|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# COPYRIGHT (c) International Business Machines Corp. 2011-2017
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
# version 1.0 (CPL-1.0). Any use, reproduction or distribution for this software
|
|
Packit |
8681c6 |
# constitutes recipient's acceptance of CPL-1.0 terms which can be found
|
|
Packit |
8681c6 |
# in the file LICENSE file or at https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# openCryptoki debugging helper script
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# Kent Yoder <yoder1@us.ibm.com>
|
|
Packit |
8681c6 |
# April 29, 2011
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# Functions:
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# ock_dump_obj_template <OBJECT *>
|
|
Packit |
8681c6 |
# ock_dump_object_map
|
|
Packit |
8681c6 |
# ock_dump_sess_btree
|
|
Packit |
8681c6 |
# ock_dump_sess_obj_btree
|
|
Packit |
8681c6 |
# ock_dump_priv_tok_obj_btree
|
|
Packit |
8681c6 |
# ock_dump_publ_tok_obj_btree
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
set $OBJECT_MAP = 1
|
|
Packit |
8681c6 |
set $OBJECT = 2
|
|
Packit |
8681c6 |
set $SESSION = 3
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# ock_dump_obj_template <OBJECT *>
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# Dump an OBJECT's template of attributes
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
define ock_dump_obj_template
|
|
Packit |
8681c6 |
set $obj = ($arg0)
|
|
Packit |
8681c6 |
set $node = $obj->template->attribute_list
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while ($node)
|
|
Packit |
8681c6 |
print *(CK_ATTRIBUTE *)($node->data)
|
|
Packit |
8681c6 |
set $node = $node->next
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define __ock_print_node_type
|
|
Packit |
8681c6 |
if $arg1 == $OBJECT_MAP
|
|
Packit |
8681c6 |
print *((OBJECT_MAP *)($arg0)->value)
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
if $arg1 == $OBJECT
|
|
Packit |
8681c6 |
print *((OBJECT *)($arg0)->value)
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
if $arg1 == $SESSION
|
|
Packit |
8681c6 |
print *((SESSION *)($arg0)->value)
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define __ock_print_node
|
|
Packit |
8681c6 |
set $n = ($arg0)
|
|
Packit |
8681c6 |
set $loc = ($arg1)
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while ($loc > 1)
|
|
Packit |
8681c6 |
if ($loc & 1)
|
|
Packit |
8681c6 |
set $n = $n->right
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
set $n = $n->left
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
set $loc = $loc >> 1
|
|
Packit |
8681c6 |
printf " "
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ($n->flags & 1)
|
|
Packit |
8681c6 |
printf "`- %d: (deleted node)\n", $arg1
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
printf "`- %d: ", $arg1
|
|
Packit |
8681c6 |
__ock_print_node_type $n $arg2
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define __ock_dump_tree
|
|
Packit |
8681c6 |
set $size = ($arg0).size + 1
|
|
Packit |
8681c6 |
set $i = 1
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf "tree: size %d, free nodes: %d\n", $arg0.size, ($arg0).free_nodes
|
|
Packit |
8681c6 |
while ($i < $size)
|
|
Packit |
8681c6 |
__ock_print_node ($arg0).top $i ($arg1)
|
|
Packit |
8681c6 |
set $i = $i + 1
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define ock_dump_object_map
|
|
Packit |
8681c6 |
__ock_dump_tree object_map_btree $OBJECT_MAP
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define ock_dump_sess_btree
|
|
Packit |
8681c6 |
__ock_dump_tree sess_btree $SESSION
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define ock_dump_sess_obj_btree
|
|
Packit |
8681c6 |
__ock_dump_tree sess_obj_btree $OBJECT
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define ock_dump_priv_tok_obj_btree
|
|
Packit |
8681c6 |
__ock_dump_tree priv_token_obj_btree $OBJECT
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define ock_dump_publ_tok_obj_btree
|
|
Packit |
8681c6 |
__ock_dump_tree publ_token_obj_btree $OBJECT
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
define dump_ec_key_token
|
|
Packit |
8681c6 |
set $tok = ($arg0)
|
|
Packit |
8681c6 |
printf "----------------------- HEADER SECTION -----------------------\n"
|
|
Packit |
8681c6 |
printf "Token ID: 0x%02X\n", $tok
|
|
Packit |
8681c6 |
printf "Token Version Number: 0x%02X\n", $tok[1]
|
|
Packit |
8681c6 |
printf "Length in bytes of token structure: 0x%02X%02X\n", $tok[2], $tok[3]
|
|
Packit |
8681c6 |
printf "----------------------- PRIVATE SECTION -----------------------\n"
|
|
Packit |
8681c6 |
set $priv = $tok[8]
|
|
Packit |
8681c6 |
printf "Section ID: 0x%02X\n", $priv
|
|
Packit |
8681c6 |
printf "\tX'20': ECC private key\n"
|
|
Packit |
8681c6 |
printf "Section version number: 0x%02X\n", $tok[9]
|
|
Packit |
8681c6 |
printf "Section len: 0x%02X%02X\n", $tok[10], $tok[11]
|
|
Packit |
8681c6 |
printf "Wrapping method: 0x%02X\n", $tok[12]
|
|
Packit |
8681c6 |
printf "\tX'00': Section is unencrypted (clear), X'01': AESKW, X'02: CBC\n"
|
|
Packit |
8681c6 |
printf "Hash method used for wrapping: 0x%02X\n", $tok[13]
|
|
Packit |
8681c6 |
printf "\tX'01': SHA-224, X'02': SHA-256\n"
|
|
Packit |
8681c6 |
printf "Key usage: 0x%02X\n", $tok[16]
|
|
Packit |
8681c6 |
printf "\tX'C0': Key agreement, X'80': Both signature gen & key agreement\n"
|
|
Packit |
8681c6 |
printf "\tX'00': Signature generation only, X'02': Translate allowed\n"
|
|
Packit |
8681c6 |
printf "Curve type: 0x%02X\n", $tok[17]
|
|
Packit |
8681c6 |
printf "\tX'00': Prime curve, X'01': Brainpool curve\n"
|
|
Packit |
8681c6 |
printf "Key format and security flag: 0x%02X\n", $tok[18]
|
|
Packit |
8681c6 |
printf "\tEncrypted internal ECC: X'08', "
|
|
Packit |
8681c6 |
printf "Unencrypted external ECC: X'40', "
|
|
Packit |
8681c6 |
printf "Encrypted external ECC: X'42'\n"
|
|
Packit |
8681c6 |
printf "Length of p in bits: 0x%02X%02X\n", $tok[20], $tok[21]
|
|
Packit |
8681c6 |
printf "\tX'00A0': Brainpool P-160\n"
|
|
Packit |
8681c6 |
printf "\tX'00C0': Prime P-192, Brainpol P-192\n"
|
|
Packit |
8681c6 |
printf "\tX'00E0': Brainpool P-224, Prime P-224\n"
|
|
Packit |
8681c6 |
printf "\tX'0100': Brainpool P-256, Prime P-256\n"
|
|
Packit |
8681c6 |
printf "\tX'0140': Brainpool P-320\n"
|
|
Packit |
8681c6 |
printf "\tX'0180': Prime P-384, Brainpool P-384\n"
|
|
Packit |
8681c6 |
printf "\tX'0200': Brainpool P-512\n"
|
|
Packit |
8681c6 |
printf "\tX'0209': Prime P-521\n"
|
|
Packit |
8681c6 |
printf "IBM associated data length in bytes: 0x%02X%02X\n", $tok[22], $tok[23]
|
|
Packit |
8681c6 |
printf "Master key verification pattern:\n\t"
|
|
Packit |
8681c6 |
set $i = 0
|
|
Packit |
8681c6 |
while ($i < 8)
|
|
Packit |
8681c6 |
printf "%02X", $tok[24+$i]
|
|
Packit |
8681c6 |
set $i = $i+1
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
printf "\n"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf "Associated data length: 0x%02X%02X\n", $tok[80], $tok[81]
|
|
Packit |
8681c6 |
printf "Length of formatted section in bytes: 0x%02X%02X\n", $tok[82], $tok[83]
|
|
Packit |
8681c6 |
printf "-------- Begin formatted section (include d) data --------\n"
|
|
Packit |
8681c6 |
set $dlen = $tok[83]
|
|
Packit |
8681c6 |
set $assclen = $tok[81]
|
|
Packit |
8681c6 |
set $i = 0
|
|
Packit |
8681c6 |
while ($i < $dlen)
|
|
Packit |
8681c6 |
printf "%02X", $tok[84+$assclen+$i]
|
|
Packit |
8681c6 |
set $i = $i+1
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
printf "\n-------- End formatted section data --------\n"
|
|
Packit |
8681c6 |
printf "----------------------- PUBLIC SECTION -----------------------\n"
|
|
Packit |
8681c6 |
set $privlen = $tok[11]
|
|
Packit |
8681c6 |
set $puboffset = $privlen+8
|
|
Packit |
8681c6 |
printf "Section ID: 0x%02X\n", $tok[$puboffset]
|
|
Packit |
8681c6 |
printf "\tX'21': ECC public key\n"
|
|
Packit |
8681c6 |
printf "Section version number: 0x%02X\n", $tok[$puboffset+1]
|
|
Packit |
8681c6 |
printf "Section length: 0x%02X%02X\n", $tok[$puboffset+2], $tok[$puboffset+3]
|
|
Packit |
8681c6 |
printf "Curve type: 0x%02X\n", $tok[$puboffset+8]
|
|
Packit |
8681c6 |
printf "\tX'00': Prime curve, X'01': Brainpool curve\n"
|
|
Packit |
8681c6 |
printf "Length of p in bits: 0x%02X%02X\n", $tok[$puboffset+10], $tok[$puboffset+11]
|
|
Packit |
8681c6 |
printf "Length of public key q in bytes: 0x%02X%02X\n", $tok[$puboffset+12], $tok[$puboffset+13]
|
|
Packit |
8681c6 |
printf "-------- Begin q data --------\n"
|
|
Packit |
8681c6 |
set $qlen = $tok[$puboffset+13]
|
|
Packit |
8681c6 |
set $i = 0
|
|
Packit |
8681c6 |
while ($i < $qlen)
|
|
Packit |
8681c6 |
printf "%02X", $tok[$puboffset+14+$i]
|
|
Packit |
8681c6 |
set $i = $i+1
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
printf "\n-------- End q data --------\n"
|
|
Packit |
8681c6 |
end
|
|
Packit |
8681c6 |
document dump_ec_key_token
|
|
Packit |
8681c6 |
Print the Elliptic Curve key token generated by CSNDPKG.
|
|
Packit |
8681c6 |
end
|