📄 tpm_pkcs11.c
字号:
case CKO_PRIVATE_KEY: logMsg( _("\tPrivate Key\n") ); break; } if ( tKeyList[ 1 ].ulValueLen > 0 ) logMsg( _("\tToken Object: %s\n"), bToken ? _("true") : _("false") ); if ( tKeyList[ 2 ].ulValueLen > 0 ) logMsg( _("\tPrivate Object: %s\n"), bPrivate ? _("true") : _("false") ); if ( tKeyList[ 3 ].ulValueLen > 0 ) logMsg( _("\tModifiable Object: %s\n"), bModifiable ? _("true") : _("false") ); if ( tKeyList[ 4 ].ulValueLen > 0 ) logMsg( _("\tLabel: '%s'\n"), pszLabel ); if ( tKeyList[ 5 ].ulValueLen > 0 ) logMsg( _("\tType: %ld\n"), tType ); if ( tKeyList[ 6 ].ulValueLen > 0 ) displayByteArray( _("Subject: "), &tKeyList[ 6 ], a_bExtended ); if ( tKeyList[ 7 ].ulValueLen > 0 ) { logMsg( _("\tId: '%s' ("), pszId ); displayByteArray( "", &tKeyList[ 7 ], FALSE ); logMsg( ")\n" ); } } else { switch ( tClass ) { case CKO_PUBLIC_KEY: logMsg( _("Public Key: ") ); break; case CKO_PRIVATE_KEY: logMsg( _("Private Key: ") ); break; } if ( tKeyList[ 5 ].ulValueLen > 0 ) logMsg( _("Type: %ld"), tType ); if ( tKeyList[ 4 ].ulValueLen > 0 ) logMsg( _(", Label: '%s'"), pszLabel ); logMsg( "\n" ); } return rv;}/* * displaySymKeyObject * Format a symmetric key object for display. */CK_RVdisplaySymKeyObject( CK_SESSION_HANDLE a_hSession, CK_OBJECT_HANDLE a_hObject, int a_bExtended ) { CK_RV rv; CK_OBJECT_CLASS tClass; CK_BBOOL bToken; CK_BBOOL bPrivate; CK_BBOOL bModifiable; CK_CHAR *pszLabel = NULL; CK_KEY_TYPE tType; CK_ATTRIBUTE tKeyList[] = { { CKA_CLASS, &tClass, sizeof( tClass ) }, { CKA_TOKEN, &bToken, sizeof( bToken ) }, { CKA_PRIVATE, &bPrivate, sizeof( bPrivate ) }, { CKA_MODIFIABLE, &bModifiable, sizeof( bModifiable ) }, { CKA_LABEL, NULL, 0 }, { CKA_KEY_TYPE, &tType, sizeof( tType ) }, }; CK_ULONG ulKeyCount = sizeof( tKeyList ) / sizeof( CK_ATTRIBUTE ); // Retrieve the common key attributes rv = getObjectAttributes( a_hSession, a_hObject, tKeyList, ulKeyCount ); if ( ( rv != CKR_OK ) && ( rv != CKR_ATTRIBUTE_TYPE_INVALID ) ) return rv; // Allocate storage for the object id if ( tKeyList[ 4 ].ulValueLen > 0 ) { pszLabel = tKeyList[ 4 ].pValue = calloc( 1, tKeyList[ 4 ].ulValueLen + 1 ); rv = getObjectAttributes( a_hSession, a_hObject, tKeyList, ulKeyCount ); if ( ( rv != CKR_OK ) && ( rv != CKR_ATTRIBUTE_TYPE_INVALID ) ) return rv; } if ( a_bExtended ) { logMsg( _("Key Object\n") ); switch ( tClass ) { case CKO_SECRET_KEY: logMsg( _("\tSecret Key\n") ); break; } if ( tKeyList[ 1 ].ulValueLen > 0 ) logMsg( _("\tToken Object: %s\n"), bToken ? _("true") : _("false") ); if ( tKeyList[ 2 ].ulValueLen > 0 ) logMsg( _("\tPrivate Object: %s\n"), bPrivate ? _("true") : _("false") ); if ( tKeyList[ 3 ].ulValueLen > 0 ) logMsg( _("\tModifiable Object: %s\n"), bModifiable ? _("true") : _("false") ); if ( tKeyList[ 4 ].ulValueLen > 0 ) logMsg( _("\tLabel: '%s'\n"), pszLabel ); if ( tKeyList[ 5 ].ulValueLen > 0 ) logMsg( _("\tType: %ld\n"), tType ); } else { switch ( tClass ) { case CKO_SECRET_KEY: logMsg( _("Secret Key: ") ); break; } if ( tKeyList[ 5 ].ulValueLen > 0 ) logMsg( _("Type: %ld"), tType ); if ( tKeyList[ 4 ].ulValueLen > 0 ) logMsg( _(", Label: '%s'"), pszLabel ); logMsg( "\n" ); } return rv;}/* * displayObject * Format and display objects. */CK_RVdisplayObject( CK_SESSION_HANDLE a_hSession, CK_OBJECT_HANDLE a_hObject, int a_bExtended ) { CK_RV rv; CK_OBJECT_CLASS tClass; CK_ATTRIBUTE tAttr[] = { { CKA_CLASS, &tClass, sizeof( tClass ) }, }; CK_ULONG ulAttrCount = sizeof( tAttr ) / sizeof( CK_ATTRIBUTE ); // Retrieve the class attribute of the object rv = getObjectAttributes( a_hSession, a_hObject, tAttr, ulAttrCount ); if ( rv != CKR_OK ) return rv; // Use the object class to determine how to format it for display switch ( tClass ) { case CKO_DATA: logMsg( _("Data object\n") ); break; case CKO_CERTIFICATE: displayCertObject( a_hSession, a_hObject, a_bExtended ); break; case CKO_PUBLIC_KEY: case CKO_PRIVATE_KEY: displayAsymKeyObject( a_hSession, a_hObject, a_bExtended ); break; case CKO_SECRET_KEY: displaySymKeyObject( a_hSession, a_hObject, a_bExtended ); break; case CKO_HW_FEATURE: case CKO_DOMAIN_PARAMETERS: default: logMsg( _("Object class=%ld\n"), tClass ); break; } return rv;}/* * checkKey * Check that the key object attributes match the key class * and key type specified. */CK_RVcheckKey( CK_SESSION_HANDLE a_hSession, CK_OBJECT_HANDLE a_hObject, CK_OBJECT_CLASS a_tKeyClass, CK_KEY_TYPE a_tKeyType ) { CK_RV rv; CK_OBJECT_CLASS tClass; CK_KEY_TYPE tType; CK_ATTRIBUTE tAttr[] = { { CKA_CLASS, &tClass, sizeof( tClass ) }, { CKA_KEY_TYPE, &tType, sizeof( tType ) }, }; CK_ULONG ulAttrCount = sizeof( tAttr ) / sizeof( CK_ATTRIBUTE ); // Retrieve the class attribute and key type attribute of the object rv = getObjectAttributes( a_hSession, a_hObject, tAttr, ulAttrCount ); if ( rv != CKR_OK ) return rv; if ( tClass != a_tKeyClass ) return CKR_GENERAL_ERROR; if ( tType != a_tKeyType ) return CKR_GENERAL_ERROR; return CKR_OK;}/* * encryptData * Use a callback mechanism to encrypt some data. */CK_RVencryptData( CK_SESSION_HANDLE a_hSession, CK_OBJECT_HANDLE a_hObject, CK_MECHANISM *a_ptMechanism, TokenCryptGet a_fGet, TokenCryptPut a_fPut ) { CK_RV rv; CK_BBOOL bCancel = FALSE; CK_BYTE *pbInData = NULL; CK_ULONG ulInDataLen = 0; CK_BBOOL bContinue = TRUE; CK_BYTE *pbBuffer = NULL; CK_ULONG ulBufferLen = 0; CK_ULONG ulOutDataLen = 0; if ( !g_bTokenOpen ) return CKR_GENERAL_ERROR; // Check the key rv = checkKey( a_hSession, a_hObject, CKO_SECRET_KEY, CKK_AES ); if ( rv != CKR_OK ) goto out; // Initialize the encryption operation rv = g_pFcnList->C_EncryptInit( a_hSession, a_ptMechanism, a_hObject ); pkcsResult( "C_EncryptInit", rv ); if ( rv != CKR_OK ) goto out; while ( bContinue ) { // Retrieve some data to encrypt if ( a_fGet( &pbInData, &ulInDataLen, &bContinue, TRUE ) == -1 ) { bCancel = TRUE; goto out; } // Check the output buffer size needed rv = g_pFcnList->C_EncryptUpdate( a_hSession, pbInData, ulInDataLen, NULL, &ulOutDataLen ); pkcsResult( "C_EncryptUpdate", rv ); if ( rv != CKR_OK ) goto out; // Check if a larger buffer is needed if ( ulOutDataLen > ulBufferLen ) { free( pbBuffer ); ulBufferLen = ulOutDataLen; pbBuffer = calloc( 1, ulBufferLen ); if ( !pbBuffer ) { logError( _("Unable to obtain memory for the encrypted data buffer\n") ); rv = CKR_HOST_MEMORY; goto out; } } // Encrypt the input data rv = g_pFcnList->C_EncryptUpdate( a_hSession, pbInData, ulInDataLen, pbBuffer, &ulOutDataLen ); pkcsResult( "C_EncryptUpdate", rv ); if ( rv != CKR_OK ) goto out; if ( ulOutDataLen > 0 ) { if ( a_fPut( pbBuffer, ulOutDataLen, bContinue, TRUE ) == -1 ) { bCancel = TRUE; goto out; } } }out: // For AES any remaining data will cause an error, so provide // a buffer which will not be filled in anyway ulOutDataLen = ulBufferLen; rv = g_pFcnList->C_EncryptFinal( a_hSession, pbBuffer, &ulOutDataLen ); pkcsResult( "C_EncryptFinal", rv ); free( pbBuffer ); if ( bCancel ) rv = CKR_FUNCTION_CANCELED; return rv;}/* * decryptData * Use a callback mechanism to decrypt some data. */CK_RVdecryptData( CK_SESSION_HANDLE a_hSession, CK_OBJECT_HANDLE a_hObject, CK_MECHANISM *a_ptMechanism, TokenCryptGet a_fGet, TokenCryptPut a_fPut ) { CK_RV rv; CK_BBOOL bCancel = FALSE; CK_BYTE *pbInData = NULL; CK_ULONG ulInDataLen = 0; CK_BBOOL bContinue = TRUE; CK_BYTE *pbBuffer = NULL; CK_ULONG ulBufferLen = 0; CK_ULONG ulOutDataLen = 0; if ( !g_bTokenOpen ) return CKR_GENERAL_ERROR; // Check the key rv = checkKey( a_hSession, a_hObject, CKO_SECRET_KEY, CKK_AES ); if ( rv != CKR_OK ) goto out; // Initialize the decryption operation rv = g_pFcnList->C_DecryptInit( a_hSession, a_ptMechanism, a_hObject ); pkcsResult( "C_DecryptInit", rv ); if ( rv != CKR_OK ) goto out; while ( bContinue ) { // Retrieve some data to encrypt if ( a_fGet( &pbInData, &ulInDataLen, &bContinue, FALSE ) == -1 ) { bCancel = TRUE; goto out; } // Check the output buffer size needed rv = g_pFcnList->C_DecryptUpdate( a_hSession, pbInData, ulInDataLen, NULL, &ulOutDataLen ); pkcsResult( "C_DecryptUpdate", rv ); if ( rv != CKR_OK ) goto out; // Check if a larger buffer is needed if ( ulOutDataLen > ulBufferLen ) { free( pbBuffer ); ulBufferLen = ulOutDataLen; pbBuffer = calloc( 1, ulBufferLen ); if ( !pbBuffer ) { logError( _("Unable to obtain memory for the encrypted data buffer\n") ); rv = CKR_HOST_MEMORY; goto out; } } // Decrypt the input data rv = g_pFcnList->C_DecryptUpdate( a_hSession, pbInData, ulInDataLen, pbBuffer, &ulOutDataLen ); pkcsResult( "C_DecryptUpdate", rv ); if ( rv != CKR_OK ) goto out; if ( a_fPut( pbBuffer, ulOutDataLen, bContinue, FALSE ) == -1 ) { bCancel = TRUE; goto out; } }out: // For AES any remaining data will cause an error, so provide // a buffer which will not be filled in anyway rv = g_pFcnList->C_DecryptFinal( a_hSession, pbBuffer, &ulOutDataLen ); pkcsResult( "C_DecryptFinal", rv ); free( pbBuffer ); if ( bCancel ) rv = CKR_FUNCTION_CANCELED; return rv;}/* * isTokenInitialized * Returns an indicator as to whether the TPM token has been initialized. */BOOLisTokenInitialized( ) { if ( g_bTokenOpen && ( g_tToken.flags & CKF_TOKEN_INITIALIZED ) ) return TRUE; return FALSE;}/* * getMinPinLen * Returns the the minimum PIN length that the TPM token accepts. */intgetMinPinLen( ) { if ( !g_bTokenOpen ) return 0; return (int)g_tToken.ulMinPinLen;}/* * getMaxPinLen * Returns the the maximum PIN length that the TPM token accepts. */intgetMaxPinLen( ) { if ( !g_bTokenOpen ) return 0; return (int)g_tToken.ulMaxPinLen;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -