PKI/HSM

PKCS#11 ํ•จ์ˆ˜ ๋ฐ ์‚ฌ์šฉ

JayKim๐Ÿ™‚ 2023. 4. 20. 11:15

์ด์ œ PKCS#11 ์— ์ •์˜ ๋œ C API ์— ๋Œ€ํ•œ ์„ค๋ช…๊ณผ ์‚ฌ์šฉ์— ๋Œ€ํ•œ ์˜ˆ์‹œ๋ฅผ ์„ค๋ช…ํ•œ๋‹ค.

PKCS#11 Functions

  • ์ผ๋ฐ˜ ๋ชฉ์ ์˜ ํ•จ์ˆ˜
    Initialize, GetInfo, Fianlize, GetFuctionList
  • ์Šฌ๋กฏ ๋ฐ ํ† ํฐ ๊ด€๋ฆฌ
    GetSlotList, GetSlotInfo , InitToken, InitPIN, SetPIN, WaitForSlotEvent, GetTokenInfo, GetMechanismList, GetMechanismInfo
  • ๊ฐ์ฒด ๊ด€๋ฆฌ
    CreateObject, CopyObject, DestrotyObject, GetObjectSize, GetAttributeValue, SetAttributeValue, FindObjectInit, FindObject, FindObjectFinal
  • ์•”/๋ณตํ˜ธํ™”
    EncryptInit, Encrypt, EncryptUpdate, EncryptFinal, DecryptInit, Decrypt, DecryptUpdate, DecryptFinal
  • ํ•ด์‰ฌ
    DigestInit, Digest, DigestUpdate, DigestKey, DigestFinal
  • ์ „์ž ์„œ๋ช… ๋ฐ MAC ๊ฒ€์ฆ
    SigInit, Sign, SignUpdate, SignFinal, SignRecoverInit, SignRecover
    VerifyInit, Verify, VerifyUpdate, VerifyFinal, VerifyRecoverInit, VerifyRecover
  • ํ‚ค ๊ด€๋ฆฌ
    GenerateKey, GenerateKeyPair, WrapKey, UnwrapKey, DeriveKey
  • ๋žœ๋ค ๊ฐ’ ์ƒ์„ฑ
    SeedRandom, GenerateRandom

์ด๋ ‡๊ฒŒ ์•”ํ˜ธํ™”์™€ ๊ด€๋ จํ•œ ๋‹ค์–‘ํ•œ ํ•จ์ˆ˜๋“ค์ด ์ œ๊ณต ๋œ๋‹ค.

๊ด€๋ จ ํ•จ์ˆ˜์— ๋Œ€ํ•ด์„œ๋Š” OASIS ์— ์ž์„ธํ•œ ์„ค๋ช…์ด ๋‚˜์™€ ์žˆ๋‹ค.

PKCS#11 ์‚ฌ์šฉ๋ฒ• ์˜ˆ์ œ

cryptoki ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ๋‹ค์Œ ์ฒ˜๋Ÿผ ํ•ด๋‹น ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋ฅผ ํ˜ธ์ถœ ํ•œ๋‹ค.

CK_RV (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR);
CK_FUNCTION_LIST *pFuncList = NULL;

handle = lt_dlopen( pLibraryPath );
c_get_function_list = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR))lt_dlsym( handle, "C_GetFunctionList");

ret = c_get_function_list( &pFuncList );

ret = pFuncList -> C_Initialize( NULL );

์ด๋ ‡๊ฒŒ ์ดˆ๊ธฐํ™”๋ฅผ ํ•˜๊ณ  ๋‚œ ํ›„ ๊ฐ๊ฐ์˜ ํ•จ์ˆ˜๋ฅผ ๋ชจ๋‘ ๋™์  ํ˜ธ์ถœ ํ•˜์ง€ ์•Š๊ณ  ํ•จ์ˆ˜ ๋ชฉ๋ก์„ ๋ถˆ๋กœ์˜ค๋Š” ํ•จ์ˆ˜ ์ด์šฉํ•จ

PKCS#11 ๋ฐ๋ชจ ํ™”๋ฉด

๋‹ค์Œ ํ™”๋ฉด๋“ค์€ CryptokiMan ์„ ์ด์šฉํ•ด SoftHSM ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋ฅผ ํ˜ธ์ถœ ํ•œ ํ™”๋ฉด์„ ๋‚˜ํƒ€๋‚ด๋‹ค.

์ด ํ™”๋ฉด์€ Cryptoki ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋ฅผ ์ฝ์–ด์„œ C_Initialize ์ด ํ›„ ์Šฌ๋กฏ ๋ฐ ๋ฉ”์ปค๋‹ˆ์ฆ˜์„ ํ•จ์ˆ˜๋ฅผ ํ˜ธ์ถœ ํ•œ ํ™”๋ฉด์ด๋‹ค.

๋‹ค์Œ ํ™”๋ฉด์€ ์‚ฌ์šฉ์ž ์„ธ์…˜์„ ์—ด์–ด์„œ ๋กœ๊ทธ์ธ ํ›„ ์ธ์ฆ์„œ ๋ชฉ๋ก์„ ์ฝ์–ด์™€์„œ ์ธ์ฆ์„œ ์ •๋ณด๋ฅผ ๋ณด๊ธฐ ํ•œ ํ™”๋ฉด์ด๋‹ค.
๊ทธ๋ฆผ ์ธ์ฆ์„œ ๋ณด๊ธฐ ๊ธฐ๋Šฅ์€ PKCS#11 ๊ธฐ๋Šฅ์ด ์•„๋‹ˆ๊ตฌ PKCS#11 ์ธ์ฆ์„œ ์ฝ๊ธฐ ํ•จ์ˆ˜๋กœ ์ฝ์–ด์„œ CryptokiMan ์— ์žˆ๋Š” ์ธ์ฆ์„œ ๋ณด๊ธฐ ๊ธฐ๋Šฅ์ด๋‹ค.

์ด๋ ‡๊ฒŒ PKCS#11 ์„ ์ œ๊ณต ํ•˜๋Š” ๋ณด์•ˆํ† ํฐ์˜ ๊ฒฝ์šฐ PKCS#11 ์„ ์‚ฌ์šฉํ•˜๋Š” ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์—์„œ๋Š” ๋‹ค์–‘ํ•œ ์žฅ์น˜๋ฅผ ์—ฐ๊ฒฐ์„ ๊ฐ€๋Šฅ ํ•˜๊ฒŒ ํ•ด์ค€๋‹ค.