📄 aes_func.c
字号:
OC_ERR_MSG(" C_CloseAllSessions #1", rc); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_WrapUnwrapAES_ECB(void){ CK_BYTE data1[BIG_REQUEST]; CK_BYTE data2[BIG_REQUEST]; CK_BYTE sanity[BIG_REQUEST]; CK_BYTE wrapped_data[AES_BLOCK_SIZE]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_OBJECT_HANDLE w_key; CK_OBJECT_HANDLE uw_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_ULONG user_pin_len; CK_ULONG wrapped_data_len; CK_ULONG i, key_size = AES_KEY_SIZE_256; CK_ULONG len1, len2, sanity_len; CK_RV rc; CK_ATTRIBUTE key_gen_tmpl[] = { {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG) } }; CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; CK_KEY_TYPE key_type = CKK_AES; CK_ULONG tmpl_count = 3; CK_ATTRIBUTE template[] = { {CKA_CLASS, &key_class, sizeof(key_class)}, {CKA_KEY_TYPE, &key_type, sizeof(key_type)}, {CKA_VALUE_LEN, &key_size, sizeof(key_size)} }; printf("do_WrapUnwrapAES_ECB...\n"); slot_id = SlotID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session); if (rc != CKR_OK) { OC_ERR_MSG(" C_OpenSession #1", rc); return FALSE; } memcpy(user_pin, "12345678", 8); user_pin_len = 8; rc = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Login #1", rc); return FALSE; } mech.mechanism = CKM_AES_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate an AES key and a wrapping key // rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_GenerateKey #1", rc); return FALSE; } rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_GenerateKey #2", rc); return FALSE; } // now, encrypt some data // sanity_len = len1 = len2 = BIG_REQUEST; for (i = 0; i < len1; i++) { data1[i] = i % 255; data2[i] = i % 255; } mech.mechanism = CKM_AES_ECB; mech.ulParameterLen = 0; mech.pParameter = NULL; rc = funcs->C_EncryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptInit #1", rc); return FALSE; } rc = funcs->C_Encrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Encrypt #1", rc); return FALSE; }#if 0 rc = funcs->C_DecryptInit(session, &mech, h_key); printf("Sanity chec #1: Decrypting using original, unwrapped key.\n"); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } rc = funcs->C_Decrypt(session, data1, len1, sanity, &sanity_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Decrypt #1", rc); return FALSE; } if (sanity_len != len2) { printf(" ERROR: lengths don't match\n"); return FALSE; } for (i = 0; i < len1; i++) { if (sanity[i] != data2[i]) { printf(" Sanity Check #1 Failed. ERROR: mismatch at byte %d\n", i); return FALSE; } } printf("Sanity Check 1 PASSED\n");#endif // now, wrap the key. we'll just use the same ECB mechanism // wrapped_data_len = AES_KEY_LEN; rc = funcs->C_WrapKey(session, &mech, w_key, h_key, (CK_BYTE *) & wrapped_data, &wrapped_data_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_WrapKey #1", rc); return FALSE; }#if 0 rc = funcs->C_DecryptInit(session, &mech, h_key); printf("Sanity Check #2: Decrypting using original, unwrapped key after C_WrapKey.\n"); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } rc = funcs->C_Decrypt(session, data1, len1, sanity, &sanity_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Decrypt #1", rc); return FALSE; } if (sanity_len != len2) { printf(" ERROR: lengths don't match\n"); return FALSE; } for (i = 0; i < len1; i++) { if (sanity[i] != data2[i]) { printf(" Sanity Check #2 failed. ERROR: mismatch at byte %d\n", i); return FALSE; } } printf("Sanity Check 2 PASSED\n");#endif rc = funcs->C_UnwrapKey(session, &mech, w_key, wrapped_data, wrapped_data_len, template, tmpl_count, &uw_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_UnWrapKey #1", rc); return FALSE; } // now, decrypt the data using the unwrapped key. // rc = funcs->C_DecryptInit(session, &mech, uw_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } rc = funcs->C_Decrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Decrypt #1", rc); return FALSE; } if (len1 != len2) { printf(" ERROR: lengths don't match\n"); return FALSE; } for (i = 0; i < len1; i++) { if (data1[i] != data2[i]) { printf("line %d ERROR: mismatch at byte %d\n", __LINE__, i); return FALSE; } } // now, try to wrap an RSA private key. this should fail. we'll // create a fake key object instead of generating a new one // { CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; CK_KEY_TYPE keytype = CKK_RSA; CK_BYTE modulus[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE publ_exp[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE priv_exp[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE prime_1[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE prime_2[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE exp_1[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE exp_2[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE coeff[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &keyclass, sizeof(keyclass)}, {CKA_KEY_TYPE, &keytype, sizeof(keytype)}, {CKA_MODULUS, modulus, sizeof(modulus)}, {CKA_PUBLIC_EXPONENT, publ_exp, sizeof(publ_exp)}, {CKA_PRIVATE_EXPONENT, priv_exp, sizeof(priv_exp)}, {CKA_PRIME_1, prime_1, sizeof(prime_1)}, {CKA_PRIME_2, prime_2, sizeof(prime_2)}, {CKA_EXPONENT_1, exp_1, sizeof(exp_1)}, {CKA_EXPONENT_2, exp_2, sizeof(exp_2)}, {CKA_COEFFICIENT, coeff, sizeof(coeff)} }; CK_OBJECT_HANDLE priv_key; CK_BYTE data[1024]; CK_ULONG data_len = sizeof(data); rc = funcs->C_CreateObject(session, tmpl, 10, &priv_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_CreateObject #1", rc); return FALSE; } rc = funcs->C_WrapKey(session, &mech, w_key, priv_key, data, &data_len); if (rc != CKR_KEY_NOT_WRAPPABLE) { OC_ERR_MSG(" C_WrapKey #2", rc); printf(" Expected CKR_KEY_NOT_WRAPPABLE\n"); return FALSE; } } rc = funcs->C_CloseAllSessions(slot_id); if (rc != CKR_OK) { OC_ERR_MSG(" C_CloseAllSessions #1", rc); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_WrapUnwrapAES_CBC(void){ CK_BYTE data1[BIG_REQUEST]; CK_BYTE data2[BIG_REQUEST]; CK_BYTE wrapped_data[AES_KEY_SIZE_256]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_OBJECT_HANDLE w_key; CK_OBJECT_HANDLE uw_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_BYTE init_v[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 'a', 'b', 'c', 'd', 'e', 'f' }; CK_ULONG user_pin_len; CK_ULONG wrapped_data_len; CK_ULONG i, key_size = AES_KEY_SIZE_256; CK_ULONG len1 = BIG_REQUEST, len2 = BIG_REQUEST; CK_RV rc; CK_ATTRIBUTE key_gen_tmpl[] = { {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG) } }; CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; CK_KEY_TYPE key_type = CKK_AES; CK_ULONG tmpl_count = 3; CK_ATTRIBUTE template[] = { {CKA_CLASS, &key_class, sizeof(key_class)}, {CKA_KEY_TYPE, &key_type, sizeof(key_type)}, {CKA_VALUE_LEN, &key_size, sizeof(key_size)} }; printf("do_WrapUnwrapAES_CBC...\n"); slot_id = SlotID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session); if (rc != CKR_OK) { OC_ERR_MSG(" C_OpenSession #1", rc); return FALSE; } memcpy(user_pin, "12345678", 8); user_pin_len = 8; rc = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_Login #1", rc); return FALSE; } mech.mechanism = CKM_AES_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate an AES key and a wrapping key // rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_GenerateKey #1", rc); return FALSE; } rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_GenerateKey #2", rc); return FALSE; } // now, encrypt some data // for (i = 0; i < len1; i++) { data1[i] = i % 255; data2[i] = i % 255; } mech.mechanism = CKM_AES_CBC; mech.ulParameterLen = sizeof(init_v); mech.pParameter = init_v; rc = funcs->C_EncryptInit(session, &mech, h_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_EncryptInit #1", rc); return FALSE; } rc = funcs->C_Encrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Encrypt #1", rc); return FALSE; } // now, wrap the key. we'll just use the same ECB mechanism // wrapped_data_len = AES_KEY_LEN; rc = funcs->C_WrapKey(session, &mech, w_key, h_key, (CK_BYTE *) & wrapped_data, &wrapped_data_len); if (rc != CKR_OK) { OC_ERR_MSG(" C_WrapKey #1", rc); return FALSE; } rc = funcs->C_UnwrapKey(session, &mech, w_key, wrapped_data, wrapped_data_len, template, tmpl_count, &uw_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_UnWrapKey #1", rc); return FALSE; } // now, decrypt the data using the unwrapped key. // rc = funcs->C_DecryptInit(session, &mech, uw_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_DecryptInit #1", rc); return FALSE; } rc = funcs->C_Decrypt(session, data1, len1, data1, &len1); if (rc != CKR_OK) { OC_ERR_MSG(" C_Decrypt #1", rc); return FALSE; } if (len1 != len2) { printf("line %d ERROR: lengths don't match\n", __LINE__); return FALSE; } for (i = 0; i < len1; i++) { if (data1[i] != data2[i]) { printf("line %d ERROR: mismatch at byte %d\n", __LINE__, i); return FALSE; } } // now, try to wrap an RSA private key. this should fail. we'll // create a fake key object instead of generating a new one // { CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; CK_KEY_TYPE keytype = CKK_RSA; CK_BYTE modulus[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE publ_exp[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE priv_exp[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE prime_1[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE prime_2[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE exp_1[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE exp_2[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_BYTE coeff[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 }; CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &keyclass, sizeof(keyclass)}, {CKA_KEY_TYPE, &keytype, sizeof(keytype)}, {CKA_MODULUS, modulus, sizeof(modulus)}, {CKA_PUBLIC_EXPONENT, publ_exp, sizeof(publ_exp)}, {CKA_PRIVATE_EXPONENT, priv_exp, sizeof(priv_exp)}, {CKA_PRIME_1, prime_1, sizeof(prime_1)}, {CKA_PRIME_2, prime_2, sizeof(prime_2)}, {CKA_EXPONENT_1, exp_1, sizeof(exp_1)}, {CKA_EXPONENT_2, exp_2, sizeof(exp_2)}, {CKA_COEFFICIENT, coeff, sizeof(coeff)} }; CK_OBJECT_HANDLE priv_key; CK_BYTE data[1024]; CK_ULONG data_len = sizeof(data); rc = funcs->C_CreateObject(session, tmpl, 10, &priv_key); if (rc != CKR_OK) { OC_ERR_MSG(" C_CreateObject #1", rc); return FALSE; } rc = funcs->C_WrapKey(session, &mech, w_key, priv_key, data, &data_len); if (rc != CKR_KEY_NOT_WRAPPABLE) { OC_ERR_MSG(" C_WrapKey #2", rc); printf("line %d Expected CKR_KEY_NOT_WRAPPABLE\n", __LINE__); return FALSE; } } rc = funcs->C_CloseAllSessions(slot_id); if (rc != CKR_OK) { OC_ERR_MSG(" C_CloseAllSessions #1", rc); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_WrapUnwrapAES_CBC_PAD(void){ CK_BYTE original[BIG_REQUEST]; CK_BYTE cipher[BIG_REQUEST + AES_BLOCK_SIZE]; CK_BYTE decipher[BIG_REQUEST + AES_BLOCK_SIZE]; CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_OBJECT_HANDLE w_key; CK_OBJECT_HANDLE uw_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_BYTE init_v[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 'a', 'b', 'c', 'd', 'e', 'f' }; CK_ULONG user_pin_len; CK_ULONG wrapped_data_len; CK_ULONG i, key_size = AES_KEY_SIZE_256; CK_ULONG orig_len, cipher_len, decipher_len; CK_RV rc; CK_ATTRIBUTE key_gen_tmpl[] = { {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG) } }; CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; CK_KEY_TYPE key_type = CKK_AES; CK_ULONG tmpl_count = 3; CK_ATTRIBUTE template[] = { {CKA_CLASS, &key_class, sizeof(key_class)}, {CKA_KEY_TYPE, &key_type, sizeof(key_type)}, {CKA_VALUE_LEN, &key_size, sizeof(key_size)} };⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -