LINEBURG


<< . .

 8
( 9)



. . >>

Section 7.3.1, “KeyedHash”
Section 7.3.2, “Hash”




7-12 Oracle Cryptographic Toolkit Programmer™s Guide
Hash



7.3.1 KeyedHash

Purpose
The following KeyedHash routine generates a public key checksum.

Parameter Descriptions
Following is a list of parameters, their descriptions, modes, and types.

Table 7“24 KeyedHash parameters for raw data
Parameter Name Mode Type
persona IN Persona
input IN RAW
keyed_hash OUT RAW
hash_state IN Crypto_Engine_State

Table 7“25 KeyedHash parameters for string data
Parameter Name Mode Type
persona IN Persona
input_string IN VARCHAR2
keyed_hash OUT RAW
hash_state IN Crypto_Engine_State




PL/SQL Functions 7-13
Hash



7.3.2 Hash

Purpose
The following Hash routine generates a checksum.

Parameter Descriptions
Following is a list of parameters, their descriptions, modes, and types.

Table 7“26 Hash parameters for raw data
Parameter Name Mode Type
persona IN Persona
input IN RAW
hash OUT RAW
hash_state IN Crypto_Engine_State

Table 7“27 Hash parameters for string data
Parameter Name Mode Type
persona IN Persona
input_string IN VARCHAR2
hash OUT RAW
hash_state IN Crypto_Engine_State




7-14 Oracle Cryptographic Toolkit Programmer™s Guide
Random Number Generation




7.4 Random Number Generation
Use the DBMS_RANDOM package to generate random numbers. The routines con-
tained within the package are as follows.

SeedRandom
The following SeedRandom routine supplies a seed to the Oracle Cryptographic
Toolkit™s random number generator.

Parameter Descriptions
Following is a list of parameter names, their modes, and types.

Table 7“28 SeedRandom parameters for numeric data
Parameter Name Mode Type
seed IN BINARY_INTEGER


Random
The Random routine generates a random number between -9999999999 and
9999999999. This function returns a BINARY_INTEGER.




PL/SQL Functions 7-15
Random Number Generation




7-16 Oracle Cryptographic Toolkit Programmer™s Guide
Part III
Appendices

Part III, Appendices, contains the following reference information:
“Sample PL/SQL Code”
s


“OCI - API Mappings”
s
A
Sample PL/SQL Code

This appendix contains a sample PL/SQL program written in C.
“Sample PL/SQL Program”
s




Sample PL/SQL Code A-1
Sample PL/SQL Program



A.1 Sample PL/SQL Program
Following is a sample PL/SQL program for your reference. Segments of this code
are numbered and contain narrative text explaining portions of the code.
declare
wallet dbms_crypto_toolkit.Wallet;
persona_list dbms_crypto_toolkit.Persona_List;
persona dbms_crypto_toolkit.Persona;
string_input VARCHAR2(6) := ˜123456™;
signature RAW(2048);
signing_party dbms_crypto_toolkit.Identity;
recipient dbms_crypto_toolkit.Identity;

-- Flags to indicate the package state.
initialized BOOLEAN := FALSE;
wallet_opened BOOLEAN := FALSE;
persona_opened BOOLEAN := FALSE;

operation_unsupported EXCEPTION;
PRAGMA EXCEPTION_INIT (operation_unsupported, -28841);
ENCRYPTION_UNSUPPORTED_MESSAGE VARCHAR2(64) :=
˜**** ENCRYPTION UNSUPPORTED - IGNORING EXCEPTION ****™;
encrypted_string VARCHAR2 (2048);
decrypted_string VARCHAR2 (2048);
extracted_string VARCHAR2 (128);
hash_string VARCHAR2 (2048);
string_verified BOOLEAN := FALSE;
string_validated BOOLEAN := FALSE;
all_done BOOLEAN := FALSE;
done_exception EXCEPTION;

BEGIN
1. Start Oracle Cryptographic Toolkit operation.
dbms_output.put_line(˜> Initialize™);
dbms_crypto_toolkit.Initialize;
initialized := TRUE;




A-2 Oracle Cryptographic Toolkit Programmer™s Guide
Sample PL/SQL Program



Open a wallet at the default location.
2.
dbms_output.put_line(˜> OpenWallet™);
dbms_crypto_toolkit.OpenWallet(˜server1™, wallet, persona_list, ˜default:™);
wallet_opened := TRUE;

Establish the identity associated with the ¬rst persona in the new wallet as the
3.
recipient.
dbms_output.put_line(˜>Alias ˜ || persona_list(1).alias);
dbms_output.put_line(˜>Comment ˜ || persona_list(1).comment);
persona.persona := persona_list(1).persona;
recipient.Descriptor := persona_list(1).identity;

Open the ¬rst persona.
4.
dbms_output.put_line(˜> OpenPersona™);
dbms_crypto_toolkit.OpenPersona(persona);
persona_opened := TRUE;

Create an attached signature associated with the current persona.
5.
dbms_output.put_line(˜> Sign™);
dbms_crypto_toolkit.Sign(persona => persona, input => string_input,
signature => signature);

Verify the attached signature.
6.
dbms_output.put_line(˜> Verify™);
dbms_crypto_toolkit.Verify(persona => persona,
signature => signature,
extracted_message => extracted_string,
verified => string_verified,
validated => string_validated,
signing_pary_identity => signing_party);

