📄 mech_ssl3.c

📁 IBM的Linux上的PKCS#11实现
💻 C
📖 第 1 页 / 共 5 页
字号:
      *out_data_len = mac_len;      st_err_log(111, __FILE__, __LINE__);      return CKR_BUFFER_TOO_SMALL;   }   memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );   rc = object_mgr_find_in_map1( ctx->key, &key_obj );   if (rc != CKR_OK){      st_err_log(110, __FILE__, __LINE__);      return rc;   }   rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );   if (rc == FALSE){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   else {      key_bytes = attr->ulValueLen;      key_data  = attr->pValue;   }   // unlike an HMAC operation, we don't XOR the key with the 0x36 or 0x5C.   // we just append 48 bytes to the key data   //   memset( inner, 0x36, 48 );   memset( outer, 0x5C, 48 );   if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)      digest_mech.mechanism   = CKM_MD5;   else      digest_mech.mechanism   = CKM_SHA_1;   digest_mech.ulParameterLen = 0;   digest_mech.pParameter     = NULL;   // inner hash   //   rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   rc = digest_mgr_digest_update( sess, &digest_ctx, key_data, key_bytes );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC){      rc = digest_mgr_digest_update( sess, &digest_ctx, inner, 48 );   }   else {      rc = digest_mgr_digest_update( sess, &digest_ctx, inner, 40 );   }   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   rc = digest_mgr_digest_update( sess, &digest_ctx, in_data, in_data_len );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   hash_len = sizeof(hash);   rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx,  hash, &hash_len );   if (rc != CKR_OK){      st_err_log(126, __FILE__, __LINE__);       goto error;   }   digest_mgr_cleanup( &digest_ctx );   memset( &digest_ctx, 0x0, sizeof(DIGEST_CONTEXT) );   // outer hash   //   rc = digest_mgr_init( sess, &digest_ctx, &digest_mech );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   rc = digest_mgr_digest_update( sess, &digest_ctx, key_data, key_bytes );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)      rc = digest_mgr_digest_update( sess, &digest_ctx, outer, 48 );   else      rc = digest_mgr_digest_update( sess, &digest_ctx, outer, 40 );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   rc = digest_mgr_digest_update( sess, &digest_ctx, hash, hash_len );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   hash_len = sizeof(hash);   rc = digest_mgr_digest_final( sess, FALSE, &digest_ctx, hash, &hash_len );   if (rc != CKR_OK){      st_err_log(126, __FILE__, __LINE__);       goto error;   }   memcpy( out_data, hash, mac_len );   *out_data_len = mac_len;error:   digest_mgr_cleanup( &digest_ctx );   return rc;}////CK_RVssl3_mac_sign_update( SESSION              * sess,                      SIGN_VERIFY_CONTEXT  * ctx,                      CK_BYTE              * in_data,                      CK_ULONG               in_data_len ){   OBJECT           * key_obj  = NULL;   CK_ATTRIBUTE     * attr     = NULL;   CK_BYTE          * key_data = NULL;   SSL3_MAC_CONTEXT * context  = NULL;   CK_BYTE           inner[48];   CK_MECHANISM      digest_mech;   CK_ULONG          key_bytes;   CK_RV             rc;   if (!sess || !ctx){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   context = (SSL3_MAC_CONTEXT *)ctx->context;   if (context->flag == FALSE) {      rc = object_mgr_find_in_map1( ctx->key, &key_obj );      if (rc != CKR_OK){         st_err_log(110, __FILE__, __LINE__);         goto error;      }      rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );      if (rc == FALSE) {         st_err_log(4, __FILE__, __LINE__, __FUNCTION__);         rc = CKR_FUNCTION_FAILED;         goto error;      }      else {         key_bytes = attr->ulValueLen;         key_data  = attr->pValue;      }      // unlike an HMAC operation, we don't XOR the key with the 0x36 or 0x5C.      // we just append 48 bytes to the key data      //      memset( inner, 0x36, 48 );      if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)         digest_mech.mechanism   = CKM_MD5;      else         digest_mech.mechanism   = CKM_SHA_1;      digest_mech.ulParameterLen = 0;      digest_mech.pParameter     = NULL;      // inner hash      //      rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );      if (rc != CKR_OK){         st_err_log(123, __FILE__, __LINE__);          goto error;      }      rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );      if (rc != CKR_OK){         st_err_log(123, __FILE__, __LINE__);          goto error;      }      if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)         rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 48 );      else         rc = digest_mgr_digest_update( sess, &context->hash_context, inner, 40 );      if (rc != CKR_OK){         st_err_log(123, __FILE__, __LINE__);          goto error;      }      context->flag = TRUE;   }   rc = digest_mgr_digest_update( sess, &context->hash_context, in_data, in_data_len );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   return CKR_OK;error:   digest_mgr_cleanup( &context->hash_context );   return rc;}////CK_RVssl3_mac_sign_final( SESSION              * sess,                     CK_BBOOL               length_only,                     SIGN_VERIFY_CONTEXT  * ctx,                     CK_BYTE              * out_data,                     CK_ULONG             * out_data_len ){   OBJECT           * key_obj  = NULL;   CK_ATTRIBUTE     * attr     = NULL;   CK_BYTE          * key_data = NULL;   CK_BYTE            hash[SHA1_HASH_SIZE];   SSL3_MAC_CONTEXT * context  = NULL;   CK_BYTE           outer[48];   CK_MECHANISM      digest_mech;   CK_ULONG          key_bytes, hash_len, mac_len;   CK_RV             rc;   if (!sess || !ctx || !out_data_len){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   mac_len = *(CK_ULONG *)ctx->mech.pParameter;   if (length_only == TRUE) {      *out_data_len = mac_len;      return CKR_OK;   }   if (*out_data_len < mac_len) {      *out_data_len = mac_len;      st_err_log(111, __FILE__, __LINE__);      return CKR_BUFFER_TOO_SMALL;   }   context = (SSL3_MAC_CONTEXT *)ctx->context;   rc = object_mgr_find_in_map1( ctx->key, &key_obj );   if (rc != CKR_OK){      st_err_log(110, __FILE__, __LINE__);      goto error;   }   rc = template_attribute_find( key_obj->template, CKA_VALUE, &attr );   if (rc == FALSE) {      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      rc = CKR_FUNCTION_FAILED;      goto error;   }   else {      key_bytes = attr->ulValueLen;      key_data  = attr->pValue;   }   // finish the inner hash   //   hash_len = sizeof(hash);   rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );   if (rc != CKR_OK){      st_err_log(126, __FILE__, __LINE__);       goto error;   }   // now, do the outer hash   //   digest_mgr_cleanup( &context->hash_context );   memset( &context->hash_context, 0x0, sizeof(SSL3_MAC_CONTEXT) );   memset( outer, 0x5C, 48 );   if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)      digest_mech.mechanism   = CKM_MD5;   else      digest_mech.mechanism   = CKM_SHA_1;   digest_mech.ulParameterLen = 0;   digest_mech.pParameter     = NULL;   rc = digest_mgr_init( sess, &context->hash_context, &digest_mech );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   rc = digest_mgr_digest_update( sess, &context->hash_context, key_data, key_bytes );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   if (ctx->mech.mechanism == CKM_SSL3_MD5_MAC)      rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 48 );   else      rc = digest_mgr_digest_update( sess, &context->hash_context, outer, 40 );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   rc = digest_mgr_digest_update( sess, &context->hash_context, hash, hash_len );   if (rc != CKR_OK){      st_err_log(123, __FILE__, __LINE__);       goto error;   }   hash_len = sizeof(hash);   rc = digest_mgr_digest_final( sess, FALSE, &context->hash_context, hash, &hash_len );   if (rc != CKR_OK){      st_err_log(126, __FILE__, __LINE__);       goto error;   }   memcpy( out_data, hash, mac_len );   *out_data_len = mac_len;error:   digest_mgr_cleanup( &context->hash_context );   return rc;}// This routine could replace the HMAC verification routines//CK_RVssl3_mac_verify( SESSION              * sess,                 SIGN_VERIFY_CONTEXT  * ctx,                 CK_BYTE              * in_data,                 CK_ULONG               in_data_len,                 CK_BYTE              * signature,                 CK_ULONG               sig_len ){   CK_BYTE              mac[SHA1_HASH_SIZE];   SIGN_VERIFY_CONTEXT  mac_ctx;   CK_ULONG             mac_len, len;   CK_RV                rc;   if (!sess || !ctx || !in_data || !signature){      st_err_log(4, __FILE__, __LINE__, __FUNCTION__);      return CKR_FUNCTION_FAILED;   }   mac_len = *(CK_ULONG *)ctx->mech.pParameter;   memset( &mac_ctx, 0, sizeof(SIGN_VERIFY_CONTEXT) );   rc = sign_mgr_init( sess, &mac_ctx, &ctx->mech, FALSE, ctx->key );   if (rc != CKR_OK){      st_err_log(127, __FILE__, __LINE__);       goto error;   }   len = sizeof(mac);   rc = sign_mgr_sign( sess, FALSE, &mac_ctx,                       in_data, in_data_len,                       mac,     &len );   if (rc != CKR_OK){      st_err_log(128, __FILE__, __LINE__);       goto error;   }   if ((len != mac_len) || (len != sig_len)) {      rc = CKR_SIGNATURE_LEN_RANGE;      st_err_log(46, __FILE__, __LINE__);       goto error;   }   if (memcmp(mac, signature, mac_len) != 0){      st_err_log(47, __FILE__, __LINE__);       rc = CKR_SIGNATURE_INVALID;   }error:   sign_mgr_cleanup( &mac_ctx );   return rc;
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -