[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: creating kek messages

To: "Imc-Sfl" <imc-sfl@xxxxxxx>
Subject: RE: creating kek messages
From: "Gavin O' Gorman" <gavin.ogorman2@xxxxxxxxxxx>
Date: Tue, 1 Apr 2003 20:17:35 +0100
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/imc-sfl/mail-archive/>
List-id: <imc-sfl.imc.org>
List-unsubscribe: <mailto:imc-sfl-request@imc.org?body=unsubscribe>
Reply-to: <gavin.ogorman2@xxxxxxxxxxx>
Sender: owner-imc-sfl@xxxxxxxxxxxx

Bob,
Thanks for the rapid and comprehensive reply ! One or two more question
below

> A FEW NOTES OF INTEREST HERE:
>
> - AES may not work for KEK in the SMP R2.2 version; the AES Key Wrap
> implementation(RFC3394) was just written by me, but not in time for
> R2.2.  Unfortunately, the content encryption and key wrap algorithms
> must match, so this should fail.  I never tested this particular
> condition, so I suspect even if you get a good encode, it may still not
> work.  The algorithm check for a matching content encryption should be
> in the CTIL since the SFL libraries are not aware of algorithms, so you
> should be OK.  This condition will cause an exception, not a crash, so
> you should see an error message if you capture and print the exception.
>
>
> Bob Colestock


How do I go about creating an asn.1 dump of a blob ?

And also just to clear it up in my mind, as regards kek.
The content encryption algorithim should be the same as the
key encryption algo ? However, the SFL leaves it up to the CTIL
to check this, so I could get away with using a different encryption
algorithm to encrypt the content key (using kek )?

The encrypt method appears to be stepping through everything it
should (that I can see anyway), however there is one area that is a
bit odd. In CSM_DataToEncrypt::AddRecipient, when handling kek,
the code

pTmpIV = pInst->AccessTokenInterface()->SMTI_GenerateKeyWrapIV(lKekLength,
              &WrapAlg);
SME(pInst->AccessTokenInterface()->SMTI_GenerateKeyWrap(&bufMEK,
              &pRecip->m_bufEMEK, &contentEncryptParams,
              &pRecip->m_pKEKDetails->m_UserEncryptionData, pTmpIV));

doesn't actually run the SMTI methods from the sm_ibeDLL CTIL I've
created, it instead goes to CSM_TokenInterface and runs the code
there. Every where else it appears to find the sm_ibeDLL fine. Any
idea why that might be ?

Possibly this bit of code in CSM_DataToEncrypt::ProcessRecipients ?

pTmpInstCS = (CSM_CSInst *)pTmpInst->AccessTokenInterface()->AccessCSInst();

thanks,
Gav

References:
- RE: creating kek messages
  - From: Colestock, Robert

Prev by Date: RE: creating kek messages
Next by Date: RE: creating kek messages
Previous by thread: RE: creating kek messages
Next by thread: RE: creating kek messages
Index(es):
- Date
- Thread