[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

creating kek messages


I'm in the process of writing a CTIL to work with IBE
(Identity Based Encryption - http://crypto.stanford.edu/ibe/)

I've created a sm_ibeDLL, which is basicly a copy of the testDLL.
Only changes I have made are registering both aes as a content encryption
and a made up IBE OID, neither of which are actually implmented in the CTIL.
The IBE oid
is registered as a content encryption algo, key encryption algo and also as
the Localkey algo.
(The SFL appears to require it to be registered as a content algo for KEK,
but then does not use it as such ? )
Nothing else at all has been implemented in the CTIL, it's all just as in
the testDLL.

I've decided to use kek as a pose to key transport because key transport
seems to be tied closely in with certificates in the SFL and I will not be
using certs at all.

I've done a small bit of code to test out the encrypt and decrypt. Obviously
I don't expect anything to actually get encrypted/decrypted but I was
expecting it to create an EnvelopedData blob and then be able to 'read' this
in the CSM_MsgToDecrypt. It runs through Encrypt() fine, but when I create a
MsgToDecrypt with the EnvelopedData blob, it dies in
EnvelopedData::BDecContent with a ("SEQUENCE is missing non-optional elmt",

My code is pasted below. Am I doing something stupid, or perhaps do I need
to implement some more functionality in the CTIL before it will be able to
create the EnvelopedData properly ? I'd really appreciate any ideas or


(this is all in Windows 2000, visual c++ 6)

	CSM_AppLogin* login = new CSM_AppLogin();
	login->AddLogin("sm_ibedll","") ;

	char* test =	"Reply-To: <gavin@xxxxxxx>\
						From: \"Gavin O' Gorman\" <gavin@xxxxxxx>\
						To: <gavin@stinger>\
						Subject: test\
						Date: Tue, 1 Apr 2003 09:45:14 +0100\
						Message-ID: 						<PIEGLMFDLEPHELOCJAEAOEKNCHAA.gavin@xxxxxxx>\
						MIME-Version: 1.0\nContent-Type:
7bit\n\ntesty\n." ;

	CSM_Buffer* buffer = new CSM_Buffer(test, strlen(test)) ;
	CSM_MsgToEncrypt* encrypt = new CSM_MsgToEncrypt(buffer) ;

	SNACC::AsnOid oidContentEncryption(SNACC::id_aes128_CBC);
	SNACC::AsnOid oidIBE("");

	encrypt->SetContentEncryptOID(&oidContentEncryption) ;

	login->UseAll() ;
	login->UseAllEncryptors() ;

	encrypt->m_pRecipients = new CSM_RecipientInfoLst ;

	CSM_RecipientInfo *pRecipInfo;
	pRecipInfo = encrypt->m_pRecipients->Append();

	CSM_KEKDetails details ;
	details.m_UserEncryptionData = CSM_Buffer("blahblah", strlen("blahblah")) ;
	details.m_keyEncryptionAlgorithm = oidIBE ;
	details.m_RID = CSM_RecipientIdentifier() ;

	pRecipInfo->m_pCert = NULL ;
	pRecipInfo->m_pKEKDetails = &details ;
	encrypt->m_pMsgCrtCrls = NULL ;

	encrypt->SetIncludeOrigCertsFlag(false) ;
	encrypt->Encrypt(login) ;

	CSM_MsgToDecrypt* decrypt = new CSM_MsgToDecrypt(login, encrypt->
GetEncodedContentInfo()) ;