mech_des3.c

IBM的Linux上的PKCS#11实现

                        CK_BYTE          *out_data,
                        CK_ULONG          *out_data_len )
{
   DES_CONTEXT *context   = NULL;

   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   // satisfy the compiler
   //
   if (length_only)
      context = NULL;

   context = (DES_CONTEXT *)ctx->context;

   // DES3-CBC does no padding so there had better not be
   // any data in the context buffer.  if there is it means
   // that the overall data length was not a multiple of the blocksize
   //
   if (context->len != 0){
      st_err_log(11, __FILE__, __LINE__);
      return CKR_DATA_LEN_RANGE;
   }
   *out_data_len = 0;
   return CKR_OK;
}


//
//
CK_RV
des3_cbc_pad_encrypt_final( SESSION           *sess,
                            CK_BBOOL           length_only,
                            ENCR_DECR_CONTEXT *ctx,
                            CK_BYTE          *out_data,
                            CK_ULONG          *out_data_len )
{
   DES_CONTEXT    *context   = NULL;
   OBJECT         *key       = NULL;
   CK_ATTRIBUTE   *attr      = NULL;
   CK_BYTE         clear[2*DES_BLOCK_SIZE];
   CK_BYTE         key_value[3*DES_KEY_SIZE];
   CK_KEY_TYPE     keytype;
   CK_ULONG        out_len;
   CK_RV           rc;


   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }

   rc = object_mgr_find_in_map1( ctx->key, &key );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      return rc;
   }
   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_VALUE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (keytype == CKK_DES2) {
      memcpy( key_value,                    attr->pValue, 2*DES_KEY_SIZE );
      memcpy( key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE );
   }
   else
      memcpy( key_value, attr->pValue, 3*DES_KEY_SIZE );

   context = (DES_CONTEXT *)ctx->context;

   // there will never be more than one block in the context buffer
   // so the amount of output is as follows:
   //    if less than 1 block stored, we generate one block of output
   //    if a full block is stored, we generate two blocks of output (one pad block)
   //
   if (context->len == DES_BLOCK_SIZE)
      out_len = 2 * DES_BLOCK_SIZE;
   else
      out_len = DES_BLOCK_SIZE;

   if (length_only == TRUE) {
      *out_data_len = out_len;
      return CKR_OK;
   }
   else {
      memcpy( clear, context->data, context->len );

      add_pkcs_padding( clear + context->len,
                        DES_BLOCK_SIZE,
                        context->len,
                        out_len );

      rc = ckm_des3_cbc_encrypt( clear,     out_len,
                                 out_data,  out_data_len,
                                 ctx->mech.pParameter,
                                 key_value );
      if (rc != CKR_OK) 
         st_err_log(105, __FILE__, __LINE__);
      
      return rc;
   }
}


//
//
CK_RV
des3_cbc_pad_decrypt_final( SESSION           *sess,
                            CK_BBOOL           length_only,
                            ENCR_DECR_CONTEXT *ctx,
                            CK_BYTE          *out_data,
                            CK_ULONG          *out_data_len )
{
   DES_CONTEXT    *context   = NULL;
   OBJECT         *key       = NULL;
   CK_ATTRIBUTE   *attr      = NULL;
   CK_BYTE         clear[DES_BLOCK_SIZE];
   CK_BYTE         key_value[3*DES_KEY_SIZE];
   CK_KEY_TYPE     keytype;
   CK_ULONG        out_len;
   CK_RV           rc;

   if (!sess || !ctx || !out_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   rc = object_mgr_find_in_map1( ctx->key, &key );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      return rc;
   }
   rc = template_attribute_find( key->template, CKA_KEY_TYPE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   keytype = *(CK_KEY_TYPE *)attr->pValue;

   rc = template_attribute_find( key->template, CKA_VALUE, &attr );
   if (rc == FALSE){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (keytype == CKK_DES2) {
      memcpy( key_value,                    attr->pValue, 2*DES_KEY_SIZE );
      memcpy( key_value + (2*DES_KEY_SIZE), attr->pValue, DES_KEY_SIZE );
   }
   else
      memcpy( key_value, attr->pValue, 3*DES_KEY_SIZE );

   context = (DES_CONTEXT *)ctx->context;

   // there had better be a full block in the context buffer
   //
   if (context->len != DES_BLOCK_SIZE){
      st_err_log(112, __FILE__, __LINE__);
      return CKR_ENCRYPTED_DATA_LEN_RANGE;
   }
   // we don't know a priori how much data we'll be returning.  we won't
   // know until after we decrypt it and strip the padding.  it's possible
   // that we'll return nothing (the final block might be a padding block).
   //
   out_len = DES_BLOCK_SIZE;  // upper bound on what we'll return

   if (length_only == TRUE) {
      *out_data_len = out_len;
      return CKR_OK;
   }
   else {
      rc = ckm_des3_cbc_decrypt( context->data, DES_BLOCK_SIZE,
                                 clear,        &out_len,
                                 ctx->mech.pParameter,
                                 key_value );

      if (rc == CKR_OK) {
         strip_pkcs_padding( clear, out_len, &out_len );

         if (out_len != 0)
            memcpy( out_data, clear, out_len );

         *out_data_len = out_len;
      }
      else
         st_err_log(106, __FILE__, __LINE__);
      return rc;
   }
}


//
// mechanisms
//


//
//
CK_RV
ckm_des3_key_gen( TEMPLATE *tmpl )
{

   CK_ATTRIBUTE     * value_attr    = NULL;
   CK_ATTRIBUTE     * key_type_attr = NULL;
   CK_ATTRIBUTE     * class_attr    = NULL;
   CK_ATTRIBUTE     * local_attr    = NULL;
   CK_BYTE            des_key[3 * DES_KEY_SIZE];
   CK_ULONG           req_len, repl_len, expected_repl_len;
   CK_ULONG           rc;

   rc = token_specific.t_des_key_gen(des_key, sizeof(des_key));
   if (rc != CKR_OK)
      return rc;

   value_attr    = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + 3*DES_KEY_SIZE );
   key_type_attr = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_KEY_TYPE) );
   class_attr    = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_OBJECT_CLASS) );
   local_attr    = (CK_ATTRIBUTE *)malloc(sizeof(CK_ATTRIBUTE) + sizeof(CK_BBOOL) );

   if (!value_attr || !key_type_attr || !class_attr || !local_attr) {
      if (value_attr)    free( value_attr );
      if (key_type_attr) free( key_type_attr );
      if (class_attr)    free( class_attr );
      if (local_attr)    free( local_attr );

      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }

   value_attr->type         = CKA_VALUE;
   value_attr->ulValueLen   = 3 * DES_KEY_SIZE;
   value_attr->pValue       = (CK_BYTE *)value_attr + sizeof(CK_ATTRIBUTE);
   memcpy( value_attr->pValue, des_key, 3 * DES_KEY_SIZE );

   key_type_attr->type         = CKA_KEY_TYPE;
   key_type_attr->ulValueLen   = sizeof(CK_KEY_TYPE);
   key_type_attr->pValue       = (CK_BYTE *)key_type_attr + sizeof(CK_ATTRIBUTE);
   *(CK_KEY_TYPE *)key_type_attr->pValue = CKK_DES3;

   class_attr->type         = CKA_CLASS;
   class_attr->ulValueLen   = sizeof(CK_OBJECT_CLASS);
   class_attr->pValue       = (CK_BYTE *)class_attr + sizeof(CK_ATTRIBUTE);
   *(CK_OBJECT_CLASS *)class_attr->pValue = CKO_SECRET_KEY;

   local_attr->type         = CKA_LOCAL;
   local_attr->ulValueLen   = sizeof(CK_BBOOL);
   local_attr->pValue       = (CK_BYTE *)local_attr + sizeof(CK_ATTRIBUTE);
   *(CK_BBOOL *)local_attr->pValue = TRUE;

   template_update_attribute( tmpl, value_attr );
   template_update_attribute( tmpl, key_type_attr );
   template_update_attribute( tmpl, class_attr );
   template_update_attribute( tmpl, local_attr );

   return CKR_OK;
}


//
//
CK_RV
ckm_des3_ecb_encrypt( CK_BYTE     * in_data,
                      CK_ULONG      in_data_len,
                      CK_BYTE     * out_data,
                      CK_ULONG    * out_data_len,
                      CK_BYTE     * key_value )
{
   CK_ULONG         req_len, repl_len, expected_repl_len;
   CK_ULONG         rc;


   if (!in_data || !out_data || !key_value){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (*out_data_len < in_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   rc = token_specific.t_tdes_ecb(in_data,in_data_len,out_data, out_data_len,
         key_value, 1);

   
   if (rc != CKR_OK)
      st_err_log(120, __FILE__, __LINE__);
   return rc;
}


//
//
CK_RV
ckm_des3_ecb_decrypt( CK_BYTE     * in_data,
                      CK_ULONG      in_data_len,
                      CK_BYTE     * out_data,
                      CK_ULONG    * out_data_len,
                      CK_BYTE     * key_value )
{
   CK_ULONG         req_len, repl_len, expected_repl_len;
   CK_ULONG         rc;


   if (!in_data || !out_data || !key_value){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (*out_data_len < in_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   rc = token_specific.t_tdes_ecb(in_data,in_data_len,out_data, out_data_len,
         key_value, 0);
   
   if (rc != CKR_OK)
      st_err_log(120, __FILE__, __LINE__);

   return rc;
}


//
//
CK_RV
ckm_des3_cbc_encrypt( CK_BYTE     * in_data,
                      CK_ULONG      in_data_len,
                      CK_BYTE     * out_data,
                      CK_ULONG    * out_data_len,
                      CK_BYTE     * init_v,
                      CK_BYTE     * key_value )
{
   CK_ULONG         req_len, repl_len, expected_repl_len;
   CK_ULONG         rc;


   if (!in_data || !out_data || !init_v || !key_value){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (*out_data_len < in_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   rc = token_specific.t_tdes_cbc(in_data,in_data_len,out_data,out_data_len,
         key_value,init_v,1);

   if (rc != CKR_OK)
      st_err_log(119, __FILE__, __LINE__);
   return rc;
}


//
//
CK_RV
ckm_des3_cbc_decrypt( CK_BYTE     * in_data,
                      CK_ULONG      in_data_len,
                      CK_BYTE     * out_data,
                      CK_ULONG    * out_data_len,
                      CK_BYTE     * init_v,
                      CK_BYTE     * key_value )
{
   CK_ULONG         req_len, repl_len, expected_repl_len;
   CK_ULONG         rc;


   if (!in_data || !out_data || !init_v || !key_value){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   if (*out_data_len < in_data_len){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);
      return CKR_FUNCTION_FAILED;
   }
   rc = token_specific.t_tdes_cbc(in_data,in_data_len,out_data,out_data_len,
         key_value,init_v,0);

   if (rc != CKR_OK)
      st_err_log(119, __FILE__, __LINE__);
   return rc;
}