mech_des3.c

IBM的Linux上的PKCS#11实现

   CK_BYTE       key_value[3*DES_KEY_SIZE];
   CK_KEY_TYPE   keytype;
   CK_RV         rc;


   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   // CKM_DES3_ECB requires the input data to be an integral
   // multiple of the block size
   //
   if (in_data_len % DES_BLOCK_SIZE != 0){
      st_err_log(112, __FILE__, __LINE__);
      return CKR_ENCRYPTED_DATA_LEN_RANGE;
   }
   rc = object_mgr_find_in_map1( ctx->key, &key );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      return rc; 
   }
   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_VALUE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (keytype == CKK_DES2) {
      memcpy( key_value,                    attr->pValue, 2*DES_KEY_SIZE );
      memcpy( key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE );
   }
   else
      memcpy( key_value, attr->pValue, 3*DES_KEY_SIZE );

   if (length_only == TRUE) {
      *out_data_len = in_data_len;
      return CKR_OK;
   }

   if (*out_data_len < in_data_len) {
      *out_data_len = in_data_len;
      st_err_log(111, __FILE__, __LINE__);
      return CKR_BUFFER_TOO_SMALL;
   }

   return ckm_des3_ecb_decrypt( in_data,  in_data_len,
                                out_data, out_data_len,
                                key_value );
}


//
//
CK_RV
des3_cbc_encrypt( SESSION           *sess,
                  CK_BBOOL           length_only,
                  ENCR_DECR_CONTEXT *ctx,
                  CK_BYTE           *in_data,
                  CK_ULONG           in_data_len,
                  CK_BYTE          *out_data,
                  CK_ULONG          *out_data_len)
{
   OBJECT       *key       = NULL;
   CK_ATTRIBUTE *attr      = NULL;
   CK_BYTE       key_value[3*DES_KEY_SIZE];
   CK_KEY_TYPE   keytype;
   CK_RV         rc;

   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   // CKM_DES3_CBC requires the input data to be an integral
   // multiple of the block size
   //
   if (in_data_len % DES_BLOCK_SIZE != 0){
      st_err_log(11, __FILE__, __LINE__);
      return CKR_DATA_LEN_RANGE;
   }

   rc = object_mgr_find_in_map1( ctx->key, &key );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      return rc;
   }
   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_VALUE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (keytype == CKK_DES2) {
      memcpy( key_value,                    attr->pValue, 2*DES_KEY_SIZE );
      memcpy( key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE );
   }
   else
      memcpy( key_value, attr->pValue, 3*DES_KEY_SIZE );

   if (length_only == TRUE) {
      *out_data_len = in_data_len;
      return CKR_OK;
   }

   if (*out_data_len < in_data_len) {
      *out_data_len = in_data_len;
      st_err_log(111, __FILE__, __LINE__);
      return CKR_BUFFER_TOO_SMALL;
   }

   return ckm_des3_cbc_encrypt( in_data,  in_data_len,
                                out_data, out_data_len,
                                ctx->mech.pParameter,
                                key_value );
}

//
//
CK_RV
des3_cbc_decrypt( SESSION            *sess,
                  CK_BBOOL            length_only,
                  ENCR_DECR_CONTEXT  *ctx,
                  CK_BYTE            *in_data,
                  CK_ULONG            in_data_len,
                  CK_BYTE            *out_data,
                  CK_ULONG           *out_data_len)
{
   OBJECT       *key       = NULL;
   CK_ATTRIBUTE *attr      = NULL;
   CK_BYTE       key_value[3*DES_KEY_SIZE];
   CK_KEY_TYPE   keytype;
   CK_RV         rc;


   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   // CKM_DES3_CBC requires the input data to be an integral
   // multiple of the block size
   //
   if (in_data_len % DES_BLOCK_SIZE != 0){
      st_err_log(112, __FILE__, __LINE__);
      return CKR_ENCRYPTED_DATA_LEN_RANGE;
   }
   rc = object_mgr_find_in_map1( ctx->key, &key );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      return rc;
   }
   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_VALUE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (keytype == CKK_DES2) {
      memcpy( key_value,                    attr->pValue, 2*DES_KEY_SIZE );
      memcpy( key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE );
   }
   else
      memcpy( key_value, attr->pValue, 3*DES_KEY_SIZE );

   if (length_only == TRUE) {
      *out_data_len = in_data_len;
      return CKR_OK;
   }

   if (*out_data_len < in_data_len) {
      *out_data_len = in_data_len;
      st_err_log(111, __FILE__, __LINE__);
      return CKR_BUFFER_TOO_SMALL;
   }

   return ckm_des3_cbc_decrypt( in_data,  in_data_len,
                                out_data, out_data_len,
                                ctx->mech.pParameter,
                                key_value );
}


//
//
CK_RV
des3_cbc_pad_encrypt( SESSION           *sess,
                      CK_BBOOL           length_only,
                      ENCR_DECR_CONTEXT *ctx,
                      CK_BYTE           *in_data,
                      CK_ULONG           in_data_len,
                      CK_BYTE          *out_data,
                      CK_ULONG          *out_data_len)
{
   OBJECT       *key       = NULL;
   CK_ATTRIBUTE *attr      = NULL;
   CK_BYTE      *clear     = NULL;
   CK_BYTE       key_value[3*DES_KEY_SIZE];
   CK_KEY_TYPE   keytype;
   CK_ULONG      padded_len;
   CK_RV         rc;

   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   // DES3-CBC-PAD has no input length requirements
   //

   rc = object_mgr_find_in_map1( ctx->key, &key );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      return rc;
   }
   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_VALUE, &attr  );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (keytype == CKK_DES2) {
      memcpy( key_value,                    attr->pValue, 2*DES_KEY_SIZE );
      memcpy( key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE );
   }
   else
      memcpy( key_value, attr->pValue, 3*DES_KEY_SIZE );


   // compute the output length, accounting for padding
   //
   padded_len = DES_BLOCK_SIZE * (in_data_len / DES_BLOCK_SIZE + 1);

   if (length_only == TRUE) {
      *out_data_len = padded_len;
      return CKR_OK;
   }

   if (*out_data_len < padded_len) {
      *out_data_len = padded_len;
      st_err_log(111, __FILE__, __LINE__);
      return CKR_BUFFER_TOO_SMALL;
   }

   clear = (CK_BYTE *)malloc( padded_len );
   if (!clear){
      st_err_log(0, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }
   memcpy( clear, in_data, in_data_len );

   add_pkcs_padding( clear + in_data_len,
                     DES_BLOCK_SIZE,
                     in_data_len,
                     padded_len );

   rc = ckm_des3_cbc_encrypt( clear,    padded_len,
                              out_data, out_data_len,
                              ctx->mech.pParameter,
                              key_value );

   if (rc != CKR_OK)
      st_err_log(105, __FILE__, __LINE__);

   free( clear );
   return rc;
}


//
//
CK_RV
des3_cbc_pad_decrypt( SESSION            *sess,
                      CK_BBOOL            length_only,
                      ENCR_DECR_CONTEXT  *ctx,
                      CK_BYTE            *in_data,
                      CK_ULONG            in_data_len,
                      CK_BYTE            *out_data,
                      CK_ULONG           *out_data_len)
{
   OBJECT       *key       = NULL;
   CK_ATTRIBUTE *attr      = NULL;
   CK_BYTE      *clear     = NULL;
   CK_BYTE       key_value[3*DES_KEY_SIZE];
   CK_KEY_TYPE   keytype;
   CK_ULONG      padded_len;
   CK_RV         rc;


   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   //
   // no need to validate the input length since we'll pad as necessary
   //

   rc = object_mgr_find_in_map1( ctx->key, &key );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      return rc;
   }
   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_VALUE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (keytype == CKK_DES2) {
      memcpy( key_value,                    attr->pValue, 2*DES_KEY_SIZE );
      memcpy( key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE );
   }
   else
      memcpy( key_value, attr->pValue, 3*DES_KEY_SIZE );

   // we're decrypting so even with CBC-PAD, we should have an integral
   // number of block to decrypt
   //
   if (in_data_len % DES_BLOCK_SIZE != 0){
      st_err_log(112, __FILE__, __LINE__);
      return CKR_ENCRYPTED_DATA_LEN_RANGE;
   }
   // the amount of cleartext after stripping the padding will actually be less
   // than the input bytes...
   //
   padded_len = in_data_len;

   if (length_only == TRUE) {
      *out_data_len = padded_len;
      return CKR_OK;
   }

   clear = (CK_BYTE *)malloc( padded_len );
   if (!clear){
      st_err_log(0, __FILE__, __LINE__);
      return CKR_HOST_MEMORY;
   }
   rc = ckm_des3_cbc_decrypt( in_data, in_data_len,
                              clear,   &padded_len,
                              ctx->mech.pParameter,
                              key_value );

   if (rc == CKR_OK) {
      strip_pkcs_padding( clear, padded_len, out_data_len );
      memcpy( out_data, clear, *out_data_len );
   }
   else
      st_err_log(106, __FILE__, __LINE__);

   free( clear );
   return rc;
}


//
//
CK_RV
des3_ecb_encrypt_update( SESSION           *sess,
                         CK_BBOOL           length_only,
                         ENCR_DECR_CONTEXT *ctx,
                         CK_BYTE           *in_data,