📄 aeptok_specific.c
字号:
CK_RV rc; rc = os_specific_rsa_keygen(publ_tmpl,priv_tmpl); if (rc != CKR_OK) st_err_log(91, __FILE__, __LINE__); return rc;}CK_RVtoken_specific_rsa_encrypt( CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, OBJECT * key_obj ){ CK_RV rc; RSA *rsa; int mLen; // Convert the local representation to an RSA representation rsa = (RSA *)rsa_convert_public_key(key_obj, &mLen); if (rsa==NULL) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; goto done; } if ( cryptoki_aep_avail == TRUE && mLen <= max_key_len) { /* use AEP device */ rc = AEP_RSA_public_encrypt(in_data_len, in_data, out_data, rsa); } // The operation will fall back to software if AEP is not available // or the modulus length is greater than allowed. // We do another "if" instead of "else", as the variable // cryptoki_aep_avail might have just been set to FALSE in the // call of AEP_RSA_public_encrypt above !! if ( cryptoki_aep_avail == FALSE || mLen > max_key_len) { /* do it in software */ rc = RSA_public_encrypt(in_data_len, in_data, out_data, rsa, RSA_NO_PADDING); } if (rc != 0) { rc = CKR_OK; } else { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; } // Clean up after ourselves RSA_free(rsa); done: return rc;}CK_RVtoken_specific_rsa_decrypt( CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, OBJECT * key_obj ){ CK_RV rc; RSA *rsa; int mLen; // Convert the local key representation to an RSA key representaion rsa = (RSA *)rsa_convert_private_key(key_obj, &mLen); if (rsa == NULL) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; goto done; } if ( cryptoki_aep_avail == TRUE && mLen <= max_key_len) { /* Use AEP device */ rc =AEP_RSA_private_decrypt(in_data_len, in_data, out_data, rsa); } // The operation will fall back to software if AEP is not available // or the modulus length is greater than allowed. // We do another "if" instead of "else", as the variable // cryptoki_aep_avail might have just been set to FALSE in the // call of AEP_RSA_private_decrypt above !! if ( cryptoki_aep_avail == FALSE || mLen > max_key_len) { /* do it in software */ rc = RSA_private_decrypt(in_data_len, in_data, out_data, rsa, RSA_NO_PADDING); } if (rc != 0) { rc = CKR_OK; } else { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; } // Clean up RSA_free(rsa); done: return rc;}#ifndef NOAESCK_RVtoken_specific_aes_key_gen( CK_BYTE *key, CK_ULONG len ){ return rng_generate(key, len);}CK_RVtoken_specific_aes_ecb( CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len, CK_BYTE *key_value, CK_ULONG key_len, CK_BYTE encrypt){ AES_KEY ssl_aes_key; int i; /* There's a previous check that in_data_len % AES_BLOCK_SIZE == 0, * so this is fine */ CK_ULONG loops = (CK_ULONG)(in_data_len/AES_BLOCK_SIZE); memset( &ssl_aes_key, 0, sizeof(AES_KEY)); // AES_ecb_encrypt encrypts only a single block, so we have to break up the // input data here if (encrypt) { AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key); for( i=0; i<loops; i++ ) { AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE), (unsigned char *)out_data + (i*AES_BLOCK_SIZE), &ssl_aes_key, AES_ENCRYPT); } } else { AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key); for( i=0; i<loops; i++ ) { AES_ecb_encrypt((unsigned char *)in_data + (i*AES_BLOCK_SIZE), (unsigned char *)out_data + (i*AES_BLOCK_SIZE), &ssl_aes_key, AES_DECRYPT); } } *out_data_len = in_data_len; return CKR_OK;}CK_RVtoken_specific_aes_cbc( CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len, CK_BYTE *key_value, CK_ULONG key_len, CK_BYTE *init_v, CK_BYTE encrypt){ AES_KEY ssl_aes_key; int i; memset( &ssl_aes_key, 0, sizeof(AES_KEY)); // AES_cbc_encrypt chunks the data into AES_BLOCK_SIZE blocks, unlike // AES_ecb_encrypt, so no looping required. if (encrypt) { AES_set_encrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key); AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data, in_data_len, &ssl_aes_key, init_v, AES_ENCRYPT); } else { AES_set_decrypt_key((unsigned char *)key_value, (key_len*8), &ssl_aes_key); AES_cbc_encrypt((unsigned char *)in_data, (unsigned char *)out_data, in_data_len, &ssl_aes_key, init_v, AES_DECRYPT); } *out_data_len = in_data_len; return CKR_OK;}#endif // This computes DH shared secret, where:// Output: z is computed shared secret// Input: y is other party's public key// x is private key// p is prime// All length's are in number of bytes. All data comes in as Big Endian. CK_RVtoken_specific_dh_pkcs_derive( CK_BYTE *z, CK_ULONG *z_len, CK_BYTE *y, CK_ULONG y_len, CK_BYTE *x, CK_ULONG x_len, CK_BYTE *p, CK_ULONG p_len){ CK_RV rc ; BIGNUM *bn_z, *bn_y, *bn_x, *bn_p ; BN_CTX *ctx; // Create and Init the BIGNUM structures. bn_y = BN_new() ; bn_x = BN_new() ; bn_p = BN_new() ; bn_z = BN_new() ; if (bn_z == NULL || bn_p == NULL || bn_x == NULL || bn_y == NULL) { if (bn_y) BN_free(bn_y); if (bn_x) BN_free(bn_x); if (bn_p) BN_free(bn_p); if (bn_z) BN_free(bn_z); st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } BN_init(bn_y) ; BN_init(bn_x) ; BN_init(bn_p) ; // Initialize context ctx=BN_CTX_new(); if (ctx == NULL) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // Add data into these new BN structures BN_bin2bn((char *)y, y_len, bn_y); BN_bin2bn((char *)x, x_len, bn_x); BN_bin2bn((char *)p, p_len, bn_p); rc = BN_mod_exp(bn_z,bn_y,bn_x,bn_p,ctx); if (rc == 0) { BN_free(bn_z); BN_free(bn_y); BN_free(bn_x); BN_free(bn_p); BN_CTX_free(ctx); st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } *z_len = BN_num_bytes(bn_z); BN_bn2bin(bn_z, z); BN_free(bn_z); BN_free(bn_y); BN_free(bn_x); BN_free(bn_p); BN_CTX_free(ctx); return CKR_OK; } /* end token_specific_dh_pkcs_derive() */ // This computes DH key pair, where:// Output: priv_tmpl is generated private key// pub_tmpl is computed public key// Input: pub_tmpl is public key (prime and generator)// All length's are in number of bytes. All data comes in as Big Endian.CK_RVtoken_specific_dh_pkcs_key_pair_gen( TEMPLATE * publ_tmpl, TEMPLATE * priv_tmpl ){ CK_BBOOL rc; CK_ATTRIBUTE *prime_attr = NULL; CK_ATTRIBUTE *base_attr = NULL; CK_ATTRIBUTE *temp_attr = NULL ; CK_ATTRIBUTE *value_bits_attr = NULL; CK_BYTE *temp_byte; CK_ULONG temp_bn_len ; DH *dh ; BIGNUM *bn_p ; BIGNUM *bn_g ; BIGNUM *temp_bn ; rc = template_attribute_find( publ_tmpl, CKA_PRIME, &prime_attr ); rc &= template_attribute_find( publ_tmpl, CKA_BASE, &base_attr ); if (rc == FALSE) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } if ((prime_attr->ulValueLen > 256) || (prime_attr->ulValueLen < 64)) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } dh = DH_new() ; if (dh == NULL) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // Create and init BIGNUM structs to stick in the DH struct bn_p = BN_new(); bn_g = BN_new(); if (bn_g == NULL || bn_p == NULL) { if (bn_g) BN_free(bn_g); if (bn_p) BN_free(bn_p); st_err_log(1, __FILE__, __LINE__); return CKR_HOST_MEMORY; } BN_init(bn_p); BN_init(bn_g); // Convert from strings to BIGNUMs and stick them in the DH struct BN_bin2bn((char *)prime_attr->pValue, prime_attr->ulValueLen, bn_p); dh->p = bn_p; BN_bin2bn((char *)base_attr->pValue, base_attr->ulValueLen, bn_g); dh->g = bn_g; // Generate the DH Key if (!DH_generate_key(dh)) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // Extract the public and private key components from the DH struct, // and insert them in the publ_tmpl and priv_tmpl // // pub_key // //temp_bn = BN_new(); temp_bn = dh->pub_key; temp_bn_len = BN_num_bytes(temp_bn); temp_byte = malloc(temp_bn_len); temp_bn_len = BN_bn2bin(temp_bn, temp_byte); rc = build_attribute( CKA_VALUE, temp_byte, temp_bn_len, &temp_attr ); // in bytes if (rc != CKR_OK) { st_err_log(84, __FILE__, __LINE__); return CKR_FUNCTION_FAILED; } template_update_attribute( publ_tmpl, temp_attr ); free(temp_byte); // // priv_key // //temp_bn = BN_new(); temp_bn = dh->priv_key; temp_bn_len = BN_num_bytes(temp_bn); temp_byte = malloc(temp_bn_len); temp_bn_len = BN_bn2bin(temp_bn, temp_byte); rc = build_attribute( CKA_VALUE, temp_byte, temp_bn_len, &temp_attr ); // in bytes if (rc != CKR_OK) { st_err_log(84, __FILE__, __LINE__); return CKR_FUNCTION_FAILED; } template_update_attribute( priv_tmpl, temp_attr ); free(temp_byte); // Update CKA_VALUE_BITS attribute in the private key value_bits_attr = (CK_ATTRIBUTE *)malloc( sizeof(CK_ATTRIBUTE) + sizeof(CK_ULONG) ); value_bits_attr->type = CKA_VALUE_BITS; value_bits_attr->ulValueLen = sizeof(CK_ULONG); value_bits_attr->pValue = (CK_BYTE *)value_bits_attr + sizeof(CK_ATTRIBUTE); *(CK_ULONG *)value_bits_attr->pValue = 8*temp_bn_len; template_update_attribute( priv_tmpl, value_bits_attr ); // Add prime and base to the private key template rc = build_attribute( CKA_PRIME,(char *)prime_attr->pValue, prime_attr->ulValueLen, &temp_attr ); // in bytes if (rc != CKR_OK) { st_err_log(84, __FILE__, __LINE__); return CKR_FUNCTION_FAILED; } template_update_attribute( priv_tmpl, temp_attr ); rc = build_attribute( CKA_BASE,(char *)base_attr->pValue, base_attr->ulValueLen, &temp_attr ); // in bytes if (rc != CKR_OK) { st_err_log(84, __FILE__, __LINE__); return CKR_FUNCTION_FAILED; } template_update_attribute( priv_tmpl, temp_attr ); // Cleanup DH key DH_free(dh) ; return CKR_OK ; } /* end token_specific_dh_key_pair_gen() */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -