On Feb 6, 3:29 am, Shailendra N Jain <shailen.n.j...@gmail.com> wrote: > In the sample that I am working on, I need to decrypt the mac appended > plaintext. But while verifying the MAC, I am using the below context to > call PK11_DigestFinal. > > PK11_CreateContextBySymKey(CKM_MD5_HMAC, CKA_VERIFY, mk, &noParams);
Hi Shailendra, You should pass in CKA_SIGN instead of CKA_VERIFY. I know that it is counter-intuitive but that is because you are verifying the mac "manually", so to speak. You have decrypted a buffer. That buffer is encrypted(concat(ptext, mac)) so now you have recovered ptext + mac all together. Since you know the size of the mac you can split the parts, maybe copy to separate buffers. You now compute a Mac based on the plaintext part and that should match the mac portion you extracted unless there the data got alterred. Some other libraries provide a MacVerify function that would do it under that covers for you (you will pass the messag and the sent mac) but the PK11_ functions aren't that way. Elio -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
