如何在 NSS 中使用 CMS 强制执行定长编码?
如何在 NSS 中使用 CMS 强制执行定长编码?
我正在尝试让 NSS 的 CMS 编码器使用 DER 进行编码,但 mozilla 的人们显然只担心 BER 编码(据我所知)。我能够使用原始类型获得明确的编码,但所有构造类型都有不定编码。
我当前正在使用的代码(使用 NSS-3.12.7):
/* Create memory pool (aka an arena.) */
PLArenaPool * arena = PORT_NewArena(4096);
/* Create the CMS Message object */
fprintf(stderr, "Create the CMS Message object\n");
NSSCMSMessage * cmsMessage = NSS_CMSMessage_Create(arena);
NSSCMSContentInfo * cinfo = NSS_CMSMessage_GetContentInfo(cmsMessage);
/* Create a DigestedData object who's parent is cmsMessage */
fprintf(stderr, "Create a DigestedData object who's parent is cmsMessage\n");
SECAlgorithmID * id = CreateDigestAlgorithmID(arena, SEC_OID_SHA1);
NSSCMSDigestedData * digestedData =
NSS_CMSDigestedData_Create(cmsMessage, id);
NSSCMSContentInfo * dcinfo =
NSS_CMSDigestedData_GetContentInfo(digestedData);
/* Tell the DigestedData object to include the content (not detached.) */
fprintf(stderr, "Tell the DigestedData object to include the content (Length: %d)\n", in_len);
SECItem * in_data = CreateSECItemString(arena, in, in_len);
NSS_CMSContentInfo_SetContent_Data(cmsMessage, dcinfo, in_data, PR_FALSE);
/* Put digestedData into cmsMessage's contentInfo section */
fprintf(stderr, "Put digestedData into cmsMessage's contentInfo section\n");
NSS_CMSContentInfo_SetContent_DigestedData(cmsMessage, cinfo, digestedData);
/* Encode input data to DER format with following parameters */
fprintf(stderr, "Encode input data to DER format\n");
SECItem * encodedOutput = (SECItem*)PORT_ArenaZAlloc(arena, sizeof(SECItem));
NSSCMSEncoderContext * ecx =
NSS_CMSEncoder_Start(cmsMessage, NULL, NULL, encodedOutput, arena,
NULL, NULL, NULL, NULL, NULL, NULL);
fprintf(stderr, "NSS_CMSEncoder_Update\n");
NSS_CMSEncoder_Update(ecx, NULL, 0);
fprintf(stderr, "NSS_CMSEncoder_Finish\n");
NSS_CMSEncoder_Finish(ecx);
感谢任何帮助, 陈兹
How to enforce definite length encoding with CMS in NSS?
I am trying to get NSS's CMS encoder to encode with DER, but the folks as mozilla have apparently only worried about BER encoding (as far as I can tell.) I am able to get definite encoding with primitive types, but all constructed types have indefinite encoding.
Code I am currently using (with NSS-3.12.7):
/* Create memory pool (aka an arena.) */
PLArenaPool * arena = PORT_NewArena(4096);
/* Create the CMS Message object */
fprintf(stderr, "Create the CMS Message object\n");
NSSCMSMessage * cmsMessage = NSS_CMSMessage_Create(arena);
NSSCMSContentInfo * cinfo = NSS_CMSMessage_GetContentInfo(cmsMessage);
/* Create a DigestedData object who's parent is cmsMessage */
fprintf(stderr, "Create a DigestedData object who's parent is cmsMessage\n");
SECAlgorithmID * id = CreateDigestAlgorithmID(arena, SEC_OID_SHA1);
NSSCMSDigestedData * digestedData =
NSS_CMSDigestedData_Create(cmsMessage, id);
NSSCMSContentInfo * dcinfo =
NSS_CMSDigestedData_GetContentInfo(digestedData);
/* Tell the DigestedData object to include the content (not detached.) */
fprintf(stderr, "Tell the DigestedData object to include the content (Length: %d)\n", in_len);
SECItem * in_data = CreateSECItemString(arena, in, in_len);
NSS_CMSContentInfo_SetContent_Data(cmsMessage, dcinfo, in_data, PR_FALSE);
/* Put digestedData into cmsMessage's contentInfo section */
fprintf(stderr, "Put digestedData into cmsMessage's contentInfo section\n");
NSS_CMSContentInfo_SetContent_DigestedData(cmsMessage, cinfo, digestedData);
/* Encode input data to DER format with following parameters */
fprintf(stderr, "Encode input data to DER format\n");
SECItem * encodedOutput = (SECItem*)PORT_ArenaZAlloc(arena, sizeof(SECItem));
NSSCMSEncoderContext * ecx =
NSS_CMSEncoder_Start(cmsMessage, NULL, NULL, encodedOutput, arena,
NULL, NULL, NULL, NULL, NULL, NULL);
fprintf(stderr, "NSS_CMSEncoder_Update\n");
NSS_CMSEncoder_Update(ecx, NULL, 0);
fprintf(stderr, "NSS_CMSEncoder_Finish\n");
NSS_CMSEncoder_Finish(ecx);
Any help appreciated,
Chenz
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CMS 本身是一个 BER 标准,因此默认情况下 NSS 使用不定编码进行编码。这是因为 NSS 希望通过其管道传输数据,为应用程序提供中间结果,而无需在生成任何输出之前接收整个流。
话虽如此,对于 CMS 编码器,有一些应用程序您不关心数据流,而是希望使用明确的编码。 NSS 团队最近添加了一个函数,该函数将关闭不确定编码,称为:
NSS_CMSContentInfo_SetDontStream()
在您的顶级内容信息上调用它。不幸的是它是在 NSS 3.12.10 中添加的,所以你必须升级才能使用它。
如果您有其他 NSS 问题,您应该尝试 Mozilla 加密邮件列表:[电子邮件受保护]鲍勃
CMS itself is a BER standard, so by default NSS encodes using indefinite encoding. This is because NSS expects to stream the data through it's pipeline, providing the application with intermediate results without having to receive the entire stream before it produces any output.
That being said, there are some applications for the CMS encoder where you don't care about streaming the data, and want to use definite encoding. The NSS team recently added a function which will turn off indefinite encoding called:
NSS_CMSContentInfo_SetDontStream()
call it on your top level contentinfo. Unfortunately it was added in NSS 3.12.10, so you'll have to move up to use it.
If you have other NSS questions, you should try the Mozilla crypto mailing lists: [email protected]
bob