📄 key_mgr.c
字号:
goto error; } // we can now set CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE // to their appropriate values. this only applies to CKO_SECRET_KEY // and CKO_PRIVATE_KEY objects // flag = template_attribute_find( priv_key_obj->template, CKA_SENSITIVE, &attr ); if (flag == TRUE) { flag = *(CK_BBOOL *)attr->pValue; rc = build_attribute( CKA_ALWAYS_SENSITIVE, &flag, sizeof(CK_BBOOL), &new_attr ); if (rc != CKR_OK){ st_err_log(84, __FILE__, __LINE__); goto error; } template_update_attribute( priv_key_obj->template, new_attr ); } else { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; goto error; } flag = template_attribute_find( priv_key_obj->template, CKA_EXTRACTABLE, &attr ); if (flag == TRUE) { flag = *(CK_BBOOL *)attr->pValue; rc = build_attribute( CKA_NEVER_EXTRACTABLE, &true, sizeof(CK_BBOOL), &new_attr ); if (rc != CKR_OK){ st_err_log(84, __FILE__, __LINE__); goto error; } if (flag == TRUE) *(CK_BBOOL *)new_attr->pValue = false; template_update_attribute( priv_key_obj->template, new_attr ); } else { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; goto error; } // at this point, the keys should be fully constructed...assign // object handles and store the keys // rc = object_mgr_create_final( sess, publ_key_obj, publ_key_handle ); if (rc != CKR_OK){ st_err_log(90, __FILE__, __LINE__); goto error; } rc = object_mgr_create_final( sess, priv_key_obj, priv_key_handle ); if (rc != CKR_OK){ st_err_log(90, __FILE__, __LINE__); goto error; } return rc;error: if (publ_key_obj) object_free( publ_key_obj ); if (priv_key_obj) object_free( priv_key_obj ); *publ_key_handle = 0; *priv_key_handle = 0; return rc;}////CK_RVkey_mgr_wrap_key( SESSION * sess, CK_BBOOL length_only, CK_MECHANISM * mech, CK_OBJECT_HANDLE h_wrapping_key, CK_OBJECT_HANDLE h_key, CK_BYTE * wrapped_key, CK_ULONG * wrapped_key_len ){ ENCR_DECR_CONTEXT * ctx = NULL; OBJECT * key1_obj = NULL; OBJECT * key2_obj = NULL; CK_ATTRIBUTE * attr = NULL; CK_BYTE * data = NULL; CK_ULONG data_len; CK_OBJECT_CLASS class; CK_KEY_TYPE keytype; CK_BBOOL flag; CK_RV rc; if (!sess || !wrapped_key_len){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } rc = object_mgr_find_in_map1( h_wrapping_key, &key1_obj ); if (rc != CKR_OK){ st_err_log(62, __FILE__, __LINE__); return CKR_WRAPPING_KEY_HANDLE_INVALID; } rc = object_mgr_find_in_map1( h_key, &key2_obj ); if (rc != CKR_OK){ st_err_log(18, __FILE__, __LINE__); return CKR_KEY_HANDLE_INVALID; } // is the key-to-be-wrapped EXTRACTABLE? // rc = template_attribute_find( key2_obj->template, CKA_EXTRACTABLE, &attr ); if (rc == FALSE){ st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; // could happen if user tries to wrap a public key } else { flag = *(CK_BBOOL *)attr->pValue; if (flag == FALSE){ st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } } // what kind of key are we trying to wrap? make sure the mechanism is // allowed to wrap this kind of key // rc = template_attribute_find( key2_obj->template, CKA_CLASS, &attr ); if (rc == FALSE){ st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } else class = *(CK_OBJECT_CLASS *)attr->pValue; switch (mech->mechanism) {#if !(NOCDMF) case CKM_CDMF_ECB: case CKM_CDMF_CBC:#endif case CKM_DES_ECB: case CKM_DES_CBC: case CKM_DES3_ECB: case CKM_DES3_CBC: case CKM_AES_ECB: case CKM_AES_CBC: if (class != CKO_SECRET_KEY){ st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } break;#if !(NOCDMF) case CKM_CDMF_CBC_PAD:#endif case CKM_DES_CBC_PAD: case CKM_DES3_CBC_PAD: case CKM_AES_CBC_PAD: // these mechanisms can wrap any type of key // break; case CKM_RSA_PKCS: case CKM_RSA_X_509: if (class != CKO_SECRET_KEY){ st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } break; default: st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } // extract the secret data to be wrapped // rc = template_attribute_find( key2_obj->template, CKA_KEY_TYPE, &attr ); if (rc == FALSE){ st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } else keytype = *(CK_KEY_TYPE *)attr->pValue; switch (keytype) {#if !(NOCDMF) case CKK_CDMF:#endif case CKK_DES: rc = des_wrap_get_data( key2_obj->template, length_only, &data, &data_len ); if (rc != CKR_OK){ st_err_log(92, __FILE__, __LINE__); return rc; } break; case CKK_DES3: rc = des3_wrap_get_data( key2_obj->template, length_only, &data, &data_len ); if (rc != CKR_OK){ st_err_log(93, __FILE__, __LINE__); return rc; } break; case CKK_RSA: rc = rsa_priv_wrap_get_data( key2_obj->template, length_only, &data, &data_len ); if (rc != CKR_OK){ st_err_log(94, __FILE__, __LINE__); return rc; } break;#if !(NODSA) case CKK_DSA: rc = dsa_priv_wrap_get_data( key2_obj->template, length_only, &data, &data_len ); if (rc != CKR_OK){ st_err_log(95, __FILE__, __LINE__); return rc; } break;#endif case CKK_GENERIC_SECRET: rc = generic_secret_wrap_get_data( key2_obj->template, length_only, &data, &data_len ); if (rc != CKR_OK){ st_err_log(96, __FILE__, __LINE__); return rc; } break;#ifndef NOAES case CKK_AES: rc = aes_wrap_get_data( key2_obj->template, length_only, &data, &data_len ); if (rc != CKR_OK){ st_err_log(191, __FILE__, __LINE__); return rc; } break;#endif default: st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } // we might need to format the wrapped data based on the mechanism // switch (mech->mechanism) {#if !(NOCMF) case CKM_CDMF_ECB: case CKM_CDMF_CBC:#endif case CKM_DES_ECB: case CKM_DES_CBC: case CKM_DES3_ECB: case CKM_DES3_CBC: rc = ckm_des_wrap_format( length_only, &data, &data_len ); if (rc != CKR_OK) { st_err_log(97, __FILE__, __LINE__); if (data) free( data ); return rc; } break;#ifndef NOAES case CKM_AES_ECB: case CKM_AES_CBC: rc = ckm_aes_wrap_format( length_only, &data, &data_len ); if (rc != CKR_OK) { st_err_log(192, __FILE__, __LINE__); if (data) free( data ); return rc; } break;#endif#if !(NOCMF) case CKM_CDMF_CBC_PAD:#endif case CKM_DES_CBC_PAD: case CKM_DES3_CBC_PAD: case CKM_AES_CBC_PAD: // these mechanisms pad themselves // break; case CKM_RSA_PKCS: case CKM_RSA_X_509:// rc = ckm_rsa_wrap_format( length_only, &data, &data_len );// if (rc != CKR_OK) {// free( data );// return rc;// } break; default: st_err_log(26, __FILE__, __LINE__); return CKR_KEY_NOT_WRAPPABLE; } ctx = (ENCR_DECR_CONTEXT *)malloc(sizeof(ENCR_DECR_CONTEXT)); if (!ctx){ st_err_log(0, __FILE__, __LINE__); return CKR_HOST_MEMORY; } memset( ctx, 0x0, sizeof(ENCR_DECR_CONTEXT) ); // prepare to do the encryption // rc = encr_mgr_init( sess, ctx, OP_WRAP, mech, h_wrapping_key ); if (rc != CKR_OK){ st_err_log(98, __FILE__, __LINE__); return rc; } // do the encryption and clean up. at this point, 'value' may or may not // be NULL depending on 'length_only' // rc = encr_mgr_encrypt( sess, length_only, ctx, data, data_len, wrapped_key, wrapped_key_len ); if (data != NULL){ free( data ); } encr_mgr_cleanup( ctx ); free( ctx ); return rc;}////CK_RVkey_mgr_unwrap_key( SESSION * sess, CK_MECHANISM * mech, CK_ATTRIBUTE * attributes, CK_ULONG attrib_count, CK_BYTE * wrapped_key, CK_ULONG wrapped_key_len, CK_OBJECT_HANDLE h_unwrapping_key, CK_OBJECT_HANDLE * h_unwrapped_key ){ ENCR_DECR_CONTEXT * ctx = NULL; OBJECT * key_obj = NULL; CK_BYTE * data = NULL; CK_ULONG data_len; CK_ULONG keyclass, keytype; CK_ULONG i; CK_BBOOL found_class, found_type, fromend;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -