Re: Converting BIO* to PKCS7*

2012-09-18 Thread Mohammad khodaei 
Thanks for the response. The encryption is also done by me. I have generated 
the cipher text as below:

    in = BIO_new_mem_buf(pchContent, iPriKeyLen);
    if (!in) {
        return 0;
    }


    /* encrypt content */
    p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
    if (!p7) {
        return 0;
    }


    char* chEnc = new char[1000];
    BIO* memorybio = BIO_new(BIO_s_mem());
    BIO* base64bio = BIO_new(BIO_f_base64());
    BIO* outbio = BIO_push(base64bio, memorybio);


    long ll = i2d_PKCS7_bio(outbio, p7);
    BIO_flush(outbio);
    BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
    int iLength = BIO_get_mem_data(memorybio, chEnc);

The encrypted value is generated like this:

MIGkBgkqhkiG9w0BBwOggZYwgZMCAQAxfDB6AgEAMGQwVzELMAkGA1UEBhMCVUsx
EjAQBgNVBAcTCVRlc3QgQ2l0eTEWMBQGA1UEChMNT3BlblNTTCBHcm91cDEcMBoG
A1UEAxMTVGVzdCBTL01JTUUgUm9vdCBDQQIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEB
AQUABAAwEAYJKoZIhvcNAQcBMAMGAQA=

And I feed chEnc to the decryption procedure to be decrypted. Is it correct? 
Any idea if the encoding is incorrect.

Thanks



 From: Dave Thompson dthomp...@prinpay.com
To: openssl-users@openssl.org 
Sent: Monday, September 17, 2012 8:45 PM
Subject: RE: Converting BIO* to PKCS7*
 
From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei
Sent: Monday, 17 September, 2012 05:01

I've got a problem regarding BIO* to PKCS7* conversion. I want to 
call PKCS7_decrypt() function to decrypt a cipher text. Before that, 
I have this section of code:

in = BIO_new_mem_buf(chEnc, iLength);
if (!in) { snip
p7 = d2i_PKCS7_bio(in, NULL);
if (!p7) { snip
140172957116064:error:0D0680A8:asn1 encoding routines:
ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 
140172957116064:error:0D07803A:asn1 encoding routines:
ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7

Any idea how to fix it? Is it the problem due to encoding? 
or is it a conversion problem?

Yes, it is encoding. The data you supplied isn't correct DER -- 
perhaps not DER at all, that's an easy way to get this wrong.
Check your data is DER and is exactly, octet for octet, that 
produced by a correct sender (encoder).


__
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                          majord...@openssl.org

RE: Converting BIO* to PKCS7*

2012-09-18 Thread Dave Thompson 
From: Mohammad khodaei [mailto:m_khod...@yahoo.com] 
Sent: Tuesday, 18 September, 2012 06:52

Thanks for the response. The encryption is also done by me. 
I have generated the cipher text as below: 

   in = BIO_new_mem_buf(pchContent, iPriKeyLen);
   if (!in) { //
   p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags);
   if (!p7) { //
   char* chEnc = new char[1000];
   BIO* memorybio = BIO_new(BIO_s_mem());
   BIO* base64bio = BIO_new(BIO_f_base64());
   BIO* outbio = BIO_push(base64bio, memorybio);

   long ll = i2d_PKCS7_bio(outbio, p7);
   BIO_flush(outbio);
   BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
   int iLength = BIO_get_mem_data(memorybio, chEnc);

Asides: I'm pretty sure you don't actually need to set RDONLY 
to do get_mem_data, and maybe not even flush beforehand.
And BIO_get_mem_data overwrites the pointer you give it, 
so your new char[1000] is leaked.

The encrypted value is generated like this: 

   MIGkBgkqhkiG9w0BBwOggZYwgZMCAQAxfDB6AgEAMGQwVzELMAkGA1UEBhMCVUsx
   EjAQBgNVBAcTCVRlc3QgQ2l0eTEWMBQGA1UEChMNT3BlblNTTCBHcm91cDEcMBoG
   A1UEAxMTVGVzdCBTL01JTUUgUm9vdCBDQQIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEB
   AQUABAAwEAYJKoZIhvcNAQcBMAMGAQA=

That is not DER, at least not plain DER; it's base64 *of* DER.

And I feed chEnc to the decryption procedure to be decrypted. 
Is it correct? Any idea if the encoding is incorrect.

To decode (and decrypt) that, you need to decode base64 first, 
*then* decode DER. If/since you have it in memory, basically do 
the reverse of your creation: BIO_new_mem_buf of the base64 data, 
BIO_push a base64BIO on the memBIO, and d2i from the result.

snip previous

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Converting BIO* to PKCS7*

2012-09-17 Thread Dave Thompson 
From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei
Sent: Monday, 17 September, 2012 05:01

I've got a problem regarding BIO* to PKCS7* conversion. I want to 
call PKCS7_decrypt() function to decrypt a cipher text. Before that, 
I have this section of code:

in = BIO_new_mem_buf(chEnc, iLength);
if (!in) { snip
p7 = d2i_PKCS7_bio(in, NULL);
if (!p7) { snip
140172957116064:error:0D0680A8:asn1 encoding routines:
ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 
140172957116064:error:0D07803A:asn1 encoding routines:
ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS7

Any idea how to fix it? Is it the problem due to encoding? 
or is it a conversion problem?

Yes, it is encoding. The data you supplied isn't correct DER -- 
perhaps not DER at all, that's an easy way to get this wrong.
Check your data is DER and is exactly, octet for octet, that 
produced by a correct sender (encoder).


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org