Cryptoki: a cryptographic Token Interface



Download 360.55 Kb.
Page120/196
Date22.12.2023
Size360.55 Kb.
#63026
1   ...   116   117   118   119   120   121   122   123   ...   196
v201-95
pkcs11-base-v2.40-cos01

C_SignEncryptUpdate


CK_DEFINE_FUNCTION(CK_RV, C_SignEncryptUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen
);
C_SignEncryptUpdate continues a multiple-part combined signature and encryption operation, processing another data part. hSession is the session’s handle; pPart points to the data part; ulPartLen is the length of the data part; pEncryptedPart points to the location that receives the digested and encrypted data part; and pulEncryptedPart points to the location that holds the length of the encrypted data part.
C_SignEncryptUpdate uses the convention described in Section on producing output. If a C_SignEncryptUpdate call does not produce encrypted output (because an error occurs, or because pEncryptedPart has the value NULL_PTR, or because pulEncryptedPartLen is too small to hold the entire encrypted part output), then no plaintext is passed to the active signing operation.
Signature and encryption operations must both be active (they must have been initialized with C_SignInit and C_EncryptInit, respectively). This function may be called any number of times in succession, and may be interspersed with C_SignUpdate and C_EncryptUpdate calls.
Return values: CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.
Example:
#define BUF_SZ 512

CK_SESSION_HANDLE hSession;


CK_OBJECT_HANDLE hEncryptionKey, hMacKey;
CK_BYTE iv[8];
CK_MECHANISM signMechanism = {
CKM_DES_MAC, NULL_PTR, 0
};
CK_MECHANISM encryptionMechanism = {
CKM_DES_ECB, iv, sizeof(iv)
};
CK_BYTE encryptedData[BUF_SZ];
CK_ULONG ulEncryptedDataLen;
CK_BYTE MAC[4];
CK_ULONG ulMacLen;
CK_BYTE data[(2*BUF_SZ)+8];
CK_RV rv;
int i;

.
.
.


memset(iv, 0, sizeof(iv));
memset(data, ‘A’, ((2*BUF_SZ)+5));
rv = C_EncryptInit(hSession, &encryptionMechanism, hEncryptionKey);
if (rv != CKR_OK) {
.
.
.
}
rv = C_SignInit(hSession, &signMechanism, hMacKey);
if (rv != CKR_OK) {
.
.
.
}

ulEncryptedDataLen = sizeof(encryptedData);


rv = C_SignEncryptUpdate(
hSession,
&data[0], BUF_SZ,
encryptedData, &ulEncryptedDataLen);
.
.
.
ulEncryptedDataLen = sizeof(encryptedData);
rv = C_SignEncryptUpdate(
hSession,
&data[BUF_SZ], BUF_SZ,
encryptedData, &ulEncryptedDataLen);
.
.
.

/*
* The last portion of the buffer needs to be handled with


* separate calls to deal with padding issues in ECB mode
*/

/* First, complete the signature on the buffer */


rv = C_SignUpdate(hSession, &data[BUF_SZ*2], 5);
.
.
.
ulMacLen = sizeof(MAC);
rv = C_DigestFinal(hSession, MAC, &ulMacLen);
.
.
.

/* Then pad last part with 3 0x00 bytes, and complete encryption */


for(i=0;i<3;i++)
data[((BUF_SZ*2)+5)+i] = 0x00;

/* Now, get second-to-last piece of ciphertext */


ulEncryptedDataLen = sizeof(encryptedData);
rv = C_EncryptUpdate(
hSession,
&data[BUF_SZ*2], 8,
encryptedData, &ulEncryptedDataLen);
.
.
.

/* Get last piece of ciphertext (should have length 0, here) */


ulEncryptedDataLen = sizeof(encryptedData);
rv = C_EncryptFinal(hSession, encryptedData, &ulEncryptedDataLen);
.
.
.
1   ...   116   117   118   119   120   121   122   123   ...   196




The database is protected by copyright ©ininet.org 2024
send message

    Main page