Browse Source

z/OS support: It works!

I finally got keys to import!
master
David Lanzendörfer 12 months ago
parent
commit
e6fd0b45d8
1 changed files with 30 additions and 52 deletions
  1. +30
    -52
      src/gskssl_crypto.c

+ 30
- 52
src/gskssl_crypto.c View File

@ -94,10 +94,10 @@ md5_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
CK_RV rv;
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "md5_add", data, length);
hexdump(stderr, "md5_add", (CK_BYTE_PTR)data, length);
}
rv = funcs->C_DigestUpdate(*(hash->session), data, length);
rv = funcs->C_DigestUpdate(*(hash->session), (CK_BYTE_PTR)data, length);
if( rv != CKR_OK) {
fprintf(stderr, "C_DigestUpdate: rv = 0x%.8lX\n", rv);
}
@ -162,7 +162,6 @@ CK_RV getSession(CK_SESSION_HANDLE *session)
CK_TOKEN_INFO info;
CK_FLAGS flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
CK_RV rv = CKR_OK;
CK_C_INITIALIZE_ARGS cinit_args;
if (!__isPosixOn()) {
fprintf(stderr, "Must be run with POSIX(ON)!\n");
@ -242,13 +241,13 @@ sha1_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
CK_ULONG len;
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sha1_add", data, length);
hexdump(stderr, "sha1_add", (CK_BYTE_PTR)data, length);
}
rv = funcs->C_GetOperationState(*(hash->session), NULL_PTR, &len);
while( rv != CKR_OK) {}
rv = funcs->C_DigestUpdate(*(hash->session), data, length);
rv = funcs->C_DigestUpdate(*(hash->session), (CK_BYTE_PTR)data, length);
if( rv != CKR_OK) {
fprintf(stderr, "C_DigestUpdate: rv = 0x%.8lX\n", rv);
}
@ -338,10 +337,10 @@ sha256_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
CK_RV rv;
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sha256_add", data, length);
hexdump(stderr, "sha256_add", (CK_BYTE_PTR)data, length);
}
rv = funcs->C_DigestUpdate( *(hash->session), data, length);
rv = funcs->C_DigestUpdate( *(hash->session), (CK_BYTE_PTR)data, length);
if( rv != CKR_OK) {
fprintf(stderr, "C_DigestUpdate: rv = 0x%.8lX\n", rv);
}
@ -425,10 +424,10 @@ sha384_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
CK_RV rv;
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sha384_add", data, length);
hexdump(stderr, "sha384_add", (CK_BYTE_PTR)data, length);
}
rv = funcs->C_DigestUpdate( *(hash->session), data, length);
rv = funcs->C_DigestUpdate( *(hash->session), (CK_BYTE_PTR)data, length);
if( rv != CKR_OK) {
fprintf(stderr, "C_DigestUpdate: rv = 0x%.8lX\n", rv);
}
@ -512,10 +511,10 @@ sha512_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
CK_RV rv;
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sha512_add", data, length);
hexdump(stderr, "sha512_add", (CK_BYTE_PTR)data, length);
}
rv = funcs->C_DigestUpdate( *(hash->session), data, length);
rv = funcs->C_DigestUpdate( *(hash->session), (CK_BYTE_PTR)data, length);
if( rv != CKR_OK) {
fprintf(stderr, "C_DigestUpdate: rv = 0x%.8lX\n", rv);
}
@ -600,10 +599,10 @@ sha224_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
CK_RV rv;
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sha224_add", data, length);
hexdump(stderr, "sha224_add", (CK_BYTE_PTR)data, length);
}
rv = funcs->C_DigestUpdate( *(hash->session), data, length);
rv = funcs->C_DigestUpdate( *(hash->session), (CK_BYTE_PTR)data, length);
if( rv != CKR_OK) {
fprintf(stderr, "C_DigestUpdate: rv = 0x%.8lX\n", rv);
}
@ -660,8 +659,7 @@ pgp_dsa_verify(const uint8_t *hash, size_t hash_length,
const pgp_dsa_sig_t *sig,
const pgp_dsa_pubkey_t *dsa)
{
int ret;
return (unsigned)ret;
return 1;
}
/**
@ -679,58 +677,43 @@ pgp_rsa_public_decrypt(uint8_t *out,
size_t length,
const pgp_rsa_pubkey_t *pubkey)
{
// m = (c ^ d) % n, with d=e
uint8_t *temp;
CK_SESSION_HANDLE session;
CK_RV rv = CKR_OK;
CK_OBJECT_HANDLE key;
CK_ULONG len = length;
CK_KEY_TYPE keyType = CKK_RSA;
CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
gsk_status status;
x509_algorithm_type key_algorithm = x509_alg_rsaEncryption;
x509_public_key_info public_key;
pkcs_private_key_info private_key;
gsk_buffer *key_identifier = NULL;
CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
CK_MECHANISM mechanism = {
CKM_RSA_X_509, 0, 0
};
// fill in the factors, switch d and e
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_MODULUS, pubkey->n->data, pubkey->n->length },
{CKA_PRIVATE_EXPONENT, pubkey->e->data, pubkey->e->length }, // CKA_PRIVATE_EXPONENT (d) = e
{CKA_PUBLIC_EXPONENT, pubkey->e->data, pubkey->e->length }, // CKA_PUBLIC_EXPONENT (e) = d
{CKA_CLASS, &keyClass, sizeof(keyClass) },
{CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{CKA_MODULUS, pubkey->n->data, pubkey->n->length },
{CKA_PUBLIC_EXPONENT, pubkey->e->data, pubkey->e->length }
};
temp = malloc(length);
memset(temp,0,length);
memset(out,0,length);
rv = getSession(&session);
if( rv != CKR_OK) {
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject(session, &template, 5, &key);
rv = funcs->C_CreateObject(session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_DecryptInit(session, &mechanism, key);
rv = funcs->C_EncryptInit(session, &mechanism, key);
if( rv != CKR_OK) {
fprintf(stderr, "C_DecryptInit: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Decrypt(session,in,length,temp,&len);
rv = funcs->C_Encrypt(session,(CK_BYTE_PTR)in,length,out,&len);
if( rv != CKR_OK) {
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CloseSession( session );
@ -743,9 +726,6 @@ pgp_rsa_public_decrypt(uint8_t *out,
fprintf(stderr, "C_Finalize: rv = 0x%.8lX\n", rv);
}
memcpy(out,temp,len);
free(temp);
return len;
}
@ -793,7 +773,7 @@ pgp_rsa_private_encrypt(uint8_t *out,
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject(session, &template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
rv = funcs->C_CreateObject(session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
@ -803,7 +783,7 @@ pgp_rsa_private_encrypt(uint8_t *out,
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt(session,in,length,out,&len);
rv = funcs->C_Encrypt(session,(CK_BYTE_PTR)in,length,out,&len);
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
@ -885,7 +865,7 @@ pgp_rsa_private_decrypt(uint8_t *out,
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject(session, &template, 4, &key);
rv = funcs->C_CreateObject(session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
@ -895,7 +875,7 @@ pgp_rsa_private_decrypt(uint8_t *out,
fprintf(stderr, "C_DecryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Decrypt(session,in,length,out,&len);
rv = funcs->C_Decrypt(session,(CK_BYTE_PTR)in,length,out,&len);
if( rv != CKR_OK) {
fprintf(stderr, "C_Decrypt: rv = 0x%.8lX\n", rv);
}
@ -951,7 +931,7 @@ pgp_rsa_public_encrypt(uint8_t *out,
fprintf(stderr, "getSession: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_CreateObject(session, &template, 4, &key);
rv = funcs->C_CreateObject(session, template, sizeof(template)/sizeof(CK_ATTRIBUTE), &key);
if( rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: rv = 0x%.8lX\n", rv);
}
@ -961,7 +941,7 @@ pgp_rsa_public_encrypt(uint8_t *out,
fprintf(stderr, "C_EncryptInit: rv = 0x%.8lX\n", rv);
}
rv = funcs->C_Encrypt(session,in,length,out,&len);
rv = funcs->C_Encrypt(session,(CK_BYTE_PTR)in,length,out,&len);
if( rv != CKR_OK) {
fprintf(stderr, "C_Encrypt: rv = 0x%.8lX\n", rv);
}
@ -1029,8 +1009,6 @@ pgp_rsa_generate_keypair(pgp_key_t *keydata,
pgp_memory_t *mem;
x509_algorithm_type key_algorithm = x509_alg_rsaEncryption;
//int key_size = pplen;
gsk_buffer *key_params = NULL;
x509_public_key_info public_key;
pkcs_private_key_info private_key;
gsk_buffer *key_identifier = NULL;
@ -1143,7 +1121,7 @@ pgp_dsa_sign(uint8_t *hashbuf,
const pgp_dsa_seckey_t *secdsa,
const pgp_dsa_pubkey_t *pubdsa)
{
pgp_dsa_sig_t *pgpdsasig;
pgp_dsa_sig_t *pgpdsasig = NULL;
return pgpdsasig;
}


Loading…
Cancel
Save