why nss has very little doc about usage of api
hi all: when i use nss to develop some cipher program(just for local, not internet), i.e. just perform miscellaneous cryptographic operations, the only reference i can use is the example code from MDC. when i want a detail parameter explanation, what i got is just this function's MXR source. I used google to search, but nothing useful got. can anyone give me some hints about more API doc? thanks in advance ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: why nss has very little doc about usage of api
Robert Relyea wrote: Ken wrote: 2008/11/5 Robert Relyea [EMAIL PROTECTED]: NZzi wrote: hi all: when i use nss to develop some cipher program(just for local, not internet), i.e. just perform miscellaneous cryptographic operations, the only reference i can use is the example code from MDC. when i want a detail parameter explanation, what i got is just this function's MXR source. I used google to search, but nothing useful got. can anyone give me some hints about more API doc? A good place to start is https://developer.mozilla.org/en/NSS On that page you will find links to our old documentation (still probably the most complete, though some of it is out of date) at http://www.mozilla.org/projects/security/pki/nss/#documentation It's not well organized, but much of it is there. thank you very much. I have read all the docs when using google to search nss api doc, but there is little helpful informations about API usage, for example, when i want to know how to use PK11_CipherOp(), what i got is just a mxr source code, without any api doc That's why that interface wasn't included in the LSB. That particular layer is the least documented part of NSS and definately needs work. Elio posted some examples, and I'd be happy to answer specific questions. The pk11pub header file is also somewhat helpful, though not a replacement for good documentation. thank all of you very much. yes, before posting question to the list, i have read the examples that Elio gave, and develop my program under the guide of examples. Because LSB 4.0 Beta has select NSS(not openssl) as cryptography lib standard, so i think mozilla should have some API docs, so i post the question to the list. anyway, after Robert and Elio's guide, i know what i should do, thanks bob ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
how to decrypt with pubkey without pkcs1 padding things
hi all: I want to use private key to encrypt a message, and decrypt with public key. i know there is PK11_PubDecryptRaw, PK11_PubEncrptRaw, but all these don't do padding things(PKCS1) for me. and SGN_*(), VFY_*(), PK11_Verify*() give me the digest message, not plaint message i want. i find PK11_PubEncryptPKCS1() in mailing list discussion, which seems to do the padding. But i want to use private key to encrypt, not public key. And what's more, there are not any doc or example codes to show PK11_PubEncryptPKCS1() usage can anyone give me some examples or hints? thanks in advance ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: how to decrypt with pubkey without pkcs1 padding things
NZzi wrote: hi all: I want to use private key to encrypt a message, and decrypt with public key. i know there is PK11_PubDecryptRaw, PK11_PubEncrptRaw, but all these don't do padding things(PKCS1) for me. and SGN_*(), VFY_*(), PK11_Verify*() give me the digest message, not plaint message i want. i find PK11_PubEncryptPKCS1() in mailing list discussion, which seems to do the padding. But i want to use private key to encrypt, not public key. And what's more, there are not any doc or example codes to show PK11_PubEncryptPKCS1() usage because i use PK11_PubEncryptPKCS1() in my code guessing howto use, but i got 8192 error(PR_GetError()), i lookup the error code: An I/O error occurred during authentication; or an error occurred during crypto operation (other than signature verification). all the description is senseless for me can anyone give me some examples or hints? thanks in advance ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: how to decrypt with pubkey without pkcs1 padding things
NZzi wrote: NZzi wrote: hi all: I want to use private key to encrypt a message, and decrypt with public key. i know there is PK11_PubDecryptRaw, PK11_PubEncrptRaw, but all these don't do padding things(PKCS1) for me. and SGN_*(), VFY_*(), PK11_Verify*() give me the digest message, not plaint message i want. i find PK11_PubEncryptPKCS1() in mailing list discussion, which seems to do the padding. But i want to use private key to encrypt, not public key. And what's more, there are not any doc or example codes to show PK11_PubEncryptPKCS1() usage because i use PK11_PubEncryptPKCS1() in my code guessing howto use, but i got 8192 error(PR_GetError()), i lookup the error code: An I/O error occurred during authentication; or an error occurred during crypto operation (other than signature verification). all the description is senseless for me following is my code: modulus_len = modulus_len = SECKEY_PublicKeyStrength(lf_sec-pubkey); char *data_buf = calloc(...modulus_len); char *enbuf = calloc(...,modulus_len); PK11_PubEncryptPKCS1(lf_sec-pubkey,enbuf,tmpbuf,modulus_len,NULL); ... use the same parameters for PK11_PubEncryptRaw() will work well can anyone give me some examples or hints? thanks in advance ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: how to decrypt with pubkey without pkcs1 padding things
Robert Relyea wrote: NZzi wrote: hi all: I want to use private key to encrypt a message, and decrypt with public key. Are you encrypting data or a symmetric Key? Most of the nss code that does these operations does so on actual symetric keys (which are then used to do additional encryption/decryption/macing). In that case they are using the PK11_PubWrapSymKey() and PK11_PubUnwrapSymKey(). bob i find PK11_PubEncryptPKCS1() in mailing list discussion, which seems to do the padding. But i want to use private key to encrypt, not public key. And what's more, there are not any doc or example codes to show PK11_PubEncryptPKCS1() usage OK, so here's a question, what is it you are trying to do? Encrypting with the private key is really called 'Signing'. The equivalent function is PK11_Sign. If you are doing key distribution, or you are trying to pass secret data to someone else you want to encrypt with the public key, so only the person with the private key can decrypt it. Encrypting with the private key, in this case, will allow anyone to read the result by 'decrypting' with the public key. In the sign case, you don't care about secrecy, you want to 'prove' you hold the private key. In that case you 'encrypt' data with that private key. I know you have the private key because I get the correct data back when I 'decrypt' with the public key. This recovery process is a verification, so it's called PK11_Verify, except you are looking for the actual data to recover, not to verify that the data matches. This operation is *VERY* RSA specific. No other signing/verification method uses it. In that case you need to call the special function PK11_VerifyRecover. These names match their PKCS #11 equivalents in the PKCS #11 spec. An important note about this. NSS allows this. There are cases where you do need to use PK11_VerifyRecover rather than PK11_Verify, or more specificially, the high level SGN_ and VFY_ functions. HOWEVER, there should be warning signs in your head if you have to resort to these cases. First, you will likely be generating signatures that no one else will be able to validate (All toolkits know how to deal with an RSA signature with PKCS #1 padding *AND* properly ASN1 wrapped digests - even better wrapped as an ASN1 signing wrapper). Second, you are tying your application strongly to RSA. The world of crypto is littered with the dead bodies of once strong algorithms which have fallen to the increasingly sophisticated attacks of the cryptanalyst. RSA is still strong today (albeit weaker than when I first started working in crypto), but that may not stay forever. Tying yourself to a specific algorithm is not a good idea. All that being said the mapping of high level/crypto operation names to low level RSA operations is as follows: Encrypt with public Key (PKCS #1 padding): PK11_PubEncryptPKCS1() Decrypt with private Key (PKCS #1 padding): PK11_PrivDecryptPKCS1() Encrypt with private Key (PKCS #1 padding): PK11_Sign() (use mechanism CKM_RSA_PKCS1) Decrypt with public Key (PKCS #1 padding): PK11_VerifyRecover() (use mechanism CKM_RSA_PKCS1) I'm sorry for my nonsense words, i'm mad about using nss in my code last night. I just want to use private key to encrypt a message(key modulus len), and recover/decrypt the message using public key, without caring about anything about padding PKCS#1/PKCS#11. I only know little about cryptography. following is my test code: #define BASE64_ENCODED_SUBJECTPUBLICKEYINFO MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL3F6TIc3JEYsugo+a2fPU3W+Epv/FeIX21DC86WYnpFtW4srFtz2oNUzyLUzDHZdb+k//8dcT3IAOzUUi3R2eMCAwEAAQ== #define BASE64_ENCODED_PRIVATEKEYINFO MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvcXpMhzckRiy6Cj5rZ89Tdb4Sm/8V4hfbUMLzpZiekW1biysW3Pag1TPItTMMdl1v6T//x1xPcgA7NRSLdHZ4wIDAQABAkEAjh8+4qncwcmGivnM6ytbpQT+k/jEOeXG2bQhjojvnXN3FazGCEFXvpuIBcJVfaIJS9YBCMOzzrAtO0+k2hWnOQIhAOC4NVbo8FQhZS4yXM1M86kMl47FA9ui//OUfbhlAdw1AiEA2DBmIXnsboKB+OHver69p0gNeWlvcJc9bjDVfdLVsLcCIQCPtV3vGYJv2vdwxqZQaHC+YB4gIGAqOqBCbmjD3lyFLQIgA+VTYdUNoqwtZWvE4gRf7IzK2V5CCNhg3gR5RGwxN58CIGCcafoRrUKsM66ISg0ITI04G9V/w+wMx91wjEEB+QBz rv = NSS_NoDB_Init(.); slot = PK11_GetInternalKeySlot(); ATOB_ConvertAsciiToItem(der, pubkstr) spki = SECKEY_DecodeDERSubjectPublicKeyInfo(der); SECITEM_FreeItem(der, PR_FALSE); pubkey = SECKEY_ExtractPublicKey(spki); char *pvtkstr = BASE64_ENCODED_PRIVATEKEYINFO; SECItem nickname, pvt_der; nickname.type = siBuffer; nickname.data = pvtkeynickname; nickname.len = strlen(pvtkeynickname); ATOB_ConvertAsciiToItem(pvt_der, pvtkstr) PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, pvt_der, NULL, NULL, PR_FALSE, PR_TRUE, KU_ALL, pvtkey, NULL); SECItem encdata; encdata.len = PK11_SignatureLen(pvtkey); encdata.data = (char *)calloc(encdata.len, sizeof(char)); SECItem plain_data; char testdata[1024]; int i; for(i=0;iTESTLEN;i++) testdata[i] = 'a'; plain_data.len = TESTLEN; plain_data.data = testdata
Re: how to decrypt with pubkey without pkcs1 padding things
NZzi wrote: Robert Relyea wrote: NZzi wrote: hi all: I want to use private key to encrypt a message, and decrypt with public key. Are you encrypting data or a symmetric Key? Most of the nss code that does these operations does so on actual symetric keys (which are then used to do additional encryption/decryption/macing). In that case they are using the PK11_PubWrapSymKey() and PK11_PubUnwrapSymKey(). bob i find PK11_PubEncryptPKCS1() in mailing list discussion, which seems to do the padding. But i want to use private key to encrypt, not public key. And what's more, there are not any doc or example codes to show PK11_PubEncryptPKCS1() usage OK, so here's a question, what is it you are trying to do? Encrypting with the private key is really called 'Signing'. The equivalent function is PK11_Sign. If you are doing key distribution, or you are trying to pass secret data to someone else you want to encrypt with the public key, so only the person with the private key can decrypt it. Encrypting with the private key, in this case, will allow anyone to read the result by 'decrypting' with the public key. In the sign case, you don't care about secrecy, you want to 'prove' you hold the private key. In that case you 'encrypt' data with that private key. I know you have the private key because I get the correct data back when I 'decrypt' with the public key. This recovery process is a verification, so it's called PK11_Verify, except you are looking for the actual data to recover, not to verify that the data matches. This operation is *VERY* RSA specific. No other signing/verification method uses it. In that case you need to call the special function PK11_VerifyRecover. These names match their PKCS #11 equivalents in the PKCS #11 spec. An important note about this. NSS allows this. There are cases where you do need to use PK11_VerifyRecover rather than PK11_Verify, or more specificially, the high level SGN_ and VFY_ functions. HOWEVER, there should be warning signs in your head if you have to resort to these cases. First, you will likely be generating signatures that no one else will be able to validate (All toolkits know how to deal with an RSA signature with PKCS #1 padding *AND* properly ASN1 wrapped digests - even better wrapped as an ASN1 signing wrapper). Second, you are tying your application strongly to RSA. The world of crypto is littered with the dead bodies of once strong algorithms which have fallen to the increasingly sophisticated attacks of the cryptanalyst. RSA is still strong today (albeit weaker than when I first started working in crypto), but that may not stay forever. Tying yourself to a specific algorithm is not a good idea. All that being said the mapping of high level/crypto operation names to low level RSA operations is as follows: Encrypt with public Key (PKCS #1 padding): PK11_PubEncryptPKCS1() Decrypt with private Key (PKCS #1 padding): PK11_PrivDecryptPKCS1() Encrypt with private Key (PKCS #1 padding): PK11_Sign() (use mechanism CKM_RSA_PKCS1) Decrypt with public Key (PKCS #1 padding): PK11_VerifyRecover() (use mechanism CKM_RSA_PKCS1) I'm sorry for my nonsense words, i'm mad about using nss in my code last night. I just want to use private key to encrypt a message(key modulus len), and recover/decrypt the message using public key, without caring about anything about padding PKCS#1/PKCS#11. I only know little about cryptography. following is my test code: #define BASE64_ENCODED_SUBJECTPUBLICKEYINFO MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL3F6TIc3JEYsugo+a2fPU3W+Epv/FeIX21DC86WYnpFtW4srFtz2oNUzyLUzDHZdb+k//8dcT3IAOzUUi3R2eMCAwEAAQ== #define BASE64_ENCODED_PRIVATEKEYINFO MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvcXpMhzckRiy6Cj5rZ89Tdb4Sm/8V4hfbUMLzpZiekW1biysW3Pag1TPItTMMdl1v6T//x1xPcgA7NRSLdHZ4wIDAQABAkEAjh8+4qncwcmGivnM6ytbpQT+k/jEOeXG2bQhjojvnXN3FazGCEFXvpuIBcJVfaIJS9YBCMOzzrAtO0+k2hWnOQIhAOC4NVbo8FQhZS4yXM1M86kMl47FA9ui//OUfbhlAdw1AiEA2DBmIXnsboKB+OHver69p0gNeWlvcJc9bjDVfdLVsLcCIQCPtV3vGYJv2vdwxqZQaHC+YB4gIGAqOqBCbmjD3lyFLQIgA+VTYdUNoqwtZWvE4gRf7IzK2V5CCNhg3gR5RGwxN58CIGCcafoRrUKsM66ISg0ITI04G9V/w+wMx91wjEEB+QBz rv = NSS_NoDB_Init(.); slot = PK11_GetInternalKeySlot(); ATOB_ConvertAsciiToItem(der, pubkstr) spki = SECKEY_DecodeDERSubjectPublicKeyInfo(der); SECITEM_FreeItem(der, PR_FALSE); pubkey = SECKEY_ExtractPublicKey(spki); char *pvtkstr = BASE64_ENCODED_PRIVATEKEYINFO; SECItem nickname, pvt_der; nickname.type = siBuffer; nickname.data = pvtkeynickname; nickname.len = strlen(pvtkeynickname); ATOB_ConvertAsciiToItem(pvt_der, pvtkstr) PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, pvt_der, NULL, NULL, PR_FALSE, PR_TRUE, KU_ALL, pvtkey, NULL); SECItem encdata; encdata.len = PK11_SignatureLen(pvtkey); encdata.data = (char *)calloc(encdata.len, sizeof(char)); SECItem plain_data; char testdata[1024]; int i; for(i=0;iTESTLEN;i++) testdata[i] = 'a'; plain_data.len = TESTLEN; plain_data.data = testdata
Re: how to decrypt with pubkey without pkcs1 padding things
NZzi wrote: NZzi wrote: Robert Relyea wrote: NZzi wrote: hi all: I want to use private key to encrypt a message, and decrypt with public key. Are you encrypting data or a symmetric Key? Most of the nss code that does these operations does so on actual symetric keys (which are then used to do additional encryption/decryption/macing). In that case they are using the PK11_PubWrapSymKey() and PK11_PubUnwrapSymKey(). bob i find PK11_PubEncryptPKCS1() in mailing list discussion, which seems to do the padding. But i want to use private key to encrypt, not public key. And what's more, there are not any doc or example codes to show PK11_PubEncryptPKCS1() usage OK, so here's a question, what is it you are trying to do? Encrypting with the private key is really called 'Signing'. The equivalent function is PK11_Sign. If you are doing key distribution, or you are trying to pass secret data to someone else you want to encrypt with the public key, so only the person with the private key can decrypt it. Encrypting with the private key, in this case, will allow anyone to read the result by 'decrypting' with the public key. In the sign case, you don't care about secrecy, you want to 'prove' you hold the private key. In that case you 'encrypt' data with that private key. I know you have the private key because I get the correct data back when I 'decrypt' with the public key. This recovery process is a verification, so it's called PK11_Verify, except you are looking for the actual data to recover, not to verify that the data matches. This operation is *VERY* RSA specific. No other signing/verification method uses it. In that case you need to call the special function PK11_VerifyRecover. These names match their PKCS #11 equivalents in the PKCS #11 spec. An important note about this. NSS allows this. There are cases where you do need to use PK11_VerifyRecover rather than PK11_Verify, or more specificially, the high level SGN_ and VFY_ functions. HOWEVER, there should be warning signs in your head if you have to resort to these cases. First, you will likely be generating signatures that no one else will be able to validate (All toolkits know how to deal with an RSA signature with PKCS #1 padding *AND* properly ASN1 wrapped digests - even better wrapped as an ASN1 signing wrapper). Second, you are tying your application strongly to RSA. The world of crypto is littered with the dead bodies of once strong algorithms which have fallen to the increasingly sophisticated attacks of the cryptanalyst. RSA is still strong today (albeit weaker than when I first started working in crypto), but that may not stay forever. Tying yourself to a specific algorithm is not a good idea. All that being said the mapping of high level/crypto operation names to low level RSA operations is as follows: Encrypt with public Key (PKCS #1 padding): PK11_PubEncryptPKCS1() Decrypt with private Key (PKCS #1 padding): PK11_PrivDecryptPKCS1() Encrypt with private Key (PKCS #1 padding): PK11_Sign() (use mechanism CKM_RSA_PKCS1) Decrypt with public Key (PKCS #1 padding): PK11_VerifyRecover() (use mechanism CKM_RSA_PKCS1) I'm sorry for my nonsense words, i'm mad about using nss in my code last night. I just want to use private key to encrypt a message(key modulus len), and recover/decrypt the message using public key, without caring about anything about padding PKCS#1/PKCS#11. I only know little about cryptography. following is my test code: #define BASE64_ENCODED_SUBJECTPUBLICKEYINFO MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL3F6TIc3JEYsugo+a2fPU3W+Epv/FeIX21DC86WYnpFtW4srFtz2oNUzyLUzDHZdb+k//8dcT3IAOzUUi3R2eMCAwEAAQ== #define BASE64_ENCODED_PRIVATEKEYINFO MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvcXpMhzckRiy6Cj5rZ89Tdb4Sm/8V4hfbUMLzpZiekW1biysW3Pag1TPItTMMdl1v6T//x1xPcgA7NRSLdHZ4wIDAQABAkEAjh8+4qncwcmGivnM6ytbpQT+k/jEOeXG2bQhjojvnXN3FazGCEFXvpuIBcJVfaIJS9YBCMOzzrAtO0+k2hWnOQIhAOC4NVbo8FQhZS4yXM1M86kMl47FA9ui//OUfbhlAdw1AiEA2DBmIXnsboKB+OHver69p0gNeWlvcJc9bjDVfdLVsLcCIQCPtV3vGYJv2vdwxqZQaHC+YB4gIGAqOqBCbmjD3lyFLQIgA+VTYdUNoqwtZWvE4gRf7IzK2V5CCNhg3gR5RGwxN58CIGCcafoRrUKsM66ISg0ITI04G9V/w+wMx91wjEEB+QBz rv = NSS_NoDB_Init(.); slot = PK11_GetInternalKeySlot(); ATOB_ConvertAsciiToItem(der, pubkstr) spki = SECKEY_DecodeDERSubjectPublicKeyInfo(der); SECITEM_FreeItem(der, PR_FALSE); pubkey = SECKEY_ExtractPublicKey(spki); char *pvtkstr = BASE64_ENCODED_PRIVATEKEYINFO; SECItem nickname, pvt_der; nickname.type = siBuffer; nickname.data = pvtkeynickname; nickname.len = strlen(pvtkeynickname); ATOB_ConvertAsciiToItem(pvt_der, pvtkstr) PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, pvt_der, NULL, NULL, PR_FALSE, PR_TRUE, KU_ALL, pvtkey, NULL); SECItem encdata; encdata.len = PK11_SignatureLen(pvtkey); encdata.data = (char *)calloc(encdata.len, sizeof(char)); SECItem plain_data; char testdata[1024]; int i; for(i=0;iTESTLEN;i++) testdata[i] = 'a'; plain_data.len = TESTLEN; plain_data.data
Re: how to decrypt with pubkey without pkcs1 padding things
Robert Relyea wrote: Ken wrote: 2008/11/15 Robert Relyea [EMAIL PROTECTED]: NZzi wrote: Robert Relyea wrote: NZzi wrote: hi all: I want to use private key to encrypt a message, and decrypt with public key. Are you encrypting data or a symmetric Key? Most of the nss code that does these operations does so on actual symetric keys (which are then used to do additional encryption/decryption/macing). In that case they are using the PK11_PubWrapSymKey() and PK11_PubUnwrapSymKey(). If i use symmetric key to encrypt a license and use private key to encrypt the symmetric key, other people can have my public key. Yeah, it's an unfortunate name. The Pub in PubWrapSymKey means 'Public Key Cryptography not PublicKey. It's really the private key. It was written before we started standardizing on separating Public and Private in the function name. but i must guarantee the integrity of license and forbid it from regenerating or modifying. No matter what key(public or private) is used to wrap the symkey, if someone hack the program to get the unwrapped symkey(e.g. from memory), he can modify and regenerate the license to pass the validation. So i just want to use private key to encrypt the license, decrypt and validate it using public key. OK, so you are doing a signing operation, not an key exchange or encryption. (the symetric key only applies to the decryption issue). In doing crypto, it's important to understand what your high level goal before you can apply the appropriate primitives. In this case it sounds like you aren't really making data unreadable, you are simply making sure the data is the correct data (that is the license is valid). The reason I don't use SGN_*() is I need recover the content of license. I tried the PK11_VerifyRecover(), but got 8192 error, So I'm not sure PK11_VerifyRecover() can recover the content of license signature, signed by PK11_Sign(private_key,...)? Typically you include the data you are signing in the clear along with the signature. The license content can't be a secret, or your scheme is broken (anyone can get it if you 'encrypt' it with your private key). If you just use the RSA encrypt, you are definitely tying yourself to RSA (no possibility of using some other signing algorithm, which requires you to possess knowledge of what it is you are trying to sign before you actually verify). If you are trying to match some existing system, then you are pretty much stuck with RSA anyway, but if you are building this on your own, then consider including the data outside the signature. You'll thank me later;). That being send, PK11_VerifyRecover should work. The most likely reasons for it not working include: 1) the public key you decrypt with doesn't math the private key you encrypted with, 2) the signed data is corrupted in some way. What does your code sample look like? yeah, in order to get the real reason of the problem, i had to compile NSS from source and debug my program with NSS code, then i found why i got 8192 error. It's because the length thing of data and signed data. I think Chang's current work on doc is great, a detailed Docs about NSS API(each level, including PKCS#11, Crypto Wrapper, and etc) will help people like me(know the basic cryptography knowledge, but not good at it) a lot. anyway, thanks very much bob ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: how to decrypt with pubkey without pkcs1 padding things
Wan-Teh Chang wrote: On Thu, Nov 20, 2008 at 9:32 PM, NZzi [EMAIL PROTECTED] wrote: yeah, in order to get the real reason of the problem, i had to compile NSS from source and debug my program with NSS code, then i found why i got 8192 error. It's because the length thing of data and signed data. I'm sorry that you had to go through this trouble. I have just checked in three patches that should improve the error reporting of our PK11_ crypto functions. Since you had done the work of compiling NSS from source, you can help me verify if my patches would have helped in your situation, in two ways. 1. In your current NSS source tree, please let me know where in the source code (source file and line number) it failed due to the length of data and signed data. With this info, I can tell if my patches will propagate that error up to the PK11_ function. Or 2. Build the tip of the NSS source tree, and see if you get a better NSS error code than -8192 (SEC_ERROR_IO) now. Hopefully you'll get SEC_ERROR_INPUT_LEN (-8188) or SEC_ERROR_OUTPUT_LEN (-8189) instead. You can check out the tip of the NSS source tree as follows: export CVSROOT=:pserver:[EMAIL PROTECTED]:/cvsroot cvs -q co -A NSPR NSS I think Chang's current work on doc is great, a detailed Docs about NSS API(each level, including PKCS#11, Crypto Wrapper, and etc) will help people like me(know the basic cryptography knowledge, but not good at it) a lot. Documentation is important, but informative error codes are also important. This is why I hope you can help me verify my patches would have helped you. Ok, no problem, it's my pleasure. But can you give me some days, because my project is close to release dead line(at the end of this month), so this test can only be done at this weekend or next monday. I'm terribly sorry for this :( BTW, the source i use is NSS_3_12_RTM tag, i think your patch wasn't merge in this tag, right? Thanks! Wan-Teh ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Memory leaks in even trivial use of nss?
Nelson B Bolyard wrote:
DanKegel wrote, On 2009-03-15 11:50:
I'm looking at memory leaks, starting with the simple test program
#include ssl.h
#include stdio.h
int main()
{
NSS_NoDB_Init();
NSS_Shutdown();
For leak testing, there's one more important call to be placed here.
PR_Cleanup();
i call this function after NSS_Shutdown(), then whole program
hang at the call, and not quit for a long time, finally, i ctrl-c
}
NSPR in implicitly initialized but must be explicitly shutdown to
ensure no leaks.
Also, when doing leak testing, you will not get accurate leak stacks
from the various leak tools unless your test programs run with the
environment variable
NSS_DISABLE_ARENA_FREE_LIST=1
This is because NSS and NSPR have an allocator that recycles allocated
memory on a free list. These get allocated and freed many times in NSS
but most of those times, the free actually just puts it on a free list
rather than actually freeing back to the heap. Consequently, if such a
block actually is leaked by some block of code that got it from the free
list, the allocation stack captured by malloc will be for the first block
of code that allocated it from the heap, (which may well have not leaked
it), rather than showing the block of code that actually allocated the
leaked block from the free list and then leaked it. So, to get accurate
leak stacks, it is necessary to disable this free list, causing all frees to
actually free back to the heap.
NSS clears the free list during shutdown, so the free list won't create
any new leaks, but it does cause the reported leak stacks to be wrong.
This shows two leaks right now, but should show none, right?
What versions of NSS and NSPR are you using? Also, if you're using a
version that is part of a Linux distro, which Linux distro does it
come from?
Sadly, some of the Linux distros really change NSS, so we can only accept
reports about leaks if they are found using Mozilla's NSS, or an NSS built
from Mozilla's sources.
i also have some leaks in using NSS, which is from F10(updates)
(nss-3.12.2.0-4.fc10.i386)
i use valgrind to get following memory leak reports, after
NSS_ShutDown() called:
==21093== 6 bytes in 1 blocks are still reachable in loss record 1 of 6
==21093==at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==21093==by 0x3D7C959: (within /lib/libnspr4.so)
==21093==by 0x3D830D4: (within /lib/libnspr4.so)
==21093==by 0x3D8C9A4: PR_NewLock (in /lib/libnspr4.so)
==21093==by 0x7F0048C: (within /lib/libnss3.so)
==21093==by 0x7EBD7EB: (within /lib/libnss3.so)
==21093==by 0x7EBE051: NSS_NoDB_Init (in /lib/libnss3.so)
==21093== 55 bytes in 11 blocks are still reachable in loss record 3 of 6
==21093==at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==21093==by 0x51D0EF: strdup (in /lib/libc-2.9.so)
==21093==by 0x3D77A46: PR_NewLogModule (in /lib/libnspr4.so)
==21093==by 0x3D82F71: (within /lib/libnspr4.so)
==21093==by 0x3D8C9A4: PR_NewLock (in /lib/libnspr4.so)
==21093==by 0x7F0048C: (within /lib/libnss3.so)
==21093==by 0x7EBD7EB: (within /lib/libnss3.so)
==21093==by 0x7EBE051: NSS_NoDB_Init (in /lib/libnss3.so)
==21093== 4,024 bytes in 54 blocks are still reachable in loss record 5 of 6
==21093==at 0x4004BA2: calloc (vg_replace_malloc.c:397)
==21093==by 0x3D7D039: PR_Calloc (in /lib/libnspr4.so)
==21093==by 0x3D77A38: PR_NewLogModule (in /lib/libnspr4.so)
==21093==by 0x3D82F71: (within /lib/libnspr4.so)
==21093==by 0x3D8C9A4: PR_NewLock (in /lib/libnspr4.so)
==21093==by 0x7F0048C: (within /lib/libnss3.so)
==21093==by 0x7EBD7EB: (within /lib/libnss3.so)
==21093==by 0x7EBE051: NSS_NoDB_Init (in /lib/libnss3.so)
==21093== 5,563 bytes in 16 blocks are still reachable in loss record 6 of 6
==21093==at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==21093==by 0x3D7CDC7: PR_Malloc (in /lib/libnspr4.so)
==21093==by 0x3D8C0B2: PR_NewCondVar (in /lib/libnspr4.so)
==21093==by 0x3D92E3D: (within /lib/libnspr4.so)
==21093==by 0x3D830A6: (within /lib/libnspr4.so)
==21093==by 0x3D8C9A4: PR_NewLock (in /lib/libnspr4.so)
==21093==by 0x7F0048C: (within /lib/libnss3.so)
==21093==by 0x7EBD7EB: (within /lib/libnss3.so)
==21093==by 0x7EBE051: NSS_NoDB_Init (in /lib/libnss3.so)
==14612== 12 bytes in 1 blocks are definitely lost in loss record 2 of 7
==14612==at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==14612==by 0x3D7CDC7: PR_Malloc (in /lib/libnspr4.so)
==14612==by 0x7E9E677: PORT_Alloc_Util (in /lib/libnssutil3.so)
==14612==by 0x7E9B21C: (within /lib/libnssutil3.so)
==14612==by 0x7E9C880: SEC_ASN1EncodeItem_Util (in /lib/libnssutil3.so)
==14612==by 0x450A2D8: ???
==14612==by 0x450A7E8: ???
==14612==by 0x450B547: ???
==14612==by 0x44EE28F: ???
==14612==by 0x7ED68A8: PK11_InitPin (in /lib/libnss3.so)
==14612==by 0x8049868: main (rsakey_gen.c:61)
==14612== 19 bytes in 1
