-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S/MIME APIs #58
Comments
Proposed API: // <cups/ipp.h>
extern ipp_attribute_t *ippAddCredentialsString(ipp_t *ipp, ipp_tag_t group_tag, const char *name, const char *credentials) _CUPS_PUBLIC;
extern char *ippCopyCredentialsString(ipp_attribute_t *attr) _CUPS_PUBLIC;
// <cups/smime.h>
typedef struct _cups_smime_s cups_smime_t;
typedef ssize_t (*cups_smime_cb_t)(void *context, char *buffer, size_t bytes);
extern bool cupsSMIMEClose(cups_smime_t *smime) _CUPS_PUBLIC;
extern cups_smime_t cupsSMIMEOpen(const char *filename, const char *mode, const char *credentials, const char *key, const char *password) _CUPS_PUBLIC;
extern cups_smime_t cupsSMIMEOpenIO(void *context, cups_smime_cb_t cb, const char *mode, const char *credentials, const char *key, const char *password) _CUPS_PUBLIC;
extern ssize_t cupsSMIMERead(cups_smime_t *smime, char *buffer, size_t bytes) _CUPS_PUBLIC;
extern ssize_t cupsSMIMEWrite(cups_smime_t *smime, const char *buffer, size_t bytes) _CUPS_PUBLIC; |
Tracking in smime branch... |
RFC 8551 defines the current version of S/MIME. RFC requirements:
For purposes of this implementation, only use AES-256 GCM when writing and support them all for reading - this is consistent with the "rule 2" recommendations in section 2.7.1.2 since the current IPP TRUSTNOONE specification does not provide a way for the Client to discover the supported encryption methods.
|
OK, the OpenSSL CMS API doesn't allow for streaming read/write, at least not directly. Might be able to do a BIO method that handles reading/writing an IPP message with optional attached data file. |
…ted lines in the credentials string (Issue #58)
OK, I've decided to defer more of this to future - I'll merge the ippAdd/CopyCredentialsString API stuff since that is immediately useful and save encoding/decoding S/MIME CMS messages for a future update. |
The prototype IPP Encrypted Jobs and Documents v1.0 (TRUSTNOONE) specification sends sensitive IPP attributes and document data in S/MIME containers. Since this might be done with OpenSSL or GNU TLS, we need a CUPS API to expose this functionality.
The read/write functions should support the typical IO callback (like the IPP functions do).
The text was updated successfully, but these errors were encountered: