headers
Marco Scarsi | 15 Mar 2001 16:08
Picon
Favicon

Scattered questions

Dear all,
I am a newcomer to the SFL world. I have some scattered questions.

Is it somewhere explained how the test program auto_hi.exe works? I am 
mainly concerned about all the keywords in the .cfg files. Analyzing the 
.cfg files I tried to get an idea of the functions of these keywords. But it 
would be nice to have an exhaustive description. As an example, the 
"BuildArgs" entry has different syntax according to the CTIL chosen:
  BuildArgs=sm_pkcs11DLLd.dll 0 1234 xxx.dll
  BuildArgs=sm_free3DLLd.DLL ElmoRocks ./free_ab.dat FREE3DLL

Report_tool requires some Mozilla libraries. Where can I obtain them?

In SFL 1.9 I do not find the SM_Test CTIL, that is mentioned in the 
documentation.

What is exactly SM_pkcs11Free3DLL? What do you need to use this CTIL? Is it 
sufficient the

Crypto++ library that is already used in conjunction with SM_free3? Is there 
any test for this CTIL that can be run with auto_hi.exe?

Thanx for help,

Marco Scarsi

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Pawling, John | 15 Mar 2001 23:18

RE: Scattered questions

Marco:

- The Guide manual sort-of describes the "auto_hi.exe" and config file use
(available at the web site, or I can send you a copy).  This test program is
a unit development test program; very low-level.  The only way to figure
them out is to pick a representative config file for what you wish to
execute (e.g. Sign a message) and read the associated "Fill()" method to
figure out the associated keywords (e.g. CM_MsgToSign::Fill(), is
./SMIME/testsrc/util/sm_CLMsgToSign.cpp).  We have no documentation (other
than that in the Guide) for the keywords, they are different between major
modules due to different authors.  The keywords should be somewhat
straightforward and match the actual data structure to be loaded (e.g.
SignedData elements).  Our objective was not to provide an application
usable interface with the test logic, but to test and demonstrate the
library usage (see the "Check()" methods for encrypt, decrypt, sign, and
verify).

As to the CTIL input BuildArgs; this should be described by each individual
CTIL since the input is customized to the appropriate Private Key storage
mechanism (i.e. Fortezza or smart cards need a pin, RSA only needs a PKCS8
file or PKCS12 password protected file).  I would suggest that you avoid the
address book ("free_ab.dat") input choice; it will be removed in the near
future in favor of the PKCS12 only input.  I would suggest that you look at
the INIT function of the CTIL of interest.  Since we only have 6 CTILs, the
parameters are consistent.  The FREE3 CTIL is the most developed (since it
is free), it has the most features.  The recommended BuildArgs parameter is:

	sm_free3DLL PKCS12_PasswordProtectedFileExample.pdf
PASSWORD_ToThePkcs12File sm_free3DLL
(Continue reading)

Permalink | Reply | 0 comments |
headers
michael.harrison | 16 Mar 2001 16:58

issues with SFL and Solaris 2.7 SC5.0 Compiler

Dear all 
I am attempting to build the SFL S/MIME install on a Solaris 2.7 box
using Sun Workshop 5.0 
However there seems to be a few issues in terms of : 

iostream/istream/ostream header includes need updating in asn_config.h
where the std names have changed. 

The multiple inheritance of CSM_CommonData in SMIME/include/sm_api.h
into CSM_MsgToAddSignatures via CSM_MsgToVerify and CSM_MsgToSign causes
compilation errors due to ? strict C++ checking causing the compiler to
look for CSM_CommonData::UpdateEncodedBlob( CSM_MsgToAddSignatures,
CSMContent*) methods rather than resolve the
CSM_CommonData::UpdateEncodedBlob( CSM_Content* ) method as expected. 
And this is just in the header file for the ctors. 
There is also the issue where I've had to insert the (int) cast in
sm_Attr.cpp: 1557 & (?)950-ish because of stricter type checking.
e.g. in 'if(*SnaccRR.receiptsFrom->allOrFirstTier == (int)
AllOrFirstTier::firstTierRecipients)' 

I'm flagging these because they may also turn up when the newer version
of gcc arrives this year. 

Currently I'm stuck on a compiler error in the same vein which throws
out *pCSM_MsgToAddSignatures.MsgToSign::SetContentBlob( CSM_Content* )
which again the compiler refuses to acknowledge  - looking for a method
of signature 'MsgToSign::SetContentBlob( CSM_MsgToAddSignatures,
CSM_Content* )';

All these are from the latest releases from the  SFL site - version 1.9
(Continue reading)

Permalink | Reply | 0 comments |
headers
Pawling, John | 16 Mar 2001 17:51

FW: issues with SFL and Solaris 2.7 SC5.0 Compiler


-----Original Message-----
From: Colestock, Robert 
Sent: Friday, March 16, 2001 11:45 AM
To: 'michael.harrison <at> tumbleweed.com'
Cc: Pawling, John
Subject: RE: issues with SFL and Solaris 2.7 SC5.0 Compiler

<snip>

Michael:

I'm sorry I may not be of much help without your specific compiler here.
You are fighting some naive class design issues from before I understood the
class inheritance.  I have seen this issue before, the fix was to simply
make the multiple inherited component "virtual"; I hope this fixes your
problem.  Try changing the definition in "sm_api.h":

	class CSM_MsgToSign : public CSM_CommonData, protected
CSM_DataToSign
to
	class CSM_MsgToSign : virtual public CSM_CommonData, protected
CSM_DataToSign

	class CSM_MsgToVerify : public CSM_CommonData, public
CSM_DataToVerify
to
	class CSM_MsgToVerify : virtual public CSM_CommonData, public
CSM_DataToVerify
(Continue reading)

Permalink | Reply | 0 comments |
headers
Simon Blanchet | 19 Mar 2001 18:20
Picon
Favicon

Issues compiling auto_hi classes (and others issues)

Hi!

I'm pretty much new to SFL and I got several general questions about it.

(Question #1)

I didn't succeed in compiling the project auto_hi classes with MS Visual
Studio.  I think that my setup is OK (Crypto++ was compiled with success
etc...).  Everything seems to go well but at the end of the compilation I
obtains:

c:\cvs_home\sfl\smime\alg_libs\sm_rsa\sm_rsa.h(65) : fatal error C1083:
Cannot open include file: 'aglobal.h': No such file or directory
sm_rsa.cpp
c:\cvs_home\sfl\smime\alg_libs\sm_rsa\sm_rsa.h(65) : fatal error C1083:
Cannot open include file: 'aglobal.h': No such file or directory
Generating Code...
Compiling...
sm_tstdlib.c
c:\cvs_home\sfl\smime\alg_libs\sm_rsa\sm_tstdlib.c(20) : fatal error C1083:
Cannot open include file: 'aglobal.h': No such file or directory

I know it's because I don't have RSA BSAFE library...  But my question is:
Do we really need RSA BSAFE to compile this project (auto_hi.exe)?  Can we
use SFL (with all the S/MIME functionnalities) without RSA BSAFE?  At first
I used to think that everything should be fine only with Crypto++ (this lib
seems to implements all the functionnalities needed for S/MIME), but now I'm
wondering.  So if there is a way to use only Crypto++ with SFL:  How to
configure SFL only to use Crypto++?  Which files or compilation flags do we
need to add / modify?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Nicholas, Richard | 19 Mar 2001 19:31

RE: Issues compiling auto_hi classes (and others issues)

Simon,

I'll leave question #1 for someone else, and try to answer #2.

> (Question #2)
> 
> From my understanding of SFL - CML - SRL now it looks like 
> CML (v1.9) is
> only used to provide Cert Path Validation and High Level 
> access to "the real
> implementation of a cert store".  The Storage is handled by 
> SRL.  I got some
> questions concerning CML vs SRL:
> 
> 2.1 Is there a way to use Crypto++ (instead of RSA BSAFE) for 
> cryptographic
> function needed by CML for path processing?  How?

The CML has two cryptographic interfaces, an internal one to make DSA,
SHA-1, RSA, MDx calls directly for signature verification, and the SFL CTIL
interface.  If you want to use the CTIL interface, simply provide a pointer
to a valid CSMIME object during the call to CM_CreateSessionExt().  (CSMIME
is sort of a container for CTIL instances.)

> 2.2 Is there a way to use SFL with CML (for path validation 
> processing and
> high level access to storage) with SRL (for storage only) and 
> finally with a
> custom-made CallBack_Function (only for certificate 
> retrieval).
(Continue reading)

Permalink | Reply | 1 comment |
headers
Pawling, John | 19 Mar 2001 19:41

RE: Issues compiling auto_hi classes (and others issues)

Simon:

The following information answers #1:

1.)  You need to remove the references to RSA in your dependency list for
the BuildAll project(s).  You should remove all CTIL library builds you do
not have (spex, fortezza, pkcs11, etc.).  The project is setup to build all
CTILs.  No, you do not need the BSafe libraries to build autoHi; it is there
to facilitate testing (autoHi is our lo-level UDF test program).  There are
no compilation flags for general use of any CTIL; simply load that
particular DLL (e.g. sm_free3DLL.dll; see
SMIME/testsrc/util/sm_CfgLogins.cpp).

<snip>

Bob Colestock
VDA

-----Original Message-----
From: Nicholas, Richard [mailto:Richard.Nicholas <at> GetronicsGov.com]
Sent: Monday, March 19, 2001 1:31 PM
To: 'Simon Blanchet'
Cc: imc-sfl <at> imc.org
Subject: RE: Issues compiling auto_hi classes (and others issues)

Simon,

I'll leave question #1 for someone else, and try to answer #2.

> (Question #2)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Simon Blanchet | 19 Mar 2001 20:22
Picon
Favicon

RE: Issues compiling auto_hi classes (and others issues)

Hi!

I just want to make sure that everything is ok concerning my "NEW"
understanding of SFL - CML - SRL.
Here is some definitions:

MY_APP: my application
SFL: the SFL Lib
CML: the CML Lib
SRL: the SRL Lib
MY_CALLBACK: my custom CallBack Function
MY_CUSTOM_X509_STORE: my own store implemented with it's own API

Here is the order of processing steps:

I- MY_APP calls CML to search for a specific Cert.
   I.1- CML calls MY_CALLBACK to search for the specific Cert.
   I.2- MY_CALLBACK calls SRL to search internally for the specific Cert.
        I.2.1- SRL return to my callback with NO_CERT_FOUND (kind of)
   I.3- MY_CALLBACK calls MY_CUSTOM_X509_STORE to search for the Cert.
        I.3.1- MY_CUSTOM_X509_STORE returns CERT_FOUND (with the Cert).
   I.4- MY_CALLBACK returns to CML the Cert found.
   I.5- CML returns to MY_APP the Cert found.
II- MY_APP calls SFL with the Cert found.

Does it looks like the way to proceed?  So basically, it is MY_CALLBACK that
will call internally SRL and then MY_CUSTOM_X509_STORE in order to achieve
what I want...

-----Original Message-----
(Continue reading)

Permalink | Reply | 0 comments |
headers
Nicholas, Richard | 19 Mar 2001 20:43

RE: Issues compiling auto_hi classes (and others issues)

Simon,

Yes.  That seems like the best way to go to get the functionality you want
using the current CML and SRL.

- Rich

> I just want to make sure that everything is ok concerning my "NEW"
> understanding of SFL - CML - SRL.
> Here is some definitions:
> 
> MY_APP: my application
> SFL: the SFL Lib
> CML: the CML Lib
> SRL: the SRL Lib
> MY_CALLBACK: my custom CallBack Function
> MY_CUSTOM_X509_STORE: my own store implemented with it's own API
> 
> Here is the order of processing steps:
> 
> I- MY_APP calls CML to search for a specific Cert.
>    I.1- CML calls MY_CALLBACK to search for the specific Cert.
>    I.2- MY_CALLBACK calls SRL to search internally for the 
> specific Cert.
>         I.2.1- SRL return to my callback with NO_CERT_FOUND (kind of)
>    I.3- MY_CALLBACK calls MY_CUSTOM_X509_STORE to search for the Cert.
>         I.3.1- MY_CUSTOM_X509_STORE returns CERT_FOUND (with 
> the Cert).
>    I.4- MY_CALLBACK returns to CML the Cert found.
>    I.5- CML returns to MY_APP the Cert found.
(Continue reading)

Permalink | Reply | 4 comments |
headers
Mike Harrison | 20 Mar 2001 17:21

RE: issues with SFL and Solaris 2.7 SC5.0 Compiler

Robert, 
I've now installed Sun Workshop 6, and after much mucking about with
compiler licenses, the changes we discussed are working. 
I have some more ( relatively trivial ) which I can forward when I get
everything compiling OK. 
I could really do with some specialist knowledge here. Can you point me to
instructions to build enough of the SFL libraries to allow me to do SMIME
encryption and decryption with BSAFE and BSAFE only ?. I've gone through the
SMP components manual date 9 Feb 2K1 and the readmes in the release but not
found instructions on how to partition the builds between different crypto
libraries. 

cheers
Mike

-----Original Message-----
From: Colestock, Robert [mailto:Robert.Colestock <at> GetronicsGov.com]
Sent: 16 March 2001 16:45
To: 'michael.harrison <at> tumbleweed.com'
Cc: Pawling, John
Subject: RE: issues with SFL and Solaris 2.7 SC5.0 Compiler

Sorry about the empty response.

Michael:

I'm sorry I may not be of much help without your specific compiler here.
You are fighting some naive class design issues from before I understood the
class inheritance.  I have seen this issue before, the fix was to simply
make the multiple inherited component "virtual"; I hope this fixes your
(Continue reading)

Permalink | Reply | 0 comments |

Gmane