📄 aes_func.c
字号:
// File: aes_func.c//#include <stdio.h>#include <stdlib.h>#include <string.h>#include <memory.h>#include <dlfcn.h>#include "pkcs11types.h"#include "regress.h"void *dl_handle;unsigned long SlotID = 0;void oc_err_msg(char *, int, char *, CK_RV);#define AES_KEY_SIZE_256 32#define AES_BLOCK_SIZE 16#define AES_KEY_LEN 32CK_FUNCTION_LIST *funcs;CK_SESSION_HANDLE sess;#define OC_ERR_MSG(a,b) oc_err_msg(__FILE__, __LINE__, a, b)////int do_EncryptAES_ECB(void){ CK_BYTE data1[BIG_REQUEST]; CK_BYTE data2[BIG_REQUEST]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_ULONG user_pin_len; CK_ULONG i; CK_ULONG len1, len2, key_size = AES_KEY_SIZE_256; CK_RV rc; CK_ATTRIBUTE key_gen_tmpl[] = { {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG) } }; printf("do_EncryptAES_ECB...\n"); slot_id = SlotID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session); if (rc != CKR_OK) { OC_ERR_MSG(" C_OpenSession #1", rc); return FALSE; } memcpy(user_pin, "12345678", 8); user_pin_len = 8; rc = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Login #1", rc); return FALSE; } mech.mechanism = CKM_AES_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate an AES key // rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_GenerateKey #1", rc); return FALSE; } // now, encrypt some data // len1 = len2 = BIG_REQUEST; for (i = 0; i < len1; i++) { data1[i] = i % 255; data2[i] = i % 255; } mech.mechanism = CKM_AES_ECB; mech.ulParameterLen = 0; mech.pParameter = NULL; rc = funcs->C_EncryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptInit #1", rc); return FALSE; } rc = funcs->C_Encrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Encrypt #1", rc); return FALSE; } // now, decrypt the data // rc = funcs->C_DecryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } rc = funcs->C_Decrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Decrypt #1", rc); return FALSE; } if (len1 != len2) { printf(" ERROR: lengths don't match\n"); return FALSE; } for (i = 0; i < len1; i++) { if (data1[i] != data2[i]) { printf(" ERROR: mismatch at byte %d\n", i); return FALSE; } } rc = funcs->C_CloseAllSessions(slot_id); if (rc != CKR_OK) { OC_ERR_MSG(" C_CloseAllSessions #1", rc); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_EncryptAES_Multipart_ECB(void){ CK_BYTE original[BIG_REQUEST]; CK_BYTE crypt1[BIG_REQUEST]; CK_BYTE crypt2[BIG_REQUEST]; CK_BYTE decrypt1[BIG_REQUEST]; CK_BYTE decrypt2[BIG_REQUEST]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_ULONG user_pin_len; CK_ULONG i, k, key_size = AES_KEY_SIZE_256; CK_ULONG orig_len; CK_ULONG crypt1_len, crypt2_len, decrypt1_len, decrypt2_len; CK_ULONG tmp; CK_RV rc; CK_ATTRIBUTE key_gen_tmpl[] = { {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG) } }; printf("do_EncryptAES_Multipart_ECB...\n"); slot_id = SlotID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session); if (rc != CKR_OK) { OC_ERR_MSG(" C_OpenSession #1", rc); return FALSE; } memcpy(user_pin, "12345678", 8); user_pin_len = 8; rc = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Login #1", rc); return FALSE; } mech.mechanism = CKM_AES_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate an AES key // rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_GenerateKey #1", rc); return FALSE; } // now, encrypt some data // orig_len = sizeof(original); for (i = 0; i < orig_len; i++) { original[i] = i % 255; } mech.mechanism = CKM_AES_ECB; mech.ulParameterLen = 0; mech.pParameter = NULL; rc = funcs->C_EncryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptInit #1", rc); return FALSE; } // use normal ecb mode to encrypt data1 // crypt1_len = sizeof(crypt1); rc = funcs->C_Encrypt(session, original, orig_len, crypt1, &crypt1_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Encrypt #1", rc); return FALSE; } // use multipart ecb mode to encrypt data2 in 5 byte chunks // rc = funcs->C_EncryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptInit #2", rc); return FALSE; } i = k = 0; crypt2_len = sizeof(crypt2); while (i < orig_len) { CK_ULONG rem = orig_len - i; CK_ULONG chunk; if (rem < 100) chunk = rem; else chunk = 100; tmp = crypt2_len - k; // how much room is left in crypt2? rc = funcs->C_EncryptUpdate(session, &original[i], chunk, &crypt2[k], &tmp); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptUpdate #1", rc); return FALSE; } k += tmp; i += chunk; } crypt2_len = k; // AES-ECB shouldn't return anything for EncryptFinal per the spec // rc = funcs->C_EncryptFinal(session, NULL, &tmp); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptFinal #2", rc); return FALSE; } if (tmp != 0) { printf (" ERROR: DecryptFinal wants to return %d bytes\n", tmp); return FALSE; } if (crypt2_len != crypt1_len) { printf(" ERROR: crypt1_len = %d, crypt2_len = %d\n", crypt1_len, crypt2_len); return FALSE; } // compare both encrypted blocks. they'd better be equal // for (i = 0; i < crypt1_len; i++) { if (crypt1[i] != crypt2[i]) { printf (" ERROR: mismatch. crypt1 != crypt2 at byte %d\n", i); return FALSE; } } // now, decrypt the data // rc = funcs->C_DecryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } decrypt1_len = sizeof(decrypt1); rc = funcs->C_Decrypt(session, crypt1, crypt1_len, decrypt1, &decrypt1_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Decrypt #1", rc); return FALSE; } // use multipart ecb mode to encrypt data2 in 1024 byte chunks // rc = funcs->C_DecryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } i = k = 0; decrypt2_len = sizeof(decrypt2); while (i < crypt1_len) { CK_ULONG rem = crypt1_len - i; CK_ULONG chunk; if (rem < 101) chunk = rem; else chunk = 101; tmp = decrypt2_len - k; rc = funcs->C_DecryptUpdate(session, &crypt1[i], chunk, &decrypt2[k], &tmp); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptUpdate #1", rc); return FALSE; } k += tmp; i += chunk; } decrypt2_len = k; // AES-ECB shouldn't return anything for EncryptFinal per the spec // rc = funcs->C_DecryptFinal(session, NULL, &tmp); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptFinal #2", rc); return FALSE; } if (tmp != 0) { printf (" ERROR: DecryptFinal wants to return %d bytes\n", tmp); return FALSE; } if (decrypt1_len != decrypt2_len) { printf(" ERROR: decrypt1_len = %d, decrypt2_len = %d\n", decrypt1_len, decrypt2_len); return FALSE; } if (decrypt1_len != orig_len) { printf (" ERROR: decrypted lengths = %d, original length = %d\n", decrypt1_len, orig_len); return FALSE; } // compare both decrypted blocks. they'd better be equal // for (i = 0; i < decrypt1_len; i++) { if (decrypt1[i] != decrypt2[i]) { printf (" ERROR: mismatch. decrypt1 != decrypt2 at byte %d\n", i); return FALSE; } } // compare the multi-part decrypted block with the 'control' block // for (i = 0; i < orig_len; i++) { if (original[i] != decrypt1[i]) { printf (" ERROR: decrypted mismatch: original != decrypt at byte %d\n", i); return FALSE; } } rc = funcs->C_CloseAllSessions(slot_id); if (rc != CKR_OK) { OC_ERR_MSG(" C_CloseAllSessions #1", rc); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_EncryptAES_CBC(void){ CK_BYTE data1[BIG_REQUEST]; CK_BYTE data2[BIG_REQUEST]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_ULONG user_pin_len; CK_BYTE init_v[AES_BLOCK_SIZE]; CK_ULONG i, key_size = AES_KEY_SIZE_256; CK_ULONG len1, len2; CK_RV rc; CK_ATTRIBUTE key_gen_tmpl[] = { {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG) } }; printf("do_EncryptAES_CBC...\n"); slot_id = SlotID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session); if (rc != CKR_OK) { OC_ERR_MSG(" C_OpenSession #1", rc); return FALSE; } memcpy(user_pin, "12345678", 8); user_pin_len = 8; rc = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Login #1", rc); return FALSE; } mech.mechanism = CKM_AES_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate an AES key // rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_GenerateKey #1", rc); return FALSE; } // now, encrypt some data // len1 = len2 = BIG_REQUEST; for (i = 0; i < len1; i++) { data1[i] = i % 255; data2[i] = i % 255; } memcpy(init_v, "0123456789abcdef", 8); mech.mechanism = CKM_AES_CBC; mech.ulParameterLen = AES_BLOCK_SIZE; mech.pParameter = init_v; rc = funcs->C_EncryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptInit #1", rc); return FALSE; } rc = funcs->C_Encrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Encrypt #1", rc); return FALSE; } // now, decrypt the data // rc = funcs->C_DecryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } rc = funcs->C_Decrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Decrypt #1", rc); return FALSE; } if (len1 != len2) { printf(" ERROR: lengths don't match\n"); return FALSE; } for (i = 0; i < len1; i++) { if (data1[i] != data2[i]) { printf(" ERROR: mismatch at byte %d\n", i); return FALSE; } } rc = funcs->C_CloseAllSessions(slot_id); if (rc != CKR_OK) { OC_ERR_MSG(" C_CloseAllSessions #1", rc); return FALSE; }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -