rsa_func.c

IBM的Linux上的PKCS#11实现

   sig_len = sizeof(signature);
   rc = funcs->C_SignRecover( session, data1, len1, signature, &sig_len );
   if (rc != CKR_OK) {
      show_error("   C_SignRecover #1", rc );
      return FALSE;
   }

   // now, verify the signature
   //
   rc = funcs->C_VerifyRecoverInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_VerifyRecoverInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_VerifyRecover( session, signature, sig_len, data2, &len2 );
   if (rc != CKR_OK) {
      show_error("   C_VerifyRecover #1", rc );
      return FALSE;
   }

   if (len1 != len2) {
      printf("   ERROR:  recovered length mismatch\n");
      return FALSE;
   }

   if (memcmp(data1, data2, len1) != 0) {
      printf("   ERROR;  data mismatch\n");
      return FALSE;
   }




   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   printf("Looks okay...\n");
   return TRUE;
}


//
//
int do_WrapUnwrapRSA_PKCS( void )
{
   CK_BYTE             original    [BIG_REQUEST];
   CK_BYTE             crypt       [BIG_REQUEST];
   CK_BYTE             decrypt     [BIG_REQUEST];
   CK_BYTE             wrapped_data[BIG_REQUEST];

   CK_SLOT_ID          slot_id;
   CK_SESSION_HANDLE   session;
   CK_MECHANISM        mech_des, mech_rsa;
   CK_OBJECT_HANDLE    publ_key, priv_key;
   CK_OBJECT_HANDLE    des_key;
   CK_OBJECT_HANDLE    uw_key;
   CK_FLAGS            flags;
   CK_BYTE             user_pin[8];
   CK_ULONG            user_pin_len;
   CK_ULONG            wrapped_data_len;
   CK_ULONG            i;
   CK_ULONG            orig_len, crypt_len, decrypt_len;
   CK_RV               rc;

   CK_OBJECT_CLASS     key_class = CKO_SECRET_KEY;
   CK_KEY_TYPE         key_type  = CKK_DES;
   CK_ATTRIBUTE   des_tmpl[] =
   {
      { CKA_CLASS,     &key_class,  sizeof(key_class) },
      { CKA_KEY_TYPE,  &key_type,   sizeof(key_type)  }
   };

   CK_ULONG  bits = 1024;
   CK_BYTE   pub_exp[] = { 0x3 };
   CK_ATTRIBUTE pub_tmpl[] =
   {
      {CKA_MODULUS_BITS,    &bits,    sizeof(bits)    },
      {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
   };


   printf("do_WrapUnwrapRSA_PKCS...\n");

   slot_id = SLOT_ID;
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }


   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   mech_des.mechanism      = CKM_DES_KEY_GEN;
   mech_des.ulParameterLen = 0;
   mech_des.pParameter     = NULL;


   // first, generate a DES key and a RSA keypair
   //
   rc = funcs->C_GenerateKey( session, &mech_des, NULL, 0, &des_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKey #1", rc );
      return FALSE;
   }

   mech_rsa.mechanism      = CKM_RSA_PKCS_KEY_PAIR_GEN;
   mech_rsa.ulParameterLen = 0;
   mech_rsa.pParameter     = NULL;

   rc = funcs->C_GenerateKeyPair( session,   &mech_rsa,
                                  pub_tmpl,   2,
                                  NULL,       0,
                                  &publ_key, &priv_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKeyPair #1", rc );
      return FALSE;
   }


   // now, encrypt some data using the DES key
   //
   orig_len = sizeof(original);
   for (i=0; i < orig_len; i++) {
      original[i] = i % 255;
   }

   mech_des.mechanism      = CKM_DES_ECB;
   mech_des.ulParameterLen = 0;
   mech_des.pParameter     = NULL;

   rc = funcs->C_EncryptInit( session, &mech_des, des_key );
   if (rc != CKR_OK) {
      show_error("   C_EncryptInit #1", rc );
      return FALSE;
   }

   crypt_len = sizeof(crypt);
   rc = funcs->C_Encrypt( session, original, orig_len, crypt, &crypt_len );
   if (rc != CKR_OK) {
      show_error("   C_Encrypt #1", rc );
      return FALSE;
   }


   // now, wrap the DES key using the RSA private key
   //
   mech_rsa.mechanism      = CKM_RSA_PKCS;
   mech_rsa.ulParameterLen = 0;
   mech_rsa.pParameter     = NULL;

   wrapped_data_len = sizeof(wrapped_data);

   rc = funcs->C_WrapKey( session,         &mech_rsa,
                          publ_key,         des_key,
                         &wrapped_data[0], &wrapped_data_len );
   if (rc != CKR_OK) {
      show_error("   C_WrapKey #1", rc );
      return FALSE;
   }

   // unwrap the DES key using the public key
   //
   rc = funcs->C_UnwrapKey( session,      &mech_rsa,
                            priv_key,
                            wrapped_data, wrapped_data_len,
                            des_tmpl,     2,
                            &uw_key );
   if (rc != CKR_OK) {
      show_error("   C_UnWrapKey #1", rc );
      return FALSE;
   }

   // now, decrypt the data using the unwrapped key.
   //
   rc = funcs->C_DecryptInit( session, &mech_des, uw_key );
   if (rc != CKR_OK) {
      show_error("   C_DecryptInit #1", rc );
      return FALSE;
   }

   decrypt_len = sizeof(decrypt);
   rc = funcs->C_Decrypt( session, crypt, crypt_len, decrypt, &decrypt_len );
   if (rc != CKR_OK) {
      show_error("   C_Decrypt #1", rc );
      return FALSE;
   }

   if (decrypt_len != orig_len) {
      printf("   ERROR:  lengths don't match\n");
      return FALSE;
   }

   for (i=0; i < orig_len; i++) {
      if (original[i] != decrypt[i]) {
         printf("   ERROR:  mismatch at byte %d\n", i );
         return FALSE;
      }
   }


   // now, try to wrap an RSA private key.  this should fail.  we'll
   // create a fake key object instead of generating a new one
   //
   {
      CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
      CK_KEY_TYPE     keytype  = CKK_RSA;

      CK_BYTE  modulus[]   = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  publ_exp[]  = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  priv_exp[]  = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  prime_1[]   = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  prime_2[]   = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  exp_1[]     = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  exp_2[]     = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  coeff[]     = { 1,2,3,4,5,6,7,8,9,0 };

      CK_ATTRIBUTE  tmpl[] = {
         { CKA_CLASS,           &keyclass, sizeof(keyclass) },
         { CKA_KEY_TYPE,        &keytype,  sizeof(keytype)  },
         { CKA_MODULUS,          modulus,  sizeof(modulus)  },
         { CKA_PUBLIC_EXPONENT,  publ_exp, sizeof(publ_exp) },
         { CKA_PRIVATE_EXPONENT, priv_exp, sizeof(priv_exp) },
         { CKA_PRIME_1,          prime_1,  sizeof(prime_1)  },
         { CKA_PRIME_2,          prime_2,  sizeof(prime_2)  },
         { CKA_EXPONENT_1,       exp_1,    sizeof(exp_1)    },
         { CKA_EXPONENT_2,       exp_2,    sizeof(exp_2)    },
         { CKA_COEFFICIENT,      coeff,    sizeof(coeff)    }
      };
      CK_OBJECT_HANDLE new_priv_key;
      CK_BYTE data[1024];
      CK_ULONG data_len = sizeof(data);


      rc = funcs->C_CreateObject( session, tmpl, 10, &new_priv_key );
      if (rc != CKR_OK) {
         show_error("   C_CreateObject #1", rc );
         return FALSE;
      }

      rc = funcs->C_WrapKey( session,   &mech_rsa,
                             priv_key,   new_priv_key,
                             data,      &data_len );
      if (rc != CKR_KEY_NOT_WRAPPABLE) {
         show_error("   C_WrapKey #2", rc );
         printf("   Expected CKR_KEY_NOT_WRAPPABLE\n" );
         return FALSE;
      }
   }

   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   printf("Looks okay...\n");
   return TRUE;
}


//
//
int do_EncryptRSA_X509( void )
{
   CK_BYTE             data1[100];
   CK_BYTE             data2[256];
   CK_BYTE             cipher[256];
   CK_SLOT_ID          slot_id;
   CK_SESSION_HANDLE   session;
   CK_MECHANISM        mech;
   CK_OBJECT_HANDLE    publ_key, priv_key;
   CK_FLAGS            flags;
   CK_BYTE             user_pin[8];
   CK_ULONG            user_pin_len;
   CK_ULONG            i;
   CK_ULONG            len1, len2, cipherlen, pad_len;
   CK_RV               rc;

   CK_ULONG  bits = 1024;
   CK_BYTE   pub_exp[] = { 0x3 };

   CK_ATTRIBUTE pub_tmpl[] =
   {
      {CKA_MODULUS_BITS,    &bits,    sizeof(bits)    },
      {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
   };

   printf("do_EncryptRSA_X509...\n");

   slot_id = SLOT_ID;
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }


   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   mech.mechanism      = CKM_RSA_PKCS_KEY_PAIR_GEN;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;

   rc = funcs->C_GenerateKeyPair( session,   &mech,
                                  pub_tmpl,   2,
                                  NULL,       0,
                                  &publ_key, &priv_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKeyPair #1", rc );
      return FALSE;
   }

   // now, encrypt some data
   //
   len1      = sizeof(data1);
   len2      = sizeof(data2);
   cipherlen = sizeof(cipher);

   for (i=0; i < len1; i++)
      data1[i] = i % 255;

   mech.mechanism      = CKM_RSA_X_509;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;

   rc = funcs->C_EncryptInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_EncryptInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_Encrypt( session, data1, len1, cipher, &cipherlen );
   if (rc != CKR_OK) {
      show_error("   C_Encrypt #1", rc );
      return FALSE;
   }

   // now, decrypt the data
   //
   rc = funcs->C_DecryptInit( session, &mech, priv_key );
   if (rc != CKR_OK) {
      show_error("   C_DecryptInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_Decrypt( session, cipher, cipherlen, data2, &len2 );
   if (rc != CKR_OK) {
      show_error("   C_Decrypt #1", rc );
      return FALSE;
   }

   // X509 prepads with zero bytes.  Decrypting does not remove the
   // padding according to the standard so we need to skip the padding
   // here
   //
   pad_len = len2 - len1;

   if (memcmp(data1, &data2[pad_len], len1) != 0) {
      printf("   ERROR:  mismatch at byte %d\n", i );
      return FALSE;
   }

   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   printf("Looks okay...\n");
   return TRUE;
}


//
//
int do_SignRSA_X509( void )
{
   CK_BYTE             data1[100];
   CK_BYTE             data2[256];
   CK_BYTE             signature[256];
   CK_SLOT_ID          slot_id;
   CK_SESSION_HANDLE   session;
   CK_MECHANISM        mech;
   CK_OBJECT_HANDLE    publ_key, priv_key;
   CK_FLAGS            flags;
   CK_BYTE             user_pin[8];
   CK_ULONG            user_pin_len;
   CK_ULONG            i, pad_len;
   CK_ULONG            len1, len2, sig_len;
   CK_RV               rc;

   CK_ULONG  bits = 1024;
   CK_BYTE   pub_exp[] = { 0x3 };

   CK_ATTRIBUTE pub_tmpl[] =
   {
      {CKA_MODULUS_BITS,    &bits,    sizeof(bits)    },
      {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
   };

   printf("do_SignRSA_PKCS...\n");

   slot_id = SLOT_ID;
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }


   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   mech.mechanism      = CKM_RSA_PKCS_KEY_PAIR_GEN;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;

   rc = funcs->C_GenerateKeyPair( session,   &mech,
                                  pub_tmpl,   2,
                                  NULL,       0,
                                  &publ_key, &priv_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKeyPair #1", rc );
      return FALSE;
   }

   // now, encrypt some data
   //
   len1 = sizeof(data1);
   len2 = sizeof(data2);
   sig_len = sizeof(signature);

   for (i=0; i < len1; i++)
      data1[i] = i % 255;

   mech.mechanism      = CKM_RSA_X_509;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;

   rc = funcs->C_SignInit( session, &mech, priv_key );
   if (rc != CKR_OK) {
      show_error("   C_SignInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_Sign( session, data1, len1, signature, &sig_len );
   if (rc != CKR_OK) {
      show_error("   C_Sign #1", rc );
      return FALSE;
   }

   // now, verify the signature
   //
   rc = funcs->C_VerifyInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_VerifyInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_Verify( session, data1, len1, signature, sig_len );
   if (rc != CKR_OK) {
      show_error("   C_Verify #1", rc );
      return FALSE;
   }

   // now, corrupt the signature and try to re-verify.
   //
   signature[50] = signature[50] + 1;