/*
* SecCmsEncryptedDataCreate - create an empty encryptedData object.
*
* "algorithm" specifies the bulk encryption algorithm to use.
* "keysize" is the key size.
*
* An error results in a return value of NULL and an error set.
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
SecCmsEncryptedDataRef
SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysize)
{
void *mark;
SecCmsEncryptedDataRef encd;
PLArenaPool *poolp;
#if 0
SECAlgorithmID *pbe_algid;
#endif
OSStatus rv;
poolp = cmsg->poolp;
mark = PORT_ArenaMark(poolp);
encd = (SecCmsEncryptedDataRef)PORT_ArenaZAlloc(poolp, sizeof(SecCmsEncryptedData));
if (encd == NULL)
goto loser;
encd->cmsg = cmsg;
/* version is set in SecCmsEncryptedDataEncodeBeforeStart() */
switch (algorithm) {
/* XXX hmmm... hardcoded algorithms? */
case SEC_OID_RC2_CBC:
case SEC_OID_DES_EDE3_CBC:
case SEC_OID_DES_CBC:
rv = SecCmsContentInfoSetContentEncAlg((SecArenaPoolRef)poolp, &(encd->contentInfo), algorithm, NULL, keysize);
break;
default:
/* Assume password-based-encryption. At least, try that. */
#if 1
// @@@ Fix me
rv = SECFailure;
break;
#else
pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
if (pbe_algid == NULL) {
rv = SECFailure;
break;
}
rv = SecCmsContentInfoSetContentEncAlgID((SecArenaPoolRef)poolp, &(encd->contentInfo), pbe_algid, keysize);
SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
break;
#endif
}
if (rv != SECSuccess)
goto loser;
PORT_ArenaUnmark(poolp, mark);
return encd;
loser:
PORT_ArenaRelease(poolp, mark);
return NULL;
}
/*
* NSS_CMSEncryptedData_Create - create an empty encryptedData object.
*
* "algorithm" specifies the bulk encryption algorithm to use.
* "keysize" is the key size.
*
* An error results in a return value of NULL and an error set.
* (Retrieve specific errors via PORT_GetError()/XP_GetError().)
*/
NSSCMSEncryptedData *
NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm,
int keysize)
{
void *mark;
NSSCMSEncryptedData *encd;
PLArenaPool *poolp;
SECAlgorithmID *pbe_algid;
SECStatus rv;
poolp = cmsg->poolp;
mark = PORT_ArenaMark(poolp);
encd = PORT_ArenaZNew(poolp, NSSCMSEncryptedData);
if (encd == NULL)
goto loser;
encd->cmsg = cmsg;
/* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */
if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) {
rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo),
algorithm, NULL, keysize);
} else {
/* Assume password-based-encryption.
* Note: we can't generate pkcs5v2 from this interface.
* PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting
* non-PBE oids and assuming that they are pkcs5v2 oids, but
* NSS_CMSEncryptedData_Create accepts non-PBE oids as regular
* CMS encrypted data, so we can't tell NSS_CMS_EncryptedData_Create
* to create pkcs5v2 PBEs */
pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
if (pbe_algid == NULL) {
rv = SECFailure;
} else {
rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp,
&(encd->contentInfo),
pbe_algid, keysize);
SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE);
}
}
if (rv != SECSuccess)
goto loser;
PORT_ArenaUnmark(poolp, mark);
return encd;
loser:
PORT_ArenaRelease(poolp, mark);
return NULL;
}
