EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElRSAPublicKeyCrypto.Decrypt error Input Too Long

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#4512
Posted: 12/17/2007 14:32:37
by  Joseph Wallbridge
I have implemented TLS on a sip application. Works fine.
I Have a SipSniffer application that I wrote. I am trying to monitor the data in the TLS packets.
The packet includes the Ethernet and IP and TCP Headers.
This is the syntax that I Am using to decrypt the packet
Crypto.Decrypt(DataArray(), 54, DataSize - 54, Clearbuff, 1400, OutSize)
The error I Get is
"Input is too long"
The dataarray is 1263 Bytes
any help would be greatly appreciated
Regards Tony
#4513
Posted: 12/17/2007 14:51:13
by Eugene Mayevski (EldoS Corp.)

What encryption algorithm are you trying to employ?


Sincerely yours
Eugene Mayevski
#4515
Posted: 12/17/2007 15:19:57
by  Joseph Wallbridge
Thank you for your prompt reply

I used the same cert and password from the TLS example
CertStorageDef.ucs
{37907B5C-B309-4AE4-AFD2-2EAE948EADA2}


Crypto = New TElRSAPublicKeyCrypto
KeyMaterial = New TElRSAKeyMaterial

' certificate
cert = New TElX509Certificate
streamKey = New FileStream(Certificate, FileMode.Open)
certType = TElX509Certificate.DetectCertFileFormat(streamKey)
Select Case certType
Case 1 ' cfDER
cert.LoadFromStream(streamKey, 0)
KeyLoaded = True
Case 2 ' cfPEM
R = cert.LoadFromStreamPEM(streamKey, PassWord, 0)
If R <> 0 Then
errorMsg = "PEM read error: " + R.ToString()
Else
KeyLoaded = True
End If
Case 3 ' cfPFX
R = cert.LoadFromStreamPFX(streamKey, PassWord, 0)
If R <> 0 Then
errorMsg = "PFX read error: " + R.ToString()
Else
KeyLoaded = True
End If
Case Else
errorMsg = "Unsupported certificate file format"
End Select
streamKey.Close()
KeyMaterial.Assign(cert.KeyMaterial)

'setting properties of main class
Crypto.KeyMaterial = KeyMaterial

Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary
Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary

Do you need and more infor ?

Regards Joseph Wallbridge
#4516
Posted: 12/18/2007 00:13:07
by Eugene Mayevski (EldoS Corp.)

The data is not encrypted using RSA, so your approach is incorrect.

Can you please explain what you are trying to do in general? Are you trying to buld a man-in-the-middle sniffer for TLS-encrypted data? This is not possible with SecureBlackbox.


Sincerely yours
Eugene Mayevski
#4517
Posted: 12/18/2007 06:49:16
by  Joseph Wallbridge
Eugene.

Yes That is exactly what I am trying to do.
What do you mean "The data is not encrypted using RSA". How is it encrypted.
Please explain why this is not possible with SecureBackBox

Regards Joseph Wallbridge
#4518
Posted: 12/18/2007 07:00:46
by Eugene Mayevski (EldoS Corp.)

I think that you would need to read TLS specification (RFC 2246), and it will answer both of your questions. The data is encrypted using a symmetric key generated for a session. The session key is encrypted and transferred using key exchange algorithm. And RSA is used for authentication of the parties. So it's a bit :) more complex than just encrypting the transferred data using RSA.

It's not possible with SecureBlackbox cause it was designed for protection, not for sniffing. It doesn't provide functions / interfaces for the application to recode the traffic passing by. At least, not without certain changes.


Sincerely yours
Eugene Mayevski
#4519
Posted: 12/18/2007 07:21:47
by  Joseph Wallbridge
Thank You Eugene

I am not so much interested in security as in monitoring the SIP packages. I will have to find another way to skin the cat.

Thank you for your Information.

Regards Joseph Wallbridge
#4520
Posted: 12/18/2007 10:19:23
by  Joseph Wallbridge
Eugene
Have found a workaround. Thanks for your help.
One more question if I may. Since I cant see the TLS exchanges, my requirements are for the following TLS flows .
TLS Server TLS Client DoD PKI Server
--> Certificate Request -->
<-- Certificate <--
---Certificate Request -->
<--Certificate <--

--> Hello Request -->
<-- Client Hello <--
--> Server Hello -->
--> Server Certificate -->>
--> Certificate Request -->
--> Server Hello Done -->
<-- Client Certificate -->
<-- Client Key Exchange <--
<-- Certificate Verify <--
--> Finished -->
<--> SIP signaling messages <-->

Could you let me know how I can ensure that the above flows are happening

Regards Joseph Wallbridge
#4530
Posted: 12/18/2007 15:10:38
by  Joseph Wallbridge
Thanks for the reference to the RFC

I have read it.
If I am correct the certificate sets the parameters for the handshake and and keys

Our requirement if for

TLS_RSA_WITH_AES_128_CBC_SHA
or
TLS_RSA_WITH_AES_256_CBC_SHA

Is ther an example of this in your samples. There are a lot of samples so I would appreciate a pointer to it.


Sorry for the dumb questions. but I dont need to learn how TLS works I just neeed to use it.

Thanks for you patience and help

Regards Joseph Wallbridge
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 2659 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!