Re: does anyone try to use AES_CBC ???

Fri, 22 Jul 2011 11:19:09 -0700 

On 7/22/2011 8:06 PM, Matej Kurpel wrote:

On 22. 7. 2011 18:36, Brian Smith wrote:

----- Original Message -----

From: "Matej Kurpel"<mkur...@gmail.com>

On 22 juil, 14:41, helpcrypto helpcrypto<helpcry...@gmail.com>
wrote:
at this time, i had just to make some test about the AES_CBC or
AES_ECB like time to encrypt, time to decrypt,how memory used, how
cpu used for just a simple operation . for tis kind of test
private key and IV will be set in the programm not given by
secure way.
Take a look at this code. I pieced this together by looking at lib/ssl/ssl3con.c. It is probably very similar to the code in cmd/digest. I have not tested it, compiled it, or even thought about it much. Also, I left out all the error handling to mislead you into thinking that your final code will be readable. 

     /* const SECItem * input; holds plaintext data
        SECItem * output; will hold encrypted data
        unsigned maxout; size of output->data buffer
      */

     output->data = NULL;
     output->len = 0;

     PK11SlotInfo *slot = PK11_GetInternalSlot();
     PK11Context *context = NULL;
     PK11Symkey * aesKey = NULL;
     SECItem *param = NULL;

     /* This is not the proper way to deal with key material
        in a real application. keyData is a pointer to a
        SECItem that holds the raw key, and ivData is a pointer
        to a SECItem that holds the IV. */
     aesKey =
         PK11_ImportSymKey(slot, CKM_AES_CBC,
                  PK11_OriginUnwrap, CKA_ENCRYPT,
              keyData, NULL);
     param = PK11_ParamFromIV(CKM_AES_CBC, iv);

     context = PK11_CreateContextBySymKey(CKM_AES_CBC,
    CKA_ENCRYPT, aesKey, param);

     PK11_CipherOp(context, output->data,&output->len,
                   maxout, input->data, input->len);

     PK11_DestroyContext(context, PR_TRUE);

     PK11_FreeSlot(slot);


OpenSSL is intended for this purpose, not NSS.

...

Cheers,
Brian

But NSS gets the key using PKCS#11 from a token. And you need to get 
it from a file directly (or a variable).

Check this method: 
http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsPKCS12Blob.cpp#135



You need to import it to the database or memory anyway; depends on how 
you init NSS 
(http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/nss/nssinit.c#720)

-hb-
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to