in src/encrypt/aes_ecb.c [25:130]
CK_RV aes_ecb_sample(CK_SESSION_HANDLE session) {
CK_RV rv;
CK_BYTE_PTR decrypted_ciphertext = NULL;
// Generate a 256 bit AES key.
CK_OBJECT_HANDLE aes_key;
rv = generate_aes_key(session, 32, &aes_key);
if (CKR_OK != rv) {
printf("AES key generation failed: %lu\n", rv);
return rv;
}
CK_BYTE_PTR plaintext = "Data must be a 16 byte multiple.";
CK_ULONG plaintext_length = (CK_ULONG) strlen(plaintext);
CK_ULONG ciphertext_length = 0;
printf("Plaintext: %s\n", plaintext);
printf("Plaintext length: %lu\n", plaintext_length);
// Prepare the mechanism
CK_MECHANISM mech = {CKM_AES_ECB, NULL, 0};
//**********************************************************************************************
// Encrypt
//**********************************************************************************************
rv = funcs->C_EncryptInit(session, &mech, aes_key);
if (CKR_OK != rv) {
printf("Encryption Init failed: %lu\n", rv);
return rv;
}
// Determine how much memory will be required to hold the ciphertext.
rv = funcs->C_Encrypt(session, plaintext, plaintext_length, NULL, &ciphertext_length);
if (CKR_OK != rv) {
printf("Encryption failed: %lu\n", rv);
return rv;
}
// Allocate the required memory.
CK_BYTE_PTR ciphertext = malloc(ciphertext_length);
if (NULL == ciphertext) {
printf("Could not allocate memory for ciphertext\n");
return rv;
}
memset(ciphertext, 0, ciphertext_length);
// Encrypt the data.
rv = funcs->C_Encrypt(session, plaintext, plaintext_length, ciphertext, &ciphertext_length);
if (CKR_OK != rv) {
printf("Encryption failed: %lu\n", rv);
goto done;
}
// Print just the ciphertext in hex format
printf("Ciphertext: ");
print_bytes_as_hex(ciphertext, ciphertext_length);
printf("Ciphertext length: %lu\n", ciphertext_length);
//**********************************************************************************************
// Decrypt
//**********************************************************************************************
rv = funcs->C_DecryptInit(session, &mech, aes_key);
if (CKR_OK != rv) {
printf("Decryption Init failed: %lu\n", rv);
return rv;
}
// Determine how much memory is required to hold the decrypted text.
CK_ULONG decrypted_ciphertext_length = 0;
rv = funcs->C_Decrypt(session, ciphertext, ciphertext_length, NULL, &decrypted_ciphertext_length);
if (CKR_OK != rv) {
printf("Decryption failed: %lu\n", rv);
goto done;
}
// Allocate memory for the decrypted ciphertext.
decrypted_ciphertext = malloc(decrypted_ciphertext_length + 1); //We want to null terminate the raw chars later
if (NULL == decrypted_ciphertext) {
rv = 1;
printf("Could not allocate memory for decrypted ciphertext\n");
goto done;
}
// Decrypt the ciphertext.
rv = funcs->C_Decrypt(session, ciphertext, ciphertext_length, decrypted_ciphertext, &decrypted_ciphertext_length);
if (CKR_OK != rv) {
printf("Decryption failed: %lu\n", rv);
goto done;
}
decrypted_ciphertext[decrypted_ciphertext_length] = 0; // Turn the chars into a C-String via null termination
printf("Decrypted ciphertext: %s\n", decrypted_ciphertext);
printf("Decrypted ciphertext length: %lu\n", decrypted_ciphertext_length);
done:
if (NULL != decrypted_ciphertext) {
free(decrypted_ciphertext);
}
if (NULL != ciphertext) {
free(ciphertext);
}
return rv;
}