void DigestTests::testDigest()
{
CK_RV rv;
CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
CK_MECHANISM mechanism = {
CKM_SHA512, NULL_PTR, 0
};
CK_ULONG digestLen;
CK_BYTE_PTR digest;
CK_BYTE data[] = {"Text to digest"};
// Just make sure that we finalize any previous tests
CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, NULL_PTR, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) );
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_Digest(CK_INVALID_HANDLE, data, sizeof(data)-1, NULL_PTR, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, NULL_PTR, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_OPERATION_NOT_INITIALIZED);
rv = CRYPTOKI_F_PTR( C_DigestInit(hSession, &mechanism) );
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, NULL_PTR, sizeof(data)-1, NULL_PTR, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, NULL_PTR, NULL_PTR) );
CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, NULL_PTR, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_OK);
digest = (CK_BYTE_PTR)malloc(digestLen);
digestLen = 0;
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, digest, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_BUFFER_TOO_SMALL);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, digest, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, digest, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_OPERATION_NOT_INITIALIZED);
free(digest);
}
HRESULT Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_CryptokiDigest::DigestInternal___SZARRAY_U1__SZARRAY_U1__I4__I4( CLR_RT_StackFrame& stack )
{
TINYCLR_HEADER();
CLR_RT_HeapBlock* pThis = stack.This();
CLR_RT_HeapBlock_Array* pData = stack.Arg1().DereferenceArray();
CLR_INT32 offset = stack.Arg2().NumericByRef().s4;
CLR_INT32 len = stack.Arg3().NumericByRef().s4;
CLR_RT_HeapBlock* pSession = pThis[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_SessionContainer::FIELD__m_session].Dereference();
CLR_INT32 digestSize = pThis[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_CryptokiDigest::FIELD__m_hashSize].NumericByRef().s4;
CK_SESSION_HANDLE hSession;
//CLR_INT32 maxProcessingBytes;
FAULT_ON_NULL_ARG(pData);
FAULT_ON_NULL(pSession);
if((offset + len) > (CLR_INT32)pData->m_numOfElements) TINYCLR_SET_AND_LEAVE(CLR_E_OUT_OF_RANGE);
hSession = (CK_SESSION_HANDLE)pSession[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Session::FIELD__m_handle].NumericByRef().s4;
if(hSession == CK_SESSION_HANDLE_INVALID) TINYCLR_SET_AND_LEAVE(CLR_E_OBJECT_DISPOSED);
// TODO: add code for processing chunks at a time if size is too big
//maxProcessingBytes = pSession[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Session::FIELD__m_maxProcessingBytes].NumericByRef().s4;
TINYCLR_CHECK_HRESULT(CLR_RT_HeapBlock_Array::CreateInstance(stack.PushValue(), digestSize, g_CLR_RT_WellKnownTypes.m_UInt8));
CRYPTOKI_CHECK_RESULT(stack, C_Digest(hSession, pData->GetElement(offset), len, stack.TopValue().DereferenceArray()->GetFirstElement(), (CK_ULONG_PTR)&digestSize));
TINYCLR_NOCLEANUP();
}
void DigestTests::testDigestAll()
{
CK_RV rv;
CK_SESSION_HANDLE hSession;
CK_MECHANISM mechanisms[] = {
#ifndef WITH_FIPS
{ CKM_MD5, NULL_PTR, 0 },
#endif
{ CKM_SHA_1, NULL_PTR, 0 },
{ CKM_SHA224, NULL_PTR, 0 },
{ CKM_SHA256, NULL_PTR, 0 },
{ CKM_SHA384, NULL_PTR, 0 },
{ CKM_SHA512, NULL_PTR, 0 },
#ifdef WITH_GOST
{ CKM_GOSTR3411, NULL_PTR, 0 },
#endif
};
CK_ULONG digestLen;
CK_BYTE_PTR digest;
CK_BYTE data[] = {"Text to digest"};
// Just make sure that we finalize any previous tests
CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) );
CPPUNIT_ASSERT(rv == CKR_OK);
for (unsigned int i = 0; i < sizeof(mechanisms)/sizeof(CK_MECHANISM); i++)
{
rv = CRYPTOKI_F_PTR( C_DigestInit(hSession, &mechanisms[i]) );
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, NULL_PTR, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_OK);
digest = (CK_BYTE_PTR)malloc(digestLen);
rv = CRYPTOKI_F_PTR( C_Digest(hSession, data, sizeof(data)-1, digest, &digestLen) );
CPPUNIT_ASSERT(rv == CKR_OK);
free(digest);
}
}
/*
* Compute hashes using metaslot (or softtoken).
* Not all hardware tokens support the combined HASH + RSA/EC
* Signing operations so it is safer to separate the hashing
* from the signing. This function generates a hash using a
* separate session. The resulting digest can be signed later.
*/
KMF_RETURN
PKCS_DigestData(KMF_HANDLE_T handle,
CK_SESSION_HANDLE hSession,
CK_MECHANISM_TYPE mechtype,
KMF_DATA *tobesigned, KMF_DATA *output,
boolean_t pkcs1_encoding)
{
KMF_RETURN rv = KMF_OK;
CK_RV ckrv;
CK_MECHANISM mechanism;
KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
CK_BYTE outbuf[MAX_SHA2_DIGEST_LENGTH +
sizeof (SHA512_DER_PREFIX)];
CK_ULONG outlen = sizeof (outbuf);
mechanism.mechanism = mechtype;
mechanism.pParameter = NULL;
mechanism.ulParameterLen = 0;
ckrv = C_DigestInit(hSession, &mechanism);
if (ckrv != CKR_OK) {
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckrv;
rv = KMF_ERR_INTERNAL;
goto end;
}
ckrv = C_Digest(hSession, tobesigned->Data,
tobesigned->Length, outbuf, &outlen);
if (ckrv != CKR_OK) {
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckrv;
rv = KMF_ERR_INTERNAL;
}
if (pkcs1_encoding) {
uchar_t *pfx;
int pfxlen;
switch (mechtype) {
case CKM_MD5:
pfx = MD5_DER_PREFIX;
pfxlen = sizeof (MD5_DER_PREFIX);
break;
case CKM_SHA_1:
pfx = SHA1_DER_PREFIX;
pfxlen = sizeof (SHA1_DER_PREFIX);
break;
case CKM_SHA256:
pfx = SHA256_DER_PREFIX;
pfxlen = sizeof (SHA256_DER_PREFIX);
break;
case CKM_SHA384:
pfx = SHA384_DER_PREFIX;
pfxlen = sizeof (SHA384_DER_PREFIX);
break;
case CKM_SHA512:
pfx = SHA512_DER_PREFIX;
pfxlen = sizeof (SHA512_DER_PREFIX);
break;
default:
rv = KMF_ERR_BAD_ALGORITHM;
goto end;
}
(void) memcpy(output->Data, pfx, pfxlen);
(void) memcpy(output->Data + pfxlen, outbuf, outlen);
output->Length = outlen + pfxlen;
} else {
(void) memcpy(output->Data, outbuf, outlen);
output->Length = outlen;
}
end:
return (rv);
}