IF string_validated THEN
dbms_output.put_line(˜> Validated™);
END IF;
IF string_verified THEN
dbms_output.put_line(˜> Verified™);
END IF;

Create a detached signature associated with the current persona.
7.
dbms_output.put_line(˜> Sign detached™);
dbms_crypt_toolkit.SignDetached(persona => persona,




Sample PL/SQL Code A-3
Sample PL/SQL Program



input => string_input,
signature => signature);

Verify the detached signature.
8.
dbms_output.put_line(˜> Verify detached™);
dbms_crypto_toolkit.VerifyDetached(persona => persona,
data => string_input,
signature => signature,
verified => string_verified,
validated => string_validated,
signing_party_identity => signing_party);

IF string_validated THEN
dbms_output.put_line(˜> Validated™);
END IF;
IF string_verified THEN
dbms_output.put_line(˜> Verified™);
END IF;

Generate a hash of the current message.
9.
dbms_output.put_line(˜> Hash™);
dbms_crypto_toolkit.Hash(persona => persona,
input => string_input,
hash => hash_string);

IF string_input = hash_string THEN
dbms_output.put_line(˜> Hash Succeeded™);
END IF;

all_done := TRUE
RAISE done_exception;

EXCEPTION

WHEN others THEN

10. Close the current open persona.
IF persona_opened THEN
dbms_output.put_line(˜>ClosePersona.ClosePersona™);
dbms_crypto_toolkit.ClosePersona(persona);
END IF;




A-4 Oracle Cryptographic Toolkit Programmer™s Guide
Sample PL/SQL Program



BEGIN

11. Close the current open persona.
IF persona_opened THEN
dbms_output.put_line(˜> ClosePersona™);
dbms_crypto_toolkit.ClosePersona(persona);
END IF;

12. Close the open wallet.
IF wallet_opened THEN
dbms_output.put_line(˜> CloseWallet™);
dbms_crypto_toolkit.CloseWallet(wallet);
END IF;

13. Stop the Oracle Cryptographic Toolkit operation.
IF initialized THEN
dbms_output.put_line(˜> Terminate™);
dbms_crypto_toolkit.TERMINATE;
END IF;

IF all_done = FALSE THEN
RAISE;
END;




Sample PL/SQL Code A-5
Sample PL/SQL Program




A-6 Oracle Cryptographic Toolkit Programmer™s Guide
B
OCI - API Mappings

This chapter lists each Oracle Call Interface (OCI) function that is directly mapped
to an Application Programming Interface (API) function. De¬nitions for each func-
tion are also provided. The following topics are discussed:
“Mappings”
s


“OCI - API Mapping Exceptions”
s




OCI - API Mappings B-1
Mappings



B.1 Mappings
B.1.1 Overview
The Oracle Call Interface functions are direct mappings from the Oracle Security
Server Toolkit Application Programming Interface to the Oracle Call Interface.

B.1.2 OCI - API Mappings
Table B“1, “OCI Function Names and Descriptions”, below lists each Oracle Secu-
rity Server OCI function along with its description.

Table B“1 OCI Function Names and Descriptions
OCI Name Description
OCISecurityOpenWallet Open a wallet based on a WRL
OCISecurityCloseWallet Close a wallet
OCISecurityCreateWallet Create a new wallet
OCISecurityDestroyWallet Destroy an existing wallet
OCISecurityStorePersona Store a persona in a wallet
OCISecurityOpenPersona Open a persona
OCISecurityClosePersona Close a persona
OCISecurityRemovePersona Remove a persona from a wallet
OCISecurityCreatePersona Create a persona
OCISecuritySetProtection Modify the protection set in a persona
OCISecurityGetProtection Get the protection set in a persona
OCISecurityRemoveIdentity Remove an identity from a persona
OCISecurityCreateIdentity Create an Identity
OCISecurityAbortIdentity Discard an unstored identity
OCISecurityStoreTrusted Store an identity with an associated trust
Identity
OCISecuritySign Generate an attached signature
OCISecuritySignExpansion Determine the size of the attached signature buffer
OCISecurityVerify Verify an attached signature




B-2 Oracle Cryptographic Toolkit Programmer™s Guide
OCI - API Mapping Exceptions



Table B“1 OCI Function Names and Descriptions
OCI Name Description
OCISecurityValidate Validate an identity
OCISecuritySignDetached Generate a detached signature
OCISecuritySignDetExpansion Determine the size of buffer needed
OCISecurityVerifyDetached Verify a detached signature
OCISecurityKeyedHash Generate a keyed hash
OCISecurityKeyedHash Determine the space needed for a keyed hash
Expansion
OCISecurityHash Generate a hash
OCISecurityHashExpansion Determine the size of the TDU for the hash
OCISecuritySeedRandom supplies a seed to the Oracle Cryptographic Toolkit™s ran-
dom number generator
OCISecurityRandomBytes Generate a series of random bytes
OCISecurityRandomNumber Generate a random number
OCISecurityInitBlock Initialize a buffer block
OCISecurityReuseBlock Reuse a buffer block
OCISecurityPurgeBlock Purge the memory used within a buffer block
OCISecuritySetBlock Set the block to a known state




B.2 OCI - API Mapping Exceptions
There are no OCI - API mapping exceptions at this time.


<< . .

 8
( 9)



. . >>

Copyright Design by: Sunlight webdesign