📄 ica_specific.c
字号:
for (and_mask = 1; and_mask != 0; and_mask <<= 1) // for each bit, if (byte & and_mask) // if it's a one, ++number_of_ones; // count it return number_of_ones;}#define EVEN_PARITY TRUE#define ODD_PARITY FALSE // adjust_des_key_parity_bits: to conform to NIST spec for DES and 3DES keysvoid adjust_des_key_parity_bits(CK_BYTE *des_key, CK_ULONG key_size, CK_BBOOL parity){ CK_BYTE *des_key_byte; for (des_key_byte = des_key; des_key_byte - des_key < key_size; ++des_key_byte) // look at each byte in the key { if ((count_ones_in_byte(*des_key_byte) % 2) ^ (parity == ODD_PARITY)) { // if parity for this byte isn't what it should be, // flip the parity (least significant) bit *des_key_byte ^= 1; } }}CK_RVtoken_specific_des_key_gen(CK_BYTE *des_key,CK_ULONG len){ // Nothing different to do for DES or TDES here as this is just // random data... Validation handles the rest rng_generate(des_key,len); adjust_des_key_parity_bits(des_key, len, ODD_PARITY); // we really need to validate the key for parity etc... // we should do that here... The caller validates the single des keys // against the known and suspected poor keys..<< return CKR_OK;}CK_RVtoken_specific_des_ecb(CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len, CK_BYTE *key_value, CK_BYTE encrypt){ ICA_DES_VECTOR empty_iv; CK_RV rc; unsigned int _out_data_len = *out_data_len; bzero(&empty_iv,sizeof(empty_iv)); if ( encrypt) { rc = icaDesEncrypt(adapter_handle, (unsigned int)MODE_DES_ECB, (unsigned int)in_data_len, in_data, &empty_iv, (ICA_KEY_DES_SINGLE *)key_value, &_out_data_len, out_data); } else { rc = icaDesDecrypt(adapter_handle, (unsigned int)MODE_DES_ECB, (unsigned int)in_data_len, in_data, &empty_iv, (ICA_KEY_DES_SINGLE *)key_value, &_out_data_len, out_data); } if (rc != 0) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; }else { *out_data_len = in_data_len; rc = CKR_OK; } return rc;}CK_RVtoken_specific_des_cbc(CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len, CK_BYTE *key_value, CK_BYTE *init_v, CK_BYTE encrypt){ CK_RV rc; unsigned int _out_data_len = *out_data_len; if ( encrypt ){ rc = icaDesEncrypt(adapter_handle, (unsigned int)MODE_DES_CBC, (unsigned int)in_data_len, in_data, (ICA_DES_VECTOR *)init_v, (ICA_KEY_DES_SINGLE *)key_value, &_out_data_len, (unsigned char *)out_data); } else { rc = icaDesDecrypt(adapter_handle, (unsigned int)MODE_DES_CBC, (unsigned int)in_data_len, in_data, (ICA_DES_VECTOR *)init_v, (ICA_KEY_DES_SINGLE *)key_value, &_out_data_len, (unsigned char *)out_data); } if (rc != 0) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; }else { *out_data_len = in_data_len; rc = CKR_OK; } return rc;}CK_RVtoken_specific_tdes_ecb(CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len, CK_BYTE *key_value, CK_BYTE encrypt){ ICA_DES_VECTOR empty_iv; CK_RV rc; unsigned int _out_data_len = *out_data_len; bzero(&empty_iv,sizeof(empty_iv)); if ( encrypt) { rc = icaTDesEncrypt(adapter_handle, (unsigned int)MODE_DES_ECB, (unsigned int)in_data_len, in_data, &empty_iv, (ICA_KEY_DES_TRIPLE *)key_value, &_out_data_len, out_data); } else { rc = icaTDesDecrypt(adapter_handle, (unsigned int)MODE_DES_ECB, (unsigned int)in_data_len, in_data, &empty_iv, (ICA_KEY_DES_TRIPLE *)key_value, &_out_data_len, out_data); } if (rc != 0) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; }else { *out_data_len = in_data_len; rc = CKR_OK; } return rc;}CK_RVtoken_specific_tdes_cbc(CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len, CK_BYTE *key_value, CK_BYTE *init_v, CK_BYTE encrypt){ CK_RV rc; unsigned int _out_data_len = *out_data_len; if ( encrypt ){ rc = icaTDesEncrypt((int)adapter_handle, (unsigned int)MODE_DES_CBC, (unsigned int)in_data_len, in_data, (ICA_DES_VECTOR *)init_v, (ICA_KEY_DES_TRIPLE *)key_value, &_out_data_len, (unsigned char *)out_data); } else { rc = icaTDesDecrypt((int)adapter_handle, (unsigned int)MODE_DES_CBC, (unsigned int)in_data_len, in_data, (ICA_DES_VECTOR *)init_v, (ICA_KEY_DES_TRIPLE *)key_value, &_out_data_len, (unsigned char *)out_data); } if (rc != 0) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; }else { *out_data_len = in_data_len; rc = CKR_OK; } return rc;}#ifndef LITE#define LITE#endif// convert from the local PKCS11 template representation to// the underlying requirement// returns the pointer to the local key representationvoid *rsa_convert_public_key( OBJECT * key_obj ){ CK_BBOOL rc; CK_ATTRIBUTE * modulus = NULL; CK_ATTRIBUTE * pub_exp = NULL; ICA_KEY_RSA_MODEXPO *publKey; unsigned char *pkey; unsigned int offset; // So we need to generate the publKey in device specific format every time // we know the modulus is good, and that the pub_exp is good since rc = template_attribute_find( key_obj->template, CKA_MODULUS, &modulus ); rc &= template_attribute_find( key_obj->template, CKA_PUBLIC_EXPONENT, &pub_exp ); if (rc == FALSE) { return NULL; } publKey = (ICA_KEY_RSA_MODEXPO *) malloc(sizeof(ICA_KEY_RSA_MODEXPO)); if (publKey == NULL) { return NULL; } bzero(publKey, sizeof(ICA_KEY_RSA_MODEXPO)); // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12 publKey->keyType = KEYTYPE_MODEXPO; publKey->keyLength = sizeof(ICA_KEY_RSA_MODEXPO); publKey->modulusBitLength = 8 * modulus->ulValueLen; publKey->nLength = modulus->ulValueLen; publKey->expLength = modulus->ulValueLen; offset = (CK_BYTE_PTR) publKey->keyRecord - (CK_BYTE_PTR) publKey; publKey->expOffset = offset; publKey->nOffset = offset + modulus->ulValueLen; pkey = (CK_BYTE_PTR) publKey->keyRecord; pkey += modulus->ulValueLen - pub_exp->ulValueLen; bcopy(pub_exp->pValue, pkey, pub_exp->ulValueLen); pkey += pub_exp->ulValueLen; bcopy(modulus->pValue, pkey, modulus->ulValueLen); return publKey;}void *rsa_convert_private_key(OBJECT *key_obj){ CK_ATTRIBUTE * attr = NULL; CK_ATTRIBUTE * modulus = NULL; CK_ATTRIBUTE * priv_exp = NULL; CK_ATTRIBUTE * prime1 = NULL; CK_ATTRIBUTE * prime2 = NULL; CK_ATTRIBUTE * exp1 = NULL; CK_ATTRIBUTE * exp2 = NULL; CK_ATTRIBUTE * coeff = NULL; CK_BBOOL rc; CK_BYTE_PTR pkey; ICA_KEY_RSA_CRT *privKey; ICA_KEY_RSA_MODEXPO *privModKey; unsigned int offset, pSize, qSize; rc = template_attribute_find( key_obj->template, CKA_MODULUS, &modulus ); rc &= template_attribute_find( key_obj->template, CKA_PRIVATE_EXPONENT, &priv_exp ); rc &= template_attribute_find( key_obj->template, CKA_PRIME_1, &prime1 ); rc &= template_attribute_find( key_obj->template, CKA_PRIME_2, &prime2 ); rc &= template_attribute_find( key_obj->template, CKA_EXPONENT_1, &exp1 ); rc &= template_attribute_find( key_obj->template, CKA_EXPONENT_2, &exp2 ); rc &= template_attribute_find( key_obj->template, CKA_COEFFICIENT, &coeff ); if ( !prime2 && !modulus ){ return NULL; } // CRT key? if ( prime1){ if (!prime2 || !exp1 ||!exp2 || !coeff) { return NULL; } privKey = (ICA_KEY_RSA_CRT *) malloc(sizeof(ICA_KEY_RSA_CRT)); if (privKey == NULL) { return NULL; } bzero(privKey, sizeof(ICA_KEY_RSA_CRT)); // Currently using definition of ICA_KEY_RSA_CRT in NT spec v1.12 // (with nLength and nOffset removed per BEF's e-mail) privKey->keyType = KEYTYPE_PKCSCRT; privKey->keyLength = sizeof(ICA_KEY_RSA_CRT); privKey->modulusBitLength = 8 * modulus->ulValueLen; privKey->pLength = prime1->ulValueLen; privKey->qLength = prime2->ulValueLen; privKey->dpLength = exp1->ulValueLen; privKey->dqLength = exp2->ulValueLen; privKey->qInvLength = coeff->ulValueLen; offset = (CK_BYTE_PTR) privKey->keyRecord - (CK_BYTE_PTR) privKey; qSize = modulus->ulValueLen / 2; pSize = qSize + 8; // 1 QWORD larger privKey->dpOffset = offset; privKey->dqOffset = offset += pSize; privKey->pOffset = offset += qSize; privKey->qOffset = offset += pSize; privKey->qInvOffset = offset + qSize; pkey = (CK_BYTE_PTR) privKey->keyRecord; pkey += pSize - exp1->ulValueLen; bcopy(exp1->pValue, pkey, exp1->ulValueLen);// pkey += exp1->ulValueLen + qSize - exp2->ulValueLen; pkey += exp1->ulValueLen; bcopy(exp2->pValue, pkey, exp2->ulValueLen);// pkey += exp2->ulValueLen + pSize - prime1->ulValueLen; pkey += qSize + pSize - prime1->ulValueLen; bcopy(prime1->pValue, pkey, prime1->ulValueLen);// pkey += prime1->ulValueLen + qSize - prime2->ulValueLen; pkey += prime1->ulValueLen; bcopy(prime2->pValue, pkey, prime2->ulValueLen);// pkey += prime2->ulValueLen + pSize - coeff->ulValueLen; pkey += qSize + pSize - coeff->ulValueLen; bcopy(coeff->pValue, pkey, coeff->ulValueLen); return privKey;// hex_dump_to_file("PRIVATEKEY",(char *)privKey,sizeof(ICA_KEY_RSA_CRT)); } else { // must be a non-CRT key if (!priv_exp) { return NULL; } privModKey = (ICA_KEY_RSA_MODEXPO *) malloc(sizeof(ICA_KEY_RSA_MODEXPO)); if (privModKey == NULL) { return NULL; } bzero(privModKey, sizeof(ICA_KEY_RSA_MODEXPO)); // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12 privModKey->keyType = KEYTYPE_MODEXPO; privModKey->keyLength = sizeof(ICA_KEY_RSA_MODEXPO); privModKey->modulusBitLength = 8 * modulus->ulValueLen; privModKey->nLength = modulus->ulValueLen; privModKey->expLength = modulus->ulValueLen; offset = (CK_BYTE_PTR) privModKey->keyRecord - (CK_BYTE_PTR) privModKey; privModKey->expOffset = offset; privModKey->nOffset = offset + modulus->ulValueLen; pkey = (CK_BYTE_PTR) privModKey->keyRecord; pkey += modulus->ulValueLen - priv_exp->ulValueLen; bcopy(priv_exp->pValue, pkey, priv_exp->ulValueLen); pkey += priv_exp->ulValueLen; bcopy(modulus->pValue, pkey, modulus->ulValueLen); return privModKey; }}//#if (AIX)// This function is only required if public key cryptography// has been selected in your variant set up.// Cryptolite keygen requires this...// Set a mutex in this function and get a cache;// using the ICA device to get random numbers a byte at a// time is VERY slow.. Keygen is gated by this function.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -