Vengoal Chang | 14 Apr 03:35 2005
Picon

Re: AES decryption with Qc3DecryptData API


Here is my sample for your reference, you can use OPM or ILE module as your requirements:

      * CRTRPGMOD DECRYPTDTA
      * CRTPGM PGM(lib/DECRYPTDTA) BNDSRVPGM(QC3DTAEN QC3PRNG)
      *
      * Encrypt Data (OPM, QC3ENCDT; ILE, Qc3EncryptData) API
      * Service Program Name: QC3DTAEN

      * Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API
      * Service Program Name: QC3DTADE

     H DEBUG  OPTION(*SRCSTMT:*NODEBUGIO)

      */copy qsysinc/qrpglesrc.QC3CCI
     D*******************************************************************
     D*Data definitions
     D*******************************************************************
     D*ALGD0200 algorithm description structure
     DQC3D0200         DS
     D*                                             Qc3 Format ALGD0200
     D QC3BCA                  1      4B 0
     D*                                             Block Cipher Alg
     D QC3BL                   5      8B 0
     D*                                             Block Length
     D QC3MODE                 9      9
     D*                                             Mode
     D QC3PO                  10     10
     D*                                             Pad Option
     D QC3PC                  11     11
     D*                                             Pad Character
     D QC3ERVED               12     12
     D*                                             Reserved
     D QC3MACL                13     16B 0
     D*                                             MAC Length
     D QC3EKS                 17     20B 0
     D*                                             Effective Key Size
     D QC3IV                  21     52
     D*                                             Init Vector
     D*ALGD0300 algorithm description structure
     DQC3D0300         DS
     D*                                             Qc3 Format ALGD0300
     D QC3SCA                  1      4B 0
     D*                                             Stream Cipher Alg
     D*ALGD0400 algorithm description structure
     DQC3D0400         DS
     D*                                             Qc3 Format ALGD0400
     D QC3PKA                  1      4B 0
     D*                                             Public Key Alg
     D QC3PKABF                5      5
     D*                                             PKA Block Format
     D QC3ERVED00              6      8
     D*                                             Reserved
     D QC3SHA                  9     12B 0
     D*                                             Signing Hash Alg
     D*ALGD0500 algorithm description structure
     DQC3D0500         DS
     D*                                             Qc3 Format ALGD0500
     D QC3HA                   1      4B 0
     D*                                             Hash Alg
     D*DATA0200 array data format structure
     DQC3A0200         DS
     D*                                             Qc3 Format DATA0200
     D QC3DP                   1     16*
     D*                                             Data Ptr
     D QC3DL                  17     20B 0
     D*                                             Data Len
     D QC3ERVED01             21     32
     D*                                             Reserved
     D*KEYD0200 key description format structure
     DQC3D020000       DS
     D*                                             Qc3 Format KEYD0200
     D QC3KT                   1      4B 0
     D*                                             Key Type
     D QC3KSL                  5      8B 0
     D*                                             Key String Len
     D QC3KF                   9      9
     D*                                             Key Format
     D QC3ERVED02             10     12             inz(x'000000')
     D*                                             Reserved
     D*QC3KS                  13     13
     D*
     D*                                variable length
     D*******************************************************************

      * API error structure
     D APIERR          DS
     D  ERRPRV                       10I 0 INZ(272)
     D  ERRLEN                       10I 0
     D  EXCPID                        7A
     D  RSRVD2                        1A
     D  EXCPDT                      256A
     D
      *Encrypt Data (OPM, QC3ENCDT; ILE, Qc3EncryptData) API protects
      *data privacy by scrambling clear data into an unintelligible form.
     D*Qc3EncryptData  Pr                  ExtProc('Qc3EncryptData')
     D Qc3EncryptData  Pr                  ExtPgm('QC3ENCDT')
     D clrDta                     32767a
     D clrDtaLen                     10I 0
     D clrDtaFmt                      8
     D algorithm                           like(QC3D0200)
     D algorithmFmt                   8
     D key                                 like(KeyC)
     D keyFmt                         8
     D srvProvider                    1
     D deviceName                    10
     D encryptedData              32767a
     D encryptedBufL                 10I 0
     D encryptedRtnL                 10I 0
     D errcde                              like(APIERR)

      * Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API restores
      * encrypted data to a clear (intelligible) form.
     D*Qc3DecryptData  Pr                  ExtProc('Qc3DecryptData')
     D Qc3DecryptData  Pr                  ExtPgm('QC3DECDT')
     D encryptedData              32767a
     D encryptedDtaL                 10I 0
     D algorithm                           like(QC3D0200)
     D algorithmFmt                   8
     D key                                 like(keyC)
     D keyFmt                         8
     D srvProvider                    1
     D deviceName                    10
     D clrDta                     32767a
     D clrDtaBufL                    10I 0
     D clrDtaRtnL                    10I 0
     D errcde                              like(APIERR)

     DQc3GenPRNs       Pr                  ExtPRoc('Qc3GenPRNs')
     D PrnDta                       512
     D PrnDtaLen                     10I 0
     D PrnType                        1
     D PrnParity                      1
     D errcde                              like(APIERR)

     D PrnDta          S            512
     D PrnDtaLen       S             10I 0
     D PrnType         S              1    inz('1')
     D PrnParity       S              1    inz('1')

     D clrDta          S          32767a
     D clrDtaLen       S             10I 0
     D clrDtaFmt       S              8    inz('DATA0100')
     D algorithm       S                   like(QC3D0200)
     D algorithmFmt    S              8    inz('ALGD0200')
     D key             S                   like(KeyC)
     D keyFmt          S              8    inz('KEYD0200')
     D srvProvider     S              1    inz('1')
     D deviceName      S             10    inz(*blanks)
     D encryptedData   S          32767a
     D encryptedDtaL   S             10I 0
     D encryptedBufL   S             10I 0
     D encryptedRtnL   S             10I 0
     D clrDtaBufL      S             10I 0
     D clrDtaRtnL      S             10I 0

     D KeyString       S            256
     D KeyC            S            256

     C                   Eval      clrDta = 'This is a test.'
     C                   Eval      clrDtaLen = %len(%trim(clrDta))
     C                   Eval      encryptedBufL = %size(encryptedData)
     C* Block cipher algorithm
      * 20 DES
      * 21 Triple DES
      * 22 AES
     C                   Eval      QC3BCA = 20
      *Block length
      *  8  DES
      *  8  Triple DES
      * 16  AES
     C                   Eval      QC3BL  = 8
      *Mode
      * 0 ECB
      * 1 CBC
      * 2 OFB. Not valid with AES.
      * 3 CFB 1-bit. Not valid with AES.
      * 4 CFB 8-bit. Not valid with AES.
      * 5 CFB 64-bit. Not valid with AES
     C                   Eval      QC3MODE = '1'
      * Pad Option
      * 0 No padding is performed.
      * 1 Use the character specified in the pad character field for padding
      * 2 The pad counter is used as the pad character.
     C                   Eval      QC3PO   = '1'

      * Pad Character
     C                   Eval      QC3PC   = X'00'
      * Reserved
     C                   Eval      QC3ERVED = X'00'
      * MAC Length
      * This field is not used on an encrypt operation and must be set to
      * null(binary 0s).
     C                   Eval      QC3MACL  = X'00000000'
      * Effective key size
      * This field must be set to 0.
     C                   Eval      QC3EKS   = 0
      * Initialization vector
      * The initialization vector (IV). An IV is not used for mode ECB,
      * and must be set to NULL (binary 0s).
     C                   Eval      QC3IV = *AllX'00'
     C                   Reset                   encryptedData
     C                   Eval      encryptedBufL = %len(encryptedData)

     C*                  Eval      algorithm = %addr(QC3D0200)
     C                   Eval      algorithm = QC3D0200
      * Key Type            KeyFormat  KeyLength
      * 20 DES                     0          8(7 bits used,rightmost setbit
      * 21 Triple DES              0    8,16,24(7 bits used,rightmost setbit
      * 22 AES                     0   16,24,32
      * 30 RC4-compatible          0    1<->256
      * 50 RSA public              1
      * 51 RSA private             1
     C                   Eval      QC3KT = 20

      * Key Format
     C                   Eval      QC3KF = '0'
      * Key String
     C                   Eval      KeyString = '12345678'
     C*                  Eval      PrnDtaLen = 8
     C*                  callP     Qc3GenPRNs(
     C*                               PrnDta        :
     C*                               PrnDtaLen     :
     C*                               PrnType       :
     C*                               PrnParity     :
     C*                               APIERR
     C*                            )
     C*                  ExSr      ChkErrCde
     C*                  Eval      KeyString = %SubSt(PrnDta :
     C*                                                1 : PrnDtaLen)
      * Key Length
     C                   Eval      QC3KSL = %len(%trim(KeyString))
     C                   Eval      KeyC = QC3D020000 + %trim(KeyString)
     C*                  Eval      Key  = %addr(KeyC)
     C                   Eval      Key  = KeyC

     C                   callP     Qc3EncryptData(
     C                                clrDta        :
     C                                clrDtaLen     :
     C                                clrDtaFmt     :
     C                                algorithm     :
     C                                algorithmFmt  :
     C                                key           :
     C                                keyFmt        :
     C                                srvProvider   :
     C                                deviceName    :
     C                                encryptedData :
     C                                encryptedBufL :
     C                                encryptedRtnL :
     C                                APIERR
     C                             )
     C                   ExSr      ChkErrCde

     C                   Reset                   clrDta
     C                   Eval      encryptedDtaL = encryptedRtnL
     C                   Eval      clrDtaBufL = %size(clrDta)
     C                   callP     Qc3DecryptData(
     C                                encryptedData :
     C                                encryptedDtaL :
     C                                algorithm     :
     C                                algorithmFmt  :
     C                                key           :
     C                                keyFmt        :
     C                                srvProvider   :
     C                                deviceName    :
     C                                clrDta        :
     C                                clrDtaBufL    :
     C                                clrDtaRtnL    :
     C                                APIERR
     C                             )
     C                   ExSr      ChkErrCde
     C                   dump

     C                   Eval      *InLr = *On
      **********************************************************************
     C     ChkErrCde     BegSr
     C                   If        ERRLEN > 0
     C     EXCPID        DSPLY
     C                   EndIf
     C                   EndSr

Carsten Flensburg ??:

>Hello Martin,
>
>AES is supported by the Qc3DecryptData API, so provided that you have the
>correct mode and pad options from the customer, it should definitely be
>possible to do what you're trying to.
>
>Could you possibly post the code - but not the provided key :-) - then we'll
>see how to make it run.
>
>Best regards,
>Carsten Flensburg
>
>----- Original Message ----- 
>From: <Martin.Verhoef@...>
>To: <rpg400-l@...>
>Sent: Wednesday, April 13, 2005 11:57 AM
>Subject: AES decryption with Qc3DecryptData API
>
>
>  
>
>>Has someone experience with the Qc3DecryptData API ?
>>I have an encrypted string (AES) and a key (size 16) from a customer. The
>>encrypted string i want to decrypt
>>with the provided key and the api. Is it possible to use the api in this
>>way ?
>>
>>How to provide the encrypted string and the key to the parameter group of
>>the api ?
>>I tried some parameter values but got errors back like 'Length of input
>>data not valid'.
>>    
>>
>
>
>  
>
--

-- 
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@...
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@...
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


Gmane