What is the mechanism of private key for decryption in PKCS11

Question

Here is some part of my code

I already encrypt some text from another app VB.net via RSACryptoProvider

But I stuck at the step to decrypt in C.

Here is my code.

static CK_RV usePrivateKeytoDecrypt(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) {
CK_RV rv = CKR_OK;
CK_MECHANISM mechanism = {
    {CKM_RSA_PKCS_OAEP}
};

rv = C_DecryptInit(hSession, &mechanism, hObject);

return rv;

}

The code is not completed. I try to debug and got the error CKR_MECHANISM_PARAM_INVALID

Please help. Thanks

Answer 1

You must set mechanism parameters:

CK_RSA_PKCS_OAEP_PARAMS oaepParams = {CKM_SHA_1, CKG_MGF1_SHA1, 1, NULL_PTR, 0};
CK_MECHANISM MechEncrypt = {CKM_RSA_PKCS_OAEP, &oaepParams, sizeof(oaepParams)};

Answer 2

You are not correctly initializing your mechanism structure. The CK_MECHANISM is a structure that requires 3 parameters to be defined:

typedef struct CK_MECHANISM {
  CK_MECHANISM_TYPE mechanism;
  CK_VOID_PTR       pParameter;
  CK_ULONG          ulParameterLen;  /* in bytes */
} CK_MECHANISM;

You need to initialize your mechanism as follow:

CK_MECHANISM  mechanism = { CKM_RSA_PKCS_OAEP, NULL_PTR, 0 };

If you generated your private-public key-pair as RSA key-pair (using CKM_RSA_PKCS_KEY_PAIR_GEN mechanism) e.g.

CK_MECHANISM  GenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 };

Then you need to initialize your mechanism for decryption as follow:

CK_MECHANISM  mechanism   = { CKM_RSA_PKCS, NULL_PTR, 0};

I presume you are already logged in with your hsession and the hObject is the located private key to be used for decryption?

Answer 3

It depends on the algorithm of the Key Pair.

If the Key Pair's algorithm is RSA, it could be CKM_RSA_PKCS / CKM_RSA_PKCS_OAEP / CKM_RSA_X_509.

If the Key Pair's algorithm is EC, it could be CKM_ECDSA.

Provided, the Private Key has the attribute CKA_DECRYPT set to true.

You can refer to this documentation here.