📄 mech_aes.c
字号:
if (!sess || !ctx || !out_data_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // CKM_DES3_ECB requires the input data to be an integral // multiple of the block size // if (in_data_len % AES_BLOCK_SIZE != 0){ st_err_log(112, __FILE__, __LINE__); return CKR_ENCRYPTED_DATA_LEN_RANGE; } rc = object_mgr_find_in_map1( ctx->key, &key ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); return rc; } rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } keytype = *(CK_KEY_TYPE *)attr->pValue; rc = template_attribute_find( key->template, CKA_VALUE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } memcpy( key_value, attr->pValue, attr->ulValueLen ); if (length_only == TRUE) { *out_data_len = in_data_len; return CKR_OK; } if (*out_data_len < in_data_len) { *out_data_len = in_data_len; st_err_log(111, __FILE__, __LINE__); return CKR_BUFFER_TOO_SMALL; } return ckm_aes_ecb_decrypt( in_data, in_data_len, out_data, out_data_len, key_value, attr->ulValueLen );}////CK_RVaes_cbc_encrypt( SESSION *sess, CK_BBOOL length_only, ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len){ OBJECT *key = NULL; CK_ATTRIBUTE *attr = NULL; CK_BYTE key_value[AES_KEY_SIZE_256]; CK_KEY_TYPE keytype; CK_RV rc; if (!sess || !ctx || !out_data_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // CKM_DES3_CBC requires the input data to be an integral // multiple of the block size // if (in_data_len % AES_BLOCK_SIZE != 0){ st_err_log(11, __FILE__, __LINE__); return CKR_DATA_LEN_RANGE; } rc = object_mgr_find_in_map1( ctx->key, &key ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); return rc; } rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } keytype = *(CK_KEY_TYPE *)attr->pValue; rc = template_attribute_find( key->template, CKA_VALUE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } memcpy( key_value, attr->pValue, attr->ulValueLen ); if (length_only == TRUE) { *out_data_len = in_data_len; return CKR_OK; } if (*out_data_len < in_data_len) { *out_data_len = in_data_len; st_err_log(111, __FILE__, __LINE__); return CKR_BUFFER_TOO_SMALL; } return ckm_aes_cbc_encrypt( in_data, in_data_len, out_data, out_data_len, ctx->mech.pParameter, key_value, attr->ulValueLen );}////CK_RVaes_cbc_decrypt( SESSION *sess, CK_BBOOL length_only, ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len){ OBJECT *key = NULL; CK_ATTRIBUTE *attr = NULL; CK_BYTE key_value[AES_KEY_SIZE_256]; CK_KEY_TYPE keytype; CK_RV rc; if (!sess || !ctx || !out_data_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // CKM_DES3_CBC requires the input data to be an integral // multiple of the block size // if (in_data_len % AES_BLOCK_SIZE != 0){ st_err_log(112, __FILE__, __LINE__); return CKR_ENCRYPTED_DATA_LEN_RANGE; } rc = object_mgr_find_in_map1( ctx->key, &key ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); return rc; } rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } keytype = *(CK_KEY_TYPE *)attr->pValue; rc = template_attribute_find( key->template, CKA_VALUE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } memcpy( key_value, attr->pValue, attr->ulValueLen ); if (length_only == TRUE) { *out_data_len = in_data_len; return CKR_OK; } if (*out_data_len < in_data_len) { *out_data_len = in_data_len; st_err_log(111, __FILE__, __LINE__); return CKR_BUFFER_TOO_SMALL; } return ckm_aes_cbc_decrypt( in_data, in_data_len, out_data, out_data_len, ctx->mech.pParameter, key_value, attr->ulValueLen );}////CK_RVaes_cbc_pad_encrypt( SESSION *sess, CK_BBOOL length_only, ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len){ OBJECT *key = NULL; CK_ATTRIBUTE *attr = NULL; CK_BYTE *clear = NULL; CK_BYTE key_value[AES_KEY_SIZE_256]; CK_KEY_TYPE keytype; CK_ULONG padded_len; CK_RV rc; if (!sess || !ctx || !out_data_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // DES3-CBC-PAD has no input length requirements // rc = object_mgr_find_in_map1( ctx->key, &key ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); return rc; } rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } keytype = *(CK_KEY_TYPE *)attr->pValue; rc = template_attribute_find( key->template, CKA_VALUE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } memcpy( key_value, attr->pValue, attr->ulValueLen ); // compute the output length, accounting for padding // padded_len = AES_BLOCK_SIZE * (in_data_len / AES_BLOCK_SIZE + 1); if (length_only == TRUE) { *out_data_len = padded_len; return CKR_OK; } if (*out_data_len < padded_len) { *out_data_len = padded_len; st_err_log(111, __FILE__, __LINE__); return CKR_BUFFER_TOO_SMALL; } clear = (CK_BYTE *)malloc( padded_len ); if (!clear){ st_err_log(0, __FILE__, __LINE__); return CKR_HOST_MEMORY; } memcpy( clear, in_data, in_data_len ); add_pkcs_padding( clear + in_data_len, AES_BLOCK_SIZE, in_data_len, padded_len ); rc = ckm_aes_cbc_encrypt( clear, padded_len, out_data, out_data_len, ctx->mech.pParameter, key_value, attr->ulValueLen ); if (rc != CKR_OK) st_err_log(105, __FILE__, __LINE__); free( clear ); return rc;}////CK_RVaes_cbc_pad_decrypt( SESSION *sess, CK_BBOOL length_only, ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len){ OBJECT *key = NULL; CK_ATTRIBUTE *attr = NULL; CK_BYTE *clear = NULL; CK_BYTE key_value[AES_KEY_SIZE_256]; CK_KEY_TYPE keytype; CK_ULONG padded_len; CK_RV rc; if (!sess || !ctx || !out_data_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // // no need to validate the input length since we'll pad as necessary // rc = object_mgr_find_in_map1( ctx->key, &key ); if (rc != CKR_OK){ st_err_log(110, __FILE__, __LINE__); return rc; } rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } keytype = *(CK_KEY_TYPE *)attr->pValue; rc = template_attribute_find( key->template, CKA_VALUE, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } memcpy( key_value, attr->pValue, attr->ulValueLen ); // we're decrypting so even with CBC-PAD, we should have an integral // number of block to decrypt // if (in_data_len % AES_BLOCK_SIZE != 0){ st_err_log(112, __FILE__, __LINE__); return CKR_ENCRYPTED_DATA_LEN_RANGE; } // the amount of cleartext after stripping the padding will actually be less // than the input bytes... // padded_len = in_data_len; if (length_only == TRUE) { *out_data_len = padded_len; return CKR_OK; } clear = (CK_BYTE *)malloc( padded_len ); if (!clear){ st_err_log(0, __FILE__, __LINE__); return CKR_HOST_MEMORY; } rc = ckm_aes_cbc_decrypt( in_data, in_data_len, clear, &padded_len, ctx->mech.pParameter, key_value, attr->ulValueLen ); if (rc == CKR_OK) { strip_pkcs_padding( clear, padded_len, out_data_len ); memcpy( out_data, clear, *out_data_len ); } else st_err_log(106, __FILE__, __LINE__); free( clear ); return rc;}////CK_RVaes_ecb_encrypt_update( SESSION *sess, CK_BBOOL length_only, ENCR_DECR_CONTEXT *ctx, CK_BYTE *in_data, CK_ULONG in_data_len, CK_BYTE *out_data, CK_ULONG *out_data_len ){ AES_CONTEXT * context = NULL; CK_ATTRIBUTE * attr = NULL; OBJECT * key = NULL; CK_BYTE * clear = NULL; CK_BYTE key_value[AES_KEY_SIZE_256]; CK_KEY_TYPE keytype; CK_ULONG total, remain, out_len; CK_RV rc; if (!sess || !ctx || !out_data_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } context = (AES_CONTEXT *)ctx->context; total = (context->len + in_data_len); if (total < AES_BLOCK_SIZE) { if (length_only == FALSE) { memcpy( context->data + context->len, in_data, in_data_len ); context->len += in_data_len; } *out_data_len = 0; return CKR_OK; } else { // we have at least 1 block⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -