📄 verify_mgr.c
字号:
#include "pkcs11types.h"#include "defs.h"#include "host_defs.h"#include "h_extern.h"#include "tok_spec_struct.h"////CK_RVverify_mgr_init( SESSION * sess, SIGN_VERIFY_CONTEXT * ctx, CK_MECHANISM * mech, CK_BBOOL recover_mode, CK_OBJECT_HANDLE key ){ OBJECT * key_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE * ptr = NULL; CK_KEY_TYPE keytype; CK_OBJECT_CLASS class; CK_BBOOL flag; CK_RV rc; if (!sess || !ctx){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } if (ctx->active != FALSE){ st_err_log(31, __FILE__, __LINE__); return CKR_OPERATION_ACTIVE; } // key usage restrictions // rc = object_mgr_find_in_map1( key, &key_obj ); if (rc != CKR_OK){ st_err_log(18, __FILE__, __LINE__); return CKR_KEY_HANDLE_INVALID; } // is key allowed to verify signatures? // rc = template_attribute_find( key_obj->template, CKA_VERIFY, &attr ); if (rc == FALSE){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } else { flag = *(CK_BBOOL *)attr->pValue; if (flag != TRUE){ st_err_log(85, __FILE__, __LINE__); return CKR_KEY_FUNCTION_NOT_PERMITTED; } } // is the mechanism supported? is the key type correct? is a // parameter present if required? is the key size allowed? // is the key allowed to generate signatures? // switch (mech->mechanism) { case CKM_RSA_X_509: case CKM_RSA_PKCS: { if (mech->ulParameterLen != 0){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } rc = template_attribute_find( key_obj->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } else { keytype = *(CK_KEY_TYPE *)attr->pValue; if (keytype != CKK_RSA){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } } // must be a PUBLIC key operation // flag = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); if (flag == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } else class = *(CK_OBJECT_CLASS *)attr->pValue; if (class != CKO_PUBLIC_KEY){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // PKCS #11 doesn't allow multi-part RSA operations // ctx->context_len = 0; ctx->context = NULL; } break; case CKM_MD2_RSA_PKCS: case CKM_MD5_RSA_PKCS: case CKM_SHA1_RSA_PKCS: { if (mech->ulParameterLen != 0){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } rc = template_attribute_find( key_obj->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } else { keytype = *(CK_KEY_TYPE *)attr->pValue; if (keytype != CKK_RSA){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } } // must be a PUBLIC key operation // flag = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); if (flag == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } else class = *(CK_OBJECT_CLASS *)attr->pValue; if (class != CKO_PUBLIC_KEY){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } ctx->context_len = sizeof(RSA_DIGEST_CONTEXT); ctx->context = (CK_BYTE *)malloc(sizeof(RSA_DIGEST_CONTEXT)); if (!ctx->context){ st_err_log(0, __FILE__, __LINE__); return CKR_HOST_MEMORY; } memset( ctx->context, 0x0, sizeof(RSA_DIGEST_CONTEXT)); } break;#if !(NODSA) case CKM_DSA: { if (mech->ulParameterLen != 0){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } rc = template_attribute_find( key_obj->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } else { keytype = *(CK_KEY_TYPE *)attr->pValue; if (keytype != CKK_DSA){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } } // must be a PUBLIC key operation // flag = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); if (flag == FALSE){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } else class = *(CK_OBJECT_CLASS *)attr->pValue; if (class != CKO_PUBLIC_KEY){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // PKCS #11 doesn't allow multi-part DSA operations // ctx->context_len = 0; ctx->context = NULL; } break;#endif case CKM_MD2_HMAC: case CKM_MD5_HMAC: case CKM_SHA_1_HMAC: { if (mech->ulParameterLen != 0){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } rc = template_attribute_find( key_obj->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } else { keytype = *(CK_KEY_TYPE *)attr->pValue; if (keytype != CKK_GENERIC_SECRET){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } } // PKCS #11 doesn't allow multi-part HMAC operations // ctx->context_len = 0; ctx->context = NULL; } break; case CKM_MD2_HMAC_GENERAL: case CKM_MD5_HMAC_GENERAL: case CKM_SHA_1_HMAC_GENERAL: { CK_MAC_GENERAL_PARAMS *param = (CK_MAC_GENERAL_PARAMS *)mech->pParameter; if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } if ((mech->mechanism == CKM_MD2_HMAC_GENERAL) && (*param > 16)){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } if ((mech->mechanism == CKM_MD5_HMAC_GENERAL) && (*param > 16)){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } if ((mech->mechanism == CKM_SHA_1_HMAC_GENERAL) && (*param > 20)){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } rc = template_attribute_find( key_obj->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } else { keytype = *(CK_KEY_TYPE *)attr->pValue; if (keytype != CKK_GENERIC_SECRET){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } } // PKCS #11 doesn't allow multi-part HMAC operations // ctx->context_len = 0; ctx->context = NULL; } break; case CKM_SSL3_MD5_MAC: case CKM_SSL3_SHA1_MAC: { CK_MAC_GENERAL_PARAMS *param = (CK_MAC_GENERAL_PARAMS *)mech->pParameter; if (mech->ulParameterLen != sizeof(CK_MAC_GENERAL_PARAMS)){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } // Netscape sets the parameter == 16. PKCS #11 limit is 8 // if (mech->mechanism == CKM_SSL3_MD5_MAC) { if (*param < 4 || *param > 16){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } } if (mech->mechanism == CKM_SSL3_SHA1_MAC) { if (*param < 4 || *param > 20){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } } rc = template_attribute_find( key_obj->template, CKA_CLASS, &attr ); if (rc == FALSE){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } else { class = *(CK_OBJECT_CLASS *)attr->pValue; if (class != CKO_SECRET_KEY){ st_err_log(20, __FILE__, __LINE__); return CKR_KEY_TYPE_INCONSISTENT; } } ctx->context_len = sizeof(SSL3_MAC_CONTEXT); ctx->context = (CK_BYTE *)malloc(sizeof(SSL3_MAC_CONTEXT));⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -