Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
SSL/include/polarssl/pkcs11.h@0:796d0f61a05b, 2018-09-27 (annotated)
- Committer:
- HannesTschofenig
- Date:
- Thu Sep 27 06:34:22 2018 +0000
- Revision:
- 0:796d0f61a05b
Example AES-GCM test program
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| HannesTschofenig | 0:796d0f61a05b | 1 | /** |
| HannesTschofenig | 0:796d0f61a05b | 2 | * \file pkcs11.h |
| HannesTschofenig | 0:796d0f61a05b | 3 | * |
| HannesTschofenig | 0:796d0f61a05b | 4 | * \brief Wrapper for PKCS#11 library libpkcs11-helper |
| HannesTschofenig | 0:796d0f61a05b | 5 | * |
| HannesTschofenig | 0:796d0f61a05b | 6 | * \author Adriaan de Jong <dejong@fox-it.com> |
| HannesTschofenig | 0:796d0f61a05b | 7 | * |
| HannesTschofenig | 0:796d0f61a05b | 8 | * Copyright (C) 2006-2014, Brainspark B.V. |
| HannesTschofenig | 0:796d0f61a05b | 9 | * |
| HannesTschofenig | 0:796d0f61a05b | 10 | * This file is part of PolarSSL (http://www.polarssl.org) |
| HannesTschofenig | 0:796d0f61a05b | 11 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
| HannesTschofenig | 0:796d0f61a05b | 12 | * |
| HannesTschofenig | 0:796d0f61a05b | 13 | * All rights reserved. |
| HannesTschofenig | 0:796d0f61a05b | 14 | * |
| HannesTschofenig | 0:796d0f61a05b | 15 | * This program is free software; you can redistribute it and/or modify |
| HannesTschofenig | 0:796d0f61a05b | 16 | * it under the terms of the GNU General Public License as published by |
| HannesTschofenig | 0:796d0f61a05b | 17 | * the Free Software Foundation; either version 2 of the License, or |
| HannesTschofenig | 0:796d0f61a05b | 18 | * (at your option) any later version. |
| HannesTschofenig | 0:796d0f61a05b | 19 | * |
| HannesTschofenig | 0:796d0f61a05b | 20 | * This program is distributed in the hope that it will be useful, |
| HannesTschofenig | 0:796d0f61a05b | 21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| HannesTschofenig | 0:796d0f61a05b | 22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| HannesTschofenig | 0:796d0f61a05b | 23 | * GNU General Public License for more details. |
| HannesTschofenig | 0:796d0f61a05b | 24 | * |
| HannesTschofenig | 0:796d0f61a05b | 25 | * You should have received a copy of the GNU General Public License along |
| HannesTschofenig | 0:796d0f61a05b | 26 | * with this program; if not, write to the Free Software Foundation, Inc., |
| HannesTschofenig | 0:796d0f61a05b | 27 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| HannesTschofenig | 0:796d0f61a05b | 28 | */ |
| HannesTschofenig | 0:796d0f61a05b | 29 | #ifndef POLARSSL_PKCS11_H |
| HannesTschofenig | 0:796d0f61a05b | 30 | #define POLARSSL_PKCS11_H |
| HannesTschofenig | 0:796d0f61a05b | 31 | |
| HannesTschofenig | 0:796d0f61a05b | 32 | #if !defined(POLARSSL_CONFIG_FILE) |
| HannesTschofenig | 0:796d0f61a05b | 33 | #include "config.h" |
| HannesTschofenig | 0:796d0f61a05b | 34 | #else |
| HannesTschofenig | 0:796d0f61a05b | 35 | #include POLARSSL_CONFIG_FILE |
| HannesTschofenig | 0:796d0f61a05b | 36 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 37 | |
| HannesTschofenig | 0:796d0f61a05b | 38 | #if defined(POLARSSL_PKCS11_C) |
| HannesTschofenig | 0:796d0f61a05b | 39 | |
| HannesTschofenig | 0:796d0f61a05b | 40 | #include "x509_crt.h" |
| HannesTschofenig | 0:796d0f61a05b | 41 | |
| HannesTschofenig | 0:796d0f61a05b | 42 | #include <pkcs11-helper-1.0/pkcs11h-certificate.h> |
| HannesTschofenig | 0:796d0f61a05b | 43 | |
| HannesTschofenig | 0:796d0f61a05b | 44 | #if defined(_MSC_VER) && !defined(inline) |
| HannesTschofenig | 0:796d0f61a05b | 45 | #define inline _inline |
| HannesTschofenig | 0:796d0f61a05b | 46 | #else |
| HannesTschofenig | 0:796d0f61a05b | 47 | #if defined(__ARMCC_VERSION) && !defined(inline) |
| HannesTschofenig | 0:796d0f61a05b | 48 | #define inline __inline |
| HannesTschofenig | 0:796d0f61a05b | 49 | #endif /* __ARMCC_VERSION */ |
| HannesTschofenig | 0:796d0f61a05b | 50 | #endif /*_MSC_VER */ |
| HannesTschofenig | 0:796d0f61a05b | 51 | |
| HannesTschofenig | 0:796d0f61a05b | 52 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 53 | extern "C" { |
| HannesTschofenig | 0:796d0f61a05b | 54 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 55 | |
| HannesTschofenig | 0:796d0f61a05b | 56 | /** |
| HannesTschofenig | 0:796d0f61a05b | 57 | * Context for PKCS #11 private keys. |
| HannesTschofenig | 0:796d0f61a05b | 58 | */ |
| HannesTschofenig | 0:796d0f61a05b | 59 | typedef struct { |
| HannesTschofenig | 0:796d0f61a05b | 60 | pkcs11h_certificate_t pkcs11h_cert; |
| HannesTschofenig | 0:796d0f61a05b | 61 | int len; |
| HannesTschofenig | 0:796d0f61a05b | 62 | } pkcs11_context; |
| HannesTschofenig | 0:796d0f61a05b | 63 | |
| HannesTschofenig | 0:796d0f61a05b | 64 | /** |
| HannesTschofenig | 0:796d0f61a05b | 65 | * Fill in a PolarSSL certificate, based on the given PKCS11 helper certificate. |
| HannesTschofenig | 0:796d0f61a05b | 66 | * |
| HannesTschofenig | 0:796d0f61a05b | 67 | * \param cert X.509 certificate to fill |
| HannesTschofenig | 0:796d0f61a05b | 68 | * \param pkcs11h_cert PKCS #11 helper certificate |
| HannesTschofenig | 0:796d0f61a05b | 69 | * |
| HannesTschofenig | 0:796d0f61a05b | 70 | * \return 0 on success. |
| HannesTschofenig | 0:796d0f61a05b | 71 | */ |
| HannesTschofenig | 0:796d0f61a05b | 72 | int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert ); |
| HannesTschofenig | 0:796d0f61a05b | 73 | |
| HannesTschofenig | 0:796d0f61a05b | 74 | /** |
| HannesTschofenig | 0:796d0f61a05b | 75 | * Initialise a pkcs11_context, storing the given certificate. Note that the |
| HannesTschofenig | 0:796d0f61a05b | 76 | * pkcs11_context will take over control of the certificate, freeing it when |
| HannesTschofenig | 0:796d0f61a05b | 77 | * done. |
| HannesTschofenig | 0:796d0f61a05b | 78 | * |
| HannesTschofenig | 0:796d0f61a05b | 79 | * \param priv_key Private key structure to fill. |
| HannesTschofenig | 0:796d0f61a05b | 80 | * \param pkcs11_cert PKCS #11 helper certificate |
| HannesTschofenig | 0:796d0f61a05b | 81 | * |
| HannesTschofenig | 0:796d0f61a05b | 82 | * \return 0 on success |
| HannesTschofenig | 0:796d0f61a05b | 83 | */ |
| HannesTschofenig | 0:796d0f61a05b | 84 | int pkcs11_priv_key_init( pkcs11_context *priv_key, |
| HannesTschofenig | 0:796d0f61a05b | 85 | pkcs11h_certificate_t pkcs11_cert ); |
| HannesTschofenig | 0:796d0f61a05b | 86 | |
| HannesTschofenig | 0:796d0f61a05b | 87 | /** |
| HannesTschofenig | 0:796d0f61a05b | 88 | * Free the contents of the given private key context. Note that the structure |
| HannesTschofenig | 0:796d0f61a05b | 89 | * itself is not freed. |
| HannesTschofenig | 0:796d0f61a05b | 90 | * |
| HannesTschofenig | 0:796d0f61a05b | 91 | * \param priv_key Private key structure to cleanup |
| HannesTschofenig | 0:796d0f61a05b | 92 | */ |
| HannesTschofenig | 0:796d0f61a05b | 93 | void pkcs11_priv_key_free( pkcs11_context *priv_key ); |
| HannesTschofenig | 0:796d0f61a05b | 94 | |
| HannesTschofenig | 0:796d0f61a05b | 95 | /** |
| HannesTschofenig | 0:796d0f61a05b | 96 | * \brief Do an RSA private key decrypt, then remove the message |
| HannesTschofenig | 0:796d0f61a05b | 97 | * padding |
| HannesTschofenig | 0:796d0f61a05b | 98 | * |
| HannesTschofenig | 0:796d0f61a05b | 99 | * \param ctx PKCS #11 context |
| HannesTschofenig | 0:796d0f61a05b | 100 | * \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature |
| HannesTschofenig | 0:796d0f61a05b | 101 | * \param input buffer holding the encrypted data |
| HannesTschofenig | 0:796d0f61a05b | 102 | * \param output buffer that will hold the plaintext |
| HannesTschofenig | 0:796d0f61a05b | 103 | * \param olen will contain the plaintext length |
| HannesTschofenig | 0:796d0f61a05b | 104 | * \param output_max_len maximum length of the output buffer |
| HannesTschofenig | 0:796d0f61a05b | 105 | * |
| HannesTschofenig | 0:796d0f61a05b | 106 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 107 | * |
| HannesTschofenig | 0:796d0f61a05b | 108 | * \note The output buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 109 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
| HannesTschofenig | 0:796d0f61a05b | 110 | * an error is thrown. |
| HannesTschofenig | 0:796d0f61a05b | 111 | */ |
| HannesTschofenig | 0:796d0f61a05b | 112 | int pkcs11_decrypt( pkcs11_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 113 | int mode, size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 114 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 115 | unsigned char *output, |
| HannesTschofenig | 0:796d0f61a05b | 116 | size_t output_max_len ); |
| HannesTschofenig | 0:796d0f61a05b | 117 | |
| HannesTschofenig | 0:796d0f61a05b | 118 | /** |
| HannesTschofenig | 0:796d0f61a05b | 119 | * \brief Do a private RSA to sign a message digest |
| HannesTschofenig | 0:796d0f61a05b | 120 | * |
| HannesTschofenig | 0:796d0f61a05b | 121 | * \param ctx PKCS #11 context |
| HannesTschofenig | 0:796d0f61a05b | 122 | * \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature |
| HannesTschofenig | 0:796d0f61a05b | 123 | * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) |
| HannesTschofenig | 0:796d0f61a05b | 124 | * \param hashlen message digest length (for POLARSSL_MD_NONE only) |
| HannesTschofenig | 0:796d0f61a05b | 125 | * \param hash buffer holding the message digest |
| HannesTschofenig | 0:796d0f61a05b | 126 | * \param sig buffer that will hold the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 127 | * |
| HannesTschofenig | 0:796d0f61a05b | 128 | * \return 0 if the signing operation was successful, |
| HannesTschofenig | 0:796d0f61a05b | 129 | * or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 130 | * |
| HannesTschofenig | 0:796d0f61a05b | 131 | * \note The "sig" buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 132 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 133 | */ |
| HannesTschofenig | 0:796d0f61a05b | 134 | int pkcs11_sign( pkcs11_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 135 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 136 | md_type_t md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 137 | unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 138 | const unsigned char *hash, |
| HannesTschofenig | 0:796d0f61a05b | 139 | unsigned char *sig ); |
| HannesTschofenig | 0:796d0f61a05b | 140 | |
| HannesTschofenig | 0:796d0f61a05b | 141 | /** |
| HannesTschofenig | 0:796d0f61a05b | 142 | * SSL/TLS wrappers for PKCS#11 functions |
| HannesTschofenig | 0:796d0f61a05b | 143 | */ |
| HannesTschofenig | 0:796d0f61a05b | 144 | static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 145 | const unsigned char *input, unsigned char *output, |
| HannesTschofenig | 0:796d0f61a05b | 146 | size_t output_max_len ) |
| HannesTschofenig | 0:796d0f61a05b | 147 | { |
| HannesTschofenig | 0:796d0f61a05b | 148 | return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, output, |
| HannesTschofenig | 0:796d0f61a05b | 149 | output_max_len ); |
| HannesTschofenig | 0:796d0f61a05b | 150 | } |
| HannesTschofenig | 0:796d0f61a05b | 151 | |
| HannesTschofenig | 0:796d0f61a05b | 152 | static inline int ssl_pkcs11_sign( void *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 153 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 154 | int mode, md_type_t md_alg, unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 155 | const unsigned char *hash, unsigned char *sig ) |
| HannesTschofenig | 0:796d0f61a05b | 156 | { |
| HannesTschofenig | 0:796d0f61a05b | 157 | ((void) f_rng); |
| HannesTschofenig | 0:796d0f61a05b | 158 | ((void) p_rng); |
| HannesTschofenig | 0:796d0f61a05b | 159 | return pkcs11_sign( (pkcs11_context *) ctx, mode, md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 160 | hashlen, hash, sig ); |
| HannesTschofenig | 0:796d0f61a05b | 161 | } |
| HannesTschofenig | 0:796d0f61a05b | 162 | |
| HannesTschofenig | 0:796d0f61a05b | 163 | static inline size_t ssl_pkcs11_key_len( void *ctx ) |
| HannesTschofenig | 0:796d0f61a05b | 164 | { |
| HannesTschofenig | 0:796d0f61a05b | 165 | return ( (pkcs11_context *) ctx )->len; |
| HannesTschofenig | 0:796d0f61a05b | 166 | } |
| HannesTschofenig | 0:796d0f61a05b | 167 | |
| HannesTschofenig | 0:796d0f61a05b | 168 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 169 | } |
| HannesTschofenig | 0:796d0f61a05b | 170 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 171 | |
| HannesTschofenig | 0:796d0f61a05b | 172 | #endif /* POLARSSL_PKCS11_C */ |
| HannesTschofenig | 0:796d0f61a05b | 173 | |
| HannesTschofenig | 0:796d0f61a05b | 174 | #endif /* POLARSSL_PKCS11_H */ |
| HannesTschofenig | 0:796d0f61a05b | 175 | |
| HannesTschofenig | 0:796d0f61a05b | 176 |