diff options
| author | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-10-15 00:15:44 +0000 |
|---|---|---|
| committer | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-10-15 00:15:44 +0000 |
| commit | 0ed4d13e5207c0e69a6d5e3f0f91d7e08d55f76f (patch) | |
| tree | c1ac79b8a80038bf3691102fbf0131d0af362b54 | |
| parent | e7414ef11ff25e975984457f8580f9367760a8da (diff) | |
| download | pki-0ed4d13e5207c0e69a6d5e3f0f91d7e08d55f76f.tar.gz pki-0ed4d13e5207c0e69a6d5e3f0f91d7e08d55f76f.tar.xz pki-0ed4d13e5207c0e69a6d5e3f0f91d7e08d55f76f.zip | |
Fix Bugzilla Bug #223313 - should do random generated IV param for symmetric keys
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1354 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
10 files changed, 126 insertions, 72 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java index 17d53ce67..1e96bf948 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java @@ -207,6 +207,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { String outputString = ""; String wrappedPrivKeyString = ""; String publicKeyString = ""; + String ivString = ""; /* if is RECOVERY_PROTOTYPE String recoveryBlobString = ""; @@ -231,6 +232,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet { publicKeyString = thisreq.getExtDataInString("public_key"); wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate"); + ivString = thisreq.getExtDataInString("iv_s"); /* if (selectedToken == null) status = "4"; @@ -244,7 +246,10 @@ public class TokenKeyRecoveryServlet extends CMSServlet { sb.append(wrappedPrivKeyString); sb.append("&public_key="); sb.append(publicKeyString); + sb.append("&iv_param="); + sb.append(ivString); value = sb.toString(); + } CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value); diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java index 58fa1b7bf..9e0901a2c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java @@ -533,17 +533,16 @@ public class TokenServlet extends CMSServlet { PublicKey pubKey = drmTransCert.getPublicKey(); String pubKeyAlgo = pubKey.getAlgorithm(); CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo); - KeyWrapper rsaWrap = null; + KeyWrapper keyWrapper = null; + //For wrapping symmetric keys don't need IV, use ECB if (pubKeyAlgo.equals("EC")) { - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; - IVParameterSpec IV = new IVParameterSpec(iv); - rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.AES_CBC); - rsaWrap.initWrap(pubKey, IV); + keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); + keyWrapper.initWrap(pubKey, null); } else { - rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); - rsaWrap.initWrap(pubKey, null); + keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + keyWrapper.initWrap(pubKey, null); } - drm_trans_wrapped_desKey = rsaWrap.wrap(desKey); + drm_trans_wrapped_desKey = keyWrapper.wrap(desKey); CMS.debug("computeSessionKey:desKey wrapped with drm transportation key."); } // if (serversideKeygen == true) diff --git a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java index cf155e99e..b6f7c96b6 100644 --- a/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java +++ b/pki/base/kra/src/com/netscape/kra/EncryptionUnit.java @@ -51,15 +51,15 @@ import org.mozilla.jss.crypto.PrivateKey; */ public abstract class EncryptionUnit implements IEncryptionUnit { + /* Establish one constant IV for base class, to be used for + internal operations. Constant IV acceptable for symmetric keys. + */ private byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; - private IVParameterSpec IV = null; + protected IVParameterSpec IV = null; public EncryptionUnit() { -/* - org.mozilla.jss.pkcs11.PK11SecureRandom random = - new org.mozilla.jss.pkcs11.PK11SecureRandom(); - random.nextBytes(iv); -*/ + CMS.debug("EncryptionUnit.EncryptionUnit this: " + this.toString()); + IV = new IVParameterSpec(iv); } @@ -78,6 +78,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public byte[] encryptInternalPrivate(byte priKey[]) throws EBaseException { try { + CMS.debug("EncryptionUnit.encryptInternalPrivate"); CryptoToken token = getToken(); CryptoToken internalToken = getInternalToken(); @@ -155,6 +156,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public byte[] wrap(PrivateKey priKey) throws EBaseException { try { + CMS.debug("EncryptionUnit.wrap"); CryptoToken token = getToken(); CryptoToken internalToken = getInternalToken(); @@ -246,15 +248,15 @@ public abstract class EncryptionUnit implements IEncryptionUnit { PrivateKey priKey = getPrivateKey(); String priKeyAlgo = priKey.getAlgorithm(); CMS.debug("EncryptionUnit::unwrap_sym() private key algo: " + priKeyAlgo); - KeyWrapper rsaWrap = null; + KeyWrapper keyWrapper = null; if (priKeyAlgo.equals("EC")) { - rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.AES_CBC); - rsaWrap.initUnwrap(priKey, IV); + keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB); + keyWrapper.initUnwrap(priKey, null); } else { - rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); - rsaWrap.initUnwrap(priKey, null); + keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + keyWrapper.initUnwrap(priKey, null); } - SymmetricKey sk = rsaWrap.unwrapSymmetric(encSymmKey, + SymmetricKey sk = keyWrapper.unwrapSymmetric(encSymmKey, SymmetricKey.DES3, usage, 0); return sk; @@ -284,6 +286,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { throws EBaseException { try { + CMS.debug("EncryptionUnit.decryptExternalPrivate"); CryptoToken token = getToken(); CryptoToken internalToken = getInternalToken(); @@ -343,6 +346,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { CryptoToken token = getToken(); CryptoToken internalToken = getInternalToken(); + CMS.debug("EncryptionUnit.unwrap symAlgParams: " + new String(symmAlgParams)); // (1) unwrap the session KeyWrapper rsaWrap = token.getKeyWrapper( KeyWrapAlgorithm.RSA); @@ -385,6 +389,7 @@ public abstract class EncryptionUnit implements IEncryptionUnit { public byte[] decryptInternalPrivate(byte wrappedKeyData[]) throws EBaseException { try { + CMS.debug("EncryptionUnit.decryptInternalPrivate"); DerValue val = new DerValue(wrappedKeyData); // val.tag == DerValue.tag_Sequence DerInputStream in = val.data; diff --git a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java index 6f12a6714..00f219388 100644 --- a/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java +++ b/pki/base/kra/src/com/netscape/kra/NetkeyKeygenService.java @@ -325,11 +325,12 @@ public class NetkeyKeygenService implements IService { byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; String iv_s =""; -/* - org.mozilla.jss.pkcs11.PK11SecureRandom random = - new org.mozilla.jss.pkcs11.PK11SecureRandom(); - random.nextBytes(iv); -*/ + try { + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + random.nextBytes(iv); + } catch (Exception e) { + CMS.debug("NetkeyKeygenService.serviceRequest: "+ e.toString()); + } IVParameterSpec algParam = new IVParameterSpec(iv); @@ -515,7 +516,6 @@ public class NetkeyKeygenService implements IService { iv_s = /*base64Encode(iv);*/com.netscape.cmsutil.util.Utils.SpecialEncode(iv); request.setExtData("iv_s", iv_s); - /* * archival - option flag "archive" controllable by the caller - TPS */ diff --git a/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java b/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java index fff1eea72..baec75494 100644 --- a/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java +++ b/pki/base/kra/src/com/netscape/kra/StorageKeyUnit.java @@ -358,23 +358,18 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Unwraps the storage key with the given symmetric key. */ - public static PrivateKey unwrapStorageKey(CryptoToken token, + public PrivateKey unwrapStorageKey(CryptoToken token, SymmetricKey sk, byte wrapped[], PublicKey pubKey) throws EBaseException { try { + CMS.debug("StorageKeyUnit.unwrapStorageKey."); + KeyWrapper wrapper = token.getKeyWrapper( KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; -/* - org.mozilla.jss.pkcs11.PK11SecureRandom random = - new org.mozilla.jss.pkcs11.PK11SecureRandom(); - random.nextBytes(iv); -*/ - - - wrapper.initUnwrap(sk, new IVParameterSpec(iv)); + + wrapper.initUnwrap(sk, IV); // XXX - it does not like the public key that is // not a crypto X509Certificate @@ -404,9 +399,10 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Used by config-cert. */ - public static byte[] wrapStorageKey(CryptoToken token, + public byte[] wrapStorageKey(CryptoToken token, SymmetricKey sk, PrivateKey pri) throws EBaseException { + CMS.debug("StorageKeyUnit.wrapStorageKey."); try { // move public & private to config/storage.dat // delete private key @@ -415,9 +411,8 @@ public class StorageKeyUnit extends EncryptionUnit implements // next to randomly generate a symmetric // password - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; - wrapper.initWrap(sk, new IVParameterSpec(iv)); + wrapper.initWrap(sk, IV); return wrapper.wrap(pri); } catch (TokenException e) { throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY_1", @@ -695,7 +690,7 @@ public class StorageKeyUnit extends EncryptionUnit implements // XXX } - public static String encryptShareWithInternalStorage( + public String encryptShareWithInternalStorage( byte share[], String pwd) throws EBaseException { try { @@ -708,17 +703,16 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Protectes the share with the given password. */ - public static String encryptShare(CryptoToken token, + public String encryptShare(CryptoToken token, byte share[], String pwd) throws EBaseException { try { + CMS.debug("StorageKeyUnit.encryptShare"); Cipher cipher = token.getCipherContext( EncryptionAlgorithm.DES3_CBC_PAD); SymmetricKey sk = StorageKeyUnit.buildSymmetricKey(token, pwd); - byte iv[] = {0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01}; - cipher.initEncrypt(sk, new IVParameterSpec(iv)); + cipher.initEncrypt(sk, IV); byte prev[] = preVerify(share); byte enc[] = cipher.doFinal(prev); @@ -799,7 +793,7 @@ public class StorageKeyUnit extends EncryptionUnit implements } - public static byte[] decryptShareWithInternalStorage( + public byte[] decryptShareWithInternalStorage( String encoding, String pwd) throws EBaseException { try { @@ -812,19 +806,18 @@ public class StorageKeyUnit extends EncryptionUnit implements /** * Decrypts shares with the given password. */ - public static byte[] decryptShare(CryptoToken token, + public byte[] decryptShare(CryptoToken token, String encoding, String pwd) throws EBaseException { try { + CMS.debug("StorageKeyUnit.decryptShare"); byte share[] = CMS.AtoB(encoding); Cipher cipher = token.getCipherContext( EncryptionAlgorithm.DES3_CBC_PAD); SymmetricKey sk = StorageKeyUnit.buildSymmetricKey( token, pwd); - byte iv[] = {0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01}; - cipher.initDecrypt(sk, new IVParameterSpec(iv)); + cipher.initDecrypt(sk, IV); byte dec[] = cipher.doFinal(share); if (dec == null || !verifyShare(dec)) { diff --git a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java index 14feef177..043602a8a 100644 --- a/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java +++ b/pki/base/kra/src/com/netscape/kra/TokenKeyRecoveryService.java @@ -209,17 +209,20 @@ public class TokenKeyRecoveryService implements IService { String auditRequesterID = "TPSagent"; String auditRecoveryID = ILogger.UNIDENTIFIED; String auditPublicKey = ILogger.UNIDENTIFIED; + String iv_s =""; CMS.debug("KRA services token key recovery request"); byte[] wrapped_des_key; byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; -/* - org.mozilla.jss.pkcs11.PK11SecureRandom random = - new org.mozilla.jss.pkcs11.PK11SecureRandom(); - random.nextBytes(iv); -*/ + try { + SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); + random.nextBytes(iv); + } catch (Exception e) { + CMS.debug("TokenKeyRecoveryService.serviceRequest: "+ e.toString()); + } + String id = request.getRequestId().toString(); if (id != null) { auditRecoveryID = id.trim(); @@ -435,6 +438,11 @@ public class TokenKeyRecoveryService implements IService { } CMS.debug("TokenKeyRecoveryService: got private key...about to verify"); + iv_s = /*base64Encode(iv);*/com.netscape.cmsutil.util.Utils.SpecialEncode(iv); + request.setExtData("iv_s", iv_s); + + CMS.debug("request.setExtData: iv_s: " + iv_s); + /* LunaSA returns data with padding which we need to remove */ ByteArrayInputStream dis = new ByteArrayInputStream(privateKeyData); DerValue dv = new DerValue(dis); diff --git a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java index e7e0e9f64..9edf7450e 100644 --- a/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java +++ b/pki/base/kra/src/com/netscape/kra/TransportKeyUnit.java @@ -52,8 +52,6 @@ public class TransportKeyUnit extends EncryptionUnit implements ISubsystem, ITransportKeyUnit { public static final String PROP_NICKNAME = "nickName"; - private byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; - private IVParameterSpec IV = null; // private RSAPublicKey mPublicKey = null; // private RSAPrivateKey mPrivateKey = null; @@ -66,12 +64,6 @@ public class TransportKeyUnit extends EncryptionUnit implements */ public TransportKeyUnit() { super(); -/* - org.mozilla.jss.pkcs11.PK11SecureRandom random = - new org.mozilla.jss.pkcs11.PK11SecureRandom(); - random.nextBytes(iv); -*/ - IV = new IVParameterSpec(iv); } /** diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp index 8d9e335fa..7f13710a2 100644 --- a/pki/base/tps/src/engine/RA.cpp +++ b/pki/base/tps/src/engine/RA.cpp @@ -1032,11 +1032,12 @@ SecurityLevel RA::GetGlobalSecurityLevel() { * output: * @param publickey_s public key provided by DRM * @param wrappedPrivateKey_s encrypted private key provided by DRM + * @param ivParam_s returned intialization vector */ void RA::RecoverKey(RA_Session *session, const char* cuid, const char *userid, char* desKey_s, char *b64cert, char **publicKey_s, - char **wrappedPrivateKey_s, const char *connId) + char **wrappedPrivateKey_s, const char *connId, char **ivParam_s) { int status; PSHttpResponse *response = NULL; @@ -1183,6 +1184,15 @@ void RA::RecoverKey(RA_Session *session, const char* cuid, *wrappedPrivateKey_s = PL_strdup(tmp); } + tmp = ra_pb->find_val_s("iv_param"); + if ((tmp == NULL) || (tmp == "")) { + RA::Error(LL_PER_PDU, "RecoverKey", + "did not get iv_param for recovered key in DRM response"); + } else { + RA::Debug(LL_PER_PDU, "ServerSideKeyGen", "got iv_param for recovered key =%s", tmp); + *ivParam_s = PL_strdup(tmp); + } + } else {// if content is NULL or status not 200 if (content != NULL) RA::Debug("RA::RecoverKey", "response from DRM error status %ld", s); diff --git a/pki/base/tps/src/include/engine/RA.h b/pki/base/tps/src/include/engine/RA.h index 8a23f2445..34f62ad50 100644 --- a/pki/base/tps/src/include/engine/RA.h +++ b/pki/base/tps/src/include/engine/RA.h @@ -130,7 +130,7 @@ class RA static void RecoverKey(RA_Session *session, const char* cuid, const char *userid, char* kekSessionKey_s, char *cert_s, char **publickey_s, - char **wrappedPrivateKey_s, const char *connId); + char **wrappedPrivateKey_s, const char *connId, char **ivParam_s); static Buffer *ComputeHostCryptogram(Buffer &card_challenge, Buffer &host_challenge); public: diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp index 66e724718..facdcfda9 100644 --- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -677,6 +677,14 