예제 #1
0
static uint8_t receiveMessage(struct Message* received, struct Interface* interface)
{
    struct CryptoAuth_Wrapper* wrapper =
        Identity_cast((struct CryptoAuth_Wrapper*) interface->receiverContext);

    union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) received->bytes;

    if (received->length < (wrapper->authenticatePackets ? 20 : 4)) {
        cryptoAuthDebug0(wrapper, "Dropped runt");
        return Error_UNDERSIZE_MESSAGE;
    }
    Assert_true(received->padding >= 12 || "need at least 12 bytes of padding in incoming message");
    #ifdef Log_DEBUG
        Assert_true(!((uintptr_t)received->bytes % 4) || !"alignment fault");
    #endif
    Message_shift(received, -4);

    uint32_t nonce = Endian_bigEndianToHost32(header->nonce);

    if (wrapper->nextNonce < 5) {
        if (nonce > 3 && nonce != UINT32_MAX && knowHerKey(wrapper)) {
            cryptoAuthDebug(wrapper, "Trying final handshake step, nonce=%u\n", nonce);
            uint8_t secret[32];
            getSharedSecret(secret,
                            wrapper->secret,
                            wrapper->tempKey,
                            NULL,
                            wrapper->context->logger);

            // We'll optimistically advance the nextNonce value because decryptMessage()
            // passes the message on to the upper level and if this message causes a
            // response, we want the CA to be in ESTABLISHED state.
            // if the decryptMessage() call fails, we CryptoAuth_reset() it back.
            wrapper->nextNonce += 3;

            if (decryptMessage(wrapper, nonce, received, secret)) {
                cryptoAuthDebug0(wrapper, "Final handshake step succeeded");
                Bits_memcpyConst(wrapper->secret, secret, 32);
                return callReceivedMessage(wrapper, received);
            }
            CryptoAuth_reset(&wrapper->externalInterface);
            cryptoAuthDebug0(wrapper, "Final handshake step failed");
            return Error_UNDELIVERABLE;
        }
    } else if (nonce > 4) {
        if (decryptMessage(wrapper, nonce, received, wrapper->secret)) {
            return callReceivedMessage(wrapper, received);
        } else {
            cryptoAuthDebug0(wrapper, "Failed to decrypt message");
            return Error_UNDELIVERABLE;
        }
    } else {
        cryptoAuthDebug0(wrapper, "Received handshake message during established connection");
    }
    Message_shift(received, 4);
    return decryptHandshake(wrapper, nonce, received, header);
}
예제 #2
0
jstring __MIX_PREFIX_FUNC_PASTE(MIX_PREFIX_UPAPI_FUNC,decryptMessage(JNIEnv* env, jobject javaThis, jstring str_msg_in, jstring str_encryt_alg, jstring str_cert_id))
{
	char * szData = malloc(MAX_BUFFER_LEN);
	
	memset(szData, 0, MAX_BUFFER_LEN);

	if(!str_msg_in || !str_encryt_alg || !str_cert_id)
	{
		setLastErrInfo(EStateErrorInvalidArg);

		return NULL;
	}

	decryptMessage(szData, 
		(* env)->GetStringUTFChars(env, str_msg_in, 0),
		(* env)->GetStringUTFChars(env, str_encryt_alg, 0),
		atoi((* env)->GetStringUTFChars(env, str_cert_id, 0))
		);

	jstring strRet = (*env)->NewStringUTF(env, szData);

	free(szData);

	return strRet;
}
예제 #3
0
static uint8_t receiveMessage(struct Message* received, struct Interface* interface)
{
    struct CryptoAuth_Wrapper* wrapper = (struct CryptoAuth_Wrapper*) interface->receiverContext;
    union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) received->bytes;

    if (received->length < (wrapper->authenticatePackets ? 20 : 4)) {
        Log_debug(wrapper->context->logger, "Dropped runt");
        return Error_UNDERSIZE_MESSAGE;
    }
    Assert_true(received->padding >= 12 || "need at least 12 bytes of padding in incoming message");
    #ifdef Log_DEBUG
        Assert_true(!((uintptr_t)received->bytes % 4) || !"alignment fault");
    #endif
    Message_shift(received, -4);

    uint32_t nonce = Endian_bigEndianToHost32(header->nonce);

    if (wrapper->nextNonce < 5) {
        if (nonce > 3 && nonce != UINT32_MAX && knowHerKey(wrapper)) {
            Log_debug(wrapper->context->logger,
                       "@%p Trying final handshake step, nonce=%u\n", (void*) wrapper, nonce);
            uint8_t secret[32];
            getSharedSecret(secret,
                            wrapper->secret,
                            wrapper->tempKey,
                            NULL,
                            wrapper->context->logger);
            if (decryptMessage(wrapper, nonce, received, secret)) {
                Log_debug(wrapper->context->logger, "Final handshake step succeeded.\n");
                wrapper->nextNonce += 3;
                Bits_memcpyConst(wrapper->secret, secret, 32);
                return Error_NONE;
            }
            CryptoAuth_reset(&wrapper->externalInterface);
            Log_debug(wrapper->context->logger, "Final handshake step failed.\n");
        }
    } else if (nonce > 2 && decryptMessage(wrapper, nonce, received, wrapper->secret)) {
        // If decryptMessage returns false then we will try the packet as a handshake.
        return Error_NONE;
    } else {
        Log_debug(wrapper->context->logger, "Decryption failed, trying message as a handshake.\n");
    }
    Message_shift(received, 4);
    return decryptHandshake(wrapper, nonce, received, header);
}
예제 #4
0
파일: omg_hax.c 프로젝트: EnkiChen/playfair
void generate_session_key(unsigned char* oldSap, unsigned char* messageIn, unsigned char* sessionKey)
{
   unsigned char decryptedMessage[128];
   unsigned char newSap[320];
   unsigned char Q[210];
   int i;
   int round;
   unsigned char md5[16];
   unsigned char otherHash[16];

   decryptMessage(messageIn, decryptedMessage);
   // Now that we have the decrypted message, we can combine it with our initial sap to form the 5 blocks needed to generate the 5 words which, when added together, give
   // the session key.
   memcpy(&newSap[0x000], static_source_1, 0x11);
   memcpy(&newSap[0x011], decryptedMessage, 0x80);
   memcpy(&newSap[0x091], &oldSap[0x80], 0x80);
   memcpy(&newSap[0x111], static_source_2, 0x2f);
   memcpy(sessionKey, initial_session_key, 16);

   for (round = 0; round < 5; round++)
   {
      unsigned char* base = &newSap[round * 64];
      print_block("Input block: ", &base[0]);
      print_block("Input block: ", &base[0x10]);
      print_block("Input block: ", &base[0x20]);
      print_block("Input block: ", &base[0x30]);
      modified_md5(base, sessionKey, md5);
      printf("MD5 OK\n");
      sap_hash(base, sessionKey);
      printf("OtherHash OK\n");
      
      printf("MD5       = ");
      for (i = 0; i < 4; i++)
         printf("%08x ", ((uint32_t*)md5)[i]);
      printf("\nOtherHash = ");
      for (i = 0; i < 4; i++)
        printf("%08x ", ((uint32_t*)sessionKey)[i]);
      printf("\n");

      uint32_t* sessionKeyWords = (uint32_t*)sessionKey;
      uint32_t* md5Words = (uint32_t*)md5;
      for (i = 0; i < 4; i++)
      {
         sessionKeyWords[i] = (sessionKeyWords[i] + md5Words[i]) & 0xffffffff;
      }      
      printf("Current key: ");
      for (i = 0; i < 16; i++)
         printf("%02x", sessionKey[i]);
      printf("\n");
   }
   for (i = 0; i < 16; i+=4)
   {
      swap_bytes(&sessionKey[i], &sessionKey[i+3]);
      swap_bytes(&sessionKey[i+1], &sessionKey[i+2]);
   }
      
   // Finally the whole thing is XORd with 121:
   for (i = 0; i < 16; i++)
     sessionKey[i] ^= 121;
   print_block("Session key computed as: ", sessionKey);
}
예제 #5
0
파일: CryptoAuth.c 프로젝트: AVert/cjdns
static uint8_t receiveMessage(struct Message* received, struct Interface* interface)
{
    struct CryptoAuth_Wrapper* wrapper =
        Identity_check((struct CryptoAuth_Wrapper*) interface->receiverContext);

    union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) received->bytes;

    if (received->length < 20) {
        cryptoAuthDebug0(wrapper, "DROP runt");
        return Error_UNDERSIZE_MESSAGE;
    }
    Assert_true(received->padding >= 12 || "need at least 12 bytes of padding in incoming message");
    Assert_true(!((uintptr_t)received->bytes % 4) || !"alignment fault");

    Message_shift(received, -4, NULL);

    uint32_t nonce = Endian_bigEndianToHost32(header->nonce);

    if (!wrapper->established) {
        if (nonce > 3 && nonce != UINT32_MAX) {
            if (wrapper->nextNonce < 3) {
                // This is impossible because we have not exchanged hello and key messages.
                cryptoAuthDebug0(wrapper, "DROP Received a run message to an un-setup session");
                return Error_UNDELIVERABLE;
            }
            cryptoAuthDebug(wrapper, "Trying final handshake step, nonce=%u\n", nonce);
            uint8_t secret[32];
            Assert_ifParanoid(!Bits_isZero(wrapper->ourTempPrivKey, 32));
            Assert_ifParanoid(!Bits_isZero(wrapper->herTempPubKey, 32));
            getSharedSecret(secret,
                            wrapper->ourTempPrivKey,
                            wrapper->herTempPubKey,
                            NULL,
                            wrapper->context->logger);

            // We'll optimistically advance the nextNonce value because decryptMessage()
            // passes the message on to the upper level and if this message causes a
            // response, we want the CA to be in ESTABLISHED state.
            // if the decryptMessage() call fails, we CryptoAuth_reset() it back.
            wrapper->nextNonce += 3;

            if (decryptMessage(wrapper, nonce, received, secret)) {
                cryptoAuthDebug0(wrapper, "Final handshake step succeeded");
                Bits_memcpyConst(wrapper->sharedSecret, secret, 32);

                // Now we're in run mode, no more handshake packets will be accepted
                Bits_memset(wrapper->ourTempPrivKey, 0, 32);
                Bits_memset(wrapper->ourTempPubKey, 0, 32);
                Bits_memset(wrapper->herTempPubKey, 0, 32);
                wrapper->established = true;

                return callReceivedMessage(wrapper, received);
            }
            CryptoAuth_reset(&wrapper->externalInterface);
            cryptoAuthDebug0(wrapper, "DROP Final handshake step failed");
            return Error_UNDELIVERABLE;
        }

        Message_shift(received, 4, NULL);
        return decryptHandshake(wrapper, nonce, received, header);

    } else if (nonce > 3 && nonce != UINT32_MAX) {
        Assert_ifParanoid(!Bits_isZero(wrapper->sharedSecret, 32));
        if (decryptMessage(wrapper, nonce, received, wrapper->sharedSecret)) {
            return callReceivedMessage(wrapper, received);
        } else {
            cryptoAuthDebug0(wrapper, "DROP Failed to decrypt message");
            return Error_UNDELIVERABLE;
        }
    } else if (nonce < 2) {
        cryptoAuthDebug(wrapper, "hello packet during established session nonce=[%d]", nonce);
        Message_shift(received, 4, NULL);
        return decryptHandshake(wrapper, nonce, received, header);
    } else {
        // setup keys are already zeroed, not much we can do here.
        cryptoAuthDebug(wrapper, "DROP key packet during established session nonce=[%d]", nonce);
        return Error_UNDELIVERABLE;
    }
    Assert_true(0);
}
예제 #6
0
파일: CryptoAuth.c 프로젝트: cmotc/cjdns
/** @return 0 on success, -1 otherwise. */
int CryptoAuth_decrypt(struct CryptoAuth_Session* sessionPub, struct Message* msg)
{
    struct CryptoAuth_Session_pvt* session =
        Identity_check((struct CryptoAuth_Session_pvt*) sessionPub);
    union CryptoHeader* header = (union CryptoHeader*) msg->bytes;

    if (msg->length < 20) {
        cryptoAuthDebug0(session, "DROP runt");
        return -1;
    }
    Assert_true(msg->padding >= 12 || "need at least 12 bytes of padding in incoming message");
    Assert_true(!((uintptr_t)msg->bytes % 4) || !"alignment fault");
    Assert_true(!(msg->capacity % 4) || !"length fault");

    Message_shift(msg, -4, NULL);

    uint32_t nonce = Endian_bigEndianToHost32(header->nonce);

    if (!session->established) {
        if (nonce > 3) {
            if (session->nextNonce < 3) {
                // This is impossible because we have not exchanged hello and key messages.
                cryptoAuthDebug0(session, "DROP Received a run message to an un-setup session");
                return -1;
            }
            cryptoAuthDebug(session, "Trying final handshake step, nonce=%u\n", nonce);
            uint8_t secret[32];
            Assert_ifParanoid(!Bits_isZero(session->ourTempPrivKey, 32));
            Assert_ifParanoid(!Bits_isZero(session->herTempPubKey, 32));
            getSharedSecret(secret,
                            session->ourTempPrivKey,
                            session->herTempPubKey,
                            NULL,
                            session->context->logger);

            if (decryptMessage(session, nonce, msg, secret)) {
                cryptoAuthDebug0(session, "Final handshake step succeeded");
                Bits_memcpyConst(session->sharedSecret, secret, 32);

                // Now we're in run mode, no more handshake packets will be accepted
                Bits_memset(session->ourTempPrivKey, 0, 32);
                Bits_memset(session->ourTempPubKey, 0, 32);
                Bits_memset(session->herTempPubKey, 0, 32);
                session->established = true;
                session->nextNonce += 3;
                updateTime(session, msg);
                return 0;
            }
            cryptoAuthDebug0(session, "DROP Final handshake step failed");
            return -1;
        }

        Message_shift(msg, 4, NULL);
        return decryptHandshake(session, nonce, msg, header);

    } else if (nonce > 3) {
        Assert_ifParanoid(!Bits_isZero(session->sharedSecret, 32));
        if (decryptMessage(session, nonce, msg, session->sharedSecret)) {
            updateTime(session, msg);
            return 0;
        } else {
            cryptoAuthDebug0(session, "DROP Failed to decrypt message");
            return -1;
        }
    } else if (nonce < 2) {
        cryptoAuthDebug(session, "hello packet during established session nonce=[%d]", nonce);
        Message_shift(msg, 4, NULL);
        return decryptHandshake(session, nonce, msg, header);
    } else {
        // setup keys are already zeroed, not much we can do here.
        cryptoAuthDebug(session, "DROP key packet during established session nonce=[%d]", nonce);
        return -1;
    }
    Assert_true(0);
}
bool WindowsGSSAPIClientAuthenticator::setChallenge(const boost::optional<ByteArray>& challengeData) {
    /* Following http://tools.ietf.org/html/rfc4752, https://msdn.microsoft.com/en-us/library/windows/desktop/aa380496%28v=vs.85%29.aspx */

    if (step_ == BuildingSecurityContext) {
        buildSecurityContext(challengeData);
    }
    else if (step_ == SecurityLayerNegotiation) {
        if (!challengeData) {
            SWIFT_LOG(debug) << "Empty message received from the server" << std::endl;
            error_ = true;
            return false;
        }

        SafeByteArray challenge;
        errorCode_ = decryptMessage(&contextHandle_, challengeData.get(), challenge);
        if (isError()) {
            return false;
        }

        if (challenge.size() != 4) {
            SWIFT_LOG(debug) << "Token received from the server of incorrect length: " << challenge.size() << std::endl;
            error_ = true;
            return false;
        }

        unsigned char* challengePointer = vecptr(challenge);

        unsigned char serverSecurityLayer = challengePointer[0];
        if (serverSecurityLayer == 0) {
            SWIFT_LOG(debug) << "Server supports unknown security layer, assuming no security layer" << std::endl;
            serverSecurityLayer = SECURITY_LAYER_NONE;
        }
        else if (serverSecurityLayer == SECURITY_LAYER_NONE) {
            SWIFT_LOG(debug) << "Server supports no security layer" << std::endl;
        }
        else {
            SWIFT_LOG(debug) << "Server supports security layer" << std::endl;
        }

        unsigned int serverMaximumBuffer = (challengePointer[1] << 16) |
                        (challengePointer[2] << 8) |
                        (challengePointer[3] << 0);

        if ((serverSecurityLayer == SECURITY_LAYER_NONE) && (serverMaximumBuffer != 0)) {
            SWIFT_LOG(debug) << "Server supports no security layer but has maximum buffer size" << serverMaximumBuffer << std::endl;
            error_ = true;
            return false;
        }

        SafeByteArray message(4);

        /* Commenting this out as streamSizes was not obtained before
        if (message.size() > streamSizes_.cbMaximumMessage) {
            error_ = true;
            return false;
        } */

        unsigned char* messagePointer = vecptr(message);
        messagePointer[0] = SECURITY_LAYER_NONE;

        /* The next 3 bytes indicate the client's maximum size buffer which is set to 0 as we do not support a security layer */
        messagePointer[1] = 0;
        messagePointer[2] = 0;
        messagePointer[3] = 0;

        /* The authorization identity is omitted as it is the same as the authentication identity */

        errorCode_ = encryptMessage(&contextHandle_, sizes_, message, response_);
        if (isError()) {
            return false;
        }

        step_ = ServerAuthenticated;
    }

    if (isError()) {
        return false;
    }

    return true;
}
예제 #8
0
파일: main.c 프로젝트: stoneskill/mix-n2
int main()
{
	int ulRet = 0;

	char data_value[2048] = {0};

	int data_len = 2048;

	char szDBPath [1024] = {0};

	int i = 0;
	int j = 0;
	unsigned char dataKey[16];
	unsigned char keyIV[10];
	unsigned char input[48] ;
	unsigned char output[33];
	unsigned char output1[33];
	unsigned int outputlen = 1024, outputlen1 = 1024;
	int keyPairCnt = 0;

	//for (i = 0; i < 16;i++)
	//{
	//	dataKey[i] = i;
	//}

	//for (i = 0; i < 10;i++)
	//{
	//	keyIV[i] = i;
	//}

	//funcddd((unsigned char *)"MHgCIGujeBGA0OXGoh1WYU7LKorsgKoiHqDQMn4ih1elxxDuAiB89t9D1kA4y95TThSBSjdZTMyToc1JBMMbj+r+yi9u6AQgIuMHlcX/N7mKvOfvU6jcYEeO9E+CM34VVQSQd7T1+MMEEIBRaH9mAh7qTuOPDVIrY14=",strlen("MHgCIGujeBGA0OXGoh1WYU7LKorsgKoiHqDQMn4ih1elxxDuAiB89t9D1kA4y95TThSBSjdZTMyToc1JBMMbj+r+yi9u6AQgIuMHlcX/N7mKvOfvU6jcYEeO9E+CM34VVQSQd7T1+MMEEIBRaH9mAh7qTuOPDVIrY14="));

	//funcddd(0,1);


	strcpy((char *)input, "work hard");

	//cryptoWithSeckey(dataKey,sizeof(dataKey),
	//	keyIV,sizeof(keyIV),
	//	0x00001082,0,
	//	input,48,
	//	output,&outputlen);

	//outputlen = 1024;

	//cryptoWithSeckey(dataKey,sizeof(dataKey),
	//	keyIV,sizeof(keyIV),
	//	0x00001082,1,
	//	output,48,
	//	output1,&outputlen1);

	setLicense("1","1");

	setSystemDBDir("d:/nss_db");


	for(i; i < 1000000; i++)
	{
		sprintf(szDBPath, "%s%d/", "d:/nss_db/", i);

		if( _mkdir(szDBPath) == 0 )
		{
			if (0 == i % 1)
			{
				printf("mkdir %s OK\n", szDBPath);
			}
		}
		else
		{
			printf("mkdir %s ERR\n", szDBPath);
		}

		setSystemDBDir(szDBPath);

		ulRet = verifyPIN("","12345678", 0);

		//{
		//	int certCnt;

		//	char nickname[255] = {0};

		//	char buffer[1024*4];

		//	ulRet = filterCert(&certCnt,"","","",0,0);

		//	getCertNickName(nickname, 0);

		//	ulRet = filterCert(&certCnt,"","","",0,0);

		//	ulRet = encryptMessage(buffer, "abc","SM3",1);

		//	ulRet = decryptMessage(buffer, buffer,"SM3",1);

		//	ulRet = signMessage(buffer, "abc",0,"SM3",0);

		//	ulRet = verifyMessage("abc",buffer,0,"SM3",0);

		//	certCnt = 1;
		//}

		//ulRet = InitPIN("0Mozilla", "0Mozilla");

		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);

		//ulRet = InitPIN("0Mozilla", "0Mozilla");

		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);

		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);
		//ulRet = verifyPIN("","0Mozilla1", 0);

		//ulRet = verifyPIN("","0Mozilla1", 0);

		if (0 == ulRet)
		{

		}
		else if (3 != ulRet)
		{
			printf("%s err\n", "verifyPIN");
			break;
		}
		else
		{
#if defined(PKCS11_USE_SO_PIN)
			ulRet = SetPIN("","12345678",0);

			if (ulRet)
			{
				printf("%s err\n", "SetPIN");
				break;
			}

			ulRet = InitPIN("12345678", "12345678");
			if (ulRet)
			{
				printf("%s err\n", "InitPIN");
				break;
			}
#else
			ulRet = changePIN("", "", "0Mozilla");
			if (ulRet)
			{
				printf("%s err\n", "InitPIN");
				break;
			}
#endif
		}

		for( j = 0; j < 1; j++)
		{
			// 0
			ulRet = verifyPIN("","12345678", 0);
			if (ulRet)
			{
				printf("%s err\n", "verifyPIN");
				break;
			}

			//test_process("0Mozilla", 1);


			{

				char * tt = "MIIB0zCCAXigAwIBAgICNTUwCgYIKoEcz1UBg3UwEzERMA8GA1UEAx4Ilj9lr4SCgqwwHhcNMTYwNjIwMTA0NzE0WhcNMTYwNzEwMTA0NzE0WjBSMQ4wDAYDVQQKEwV0cnVzdDEOMAwGA1UECxMFdHJ1c3QxHzAdBgkqhkiG9w0BCQEWEDI0NDU0MDQ5OUBxcS5jb20xDzANBgNVBAMMBsDux7/HvzBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABKfvhpW55Z/E4DIA+sUof7EeVUkZJuI5DDSrdG4Zf7LaCDEzBb8CJ0Gvlls0OxkoPGIS4ECKMrBpodjjcX7HWyijfTB7MA8GA1UdEwEB/wQFMAMCAQEwHQYDVR0OBBYEFJ0dh7sd1NP3L0/mVZLC1687ww6tMDwGA1UdIwQ1MDOAFPWFFozl/60F0a0Vw5b/98Fz4bTToRekFTATMREwDwYDVQQDHgiWP2WvhIKCrIICRkYwCwYDVR0PBAQDAgbAMAoGCCqBHM9VAYN1A0kAMEYCIQCmJIXfnVUYW2WdP1SwZeeUAVXDnORKoppe1dBudKTaOAIhAIbeAZ+ndEPRAr6hQDhjYIAz4gnFPM28DOP/gxUTPgk0";
				int certCnt;

				char nickname[255] = {0};

				char * filepw = "12345678";
				
				char * filename = "sm2.pfx";

				char buffer[1024*4];
				char pfxBuffer[1024*4];
				int pfxBufferLen = 1024*4;

				FILE_READ("","SN-100000100000004.pfx",pfxBuffer,&pfxBufferLen);

				//importCert(0,tt);

				//ulRet = filterCert(&certCnt,"","","",0,0);
				ulRet = filterCert(&certCnt,"","","",0,0);

				getCertNickName(nickname, 0);

				//ulRet = FilePfxExport_main(pfxBuffer,&pfxBufferLen,filepw,nickname,NULL);

				//FILE_WRITE("","ppk.pfx",pfxBuffer,pfxBufferLen);

				ulRet = FilePfxImport_main(pfxBuffer, pfxBufferLen,filepw,nickname,NULL);

				ulRet = filterCert(&certCnt,"","","",0,0);

				ulRet = encryptMessage(buffer, "abc","SM3",1);

				ulRet = decryptMessage(buffer, buffer,"SM3",1);

				ulRet = signMessage(buffer, "abc",0,"SM3",0);

				ulRet = verifyMessage("abc",buffer,0,"SM3",0);

				certCnt = 1;
			}

			return 0;


			ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 256, "SM2");
			if (ulRet)
			{
				printf("%s err\n", "genCSR");
				break;
			}

			



#if defined(PKCS11_USE_SO_PIN)
			// 1
			ulRet = SetPIN("0Mozilla",szDBPath,0);
			if (ulRet)
			{
				printf("%s err\n", "SetPIN");
				break;
			}

			ulRet = verifyPIN("","0Mozilla", 0);
			if (ulRet)
			{
				printf("%s err\n", "verifyPIN");
				break;
			}

			ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 2048, "RSA");
			if (ulRet)
			{
				printf("%s err\n", "genCSR");
				break;
			}

			//2
			ulRet = SetPIN("0Mozilla",szDBPath,1);
			if (ulRet)
			{
				printf("%s err\n", "SetPIN");
				break;
			}

			ulRet = verifyPIN("",szDBPath, 0);
			if (ulRet)
			{
				printf("%s err\n", "verifyPIN");
				break;
			}

			ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 256, "SM2");
			if (ulRet)
			{
				printf("%s err\n", "genCSR");
				break;
			}


			//3
			ulRet = SetPIN(szDBPath, "0Mozilla",0);
			if (ulRet)
			{
				printf("%s err\n", "SetPIN");
				break;
			}

			ulRet = verifyPIN("",szDBPath, 0);
			if (ulRet)
			{
				printf("%s err\n", "verifyPIN");
				break;
			}

			ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 256, "SM2");
			if (ulRet)
			{
				printf("%s err\n", "genCSR");
				break;
			}

			//4
			ulRet = InitPIN("0Mozilla","0Mozilla");
			if (ulRet)
			{
				printf("%s err\n", "InitPIN");
				break;
			}

			ulRet = verifyPIN("","0Mozilla", 0);
			if (ulRet)
			{
				printf("%s err\n", "verifyPIN");
				break;
			}

			ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 256, "SM2");
			if (ulRet)
			{
				printf("%s err\n", "genCSR");
				break;
			}
#else
			ulRet = SetPIN("0Mozilla","test",1);
			if (ulRet)
			{
				printf("%s err\n", "SetPIN");
				break;
			}

			ulRet = verifyPIN("","test", 0);
			if (ulRet)
			{
				printf("%s err\n", "verifyPIN");
				break;
			}

			ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 256, "SM2");
			if (ulRet)
			{
				printf("%s err\n", "genCSR");
				break;
			}

			ulRet = changePIN("", "test","0Mozilla");
			if (ulRet)
			{
				printf("%s err\n", "SetPIN");
				break;
			}

			ulRet = verifyPIN("","0Mozilla", 0);
			if (ulRet)
			{
				printf("%s err\n", "verifyPIN");
				break;
			}

			ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 256, "SM2");
			if (ulRet)
			{
				printf("%s err\n", "genCSR");
				break;
			}
#endif
			printf("current j = %d\n" , j);
		}
		
		//ulRet = genCSR( data_value, "", "李强强", "*****@*****.**", "trust", "trust", 256, "SM2");

		//ulRet = enumKeyPair(&keyPairCnt);

		//{

		//	char * digital = "MHgCIF1PHwjtpIM8tOnxvBwVXVt6xJoyAgBZqb7H4wE0SN9RAiDsiL8W8TLVmslY57rUC50tGQbq3uHIMVBy6++MrWyo0AQg/UR08eazuJPhNDfIkN3g5O18iqj1J6ekoA9pdekv0/wEEKOO0iOf0QpP7lTgnVtV0/o=";
		//	char * iv = "hqF+O1JTu1xnOHKZsrpMmA==";
		//	char * key = "nGameazgInZiRHBycWzXfkH3FtzSM8FVDTn4MVRjAh+TikzDtd1K4FkPzghs58zh";

		//	importDEPrivateKey(0,digital,0x00001082,iv,key);



		//}



		{
			//char * tt = "MIICAjCCAaigAwIBAgIBATAKBggqgRzPVQGDdTArMQ0wCwYDVQQDEwRyb290MRowGAYJKoZIhvcNAQkBFgtyb290QGNhLmNvbTAeFw0xNTExMTMwNjEyMDJaFw0xNjAxMDcwNjEyMDJaMFIxDjAMBgNVBAoTBXRydXN0MQ4wDAYDVQQLEwV0cnVzdDEfMB0GCSqGSIb3DQEJARYQMjQ0NTQwNDk5QHFxLmNvbTEPMA0GA1UEAwwGwO7Hv8e/MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEzx3tRmgaUr0d0Q9NcoZQ26Srn/g3TyooA20MSiDRKgOm9HnYp4bkYbvOQki25vz5hdUV+KAR/BrLgW8474zIeqOBlTCBkjAPBgNVHRMBAf8EBTADAgEBMB0GA1UdDgQWBBSe2mE9d+LGYPimZ7Dstz5LgW6i/DBTBgNVHSMETDBKgBRT9Im/OTjF4gLZpb1RTRwYg9RhVaEvpC0wKzENMAsGA1UEAxMEcm9vdDEaMBgGCSqGSIb3DQEJARYLcm9vdEBjYS5jb22CAQEwCwYDVR0PBAQDAgbAMAoGCCqBHM9VAYN1A0gAMEUCIEaMK0VHMuWoUQZsYF8I8/J0CUEIA8zlHmLoFY5e6MFlAiEAotRlzDuUDk/b0mqjEBTagZMJxbuUToHgvFbKnAht6Xc=";

			//int certCnt;

			//char buffer[10000];

			//importCert(0,tt);

			//ulRet = filterCert(&certCnt,"","","",0,0);


			//ulRet = signMessage(buffer, "abc",0,"SM3",1);

			//ulRet = verifyMessage("abc",buffer,0,"SM3",1);

			//certCnt = 1;
		}

		{
			//unsigned char datakey[32] = {0xC2,0x17,0x51,0x1E,0x23,0x5A,0x2A,0xCE,0x72,0x15,0xCF,0x7F,0xE6,0x26,0x7D,0xD1,0xBB,0x1C,0x57,0x21,0x4A,0xC9,0x8A,0xFF,0x34,0x68,0x02,0xEC,0x28,0x68,0xDC,0xF3};

			//ulRet = importSM2PrivateKey(datakey, 32);
		}


		if (0 == i%1)
		{
			unsigned char in_value[32] = {0};
			unsigned int in_len = 32;
			unsigned int out_len = 256;
			unsigned char out_value[256] = {0};

			int certID = 0;

			char nickname[100] = {0};

			memcpy(in_value,"112233445566", 12);

			ulRet = enumKeyPair(&keyPairCnt);
			if (ulRet)
			{
				printf("%s err\n", "enumKeyPair");
				break;
			}

			ulRet = cryptoWithKeyPairID(0,0,in_value, in_len,out_value,&out_len);
			if (ulRet)
			{
				printf("%s err\n", "cryptoWithKeyPairID");
				break;
			}
			memset(in_value, 0, in_len);
			in_len *= 2;
			ulRet = cryptoWithKeyPairID(0,1,out_value, out_len,in_value,&in_len);
			if (ulRet)
			{
				printf("%s err\n", "cryptoWithKeyPairID");
				break;
			}

			ulRet = sgnvfyMsgWithKeyPairID(0,0,320, in_value, in_len,out_value,&out_len);
			if (ulRet)
			{
				printf("%s err\n", "sgnvfyMsgWithKeyPairID");
				break;
			}

			ulRet = sgnvfyMsgWithKeyPairID(0,1,320,in_value, in_len,out_value,&out_len);

			FILE_LOG_HEX("cc.txt",out_value,(unsigned long)out_len);

			if (ulRet)
			{
				printf("%s err\n", "sgnvfyMsgWithKeyPairID");
				break;
			}

			printf("%s %d\n", "enumKeyPair", keyPairCnt);

		}

	}

	printf("number %d is ok\n",i);

	printf("input any key to close\n",i);

	getchar();

	return 0;
}