Hi Giuliano, > ... > I'm working on RFE (Bug/RFE ID: 6254183) and I've seen that is possible to > use the mechanism "CKM_BLOWFISH_CBC" that is present in "PKCS #11 v2.20: > Cryptographic Token Interface Standard.pdf". > Is possible use this metod for crypt/decrypt text, but I've some problem. > If I try to crypt/decrypt text that have size not multiple of dimension of > block, the execution stop. > Other mech in decrtpt(1) have the padding (CKM_AES_CBC_PAD, CKM_DES_CBC_PAD, > ... ). > I've write a "kind" of padding but can someone help me to know how can I do > that? >
The padding scheme to follow is defined in PKCS #7 (section 3.2). See ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-7.asc .... the method shall be to pad the input at the trailing end with k - (l mod k) octets all having value k - (l mod k), where l is the length of the input (k is the block size). In other words, the input is padded at the trailing end with one of the following strings: 01 -- if l mod k = k-1 02 02 -- if l mod k = k-2 . . . k k ... k k -- if l mod k = 0 The padding can be removed unambiguously since all input is padded and no padding string is a suffix of another. ... You can look at the pkcs11_softtoken routines - soft_add_pkcs7_padding() and soft_remove_pkcs7_padding() for example code. -Krishna
