⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 obj_mgmt.c

📁 IBM的Linux上的PKCS#11实现
💻 C
📖 第 1 页 / 共 3 页
字号:
🔍
123 
   user_pin_len = 8;   slot_id = SLOT_ID;   // create a USER R/W session   //   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h_session );   if (rc != CKR_OK) {      show_error("   C_OpenSession #1", rc );      return FALSE;   }   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );   if (rc != CKR_OK) {      show_error("   C_Login #1", rc );      return FALSE;   }   // create the object   //   rc = funcs->C_CreateObject( h_session, cert_attribs, 6, &h_cert );   if (rc != CKR_OK) {      show_error("   C_CreateObject #1", rc );      return FALSE;   }   // Add CKA_SERIAL_NUMBER and CKA_ISSUER and change the existing CKA_ID   //   rc = funcs->C_SetAttributeValue( h_session, h_cert, update_attr, 3 );   if (rc != CKR_OK) {      show_error("   C_SetAttributeValue #1", rc );      return FALSE;   }   else {      CK_BYTE       buf1[100];      CK_BYTE       buf2[100];      CK_BYTE       buf3[100];      CK_ATTRIBUTE  check1[] =      {         {CKA_ISSUER,        &buf1, sizeof(buf1)},         {CKA_SERIAL_NUMBER, &buf2, sizeof(buf2)},         {CKA_ID,            &buf3, sizeof(buf3)}      };      rc = funcs->C_GetAttributeValue( h_session, h_cert, (CK_ATTRIBUTE *)&check1, 3 );      if (rc != CKR_OK) {         show_error("   C_GetAttributeValue #1", rc );         return FALSE;      }      if (memcmp(check1[0].pValue, cert_issuer, check1[0].ulValueLen) != 0) {         printf("   ERROR : CKA_ISSUER doesn't match\n");         return FALSE;      }      if (memcmp(check1[1].pValue, cert_ser_no, check1[1].ulValueLen) != 0) {         printf("   ERROR : CKA_SERIAL_NUMBER doesn't match\n");         return FALSE;      }      if (memcmp(check1[2].pValue, cert_id2, check1[2].ulValueLen) != 0) {         printf("   ERROR : CKA_ID doesn't match\n");         return FALSE;      }   }   // the next template tries to update a CK_ID (valid) and CKA_VALUE (read-only)   // the entire operation should fail -- no attributes should get modified   //   rc = funcs->C_SetAttributeValue( h_session, h_cert, invalid_attr, 2 );   if (rc != CKR_ATTRIBUTE_READ_ONLY) {      show_error("   C_SetAttributeValue #2", rc );      printf("   Expected CKR_ATTRIBUTE_READ_ONLY\n");      return FALSE;   }   else {      CK_BYTE       buf1[100];      CK_ATTRIBUTE  check1[] =      {         {CKA_ID, &buf1, sizeof(buf1)}      };      rc = funcs->C_GetAttributeValue( h_session, h_cert, check1, 1 );      if (rc != CKR_OK) {         show_error("   C_GetAttributeValue #2", rc );         return FALSE;      }      if (memcmp(check1[0].pValue, cert_id2, check1[0].ulValueLen) != 0) {         printf("   ERROR : CKA_ID doesn't match cert_id2\n");         return FALSE;      }   }   // done...close the session and verify the object is deleted   //   rc = funcs->C_CloseAllSessions( slot_id );   if (rc != CKR_OK) {      show_error("   C_CloseAllSessions #1:  %d", rc );      return FALSE;   }   printf("Looks okay...\n");   return TRUE;}// do_FindObjects()//// 1) Create 3 certificates with different CKA_ID attributes// 2) Search for a particular CKA_ID.  Verify this works.// 3) Search for a non-existant CKA_ID.  Verify this returns nothing.// 4) Specify an empty template.  Verify that all 3 objects are returned.////int do_FindObjects( void ){   CK_SLOT_ID        slot_id;   CK_FLAGS          flags;   CK_SESSION_HANDLE h_session;   CK_RV             rc;   CK_BYTE           user_pin[8];   CK_ULONG          user_pin_len;   CK_BYTE           false = FALSE;   CK_OBJECT_HANDLE    h_cert1;   CK_OBJECT_CLASS     cert1_class         = CKO_CERTIFICATE;   CK_CERTIFICATE_TYPE cert1_type          = CKC_X_509;   CK_BYTE             cert1_subject[]     = "Certificate subject #1";   CK_BYTE             cert1_id[]          = "Certificate ID #1";   CK_BYTE             cert1_value[]       = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";   CK_ATTRIBUTE        cert1_attribs[] =   {       {CKA_CLASS,            &cert1_class,       sizeof(cert1_class)   },       {CKA_TOKEN,            &false,             sizeof(false)         },       {CKA_CERTIFICATE_TYPE, &cert1_type,        sizeof(cert1_type)    },       {CKA_SUBJECT,          &cert1_subject,     sizeof(cert1_subject) },       {CKA_ID,               &cert1_id,          sizeof(cert1_id)      },       {CKA_VALUE,            &cert1_value,       sizeof(cert1_value)   }   };   CK_OBJECT_HANDLE    h_cert2;   CK_OBJECT_CLASS     cert2_class        = CKO_CERTIFICATE;   CK_CERTIFICATE_TYPE cert2_type         = CKC_X_509;   CK_BYTE             cert2_subject[]    = "Certificate subject #2";   CK_BYTE             cert2_id[]         = "Certificate ID #2";   CK_BYTE             cert2_value[]      = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";   CK_ATTRIBUTE        cert2_attribs[] =   {       {CKA_CLASS,            &cert2_class,       sizeof(cert2_class)   },       {CKA_TOKEN,            &false,             sizeof(false)         },       {CKA_CERTIFICATE_TYPE, &cert2_type,        sizeof(cert2_type)    },       {CKA_SUBJECT,          &cert2_subject,     sizeof(cert2_subject) },       {CKA_ID,               &cert2_id,          sizeof(cert2_id)      },       {CKA_VALUE,            &cert2_value,       sizeof(cert2_value)   }   };   CK_OBJECT_HANDLE    h_cert3;   CK_OBJECT_CLASS     cert3_class        = CKO_CERTIFICATE;   CK_CERTIFICATE_TYPE cert3_type         = CKC_X_509;   CK_BYTE             cert3_subject[]    = "Certificate subject #3";   CK_BYTE             cert3_id[]         = "Certificate ID #3";   CK_BYTE             cert3_value[]      = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";   CK_ATTRIBUTE        cert3_attribs[] =   {       {CKA_CLASS,            &cert3_class,       sizeof(cert3_class)   },       {CKA_TOKEN,            &false,             sizeof(false)         },       {CKA_CERTIFICATE_TYPE, &cert3_type,        sizeof(cert3_type)    },       {CKA_SUBJECT,          &cert3_subject,     sizeof(cert3_subject) },       {CKA_ID,               &cert3_id,          sizeof(cert3_id)      },       {CKA_VALUE,            &cert3_value,       sizeof(cert3_value)   }   };   CK_BYTE  find1_id[] = "Certificate ID #2";   CK_ATTRIBUTE   find1_attribs[] =   {       {CKA_ID, &find1_id,  sizeof(find1_id)}   };   CK_BYTE  find2_id[] = "Certificate ID #12345";   CK_ATTRIBUTE   find2_attribs[] =   {       {CKA_ID, &find2_id,  sizeof(find2_id)}   };   CK_OBJECT_HANDLE  obj_list[10];   CK_ULONG          find_count;   printf("do_FindObjects...\n");   memcpy( user_pin, "12345678", 8 );   user_pin_len = 8;   slot_id = SLOT_ID;   // create a USER R/W session   //   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h_session );   if (rc != CKR_OK) {      show_error("   C_OpenSession #1", rc );      return FALSE;   }   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );   if (rc != CKR_OK) {      show_error("   C_Login #1", rc );      return FALSE;   }   // create the objects   //   rc = funcs->C_CreateObject( h_session, cert1_attribs, 6, &h_cert1 );   if (rc != CKR_OK) {      show_error("   C_CreateObject #1", rc );      return FALSE;   }   rc = funcs->C_CreateObject( h_session, cert2_attribs, 6, &h_cert2 );   if (rc != CKR_OK) {      show_error("   C_CreateObject #2", rc );      return FALSE;   }   rc = funcs->C_CreateObject( h_session, cert3_attribs, 6, &h_cert3 );   if (rc != CKR_OK) {      show_error("   C_CreateObject #3", rc );      return FALSE;   }   //   //---------------------------------------------------------------------   //   // now, search for the 2nd objects   //   rc = funcs->C_FindObjectsInit( h_session, find1_attribs, 1 );   if (rc != CKR_OK) {      show_error("   C_FindObjectsInit #1", rc );      return FALSE;   }   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );   if (rc != CKR_OK) {      show_error("   C_FindObjects #1", rc );      return FALSE;   }   if (find_count != 1) {      printf("   ERROR:  C_FindObjects #1 should have found 1 object!\n");      printf("           it found %d objects\n", find_count);      return FALSE;   }   if (obj_list[0] != h_cert2) {      printf("   ERROR:  C_FindObjects #1 found the wrong object!");      return FALSE;   }   rc = funcs->C_FindObjectsFinal( h_session );   if (rc != CKR_OK) {      show_error("   C_FindObjectsFinal #1", rc );      return FALSE;   }   //   //---------------------------------------------------------------------   //   // now, search for a non-existant object   //   rc = funcs->C_FindObjectsInit( h_session, find2_attribs, 1 );   if (rc != CKR_OK) {      show_error("   C_FindObjectsInit #2", rc );      return FALSE;   }   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );   if (rc != CKR_OK) {      show_error("   C_FindObjects #2", rc );      return FALSE;   }   if (find_count != 0) {      printf("   ERROR:  C_FindObjects #2 should have found 0 object!\n");      printf("           it found %d objects\n", find_count);      return FALSE;   }   rc = funcs->C_FindObjectsFinal( h_session );   if (rc != CKR_OK) {      show_error("   C_FindObjectsFinal #2", rc );      return FALSE;   }   //   //---------------------------------------------------------------------   //   // now, try to retrieve a list of all the objects   //   rc = funcs->C_FindObjectsInit( h_session, NULL, 0 );   if (rc != CKR_OK) {      show_error("   C_FindObjectsInit #3", rc );      return FALSE;   }   rc = funcs->C_FindObjects( h_session, obj_list, 10, &find_count );   if (rc != CKR_OK) {      show_error("   C_FindObjects #3", rc );      return FALSE;   }   if (find_count != 3) {      printf("   ERROR:  C_FindObjects #3 should have found 3 objects!\n");      printf("           it found %d objects\n", find_count);      return FALSE;   }   rc = funcs->C_FindObjectsFinal( h_session );   if (rc != CKR_OK) {      show_error("   C_FindObjectsFinal #3", rc );      return FALSE;   }   //   //---------------------------------------------------------------------   //   // done...close the session and verify the object is deleted   //   rc = funcs->C_CloseAllSessions( slot_id );   if (rc != CKR_OK) {      show_error("   C_CloseAllSessions #1", rc );      return FALSE;   }   printf("Looks okay...\n");   return TRUE;}// do_CreateTokenObjects()////  1) Create 3 certificates as PUBLIC token objects//  2) Search for a particular CKA_ID.  Verify that this works.//  3) Do FindObjects with a NULL template.  Verify that all 3 token objects//     are found.//  4) Search for a particular CKA_ID.  Verify it works.//  5) Search for a non-existant CKA_ID.  Verify it returns nothing.//  6) Close all sessions.  Then create a new session.//  7) Do FindObjects with a NULL template.  Verify that all 3 token objects//     are found.//  8) Search for a particular CKA_ID.  Verify it works.//  9) Search for a non-existant CKA_ID.  Verify it returns nothing.// 10) Destroy all 3 token objects// 11) Do FindObjects with a NULL template.  Verify that nothing is returned.//int do_CreateTokenObjects( void ){   CK_SLOT_ID        slot_id;   CK_FLAGS          flags;   CK_SESSION_HANDLE h_session;   CK_RV             rc;   CK_BYTE           user_pin[8];   CK_ULONG          user_pin_len;   CK_BYTE           true = TRUE;   CK_BYTE           false = FALSE;   CK_OBJECT_HANDLE    h_cert1;   CK_OBJECT_CLASS     cert1_class         = CKO_CERTIFICATE;   CK_CERTIFICATE_TYPE cert1_type          = CKC_X_509;   CK_BYTE             cert1_subject[]     = "Certificate subject #1";   CK_BYTE             cert1_id[]          = "Certificate ID #1";   CK_BYTE             cert1_value[]       = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";   CK_ATTRIBUTE        cert1_attribs[] =   {       {CKA_CLASS,            &cert1_class,       sizeof(cert1_class)   },       {CKA_TOKEN,            &true,              sizeof(true)          },       {CKA_CERTIFICATE_TYPE, &cert1_type,        sizeof(cert1_type)    },       {CKA_SUBJECT,          &cert1_subject,     sizeof(cert1_subject) },       {CKA_ID,               &cert1_id,          sizeof(cert1_id)      },       {CKA_VALUE,            &cert1_value,       sizeof(cert1_value)   },       {CKA_PRIVATE,          &false,             sizeof(false)         }   };   CK_OBJECT_HANDLE    h_cert2;   CK_OBJECT_CLASS     cert2_class        = CKO_CERTIFICATE;   CK_CERTIFICATE_TYPE cert2_type         = CKC_X_509;   CK_BYTE             cert2_subject[]    = "Certificate subject #2";   CK_BYTE             cert2_id[]         = "Certificate ID #2";   CK_BYTE             cert2_value[]      = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";   CK_ATTRIBUTE        cert2_attribs[] =   {       {CKA_CLASS,            &cert2_class,       sizeof(cert2_class)   },       {CKA_TOKEN,            &true,              sizeof(true)          },       {CKA_CERTIFICATE_TYPE, &cert2_type,        sizeof(cert2_type)    },       {CKA_SUBJECT,          &cert2_subject,     sizeof(cert2_subject) },       {CKA_ID,               &cert2_id,          sizeof(cert2_id)      },       {CKA_VALUE,            &cert2_value,       sizeof(cert2_value)   },       {CKA_PRIVATE,          &false,             sizeof(false)         }   };   CK_OBJECT_HANDLE    h_cert3;
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -