Re: [Cdsa-dev] help me.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Pietro,

This might help, particularly, the code fragment at the bottom.

Regards,

Tom

------------- Begin Forwarded Message -------------

To: cds...@li...
Subject: Re: [Cdsa-issues] CSSM INVALID KEY REFERENCE ERROR...
Cc: woo...@zk...
Date: Tue, 18 Dec 2001 15:21:10 -0500 (EST)

Hi, Rajulu,

Thanks for sending me your code.  We can solve the problem now and
simplify the code too!

(I'm replying to the entire list here because I think others might
find this info helpful.)

The original problem was that CSSM_EncryptData() was returning the
error CSSMERR_CSP_INVALID_KEY_REFERENCE.  To see the reason for that,
let's go back and see how the key was generated.  It was generated
by first calling CSSM_GenerateKey() and then replacing the resulting
Key.KeyData with your own key bits.  In a minute, you'll see a much
simpler way to create a key with your own key bits, but first let's
see why the error occurred...

The call to CSSM_GenerateKey() included the key attribute
CSSM_KEYATTR_RETURN_DEFAULT.  That attribute lets the CSP decide for
itself how to fill in the Key.KeyData structure.  It has three
choices:

    1.  fill in the actual key bits
    2.  fill in a reference to the key (actually an integer id)
    3.  fill in nothing

The EAY CSP chooses 2.  It stores the key reference in the
Key.KeyData structure and then sets the Key.KeyHeader.BlobType to
CSSM_KEYBLOB_REFERENCE.

Later on, when you replace that Key.KeyData with your own key bits,
you create an inconsistency.  The key header claims that Key.KeyData
contains a reference, when it now contains actual key bits.  To
CSSM_EncryptData(), those bits look like a huge reference id and so
it returns CSSMERR_CSP_INVALID_KEY_REFERENCE.

Hope that made sense.

If not, just remember the following simpler way to generate a key
with your own key bits.  You just skip the call to CSSM_GenerateKey()
and fill in the Key structure yourself.  You can then pass that
structure directly to CSSM_CSP_CreateSymmetricContext().

    /* inputs:  algorithmId, keyLen, keyBits */

    CSSM_KEY key;

    memset(&key, 0, sizeof key);
    key.KeyHeader.HeaderVersion        = CSSM_KEYHEADER_VERSION;
    key.KeyHeader.BlobType             = CSSM_KEYBLOB_RAW;
    key.KeyHeader.Format               = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
    key.KeyHeader.AlgorithmId          = algorithmId;
    key.KeyHeader.KeyClass             = CSSM_KEYCLASS_SESSION_KEY;
    key.KeyHeader.LogicalKeySizeInBits = keyLen * 8;
    key.KeyHeader.KeyUsage             =
        CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_ENCRYPT;
    key.KeyHeader.WrapAlgorithmId      = CSSM_ALGID_NONE;
    key.KeyData.Length = keyLen;
    key.KeyData.Data   = keyBits;

This should solve your problem.  Please let me know if it doesn't.

Thanks,

Tom Woodburn
Compaq Computer Corporation

_______________________________________________
Cdsa-issues mailing list
Cds...@li...
https://lists.sourceforge.net/lists/listinfo/cdsa-issues

------------- End Forwarded Message -------------