📄 des3_func.c
字号:
// use multipart cbc mode to encrypt data2 in 1024 byte chunks // rc = funcs->C_EncryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_EncryptInit #2", rc ); return FALSE; } i = k = 0; crypt2_len = sizeof(crypt2); while (i < orig_len) { CK_ULONG rem = orig_len - i; CK_ULONG chunk; if (rem < 100) chunk = rem; else chunk = 100; tmp = crypt2_len - k; // how much room is left in crypt2? rc = funcs->C_EncryptUpdate( session, &original[i], chunk, &crypt2[k], &tmp ); if (rc != CKR_OK) { show_error(" C_EncryptUpdate #1", rc ); return FALSE; } k += tmp; i += chunk; } crypt2_len = k; rc = funcs->C_EncryptFinal( session, NULL, &tmp ); if (rc != CKR_OK) { show_error(" C_EncryptFinal #2", rc ); return FALSE; } if (tmp != 0) { printf(" ERROR: EncryptFinal wants to return %d bytes\n", tmp ); return FALSE; } if (crypt2_len != crypt1_len) { printf(" ERROR: crypt1_len = %d, crypt2_len = %d\n", crypt1_len, crypt2_len ); return FALSE; } // compare both encrypted blocks. they'd better be equal // for (i=0; i < crypt1_len; i++) { if (crypt1[i] != crypt2[i]) { printf(" ERROR: mismatch. crypt1 != crypt2 at byte %d\n", i ); return FALSE; } } // now, decrypt the data // rc = funcs->C_DecryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } decrypt1_len = sizeof(decrypt1); rc = funcs->C_Decrypt( session, crypt1, crypt1_len, decrypt1, &decrypt1_len ); if (rc != CKR_OK) { show_error(" C_Decrypt #1", rc ); return FALSE; } // use multipart cbc mode to encrypt data2 in 1024 byte chunks // rc = funcs->C_DecryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } i = k = 0; decrypt2_len = sizeof(decrypt2); while (i < crypt1_len) { CK_ULONG rem = crypt1_len - i; CK_ULONG chunk; if (rem < 101) chunk = rem; else chunk = 101; tmp = decrypt2_len - k; rc = funcs->C_DecryptUpdate( session, &crypt1[i], chunk, &decrypt2[k], &tmp ); if (rc != CKR_OK) { show_error(" C_DecryptUpdate #1", rc ); return FALSE; } k += tmp; i += chunk; } decrypt2_len = k; rc = funcs->C_DecryptFinal( session, NULL, &tmp ); if (rc != CKR_OK) { show_error(" C_DecryptFinal #2", rc ); return FALSE; } if (tmp != 0) { printf(" ERROR: DecryptFinal wants to return %d bytes\n", tmp ); return FALSE; } if (decrypt2_len != decrypt1_len) { printf(" ERROR: decrypt1_len = %d, decrypt2_len = %d\n", decrypt1_len, decrypt2_len ); return FALSE; } // compare both decrypted blocks. they'd better be equal // for (i=0; i < decrypt1_len; i++) { if (crypt1[i] != crypt2[i]) { printf(" ERROR: mismatch. decrypt1 != decrypt2 at byte %d\n", i ); return FALSE; } } // compare the multi-part decrypted block with the 'control' block // for (i=0; i < orig_len; i++) { if (original[i] != decrypt1[i]) { printf(" ERROR: decrypted mismatch: original != decrypt at byte %d\n", i ); return FALSE; } } rc = funcs->C_CloseAllSessions( slot_id ); if (rc != CKR_OK) { show_error(" C_CloseAllSessions #1", rc ); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_EncryptDES3_Multipart_CBC_PAD( void ){ CK_BYTE original[BIG_REQUEST]; CK_BYTE crypt1[BIG_REQUEST + 8]; // account for padding CK_BYTE crypt2[BIG_REQUEST + 8]; // account for padding CK_BYTE decrypt1[BIG_REQUEST + 8]; // account for padding CK_BYTE decrypt2[BIG_REQUEST + 8]; // account for padding CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_FLAGS flags; CK_BYTE init_v[8]; CK_BYTE user_pin[8]; CK_ULONG user_pin_len; CK_ULONG i, k; CK_ULONG orig_len, crypt1_len, crypt2_len, decrypt1_len, decrypt2_len; CK_RV rc; printf("do_EncryptDES3_Multipart_CBC_PAD...\n"); slot_id = SLOT_ID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session ); if (rc != CKR_OK) { show_error(" C_OpenSession #1", rc ); return FALSE; } memcpy( user_pin, "12345678", 8 ); user_pin_len = 8; rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len ); if (rc != CKR_OK) { show_error(" C_Login #1", rc ); return FALSE; } mech.mechanism = CKM_DES3_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate a DES key // rc = funcs->C_GenerateKey( session, &mech, NULL, 0, &h_key ); if (rc != CKR_OK) { show_error(" C_GenerateKey #1", rc ); return FALSE; } // now, encrypt some data // orig_len = sizeof(original); for (i=0; i < orig_len; i++) { original[i] = i % 255; } memcpy( init_v, "12345678", 8 ); mech.mechanism = CKM_DES3_CBC_PAD; mech.ulParameterLen = 8; mech.pParameter = init_v; rc = funcs->C_EncryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_EncryptInit #1", rc ); return FALSE; } // use normal ecb mode to encrypt data1 // crypt1_len = sizeof(crypt1); rc = funcs->C_Encrypt( session, original, orig_len, crypt1, &crypt1_len ); if (rc != CKR_OK) { show_error(" C_Encrypt #1", rc ); return FALSE; } // use multipart cbc mode to encrypt data2 in chunks // rc = funcs->C_EncryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_EncryptInit #2", rc ); return FALSE; } i = k = 0; crypt2_len = sizeof(crypt2); while (i < orig_len) { CK_ULONG rem = orig_len - i; CK_ULONG chunk, len; if (rem < 100) chunk = rem; else chunk = 100; len = crypt2_len - k; rc = funcs->C_EncryptUpdate( session, &original[i], chunk, &crypt2[k], &len ); if (rc != CKR_OK) { show_error(" C_EncryptUpdate #1", rc ); return FALSE; } k += len; i += chunk; } crypt2_len = sizeof(crypt2) - k; rc = funcs->C_EncryptFinal( session, &crypt2[k], &crypt2_len ); if (rc != CKR_OK) { show_error(" C_EncryptFinal #2", rc ); return FALSE; } crypt2_len += k; if (crypt2_len != crypt1_len) { printf(" ERROR: encrypted lengths don't match\n"); printf(" crypt2_len == %d, crypt1_len == %d\n", crypt2_len, crypt1_len ); return FALSE; } // compare both encrypted blocks. they'd better be equal // for (i=0; i < crypt2_len; i++) { if (crypt1[i] != crypt2[i]) { printf(" ERROR: encrypted mismatch: crypt1 != crypt2 at byte %d\n", i ); return FALSE; } } // now, decrypt the data // rc = funcs->C_DecryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } decrypt1_len = sizeof(decrypt1); rc = funcs->C_Decrypt( session, crypt1, crypt1_len, decrypt1, &decrypt1_len ); if (rc != CKR_OK) { show_error(" C_Decrypt #1", rc ); return FALSE; } // use multipart cbc mode to encrypt data2 in 1024 byte chunks // rc = funcs->C_DecryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } i = k = 0; decrypt2_len = sizeof(decrypt2); while (i < crypt2_len) { CK_ULONG rem = crypt2_len - i; CK_ULONG chunk, len; if (rem < 101) chunk = rem; else chunk = 101; len = decrypt2_len - k; rc = funcs->C_DecryptUpdate( session, &crypt2[i], chunk, &decrypt2[k], &len ); if (rc != CKR_OK) { show_error(" C_DecryptUpdate #1", rc ); return FALSE; } k += len; i += chunk; } decrypt2_len = sizeof(decrypt2) - k; rc = funcs->C_DecryptFinal( session, &decrypt2[k], &decrypt2_len ); if (rc != CKR_OK) { show_error(" C_DecryptFinal #2", rc ); return FALSE; } decrypt2_len += k; if (decrypt2_len != decrypt1_len) { printf(" ERROR: decrypted lengths don't match\n"); printf(" decrypt1_len == %d, decrypt2_len == %d\n", decrypt1_len, decrypt2_len ); return FALSE; } if (decrypt2_len != orig_len) { printf(" ERROR: decrypted lengths don't match the original\n"); printf(" decrypt_len == %d, orig_len == %d\n", decrypt1_len, orig_len ); return FALSE; } // compare both decrypted blocks. they'd better be equal // for (i=0; i < decrypt1_len; i++) { if (decrypt1[i] != decrypt2[i]) { printf(" ERROR: decrypted mismatch: data1 != data2 at byte %d\n", i ); return FALSE; } } // compare the multi-part decrypted block with the 'control' block // for (i=0; i < orig_len; i++) { if (original[i] != decrypt2[i]) { printf(" ERROR: decrypted mismatch: original != decrypted at byte %d\n", i ); return FALSE; } } rc = funcs->C_CloseAllSessions( slot_id ); if (rc != CKR_OK) { show_error(" C_CloseAllSessions #1", rc ); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_WrapUnwrapDES3_ECB( void ){ CK_BYTE data1[BIG_REQUEST]; CK_BYTE data2[BIG_REQUEST]; CK_BYTE wrapped_data[3 * DES_BLOCK_SIZE]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_OBJECT_HANDLE w_key; CK_OBJECT_HANDLE uw_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_ULONG user_pin_len; CK_ULONG wrapped_data_len; CK_ULONG i; CK_ULONG len1, len2; CK_RV rc; CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; CK_KEY_TYPE key_type = CKK_DES3; CK_ULONG tmpl_count = 2; CK_ATTRIBUTE template[] = { { CKA_CLASS, &key_class, sizeof(key_class) }, { CKA_KEY_TYPE, &key_type, sizeof(key_type) } }; printf("do_WrapUnwrapDES3_ECB...\n"); slot_id = SLOT_ID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session ); if (rc != CKR_OK) { show_error(" C_OpenSession #1", rc ); return FALSE; } memcpy( user_pin, "12345678", 8 ); user_pin_len = 8; rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len ); if (rc != CKR_OK) { show_error(" C_Login #1", rc ); return FALSE; } mech.mechanism = CKM_DES3_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate a DES key and a wrapping key // rc = funcs->C_GenerateKey( session, &mech, NULL, 0, &h_key ); if (rc != CKR_OK) { show_error(" C_GenerateKey #1", rc ); return FALSE; } rc = funcs->C_GenerateKey( session, &mech, NULL, 0, &w_key ); if (rc != CKR_OK) { show_error(" C_GenerateKey #2", rc ); return FALSE; } // now, encrypt some data // len1 = len2 = BIG_REQUEST; for (i=0; i < len1; i++) { data1[i] = i % 255; data2[i] = i % 255; } mech.mechanism = CKM_DES3_ECB; mech.ulParameterLen = 0; mech.pParameter = NULL; rc = funcs->C_EncryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_EncryptInit #1", rc ); return FALSE; } rc = funcs->C_Encrypt( session, data1, len1, data1, &len1 ); if (rc != CKR_OK) { show_error(" C_Encrypt #1", rc ); return FALSE; } // now, wrap the key. we'll just use the same ECB mechanism // wrapped_data_len = 3 * DES_KEY_LEN; rc = funcs->C_WrapKey( session, &mech, w_key, h_key, (CK_BYTE *)&wrapped_data, &wrapped_data_len ); if (rc != CKR_OK) { show_error(" C_WrapKey #1", rc ); return FALSE; } rc = funcs->C_UnwrapKey( session, &mech, w_key, wrapped_data, wrapped_data_len, template, tmpl_count, &uw_key ); if (rc != CKR_OK) { show_error(" C_UnWrapKey #1", rc ); return FALSE; } // now, decrypt the data using the unwrapped key. // rc = funcs->C_DecryptInit( session, &mech, uw_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } rc = funcs->C_Decrypt( session, data1, len1, data1, &len1 ); if (rc != CKR_OK) { show_error(" C_Decrypt #1", rc ); return FALSE; } if (len1 != len2) { printf(" ERROR: lengths don't match\n"); return FALSE; } for (i=0; i <len1; i++) { if (data1[i] != data2[i]) { printf(" ERROR: mismatch at byte %d\n", i ); return FALSE; } } // now, try to wrap an RSA private key. this should fail. we'll // create a fake key object instead of generating a new one // { CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; CK_KEY_TYPE keytype = CKK_RSA; CK_BYTE modulus[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE publ_exp[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE priv_exp[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE prime_1[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE prime_2[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE exp_1[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE exp_2[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE coeff[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &keyclass, sizeof(keyclass) }, { CKA_KEY_TYPE, &keytype, sizeof(keytype) }, { CKA_MODULUS, modulus, sizeof(modulus) }, { CKA_PUBLIC_EXPONENT, publ_exp, sizeof(publ_exp) }, { CKA_PRIVATE_EXPONENT, priv_exp, sizeof(priv_exp) }, { CKA_PRIME_1, prime_1, sizeof(prime_1) }, { CKA_PRIME_2, prime_2, sizeof(prime_2) },⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -