2
* The contents of this file are subject to the Mozilla Public
3
* License Version 1.1 (the "License"); you may not use this file
4
* except in compliance with the License. You may obtain a copy of
5
* the License at http://www.mozilla.org/MPL/
7
* Software distributed under the License is distributed on an "AS
8
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9
* implied. See the License for the specific language governing
10
* rights and limitations under the License.
12
* The Original Code is the Netscape security libraries.
14
* The Initial Developer of the Original Code is Netscape
15
* Communications Corporation. Portions created by Netscape are
16
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
21
* Alternatively, the contents of this file may be used under the
22
* terms of the GNU General Public License Version 2 or later (the
23
* "GPL"), in which case the provisions of the GPL are applicable
24
* instead of those above. If you wish to allow use of your
25
* version of this file only under the terms of the GPL and not to
26
* allow others to use your version of this file under the MPL,
27
* indicate your decision by deleting the provisions above and
28
* replace them with the notice and other provisions required by
29
* the GPL. If you do not delete the provisions above, a recipient
30
* may use your version of this file under either the MPL or the
35
* CMS encryptedData methods.
37
* $Id: cmsencdata.c,v 1.6 2003/02/10 22:36:45 relyea%netscape.com Exp $
52
* NSS_CMSEncryptedData_Create - create an empty encryptedData object.
54
* "algorithm" specifies the bulk encryption algorithm to use.
55
* "keysize" is the key size.
57
* An error results in a return value of NULL and an error set.
58
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
61
NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize)
64
NSSCMSEncryptedData *encd;
66
SECAlgorithmID *pbe_algid;
71
mark = PORT_ArenaMark(poolp);
73
encd = (NSSCMSEncryptedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSEncryptedData));
79
/* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */
82
/* XXX hmmm... hardcoded algorithms? */
84
case SEC_OID_DES_EDE3_CBC:
86
rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo), algorithm, NULL, keysize);
89
/* Assume password-based-encryption. At least, try that. */
90
pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
91
if (pbe_algid == NULL) {
95
rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp, &(encd->contentInfo), pbe_algid, keysize);
96
SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
102
PORT_ArenaUnmark(poolp, mark);
106
PORT_ArenaRelease(poolp, mark);
111
* NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
114
NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd)
116
/* everything's in a pool, so don't worry about the storage */
117
NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
122
* NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
125
NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd)
127
return &(encd->contentInfo);
131
* NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
132
* before encoding begins.
135
* - set the correct version value.
136
* - get the encryption key
139
NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd)
142
PK11SymKey *bulkkey = NULL;
144
NSSCMSContentInfo *cinfo = &(encd->contentInfo);
146
if (NSS_CMSArray_IsEmpty((void **)encd->unprotectedAttr))
147
version = NSS_CMS_ENCRYPTED_DATA_VERSION;
149
version = NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR;
151
dummy = SEC_ASN1EncodeInteger (encd->cmsg->poolp, &(encd->version), version);
155
/* now get content encryption key (bulk key) by using our cmsg callback */
156
if (encd->cmsg->decrypt_key_cb)
157
bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg,
158
NSS_CMSContentInfo_GetContentEncAlg(cinfo));
162
/* store the bulk key in the contentInfo so that the encoder can find it */
163
NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
164
PK11_FreeSymKey (bulkkey);
170
* NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
173
NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd)
175
NSSCMSContentInfo *cinfo;
177
SECAlgorithmID *algid;
179
cinfo = &(encd->contentInfo);
181
/* find bulkkey and algorithm - must have been set by NSS_CMSEncryptedData_Encode_BeforeStart */
182
bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
185
algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
189
/* this may modify algid (with IVs generated in a token).
190
* it is therefore essential that algid is a pointer to the "real" contentEncAlg,
191
* not just to a copy */
192
cinfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid);
193
PK11_FreeSymKey(bulkkey);
194
if (cinfo->ciphcx == NULL)
201
* NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
204
NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd)
206
if (encd->contentInfo.ciphcx) {
207
NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
208
encd->contentInfo.ciphcx = NULL;
211
/* nothing to do after data */
217
* NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
220
NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd)
222
PK11SymKey *bulkkey = NULL;
223
NSSCMSContentInfo *cinfo;
224
SECAlgorithmID *bulkalg;
225
SECStatus rv = SECFailure;
227
cinfo = &(encd->contentInfo);
229
bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
231
if (encd->cmsg->decrypt_key_cb == NULL) /* no callback? no key../ */
234
bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, bulkalg);
236
/* no success finding a bulk key */
239
NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
241
cinfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
242
if (cinfo->ciphcx == NULL)
243
goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
247
* For PKCS5 Encryption Algorithms, the bulkkey is actually a different
248
* structure. Therefore, we need to set the bulkkey to the actual key
249
* prior to freeing it.
251
if (SEC_PKCS5IsAlgorithmPBEAlg(bulkalg)) {
252
SEC_PKCS5KeyAndPassword *keyPwd = (SEC_PKCS5KeyAndPassword *)bulkkey;
253
bulkkey = keyPwd->key;
256
/* we are done with (this) bulkkey now. */
257
PK11_FreeSymKey(bulkkey);
266
* NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
269
NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd)
271
if (encd->contentInfo.ciphcx) {
272
NSS_CMSCipherContext_Destroy(encd->contentInfo.ciphcx);
273
encd->contentInfo.ciphcx = NULL;
280
* NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
283
NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd)
285
/* apply final touches */