int cipher_finish( cipher_context_t *ctx, unsigned char *output, size_t *olen) { int ret = 0; if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen ) return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; *olen = 0; if( POLARSSL_MODE_CFB == ctx->cipher_info->mode || POLARSSL_MODE_CTR == ctx->cipher_info->mode || POLARSSL_MODE_NULL == ctx->cipher_info->mode ) { return 0; } if( POLARSSL_MODE_CBC == ctx->cipher_info->mode ) { if( POLARSSL_ENCRYPT == ctx->operation ) { add_pkcs_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ), ctx->unprocessed_len ); } else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len ) { /* For decrypt operations, expect a full block */ return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED; } /* cipher block */ if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, ctx->operation, cipher_get_block_size( ctx ), ctx->iv, ctx->unprocessed_data, output ) ) ) { return ret; } /* Set output size for decryption */ if( POLARSSL_DECRYPT == ctx->operation ) return get_pkcs_padding( output, cipher_get_block_size( ctx ), olen ); /* Set output size for encryption */ *olen = cipher_get_block_size( ctx ); return 0; } return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE; }
CK_RV save_masterkey(char *path, char *pin_md5, char *master_key) { FILE * fp = NULL; CK_BYTE cleartxt [sizeof(MASTER_KEY_FILE_T) + DES_BLOCK_SIZE]; CK_BYTE ciphertxt[sizeof(MASTER_KEY_FILE_T) + DES_BLOCK_SIZE]; CK_BYTE des3_key[3 * DES_KEY_SIZE]; MASTER_KEY_FILE_T mk; CK_ULONG cleartxt_len, ciphertxt_len, padded_len; CK_RV rc; memcpy(mk.key, master_key, MASTER_KEY_SIZE); rc = compute_sha(master_key, MASTER_KEY_SIZE, (char *)mk.sha_hash); if (rc) { print_error("Error computing SHA1 of master key before write"); goto done; } // encrypt the key data // memcpy( des3_key, pin_md5, MD5_HASH_SIZE ); memcpy( des3_key + MD5_HASH_SIZE, pin_md5, DES_KEY_SIZE ); ciphertxt_len = sizeof(ciphertxt); cleartxt_len = sizeof(mk); memcpy(cleartxt, &mk, cleartxt_len); padded_len = DES_BLOCK_SIZE * (cleartxt_len / DES_BLOCK_SIZE + 1); add_pkcs_padding(cleartxt + cleartxt_len, DES_BLOCK_SIZE, cleartxt_len, padded_len); rc = sw_des3_cbc_encrypt(cleartxt, padded_len, ciphertxt, &ciphertxt_len, (CK_BYTE *)"12345678", des3_key); if (rc != CKR_OK){ print_error("Error encrypting master key before write"); goto done; } // write the file // // probably ought to ensure the permissions are correct // fp = fopen(path, "w" ); if (!fp) { print_error("Error opening master key file for write: %s", path); rc = CKR_FUNCTION_FAILED; goto done; } rc = fwrite( ciphertxt, ciphertxt_len, 1, fp ); if (rc != 1) { print_error("Error writing master key: %s", path); rc = CKR_FUNCTION_FAILED; goto done; } rc = CKR_OK; done: if (fp) fclose(fp); return rc; }