sess_mgmt.c

IBM的Linux上的PKCS#11实现

   rc = funcs->C_GetSessionInfo( h1, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #4", rc );
      return FALSE;
   }

   dump_session_info( &info );

   rc = funcs->C_GetSessionInfo( h2, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #5", rc );
      return FALSE;
   }

   dump_session_info( &info );

   //
   // now, create a 3rd RW session.  verify that it is automatically an SO session
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h3 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #6", rc );
      return FALSE;
   }

   rc = funcs->C_GetSessionInfo( h3, &info );
   if (rc != CKR_OK) {
      show_error("   C_GetSessionInfo #6", rc );
      return FALSE;
   }

   dump_session_info( &info );

   //
   // now, try to create a 4th session.  RO this time.  Should fail
   //
   flags = CKF_SERIAL_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &h4 );
   if (rc != CKR_SESSION_READ_WRITE_SO_EXISTS) {
      show_error("   C_OpenSession #6", rc );
      printf("   Expected CKR_SESSION_READ_WRITE_SO_EXISTS\n");
      return FALSE;
   }


   //
   // we're done...close all sessions
   //
   rc = funcs->C_CloseAllSessions( slot_id );
   if (rc != CKR_OK) {
      show_error("   C_CloseAllSessions #2:  %d", rc );
      return FALSE;
   }


   printf("Looks okay...\n");

   return TRUE;
}


//
//
int do_OperationState1( void )
{
   CK_SLOT_ID          slot_id;
   CK_SESSION_HANDLE   session1, session2;
   CK_FLAGS            flags;
   CK_BYTE             user_pin[8];
   CK_ULONG            user_pin_len;
   CK_RV               rc;

   CK_BYTE       original[1024];
   CK_BYTE       crypt1  [1024];
   CK_BYTE       crypt2  [1024];
   CK_BYTE       trash1  [8];
   CK_BYTE       trash2  [8];

   CK_BYTE      *op_state = NULL;
   CK_ULONG      op_state_len;

   CK_ULONG      orig_len, crypt1_len, crypt2_len, trash1_len, trash2_len;
   CK_ULONG      i;

   CK_MECHANISM     mech;
   CK_OBJECT_HANDLE h_key;


   printf("do_OperationState1...\n");
   slot_id = SLOT_ID;

   //
   // here's the goal:
   //
   //  All the hash values should be the same
   //    1) session #1 starts a multi-part encryption
   //    2) save session #1 operation state
   //    3) session #1 passes garbage to encrypt update
   //    4) session #2's operation state is set to what we saved
   //    5) sessoin #2 finishes the encryption operation
   //
   //  Session #2's results should be the same as the single-part version
   //

   // create two USER RW sessions
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session1 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session2 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #2", rc );
      return FALSE;
   }

   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   rc = funcs->C_Login( session1, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   orig_len = sizeof(original);
   for (i=0; i < orig_len; i++)
      original[i] = i % 255;

   trash1_len = sizeof(trash1);
   memcpy( trash1, "asdflkjasdlkjadslkj", trash1_len );


   // first generate a DES key
   //
   mech.mechanism      = CKM_DES_KEY_GEN;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;

   rc = funcs->C_GenerateKey( session1, &mech, NULL, 0, &h_key );
   if (rc != CKR_OK) {
      show_error("   C_GenerateKey #1", rc );
      return FALSE;
   }

   // now encrypt the original data all at once using CBC
   //
   mech.mechanism = CKM_DES_CBC;
   mech.ulParameterLen = 8;
   mech.pParameter     = "87654321";

   rc = funcs->C_EncryptInit( session1, &mech, h_key );
   if (rc != CKR_OK) {
      show_error("   C_EncryptInit #1", rc );
      return FALSE;
   }

   crypt1_len = sizeof(crypt1);
   rc = funcs->C_Encrypt( session1, original, orig_len, crypt1, &crypt1_len );
   if (rc != CKR_OK) {
      show_error("   C_Encrypt #1", rc );
      return FALSE;
   }


   // now, begin encrypting multipart
   //
   rc = funcs->C_EncryptInit( session1, &mech, h_key );
   if (rc != CKR_OK) {
      show_error("   C_EncryptInit #2", rc );
      return FALSE;
   }

   crypt2_len = sizeof(crypt2);
   rc = funcs->C_EncryptUpdate( session1, original,  orig_len / 2,
                                         crypt2,   &crypt2_len );
   if (rc != CKR_OK) {
      show_error("   C_EncryptUpdate #1", rc );
      return FALSE;
   }

   // save session #1's operation state
   //
   rc = funcs->C_GetOperationState( session1, NULL, &op_state_len );
   if (rc != CKR_OK) {
      show_error("   C_GetOperationState #1", rc );
      return FALSE;
   }

   op_state = (CK_BYTE *)malloc(op_state_len);
   if (!op_state) {
      show_error("   HOST MEMORY ERROR", CKR_HOST_MEMORY );
      return FALSE;
   }

   rc = funcs->C_GetOperationState( session1, op_state, &op_state_len );
   if (rc != CKR_OK) {
      show_error("   C_GetOperationState #1", rc );
      return FALSE;
   }

   // now, encrypt some garbage.  this will affect the CBC even if
   // we throw the encrypted garbage away
   //
   trash2_len = sizeof(trash2);
   rc = funcs->C_EncryptUpdate( session1, trash1,  trash1_len,
                                          trash2, &trash2_len );
   if (rc != CKR_OK) {
      show_error("   C_EncryptUpdate #2", rc );
      return FALSE;
   }

   // restore session #1's operation state that we just saved back
   // into session #2 and continue with the encryption
   //
   rc = funcs->C_SetOperationState( session2, op_state, op_state_len,
                                    h_key, 0 );
   if (rc != CKR_OK) {
      show_error("   C_SetOperationState #1", rc );
      return FALSE;
   }

   free( op_state );

   // now, encrypt the rest of the original data
   //
   i = crypt2_len;
   crypt2_len = sizeof(crypt2) - crypt2_len;
   rc = funcs->C_EncryptUpdate( session2,
                                original + orig_len/2,  orig_len/2,
                                crypt2 + i,            &crypt2_len );
   if (rc != CKR_OK) {
      show_error("   C_EncryptUpdate #3", rc );
      return FALSE;
   }

   crypt2_len += i;

   trash2_len = sizeof(trash2);
   rc = funcs->C_EncryptFinal( session2, trash2, &trash2_len );
   if (rc != CKR_OK) {
      show_error("   C_EncryptFinal #1", rc );
      return FALSE;
   }

   if (crypt2_len != crypt1_len) {
      printf("   ERROR:  Lengths don't match\n");
      return FALSE;
   }

   if (memcmp(crypt1, crypt2, crypt1_len) != 0) {
      printf("   ERROR:  crypt1 != crypt2\n");
      return FALSE;
   }

   rc = funcs->C_CloseSession( session1 );
   if (rc != CKR_OK) {
      show_error("   C_CloseSession #1", rc );
      return FALSE;
   }

   rc = funcs->C_CloseSession( session2 );
   if (rc != CKR_OK) {
      show_error("   C_CloseSession #2", rc );
      return FALSE;
   }

   printf("Looks okay...\n");
   return TRUE;
}


//
//
int do_OperationState2( void )
{
   CK_SLOT_ID          slot_id;
   CK_SESSION_HANDLE   session1, session2, session3;
   CK_FLAGS            flags;
   CK_BYTE             user_pin[8];
   CK_ULONG            user_pin_len;
   CK_RV               rc;

   CK_BYTE     original[1024];
   CK_BYTE     digest1[16];
   CK_BYTE     digest2[16];
   CK_BYTE     digest3[16];

   CK_ULONG    orig_len;
   CK_ULONG    digest1_len, digest2_len, digest3_len;

   CK_BYTE    *op_state1 = NULL;
   CK_BYTE    *op_state2 = NULL;
   CK_ULONG    op_state1_len;
   CK_ULONG    op_state2_len;

   CK_ULONG    i;

   CK_MECHANISM   mech;


   printf("do_OperationState2...\n");
   slot_id = SLOT_ID;

   //
   // here's the goal:
   //  1) session #1 digests the first 499 bytes
   //  2) session #2 digests the first 27 bytes
   //  3) session #3 digests the whole thing
   //  3) we save both operation states
   //  4) we set the operation states to the 'other' session thereby
   //     switching sessions.  Session #2 picks up where session #1 was
   //     saved, session #1 picks up where session #2 was saved.
   //  5) session #1 digests the final (1024 - 27) bytes
   //  6) session #2 digests the final (1024 - 499) bytes
   //
   //  All the hash values should be the same
   //

   // create three USER RW sessions
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session1 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      return FALSE;
   }

   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session2 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #2", rc );
      return FALSE;
   }

   rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session3 );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #3", rc );
      return FALSE;
   }

   memcpy( user_pin, "12345678", 8 );
   user_pin_len = 8;

   rc = funcs->C_Login( session1, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      return FALSE;
   }

   orig_len = sizeof(original);
   for (i=0; i < orig_len; i++)
      original[i] = i % 255;

   mech.mechanism      = CKM_MD5;
   mech.pParameter     = NULL;
   mech.ulParameterLen = 0;

   rc = funcs->C_DigestInit( session1, &mech );
   if (rc != CKR_OK) {
      show_error("   C_DigestInit #1", rc );
      return FALSE;
   }

   rc = funcs->C_DigestInit( session2, &mech );
   if (rc != CKR_OK) {
      show_error("   C_DigestInit #2", rc );
      return FALSE;
   }

   rc = funcs->C_DigestInit( session3, &mech );
   if (rc != CKR_OK) {
      show_error("   C_DigestInit #3", rc );
      return FALSE;
   }

   rc = funcs->C_DigestUpdate( session1, original, 499 );
   if (rc != CKR_OK) {
      show_error("   C_DigestUpdate #1", rc );
      return FALSE;
   }

   rc = funcs->C_DigestUpdate( session2, original, 27 );
   if (rc != CKR_OK) {
      show_error("   C_DigestUpdate #2", rc );
      return FALSE;
   }

   orig_len = sizeof(original);
   digest3_len = sizeof(digest3);
   rc = funcs->C_Digest( session3, original,  orig_len,
                                   digest3,  &digest3_len );
   if (rc != CKR_OK) {
      show_error("   C_Digest #1", rc );
      return FALSE;
   }

   // save the operation states of sessions 1 and 2
   //
   rc = funcs->C_GetOperationState( session1, NULL, &op_state1_len );
   if (rc != CKR_OK) {
      show_error("   C_GetOperationState #1", rc );
      return FALSE;
   }
   op_state1 = (CK_BYTE *)malloc(op_state1_len);