📄 ica_specific.c
字号:
publKey = malloc(4096); if ( !publKey) { free(privKey); return CKR_HOST_MEMORY; } publKey = CLiC_rsaMakePublicKey(privKey,pubExp,publKey) ; // let library allocate memory ptr = publKey; // Now fill in the objects.. // // modulus: n // ptr = ptr+3; // skip the first three bytes of the representation rc = build_attribute( CKA_MODULUS, ptr, CLiC_rsaModulusLength(publKey)/8, &attr ); // in bytes if (rc != CKR_OK) goto done; template_update_attribute( publ_tmpl, attr ); // local = TRUE // flag = TRUE; rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr ); if (rc != CKR_OK) goto done; template_update_attribute( publ_tmpl, attr ); // // now, do the private key // // Cheat here and put the whole original key into the CKA_VALUE... remember // to force the system to not return this for RSA keys.. // Add the modulus to the private key information ptr = publKey +3; rc = build_attribute( CKA_MODULUS, ptr, CLiC_rsaModulusLength(publKey)/8, &attr ); // in bytes if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr ); // Stash the local representation of the key for CLiC // rc = build_attribute( CKA_PUBLIC_EXPONENT, publ_exp->pValue, publ_exp->ulValueLen, &attr ); if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr ); // prime #1: p // ptr = privKey+3; // Skip the type and length information) keysize = (mod_bits/2 +7)/8; // need bytes... CRT only... Non Crt would be a different key size rc = build_attribute( CKA_PRIME_1, ptr, keysize, &attr ); if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr ); // prime #2: q // ptr += keysize; rc = build_attribute( CKA_PRIME_2, ptr, keysize, &attr ); if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr ); // exponent 1: d mod(p-1) // ptr += keysize; rc = build_attribute( CKA_EXPONENT_1, ptr, keysize, &attr ); if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr ); // exponent 2: d mod(q-1) // ptr += keysize; rc = build_attribute( CKA_EXPONENT_2, ptr, keysize, &attr ); if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr ); // CRT coefficient: q_inverse mod(p) // ptr += keysize; rc = build_attribute( CKA_COEFFICIENT, ptr, keysize, &attr ); if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr ); flag = TRUE; rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr ); if (rc != CKR_OK) goto done; template_update_attribute( priv_tmpl, attr );done: if (privKey) free(privKey); if (publKey) free(publKey); return rc;}#endif#if (LINUX)CK_RVos_specific_rsa_keygen(TEMPLATE *publ_tmpl, TEMPLATE *priv_tmpl){ CK_ATTRIBUTE * publ_exp = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE * ptr = NULL; CK_BYTE repl_buf[5500]; CK_ULONG req_len, repl_len; CK_ULONG mod_bits; CK_BBOOL flag; CK_RV rc; CK_BYTE_PTR pubExp; CK_BYTE_PTR prdat; // IN format for cryptolite CK_BYTE_PTR pudat; // IN format for cryptolite CK_ULONG keysize; ICA_KEY_RSA_MODEXPO *publKey; ICA_KEY_RSA_CRT *privKey; unsigned int offset, len; unsigned int publKeySize, privKeySize; flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr ); if (!flag) return CKR_TEMPLATE_INCOMPLETE; // should never happen mod_bits = *(CK_ULONG *)attr->pValue; flag = template_attribute_find( publ_tmpl, CKA_PUBLIC_EXPONENT, &publ_exp ); if (!flag) return CKR_TEMPLATE_INCOMPLETE; //jag // we don't support less than 1024 bit keys in the sw if (mod_bits < 256 || mod_bits > 2048) { return CKR_KEY_SIZE_RANGE; } if(publ_exp->ulValueLen > (mod_bits * 8)){ return CKR_DATA_LEN_RANGE; } publKey = (ICA_KEY_RSA_MODEXPO *) malloc(sizeof(ICA_KEY_RSA_MODEXPO)); if (publKey == NULL) { return CKR_HOST_MEMORY; } privKey = (ICA_KEY_RSA_CRT *) malloc(sizeof(ICA_KEY_RSA_CRT)); if (privKey == NULL) { rc = CKR_HOST_MEMORY; goto pubkey_cleanup; } memset(publKey, 0x00, sizeof(ICA_KEY_RSA_MODEXPO)); memset(privKey, 0x00, sizeof(ICA_KEY_RSA_CRT)); // Currently using definition of ICA_KEY_RSA_MODEXPO in NT spec v1.12 keysize = ((mod_bits + 7)/8); /* Linux driver is not using these */ ptr = publKey->keyRecord + keysize - publ_exp->ulValueLen; memcpy(ptr,publ_exp->pValue, publ_exp->ulValueLen); publKeySize = sizeof(ICA_KEY_RSA_MODEXPO); privKeySize = sizeof(ICA_KEY_RSA_CRT); rc = icaRsaKeyGenerateCrt(adapter_handle, (unsigned int)mod_bits, RSA_PUBLIC_FIXED, &publKeySize, (ICA_KEY_RSA_MODEXPO *)publKey, &privKeySize, (ICA_KEY_RSA_CRT *)privKey); if(rc){ rc = CKR_FUNCTION_FAILED; goto privkey_cleanup; } // modulus: n // ptr = (CK_BYTE *)(publKey->keyRecord + keysize); rc = build_attribute( CKA_MODULUS, ptr, keysize, &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( publ_tmpl, attr ); // local = TRUE // flag = TRUE; rc = build_attribute( CKA_LOCAL, &flag, sizeof(CK_BBOOL), &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( publ_tmpl, attr ); // // now, do the private key // // public exponent: e // rc = build_attribute( CKA_PUBLIC_EXPONENT, publ_exp->pValue, publ_exp->ulValueLen, &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( priv_tmpl, attr ); // modulus: n // ptr = (CK_BYTE *)(publKey->keyRecord + keysize); rc = build_attribute( CKA_MODULUS, ptr, keysize, &attr ); if (rc != CKR_OK) return rc; template_update_attribute( priv_tmpl, attr ); /* CRT sizes are smaller */ keysize /= 2; // exponent 1: d mod(p-1) // ptr = (CK_BYTE *)(privKey->keyRecord); rc = build_attribute( CKA_EXPONENT_1, ptr, keysize + 8, &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( priv_tmpl, attr ); // exponent 2: d mod(q-1) // ptr += keysize + 8; rc = build_attribute( CKA_EXPONENT_2, ptr, keysize, &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( priv_tmpl, attr ); // prime #1: p // ptr += keysize; rc = build_attribute( CKA_PRIME_1, ptr, keysize+8, &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( priv_tmpl, attr ); // prime #2: q // ptr += keysize + 8; rc = build_attribute( CKA_PRIME_2, ptr, keysize, &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( priv_tmpl, attr ); // CRT coefficient: q_inverse mod(p) // ptr += keysize; rc = build_attribute( CKA_COEFFICIENT, ptr, keysize + 8, &attr ); if (rc != CKR_OK) goto privkey_cleanup; template_update_attribute( priv_tmpl, attr ); privkey_cleanup: free(privKey); pubkey_cleanup: free(publKey); return rc;}#endif// SAB FIXME this keygen stuff needs to be reworked..////CK_RVtoken_specific_rsa_generate_keypair( TEMPLATE * publ_tmpl, TEMPLATE * priv_tmpl ){ CK_ATTRIBUTE * publ_exp = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE * ptr = NULL; CK_BYTE repl_buf[5500]; CK_ULONG req_len, repl_len; CK_ULONG mod_bits; CK_BBOOL flag; CK_RV rc; rc = os_specific_rsa_keygen(publ_tmpl,priv_tmpl); return rc;}////CK_RVtoken_specific_rsa_encrypt( CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, OBJECT * key_obj ){ CK_ATTRIBUTE * attr = NULL; CK_ATTRIBUTE * modulus = NULL; CK_ATTRIBUTE * pub_exp = NULL; CK_BYTE * ptr = NULL; CK_ULONG buffer[80]; // plenty of room... CK_OBJECT_CLASS keyclass; CK_ULONG req_len, repl_len, key_len; CK_RV rc; CK_ULONG out_data_len; ICA_KEY_RSA_MODEXPO *publKey; unsigned int temp_out_data_len = 0; publKey = (ICA_KEY_RSA_MODEXPO *) rsa_convert_public_key(key_obj); if (publKey == NULL) { rc = CKR_FUNCTION_FAILED; goto done; } temp_out_data_len = (unsigned int)in_data_len; rc = icaRsaModExpo(adapter_handle, (unsigned int)in_data_len, in_data, publKey, &temp_out_data_len, out_data); out_data_len = (CK_ULONG) temp_out_data_len; if (rc != 0) { rc = CKR_FUNCTION_FAILED; } else { rc = CKR_OK; } free(publKey); goto done;done: return rc;}////CK_RVtoken_specific_rsa_decrypt( CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, OBJECT * key_obj )⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -