Cryptographic operations
When you use your sample code with a static linked library you can access the APIs directly. View some openCryptoki code samples for procedures that perform cryptographic operations.
C_Encrypt (AES):
/*
* AES encrypt
*/
CK_RV AESencrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pClearData, CK_ULONG ulClearDataLen,
CK_BYTE **pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen) {
CK_RV rc;
CK_MECHANISM myMechanism = {CKM_AES_CBC_PAD, "01020304050607081122334455667788", 16};
CK_MECHANISM_PTR pMechanism = &myMechanism;
CK_OBJECT_HANDLE hKey;
getKey("My_AES_Key", sizeof("My_AES_Key"), &hKey, hSession);
rc = C_EncryptInit(hSession, pMechanism, hKey);
if (rc != CKR_OK) {
printf("Error initializing encryption: 0x%X\n", rc);
return rc;
}
rc = C_Encrypt(hSession, pClearData, ulClearDataLen,
NULL, pulEncryptedDataLen);
if (rc != CKR_OK) {
printf("Error during encryption (get length): %x\n", rc);
return rc;
}
*pEncryptedData = (CK_BYTE *)malloc(*pulEncryptedDataLen * sizeof(CK_BYTE));
rc = C_Encrypt(hSession, pClearData, ulClearDataLen,
*pEncryptedData, pulEncryptedDataLen);
if (rc != CKR_OK) {
printf("Error during encryption: %x\n", rc);
return rc;
}
printf("Encrypted data: ");
CK_BYTE_PTR tmp = *pEncryptedData;
for (count = 0; count < *pulEncryptedDataLen; count++, tmp++) {
printf("%X", *tmp);
}
printf("\n");
return CKR_OK;
}
C_Decrypt (AES):
/*
* AES decrypt
*/
CK_RV AESdecrypt(CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
CK_BYTE **pClearData, CK_ULONG_PTR pulClearDataLen) {
CK_RV rc;
CK_MECHANISM myMechanism = {CKM_AES_CBC_PAD, "01020304050607081122334455667788", 16};
CK_MECHANISM_PTR pMechanism = &myMechanism;
CK_OBJECT_HANDLE hKey;
getKey("My_AES_Key", sizeof("My_AES_Key"), &hKey, hSession);
rc = C_DecryptInit(hSession, pMechanism, hKey);
if (rc != CKR_OK) {
printf("Error initializing decryption: 0x%X\n", rc);
return rc;
}
rc = C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen, NULL, pulClearDataLen);
if (rc != CKR_OK) {
printf("Error during decryption (get length): %x\n", rc);
return rc;
}
*pClearData = malloc(*pulClearDataLen * sizeof(CK_BYTE));
rc = C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen, *pClearData,
pulClearDataLen);
if (rc != CKR_OK) {
printf("Error during decryption: %x\n", rc);
return rc;
}
printf("Decrypted data: ");
CK_BYTE_PTR tmp = *pClearData;
for (count = 0; count < *pulClearDataLen; count++, tmp++) {
printf("%c", *tmp);
}
printf("\n");
return CKR_OK;
}
C_GenerateKeyPair (RSA):
/*
* RSA key generate
*/
CK_RV generateRSAKeyPair(CK_SESSION_HANDLE hSession, CK_ULONG keySize,
CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey ) {
CK_RV rc;
CK_BBOOL true = TRUE;
CK_BBOOL false = FALSE;
CK_OBJECT_CLASS keyClassPub = CKO_PUBLIC_KEY;
CK_OBJECT_CLASS keyClassPriv = CKO_PRIVATE_KEY;
CK_KEY_TYPE keyTypeRSA = CKK_RSA;
CK_ULONG modulusBits = keySize;
CK_BYTE_PTR pModulus = malloc(sizeof(CK_BYTE)*modulusBits/8);
CK_BYTE publicExponent[] = {1, 0, 1};
CK_MECHANISM rsaKeyGenMech = {CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
CK_ATTRIBUTE pubKeyTempl[] = {
{CKA_CLASS, &keyClassPub, sizeof(keyClassPub)},
{CKA_KEY_TYPE, &keyTypeRSA, sizeof(keyTypeRSA)},
{CKA_TOKEN, &true, sizeof(true)},
{CKA_PRIVATE, &true, sizeof(true)},
{CKA_ENCRYPT, &true, sizeof(true)},
{CKA_VERIFY, &true, sizeof(true)},
{CKA_WRAP, &true, sizeof(true)},
{CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)},
{CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)},
{CKA_LABEL, "My_Private_Token_RSA1024_PubKey",
sizeof("My_Private_Token_RSA1024_PubKey")},
{CKA_MODIFIABLE, &true, sizeof(true)},
};
CK_ATTRIBUTE privKeyTempl[] = {
{CKA_CLASS, &keyClassPriv, sizeof(keyClassPriv)},
{CKA_KEY_TYPE, &keyTypeRSA, sizeof(keyTypeRSA)},
{CKA_EXTRACTABLE, &true, sizeof(true)},
{CKA_TOKEN, &true, sizeof(true)},
{CKA_PRIVATE, &true, sizeof(true)},
{CKA_SENSITIVE, &true, sizeof(true)},
{CKA_DECRYPT, &true, sizeof(true)},
{CKA_SIGN, &true, sizeof(true)},
{CKA_UNWRAP, &true, sizeof(true)},
{CKA_LABEL, "My_Private_Token_RSA1024_PrivKey",
sizeof("My_Private_Token_RSA1024_PrivKey")},
{CKA_MODIFIABLE, &true, sizeof(true)},
};
rc = C_GenerateKeyPair(hSession, &rsaKeyGenMech ,
&pubKeyTempl, sizeof(pubKeyTempl)/sizeof (CK_ATTRIBUTE),
&privKeyTempl, sizeof(privKeyTempl)/sizeof (CK_ATTRIBUTE),
phPublicKey, phPrivateKey);
if (rc != CKR_OK) {
printf("Error generating RSA keys: %x\n", rc);
return rc;
}
printf("RSA Key generation successful.\n");
return CKR_OK;
}
C_Encrypt (RSA):
/*
* RSA encrypt
*/
CK_RV RSAencrypt(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pClearData, CK_ULONG ulClearDataLen,
CK_BYTE **pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen) {
CK_RV rc;
CK_MECHANISM rsaMechanism = {CKM_RSA_PKCS, NULL_PTR, 0};
rc = C_EncryptInit(hSession, rsaMechanism, hKey);
if (rc != CKR_OK) {
printf("Error initializing RSA encryption: %x\n", rc);
return rc;
}
rc = C_Encrypt(hSession, pClearData, ulClearDataLen,
NULL, pulEncryptedDataLen);
if (rc != CKR_OK) {
printf("Error during RSA encryption: %x\n", rc);
return rc;
}
*pEncryptedData = (CK_BYTE *)malloc(rsaKeyLen * sizeof(CK_BYTE));
rc = C_Encrypt(hSession, pClearData, ulClearDataLen,
*pEncryptedData, pulEncryptedDataLen);
if (rc != CKR_OK) {
printf("Error during RSA encryption: %x\n", rc);
return rc;
}
printf("Encrypted data: ");
CK_BYTE_PTR tmp = *pEncryptedData;
for (count = 0; count < *pulEncryptedDataLen; count++, tmp++) {
printf("%X", *tmp);
}
printf("\n");
return CKR_OK;
}
C_Decrypt (RSA):
/*
* RSA decrypt
*/
CK_RV RSAdecrypt(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
CK_BYTE **pClearData, CK_ULONG_PTR pulClearDataLen) {
CK_RV rc;
CK_MECHANISM rsaMechanism = {CKM_RSA_PKCS, NULL_PTR, 0};
rc = C_DecryptInit(hSession, rsaMechanism, hKey);
if (rc != CKR_OK) {
printf("Error initializing RSA decryption: %x\n", rc);
return rc;
}
rc = C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen,
NULL, pulClearDataLen);
if (rc != CKR_OK) {
printf("Error during RSA decryption: %x\n", rc);
return rc;
}
*pClearData = malloc(rsaKeyLen*sizeof(CK_BYTE));
rc = C_Decrypt(hSession, pEncryptedData, ulEncryptedDataLen,
*pClearData, pulClearDataLen);
if (rc != CKR_OK) {
printf("Error during RSA decryption: %x\n", rc);
return rc;
}
printf("Decrypted data: ");
CK_BYTE_PTR tmp = *pClearData;
for (count = 0; count < *pulClearDataLen; count++, tmp++) {
printf("%c", *tmp);
}
printf("\n");
return CKR_OK;
}