Change this program example to suit your needs for registering a hash of a public key certificate.
/*-------------------------------------------------------------------*/
/* REGHASH */
/* */
/* Sample program to register the hash of a CCA public key */
/* certificate. */
/* */
/* COPYRIGHT 5769-SS1 (C) IBM CORP. 1999, 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these program. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* */
/* Note: Input format is more fully described in Chapter 2 of */
/* IBM CCA Basic Services Reference and Guide */
/* (SC31-8609) publication. */
/* */
/* Parameters: Stream file containing public key certificate */
/* */
/* Example: */
/* CALL PGM(REGHASH) PARM(CERTFILE) */
/* */
/* */
/* Note: This program assumes the card with the profile is */
/* already identified either by defaulting to the CRP01 */
/* device or by being explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/* The Common Cryptographic Architecture (CCA) verbs used are */
/* PKA_Public_Key_Hash_Register (CSNDPKH) and One_Way_Hash WH). */
/* (CSNBOWH). */
/* */
/* Use these commands to compile this program on the system: */
/* ADDLIBLE LIB(QCCA) */
/* CRTCMOD MODULE(REGHASH) SRCFILE(SAMPLE) */
/* CRTPGM PGM(REGHASH) MODULE(REGHASH) */
/* BNDDIR(QCCA/QC6BNDDIR) */
/* */
/* Note: Authority to the CSNDPKH and CSNBOWH service programs */
/* in the QCCA library is assumed. */
/* */
/*-------------------------------------------------------------------*/
#include <stdio.h>
#include <string.h>
#include "csucincl.h"
int main(int argc, char *argv[])
{
/*------------------------------------------------------------------*/
/* Declares for CCA parameters */
/*------------------------------------------------------------------*/
long return_code = 0;
long reason_code = 0;
long exit_data_length = 0;
char exit_data[4];
char rule_array[24];
long rule_array_count;
long token_len = 2500;
char token[2500];
long chaining_vector_length = 128;
long hash_length = 20;
long text_length;
unsigned char chaining_vector[128];
unsigned char hash[20];
/*------------------------------------------------------------------*/
/* Declares for working with a PKA token */
/*------------------------------------------------------------------*/
long pub_sec_len; /* Public section length */
long cert_sec_len; /* Certificate section length */
long offset; /* Offset into token */
long tempOffset; /* (Another) Offset into token */
char name[64]; /* Registered key name */
long count; /* Number of bytes read from file */
FILE *fp; /* File pointer */
if (argc < 2) /* Check the number of parameters passed */
{
printf("Need to enter a public key name\n");
return 1;
}
memset(name,' ',64); /* Copy key name (and pad) to a 64 byte */
/* field. */
memcpy(name,argv[1],strlen(argv[1]));
fp = fopen(argv[1],"rb"); /* Open the file for reading */
if (!fp)
{
printf("File %s not found.\n",argv[1]);
return 1;
}
memset(token,0,2500); /* Initialize the token to 0 */
count = fread(token,1,2500,fp); /* Read the token from the file */
fclose(fp); /* Close the file */
/* Determine length of token from length */
/* bytes at offset 2 and 3. */
token_len = ((256 * token[2]) + token[3]);
if (count < token_len) /* Check if whole token was read in */
{
printf("Incomplete token in file\n");
return 1;
}
/************************************************************/
/* Find the certificate offset in the token */
/* */
/* The layout of the token is */
/* */
/* - Token header - 8 bytes - including 2 length bytes */
/* - Public key section - length bytes at offset 10 overall */
/* - Private key name - 68 bytes */
/* - Certificate section */
/* */
/************************************************************/
pub_sec_len = ((256 * token[10]) + token[11]);
offset = pub_sec_len + 68 + 8; /* Set offset to certiicate section */
/* Determine certificate section */
/* length from the length bytes at */
/* offset 2 of the section. */
cert_sec_len = ((256 * token[offset + 2]) + token[offset + 3]);
tempOffset = offset + 4; /* Set offset to first subsection */
/*-----------------------------------------------------*/
/* Parse each subsection of the certificate until the */
/* signature subsection is found or the end is reached.*/
/* (Identifier for signature subsection is Hex 45.) */
/*-----------------------------------------------------*/
while(token[tempOffset] != 0x45 &&
tempOffset < offset + cert_sec_len)
{
tempOffset += 256 * token[tempOffset + 2] + token[tempOffset+3];
}
/*----------------------------------------------------*/
/* Check if no signature was found before the end of */
/* the certificate section. */
/*----------------------------------------------------*/
if (token[tempOffset] != 0x45)
{
printf("Invalid certificate\n");
return 1;
}
/**************************************************************/
/* Hash the certificate */
/**************************************************************/
text_length = tempOffset - offset + 70; /* Text length is length */
/* of certificate subsection. */
memcpy((void*)rule_array,"SHA-1 ",8); /* Set rule array */
rule_array_count = 1;
chaining_vector_length = 128;
hash_length = 20;
CSNBOWH( &return_code, &reason_code, &exit_data_length,
exit_data,
&rule_array_count,
(unsigned char*)rule_array,
&text_length,
&token[offset],
&chaining_vector_length,
chaining_vector,
&hash_length,
hash);
if (return_code != 0)
{
printf("One_Way_Hash Failed : return reason %d/%d\n",
return_code, reason_code);
return 1;
}
/**************************************************************/
/* Register the Hash */
/**************************************************************/
/* Set the rule array */
memcpy((void*)rule_array,"SHA-1 CLONE ",16);
rule_array_count = 2;
/* Build the name of the retained */
/* key from the file and "RETAINED"*/
memcpy(&name[strlen(argv[1])],".RETAINED",9);
CSNDPKH( &return_code, &reason_code, &exit_data_length,
exit_data,
&rule_array_count,
(unsigned char*)rule_array,
name,
&hash_length,
hash);
if (return_code != 0)
{
printf("Public Key Register_Hash Failed : return reason %d/%d\n",
return_code, reason_code);
return 1;
}
name[strlen(argv[1]) + 9] = 0; /* Convert name to a string */
printf("Hash registered for %s.\n",name);
}