📄 key_mgr.c
字号:
// and make sure that if CKA_CLASS is CKO_SECRET_KEY, if it is present. // // it would have been more logical for Cryptoki to forbid specifying // the CKA_CLASS attribute when generating a key // for (i=0; i < ulCount; i++) { if (pTemplate[i].type == CKA_CLASS) { keyclass = *(CK_OBJECT_CLASS *)pTemplate[i].pValue; if (keyclass != CKO_SECRET_KEY){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } } if (pTemplate[i].type == CKA_KEY_TYPE) subclass = *(CK_ULONG *)pTemplate[i].pValue; } switch (mech->mechanism) { case CKM_DES_KEY_GEN: if (subclass != 0 && subclass != CKK_DES){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } subclass = CKK_DES; break; case CKM_DES3_KEY_GEN: if (subclass != 0 && subclass != CKK_DES3){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } subclass = CKK_DES3; break;#if !(NOCDMF) case CKM_CDMF_KEY_GEN: if (subclass != 0 && subclass != CKK_CDMF){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } subclass = CKK_CDMF; break;#endif case CKM_SSL3_PRE_MASTER_KEY_GEN: if (subclass != 0 && subclass != CKK_GENERIC_SECRET){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } if (mech->ulParameterLen != sizeof(CK_VERSION)){ st_err_log(29, __FILE__, __LINE__); return CKR_MECHANISM_PARAM_INVALID; } subclass = CKK_GENERIC_SECRET; break; case CKM_AES_KEY_GEN: if (subclass != 0 && subclass != CKK_AES){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } subclass = CKK_AES; break; default: st_err_log(28, __FILE__, __LINE__); return CKR_MECHANISM_INVALID; } rc = object_mgr_create_skel( sess, pTemplate, ulCount, MODE_KEYGEN, CKO_SECRET_KEY, subclass, &key_obj ); if (rc != CKR_OK){ st_err_log(89, __FILE__, __LINE__); goto error; } // at this point, 'key_obj' should contain a skeleton key. depending on // the key type, we may need to extract one or more attributes from // the object prior to generating the key data (ie. variable key length) // switch (mech->mechanism) { case CKM_DES_KEY_GEN: rc = ckm_des_key_gen( key_obj->template ); break; case CKM_DES3_KEY_GEN: rc = ckm_des3_key_gen( key_obj->template ); break;#if !(NOCDMF) case CKM_CDMF_KEY_GEN: rc = ckm_cdmf_key_gen( key_obj->template ); break;#endif case CKM_SSL3_PRE_MASTER_KEY_GEN: rc = ckm_ssl3_pre_master_key_gen( key_obj->template, mech ); break;#ifndef NOAES case CKM_AES_KEY_GEN: rc = ckm_aes_key_gen( key_obj->template ); break;#endif default: st_err_log(28, __FILE__, __LINE__); rc = CKR_MECHANISM_INVALID; } if (rc != CKR_OK){ st_err_log(91, __FILE__, __LINE__); goto error; } // we can now set CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE // to their appropriate values. this only applies to CKO_SECRET_KEY // and CKO_PRIVATE_KEY objects // flag = template_attribute_find( key_obj->template, CKA_SENSITIVE, &attr ); if (flag == TRUE) { flag = *(CK_BBOOL *)attr->pValue; rc = build_attribute( CKA_ALWAYS_SENSITIVE, &flag, sizeof(CK_BBOOL), &new_attr ); if (rc != CKR_OK){ st_err_log(84, __FILE__, __LINE__); goto error; } template_update_attribute( key_obj->template, new_attr ); } else { rc = CKR_FUNCTION_FAILED; st_err_log(4, __FILE__, __LINE__, __FUNCTION__); goto error; } flag = template_attribute_find( key_obj->template, CKA_EXTRACTABLE, &attr ); if (flag == TRUE) { flag = *(CK_BBOOL *)attr->pValue; rc = build_attribute( CKA_NEVER_EXTRACTABLE, &true, sizeof(CK_BBOOL), &new_attr ); if (rc != CKR_OK){ st_err_log(84, __FILE__, __LINE__); goto error; } if (flag == TRUE) *(CK_BBOOL *)new_attr->pValue = FALSE; template_update_attribute( key_obj->template, new_attr ); } else { rc = CKR_FUNCTION_FAILED; st_err_log(4, __FILE__, __LINE__, __FUNCTION__); goto error; } // at this point, the key should be fully constructed...assign // an object handle and store the key // rc = object_mgr_create_final( sess, key_obj, handle ); if (rc != CKR_OK){ st_err_log(90, __FILE__, __LINE__); goto error; } return rc;error: if (key_obj) object_free( key_obj ); *handle = 0; return rc;}////CK_RVkey_mgr_generate_key_pair( SESSION * sess, CK_MECHANISM * mech, CK_ATTRIBUTE * publ_tmpl, CK_ULONG publ_count, CK_ATTRIBUTE * priv_tmpl, CK_ULONG priv_count, CK_OBJECT_HANDLE * publ_key_handle, CK_OBJECT_HANDLE * priv_key_handle ){ OBJECT * publ_key_obj = NULL; OBJECT * priv_key_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_ATTRIBUTE * new_attr = NULL; CK_ULONG i, keyclass, subclass = 0; CK_BBOOL flag; CK_RV rc; if (!sess || !mech || !publ_key_handle || !priv_key_handle){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } if (!publ_tmpl && (publ_count != 0)){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } if (!priv_tmpl && (priv_count != 0)){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } // it's silly but Cryptoki allows the user to specify the CKA_CLASS // in the template. so we have to iterate through the provided template // and make sure that if CKA_CLASS is valid, if it is present. // // it would have been more logical for Cryptoki to forbid specifying // the CKA_CLASS attribute when generating a key // for (i=0; i < publ_count; i++) { if (publ_tmpl[i].type == CKA_CLASS) { keyclass = *(CK_OBJECT_CLASS *)publ_tmpl[i].pValue; if (keyclass != CKO_PUBLIC_KEY){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } } if (publ_tmpl[i].type == CKA_KEY_TYPE) subclass = *(CK_ULONG *)publ_tmpl[i].pValue; } for (i=0; i < priv_count; i++) { if (priv_tmpl[i].type == CKA_CLASS) { keyclass = *(CK_OBJECT_CLASS *)priv_tmpl[i].pValue; if (keyclass != CKO_PRIVATE_KEY){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } } if (priv_tmpl[i].type == CKA_KEY_TYPE) { CK_ULONG temp = *(CK_ULONG *)priv_tmpl[i].pValue; if (temp != subclass){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } } } switch (mech->mechanism) { case CKM_RSA_PKCS_KEY_PAIR_GEN: if (subclass != 0 && subclass != CKK_RSA){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } subclass = CKK_RSA; break;#if !(NODSA) case CKM_DSA_KEY_PAIR_GEN: if (subclass != 0 && subclass != CKK_DSA){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } subclass = CKK_DSA; break;#endif/* Begin code contributed by Corrent corp. */#if !(NODH) case CKM_DH_PKCS_KEY_PAIR_GEN: if (subclass != 0 && subclass != CKK_DH){ st_err_log(49, __FILE__, __LINE__); return CKR_TEMPLATE_INCONSISTENT; } subclass = CKK_DH; break;#endif/* End code contributed by Corrent corp. */ default: st_err_log(28, __FILE__, __LINE__); return CKR_MECHANISM_INVALID; } rc = object_mgr_create_skel( sess, publ_tmpl, publ_count, MODE_KEYGEN, CKO_PUBLIC_KEY, subclass, &publ_key_obj ); if (rc != CKR_OK){ st_err_log(89, __FILE__, __LINE__); goto error; } rc = object_mgr_create_skel( sess, priv_tmpl, priv_count, MODE_KEYGEN, CKO_PRIVATE_KEY, subclass, &priv_key_obj ); if (rc != CKR_OK){ st_err_log(89, __FILE__, __LINE__); goto error; } // at this point, 'key_obj' should contain a skeleton key. depending on // the key type, we may need to extract one or more attributes from // the object prior to generating the key data (ie. variable key length) // switch (mech->mechanism) { case CKM_RSA_PKCS_KEY_PAIR_GEN: rc = ckm_rsa_key_pair_gen( publ_key_obj->template, priv_key_obj->template ); break;#if !(NODSA) case CKM_DSA_KEY_PAIR_GEN: rc = ckm_dsa_key_pair_gen( publ_key_obj->template, priv_key_obj->template ); break;#endif/* Begin code contributed by Corrent corp. */#if !(NODH) case CKM_DH_PKCS_KEY_PAIR_GEN: rc = ckm_dh_pkcs_key_pair_gen( publ_key_obj->template, priv_key_obj->template ); break;#endif/* End code contributed by Corrent corp. */ default: st_err_log(28, __FILE__, __LINE__); rc = CKR_MECHANISM_INVALID; break; } if (rc != CKR_OK){ st_err_log(91, __FILE__, __LINE__);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -