Hi. First of all thanks for the answer.
Bob Relyea escribi�:
The flow looks good.
Since you know you are using the same key, and since you've decrypted several blocks without getting anything 'legible', you know the problem isn't in the IV (a bad IV would only destroy the first block on decryption), then the problem is likely in your implementation of the algorithm. The most likely guess is in the key schedule (RC2 doesn't use just a 40 bit key, it processes that
40 bit key in a well defined way to use more 'bits' in the actual algorithm). The reason for this is before NSS will use your module,
it tries to test your encryption mechanism. It will generate a random key, iv, and data and test that your module correctly implements the algorithm. RC2_CBC is one of the algorithms it checkes, but if check RC2_CBC with 128 bit key.
Well, as you say, NSS generate a 16 bytes RC2 key, and begins a cipher operation.
So my belief is the base RC2 implementation
you provide works, but you aren't expanding the 40 bit key correctly.
What do you refer when you say to expand the 40 bits correctly?, because the unwrapped key has 5 bytes, and the effective bits of the RC2 key are 40. Other times we could have a 80 bits key and only 40 of them were effectives, but now?.
Regards, Antonio.
You can fetch a copy of nss from *ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ *. There are several test directories in under mozilla/security/nss/cmd that you can use to check out your RC2 implementation.
bob
Antonio Andr�s wrote:
Hi everybody. I'm developing a pkcs11 module, and I'm having some problems when I try to decrypt a s/mime mail with thunderbird. My pkcs11 offer support for RC2 mechanism (I initialize the CK_RC2_CBC_PARAMS param correctly I think), but thunderbird don't show the message decrypted. The trace i obatain is:
C_UnwrapKey.
--> pMechanism: CKM_RSA_PKCS
--> hUnwrappingKey: 49398942,
--> ulWrappedKeyLen: 128
--> Wrapped key: <a5> <f3> <26>......(128 bytes)....<18>
--> Template unwrapped key:
-->Type = 0, Length = 4, Value = <4> <0> <0> <0> (Creating SecretKey) -->Type = 256, Length = 4, Value = <11> <0> <0> <0> (CKK_RC2)
-->Type = 261, Length = 1, Value = <1> (CKA_ENCRYPT)
--> Unwrapped key length: 5
--> Unwrapped key: <d3> <5f> <ff> <2d> <56>
--> Handle new object: 47028462
END C_UnWrapKey.
C_DecryptInit. --> pMechanism: CKM_RC2_CBC --> hKey: 47028462 --> IV Vector: <9c> <f7> <fb> <5e> <6a> <af> <eb> <f7> --> Effective key length: 40 END C_DecryptInit.
C_DecryptUpdate.
--> Input Data (24 bytes): <34> <a3> <31> <8d> <75> <68> <b4> <6> <10> <58> <43> <19> <a9> <5d> <0> <95> <8b> <b1> <8a> <1e> <3b> <83> <c5> <55>
--> Decrypted Data (24 bytes): <90> <8c> <7d> <6f> <aa> <f2> <c1> <a6> <d7> <67> <c1> <d6> <4> <6> <22> <1c> <df> <db> <ca> <b1> <96> <a6> <c2> <b8>
END C_DecryptUpdate.
.....
C_DecryptUpdate.
--> Input Data (8 bytes): <19> <53> <24> <8f> <9d> <45> <b3> <6f>
--> Decrypted Data (8 bytes): <5d> <1c> <37> <47> <fa> <a6> <db> <91>
END C_DecryptUpdate.
The content it decrypts doesn't seems legible data. However, if I dont offer the CKM_RC2_MECHANISM, thunderbird obtain the 5 bytes of the RC2 key (using the CKM_RSA_PKCS mechanism to decryp the key)and itself decrypts the message correctly but without take part my pkcs11.
Is there something I' having bad with RC2?.
Thanks in advance.
Regards, Antonio.
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
