| blob | 8719d27581f4360d78eab39d879d55ec251022d4 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
37 /*
38 * CMS encoding.
39 *
40 * $Id: cmsencode.c,v 1.6 2006/06/08 22:01:02 nelson%bolyard.com Exp $
41 */
54 NSSCMSContentCallback outputfn;
58 };
69 };
73 static SECStatus nss_cms_encoder_update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len);
80 /*
81 * The little output function that the ASN.1 encoder calls to hand
82 * us bytes which we in turn hand back to our caller (via the callback
83 * they gave us).
84 */
85 static void
88 {
93 #ifdef CMSDEBUG
99 }
102 #endif
105 /* call output callback with DER data */
109 /* store DER data in SECItem */
118 }
120 /* oops */
126 /* copy it in */
128 }
129 }
131 /*
132 * nss_cms_encoder_notify - ASN.1 encoder callback
133 *
134 * this function is called by the ASN.1 encoder before and after the encoding of
135 * every object. here, it is used to keep track of data structures, set up
136 * encryption and/or digesting and possibly set up child encoders.
137 */
138 static void
140 {
145 SECOidTag childtype;
154 #ifdef CMSDEBUG
155 fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth);
156 #endif
158 /*
159 * Watch for the content field, at which point we want to instruct
160 * the ASN.1 encoder to start taking bytes from the buffer.
161 */
165 /* we're still in the root message */
167 /* got the content type OID now - so find out the type tag */
169 /* set up a pointer to our current content */
171 }
176 /* just set up encoder to grab from user - no encryption or digesting */
179 else
182 }
190 /* when we know what the content is, we encode happily until we reach the inner content */
195 /* we're right before encoding the data (if we have some or not) */
196 /* (for encrypted data, we're right before the contentEncAlg which may change */
197 /* in nss_cms_before_data because of IV calculation when setting up encryption) */
200 }
203 /* we have data - feed it in */
205 else
206 /* else try to get it from user */
208 }
213 }
215 }
216 }
218 /*
219 * nss_cms_before_data - setup the current encoder to receive data
220 */
221 static SECStatus
223 {
224 SECStatus rv;
225 SECOidTag childtype;
233 /* call _Encode_BeforeData handlers */
236 /* we're encoding a signedData, so set up the digests */
240 /* we're encoding a digestedData, so set up the digest */
251 }
255 /* ok, now we have a pointer to cinfo */
256 /* find out what kind of data is encapsulated */
266 #if 0
268 #endif
269 /* in these cases, we need to set up a child encoder! */
270 /* create new encoder context */
275 /* the CHILD encoder needs to hand its encoded data to the CURRENT encoder
276 * (which will encrypt and/or digest it)
277 * this needs to route back into our update function
278 * which finds the lowest encoding context & encrypts and computes digests */
281 /* use the non-recursive update function here, of course */
292 /* now initialize the data for encoding the first third */
312 }
316 /*
317 * Initialize the BER encoder.
318 */
326 /*
327 * Indicate that we are streaming. We will be streaming until we
328 * get past the contents bytes.
329 */
332 /*
333 * The notify function will watch for the contents field.
334 */
337 /* please note that we are NOT calling SEC_ASN1EncoderUpdate here to kick off the */
338 /* encoding process - we'll do that from the update function instead */
339 /* otherwise we'd be encoding data from a call of the notify function of the */
340 /* parent encoder (which would not work) */
342 /* this will kick off the encoding process & encode everything up to the content bytes,
343 * at which point the notify function sets streaming mode (and possibly creates
344 * another child encoder). */
355 /* we do not know this type */
358 }
362 loser:
367 }
369 }
371 static SECStatus
373 {
378 /* this will finish the digests and sign */
391 /* do nothing */
396 }
398 }
400 /*
401 * nss_cms_encoder_work_data - process incoming data
402 *
403 * (from the user or the next encoding layer)
404 * Here, we need to digest and/or encrypt, then pass it on
405 */
406 static SECStatus
410 {
412 SECStatus rv;
417 /*
418 * We should really have data to process, or we should be trying
419 * to finish/flush the last block. (This is an overly paranoid
420 * check since all callers are in this file and simple inspection
421 * proves they do it right. But it could find a bug in future
422 * modifications/development, that is why it is here.)
423 */
426 /* we got data (either from the caller, or from a lower level encoder) */
429 /* Update the running digest. */
433 /* Encrypt this chunk. */
442 /*
443 * No output is expected, but the input data may be buffered
444 * so we still have to call Encrypt.
445 */
451 }
453 }
457 else
467 }
469 /* encryption or malloc failed? */
471 }
474 /*
475 * at this point (data,len) has everything we'd like to give to the CURRENT encoder
476 * (which will encode it, then hand it back to the user or the parent encoder)
477 * We don't encode the data if we're innermost and we're told not to include the data
478 */
482 done:
490 }
491 }
493 }
495 /*
496 * nss_cms_encoder_update - deliver encoded data to the next higher level
497 *
498 * no recursion here because we REALLY want to end up at the next higher encoder!
499 */
500 static SECStatus
502 {
503 /* XXX Error handling needs help. Return what? Do "Finish" on failure? */
504 return nss_cms_encoder_work_data (p7ecx, NULL, (const unsigned char *)data, len, PR_FALSE, PR_FALSE);
505 }
507 /*
508 * NSS_CMSEncoder_Start - set up encoding of a CMS message
509 *
510 * "cmsg" - message to encode
511 * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
512 * will not be called if NULL.
513 * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
514 * "destpoolp" - pool to allocate DER-encoded output in
515 * "pwfn", pwfn_arg" - callback function for getting token password
516 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
517 * "detached_digestalgs", "detached_digests" - digests from detached content
518 */
519 NSSCMSEncoderContext *
526 {
528 SECStatus rv;
538 }
565 }
569 }
571 /* Initialize the BER encoder.
572 * Note that this will not encode anything until the first call to SEC_ASN1EncoderUpdate */
578 }
581 /*
582 * Indicate that we are streaming. We will be streaming until we
583 * get past the contents bytes.
584 */
587 /*
588 * The notify function will watch for the contents field.
589 */
592 /* this will kick off the encoding process & encode everything up to the content bytes,
593 * at which point the notify function sets streaming mode (and possibly creates
594 * a child encoder). */
598 }
601 }
603 /*
604 * NSS_CMSEncoder_Update - take content data delivery from the user
605 *
606 * "p7ecx" - encoder context
607 * "data" - content data
608 * "len" - length of content data
609 *
610 * need to find the lowest level (and call SEC_ASN1EncoderUpdate on the way down),
611 * then hand the data to the work_data fn
612 */
613 SECStatus
615 {
616 SECStatus rv;
618 SECOidTag childtype;
623 /* hand data to the innermost decoder */
625 /* recursion here */
628 /* we are at innermost decoder */
629 /* find out about our inner content type - must be data */
634 /* and we must not have preset data */
638 /* hand it the data so it can encode it (let DER trickle up the chain) */
639 rv = nss_cms_encoder_work_data(p7ecx, NULL, (const unsigned char *)data, len, PR_FALSE, PR_TRUE);
640 }
642 }
644 /*
645 * NSS_CMSEncoder_Cancel - stop all encoding
646 *
647 * we need to walk down the chain of encoders and the finish them from the innermost out
648 */
649 SECStatus
651 {
654 /* XXX do this right! */
656 /*
657 * Finish any inner decoders before us so that all the encoded data is flushed
658 * This basically finishes all the decoders from the innermost to the outermost.
659 * Finishing an inner decoder may result in data being updated to the outer decoder
660 * while we are already in NSS_CMSEncoder_Finish, but that's allright.
661 */
664 /* remember rv for now */
665 }
667 /*
668 * On the way back up, there will be no more data (if we had an
669 * inner encoder, it is done now!)
670 * Flush out any remaining data and/or finish digests.
671 */
678 /* kick the encoder back into working mode again.
679 * We turn off streaming stuff (which will cause the encoder to continue
680 * encoding happily, now that we have all the data (like digests) ready for it).
681 */
685 /* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
688 loser:
692 }
694 /*
695 * NSS_CMSEncoder_Finish - signal the end of data
696 *
697 * we need to walk down the chain of encoders and the finish them from the innermost out
698 */
699 SECStatus
701 {
704 SECOidTag childtype;
706 /*
707 * Finish any inner decoders before us so that all the encoded data is flushed
708 * This basically finishes all the decoders from the innermost to the outermost.
709 * Finishing an inner decoder may result in data being updated to the outer decoder
710 * while we are already in NSS_CMSEncoder_Finish, but that's allright.
711 */
716 }
718 /*
719 * On the way back up, there will be no more data (if we had an
720 * inner encoder, it is done now!)
721 * Flush out any remaining data and/or finish digests.
722 */
729 /* find out about our inner content type - must be data */
734 /* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
736 }
743 loser:
747 }