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi PL_strfree(ivParam); } + if(iv_decoded == NULL) { + status = STATUS_ERROR_MAC_ENROLL_PDU; + PR_snprintf(audit_msg, 512, "ServerSideKeyGen: store keys in token failed, iv data not found"); + delete decodeKey; + delete decodeKeyCheck; + goto loser; + } + BYTE alg = 0x80; if(decodeKey && decodeKey->size()) { alg = 0x81; @@ -4018,6 +4026,7 @@ bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Se const char *pretty_cuid = NULL; char audit_msg[512] = ""; char *keyVersion = NULL; + char *ivParam = NULL; int i = 0; int totalNumCerts = 0; @@ -4106,6 +4115,13 @@ bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Se origins = (char **) malloc (sizeof(char *) * totalNumCerts); tokenTypes = (char **) malloc (sizeof(char *) * totalNumCerts); + for(i = 0; i < totalNumCerts; i++) { + ktypes[i] = NULL; + origins[i] = NULL; + tokenTypes[i] = NULL; + certificates[i] = NULL; + } + //Iterate through number of key types. Iteration will be modified in case we have to insert extra //certificates due to the "GenerateNewKeyandRecoverLast" scheme. @@ -4378,7 +4394,7 @@ bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Se RA::RecoverKey(session, lostTokenCUID, userid, channel->getDrmWrappedDESKey(), attr[0], &o_pub, &o_priv, - (char *)drmconnid); + (char *)drmconnid,&ivParam); } else { r = false; o_status = STATUS_ERROR_KEY_ARCHIVE_OFF; @@ -4396,6 +4412,7 @@ bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Se } else RA::Debug(LL_PER_PDU, "DoEnrollment", "o_pub = %s", o_pub); + if (o_priv == NULL) { RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::DoEnrollment()", "RecoverKey called, o_priv is NULL"); /* XXX @@ -4405,7 +4422,19 @@ bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Se */ } else RA::Debug(LL_PER_PDU, "DoEnrollment", "o_priv = %s", o_priv); - + + if (ivParam == NULL) { + RA::Debug(LL_PER_CONNECTION,"RA_Enroll_Processor::ProcessRecovery", + "ProcessRecovery called, ivParam is NULL"); + r = false; + o_status = STATUS_ERROR_RECOVERY_FAILED; + PR_snprintf(audit_msg, 512, "RA_Enroll_Processor::ProcessRecovery called, ivParam is NULL"); + goto rloser; + } else { + RA::Debug(LL_PER_CONNECTION,"ProcessRecovery", + "ivParam = %s", ivParam); + } + RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::ProcessRecovery()", "key injection for RecoverKey occurs here"); /* * the following code converts b64-encoded public key info into SECKEYPublicKey @@ -4568,26 +4597,39 @@ bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Se alg = 0x81; } - //XXX need randomize this later - BYTE iv[] = {0x01, 0x01,0x01,0x01,0x01,0x01,0x01,0x01}; + //Get iv data returned by DRM + + Buffer *iv_decoded = Util::URLDecode(ivParam); + if (ivParam) { + PL_strfree(ivParam); + } + + if(iv_decoded == NULL) { + r = false; + PR_snprintf(audit_msg, 512, "ProcessRecovery: store keys in token failed, iv data not found"); + delete decodeKey; + delete decodeKeyCheck; + goto rloser; + } data = Buffer((BYTE*)objid, 4)+ // object id Buffer(1,alg) + - // Buffer(1, 0x08) + // key type is DES3: 8 + //Buffer(1, 0x08) + // key type is DES3: 8 Buffer(1, (BYTE) decodeKey->size()) + // 1 byte length Buffer((BYTE *) *decodeKey, decodeKey->size())+ // key -encrypted to 3des block // check size // key check Buffer(1, (BYTE) decodeKeyCheck->size()) + //keycheck size Buffer((BYTE *) *decodeKeyCheck , decodeKeyCheck->size())+ // keycheck - Buffer(1, 0x08)+ // IV_Length - Buffer((BYTE*)iv, 8); + Buffer(1, iv_decoded->size())+ // IV_Length + Buffer((BYTE*)*iv_decoded, iv_decoded->size()); - // RA::DebugBuffer("cfu debug", "ImportKeyEnc data buffer =", &data); + //RA::DebugBuffer("cfu debug", "ImportKeyEnc data buffer =", &data); delete decodeKey; delete decodeKeyCheck; + delete iv_decoded; if (channel->ImportKeyEnc((keyUser << 4)+priKeyNumber, (keyUsage << 4)+pubKeyNumber, &data) != 1) { |