mech_rsa.c

来自「IBM的Linux上的PKCS#11实现」· C语言 代码 · 共 1,772 行 · 第 1/4 页

C
1,772
字号
      oid_len = ber_md5WithRSAEncryptionLen;   }   else {      digest_mech.mechanism      = CKM_SHA_1;      oid = ber_sha1WithRSAEncryption;      oid_len = ber_sha1WithRSAEncryptionLen;   }   digest_mech.ulParameterLen = 0;   digest_mech.pParameter     = NULL;   rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);      goto done;   }   hash_len = sizeof(hash);   rc = digest_mgr_digest( sess, FALSE, &digest_ctx, in_data, in_data_len, hash, &hash_len );   if (rc != CKR_OK){      st_err_log(124, __FILE__, __LINE__);      goto done;   }   // Build the BER encoding   //   rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len );   if (rc != CKR_OK){      st_err_log(77, __FILE__, __LINE__);      goto done;   }   tmp = (CK_BYTE *)buf1;   memcpy( tmp,           oid,       oid_len );   memcpy( tmp + oid_len, octet_str, octet_str_len );   rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) );   if (rc != CKR_OK){      st_err_log(78, __FILE__, __LINE__);      goto done;   }   // Verify the Signed BER-encoded Data block   //   verify_mech.mechanism      = CKM_RSA_PKCS;   verify_mech.ulParameterLen = 0;   verify_mech.pParameter     = NULL;   rc = verify_mgr_init( sess, &verify_ctx, &verify_mech, FALSE, ctx->key );   if (rc != CKR_OK){      st_err_log(167, __FILE__, __LINE__);      goto done;   }   //rc = verify_mgr_verify( sess, &verify_ctx, hash, hash_len, signature, sig_len );   rc = verify_mgr_verify( sess, &verify_ctx, ber_data, ber_data_len, signature, sig_len );   if (rc != CKR_OK)      st_err_log(168, __FILE__, __LINE__);done:   if (octet_str) free( octet_str );   if (ber_data)  free( ber_data );      digest_mgr_cleanup( &digest_ctx );   sign_mgr_cleanup( &verify_ctx );   return rc;}////CK_RVrsa_hash_pkcs_verify_update( SESSION              * sess,                             SIGN_VERIFY_CONTEXT  * ctx,                             CK_BYTE              * in_data,                             CK_ULONG               in_data_len ){   RSA_DIGEST_CONTEXT  * context = NULL;   CK_MECHANISM          digest_mech;   CK_RV                 rc;   if (!sess || !ctx || !in_data){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   context = (RSA_DIGEST_CONTEXT *)ctx->context;   if (context->flag == FALSE) {      if (ctx->mech.mechanism == CKM_MD2_RSA_PKCS)         digest_mech.mechanism = CKM_MD2;      else if (ctx->mech.mechanism == CKM_MD5_RSA_PKCS)         digest_mech.mechanism = CKM_MD5;      else         digest_mech.mechanism = CKM_SHA_1;      digest_mech.ulParameterLen = 0;      digest_mech.pParameter     = NULL;      rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );      if (rc != CKR_OK){         st_err_log(123, __FILE__, __LINE__);         goto error;      }      context->flag = TRUE;   }   rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);      goto error;   }   return CKR_OK;error:   digest_mgr_cleanup( &context->hash_context );   return rc;}////CK_RVrsa_hash_pkcs_sign_final( SESSION              * sess,                          CK_BBOOL               length_only,                          SIGN_VERIFY_CONTEXT  * ctx,                          CK_BYTE              * signature,                          CK_ULONG             * sig_len ){   CK_BYTE            * ber_data  = NULL;   CK_BYTE            * octet_str = NULL;   CK_BYTE            * oid       = NULL;   CK_BYTE            * tmp       = NULL;   CK_ULONG              buf1[16];  // 64 bytes is more than enough   CK_BYTE               hash[SHA1_HASH_SIZE];   RSA_DIGEST_CONTEXT  * context = NULL;   CK_ULONG              ber_data_len, hash_len, octet_str_len, oid_len;   CK_MECHANISM          sign_mech;   SIGN_VERIFY_CONTEXT   sign_ctx;   CK_RV                 rc;   if (!sess || !ctx || !sig_len){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   if (ctx->mech.mechanism == CKM_MD2_RSA_PKCS) {      oid = ber_md2WithRSAEncryption;      oid_len = ber_md2WithRSAEncryptionLen;   }   else if (ctx->mech.mechanism == CKM_MD5_RSA_PKCS) {      oid = ber_md5WithRSAEncryption;      oid_len = ber_md5WithRSAEncryptionLen;   }   else {      oid = ber_sha1WithRSAEncryption;      oid_len = ber_sha1WithRSAEncryptionLen;   }   memset( &sign_ctx, 0x0, sizeof(sign_ctx));   context = (RSA_DIGEST_CONTEXT *)ctx->context;   hash_len = sizeof(hash);   rc = digest_mgr_digest_final( sess, length_only, &context->hash_context, hash, &hash_len );   if (rc != CKR_OK){      st_err_log(126, __FILE__, __LINE__);      goto done;   }   // Build the BER Encoded Data block   //   rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len );   if (rc != CKR_OK){      st_err_log(77, __FILE__, __LINE__);      goto done;   }   tmp = (CK_BYTE *)buf1;   memcpy( tmp,           oid,       oid_len );   memcpy( tmp + oid_len, octet_str, octet_str_len );   rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) );   if (rc != CKR_OK){      st_err_log(78, __FILE__, __LINE__);      goto done;   }   // sign the BER-encoded data block   //      sign_mech.mechanism      = CKM_RSA_PKCS;   sign_mech.ulParameterLen = 0;   sign_mech.pParameter     = NULL;   rc = sign_mgr_init( sess, &sign_ctx, &sign_mech, FALSE, ctx->key );   if (rc != CKR_OK){      st_err_log(127, __FILE__, __LINE__);      goto done;   }   //rc = sign_mgr_sign( sess, length_only, &sign_ctx, hash, hash_len, signature, sig_len );   rc = sign_mgr_sign( sess, length_only, &sign_ctx, ber_data, ber_data_len, signature, sig_len );   if (rc != CKR_OK)      st_err_log(128, __FILE__, __LINE__);   if (length_only == TRUE || rc == CKR_BUFFER_TOO_SMALL) {      sign_mgr_cleanup( &sign_ctx );      return rc;   }done:   if (octet_str) free( octet_str );   if (ber_data)  free( ber_data );   digest_mgr_cleanup( &context->hash_context );   sign_mgr_cleanup( &sign_ctx );   return rc;}////CK_RVrsa_hash_pkcs_verify_final( SESSION              * sess,                            SIGN_VERIFY_CONTEXT  * ctx,                            CK_BYTE              * signature,                            CK_ULONG               sig_len ){   CK_BYTE            * ber_data  = NULL;   CK_BYTE            * octet_str = NULL;   CK_BYTE            * oid       = NULL;   CK_BYTE            * tmp       = NULL;   CK_ULONG             buf1[16];   // 64 bytes is more than enough   CK_BYTE               hash[SHA1_HASH_SIZE];   RSA_DIGEST_CONTEXT  * context = NULL;   CK_ULONG              ber_data_len, hash_len, octet_str_len, oid_len;   CK_MECHANISM          verify_mech;   SIGN_VERIFY_CONTEXT   verify_ctx;   CK_RV                 rc;   if (!sess || !ctx || !signature){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   if (ctx->mech.mechanism == CKM_MD2_RSA_PKCS) {      oid = ber_md2WithRSAEncryption;      oid_len = ber_md2WithRSAEncryptionLen;   }   else if (ctx->mech.mechanism == CKM_MD5_RSA_PKCS) {      oid = ber_md5WithRSAEncryption;      oid_len = ber_md5WithRSAEncryptionLen;   }   else {      oid = ber_sha1WithRSAEncryption;      oid_len = ber_sha1WithRSAEncryptionLen;   }   memset( &verify_ctx, 0x0, sizeof(verify_ctx));   context = (RSA_DIGEST_CONTEXT *)ctx->context;   hash_len = sizeof(hash);   rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );   if (rc != CKR_OK){      st_err_log(126, __FILE__, __LINE__);      goto done;   }   // Build the BER encoding   //   rc = ber_encode_OCTET_STRING( FALSE, &octet_str, &octet_str_len, hash, hash_len );   if (rc != CKR_OK){      st_err_log(77, __FILE__, __LINE__);      goto done;   }   tmp = (CK_BYTE *)buf1;   memcpy( tmp,           oid,       oid_len );   memcpy( tmp + oid_len, octet_str, octet_str_len );   rc = ber_encode_SEQUENCE( FALSE, &ber_data, &ber_data_len, tmp, (oid_len + octet_str_len) );   if (rc != CKR_OK){      st_err_log(78, __FILE__, __LINE__);      goto done;   }   // verify the signed BER-encoded data block   //   verify_mech.mechanism      = CKM_RSA_PKCS;   verify_mech.ulParameterLen = 0;   verify_mech.pParameter     = NULL;   rc = verify_mgr_init( sess, &verify_ctx, &verify_mech, FALSE, ctx->key );   if (rc != CKR_OK){      st_err_log(167, __FILE__, __LINE__);      goto done;   }   //rc = verify_mgr_verify( sess, &verify_ctx, hash, hash_len, signature, sig_len );   rc = verify_mgr_verify( sess, &verify_ctx, ber_data, ber_data_len, signature, sig_len );   if (rc != CKR_OK)      st_err_log(168, __FILE__, __LINE__);done:   if (octet_str) free( octet_str );   if (ber_data)  free( ber_data );   digest_mgr_cleanup( &context->hash_context );   verify_mgr_cleanup( &verify_ctx );   return rc;}//// mechanisms//////CK_RVckm_rsa_key_pair_gen( TEMPLATE  * publ_tmpl,                      TEMPLATE  * priv_tmpl ){   CK_ATTRIBUTE       * publ_exp = NULL;   CK_ATTRIBUTE       * attr     = NULL;   CK_BYTE            * ptr      = NULL;   CK_BYTE              repl_buf[5500];   CK_ULONG             req_len, repl_len;   CK_ULONG             mod_bits;   CK_BBOOL             flag;   CK_RV                rc;   flag = template_attribute_find( publ_tmpl, CKA_MODULUS_BITS, &attr );   if (!flag){      st_err_log(48, __FILE__, __LINE__);      return CKR_TEMPLATE_INCOMPLETE;  // should never happen   }   mod_bits = *(CK_ULONG *)attr->pValue;   flag = template_attribute_find( publ_tmpl, CKA_PUBLIC_EXPONENT, &publ_exp );   if (!flag){      st_err_log(48, __FILE__, __LINE__);      return CKR_TEMPLATE_INCOMPLETE;   }   // Really want to FIXME to not instantiate the attributes in  each token   // specific routine.  Should return the pieces and instantiate the attributes   // once.... SAB..   rc = token_specific.t_rsa_generate_keypair(publ_tmpl, priv_tmpl);   if (rc != CKR_OK)      st_err_log(91, __FILE__, __LINE__);   return rc;}////CK_RVckm_rsa_encrypt( CK_BYTE   * in_data,                 CK_ULONG    in_data_len,                 CK_BYTE   * out_data,                 OBJECT    * key_obj ){   CK_ATTRIBUTE      * attr    = NULL;   CK_ATTRIBUTE      * modulus = NULL;   CK_ATTRIBUTE      * pub_exp = NULL;   CK_BYTE           * ptr     = NULL;   CK_ULONG            buffer[80];  // plenty of room...   CK_OBJECT_CLASS     keyclass;   CK_ULONG            req_len, repl_len, key_len;   CK_RV               rc;   rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr );   if (rc == FALSE){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   else      keyclass = *(CK_OBJECT_CLASS *)attr->pValue;   // this had better be a public key   //   if (keyclass != CKO_PUBLIC_KEY){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }      rc = token_specific.t_rsa_encrypt(in_data,in_data_len,out_data,key_obj);   if (rc != CKR_OK)      st_err_log(134, __FILE__, __LINE__);done:   return rc;}////CK_RVckm_rsa_decrypt( CK_BYTE   * in_data,                 CK_ULONG    in_data_len,                 CK_BYTE   * out_data,                 OBJECT    * key_obj ){   CK_ATTRIBUTE      * attr     = NULL;   CK_ATTRIBUTE      * modulus  = NULL;   CK_ATTRIBUTE      * pub_exp  = NULL;   CK_ATTRIBUTE      * prime1   = NULL;   CK_ATTRIBUTE      * prime2   = NULL;   CK_ATTRIBUTE      * exp1     = NULL;   CK_ATTRIBUTE      * exp2     = NULL;   CK_ATTRIBUTE      * coeff    = NULL;   CK_BYTE           * ptr      = NULL;   CK_ULONG            buffer[80];  // plenty of room...   CK_OBJECT_CLASS     keyclass;   CK_ULONG            key_size;   CK_ULONG            req_len, repl_len;   CK_RV               rc;   rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr );   if (rc == FALSE){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   else      keyclass = *(CK_OBJECT_CLASS *)attr->pValue;   // this had better be a private key   //   if (keyclass != CKO_PRIVATE_KEY){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   rc = token_specific.t_rsa_decrypt(in_data,in_data_len,out_data,key_obj);   if (rc != CKR_OK)      st_err_log(135, __FILE__, __LINE__);done:   return rc;}

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?