int testRSAPub(CK_SESSION_HANDLE hSession) { CK_RV rv; int retVal = 0; CK_BBOOL ckTrue = CK_TRUE; CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; CK_BYTE publicExponent[] = { 1, 0, 1 }; CK_ULONG modulusBits = 1024; CK_MECHANISM mechanism = { CKM_VENDOR_DEFINED, NULL_PTR, 0 }; CK_OBJECT_HANDLE hPublicKey, hPrivateKey; CK_ATTRIBUTE publicKeyTemplate[] = { { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_WRAP, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, { CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits) }, { CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) } }; CK_ATTRIBUTE privateKeyTemplate[] = { { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_UNWRAP, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) } }; printf("\n******************************************************\n"); printf("* Test for public information in the RSA private key *\n"); printf("******************************************************\n\n"); printf("You normally have a public and private key object.\n"); printf("But the private key could contain all the necessary\n"); printf("information in order to export the public key from the\n"); printf("private key object. However, PKCS#11 cannot guarantee\n"); printf("that the HSM can do this. If the private key object\n"); printf("has all the necessary information, then you only need\n"); printf("to keep the private key. Thus saving space in the HSM.\n\n"); printf("Generate a key pair: "); rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, &hPublicKey, &hPrivateKey); if (rv != CKR_OK) { printf("Failed to generate a keypair. rv=%s\n", rv2string(rv)); return 1; } printf("OK\n"); retVal = testRSAPub_keypair(hSession, hPublicKey, hPrivateKey); p11->C_DestroyObject(hSession, hPublicKey); p11->C_DestroyObject(hSession, hPrivateKey); return retVal; }
int testStability_generate(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE *hPublicKey, CK_OBJECT_HANDLE *hPrivateKey) { CK_RV rv; CK_BBOOL ckTrue = CK_TRUE; CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; CK_BYTE publicExponent[] = { 1, 0, 1 }; CK_ULONG modulusBits = 1024; CK_MECHANISM mechanism = { CKM_VENDOR_DEFINED, NULL_PTR, 0 }; CK_ATTRIBUTE publicKeyTemplate[] = { { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_WRAP, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, { CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits) }, { CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) } }; CK_ATTRIBUTE privateKeyTemplate[] = { { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_UNWRAP, &ckTrue, sizeof(ckTrue) }, { CKA_TOKEN, &ckTrue, sizeof(ckTrue) } }; printf("Generating a key pair...\n"); rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, hPublicKey, hPrivateKey); if (rv != CKR_OK) { printf("ERROR: Failed to generate a keypair. rv=%s\n", rv2string(rv)); return 1; } return 0; }