Example #1
0
CK_RV Login()
{
    char *s;
    s = getpass("You must input user pin before login:"******"\nCan't use your pin login to Token ,Error code 0x%08X\n", rv);
        return rv;
    }
    else
    {
        printf("Success Login to Token\n");
        return rv;
    }
}
void SymmetricAlgorithmTests::setUp()
{
//    printf("\nObjectTests\n");

	setenv("SOFTHSM2_CONF", "./softhsm2.conf", 1);

	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
	CK_ULONG sopinLength = sizeof(sopin) - 1;
	CK_SESSION_HANDLE hSession;

	CK_UTF8CHAR label[32];
	memset(label, ' ', 32);
	memcpy(label, "token1", strlen("token1"));

	// (Re)initialize the token
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = C_InitToken(SLOT_INIT_TOKEN, sopin,sopinLength, label);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login SO
	rv = C_Login(hSession,CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Initialize the user pin
	rv = C_InitPIN(hSession, pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);
}
void SymmetricAlgorithmTests::testDesEncryptDecrypt()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	// CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
	// CK_ULONG sopinLength = sizeof(sopin) - 1;
	CK_SESSION_HANDLE hSessionRO;
	CK_SESSION_HANDLE hSessionRW;

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Open read-only session on when the token is not initialized should fail
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	// Initialize the library and start the test.
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-only session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = C_Login(hSessionRO,CKU_USER,pin,pinLength);
	CPPUNIT_ASSERT(rv==CKR_OK);

	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;

	// Generate all combinations of session/token keys.
	rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	desEncryptDecrypt(CKM_DES_ECB,hSessionRO,hKey);
	desEncryptDecrypt(CKM_DES_CBC,hSessionRO,hKey);

	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;

	// Generate all combinations of session/token keys.
	rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
	CPPUNIT_ASSERT(rv == CKR_OK);

	des3EncryptDecrypt(CKM_DES3_ECB,hSessionRO,hKey2);
	des3EncryptDecrypt(CKM_DES3_CBC,hSessionRO,hKey2);

	CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;

	// Generate all combinations of session/token keys.
	rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
	CPPUNIT_ASSERT(rv == CKR_OK);

	des3EncryptDecrypt(CKM_DES3_ECB,hSessionRO,hKey3);
	des3EncryptDecrypt(CKM_DES3_CBC,hSessionRO,hKey3);
}
void SymmetricAlgorithmTests::testAesWrapUnwrap()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	// CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
	// CK_ULONG sopinLength = sizeof(sopin) - 1;
	CK_SESSION_HANDLE hSession;

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Initialize the library and start the test.
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the session so we can create a private object
	rv = C_Login(hSession,CKU_USER,pin,pinLength);
	CPPUNIT_ASSERT(rv==CKR_OK);

	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;

	// Generate a wrapping session public key
	rv = generateAesKey(hSession,IN_SESSION,IS_PUBLIC,hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	aesWrapUnwrap(CKM_AES_KEY_WRAP, hSession, hKey);
#ifdef HAVE_AES_KEY_WRAP_PAD
	aesWrapUnwrap(CKM_AES_KEY_WRAP_PAD, hSession, hKey);
#endif
}
Example #5
0
void UserTests::testLogout()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_SO1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	CK_SESSION_HANDLE hSession;

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	rv = C_Logout(hSession);
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession, CKU_SO, pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Logout(CK_INVALID_HANDLE);
	CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);

	rv = C_Logout(hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Logout(hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);
}
void SymmetricAlgorithmTests::testNullTemplate()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	CK_SESSION_HANDLE hSession;
	CK_MECHANISM mechanism1 = { CKM_DES3_KEY_GEN, NULL_PTR, 0 };
	CK_MECHANISM mechanism2 = { CKM_AES_KEY_GEN, NULL_PTR, 0 };
	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Initialize the library and start the test.
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = C_Login(hSession, CKU_USER, pin, pinLength);
	CPPUNIT_ASSERT(rv==CKR_OK);

	rv = C_GenerateKey(hSession, &mechanism1, NULL_PTR, 0, &hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_DestroyObject(hSession, hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_GenerateKey(hSession, &mechanism2, NULL_PTR, 0, &hKey);
	CPPUNIT_ASSERT(rv == CKR_TEMPLATE_INCOMPLETE);
}
int open_session_and_login()
{
	CK_RV rv = CKR_OK;

	rv = C_Initialize(NULL_PTR);
	if (CKR_OK != rv)
		return EXIT_FAILURE;

	rv = C_OpenSession(FEPKCS11_APP0_TOKEN_SLOT_ID,
			   CKF_RW_SESSION | CKF_SERIAL_SESSION,
			   NULL,
			   NULL,
			   &hSession);
	if (CKR_OK != rv) {
		C_Finalize(NULL_PTR);
		return EXIT_FAILURE;
	}

	rv = C_Login(hSession, CKU_USER, NULL_PTR, 0);
	if (CKR_OK != rv) {
		C_CloseSession(hSession);
		C_Finalize(NULL_PTR);
		return EXIT_FAILURE;
	}

	return EXIT_SUCCESS;
}
Example #8
0
CK_RV RunC_Login(
				 CK_SESSION_HANDLE	hSession,	// the session's handle
				 CK_USER_TYPE		userType,	// the user type
				 CK_CHAR_PTR			pPin,	// the user's PIN
				 CK_ULONG			ulPinLen	// the length of the PIN)
				)
{
	//convert ANSI to UTF8
	CK_ULONG ulPinUtf8_length = 0;
	char *pszPinUtf8 = NULL;
	
	if(ulPinLen > 0)
	{
		ulPinUtf8_length = AppStringToUtf8String((const char *)pPin,ulPinLen, NULL);
		if(ulPinUtf8_length > 0)
		{
			pszPinUtf8 = new char[ulPinUtf8_length+1];
			memset(pszPinUtf8, 0x00, ulPinUtf8_length+1);
			AppStringToUtf8String((const char *)pPin,ulPinLen,  pszPinUtf8);	
		}
	}
	//end convert
	CK_RV rv = C_Login(hSession, userType, (unsigned char *)pszPinUtf8, ulPinUtf8_length);
	if (CKR_USER_ALREADY_LOGGED_IN == rv)
		rv = CKR_OK;
	
	if(pszPinUtf8 != NULL)
	{
		delete[] pszPinUtf8;
		pszPinUtf8 = NULL;
	}
	return rv;
}
Example #9
0
void
login(CK_SESSION_HANDLE session, CK_BYTE *pin) {
    CK_RV rv;
    if (pin) {
        rv = C_Login(session, CKU_USER, pin, strlen((char *) pin));
        check_return_value(rv, "log in");
    }
}
Example #10
0
void CPKCSDemoDlg::OnBtnKeypairgen() 
{
	StartOP();

	CK_TOKEN_INFO tokenInfo = {0};
	CK_RV rv = C_GetTokenInfo(m_pSlotList[0], &tokenInfo);
	if (CKR_OK != rv)
	{
		ShowMsg(NEWLINE"Can not get token information!"NEWLINE);
		return;
	}

	DlgUserPIN* dlgUserPIN = new DlgUserPIN;
	dlgUserPIN->DoModal();
	delete dlgUserPIN;
	if("" == g_strUserPIN)
	{
		ShowMsg(NEWLINE"You should enter User PIN before generating RSA Key pair!"NEWLINE);
		return;
	}

	CK_ULONG ulPIN = g_strUserPIN.GetLength();
	CK_BYTE_PTR pPIN = (CK_BYTE_PTR)g_strUserPIN.GetBuffer(ulPIN);

	::SetCursor(::LoadCursor(NULL, IDC_WAIT));
	rv = C_Login(m_hSession, CKU_USER, pPIN, ulPIN);

	if(CKR_OK != rv)
	{
		ShowErr(NEWLINE"Can't use your User PIN login to token ,ErrorCode: 0x%08X."NEWLINE, rv);
		return;
	}
	else
		ShowMsg(NEWLINE"Logging in to token Successfully!"NEWLINE);


	::SetCursor(::LoadCursor(NULL, IDC_WAIT));
	rv = C_GenerateKeyPair(
		m_hSession, &keyGenMechanism,
		pubTemplate, countof(pubTemplate),
		priTemplate, countof(priTemplate),
		&m_hPubKey, &m_hPriKey);
	if(CKR_OK != rv)
	{
		ShowErr(NEWLINE"Can't generate RSA key pair, ErrorCode: 0x%08X."NEWLINE, rv);
		return;
	}
	else
	{
		m_btnKeyPairGen.EnableWindow(FALSE);
		m_btnSign.EnableWindow(TRUE);
		m_btnEncrypt.EnableWindow(TRUE);
		ShowMsg(NEWLINE"Generate Key Pair Successfully!"NEWLINE);
		ShowMsg(NEWLINE"Now you can Sign, Verify, Encrypt and Decrypt by using the Key Pair!"NEWLINE);
		m_bKeyGen = TRUE;
	}
}
Example #11
0
/*
 * