/* * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption */ SECStatus NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd) { NSSCMSContentInfo *cinfo; PK11SymKey *bulkkey; SECAlgorithmID *algid; cinfo = &(encd->contentInfo); /* find bulkkey and algorithm - must have been set by NSS_CMSEncryptedData_Encode_BeforeStart */ bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo); if (bulkkey == NULL) return SECFailure; algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo); if (algid == NULL) return SECFailure; /* this may modify algid (with IVs generated in a token). * it is therefore essential that algid is a pointer to the "real" contentEncAlg, * not just to a copy */ cinfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp, bulkkey, algid); PK11_FreeSymKey(bulkkey); if (cinfo->ciphcx == NULL) return SECFailure; return SECSuccess; }
/* * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption * * it is essential that this is called before the contentEncAlg is encoded, because * setting up the encryption may generate IVs and thus change it! */ SECStatus NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd) { NSSCMSContentInfo *cinfo; PK11SymKey *bulkkey; SECAlgorithmID *algid; SECStatus rv; cinfo = &(envd->contentInfo); /* find bulkkey and algorithm - must have been set by NSS_CMSEnvelopedData_Encode_BeforeStart */ bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo); if (bulkkey == NULL) return SECFailure; algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo); if (algid == NULL) return SECFailure; rv = NSS_CMSContentInfo_Private_Init(cinfo); if (rv != SECSuccess) { return SECFailure; } /* this may modify algid (with IVs generated in a token). * it is essential that algid is a pointer to the contentEncAlg data, not a * pointer to a copy! */ cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid); PK11_FreeSymKey(bulkkey); if (cinfo->privateInfo->ciphcx == NULL) return SECFailure; return SECSuccess; }