On Jun 22, 11:56 am, Robert Relyea <rrel...@redhat.com> wrote:
> On 06/22/2011 10:54 AM, Crypto User wrote:> Ok. So I got it that Encrypt and
> decrypt Raw supports no padding . So
> > the data has to be exactly the length of modulus. Correct?
>
> Right. If you try to encrypt something smaller than the modulus, it will
> assume it's zero padded.> But , PK11_pubEncryptPKCS1/ PK11_PrivDecryptPKCS1
> gives error -8023.
>
> yeah, I wanted to respond to this last night, but I was on my way out
> and didn't have time to convert the error number. We have a utility
> function that prints out the error in a more human readable format, but
> not all nss packages include it (it's in a static library used the the
> NSS tools). The function is :
>
> const char *SECU_Strerror(PRErrorCode errNum)
>
> and can be found in mozilla/security/nss/cmd/lib/secerror.c
>
> -8023 is PKCS#11 Device error. Softoken returns this when the
> underlying freebl engine returns an error.
>
> This could be because: 1) There is something wrong with the key, 2)
> There is something wrong with the data you passed to Decrypt (the result
> was not PKCS #1 wrapped and therefor invalid, or 3) you are trying to
> encrypt too much data (you can't encrypt more than modulus length - 11
> bytes).
>
> So.... some more questions for you:
>
> Is both PK11_PubEncryptPKCS1 and PK11_PrivDecryptPKCS1 returning this
> error? Using the exact same keys as the Raw case? What is the data you
> are trying to encrypt?
>
> Having a sample of the failing code would probably be more helpful.
>
> bob
>
> > Can anybody pl. provide any pointer.
> > Thanks
The PubEncryptPKCS1 works but the PrivDecryptPKCS1 does not work. It
still gives error -8023.
The same keys work for pubencrypy/decryptRaw with the changes in the
data length. (128 for 1024 RSA) for PKCS1 I have 111 bytes of data.
I encrypt the data and write out to a file and then read it from the
file for decryption again.
I follow the same technique for symmetric encrypt/decrypt and it
works.So I know my writting out routines do not add any extra stuff.
My code is part of a bigger scheme of code but here are the snippets -
Let me know if it is illegible.
signed int AsymmetricDecrypt(CCS_Context *ccsContext,
CCS_CryptParameters *decryptionParams,
CCS_Stream_Input *cipherText,
unsigned int cipherTextLength,
CCS_Stream_Output *plainText,
unsigned int *plainTextLength) {
signed int err =
CCS_Success;
SECKEYPrivateKey *privateKey = NULL;
int modulus_length = 0;
int offset = 0;/* seek position in the
stream */
int numBytesToRead = 0; /* numBytes to
read from the stream at a time */
unsigned char *dataBuffer = 0;
size_t numBytesRead = 0;/* num bytes read
from the stream */
unsigned char *decryptedText = NULL;
unsigned int decryptedTextLen = 0;
unsigned int isLastBlock = 0;
int blockNum = 0;
if ((err = getUnWrappedPrivateKey(decryptionParams->key,
&(decryptionParams-
>keyWrapParams),
&privateKey)) != CCS_Success)
{
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
"import of SymmetricKey failed with error code %d %s %d
\n",
err, __FILE__, __LINE__);
goto cleanup;
}
modulus_length = PK11_GetPrivateModulusLen(privateKey);
if ((dataBuffer = (unsigned char*)malloc(cipherTextLength *
sizeof(unsigned char))) ==
NULL) {
err = CCS_OutOfMemoryError;
goto cleanup;
}
if ((decryptedText = (unsigned char*)malloc(modulus_length *
sizeof(unsigned
char))) == NULL) {
err = CCS_OutOfMemoryError;
goto cleanup;
}
/* Position the stream offset at 0 to start.*/
if ((err = CCS_Stream_Input_seek(cipherText,
offset,CCS_Stream_SeekBeg) )
!= CCS_Success) {
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
" CCS_Stream_Input_seek() call failed with error
code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
while (!isLastBlock) {
/* Read data in blocks of modulus_length */
numBytesToRead = (cipherTextLength > modulus_length) ?
modulus_length :
cipherTextLength;
if ((err = CCS_Stream_Input_readBytes(cipherText, (unsigned
int) numBytesToRead,
&numBytesRead,
dataBuffer)) != CCS_Success) {
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
" CCS_Stream_Input_readBytes() call failed
with error code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
cipherTextLength -= numBytesRead;
if ((numBytesRead < modulus_length) || (cipherTextLength ==
0)) {
isLastBlock = 1;
}
//initialize it all to zero so that if the text encrypted is
less that the max, there is no leftover
decryptedText[0] = '\0' ;
if ((err = PK11_PrivDecryptPKCS1(privateKey, decryptedText,
plainTextLength,
modulus_length, dataBuffer + (modulus_length * blockNum),
modulus_length)) != SECSuccess ) {
err = PR_GetError();
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
"PK11_PubEncryptRaw() call failed with error
code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
blockNum ++;
if ((err =
CCS_Stream_Output_writeBytes(plainText,decryptedText, 0,
numBytesRead,
plainTextLength)) !=
SECSuccess ) {
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
"CCS_Stream_Output_writeBytes() call failed
with error code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
}
cleanup:
if (dataBuffer)
free(dataBuffer);
if (decryptedText)
//free(decryptedText);
if (privateKey)
//SECKEY_DestroyPrivateKey(privateKey);
return err;
}
signed int AsymmetricEncrypt(CCS_Context *ccsContext,
CCS_CryptParameters
*encryptionParams,
CCS_Stream_Input *plainText,
unsigned int plainTextLength,
CCS_Stream_Output *cipherText,
unsigned int *cipherTextLength) {
signed int err =
CCS_Success;
SECKEYPublicKey *pubKey = NULL;
int modulus_length = 0;
int offset = 0;/* seek position in the
stream */
int numBytesToRead = 0; /* numBytes to
read from the stream at a time */
unsigned char *dataBuffer = 0;
size_t numBytesRead = 0;/* num bytes read
from the stream */
unsigned char *encryptedText = NULL;
unsigned int encryptedTextLen = 0;
unsigned int isLastBlock = 0;
int blockNum = 0;
if ((err = importPublicKey(encryptionParams->key, &pubKey)) !=
CCS_Success) {
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
"import of SymmetricKey failed with error code %d
%s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
modulus_length = SECKEY_PublicKeyStrength(pubKey);
modulus_length -= 11;
if ((dataBuffer = (unsigned char*)malloc(plainTextLength *
sizeof(unsigned char))) ==
NULL) {
err = CCS_OutOfMemoryError;
goto cleanup;
}
if ((encryptedText = (unsigned char*)malloc(modulus_length *
sizeof(unsigned
char))) == NULL) {
err = CCS_OutOfMemoryError;
goto cleanup;
}
/* Position the stream offset at 0 to start.*/
if ((err = CCS_Stream_Input_seek(plainText,
offset,CCS_Stream_SeekBeg) )
!= CCS_Success) {
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
" CCS_Stream_Input_seek() call failed with error
code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
while (!isLastBlock) {
/* Read data in blocks of modulus_length */
numBytesToRead = (plainTextLength > modulus_length) ?
modulus_length :
plainTextLength;
if ((err = CCS_Stream_Input_readBytes(plainText, (unsigned
int) numBytesToRead,
&numBytesRead,
dataBuffer)) != CCS_Success) {
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
" CCS_Stream_Input_readBytes() call failed
with error code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
plainTextLength -= numBytesRead;
if ((numBytesRead < modulus_length) || (plainTextLength == 0))
{
isLastBlock = 1;
}
//initialize it all to zero so that if the text encrypted is
less that the max, there is no leftover
encryptedText[0] = '\0' ;
if ((err = PK11_PubEncryptPKCS1(pubKey, encryptedText,
dataBuffer,
modulus_length, NULL)) !=
SECSuccess ) {
err = PR_GetError();
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
"PK11_PubEncryptRaw() call failed with error
code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
blockNum ++;
if ((err =
CCS_Stream_Output_writeBytes(cipherText,encryptedText, 0,
modulus_length,
cipherTextLength)) !=
SECSuccess ) {
CCS_DebugOut(CCS_DEBUG_LEVEL_ERROR,
"CCS_Stream_Output_writeBytes() call failed
with error code %d %s %d\n",
err, __FILE__, __LINE__);
goto cleanup;
}
}
cleanup:
if (dataBuffer)
free(dataBuffer);
if (encryptedText)
//free(encryptedText);
if (pubKey)
// SECKEY_DestroyPublicKey(pubKey);
return err;
}
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
