259 lines
12 KiB
HTML
259 lines
12 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="reference" />
|
||
|
<meta name="DC.Title" content="Example: ILE C program for registering a public key hash" />
|
||
|
<meta name="abstract" content="Change this program example to suit your needs for registering a hash of a public key certificate." />
|
||
|
<meta name="description" content="Change this program example to suit your needs for registering a hash of a public key certificate." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajcworking.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="reghashc" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Example: ILE C program for registering a public key hash</title>
|
||
|
</head>
|
||
|
<body id="reghashc"><a name="reghashc"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Example: ILE C program for registering a public key hash</h1>
|
||
|
<div><p>Change this program example to suit your needs for registering
|
||
|
a hash of a public key certificate. </p>
|
||
|
<div class="section"><div class="p"><div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
|
||
|
important legal information.</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div class="example"> <pre>/*-------------------------------------------------------------------*/
|
||
|
/* REGHASH */
|
||
|
/* */
|
||
|
/* Sample program to register the hash of a CCA public key */
|
||
|
/* certificate. */
|
||
|
/* */
|
||
|
/* COPYRIGHT 5769-SS1 (C) IBM CORP. 1999, 1999 */
|
||
|
/* */
|
||
|
/* This material contains programming source code for your */
|
||
|
/* consideration. These examples have not been thoroughly */
|
||
|
/* tested under all conditions. IBM, therefore, cannot */
|
||
|
/* guarantee or imply reliability, serviceability, or function */
|
||
|
/* of these program. All programs contained herein are */
|
||
|
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
|
||
|
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
|
||
|
/* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for */
|
||
|
/* these programs and files. */
|
||
|
/* */
|
||
|
/* */
|
||
|
/* Note: Input format is more fully described in Chapter 2 of */
|
||
|
/* IBM CCA Basic Services Reference and Guide */
|
||
|
/* (SC31-8609) publication. */
|
||
|
/* */
|
||
|
/* Parameters: Stream file containing public key certificate */
|
||
|
/* */
|
||
|
/* Example: */
|
||
|
/* CALL PGM(REGHASH) PARM(CERTFILE) */
|
||
|
/* */
|
||
|
/* */
|
||
|
/* Note: This program assumes the card with the profile is */
|
||
|
/* already identified either by defaulting to the CRP01 */
|
||
|
/* device or by being explicitly named using the */
|
||
|
/* Cryptographic_Resource_Allocate verb. Also this */
|
||
|
/* device must be varied on and you must be authorized */
|
||
|
/* to use this device description. */
|
||
|
/* */
|
||
|
/* The Common Cryptographic Architecture (CCA) verbs used are */
|
||
|
/* PKA_Public_Key_Hash_Register (CSNDPKH) and One_Way_Hash WH). */
|
||
|
/* (CSNBOWH). */
|
||
|
/* */
|
||
|
/* Use these commands to compile this program on the system: */
|
||
|
/* ADDLIBLE LIB(QCCA) */
|
||
|
/* CRTCMOD MODULE(REGHASH) SRCFILE(SAMPLE) */
|
||
|
/* CRTPGM PGM(REGHASH) MODULE(REGHASH) */
|
||
|
/* BNDDIR(QCCA/QC6BNDDIR) */
|
||
|
/* */
|
||
|
/* Note: Authority to the CSNDPKH and CSNBOWH service programs */
|
||
|
/* in the QCCA library is assumed. */
|
||
|
/* */
|
||
|
/*-------------------------------------------------------------------*/
|
||
|
#include <stdio.h>
|
||
|
#include <string.h>
|
||
|
#include "csucincl.h"
|
||
|
|
||
|
int main(int argc, char *argv[])
|
||
|
{
|
||
|
/*------------------------------------------------------------------*/
|
||
|
/* Declares for CCA parameters */
|
||
|
/*------------------------------------------------------------------*/
|
||
|
long return_code = 0;
|
||
|
long reason_code = 0;
|
||
|
long exit_data_length = 0;
|
||
|
char exit_data[4];
|
||
|
char rule_array[24];
|
||
|
long rule_array_count;
|
||
|
long token_len = 2500;
|
||
|
char token[2500];
|
||
|
long chaining_vector_length = 128;
|
||
|
long hash_length = 20;
|
||
|
long text_length;
|
||
|
unsigned char chaining_vector[128];
|
||
|
unsigned char hash[20];
|
||
|
/*------------------------------------------------------------------*/
|
||
|
/* Declares for working with a PKA token */
|
||
|
/*------------------------------------------------------------------*/
|
||
|
long pub_sec_len; /* Public section length */
|
||
|
long cert_sec_len; /* Certificate section length */
|
||
|
long offset; /* Offset into token */
|
||
|
long tempOffset; /* (Another) Offset into token */
|
||
|
char name[64]; /* Registered key name */
|
||
|
|
||
|
long count; /* Number of bytes read from file */
|
||
|
FILE *fp; /* File pointer */
|
||
|
|
||
|
if (argc < 2) /* Check the number of parameters passed */
|
||
|
{
|
||
|
printf("Need to enter a public key name\n");
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
memset(name,' ',64); /* Copy key name (and pad) to a 64 byte */
|
||
|
/* field. */
|
||
|
memcpy(name,argv[1],strlen(argv[1]));
|
||
|
|
||
|
fp = fopen(argv[1],"rb"); /* Open the file for reading */
|
||
|
if (!fp)
|
||
|
{
|
||
|
printf("File %s not found.\n",argv[1]);
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
memset(token,0,2500); /* Initialize the token to 0 */
|
||
|
count = fread(token,1,2500,fp); /* Read the token from the file */
|
||
|
fclose(fp); /* Close the file */
|
||
|
|
||
|
/* Determine length of token from length */
|
||
|
/* bytes at offset 2 and 3. */
|
||
|
token_len = ((256 * token[2]) + token[3]);
|
||
|
if (count < token_len) /* Check if whole token was read in */
|
||
|
{
|
||
|
printf("Incomplete token in file\n");
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
/************************************************************/
|
||
|
/* Find the certificate offset in the token */
|
||
|
/* */
|
||
|
/* The layout of the token is */
|
||
|
/* */
|
||
|
/* - Token header - 8 bytes - including 2 length bytes */
|
||
|
/* - Public key section - length bytes at offset 10 overall */
|
||
|
/* - Private key name - 68 bytes */
|
||
|
/* - Certificate section */
|
||
|
/* */
|
||
|
/************************************************************/
|
||
|
pub_sec_len = ((256 * token[10]) + token[11]);
|
||
|
|
||
|
offset = pub_sec_len + 68 + 8; /* Set offset to certiicate section */
|
||
|
|
||
|
/* Determine certificate section */
|
||
|
/* length from the length bytes at */
|
||
|
/* offset 2 of the section. */
|
||
|
cert_sec_len = ((256 * token[offset + 2]) + token[offset + 3]);
|
||
|
tempOffset = offset + 4; /* Set offset to first subsection */
|
||
|
|
||
|
/*-----------------------------------------------------*/
|
||
|
/* Parse each subsection of the certificate until the */
|
||
|
/* signature subsection is found or the end is reached.*/
|
||
|
/* (Identifier for signature subsection is Hex 45.) */
|
||
|
/*-----------------------------------------------------*/
|
||
|
while(token[tempOffset] != 0x45 &&
|
||
|
tempOffset < offset + cert_sec_len)
|
||
|
{
|
||
|
tempOffset += 256 * token[tempOffset + 2] + token[tempOffset+3];
|
||
|
}
|
||
|
|
||
|
/*----------------------------------------------------*/
|
||
|
/* Check if no signature was found before the end of */
|
||
|
/* the certificate section. */
|
||
|
/*----------------------------------------------------*/
|
||
|
if (token[tempOffset] != 0x45)
|
||
|
{
|
||
|
printf("Invalid certificate\n");
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
/**************************************************************/
|
||
|
/* Hash the certificate */
|
||
|
/**************************************************************/
|
||
|
text_length = tempOffset - offset + 70; /* Text length is length */
|
||
|
/* of certificate subsection. */
|
||
|
|
||
|
memcpy((void*)rule_array,"SHA-1 ",8); /* Set rule array */
|
||
|
rule_array_count = 1;
|
||
|
chaining_vector_length = 128;
|
||
|
hash_length = 20;
|
||
|
|
||
|
CSNBOWH( &return_code, &reason_code, &exit_data_length,
|
||
|
exit_data,
|
||
|
&rule_array_count,
|
||
|
(unsigned char*)rule_array,
|
||
|
&text_length,
|
||
|
&token[offset],
|
||
|
&chaining_vector_length,
|
||
|
chaining_vector,
|
||
|
&hash_length,
|
||
|
hash);
|
||
|
|
||
|
if (return_code != 0)
|
||
|
{
|
||
|
printf("One_Way_Hash Failed : return reason %d/%d\n",
|
||
|
return_code, reason_code);
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
/**************************************************************/
|
||
|
/* Register the Hash */
|
||
|
/**************************************************************/
|
||
|
/* Set the rule array */
|
||
|
memcpy((void*)rule_array,"SHA-1 CLONE ",16);
|
||
|
rule_array_count = 2;
|
||
|
/* Build the name of the retained */
|
||
|
/* key from the file and "RETAINED"*/
|
||
|
memcpy(&name[strlen(argv[1])],".RETAINED",9);
|
||
|
|
||
|
CSNDPKH( &return_code, &reason_code, &exit_data_length,
|
||
|
exit_data,
|
||
|
&rule_array_count,
|
||
|
(unsigned char*)rule_array,
|
||
|
name,
|
||
|
&hash_length,
|
||
|
hash);
|
||
|
|
||
|
if (return_code != 0)
|
||
|
{
|
||
|
printf("Public Key Register_Hash Failed : return reason %d/%d\n",
|
||
|
return_code, reason_code);
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
name[strlen(argv[1]) + 9] = 0; /* Convert name to a string */
|
||
|
printf("Hash registered for %s.\n",name);
|
||
|
|
||
|
}</pre>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcworking.htm" title="After you set up your Cryptographic Coprocessor, you can begin writing programs to make use of your Cryptographic Coprocessor's cryptographic functions.">Manage the Cryptographic Coprocessor</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|