Cryptoki: a cryptographic Token Interface
Download 360.55 Kb.
|
pkcs11-base-v2.40-cos01
- Navigate this page:
- C_SignEncryptUpdate
- C_SignInit and C_EncryptInit
C_SignEncryptUpdateCK_DEFINE_FUNCTION(CK_RV, C_SignEncryptUpdate)( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen ); C_SignEncryptUpdate continues a multiple-part combined signature and encryption operation, processing another data part. hSession is the session’s handle; pPart points to the data part; ulPartLen is the length of the data part; pEncryptedPart points to the location that receives the digested and encrypted data part; and pulEncryptedPart points to the location that holds the length of the encrypted data part. C_SignEncryptUpdate uses the convention described in Section on producing output. If a C_SignEncryptUpdate call does not produce encrypted output (because an error occurs, or because pEncryptedPart has the value NULL_PTR, or because pulEncryptedPartLen is too small to hold the entire encrypted part output), then no plaintext is passed to the active signing operation. Signature and encryption operations must both be active (they must have been initialized with C_SignInit and C_EncryptInit, respectively). This function may be called any number of times in succession, and may be interspersed with C_SignUpdate and C_EncryptUpdate calls. Return values: CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID. Example: #define BUF_SZ 512 CK_SESSION_HANDLE hSession; CK_OBJECT_HANDLE hEncryptionKey, hMacKey; CK_BYTE iv[8]; CK_MECHANISM signMechanism = { CKM_DES_MAC, NULL_PTR, 0 }; CK_MECHANISM encryptionMechanism = { CKM_DES_ECB, iv, sizeof(iv) }; CK_BYTE encryptedData[BUF_SZ]; CK_ULONG ulEncryptedDataLen; CK_BYTE MAC[4]; CK_ULONG ulMacLen; CK_BYTE data[(2*BUF_SZ)+8]; CK_RV rv; int i; .
memset(iv, 0, sizeof(iv)); memset(data, ‘A’, ((2*BUF_SZ)+5)); rv = C_EncryptInit(hSession, &encryptionMechanism, hEncryptionKey); if (rv != CKR_OK) { . . . } rv = C_SignInit(hSession, &signMechanism, hMacKey); if (rv != CKR_OK) { . . . } ulEncryptedDataLen = sizeof(encryptedData); rv = C_SignEncryptUpdate( hSession, &data[0], BUF_SZ, encryptedData, &ulEncryptedDataLen); . . . ulEncryptedDataLen = sizeof(encryptedData); rv = C_SignEncryptUpdate( hSession, &data[BUF_SZ], BUF_SZ, encryptedData, &ulEncryptedDataLen); . . . /*
* separate calls to deal with padding issues in ECB mode */ /* First, complete the signature on the buffer */ rv = C_SignUpdate(hSession, &data[BUF_SZ*2], 5); . . . ulMacLen = sizeof(MAC); rv = C_DigestFinal(hSession, MAC, &ulMacLen); . . . /* Then pad last part with 3 0x00 bytes, and complete encryption */ for(i=0;i<3;i++) data[((BUF_SZ*2)+5)+i] = 0x00; /* Now, get second-to-last piece of ciphertext */ ulEncryptedDataLen = sizeof(encryptedData); rv = C_EncryptUpdate( hSession, &data[BUF_SZ*2], 8, encryptedData, &ulEncryptedDataLen); . . . /* Get last piece of ciphertext (should have length 0, here) */ ulEncryptedDataLen = sizeof(encryptedData); rv = C_EncryptFinal(hSession, encryptedData, &ulEncryptedDataLen); . . . Download 360.55 Kb. Share with your friends:
|