>>> I followed your previous example, and got the same error. >>> Generated a symmetric key with >>> PK11SymKey* symkey = PK11_TokenKeyGenWithFlags(slot, >>> >>> CKM_AES_CBC, >>> >>> NULL, >>> >>> len, >>> >>> NULL, >>> >>> CKF_ENCRYPT|CKF_WRAP, >>> >>> 0, >>> >>> NULL); >>> did a >>> PK11_PubWrapSymKey(CKM_RSA_PKCS, >>> pubKey, >>> symkey, >>> wrapped); >>> and work fine. But when decrypting, im reading the 256 buffer (the RSA >>> is 2048 bits), loading in into a SECItem and passing it to the decrypt >>> method. >>> PK11_PubUnwrapSymKey (privkey, wrappedKey, CKM_AES_CBC, CKF_DECRYPT, >>> wrappedKey->len); >>> and theres is when i get the ASSERT error: >>> file mpi.c >>> Expression: mp != ((void*)0) && str != ((void*)0) && len >0 >>> Any ideas? >>> Thanks a lot! >> Oops, I forgot to tell you. You should wrap Private keys with and _PAD >> mechanism (CKM_AES_CBC_PAD). >> >> It's interesting that it asserted. We should have just returned an >> error. That is probably worth a low priority bug report. >> >> bob > I'll add some information: > OK so im almost done. The ASSERT problem was because of an error when > storing private key. > Now i think im having some issues with the parameters passed to > functions. > > When i create the symmetric key i use CKM_AES_CBC >> > PK11_TokenKeyGenWithFlags(slot, CKM_AES_CBC, NULL, len, NULL, > CKF_ENCRYPT|CKF_WRAP, 0, NULL); In this case, any form of CKM_AES_XXXX should create the same result -- and AES key. of length 'len'. > For wrapping with public key i use CKM_RSA_PKCS > >> PK11_PubWrapSymKey(CKM_RSA_PKCS, pubKey, symkey, wrapped); Looking at the code, it seems that it doesn't matter what mechanism you pass in is, it will do the operation based on the pubKey. CKM_RSA_PKCS is the right thing to pass here, though.... Is wrapped a SECItem * that is already allocated? I was actually expecting something like &wrapped here where wrapped is declared as an SECItem. I'm guessing you have this right, though because you aren't crashing. > For un wrapping with private key i use CKM_AES_CBC_PAD and >> > PK11_PubUnwrapSymKey(privkey, wrappedKey, CKM_AES_CBC, CKA_WRAP, > wrappedKey->len); > This combination gives me an error 8152 (Invalid key) Pass '0' or the actual key length you passed PK11_TokenKeyGenWithFlags here. wrappedKey->len is the size of the RSA wrapped key data, which is considerably larger than the key. > i also tried using CKM_AES_CBC_PAD when wrapping >> > PK11_PubWrapSymKey(CKM_AES_CBC_PAD, pubKey, symkey, wrapped); > and CKM_AES_CBC_PAD when un wrapping. >> > PK11_PubUnwrapSymKey(privkey, wrappedKey, CKM_AES_CBC_PAD, CKA_WRAP, > wrappedKey->len); > This combination gives me an error 8152 (Invalid key) > If i use CKM_RSA_PKCS for wrapping and unwrapping then the returned > PK11SymKey is NULL. > > > thanks again!
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
