Back to index

lightning-sunbird  0.9+nobinonly
Functions
cmsencdata.c File Reference
#include "cmslocal.h"
#include "key.h"
#include "secasn1.h"
#include "secitem.h"
#include "secoid.h"
#include "pk11func.h"
#include "prtime.h"
#include "secerr.h"
#include "secpkcs5.h"

Go to the source code of this file.

Functions

NSSCMSEncryptedData * NSS_CMSEncryptedData_Create (NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize)
void NSS_CMSEncryptedData_Destroy (NSSCMSEncryptedData *encd)
NSSCMSContentInfo * NSS_CMSEncryptedData_GetContentInfo (NSSCMSEncryptedData *encd)
SECStatus NSS_CMSEncryptedData_Encode_BeforeStart (NSSCMSEncryptedData *encd)
SECStatus NSS_CMSEncryptedData_Encode_BeforeData (NSSCMSEncryptedData *encd)
SECStatus NSS_CMSEncryptedData_Encode_AfterData (NSSCMSEncryptedData *encd)
SECStatus NSS_CMSEncryptedData_Decode_BeforeData (NSSCMSEncryptedData *encd)
SECStatus NSS_CMSEncryptedData_Decode_AfterData (NSSCMSEncryptedData *encd)
SECStatus NSS_CMSEncryptedData_Decode_AfterEnd (NSSCMSEncryptedData *encd)

Function Documentation

NSSCMSEncryptedData* NSS_CMSEncryptedData_Create ( NSSCMSMessage *  cmsg,
SECOidTag  algorithm,
int  keysize 
)

Definition at line 64 of file cmsencdata.c.

{
    void *mark;
    NSSCMSEncryptedData *encd;
    PLArenaPool *poolp;
    SECAlgorithmID *pbe_algid;
    SECStatus rv;

    poolp = cmsg->poolp;

    mark = PORT_ArenaMark(poolp);

    encd = (NSSCMSEncryptedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSEncryptedData));
    if (encd == NULL)
       goto loser;

    encd->cmsg = cmsg;

    /* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */

    switch (algorithm) {
    /* XXX hmmm... hardcoded algorithms? */
    case SEC_OID_RC2_CBC:
    case SEC_OID_DES_EDE3_CBC:
    case SEC_OID_DES_CBC:
       rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo), algorithm, NULL, keysize);
       break;
    default:
       /* Assume password-based-encryption.  At least, try that. */
       pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
       if (pbe_algid == NULL) {
           rv = SECFailure;
           break;
       }
       rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp, &(encd->contentInfo), pbe_algid, keysize);
       SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
       break;
    }
    if (rv != SECSuccess)
       goto loser;

    PORT_ArenaUnmark(poolp, mark);
    return encd;

loser:
    PORT_ArenaRelease(poolp, mark);
    return NULL;
}
SECStatus NSS_CMSEncryptedData_Decode_AfterData ( NSSCMSEncryptedData *  encd)

Definition at line 262 of file cmsencdata.c.

{
    if (encd->contentInfo.ciphcx) {
       NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
       encd->contentInfo.ciphcx = NULL;
    }

    return SECSuccess;
}
SECStatus NSS_CMSEncryptedData_Decode_AfterEnd ( NSSCMSEncryptedData *  encd)

Definition at line 276 of file cmsencdata.c.

{
    /* apply final touches */
    return SECSuccess;
}
SECStatus NSS_CMSEncryptedData_Decode_BeforeData ( NSSCMSEncryptedData *  encd)

Definition at line 223 of file cmsencdata.c.

{
    PK11SymKey *bulkkey = NULL;
    NSSCMSContentInfo *cinfo;
    SECAlgorithmID *bulkalg;
    SECStatus rv = SECFailure;

    cinfo = &(encd->contentInfo);

    bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);

    if (encd->cmsg->decrypt_key_cb == NULL)      /* no callback? no key../ */
       goto loser;

    bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, bulkalg);
    if (bulkkey == NULL)
       /* no success finding a bulk key */
       goto loser;

    NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);

    cinfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
    if (cinfo->ciphcx == NULL)
       goto loser;          /* error has been set by NSS_CMSCipherContext_StartDecrypt */


    /* we are done with (this) bulkkey now. */
    PK11_FreeSymKey(bulkkey);

    rv = SECSuccess;

loser:
    return rv;
}
void NSS_CMSEncryptedData_Destroy ( NSSCMSEncryptedData *  encd)

Definition at line 117 of file cmsencdata.c.

{
    /* everything's in a pool, so don't worry about the storage */
    NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
    return;
}
SECStatus NSS_CMSEncryptedData_Encode_AfterData ( NSSCMSEncryptedData *  encd)

Definition at line 207 of file cmsencdata.c.

{
    if (encd->contentInfo.ciphcx) {
       NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
       encd->contentInfo.ciphcx = NULL;
    }

    /* nothing to do after data */
    return SECSuccess;
}
SECStatus NSS_CMSEncryptedData_Encode_BeforeData ( NSSCMSEncryptedData *  encd)

Definition at line 176 of file cmsencdata.c.

{
    NSSCMSContentInfo *cinfo;
    PK11SymKey *bulkkey;
    SECAlgorithmID *algid;

    cinfo = &(encd->contentInfo);

    /* find bulkkey and algorithm - must have been set by NSS_CMSEncryptedData_Encode_BeforeStart */
    bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
    if (bulkkey == NULL)
       return SECFailure;
    algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
    if (algid == NULL)
       return SECFailure;

    /* this may modify algid (with IVs generated in a token).
     * it is therefore essential that algid is a pointer to the "real" contentEncAlg,
     * not just to a copy */
    cinfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
    PK11_FreeSymKey(bulkkey);
    if (cinfo->ciphcx == NULL)
       return SECFailure;

    return SECSuccess;
}
SECStatus NSS_CMSEncryptedData_Encode_BeforeStart ( NSSCMSEncryptedData *  encd)

Definition at line 142 of file cmsencdata.c.

{
    int version;
    PK11SymKey *bulkkey = NULL;
    SECItem *dummy;
    NSSCMSContentInfo *cinfo = &(encd->contentInfo);

    if (NSS_CMSArray_IsEmpty((void **)encd->unprotectedAttr))
       version = NSS_CMS_ENCRYPTED_DATA_VERSION;
    else
       version = NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR;
    
    dummy = SEC_ASN1EncodeInteger (encd->cmsg->poolp, &(encd->version), version);
    if (dummy == NULL)
       return SECFailure;

    /* now get content encryption key (bulk key) by using our cmsg callback */
    if (encd->cmsg->decrypt_key_cb)
       bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, 
                  NSS_CMSContentInfo_GetContentEncAlg(cinfo));
    if (bulkkey == NULL)
       return SECFailure;

    /* store the bulk key in the contentInfo so that the encoder can find it */
    NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
    PK11_FreeSymKey (bulkkey);

    return SECSuccess;
}
NSSCMSContentInfo* NSS_CMSEncryptedData_GetContentInfo ( NSSCMSEncryptedData *  encd)

Definition at line 128 of file cmsencdata.c.

{
    return &(encd->contentInfo);
}