On 22. 7. 2011 18:36, Brian Smith wrote:
----- Original Message -----
From: "Matej Kurpel"<mkur...@gmail.com>
On 22 juil, 14:41, helpcrypto helpcrypto<helpcry...@gmail.com>
wrote:
at this time, i had just to make some test about the AES_CBC or
AES_ECB like time to encrypt, time to decrypt,how memory used, how
cpu used for just a simple operation . for tis kind of test
private key and IV will be set in the programm not given by
secure way.
Take a look at this code. I pieced this together by looking at
lib/ssl/ssl3con.c. It is probably very similar to the code in cmd/digest. I
have not tested it, compiled it, or even thought about it much. Also, I left
out all the error handling to mislead you into thinking that your final code
will be readable.
/* const SECItem * input; holds plaintext data
SECItem * output; will hold encrypted data
unsigned maxout; size of output->data buffer
*/
output->data = NULL;
output->len = 0;
PK11SlotInfo *slot = PK11_GetInternalSlot();
PK11Context *context = NULL;
PK11Symkey * aesKey = NULL;
SECItem *param = NULL;
/* This is not the proper way to deal with key material
in a real application. keyData is a pointer to a
SECItem that holds the raw key, and ivData is a pointer
to a SECItem that holds the IV. */
aesKey =
PK11_ImportSymKey(slot, CKM_AES_CBC,
PK11_OriginUnwrap, CKA_ENCRYPT,
keyData, NULL);
param = PK11_ParamFromIV(CKM_AES_CBC, iv);
context = PK11_CreateContextBySymKey(CKM_AES_CBC,
CKA_ENCRYPT, aesKey, param);
PK11_CipherOp(context, output->data,&output->len,
maxout, input->data, input->len);
PK11_DestroyContext(context, PR_TRUE);
PK11_FreeSlot(slot);
OpenSSL is intended for this purpose, not NSS.
...
Cheers,
Brian
But NSS gets the key using PKCS#11 from a token. And you need to get it
from a file directly (or a variable).
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
