rsa_func.c

IBM的Linux上的PKCS#11实现

   rc = funcs->C_VerifyInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_VerifyInit #2", rc );
      return FALSE;
   }

   rc = funcs->C_Verify( session, data1, len1, signature, sig_len );
   if (rc != CKR_SIGNATURE_INVALID) {
      show_error("   C_Verify #2", rc );
      printf("   Expected CKR_SIGNATURE_INVALID\n");
      return FALSE;
   }


   // now, try a SignRecover/VerifyRecover operation
   //
   rc = funcs->C_SignRecoverInit( session, &mech, priv_key );
   if (rc != CKR_OK) {
      show_error("   C_SignRecoverInit #1", rc );
      return FALSE;
   }

   sig_len = sizeof(signature);
   rc = funcs->C_SignRecover( session, data1, len1, signature, &sig_len );
   if (rc != CKR_OK) {
      show_error("   C_SignRecover #1", rc );
      return FALSE;
   }

   // now, verify the signature
   //
   rc = funcs->C_VerifyRecoverInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_VerifyRecoverInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_VerifyRecover( session, signature, sig_len, data2, &len2 );
   if (rc != CKR_OK) {
      show_error("   C_VerifyRecover #1", rc );
      return FALSE;
   }

   // X.509 pads by prepending null bytes.  The verify recover operation
   // does not remove the padding.  We have to do it here
   //
   pad_len = len2 - len1;

   if (memcmp(data1, &data2[pad_len], len1) != 0) {
      printf("   ERROR;  data mismatch\n");
      return FALSE;
   }


   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   printf("Looks okay...\n");
   return TRUE;
}


//
//
int do_WrapUnwrapRSA_X509( void )
{
   CK_BYTE             original    [BIG_REQUEST];
   CK_BYTE             crypt       [BIG_REQUEST];
   CK_BYTE             decrypt     [BIG_REQUEST];
   CK_BYTE             wrapped_data[BIG_REQUEST];

   CK_SLOT_ID          slot_id;
   CK_SESSION_HANDLE   session;
   CK_MECHANISM        mech_des, mech_rsa;
   CK_OBJECT_HANDLE    publ_key, priv_key;
   CK_OBJECT_HANDLE    des_key;
   CK_OBJECT_HANDLE    uw_key;
   CK_FLAGS            flags;
   CK_BYTE             user_pin[8];
   CK_ULONG            user_pin_len;
   CK_ULONG            wrapped_data_len;
   CK_ULONG            i;
   CK_ULONG            orig_len, crypt_len, decrypt_len;
   CK_RV               rc;

   CK_OBJECT_CLASS     key_class = CKO_SECRET_KEY;
   CK_KEY_TYPE         key_type  = CKK_DES;
   CK_ATTRIBUTE   des_tmpl[] =
   {
      { CKA_CLASS,     &key_class,  sizeof(key_class) },
      { CKA_KEY_TYPE,  &key_type,   sizeof(key_type)  }
   };

   CK_ULONG  bits = 1024;
   CK_BYTE   pub_exp[] = { 0x3 };
   CK_ATTRIBUTE pub_tmpl[] =
   {
      {CKA_MODULUS_BITS,    &bits,    sizeof(bits)    },
      {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
   };


   printf("do_WrapUnwrapRSA_X509...\n");

   slot_id = SLOT_ID;
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }


   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   mech_des.mechanism      = CKM_DES_KEY_GEN;
   mech_des.ulParameterLen = 0;
   mech_des.pParameter     = NULL;


   // first, generate a DES key and a RSA keypair
   //
   rc = funcs->C_GenerateKey( session, &mech_des, NULL, 0, &des_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKey #1", rc );
      return FALSE;
   }

   mech_rsa.mechanism      = CKM_RSA_PKCS_KEY_PAIR_GEN;
   mech_rsa.ulParameterLen = 0;
   mech_rsa.pParameter     = NULL;

   rc = funcs->C_GenerateKeyPair( session,   &mech_rsa,
                                  pub_tmpl,   2,
                                  NULL,       0,
                                  &publ_key, &priv_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKeyPair #1", rc );
      return FALSE;
   }


   // now, encrypt some data using the DES key
   //
   orig_len = sizeof(original);
   for (i=0; i < orig_len; i++) {
      original[i] = i % 255;
   }

   mech_des.mechanism      = CKM_DES_ECB;
   mech_des.ulParameterLen = 0;
   mech_des.pParameter     = NULL;

   rc = funcs->C_EncryptInit( session, &mech_des, des_key );
   if (rc != CKR_OK) {
      show_error("   C_EncryptInit #1", rc );
      return FALSE;
   }

   crypt_len = sizeof(crypt);
   rc = funcs->C_Encrypt( session, original, orig_len, crypt, &crypt_len );
   if (rc != CKR_OK) {
      show_error("   C_Encrypt #1", rc );
      return FALSE;
   }


   // now, wrap the DES key using the RSA private key
   //
   mech_rsa.mechanism      = CKM_RSA_X_509;
   mech_rsa.ulParameterLen = 0;
   mech_rsa.pParameter     = NULL;

   wrapped_data_len = sizeof(wrapped_data);

   rc = funcs->C_WrapKey( session,         &mech_rsa,
                          publ_key,         des_key,
                         &wrapped_data[0], &wrapped_data_len );
   if (rc != CKR_OK) {
      show_error("   C_WrapKey #1", rc );
      return FALSE;
   }

   // unwrap the DES key using the public key
   //
   rc = funcs->C_UnwrapKey( session,      &mech_rsa,
                            priv_key,
                            wrapped_data, wrapped_data_len,
                            des_tmpl,     2,
                            &uw_key );
   if (rc != CKR_OK) {
      show_error("   C_UnWrapKey #1", rc );
      return FALSE;
   }

   // now, decrypt the data using the unwrapped key.
   //
   rc = funcs->C_DecryptInit( session, &mech_des, uw_key );
   if (rc != CKR_OK) {
      show_error("   C_DecryptInit #1", rc );
      return FALSE;
   }

   decrypt_len = sizeof(decrypt);
   rc = funcs->C_Decrypt( session, crypt, crypt_len, decrypt, &decrypt_len );
   if (rc != CKR_OK) {
      show_error("   C_Decrypt #1", rc );
      return FALSE;
   }

   if (decrypt_len != orig_len) {
      printf("   ERROR:  lengths don't match\n");
      return FALSE;
   }

   for (i=0; i < orig_len; i++) {
      if (original[i] != decrypt[i]) {
         printf("   ERROR:  mismatch at byte %d\n", i );
         return FALSE;
      }
   }


   // now, try to wrap an RSA private key.  this should fail.  we'll
   // create a fake key object instead of generating a new one
   //
   {
      CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
      CK_KEY_TYPE     keytype  = CKK_RSA;

      CK_BYTE  modulus[]   = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  publ_exp[]  = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  priv_exp[]  = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  prime_1[]   = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  prime_2[]   = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  exp_1[]     = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  exp_2[]     = { 1,2,3,4,5,6,7,8,9,0 };
      CK_BYTE  coeff[]     = { 1,2,3,4,5,6,7,8,9,0 };

      CK_ATTRIBUTE  tmpl[] = {
         { CKA_CLASS,           &keyclass, sizeof(keyclass) },
         { CKA_KEY_TYPE,        &keytype,  sizeof(keytype)  },
         { CKA_MODULUS,          modulus,  sizeof(modulus)  },
         { CKA_PUBLIC_EXPONENT,  publ_exp, sizeof(publ_exp) },
         { CKA_PRIVATE_EXPONENT, priv_exp, sizeof(priv_exp) },
         { CKA_PRIME_1,          prime_1,  sizeof(prime_1)  },
         { CKA_PRIME_2,          prime_2,  sizeof(prime_2)  },
         { CKA_EXPONENT_1,       exp_1,    sizeof(exp_1)    },
         { CKA_EXPONENT_2,       exp_2,    sizeof(exp_2)    },
         { CKA_COEFFICIENT,      coeff,    sizeof(coeff)    }
      };
      CK_OBJECT_HANDLE new_priv_key;
      CK_BYTE data[1024];
      CK_ULONG data_len = sizeof(data);


      rc = funcs->C_CreateObject( session, tmpl, 10, &new_priv_key );
      if (rc != CKR_OK) {
         show_error("   C_CreateObject #1", rc );
         return FALSE;
      }

      rc = funcs->C_WrapKey( session,   &mech_rsa,
                             priv_key,   new_priv_key,
                             data,      &data_len );
      if (rc != CKR_KEY_NOT_WRAPPABLE) {
         show_error("   C_WrapKey #2", rc );
         printf("   Expected CKR_KEY_NOT_WRAPPABLE\n" );
         return FALSE;
      }
   }

   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   printf("Looks okay...\n");
   return TRUE;
}


//
//
int do_SignVerifyMD2_RSA_PKCS( void )
{
   CK_BYTE             original[1024];
   CK_BYTE             sig1[256];
   CK_BYTE             sig2[256];
   CK_BYTE             user_pin[8];
   CK_SLOT_ID          slot_id;
   CK_SESSION_HANDLE   session;
   CK_MECHANISM        mech;
   CK_OBJECT_HANDLE    publ_key, priv_key;
   CK_FLAGS            flags;
   CK_ULONG            user_pin_len;
   CK_ULONG            orig_len, sig1_len, sig2_len;
   CK_ULONG            i, remain;
   CK_RV               rc;

   CK_ULONG  bits = 1024;
   CK_BYTE   pub_exp[] = { 0x3 };

   CK_ATTRIBUTE pub_tmpl[] =
   {
      {CKA_MODULUS_BITS,    &bits,    sizeof(bits)    },
      {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
   };

   printf("do_SignVerifyMD2_RSA_PKCS...\n");

   slot_id = SLOT_ID;
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }


   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   mech.mechanism      = CKM_RSA_PKCS_KEY_PAIR_GEN;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;

   rc = funcs->C_GenerateKeyPair( session,   &mech,
                                  pub_tmpl,   2,
                                  NULL,       0,
                                  &publ_key, &priv_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKeyPair #1", rc );
      return FALSE;
   }

   // now, sign/verify some data
   //
   orig_len = sizeof(original);
   for (i=0; i < orig_len; i++)
      original[i] = i % 255;

   mech.mechanism      = CKM_MD2_RSA_PKCS;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;

   rc = funcs->C_SignInit( session, &mech, priv_key );
   if (rc != CKR_OK) {
      show_error("   C_SignInit #1", rc );
      return FALSE;
   }

   sig1_len = sizeof(sig1);
   rc = funcs->C_Sign( session, original, orig_len, sig1, &sig1_len );
   if (rc != CKR_OK) {
      show_error("   C_Sign #1", rc );
      return FALSE;
   }

   rc = funcs->C_SignInit( session, &mech, priv_key );
   if (rc != CKR_OK) {
      show_error("   C_SignInit #2", rc );
      return FALSE;
   }

   remain = orig_len;
   for (i=0; i < 1024; i += 53) {
      int amt;

      if (remain < 53)
         amt = remain;
      else
         amt = 53;

      rc = funcs->C_SignUpdate( session, &original[orig_len - remain], amt );
      if (rc != CKR_OK) {
         show_error("   C_SignUpdate #1", rc );
         printf("   Iteration:  i = %d\n", i );
         return FALSE;
      }

      remain -= amt;
   }

   sig2_len = sizeof(sig2);
   rc = funcs->C_SignFinal( session, sig2, &sig2_len );
   if (rc != CKR_OK) {
      show_error("   C_SignFinal #1", rc );
      return FALSE;
   }

   if (sig1_len != sig2_len) {
      printf("   ERROR:  signature lengths don't match\n");
      return FALSE;
   }

   if (memcmp(sig1, sig2, sig1_len) != 0) {
      printf("   ERROR:  signatures don't match\n");
      return FALSE;
   }


   // now, verify the signature
   //
   rc = funcs->C_VerifyInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_VerifyInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_Verify( session, original, orig_len, sig1, sig1_len );
   if (rc != CKR_OK) {
      show_error("   C_Verify #1", rc );
      return FALSE;
   }


   rc = funcs->C_VerifyInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_VerifyInit #2", rc );
      return FALSE;
   }

   remain = orig_len;
   for (i=0; i < 1024; i += 53) {
      int amt;

      if (remain < 53)
         amt = remain;
      else
         amt = 53;

      rc = funcs->C_VerifyUpdate( session, &original[orig_len - remain], amt );
      if (rc != CKR_OK) {
         show_error("   C_VerifyUpdate #1", rc );
         printf("   Iteration:  i = %d\n", i );
         return FALSE;
      }

      remain -= amt;
   }

   rc = funcs->C_VerifyFinal( session, sig1, sig1_len );
   if (rc != CKR_OK) {
      show_error("   C_VerifyFinal #1", rc );
      return FALSE;
   }


   // now, corrupt the signature and try to re-verify.
   //
   sig1[50] = sig1[50] + 1;

   rc = funcs->C_VerifyInit( session, &mech, publ_key );
   if (rc != CKR_OK) {
      show_error("   C_VerifyInit #2", rc );
      return FALSE;
   }

   rc = funcs->C_Verify( session, original, orig_len, sig1, sig1_len );
   if (rc != CKR_SIGNATURE_INVALID) {
      show_error("   C_Verify #2", rc );
      printf("   Expected CKR_SIGNATURE_INVALID\n");
      return FALSE;
   }

   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #1", rc );
      return FALSE;
   }

   printf("Looks okay...\n");
   return TRUE;
}


//
//