void isc_gost_invalidate(isc_gost_t *ctx) { CK_BYTE garbage[ISC_GOST_DIGESTLENGTH]; CK_ULONG len = ISC_GOST_DIGESTLENGTH; if (ctx->handle == NULL) return; (void) pkcs_C_DigestFinal(ctx->session, garbage, &len); memset(garbage, 0, sizeof(garbage)); pk11_return_session(ctx); }
static void pkcs11ecdsa_destroyctx(dst_context_t *dctx) { CK_BYTE garbage[ISC_SHA384_DIGESTLENGTH]; CK_ULONG len = ISC_SHA384_DIGESTLENGTH; pk11_context_t *pk11_ctx = dctx->ctxdata.pk11_ctx; REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 || dctx->key->key_alg == DST_ALG_ECDSA384); if (pk11_ctx != NULL) { (void) pkcs_C_DigestFinal(pk11_ctx->session, garbage, &len); memset(garbage, 0, sizeof(garbage)); pk11_return_session(pk11_ctx); memset(pk11_ctx, 0, sizeof(*pk11_ctx)); isc_mem_put(dctx->mctx, pk11_ctx, sizeof(*pk11_ctx)); dctx->ctxdata.pk11_ctx = NULL; } }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession; CK_MECHANISM mech = { CKM_MD5, NULL, 0 }; CK_ULONG len; pk11_context_t pctx; pk11_optype_t op_type = OP_DIGEST; char *lib_name = NULL; char *pin = NULL; int error = 0; isc_boolean_t logon = ISC_TRUE; int c, errflg = 0; size_t sum = 0; unsigned int i; while ((c = isc_commandline_parse(argc, argv, ":m:s:np:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'n': logon = ISC_FALSE; break; case 'p': pin = isc_commandline_argument; break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tpkcs11-md5sum [-m module] [-s slot] [-n|-p pin]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (logon && pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; rv = pkcs_C_DigestInit(hSession, &mech); if (rv != CKR_OK) { fprintf(stderr, "C_DigestInit: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } for (;;) { size_t n; for (;;) { n = fread(buffer + sum, 1, BLOCKSIZE - sum, stdin); sum += n; if (sum == BLOCKSIZE) break; if (n == 0) { if (ferror(stdin)) { fprintf(stderr, "fread failed\n"); error = 1; goto exit_session; } goto partial_block; } if (feof(stdin)) goto partial_block; } rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer, (CK_ULONG) BLOCKSIZE); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } } partial_block: if (sum > 0) { rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer, (CK_ULONG) sum); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } } len = 16; rv = pkcs_C_DigestFinal(hSession, (CK_BYTE_PTR) digest, &len); if (rv != CKR_OK) { fprintf(stderr, "C_DigestFinal: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } if (len != 16) { fprintf(stderr, "C_DigestFinal: bad length = %lu\n", len); error = 1; } for (i = 0; i < 16; i++) printf("%02x", digest[i] & 0xff); printf("\n"); exit_session: pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_MECHANISM mech = { CKM_SHA_1, NULL, 0 }; CK_ULONG len = sizeof(buf); pk11_context_t pctx; pk11_optype_t op_type = OP_DIGEST; char *lib_name = NULL; int error = 0; int c, errflg = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:n:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tssha1 [-m module] [-s slot] [-n count]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, ISC_FALSE, NULL, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } hSession = pctx.session; /* Randomize the buffer */ rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom: Error = 0x%.8lX\n", rv); goto exit_session; } if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_session; } /* Initialize Digest */ rv = pkcs_C_DigestInit(hSession, &mech); if (rv != CKR_OK) { fprintf(stderr, "C_DigestInit: Error = 0x%.8lX\n", rv); goto exit_session; } for (i = 0; i < count; i++) { /* Digest buffer */ rv = pkcs_C_DigestUpdate(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } /* Finalize Digest (unconditionally) */ len = 20U; rv = pkcs_C_DigestFinal(hSession, buf, &len); if ((rv != CKR_OK) && !error) fprintf(stderr, "C_DigestFinal: Error = 0x%.8lX\n", rv); if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_session; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%uK digested bytes in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g digested bytes/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_session: pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }