diff options
Diffstat (limited to 'security/nss/lib/pkcs7')
-rw-r--r-- | security/nss/lib/pkcs7/p7create.c | 53 | ||||
-rw-r--r-- | security/nss/lib/pkcs7/p7encode.c | 2 | ||||
-rw-r--r-- | security/nss/lib/pkcs7/secpkcs7.h | 20 |
3 files changed, 74 insertions, 1 deletions
diff --git a/security/nss/lib/pkcs7/p7create.c b/security/nss/lib/pkcs7/p7create.c index fcf0cad5b..96ada5c0f 100644 --- a/security/nss/lib/pkcs7/p7create.c +++ b/security/nss/lib/pkcs7/p7create.c @@ -1245,3 +1245,56 @@ SEC_PKCS7CreateEncryptedData(SECOidTag algorithm, int keysize, return cinfo; } + +SEC_PKCS7ContentInfo * +SEC_PKCS7CreateEncryptedDataWithPBEV2(SECOidTag pbe_algorithm, + SECOidTag cipher_algorithm, + SECOidTag prf_algorithm, + int keysize, + SECKEYGetPasswordKey pwfn, void *pwfn_arg) +{ + SEC_PKCS7ContentInfo *cinfo; + SECAlgorithmID *algid; + SEC_PKCS7EncryptedData *enc_data; + SECStatus rv; + + PORT_Assert(SEC_PKCS5IsAlgorithmPBEAlgTag(pbe_algorithm)); + + cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENCRYPTED_DATA, + PR_FALSE, pwfn, pwfn_arg); + if (cinfo == NULL) + return NULL; + + enc_data = cinfo->content.encryptedData; + algid = &(enc_data->encContentInfo.contentEncAlg); + + SECAlgorithmID *pbe_algid; + pbe_algid = PK11_CreatePBEV2AlgorithmID(pbe_algorithm, + cipher_algorithm, + prf_algorithm, + keysize, + NSS_PBE_DEFAULT_ITERATION_COUNT, + NULL); + if (pbe_algid == NULL) { + rv = SECFailure; + } else { + rv = SECOID_CopyAlgorithmID(cinfo->poolp, algid, pbe_algid); + SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE); + } + + if (rv != SECSuccess) { + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; + } + + rv = sec_pkcs7_init_encrypted_content_info(&(enc_data->encContentInfo), + cinfo->poolp, + SEC_OID_PKCS7_DATA, PR_FALSE, + cipher_algorithm, keysize); + if (rv != SECSuccess) { + SEC_PKCS7DestroyContentInfo(cinfo); + return NULL; + } + + return cinfo; +} diff --git a/security/nss/lib/pkcs7/p7encode.c b/security/nss/lib/pkcs7/p7encode.c index bdbc343d3..af3da5918 100644 --- a/security/nss/lib/pkcs7/p7encode.c +++ b/security/nss/lib/pkcs7/p7encode.c @@ -510,7 +510,7 @@ sec_pkcs7_encoder_work_data(SEC_PKCS7EncoderContext *p7ecx, SECItem *dest, * No output is expected, but the input data may be buffered * so we still have to call Encrypt. */ - rv = sec_PKCS7Encrypt(p7ecx->encryptobj, NULL, NULL, 0, + rv = sec_PKCS7Encrypt(p7ecx->encryptobj, NULL, &outlen, 0, data, inlen, final); if (final) { len = 0; diff --git a/security/nss/lib/pkcs7/secpkcs7.h b/security/nss/lib/pkcs7/secpkcs7.h index d95c7d891..78270bd15 100644 --- a/security/nss/lib/pkcs7/secpkcs7.h +++ b/security/nss/lib/pkcs7/secpkcs7.h @@ -287,6 +287,26 @@ SEC_PKCS7CreateEncryptedData(SECOidTag algorithm, int keysize, SECKEYGetPasswordKey pwfn, void *pwfn_arg); /* + * Create an empty PKCS7 encrypted content info. + * + * Similar to SEC_PKCS7CreateEncryptedData(), but this is capable of + * creating encrypted content for PKCS #5 v2 algorithms. + * + * "pbe_algorithm" specifies the PBE algorithm to use. + * "cipher_algorithm" specifies the bulk encryption algorithm to use. + * "prf_algorithm" specifies the PRF algorithm which pbe_algorithm uses. + * + * An error results in a return value of NULL and an error set. + * (Retrieve specific errors via PORT_GetError()/XP_GetError().) + */ +extern SEC_PKCS7ContentInfo * +SEC_PKCS7CreateEncryptedDataWithPBEV2(SECOidTag pbe_algorithm, + SECOidTag cipher_algorithm, + SECOidTag prf_algorithm, + int keysize, + SECKEYGetPasswordKey pwfn, void *pwfn_arg); + +/* * All of the following things return SECStatus to signal success or failure. * Failure should have a more specific error status available via * PORT_GetError()/XP_GetError(). |