CK_RV encryptData(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_CHAR* pData, CK_SIZE dataLen, CK_CHAR** ppEncData, CK_SIZE* pEncDataLen){ CK_RV rv = CKR_OK; CK_MECHANISM mech; CK_MECHANISM_TYPE mechType = CKM_DES3_ECB; /* * Determine and set up the encryption mechanism based on the key * type of hKey */ mech.mechanism = mechType; mech.pParameter = NULL; mech.parameterLen = 0; /* Initialise the encrypt operation */ rv = C_EncryptInit(hSession, &mech, hKey); CHECK_CK_RV_GOTO(rv, "C_EncryptInit", end); /* Do a length prediction so we allocate enough memory for the ciphertext */ rv = C_Encrypt(hSession, pData, dataLen, NULL, pEncDataLen); CHECK_CK_RV_GOTO(rv, "C_Encrypt 1", end); *ppEncData = (CK_CHAR*)malloc(*pEncDataLen); if (*ppEncData == NULL) return CKR_HOST_MEMORY; /* Do the proper encrypt */ rv = C_Encrypt(hSession, pData, dataLen, *ppEncData, pEncDataLen); CHECK_CK_RV_GOTO(rv, "C_Encrypt 2", end); end: return rv; }
HRESULT Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Encryptor::TransformFinalBlockInternal___SZARRAY_U1__SZARRAY_U1__I4__I4( CLR_RT_StackFrame& stack ) { TINYCLR_HEADER(); CLR_RT_HeapBlock* pThis = stack.This(); CLR_RT_HeapBlock_Array* pData = stack.Arg1().DereferenceArray(); CLR_INT32 offset = stack.Arg2().NumericByRef().s4; CLR_INT32 len = stack.Arg3().NumericByRef().s4; CLR_RT_HeapBlock* pSession = pThis[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_SessionContainer::FIELD__m_session].Dereference(); CK_SESSION_HANDLE hSession; CLR_UINT32 encrSize = 0; CLR_UINT32 maxSize; CLR_RT_HeapBlock hbRef; CLR_RT_HeapBlock* pRet; FAULT_ON_NULL_ARG(pData); FAULT_ON_NULL_ARG(pSession); if((offset + len) > (CLR_INT32)pData->m_numOfElements) TINYCLR_SET_AND_LEAVE(CLR_E_OUT_OF_RANGE); hSession = (CK_SESSION_HANDLE)pSession[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Session::FIELD__m_handle].NumericByRef().s4; if(hSession == CK_SESSION_HANDLE_INVALID) TINYCLR_SET_AND_LEAVE(CLR_E_OBJECT_DISPOSED); CRYPTOKI_CHECK_RESULT(stack, C_Encrypt(hSession, pData->GetElement(offset), len, NULL, (CK_ULONG_PTR)&encrSize)); maxSize = encrSize; TINYCLR_CHECK_HRESULT(CLR_RT_HeapBlock_Array::CreateInstance(hbRef, encrSize, g_CLR_RT_WellKnownTypes.m_UInt8)); CRYPTOKI_CHECK_RESULT(stack, C_Encrypt(hSession, pData->GetElement(offset), len, hbRef.DereferenceArray()->GetFirstElement(), (CK_ULONG_PTR)&encrSize)); if(encrSize < maxSize) { CLR_RT_HeapBlock refSmall; TINYCLR_CHECK_HRESULT(CLR_RT_HeapBlock_Array::CreateInstance(refSmall, encrSize, g_CLR_RT_WellKnownTypes.m_UInt8)); memcpy(refSmall.DereferenceArray()->GetFirstElement(), hbRef.DereferenceArray()->GetFirstElement(), encrSize); pRet = refSmall.Dereference(); } else { pRet = hbRef.Dereference(); } stack.SetResult_Object(pRet); TINYCLR_NOCLEANUP(); }
void CPKCSDemoDlg::OnBtnEncrypt() { StartOP(); CK_RV rv; if(m_pbCipherBuffer) { delete[] m_pbCipherBuffer; m_pbCipherBuffer = NULL_PTR; m_ulCipherLen = 0; } rv = C_EncryptInit(m_hSession, &ckMechanism, m_hPubKey); if(CKR_OK != rv) { ShowErr(NEWLINE"Failed to call EncryptInit !Error code 0x%08X."NEWLINE, rv); return; } rv = C_Encrypt(m_hSession, pbMsg, ulMsgLen, NULL_PTR, &m_ulCipherLen); if(CKR_OK != rv) { ShowErr(NEWLINE"Can't acquire the size of Data After encrypt,Error code 0x%08X."NEWLINE, rv); return; } m_pbCipherBuffer = (CK_BYTE_PTR)new CK_BYTE[m_ulCipherLen]; if (! m_pbCipherBuffer) { ShowMsg(NEWLINE"Can't allocate enough memory!"NEWLINE); return; } ZeroMemory(m_pbCipherBuffer, m_ulCipherLen); rv = C_Encrypt(m_hSession, pbMsg, ulMsgLen, m_pbCipherBuffer, &m_ulCipherLen); if (CKR_OK != rv) { ShowErr(NEWLINE"Failed to encrypt!Error code 0x%08X."NEWLINE, rv); return; } ShowMsg(NEWLINE"Data :"NEWLINE); ShowMsg((char*)pbMsg); ShowMsg(NEWLINE"was encrypted successfully!"NEWLINE"Encryted Data is:"NEWLINE); ShowMsg(nByteToStr(m_ulCipherLen, m_pbCipherBuffer, 1, 16)); ShowMsg(NEWLINE""NEWLINE"Now you can decrypt by using RSA private key!"NEWLINE); m_btnDecrypt.EnableWindow(TRUE); }
void AsymEncryptDecryptTests::rsaEncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey) { CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; CK_RSA_PKCS_OAEP_PARAMS oaepParams = { CKM_SHA_1, CKG_MGF1_SHA1, 1, NULL_PTR, 0 }; CK_BYTE plainText[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,0x0C, 0x0D, 0x0F }; CK_BYTE cipherText[256]; CK_ULONG ulCipherTextLen; CK_BYTE recoveredText[256]; CK_ULONG ulRecoveredTextLen; CK_RV rv; if (mechanismType == CKM_RSA_PKCS_OAEP) { mechanism.pParameter = &oaepParams; mechanism.ulParameterLen = sizeof(oaepParams); } rv = C_EncryptInit(hSession,&mechanism,hPublicKey); CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextLen = sizeof(cipherText); rv =C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen); CPPUNIT_ASSERT(rv==CKR_OK); rv = C_DecryptInit(hSession,&mechanism,hPrivateKey); CPPUNIT_ASSERT(rv==CKR_OK); ulRecoveredTextLen = sizeof(recoveredText); rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen); CPPUNIT_ASSERT(rv==CKR_OK); CPPUNIT_ASSERT(memcmp(plainText, &recoveredText[ulRecoveredTextLen-sizeof(plainText)], sizeof(plainText)) == 0); }
/* OpenSSL assumes that the output buffer is always big enough */ int pkcs11_private_encrypt(int flen, const unsigned char *from, unsigned char *to, PKCS11_KEY *key, int padding) { PKCS11_SLOT *slot = KEY2SLOT(key); PKCS11_CTX *ctx = KEY2CTX(key); PKCS11_KEY_private *kpriv = PRIVKEY(key); PKCS11_SLOT_private *spriv = PRIVSLOT(slot); CK_MECHANISM mechanism; CK_ULONG size; int rv; size = pkcs11_get_key_size(key); if (pkcs11_mechanism(&mechanism, padding) < 0) return -1; CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock); /* Try signing first, as applications are more likely to use it */ rv = CRYPTOKI_call(ctx, C_SignInit(spriv->session, &mechanism, kpriv->object)); if (rv == CKR_USER_NOT_LOGGED_IN) rv = pkcs11_authenticate(key); if (!rv) rv = CRYPTOKI_call(ctx, C_Sign(spriv->session, (CK_BYTE *)from, flen, to, &size)); if (rv == CKR_KEY_FUNCTION_NOT_PERMITTED) { /* OpenSSL may use it for encryption rather than signing */ rv = CRYPTOKI_call(ctx, C_EncryptInit(spriv->session, &mechanism, kpriv->object)); if (rv == CKR_USER_NOT_LOGGED_IN) rv = pkcs11_authenticate(key); if (!rv) rv = CRYPTOKI_call(ctx, C_Encrypt(spriv->session, (CK_BYTE *)from, flen, to, &size)); } CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock); if (rv) { PKCS11err(PKCS11_F_PKCS11_RSA_ENCRYPT, pkcs11_map_err(rv)); return -1; } return size; }
void SymmetricAlgorithmTests::des3EncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; CK_BYTE iv[8]; CK_BYTE plainText[256]; CK_BYTE cipherText[300]; CK_ULONG ulCipherTextLen; CK_BYTE recoveredText[300]; CK_ULONG ulRecoveredTextLen; CK_RV rv; rv = C_GenerateRandom(hSession, plainText, sizeof(plainText)); CPPUNIT_ASSERT(rv==CKR_OK); if (mechanismType == CKM_DES3_CBC) { rv = C_GenerateRandom(hSession, iv, sizeof(iv)); CPPUNIT_ASSERT(rv==CKR_OK); mechanism.pParameter = iv; mechanism.ulParameterLen = sizeof(iv); } rv = C_EncryptInit(hSession,&mechanism,hKey); CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextLen = sizeof(cipherText); rv = C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen); CPPUNIT_ASSERT(rv==CKR_OK); CPPUNIT_ASSERT(ulCipherTextLen==sizeof(plainText)); rv = C_DecryptInit(hSession,&mechanism,hKey); CPPUNIT_ASSERT(rv==CKR_OK); ulRecoveredTextLen = sizeof(recoveredText); rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen); CPPUNIT_ASSERT(rv==CKR_OK); CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(plainText)); CPPUNIT_ASSERT(memcmp(plainText, recoveredText, sizeof(plainText)) == 0); }
void SymmetricAlgorithmTests::des3EncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; CK_BYTE iv[8]; CK_BYTE plainText[256]; CK_BYTE cipherText[300]; CK_ULONG ulCipherTextLen; CK_BYTE cipherTextMulti[300]; CK_ULONG ulCipherTextMultiLen; CK_ULONG ulCipherTextMultiPartLen; CK_BYTE recoveredText[300]; CK_ULONG ulRecoveredTextLen; CK_RV rv; rv = C_GenerateRandom(hSession, plainText, sizeof(plainText)); CPPUNIT_ASSERT(rv==CKR_OK); if (mechanismType == CKM_DES3_CBC || mechanismType == CKM_DES3_CBC_PAD) { rv = C_GenerateRandom(hSession, iv, sizeof(iv)); CPPUNIT_ASSERT(rv==CKR_OK); mechanism.pParameter = iv; mechanism.ulParameterLen = sizeof(iv); } // Single-part encryption rv = C_EncryptInit(hSession,&mechanism,hKey); CPPUNIT_ASSERT(rv==CKR_OK); // Test invalid plain text size if (mechanismType == CKM_DES3_ECB || mechanismType == CKM_DES3_CBC) { ulCipherTextLen = sizeof(cipherText); rv = C_Encrypt(hSession,plainText,sizeof(plainText)-1,cipherText,&ulCipherTextLen); CPPUNIT_ASSERT(rv==CKR_DATA_LEN_RANGE); rv = C_EncryptInit(hSession,&mechanism,hKey); CPPUNIT_ASSERT(rv==CKR_OK); } ulCipherTextLen = sizeof(cipherText); rv = C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen); CPPUNIT_ASSERT(rv==CKR_OK); if (mechanismType == CKM_DES3_CBC_PAD) { CPPUNIT_ASSERT(ulCipherTextLen==(sizeof(plainText)+8)); } else { CPPUNIT_ASSERT(ulCipherTextLen==sizeof(plainText)); } // Multi-part encryption rv = C_EncryptInit(hSession,&mechanism,hKey); CPPUNIT_ASSERT(rv==CKR_OK); // Test invalid plain text size if (mechanismType == CKM_DES3_ECB || mechanismType == CKM_DES3_CBC) { ulCipherTextMultiLen = sizeof(cipherTextMulti); rv = C_EncryptUpdate(hSession,plainText,sizeof(plainText)/2-1,cipherTextMulti,&ulCipherTextMultiLen); CPPUNIT_ASSERT(rv==CKR_DATA_LEN_RANGE); rv = C_EncryptInit(hSession,&mechanism,hKey); CPPUNIT_ASSERT(rv==CKR_OK); } ulCipherTextMultiLen = sizeof(cipherTextMulti); rv = C_EncryptUpdate(hSession,plainText,sizeof(plainText)/2,cipherTextMulti,&ulCipherTextMultiLen); CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextMultiPartLen = sizeof(cipherTextMulti) - ulCipherTextMultiLen; rv = C_EncryptUpdate(hSession,plainText+sizeof(plainText)/2,sizeof(plainText)/2,cipherTextMulti+ulCipherTextMultiLen,&ulCipherTextMultiPartLen); CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextMultiLen += ulCipherTextMultiPartLen; ulCipherTextMultiPartLen = sizeof(cipherTextMulti) - ulCipherTextMultiLen; rv = C_EncryptFinal(hSession,cipherTextMulti+ulCipherTextMultiLen,&ulCipherTextMultiPartLen); CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextMultiLen += ulCipherTextMultiPartLen; CPPUNIT_ASSERT(ulCipherTextLen==ulCipherTextMultiLen); CPPUNIT_ASSERT(memcmp(cipherText, cipherTextMulti, ulCipherTextLen) == 0); // Single-part decryption rv = C_DecryptInit(hSession,&mechanism,hKey); CPPUNIT_ASSERT(rv==CKR_OK); ulRecoveredTextLen = sizeof(recoveredText); rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen); CPPUNIT_ASSERT(rv==CKR_OK); CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(plainText)); CPPUNIT_ASSERT(memcmp(plainText, recoveredText, sizeof(plainText)) == 0); }
void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_OBJECT_HANDLE &hDerive, CK_MECHANISM_TYPE mechType, CK_KEY_TYPE keyType) { CK_RV rv; CK_MECHANISM mechanism = { mechType, NULL_PTR, 0 }; CK_MECHANISM mechEncrypt = { CKM_VENDOR_DEFINED, NULL_PTR, 0 }; CK_KEY_DERIVATION_STRING_DATA param1; CK_DES_CBC_ENCRYPT_DATA_PARAMS param2; CK_AES_CBC_ENCRYPT_DATA_PARAMS param3; CK_BYTE data[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 }; CK_ULONG secLen = 0; switch (mechType) { case CKM_DES_ECB_ENCRYPT_DATA: case CKM_DES3_ECB_ENCRYPT_DATA: case CKM_AES_ECB_ENCRYPT_DATA: param1.pData = &data[0]; param1.ulLen = sizeof(data); mechanism.pParameter = ¶m1; mechanism.ulParameterLen = sizeof(param1); break; case CKM_DES_CBC_ENCRYPT_DATA: case CKM_DES3_CBC_ENCRYPT_DATA: memcpy(param2.iv, "12345678", 8); param2.pData = &data[0]; param2.length = sizeof(data); mechanism.pParameter = ¶m2; mechanism.ulParameterLen = sizeof(param2); break; case CKM_AES_CBC_ENCRYPT_DATA: memcpy(param3.iv, "1234567890ABCDEF", 16); param3.pData = &data[0]; param3.length = sizeof(data); mechanism.pParameter = ¶m3; mechanism.ulParameterLen = sizeof(param3); break; default: CPPUNIT_FAIL("Invalid mechanism"); } switch (keyType) { case CKK_GENERIC_SECRET: secLen = 32; break; case CKK_DES: mechEncrypt.mechanism = CKM_DES_ECB; break; case CKK_DES2: case CKK_DES3: mechEncrypt.mechanism = CKM_DES3_ECB; break; case CKK_AES: mechEncrypt.mechanism = CKM_AES_ECB; secLen = 32; break; default: CPPUNIT_FAIL("Invalid key type"); } CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; CK_BBOOL bFalse = CK_FALSE; CK_BBOOL bTrue = CK_TRUE; CK_ATTRIBUTE keyAttribs[] = { { CKA_CLASS, &keyClass, sizeof(keyClass) }, { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_PRIVATE, &bFalse, sizeof(bFalse) }, { CKA_ENCRYPT, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, { CKA_SENSITIVE, &bFalse, sizeof(bFalse) }, { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) }, { CKA_VALUE_LEN, &secLen, sizeof(secLen) } }; hDerive = CK_INVALID_HANDLE; if (secLen > 0) { rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hKey, keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE), &hDerive) ); } else { rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hKey, keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, &hDerive) ); } CPPUNIT_ASSERT(rv == CKR_OK); // Check that KCV has been set CK_ATTRIBUTE checkAttribs[] = { { CKA_CHECK_VALUE, NULL_PTR, 0 } }; CK_BYTE check[3]; checkAttribs[0].pValue = check; checkAttribs[0].ulValueLen = sizeof(check); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hDerive, checkAttribs, 1) ); CPPUNIT_ASSERT(rv == CKR_OK); CPPUNIT_ASSERT(checkAttribs[0].ulValueLen == 3); if (keyType == CKK_GENERIC_SECRET) return; CK_BYTE cipherText[300]; CK_ULONG ulCipherTextLen; CK_BYTE recoveredText[300]; CK_ULONG ulRecoveredTextLen; rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextLen = sizeof(cipherText); rv = CRYPTOKI_F_PTR( C_Encrypt(hSession,data,sizeof(data),cipherText,&ulCipherTextLen) ); CPPUNIT_ASSERT(rv==CKR_OK); rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,&mechEncrypt,hDerive) ); CPPUNIT_ASSERT(rv==CKR_OK); ulRecoveredTextLen = sizeof(recoveredText); rv = CRYPTOKI_F_PTR( C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen) ); CPPUNIT_ASSERT(rv==CKR_OK); CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(data)); CPPUNIT_ASSERT(memcmp(data, recoveredText, sizeof(data)) == 0); }
void ECCSpeedTest() { CK_RV rv = 0; CK_SLOT_ID SlotId = 0; CK_SESSION_HANDLE hSession = 0; CK_OBJECT_HANDLE hECCPubKey = 0; CK_OBJECT_HANDLE hECCPriKey = 0; CK_BBOOL isTrue = FALSE; CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY; CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY; CK_BYTE Id[] = "MY_ECC_KEY"; CK_ATTRIBUTE ECCPubKey[] = { {CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)}, {CKA_ID, &Id, strlen(Id)}, {CKA_TOKEN, &isTrue, sizeof(isTrue)} }; CK_ATTRIBUTE ECCPriKey[] = { {CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)}, {CKA_ID, &Id, strlen(Id)}, {CKA_TOKEN, &isTrue, sizeof(isTrue)} }; CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0}; CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0}; CK_BYTE indata[160] = {0x00}; CK_BYTE outdata[300] = {0x00}; CK_BYTE temp[300] = {0x00}; CK_ULONG outlength = 0; CK_ULONG templength = 0; CK_ULONG i = 0; LARGE_INTEGER Frequency; LARGE_INTEGER StartNum; LARGE_INTEGER EndNum; double Second; memset(indata, 0x42, 111); memset(outdata, 0x00, 300); memset(temp, 0x00, 300); rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession); #ifdef DEVICE_KEY C_Login(hSession, CKU_SO, "11111111", 8); #endif QueryPerformanceFrequency(&Frequency); QueryPerformanceCounter(&StartNum); for (i=0; i<LOOPTIMES; i++) { C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey); } QueryPerformanceCounter(&EndNum); Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart); printf("Generate ECC Key Time is: %03f s\n", Second/LOOPTIMES); QueryPerformanceCounter(&StartNum); for (i=0; i<LOOPTIMES; i++) { C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey); C_Encrypt(hSession, indata, 111, outdata, &outlength); C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey); C_Decrypt(hSession, outdata, outlength, temp, &templength); } QueryPerformanceCounter(&EndNum); Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart); printf("ECC Encrypt and Decrypt Time is: %03f s\n", Second/LOOPTIMES); #ifdef DEVICE_KEY C_Logout(hSession); #endif C_CloseSession(hSession); }
FLAG ECCTest_out() { CK_RV rv = 0; CK_SLOT_ID SlotId = 0; CK_SESSION_HANDLE hSession = 0; CK_OBJECT_HANDLE hECCPubKey = 0; CK_OBJECT_HANDLE hECCPriKey = 0; CK_BBOOL isTrue = TRUE; CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY; CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY; CK_BYTE Id[] = "MY_ECC_KEY"; CK_ATTRIBUTE ECCPubKey[] = { {CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)}, {CKA_ID, &Id, strlen(Id)}, {CKA_TOKEN, &isTrue, sizeof(isTrue)} }; CK_ATTRIBUTE ECCPriKey[] = { {CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)}, {CKA_ID, &Id, strlen(Id)}, {CKA_TOKEN, &isTrue, sizeof(isTrue)} }; CK_ATTRIBUTE CreateECCPubKey[] = { {CKA_CLASS, NULL_PTR, 0}, {CKA_MODULUS_BITS, NULL_PTR, 0}, {CKA_ID, NULL_PTR, 0}, {CKA_EC_POINT, NULL_PTR, 0} }; CK_ATTRIBUTE CreateECCPriKey[] = { {CKA_CLASS, NULL_PTR, 0}, {CKA_ID, NULL_PTR, 0}, {CKA_MODULUS_BITS, NULL_PTR, 0}, {CKA_VALUE, NULL_PTR, 0} }; CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0}; CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0}; CK_BYTE indata[160] = {0x00}; CK_BYTE outdata[300] = {0x00}; CK_BYTE temp[300] = {0x00}; CK_ULONG outlength = 0; CK_ULONG templength = 0; printf("ECC Outside Encrypt and Decrypt!\n"); rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession); #ifdef DEVICE_KEY C_Login(hSession, CKU_SO, "11111111", 8); #endif rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey); rv = C_CloseSession(hSession); rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession); #ifdef DEVICE_KEY C_Login(hSession, CKU_SO, "11111111", 8); #endif rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4); if (rv == 0) { CreateECCPubKey[0].pValue = malloc(CreateECCPubKey[0].ulValueLen); if (CreateECCPubKey[0].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); return -1; } CreateECCPubKey[1].pValue = malloc(CreateECCPubKey[1].ulValueLen); if (CreateECCPubKey[1].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPubKey, 1); return -1; } CreateECCPubKey[2].pValue = malloc(CreateECCPubKey[2].ulValueLen); if (CreateECCPubKey[2].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPubKey, 2); return -1; } CreateECCPubKey[3].pValue = malloc(CreateECCPubKey[3].ulValueLen); if (CreateECCPubKey[3].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPubKey, 3); return -1; } rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4); rv = C_DestroyObject(hSession, hECCPubKey); rv = C_CreateObject(hSession, CreateECCPubKey, 4, &hECCPubKey); } FreeAttribute(CreateECCPubKey, 4); memset(indata, 0x33, 110); memset(outdata, 0x00, 300); memset(temp, 0x00, 300); rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey); rv = C_Encrypt(hSession, indata, 110, outdata, &outlength); rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4); if (rv == 0) { CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen); if (CreateECCPriKey[0].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); return -1; } CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen); if (CreateECCPriKey[1].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPriKey, 1); return -1; } CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen); if (CreateECCPriKey[2].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPriKey, 2); return -1; } CreateECCPriKey[3].pValue = malloc(CreateECCPriKey[3].ulValueLen); if (CreateECCPriKey[3].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPriKey, 3); return -1; } rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4); rv = C_DestroyObject(hSession, hECCPriKey); rv = C_CreateObject(hSession, CreateECCPriKey, 4, &hECCPriKey); } FreeAttribute(CreateECCPriKey, 4); rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey); rv = C_Decrypt(hSession, outdata, outlength, temp, &templength); #ifdef DEVICE_KEY C_Logout(hSession); #endif rv = C_CloseSession(hSession); if (memcmp(indata, temp, 110) == 0 && templength == 110) { printf("OK ECC OUT!\n"); } else { printf("ERROR ECC OUT!\n"); } return 0; }
FLAG ECCTest_in() { CK_RV rv = 0; CK_SLOT_ID SlotId = 0; CK_SESSION_HANDLE hSession = 0; CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY; CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY; CK_BYTE ECCPubLabel[] = "ECC_PUBLIC_KEY_7"; CK_BYTE ECCPriLabel[] = "ECC_PRIVATE_KEY_7"; CK_BBOOL isFalse = TRUE; #if 0 /* CKA_LABEL TEST*/ CK_ATTRUBUTE ECCKeyLabel = { CAK_LABEL,//type ECCPub//value //value_len }; #endif /* END CAK_LABEL TEST*/ CK_ATTRIBUTE ECCPubKey[] = { {CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)}, {CKA_LABEL, &ECCPubLabel, sizeof(ECCPubLabel)}, {CKA_TOKEN, &isFalse, sizeof(isFalse)} }; CK_ATTRIBUTE ECCPriKey[] = { {CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)}, {CKA_LABEL, &ECCPriLabel, sizeof(ECCPriLabel)}, {CKA_TOKEN, &isFalse, sizeof(isFalse)} }; CK_ATTRIBUTE CreateECCPriKey[] = { {CKA_CLASS, NULL_PTR, 0}, {CKA_MODULUS_BITS, NULL_PTR, 0}, {CKA_VALUE, NULL_PTR, 0} }; CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0}; CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0}; CK_OBJECT_HANDLE hECCPubKey = 0; CK_OBJECT_HANDLE hECCPriKey = 0; CK_BYTE indata[160] = {0x00}; CK_BYTE outdata[300] = {0x00}; CK_BYTE temp[300] = {0x00}; CK_ULONG outlength = 0; CK_ULONG templength = 0; memset(indata, 0x31, 40); memset(outdata, 0x00, 300); memset(temp, 0x00, 300); printf("ECC Inside Encrypt and Decrypt!\n"); rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession); #ifdef DEVICE_KEY C_Login(hSession, CKU_SO, "11111111", 8); #endif rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey); rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey); rv = C_Encrypt(hSession, indata, 40, outdata, &outlength); rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey); rv = C_Decrypt(hSession, outdata, outlength, temp, &templength); if (memcmp(indata, temp, 40) == 0 && templength == 40) { printf("OK ECC IN!\n"); } else { printf("ERROR ECC IN!\n"); } printf("ECC Crossing Encrypt and Decrypt!\n"); memset(indata, 0x33, 110); memset(outdata, 0x00, 300); memset(temp, 0x00, 300); rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3); if (rv == 0) { CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen); if (CreateECCPriKey[0].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); return -1; } CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen); if (CreateECCPriKey[1].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPriKey, 1); return -1; } CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen); if (CreateECCPriKey[2].pValue == NULL) { printf("ECCTest_out->malloc ERROR!\n"); FreeAttribute(CreateECCPriKey, 2); return -1; } rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3); rv = C_CreateObject(hSession, CreateECCPriKey, 3, &hECCPriKey); } FreeAttribute(CreateECCPriKey, 3); rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey); rv = C_Encrypt(hSession, indata, 110, outdata, &outlength); rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey); rv = C_Decrypt(hSession, outdata, outlength, temp, &templength); if (memcmp(indata, temp, 110) == 0 && templength == 110) { printf("OK ECC Crossing!\n"); } else { printf("ERROR ECC Crossing!\n"); } #ifdef DEVICE_KEY C_Logout(hSession); #endif C_CloseSession(hSession); return 0; }
KMF_RETURN PKCS_EncryptData(KMF_HANDLE_T kmfh, KMF_ALGORITHM_INDEX AlgorithmId, KMF_X509_SPKI *keyp, KMF_DATA *plaintext, KMF_DATA *ciphertext) { KMF_RETURN rv = KMF_OK; CK_RV ckRv; CK_MECHANISM ckMechanism; CK_MECHANISM_TYPE mechtype; CK_KEY_TYPE keytype; CK_OBJECT_HANDLE ckKeyHandle = 0; CK_SESSION_HANDLE ckSession = NULL; CK_ULONG out_len = 0, in_len = 0, total_encrypted = 0; uint8_t *in_data, *out_data; int i, blocks, block_size; CK_ATTRIBUTE ckTemplate[2]; CK_ULONG ckNumTemplates; CK_ULONG ckMaxTemplates = (sizeof (ckTemplate) / sizeof (CK_ATTRIBUTE)); if (get_pk11_data(AlgorithmId, &keytype, &mechtype, NULL, 0)) return (KMF_ERR_BAD_ALGORITHM); rv = kmf_create_pk11_session(&ckSession, mechtype, CKF_ENCRYPT); if (rv != KMF_OK) return (rv); /* Get the public key used in encryption */ rv = PKCS_AcquirePublicKeyHandle(ckSession, keyp, keytype, &ckKeyHandle); if (rv != KMF_OK) { (void) C_CloseSession(ckSession); return (rv); } /* Get the modulus length */ ckNumTemplates = 0; if (!PKCS_AddTemplate(ckTemplate, &ckNumTemplates, ckMaxTemplates, CKA_MODULUS, (CK_BYTE *)NULL, sizeof (CK_ULONG))) { if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); (void) C_CloseSession(ckSession); return (KMF_ERR_INTERNAL); } ckRv = C_GetAttributeValue(ckSession, ckKeyHandle, ckTemplate, ckNumTemplates); if (ckRv != CKR_OK) { if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN; kmfh->lasterr.errcode = ckRv; (void) C_CloseSession(ckSession); return (KMF_ERR_INTERNAL); } out_len = ckTemplate[0].ulValueLen; if (out_len > ciphertext->Length) { if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); (void) C_CloseSession(ckSession); return (KMF_ERR_BUFFER_SIZE); } ckMechanism.mechanism = mechtype; ckMechanism.pParameter = NULL_PTR; ckMechanism.ulParameterLen = 0; /* Compute the fixed input data length for single-part encryption */ block_size = out_len - 11; in_data = plaintext->Data; out_data = ciphertext->Data; blocks = plaintext->Length/block_size; for (i = 0; i < blocks; i++) { ckRv = C_EncryptInit(ckSession, &ckMechanism, ckKeyHandle); if (ckRv != CKR_OK) { if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN; kmfh->lasterr.errcode = ckRv; (void) C_CloseSession(ckSession); return (KMF_ERR_INTERNAL); } ckRv = C_Encrypt(ckSession, (CK_BYTE_PTR)in_data, block_size, (CK_BYTE_PTR)out_data, &out_len); if (ckRv != CKR_OK) { if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN; kmfh->lasterr.errcode = ckRv; (void) C_CloseSession(ckSession); return (KMF_ERR_INTERNAL); } out_data += out_len; total_encrypted += out_len; in_data += block_size; } if (plaintext->Length % block_size) { /* Encrypt the remaining data */ ckRv = C_EncryptInit(ckSession, &ckMechanism, ckKeyHandle); if (ckRv != CKR_OK) { if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN; kmfh->lasterr.errcode = ckRv; (void) C_CloseSession(ckSession); return (KMF_ERR_INTERNAL); } in_len = plaintext->Length % block_size; ckRv = C_Encrypt(ckSession, (CK_BYTE_PTR)in_data, in_len, (CK_BYTE_PTR)out_data, &out_len); if (ckRv != CKR_OK) { if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN; kmfh->lasterr.errcode = ckRv; (void) C_CloseSession(ckSession); return (KMF_ERR_INTERNAL); } out_data += out_len; total_encrypted += out_len; in_data += in_len; } ciphertext->Length = total_encrypted; if (ckKeyHandle != 0) (void) C_DestroyObject(ckSession, ckKeyHandle); (void) C_CloseSession(ckSession); return (rv); }