----- Original Message -----
From: "Matej Kurpel"<mkur...@gmail.com>
On 22 juil, 14:41, helpcrypto helpcrypto<helpcry...@gmail.com>
wrote:
at this time, i had just to make some test about the AES_CBC or
AES_ECB like time to encrypt, time to decrypt,how memory used, how
cpu used for just a simple operation . for tis kind of test
private key and IV will be set in the programm not given by
secure way.
Take a look at this code. I pieced this together by looking at
lib/ssl/ssl3con.c. It is probably very similar to the code in
cmd/digest. I have not tested it, compiled it, or even thought about
it much. Also, I left out all the error handling to mislead you into
thinking that your final code will be readable.
/* const SECItem * input; holds plaintext data
SECItem * output; will hold encrypted data
unsigned maxout; size of output->data buffer
*/
output->data = NULL;
output->len = 0;
PK11SlotInfo *slot = PK11_GetInternalSlot();
PK11Context *context = NULL;
PK11Symkey * aesKey = NULL;
SECItem *param = NULL;
/* This is not the proper way to deal with key material
in a real application. keyData is a pointer to a
SECItem that holds the raw key, and ivData is a pointer
to a SECItem that holds the IV. */
aesKey =
PK11_ImportSymKey(slot, CKM_AES_CBC,
PK11_OriginUnwrap, CKA_ENCRYPT,
keyData, NULL);
param = PK11_ParamFromIV(CKM_AES_CBC, iv);
context = PK11_CreateContextBySymKey(CKM_AES_CBC,
CKA_ENCRYPT, aesKey, param);
PK11_CipherOp(context, output->data,&output->len,
maxout, input->data, input->len);
PK11_DestroyContext(context, PR_TRUE);
PK11_FreeSlot(slot);
OpenSSL is intended for this purpose, not NSS.
...
Cheers,
Brian
