void SymmetricAlgorithmTests::testNullTemplate()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_SESSION_HANDLE hSession;
CK_MECHANISM mechanism1 = { CKM_DES3_KEY_GEN, NULL_PTR, 0 };
CK_MECHANISM mechanism2 = { CKM_AES_KEY_GEN, NULL_PTR, 0 };
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = C_Login(hSession, CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
rv = C_GenerateKey(hSession, &mechanism1, NULL_PTR, 0, &hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_DestroyObject(hSession, hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_GenerateKey(hSession, &mechanism2, NULL_PTR, 0, &hKey);
CPPUNIT_ASSERT(rv == CKR_TEMPLATE_INCOMPLETE);
}
CK_RV DeriveTests::generateDes2Key(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey)
{
CK_MECHANISM mechanism = { CKM_DES2_KEY_GEN, NULL_PTR, 0 };
// CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_ATTRIBUTE keyAttribs[] = {
{ CKA_TOKEN, &bToken, sizeof(bToken) },
{ CKA_PRIVATE, &bPrivate, sizeof(bPrivate) },
{ CKA_SENSITIVE, &bTrue, sizeof(bTrue) },
{ CKA_DERIVE, &bTrue, sizeof(bTrue) }
};
hKey = CK_INVALID_HANDLE;
return CRYPTOKI_F_PTR( C_GenerateKey(hSession, &mechanism,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hKey) );
}
CK_RV SymmetricAlgorithmTests::generateDes3Key(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey)
{
CK_MECHANISM mechanism = { CKM_DES3_KEY_GEN, NULL_PTR, 0 };
// CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_ATTRIBUTE keyAttribs[] = {
{ CKA_TOKEN, &bToken, sizeof(bToken) },
{ CKA_PRIVATE, &bPrivate, sizeof(bPrivate) },
{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
};
hKey = CK_INVALID_HANDLE;
return C_GenerateKey(hSession, &mechanism,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hKey);
}
void SymmetricAlgorithmTests::testNonModifiableDesKeyGeneration()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_SESSION_HANDLE hSession;
CK_MECHANISM mechanism = { CKM_DES3_KEY_GEN, NULL_PTR, 0 };
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_BBOOL bToken = IN_SESSION;
CK_ATTRIBUTE keyAttribs[] =
{
{ CKA_TOKEN, &bToken, sizeof(bToken) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_MODIFIABLE, &bTrue, sizeof(bTrue) },
{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_WRAP, &bTrue, sizeof(bTrue) }
};
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = C_Login(hSession, CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_DestroyObject(hSession, hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
// The C_GenerateKey call failed if CKA_MODIFIABLE was bFalse
// This was a bug in the SoftHSM implementation
keyAttribs[2].pValue = &bFalse;
keyAttribs[2].ulValueLen = sizeof(bFalse);
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs, sizeof(keyAttribs) / sizeof(CK_ATTRIBUTE),
&hKey);
// The call would fail with CKR_ATTRIBUTE_READ_ONLY
CPPUNIT_ASSERT(rv == CKR_OK);
// Now create a template where the CKA_MODIFIABLE attribute is last in the list
CK_ATTRIBUTE keyAttribs1[] =
{
{ CKA_TOKEN, &bToken, sizeof(bToken) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_WRAP, &bTrue, sizeof(bTrue) },
{ CKA_MODIFIABLE, &bTrue, sizeof(bTrue) }
};
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE),
&hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
// Now when CKA_MODIFIABLE is bFalse the key generation succeeds
keyAttribs1[2].pValue = &bFalse;
keyAttribs1[2].ulValueLen = sizeof(bFalse);
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE),
&hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
}
static CK_RV CreateSecretKeyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_CHAR *objLabel){
CK_RV rv = CKR_OK;
static CK_BBOOL ckTrue = TRUE;
static CK_BBOOL ckFalse = FALSE;
/*
* This is the mechanism used to generate a 3DES secret key. The fields
* of the structure are :
*
* CKM_DES3_KEY_GEN - Type of the mechanism. This informs the cryptoki
* library that we want to create a 3DES key.
* NULL - This field is the parameter field. Some mechanisms
* require certain parameters to perform their
* functions. CKM_DES3_KEY_GEN does not require a
* parameter, hence the NULL value.
* 0 - This field is the parameter length field. Since
* this mechanism type does not require a parameter,
* 0 is passed in as the length.
*/
static CK_MECHANISM mechanism = {CKM_DES3_KEY_GEN, NULL, 0};
/*
* This is the attribute template, which lays out some of the attributes the
* object will have when it is created. The object will also contain other
* attributes, which are populated with default values.
* The attributes in the template are :
*
* CKA_LABEL - Points to a char array containing what will be the label
* of the key object.
*
* CKA_TOKEN - Points to a CK_BBOOL variable containing the value TRUE.
* This object, therefore will be a token object, which
* means it will persist on the token between sessions.
*
* CKA_ENCRYPT - Points to a CK_BBOOL variable containing the value TRUE.
* This key, therefore will be able to encrypt data.
*
* CKA_DECRYPT - Points to a CK_BBOOL variable containing the value TRUE.
* This key, therefore will be able to decrypt data.
*
* CKA_SIGN - Points to a CK_BBOOL variable containing the value TRUE.
* This key, therefore will be able to sign data.
*
* CKA_VERIFY - Points to a CK_BBOOL variable containing the value TRUE.
* This key, therefore will be able to verify signatures.
*
* Other attributes are explicitly set to FALSE to ensure that they are
* not set to TRUE by default.
*
* The CKA_KEY_TYPE attribute is not set, since it is implied by the
* mechanism. The same goes for the CKA_CLASS attribute.
*/
CK_ATTRIBUTE objectTemplate[] =
{
{CKA_LABEL, NULL, 0},
{CKA_TOKEN, &ckTrue, sizeof(CK_BBOOL)},
{CKA_ENCRYPT, &ckTrue, sizeof(CK_BBOOL)},
{CKA_DECRYPT, &ckTrue, sizeof(CK_BBOOL)},
{CKA_SIGN, &ckTrue, sizeof(CK_BBOOL)},
{CKA_VERIFY, &ckTrue, sizeof(CK_BBOOL)},
{CKA_EXPORT, &ckFalse, sizeof(CK_BBOOL)},
{CKA_IMPORT, &ckFalse, sizeof(CK_BBOOL)},
{CKA_WRAP, &ckFalse, sizeof(CK_BBOOL)},
{CKA_UNWRAP, &ckFalse, sizeof(CK_BBOOL)},
{CKA_EXPORTABLE, &ckFalse, sizeof(CK_BBOOL)},
{CKA_EXTRACTABLE, &ckFalse, sizeof(CK_BBOOL)},
{CKA_MODIFIABLE, &ckFalse, sizeof(CK_BBOOL)},
{CKA_SENSITIVE, &ckFalse, sizeof(CK_BBOOL)},
{CKA_DERIVE, &ckFalse, sizeof(CK_BBOOL)},
};
CK_SIZE objectSize = sizeof(objectTemplate) / sizeof(CK_ATTRIBUTE);
CK_ATTRIBUTE* pAttr = NULL;
/* Fill in the public key label */
pAttr = FindAttribute(CKA_LABEL, objectTemplate, objectSize);
pAttr->pValue = objLabel;
pAttr->ulValueLen = (CK_ULONG)strlen((char*)objLabel);
rv = C_GenerateKey(hSession, &mechanism, objectTemplate, objectSize, phObject);
CHECK_CK_RV_GOTO(rv, "C_GenerateKey", end);
end:
return rv;
}