Wan-Teh Chang wrote:
For questions like this, you can sometimes find the answers in the PKCS #11 standard.Searching for the string "CKM_AES_ECB" in PKCS #11 v2.20, I found Section 12.12.4 AES-ECB on page 270, and its Table 86 shows that for C_Encrypt, the input must be a multiple of block size. Contrast this with Table 88 in Section 12.12.6 AES-CBC with PKCS padding. I concluded that CKM_AES_ECB does not do padding. The caller is responsible for padding the input, if necessary, to multiples of block size.
Hmmm - I spent last weekend going through the PKCS #11 standard, which defines an API that seems different to the PK11_CipherOp and friends that I was seeing in the examples.
I found the best answer to your question in the block comment before PK11_GetPadMechanism: http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11mech.c#1666 1666 /* Determine appropriate blocking mechanism, used when wrapping private keys 1667 * which require PKCS padding. If the mechanism does not map to a padding 1668 * mechanism, we simply return the mechanism. 1669 */ 1670 CK_MECHANISM_TYPE 1671 PK11_GetPadMechanism(CK_MECHANISM_TYPE type) { So if the return value of PK11_GetPadMechanism equals the input, it means the input doesn't support padding. If the return value is different from the input, the return value is a variation of the input capable of supporting padding.
Ah ok - I have up till now being looking for comments and documentation within the header files rather than the code itself. Documentation does exist in the header files, although nothing that explains how different things relate to one another.
I think a big source of confusion is that everything is an OID, or everything is a mechanism, but not all OID or mechanisms are relevant for every situation, and this isn't clear from each function call.
For example, the PK11_CreatePBEV2AlgorithmID function contains a SECOidTag prfAlgTag parameter, but what this parameter was (the pseudo random function) I only discovered after tripping over it mentioned in a section of the PKCS5 spec that I was reading looking for something else.
I think it would help immensely if there were doxygen (or whatever other tool) comments in the header files to generate docs from automatically. This is typically the starting point for me when looking for information about a function that wasn't found in the man pages.
A design question: why do you want to use the ECB mode? In most applications, the ECB mode is less secure than the CBC mode.
Completeness I guess - xml-security's API allowed you to choose both CBC and ECB modes, so I was trying to emulate the same thing.
The only mechanism that I cannot find an oid for is CKM_DES3_ECB - do you know which SEC_OID_* macro I should be using?
The PK11_MechanismToAlgtag function for CKM_DES3_ECB returns SEC_OID_UNKNOWN.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
