Described in header.
  */
-pkcs9_t *pkcs9_create(void)
+pkcs7_attributes_t *pkcs7_attributes_create(void)
 {
-	private_pkcs9_t *this;
+	private_pkcs7_attributes_t *this;
 
 	INIT(this,
 		.public = {
@@ -220,7 +220,8 @@ static const asn1Object_t attributesObjects[] = {
 /**
  * Parse a PKCS#9 attribute list
  */
-static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this)
+static bool parse_attributes(chunk_t chunk, int level0,
+							 private_pkcs7_attributes_t* this)
 {
 	asn1_parser_t *parser;
 	chunk_t object;
@@ -256,10 +257,12 @@ static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this)
  /*
  * Described in header.
  */
-pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level)
+pkcs7_attributes_t *pkcs7_attributes_create_from_chunk(chunk_t chunk,
+													   u_int level)
 {
-	private_pkcs9_t *this = (private_pkcs9_t*)pkcs9_create();
+	private_pkcs7_attributes_t *this;
 
+	this = (private_pkcs7_attributes_t*)pkcs7_attributes_create();
 	this->encoding = chunk_clone(chunk);
 	if (!parse_attributes(chunk, level, this))
 	{

src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h

@@ -15,28 +15,28 @@
  */
 
 /**
- * @defgroup pkcs9 pkcs9
+ * @defgroup pkcs7_attributes pkcs7_attributes
- * @{ @ingroup crypto
+ * @{ @ingroup pkcs7
  */
 
-#ifndef PKCS9_H_
+#ifndef PKCS7_ATTRIBUTES_H_
-#define PKCS9_H_
+#define PKCS7_ATTRIBUTES_H_
 
-typedef struct pkcs9_t pkcs9_t;
+typedef struct pkcs7_attributes_t pkcs7_attributes_t;
 
 #include <library.h>
 
 /**
- * PKCS#9 attribute lists.
+ * PKCS#7 attribute lists, aka PKCS#9.
  */
-struct pkcs9_t {
+struct pkcs7_attributes_t {
 
 	/**
 	 * Gets ASN.1 encoding of PKCS#9 attribute list.
 	 *
 	 * @return				ASN.1 encoded PKCSI#9 list
 	 */
-	chunk_t (*get_encoding) (pkcs9_t *this);
+	chunk_t (*get_encoding) (pkcs7_attributes_t *this);
 
 	/**
 	 * Gets a PKCS#9 attribute from the list.
@@ -44,7 +44,7 @@ struct pkcs9_t {
 	 * @param oid			OID of the attribute
 	 * @return				value of the attribute (internal data)
 	 */
-	chunk_t (*get_attribute) (pkcs9_t *this, int oid);
+	chunk_t (*get_attribute) (pkcs7_attributes_t *this, int oid);
 
 	/**
 	 * Adds a PKCS#9 attribute.
@@ -52,28 +52,28 @@ struct pkcs9_t {
 	 * @param oid			OID of the attribute
 	 * @param value			value of the attribute, with ASN1 type (gets owned)
 	 */
-	void (*add_attribute) (pkcs9_t *this, int oid, chunk_t value);
+	void (*add_attribute) (pkcs7_attributes_t *this, int oid, chunk_t value);
 
 	/**
 	 * Destroys the PKCS#9 attribute list.
 	 */
-	void (*destroy) (pkcs9_t *this);
+	void (*destroy) (pkcs7_attributes_t *this);
 };
 
 /**
- * Read a PKCS#9 attribute list from a DER encoded chunk.
+ * Read a PKCS#7 attribute list (aka PKCS#9) from a DER encoded chunk.
  *
  * @param chunk		chunk containing DER encoded data
  * @param level		ASN.1 parsing start level
  * @return 			created pkcs9 attribute list, or NULL if invalid.
  */
-pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level);
+pkcs7_attributes_t *pkcs7_attributes_create_from_chunk(chunk_t chunk, u_int level);
 
 /**
- * Create an empty PKCS#9 attribute list
+ * Create an empty PKCS#7 attribute list, aka PKCS#9.
  *
  * @return 				created pkcs9 attribute list.
  */
-pkcs9_t *pkcs9_create(void);
+pkcs7_attributes_t *pkcs7_attributes_create(void);
 
 #endif /** PKCS9_H_ @}*/

src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c

@@ -14,6 +14,7 @@
  */
 
 #include "pkcs7_signed_data.h"
+#include "pkcs7_attributes.h"
 
 #include <time.h>
 
@@ -21,7 +22,6 @@
 #include <asn1/oid.h>
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
-#include <crypto/pkcs9.h>
 #include <credentials/sets/mem_cred.h>
 #include <credentials/certificates/x509.h>
 #include <credentials/keys/private_key.h>
@@ -67,7 +67,7 @@ typedef struct {
 	/**
 	 * Signed attributes of signerInfo
 	 */
-	pkcs9_t *attributes;
+	pkcs7_attributes_t *attributes;
 
 	/**
 	 * Serial of signing certificate
@@ -455,7 +455,8 @@ static bool parse(private_pkcs7_signed_data_t *this, chunk_t content)
 				break;
 			case PKCS7_AUTH_ATTRIBUTES:
 				*object.ptr = ASN1_SET;
-				info->attributes = pkcs9_create_from_chunk(object, level+1);
+				info->attributes = pkcs7_attributes_create_from_chunk(
+														object, level+1);
 				*object.ptr = ASN1_CONTEXT_C_0;
 				break;
 			case PKCS7_DIGEST_ALGORITHM:
@@ -516,7 +517,8 @@ static chunk_t build_issuerAndSerialNumber(certificate_t *cert)
  * Generate a new PKCS#7 signed-data container
  */
 static bool generate(private_pkcs7_signed_data_t *this, private_key_t *key,
-					 certificate_t *cert, hash_algorithm_t alg, pkcs9_t *pkcs9)
+					 certificate_t *cert, hash_algorithm_t alg,
+					 pkcs7_attributes_t *pkcs9)
 {
 	chunk_t authenticatedAttributes = chunk_empty;
 	chunk_t encryptedDigest = chunk_empty;
@@ -617,11 +619,11 @@ pkcs7_t *pkcs7_signed_data_gen(container_type_t type, va_list args)
 	hash_algorithm_t alg = HASH_SHA1;
 	private_key_t *key = NULL;
 	certificate_t *cert = NULL;
-	pkcs9_t *pkcs9;
+	pkcs7_attributes_t *pkcs9;
 	chunk_t value;
 	int oid;
 
-	pkcs9 = pkcs9_create();
+	pkcs9 = pkcs7_attributes_create();
 
 	while (TRUE)
 	{

src/scepclient/scep.c

@@ -22,7 +22,6 @@
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
 #include <asn1/oid.h>
-#include <crypto/pkcs9.h>
 #include <crypto/rngs/rng.h>
 #include <crypto/hashers/hasher.h>