Hi Rickard
Thank you for your interest. I been following SOFTHSM-107 and I see a push in
here (https://github.com/opendnssec/SoftHSMv2/pull/100), I did merge the
changes with softhsm-2.0.0b1 and recompile. If I ask for the module info from
java, I get this:
Mechanism Name: CKM_AES_CBC_PAD
Minimum Key-Size: 16
Maximum Key-Size: 32
Hardware: false
Encrypt: true
Decrypt: true
Digest: false
Sign: false
Sign Recover: false
Verify: false
Verify Recover: false
Generate: false
Generate Key-Pair: false
Wrap: false
Unwrap: false
Derive: false
EC F(p): false
EC F(2^m): false
EC Parameters: false
EC Named Curve: false
EC Uncompress: false
EC Compress: false
Extension: false
So, I think padding is now supported, but in my application now I have this
exception:
Caused by: javax.crypto.ShortBufferException
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:561)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:464)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:452)
... 49 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_BUFFER_TOO_SMALL
at sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:517)
... 51 more
As you say in the ticket, I don't really know about crypto, I'm just trying to
make things work. Please let me know if I can / should do anything else.
El Domingo, 7 de diciembre, 2014 3:08:33, Rickard Bellgrim
<rick...@opendnssec.org> escribió:
On Fri, Dec 5, 2014 at 8:09 AM, Roland van Rijswijk - Deij
<roland.vanrijsw...@surfnet.nl> wrote:
Hi Roko,
roko wrote:
> I'm getting this error:
> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
>
> Is this maybe a known limitation for softhsm2 ? there is some workaround
> ? Thx for your help.
I've had a quick look at the code, and this seems to be a bug;
C_EncryptUpdate always checks if the input block adheres to the cipher's
required block size. It should only do this if the cipher is used in ECB
mode. I have created SOFTHSM-107
(https://issues.opendnssec.org/browse/SOFTHSM-107) in our issue tracking
system for this bug, it will be addressed in the next version of SoftHSM
v2.
We currently only support ECB and CBC. They require full block when not
padding. Could add support for CKM_DES_CBC_PAD, CKM_DES3_CBC_PAD, and
CKM_AES_CBC_PAD.
You are trying to use CKM_AES_CBC_PAD (AES/CBC/PKCS5Padding) which is currently
not supported. The error indicate that the Java implementation is trying to use
CKM_AES_CBC and not CKM_AES_CBC_PAD, which would have returned
CKR_MECHANISM_INVALID.
// Rickard
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
