mech_rsa.c
来自「IBM的Linux上的PKCS#11实现」· C语言 代码 · 共 1,772 行 · 第 1/4 页
C
1,772 行
oid_len = ber_md5WithRSAEncryptionLen; } else { digest_mech.mechanism = CKM_SHA_1; oid = ber_sha1WithRSAEncryption; oid_len = ber_sha1WithRSAEncryptionLen; } digest_mech.ulParameterLen = 0; digest_mech.pParameter = NULL; rc = digest_mgr_init( sess, &digest_ctx, &digest_mech ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); goto done; } hash_len = sizeof(hash); rc = digest_mgr_digest( sess, FALSE, &digest_ctx, in_data, in_data_len, hash, &hash_len ); if (rc != CKR_OK){ st_err_log(124, __FILE__, __LINE__); goto done; } // Build the BER encoding // rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len ); if (rc != CKR_OK){ st_err_log(77, __FILE__, __LINE__); goto done; } tmp = (CK_BYTE *)buf1; memcpy( tmp, oid, oid_len ); memcpy( tmp + oid_len, octet_str, octet_str_len ); rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) ); if (rc != CKR_OK){ st_err_log(78, __FILE__, __LINE__); goto done; } // Verify the Signed BER-encoded Data block // verify_mech.mechanism = CKM_RSA_PKCS; verify_mech.ulParameterLen = 0; verify_mech.pParameter = NULL; rc = verify_mgr_init( sess, &verify_ctx, &verify_mech, FALSE, ctx->key ); if (rc != CKR_OK){ st_err_log(167, __FILE__, __LINE__); goto done; } //rc = verify_mgr_verify( sess, &verify_ctx, hash, hash_len, signature, sig_len ); rc = verify_mgr_verify( sess, &verify_ctx, ber_data, ber_data_len, signature, sig_len ); if (rc != CKR_OK) st_err_log(168, __FILE__, __LINE__);done: if (octet_str) free( octet_str ); if (ber_data) free( ber_data ); digest_mgr_cleanup( &digest_ctx ); sign_mgr_cleanup( &verify_ctx ); return rc;}////CK_RVrsa_hash_pkcs_verify_update( SESSION * sess, SIGN_VERIFY_CONTEXT * ctx, CK_BYTE * in_data, CK_ULONG in_data_len ){ RSA_DIGEST_CONTEXT * context = NULL; CK_MECHANISM digest_mech; CK_RV rc; if (!sess || !ctx || !in_data){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } context = (RSA_DIGEST_CONTEXT *)ctx->context; if (context->flag == FALSE) { if (ctx->mech.mechanism == CKM_MD2_RSA_PKCS) digest_mech.mechanism = CKM_MD2; else if (ctx->mech.mechanism == CKM_MD5_RSA_PKCS) digest_mech.mechanism = CKM_MD5; else digest_mech.mechanism = CKM_SHA_1; digest_mech.ulParameterLen = 0; digest_mech.pParameter = NULL; rc = digest_mgr_init( sess, &context->hash_context, &digest_mech ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); goto error; } context->flag = TRUE; } rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len ); if (rc != CKR_OK){ st_err_log(123, __FILE__, __LINE__); goto error; } return CKR_OK;error: digest_mgr_cleanup( &context->hash_context ); return rc;}////CK_RVrsa_hash_pkcs_sign_final( SESSION * sess, CK_BBOOL length_only, SIGN_VERIFY_CONTEXT * ctx, CK_BYTE * signature, CK_ULONG * sig_len ){ CK_BYTE * ber_data = NULL; CK_BYTE * octet_str = NULL; CK_BYTE * oid = NULL; CK_BYTE * tmp = NULL; CK_ULONG buf1[16]; // 64 bytes is more than enough CK_BYTE hash[SHA1_HASH_SIZE]; RSA_DIGEST_CONTEXT * context = NULL; CK_ULONG ber_data_len, hash_len, octet_str_len, oid_len; CK_MECHANISM sign_mech; SIGN_VERIFY_CONTEXT sign_ctx; CK_RV rc; if (!sess || !ctx || !sig_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } if (ctx->mech.mechanism == CKM_MD2_RSA_PKCS) { oid = ber_md2WithRSAEncryption; oid_len = ber_md2WithRSAEncryptionLen; } else if (ctx->mech.mechanism == CKM_MD5_RSA_PKCS) { oid = ber_md5WithRSAEncryption; oid_len = ber_md5WithRSAEncryptionLen; } else { oid = ber_sha1WithRSAEncryption; oid_len = ber_sha1WithRSAEncryptionLen; } memset( &sign_ctx, 0x0, sizeof(sign_ctx)); context = (RSA_DIGEST_CONTEXT *)ctx->context; hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, length_only, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ st_err_log(126, __FILE__, __LINE__); goto done; } // Build the BER Encoded Data block // rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len ); if (rc != CKR_OK){ st_err_log(77, __FILE__, __LINE__); goto done; } tmp = (CK_BYTE *)buf1; memcpy( tmp, oid, oid_len ); memcpy( tmp + oid_len, octet_str, octet_str_len ); rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) ); if (rc != CKR_OK){ st_err_log(78, __FILE__, __LINE__); goto done; } // sign the BER-encoded data block // sign_mech.mechanism = CKM_RSA_PKCS; sign_mech.ulParameterLen = 0; sign_mech.pParameter = NULL; rc = sign_mgr_init( sess, &sign_ctx, &sign_mech, FALSE, ctx->key ); if (rc != CKR_OK){ st_err_log(127, __FILE__, __LINE__); goto done; } //rc = sign_mgr_sign( sess, length_only, &sign_ctx, hash, hash_len, signature, sig_len ); rc = sign_mgr_sign( sess, length_only, &sign_ctx, ber_data, ber_data_len, signature, sig_len ); if (rc != CKR_OK) st_err_log(128, __FILE__, __LINE__); if (length_only == TRUE || rc == CKR_BUFFER_TOO_SMALL) { sign_mgr_cleanup( &sign_ctx ); return rc; }done: if (octet_str) free( octet_str ); if (ber_data) free( ber_data ); digest_mgr_cleanup( &context->hash_context ); sign_mgr_cleanup( &sign_ctx ); return rc;}////CK_RVrsa_hash_pkcs_verify_final( SESSION * sess, SIGN_VERIFY_CONTEXT * ctx, CK_BYTE * signature, CK_ULONG sig_len ){ CK_BYTE * ber_data = NULL; CK_BYTE * octet_str = NULL; CK_BYTE * oid = NULL; CK_BYTE * tmp = NULL; CK_ULONG buf1[16]; // 64 bytes is more than enough CK_BYTE hash[SHA1_HASH_SIZE]; RSA_DIGEST_CONTEXT * context = NULL; CK_ULONG ber_data_len, hash_len, octet_str_len, oid_len; CK_MECHANISM verify_mech; SIGN_VERIFY_CONTEXT verify_ctx; CK_RV rc; if (!sess || !ctx || !signature){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } if (ctx->mech.mechanism == CKM_MD2_RSA_PKCS) { oid = ber_md2WithRSAEncryption; oid_len = ber_md2WithRSAEncryptionLen; } else if (ctx->mech.mechanism == CKM_MD5_RSA_PKCS) { oid = ber_md5WithRSAEncryption; oid_len = ber_md5WithRSAEncryptionLen; } else { oid = ber_sha1WithRSAEncryption; oid_len = ber_sha1WithRSAEncryptionLen; } memset( &verify_ctx, 0x0, sizeof(verify_ctx)); context = (RSA_DIGEST_CONTEXT *)ctx->context; hash_len = sizeof(hash); rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len ); if (rc != CKR_OK){ st_err_log(126, __FILE__, __LINE__); goto done; } // Build the BER encoding // rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len ); if (rc != CKR_OK){ st_err_log(77, __FILE__, __LINE__); goto done; } tmp = (CK_BYTE *)buf1; memcpy( tmp, oid, oid_len ); memcpy( tmp + oid_len, octet_str, octet_str_len ); rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) ); if (rc != CKR_OK){ st_err_log(78, __FILE__, __LINE__); goto done; } // verify the signed BER-encoded data block // verify_mech.mechanism = CKM_RSA_PKCS; verify_mech.ulParameterLen = 0; verify_mech.pParameter = NULL; rc = verify_mgr_init( sess, &verify_ctx, &verify_mech, FALSE, ctx->key ); if (rc != CKR_OK){ st_err_log(167, __FILE__, __LINE__); goto done; } //rc = verify_mgr_verify( sess, &verify_ctx, hash, hash_len, signature, sig_len ); rc = verify_mgr_verify( sess, &verify_ctx, ber_data, ber_data_len, signature, sig_len ); if (rc != CKR_OK) st_err_log(168, __FILE__, __LINE__);done: if (octet_str) free( octet_str ); if (ber_data) free( ber_data ); digest_mgr_cleanup( &context->hash_context ); verify_mgr_cleanup( &verify_ctx ); return rc;}//// mechanisms//////CK_RVckm_rsa_key_pair_gen( TEMPLATE * publ_tmpl, TEMPLATE * priv_tmpl ){ CK_ATTRIBUTE * publ_exp = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE * ptr = NULL; CK_BYTE repl_buf[5500]; CK_ULONG req_len, repl_len; CK_ULONG mod_bits; CK_BBOOL flag; CK_RV rc; flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr ); if (!flag){ st_err_log(48, __FILE__, __LINE__); return CKR_TEMPLATE_INCOMPLETE; // should never happen } mod_bits = *(CK_ULONG *)attr->pValue; flag = template_attribute_find( publ_tmpl, CKA_PUBLIC_EXPONENT, &publ_exp ); if (!flag){ st_err_log(48, __FILE__, __LINE__); return CKR_TEMPLATE_INCOMPLETE; } // Really want to FIXME to not instantiate the attributes in each token // specific routine. Should return the pieces and instantiate the attributes // once.... SAB.. rc = token_specific.t_rsa_generate_keypair(publ_tmpl, priv_tmpl); if (rc != CKR_OK) st_err_log(91, __FILE__, __LINE__); return rc;}////CK_RVckm_rsa_encrypt( CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, OBJECT * key_obj ){ CK_ATTRIBUTE * attr = NULL; CK_ATTRIBUTE * modulus = NULL; CK_ATTRIBUTE * pub_exp = NULL; CK_BYTE * ptr = NULL; CK_ULONG buffer[80]; // plenty of room... CK_OBJECT_CLASS keyclass; CK_ULONG req_len, repl_len, key_len; CK_RV rc; rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } else keyclass = *(CK_OBJECT_CLASS *)attr->pValue; // this had better be a public key // if (keyclass != CKO_PUBLIC_KEY){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } rc = token_specific.t_rsa_encrypt(in_data,in_data_len,out_data,key_obj); if (rc != CKR_OK) st_err_log(134, __FILE__, __LINE__);done: return rc;}////CK_RVckm_rsa_decrypt( CK_BYTE * in_data, CK_ULONG in_data_len, CK_BYTE * out_data, OBJECT * key_obj ){ CK_ATTRIBUTE * attr = NULL; CK_ATTRIBUTE * modulus = NULL; CK_ATTRIBUTE * pub_exp = NULL; CK_ATTRIBUTE * prime1 = NULL; CK_ATTRIBUTE * prime2 = NULL; CK_ATTRIBUTE * exp1 = NULL; CK_ATTRIBUTE * exp2 = NULL; CK_ATTRIBUTE * coeff = NULL; CK_BYTE * ptr = NULL; CK_ULONG buffer[80]; // plenty of room... CK_OBJECT_CLASS keyclass; CK_ULONG key_size; CK_ULONG req_len, repl_len; CK_RV rc; rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); if (rc == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } else keyclass = *(CK_OBJECT_CLASS *)attr->pValue; // this had better be a private key // if (keyclass != CKO_PRIVATE_KEY){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } rc = token_specific.t_rsa_decrypt(in_data,in_data_len,out_data,key_obj); if (rc != CKR_OK) st_err_log(135, __FILE__, __LINE__);done: return rc;}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?