📄 pkcs11-object.c
字号:
CK_BYTE_PTR pEncryptedPart, /* receives encrypted data */ CK_ULONG_PTR pulEncryptedPartLen) /* receives encrypted byte count */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pEncryptedPart, /* input encrypted data */ CK_ULONG ulEncryptedPartLen, /* count of byes of input */ CK_BYTE_PTR pPart, /* receives decrypted output */ CK_ULONG_PTR pulPartLen) /* receives decrypted byte count */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the key generation mechanism */ CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ CK_ULONG ulCount, /* number of attributes in template */ CK_OBJECT_HANDLE_PTR phKey) /* receives handle of new key */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the key gen. mech. */ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* pub. attr. template */ CK_ULONG ulPublicKeyAttributeCount, /* # of pub. attrs. */ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* priv. attr. template */ CK_ULONG ulPrivateKeyAttributeCount, /* # of priv. attrs. */ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ CK_OBJECT_HANDLE_PTR phPrivateKey) /* gets priv. key handle */{ struct sc_pkcs11_session *session; struct sc_pkcs11_slot *slot; int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; dump_template("C_CreateObject(), PrivKey attrs", pPrivateKeyTemplate, ulPrivateKeyAttributeCount); dump_template("C_CreateObject(), PubKey attrs", pPublicKeyTemplate, ulPublicKeyAttributeCount); rv = pool_find(&session_pool, hSession, (void**) &session); if (rv != CKR_OK) goto out; slot = session->slot; if (slot->card->framework->gen_keypair == NULL) { rv = CKR_FUNCTION_NOT_SUPPORTED; } else { rv = slot->card->framework->gen_keypair(slot->card, slot, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey); }out: sc_pkcs11_unlock(); return rv;}CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ CK_OBJECT_HANDLE hWrappingKey, /* handle of the wrapping key */ CK_OBJECT_HANDLE hKey, /* handle of the key to be wrapped */ CK_BYTE_PTR pWrappedKey, /* receives the wrapped key */ CK_ULONG_PTR pulWrappedKeyLen)/* receives byte size of wrapped key */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the unwrapping mechanism */ CK_OBJECT_HANDLE hUnwrappingKey, /* handle of the unwrapping key */ CK_BYTE_PTR pWrappedKey, /* the wrapped key */ CK_ULONG ulWrappedKeyLen, /* bytes length of wrapped key */ CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ CK_ULONG ulAttributeCount, /* # of attributes in template */ CK_OBJECT_HANDLE_PTR phKey) /* gets handle of recovered key */{ struct sc_pkcs11_session *session; struct sc_pkcs11_object *object, *result; int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; rv = pool_find(&session_pool, hSession, (void**) &session); if (rv != CKR_OK) goto out; rv = pool_find(&session->slot->object_pool, hUnwrappingKey, (void**) &object); if (rv != CKR_OK) goto out; if (object->ops->sign == NULL_PTR) { rv = CKR_KEY_TYPE_INCONSISTENT; goto out; } rv = object->ops->unwrap_key(session, object, pMechanism, pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount, (void **) &result); sc_debug(context, "Unwrapping result was %d\n", rv); if (rv == CKR_OK) rv = pool_insert(&session->slot->object_pool, result, phKey);out: sc_pkcs11_unlock(); return rv;}CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the key derivation mechanism */ CK_OBJECT_HANDLE hBaseKey, /* handle of the base key */ CK_ATTRIBUTE_PTR pTemplate, /* template for the new key */ CK_ULONG ulAttributeCount, /* # of attributes in template */ CK_OBJECT_HANDLE_PTR phKey) /* gets handle of derived key */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSeed, /* the seed material */ CK_ULONG ulSeedLen) /* count of bytes of seed material */{#ifdef HAVE_OPENSSL struct sc_pkcs11_session *session; int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; rv = pool_find(&session_pool, hSession, (void**) &session); if (rv == CKR_OK) rv = sc_pkcs11_openssl_add_seed_rand(session, pSeed, ulSeedLen); sc_pkcs11_unlock(); return rv;#else return CKR_FUNCTION_NOT_SUPPORTED;#endif}CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR RandomData, /* receives the random data */ CK_ULONG ulRandomLen) /* number of bytes to be generated */{#ifdef HAVE_OPENSSL struct sc_pkcs11_session *session; int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; rv = pool_find(&session_pool, hSession, (void**) &session); if (rv == CKR_OK) rv = sc_pkcs11_openssl_add_gen_rand(session, RandomData, ulRandomLen); sc_pkcs11_unlock(); return rv;#else return CKR_FUNCTION_NOT_SUPPORTED;#endif}CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession) /* the session's handle */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession) /* the session's handle */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ CK_OBJECT_HANDLE hKey) /* handle of the verification key */{#ifndef HAVE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED;#else#if 0 CK_BBOOL can_verify; CK_ATTRIBUTE verify_attribute = { CKA_VERIFY, &can_verify, sizeof(can_verify) };#endif CK_KEY_TYPE key_type; CK_ATTRIBUTE key_type_attr = { CKA_KEY_TYPE, &key_type, sizeof(key_type) }; struct sc_pkcs11_session *session; struct sc_pkcs11_object *object; int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; rv = pool_find(&session_pool, hSession, (void**) &session); if (rv != CKR_OK) goto out; rv = pool_find(&session->slot->object_pool, hKey, (void**) &object); if (rv != CKR_OK) goto out;#if 0 rv = object->ops->get_attribute(session, object, &verify_attribute); if (rv != CKR_OK || !can_verify) { rv = CKR_KEY_TYPE_INCONSISTENT; goto out; }#endif rv = object->ops->get_attribute(session, object, &key_type_attr); if (rv != CKR_OK) { rv = CKR_KEY_TYPE_INCONSISTENT; goto out; } rv = sc_pkcs11_verif_init(session, pMechanism, object, key_type);out: sc_debug(context, "Verify initialization returns %d\n", rv); sc_pkcs11_unlock(); return rv;#endif}CK_RV C_Verify(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pData, /* plaintext data (digest) to compare */ CK_ULONG ulDataLen, /* length of data (digest) in bytes */ CK_BYTE_PTR pSignature, /* the signature to be verified */ CK_ULONG ulSignatureLen) /* count of bytes of signature */{#ifndef HAVE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED;#else int rv; struct sc_pkcs11_session *session; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; rv = pool_find(&session_pool, hSession, (void**) &session); if (rv != CKR_OK) goto out; rv = sc_pkcs11_verif_update(session, pData, ulDataLen); if (rv == CKR_OK) rv = sc_pkcs11_verif_final(session, pSignature, ulSignatureLen);out: sc_debug(context, "Verify result was %d\n", rv); sc_pkcs11_unlock(); return rv;#endif}CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pPart, /* plaintext data (digest) to compare */ CK_ULONG ulPartLen) /* length of data (digest) in bytes */{#ifndef HAVE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED;#else struct sc_pkcs11_session *session; int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; rv = pool_find(&session_pool, hSession, (void**) &session); if (rv == CKR_OK) rv = sc_pkcs11_verif_update(session, pPart, ulPartLen); sc_debug(context, "C_VerifyUpdate returns %d\n", rv); sc_pkcs11_unlock(); return rv;#endif}CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* the signature to be verified */ CK_ULONG ulSignatureLen) /* count of bytes of signature */{#ifndef HAVE_OPENSSL return CKR_FUNCTION_NOT_SUPPORTED;#else struct sc_pkcs11_session *session; int rv; rv = sc_pkcs11_lock(); if (rv != CKR_OK) return rv; rv = pool_find(&session_pool, hSession, (void**) &session); if (rv != CKR_OK) goto out; rv = sc_pkcs11_verif_final(session, pSignature, ulSignatureLen);out: sc_debug(context, "C_VerifyFinal returns %d\n", rv); sc_pkcs11_unlock(); return rv;#endif}CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ CK_OBJECT_HANDLE hKey) /* handle of the verification key */{ return CKR_FUNCTION_NOT_SUPPORTED;}CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* the signature to be verified */ CK_ULONG ulSignatureLen, /* count of bytes of signature */ CK_BYTE_PTR pData, /* receives decrypted data (digest) */ CK_ULONG_PTR pulDataLen) /* receives byte count of data */{ return CKR_FUNCTION_NOT_SUPPORTED;}/* * Helper function to compare attributes on any sort of object */intsc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *session, void *ptr, CK_ATTRIBUTE_PTR attr){ struct sc_pkcs11_object *object; u8 temp[1024]; CK_ATTRIBUTE temp_attr; int rv; object = (struct sc_pkcs11_object *) ptr; temp_attr.type = attr->type; temp_attr.pValue = temp; temp_attr.ulValueLen = sizeof(temp); rv = object->ops->get_attribute(session, object, &temp_attr); if (rv != CKR_OK) return 0;#ifdef DEBUG { char foo[64]; snprintf(foo, sizeof(foo), "Object %p (slot %d)", object, session->slot->id); dump_template(foo, &temp_attr, 1); }#endif return temp_attr.ulValueLen == attr->ulValueLen && !memcmp(temp, attr->pValue, attr->ulValueLen);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -