📄 des3_func.c
字号:
{ CKA_EXPONENT_1, exp_1, sizeof(exp_1) }, { CKA_EXPONENT_2, exp_2, sizeof(exp_2) }, { CKA_COEFFICIENT, coeff, sizeof(coeff) } }; CK_OBJECT_HANDLE priv_key; CK_BYTE data[1024]; CK_ULONG data_len = sizeof(data); rc = funcs->C_CreateObject( session, tmpl, 10, &priv_key ); if (rc != CKR_OK) { show_error(" C_CreateObject #1", rc ); return FALSE; } rc = funcs->C_WrapKey( session, &mech, w_key, priv_key, data, &data_len ); if (rc != CKR_KEY_NOT_WRAPPABLE) { show_error(" C_WrapKey #2", rc ); printf(" Expected CKR_KEY_NOT_WRAPPABLE\n" ); return FALSE; } } rc = funcs->C_CloseAllSessions( slot_id ); if (rc != CKR_OK) { show_error(" C_CloseAllSessions #1", rc ); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_WrapUnwrapDES3_CBC( void ){ CK_BYTE data1[BIG_REQUEST]; CK_BYTE data2[BIG_REQUEST]; CK_BYTE wrapped_data[3 * DES_BLOCK_SIZE]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_OBJECT_HANDLE w_key; CK_OBJECT_HANDLE uw_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_BYTE init_v[] = { 1,2,3,4,5,6,7,8 }; CK_ULONG user_pin_len; CK_ULONG wrapped_data_len; CK_ULONG i; CK_ULONG len1, len2; CK_RV rc; CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; CK_KEY_TYPE key_type = CKK_DES3; CK_ULONG tmpl_count = 2; CK_ATTRIBUTE template[] = { { CKA_CLASS, &key_class, sizeof(key_class) }, { CKA_KEY_TYPE, &key_type, sizeof(key_type) } }; printf("do_WrapUnwrapDES3_CBC...\n"); slot_id = SLOT_ID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session ); if (rc != CKR_OK) { show_error(" C_OpenSession #1", rc ); return FALSE; } memcpy( user_pin, "12345678", 8 ); user_pin_len = 8; rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len ); if (rc != CKR_OK) { show_error(" C_Login #1", rc ); return FALSE; } mech.mechanism = CKM_DES3_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate a DES key and a wrapping key // rc = funcs->C_GenerateKey( session, &mech, NULL, 0, &h_key ); if (rc != CKR_OK) { show_error(" C_GenerateKey #1", rc ); return FALSE; } rc = funcs->C_GenerateKey( session, &mech, NULL, 0, &w_key ); if (rc != CKR_OK) { show_error(" C_GenerateKey #2", rc ); return FALSE; } // now, encrypt some data // len1 = len2 = BIG_REQUEST; for (i=0; i < len1; i++) { data1[i] = i % 255; data2[i] = i % 255; } mech.mechanism = CKM_DES3_CBC; mech.ulParameterLen = sizeof(init_v); mech.pParameter = init_v; rc = funcs->C_EncryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_EncryptInit #1", rc ); return FALSE; } rc = funcs->C_Encrypt( session, data1, len1, data1, &len1 ); if (rc != CKR_OK) { show_error(" C_Encrypt #1", rc ); return FALSE; } // now, wrap the key. we'll just use the same ECB mechanism // wrapped_data_len = 3 * DES_KEY_LEN; rc = funcs->C_WrapKey( session, &mech, w_key, h_key, (CK_BYTE *)&wrapped_data, &wrapped_data_len ); if (rc != CKR_OK) { show_error(" C_WrapKey #1", rc ); return FALSE; } rc = funcs->C_UnwrapKey( session, &mech, w_key, wrapped_data, wrapped_data_len, template, tmpl_count, &uw_key ); if (rc != CKR_OK) { show_error(" C_UnWrapKey #1", rc ); return FALSE; } // now, decrypt the data using the unwrapped key. // rc = funcs->C_DecryptInit( session, &mech, uw_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } rc = funcs->C_Decrypt( session, data1, len1, data1, &len1 ); if (rc != CKR_OK) { show_error(" C_Decrypt #1", rc ); return FALSE; } if (len1 != len2) { printf(" ERROR: lengths don't match\n"); return FALSE; } for (i=0; i <len1; i++) { if (data1[i] != data2[i]) { printf(" ERROR: mismatch at byte %d\n", i ); return FALSE; } } // now, try to wrap an RSA private key. this should fail. we'll // create a fake key object instead of generating a new one // { CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; CK_KEY_TYPE keytype = CKK_RSA; CK_BYTE modulus[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE publ_exp[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE priv_exp[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE prime_1[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE prime_2[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE exp_1[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE exp_2[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_BYTE coeff[] = { 1,2,3,4,5,6,7,8,9,0 }; CK_ATTRIBUTE tmpl[] = { { CKA_CLASS, &keyclass, sizeof(keyclass) }, { CKA_KEY_TYPE, &keytype, sizeof(keytype) }, { CKA_MODULUS, modulus, sizeof(modulus) }, { CKA_PUBLIC_EXPONENT, publ_exp, sizeof(publ_exp) }, { CKA_PRIVATE_EXPONENT, priv_exp, sizeof(priv_exp) }, { CKA_PRIME_1, prime_1, sizeof(prime_1) }, { CKA_PRIME_2, prime_2, sizeof(prime_2) }, { CKA_EXPONENT_1, exp_1, sizeof(exp_1) }, { CKA_EXPONENT_2, exp_2, sizeof(exp_2) }, { CKA_COEFFICIENT, coeff, sizeof(coeff) } }; CK_OBJECT_HANDLE priv_key; CK_BYTE data[1024]; CK_ULONG data_len = sizeof(data); rc = funcs->C_CreateObject( session, tmpl, 10, &priv_key ); if (rc != CKR_OK) { show_error(" C_CreateObject #1", rc ); return FALSE; } rc = funcs->C_WrapKey( session, &mech, w_key, priv_key, data, &data_len ); if (rc != CKR_KEY_NOT_WRAPPABLE) { show_error(" C_WrapKey #2", rc ); printf(" Expected CKR_KEY_NOT_WRAPPABLE\n" ); return FALSE; } } rc = funcs->C_CloseAllSessions( slot_id ); if (rc != CKR_OK) { show_error(" C_CloseAllSessions #1", rc ); return FALSE; } printf("Looks okay...\n"); return TRUE;}////int do_WrapUnwrapDES3_CBC_PAD( void ){ CK_BYTE original[BIG_REQUEST]; CK_BYTE cipher [BIG_REQUEST + 8]; CK_BYTE decipher[BIG_REQUEST + 8]; CK_BYTE wrapped_data[BIG_REQUEST + 8]; CK_SLOT_ID slot_id; CK_SESSION_HANDLE session; CK_MECHANISM mech; CK_OBJECT_HANDLE h_key; CK_OBJECT_HANDLE w_key; CK_OBJECT_HANDLE uw_key; CK_FLAGS flags; CK_BYTE user_pin[8]; CK_BYTE init_v[] = { 1,2,3,4,5,6,7,8 }; CK_ULONG user_pin_len; CK_ULONG wrapped_data_len; CK_ULONG i; CK_ULONG orig_len, cipher_len, decipher_len; CK_RV rc; CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; CK_KEY_TYPE key_type = CKK_DES3; CK_ULONG tmpl_count = 2; CK_ATTRIBUTE template[] = { { CKA_CLASS, &key_class, sizeof(key_class) }, { CKA_KEY_TYPE, &key_type, sizeof(key_type) } }; printf("do_WrapUnwrapDES3_CBC_PAD...\n"); slot_id = SLOT_ID; flags = CKF_SERIAL_SESSION | CKF_RW_SESSION; rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session ); if (rc != CKR_OK) { show_error(" C_OpenSession #1", rc ); return FALSE; } memcpy( user_pin, "12345678", 8 ); user_pin_len = 8; rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len ); if (rc != CKR_OK) { show_error(" C_Login #1", rc ); return FALSE; } mech.mechanism = CKM_DES3_KEY_GEN; mech.ulParameterLen = 0; mech.pParameter = NULL; // first, generate a DES key and a wrapping key // rc = funcs->C_GenerateKey( session, &mech, NULL, 0, &h_key ); if (rc != CKR_OK) { show_error(" C_GenerateKey #1", rc ); return FALSE; } rc = funcs->C_GenerateKey( session, &mech, NULL, 0, &w_key ); if (rc != CKR_OK) { show_error(" C_GenerateKey #2", rc ); return FALSE; } // now, encrypt some data // orig_len = sizeof(original); for (i=0; i < orig_len; i++) { original[i] = i % 255; } mech.mechanism = CKM_DES3_CBC_PAD; mech.ulParameterLen = sizeof(init_v); mech.pParameter = init_v; rc = funcs->C_EncryptInit( session, &mech, h_key ); if (rc != CKR_OK) { show_error(" C_EncryptInit #1", rc ); return FALSE; } cipher_len = sizeof(cipher); rc = funcs->C_Encrypt( session, original, orig_len, cipher, &cipher_len ); if (rc != CKR_OK) { show_error(" C_Encrypt #1", rc ); return FALSE; } // now, wrap the key. // wrapped_data_len = sizeof(wrapped_data); rc = funcs->C_WrapKey( session, &mech, w_key, h_key, wrapped_data, &wrapped_data_len ); if (rc != CKR_OK) { show_error(" C_WrapKey #1", rc ); return FALSE; } rc = funcs->C_UnwrapKey( session, &mech, w_key, wrapped_data, wrapped_data_len, template, tmpl_count, &uw_key ); if (rc != CKR_OK) { show_error(" C_UnWrapKey #1", rc ); return FALSE; } // now, decrypt the data using the unwrapped key. // rc = funcs->C_DecryptInit( session, &mech, uw_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } decipher_len = sizeof(decipher); rc = funcs->C_Decrypt( session, cipher, cipher_len, decipher, &decipher_len ); if (rc != CKR_OK) { show_error(" C_Decrypt #1", rc ); return FALSE; } if (orig_len != decipher_len) { printf(" ERROR: lengths don't match: %d vs %d\n", orig_len, decipher_len ); return FALSE; } for (i=0; i < orig_len; i++) { if (original[i] != decipher[i]) { printf(" ERROR: mismatch at byte %d\n", i ); return FALSE; } } // we'll generate an RSA keypair here so we can make sure it works // { CK_MECHANISM mech2; CK_OBJECT_HANDLE publ_key, priv_key; CK_ULONG bits = 1024; CK_BYTE pub_exp[] = { 0x3 }; CK_ATTRIBUTE pub_tmpl[] = { {CKA_MODULUS_BITS, &bits, sizeof(bits) }, {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) } }; CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY; CK_KEY_TYPE keytype = CKK_RSA; CK_ATTRIBUTE uw_tmpl[] = { {CKA_CLASS, &keyclass, sizeof(keyclass) }, {CKA_KEY_TYPE, &keytype, sizeof(keytype) } }; mech2.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; mech2.ulParameterLen = 0; mech2.pParameter = NULL; rc = funcs->C_GenerateKeyPair( session, &mech2, pub_tmpl, 2, NULL, 0, &publ_key, &priv_key ); if (rc != CKR_OK) { show_error(" C_GenerateKeyPair #1", rc ); return FALSE; } // now, wrap the key. // wrapped_data_len = sizeof(wrapped_data); rc = funcs->C_WrapKey( session, &mech, w_key, priv_key, wrapped_data, &wrapped_data_len ); if (rc != CKR_OK) { show_error(" C_WrapKey #2", rc ); return FALSE; } rc = funcs->C_UnwrapKey( session, &mech, w_key, wrapped_data, wrapped_data_len, uw_tmpl, 2, &uw_key ); if (rc != CKR_OK) { show_error(" C_UnWrapKey #2", rc ); return FALSE; } // encrypt something with the public key // mech2.mechanism = CKM_RSA_PKCS; mech2.ulParameterLen = 0; mech2.pParameter = NULL; rc = funcs->C_EncryptInit( session, &mech2, publ_key ); if (rc != CKR_OK) { show_error(" C_EncryptInit #2", rc ); return FALSE; } // for RSA operations, keep the input data size smaller than // the modulus // orig_len = 30; cipher_len = sizeof(cipher); rc = funcs->C_Encrypt( session, original, orig_len, cipher, &cipher_len ); if (rc != CKR_OK) { show_error(" C_Encrypt #2", rc ); return FALSE; } // now, decrypt the data using the unwrapped private key. // rc = funcs->C_DecryptInit( session, &mech2, uw_key ); if (rc != CKR_OK) { show_error(" C_DecryptInit #1", rc ); return FALSE; } decipher_len = sizeof(decipher); rc = funcs->C_Decrypt( session, cipher, cipher_len, decipher, &decipher_len ); if (rc != CKR_OK) { show_error(" C_Decrypt #1", rc ); return FALSE; } if (orig_len != decipher_len) { printf(" ERROR: lengths don't match: %d vs %d\n", orig_len, decipher_len ); return FALSE; } for (i=0; i < orig_len; i++) { if (original[i] != decipher[i]) { printf(" ERROR: mismatch at byte %d\n", i ); return FALSE; } } } rc = funcs->C_CloseAllSessions( slot_id ); if (rc != CKR_OK) { show_error(" C_CloseAllSessions #1", rc ); return FALSE; } printf("Looks okay...\n"); return TRUE;}int des3_functions(){ SYSTEMTIME t1, t2; int rc; GetSystemTime(&t1); rc = do_Encrypt3DES_ECB(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); GetSystemTime(&t1); rc = do_Encrypt3DES_CBC(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); GetSystemTime(&t1); rc = do_Encrypt3DES_Multipart_ECB(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); GetSystemTime(&t1); rc = do_Encrypt3DES_Multipart_CBC(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); GetSystemTime(&t1); rc = do_EncryptDES3_Multipart_CBC_PAD(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); GetSystemTime(&t1); rc = do_WrapUnwrapDES3_ECB(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); GetSystemTime(&t1); rc = do_WrapUnwrapDES3_CBC(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); GetSystemTime(&t1); rc = do_WrapUnwrapDES3_CBC_PAD(); if (!rc) return FALSE; GetSystemTime(&t2); process_time( t1, t2 ); return TRUE;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -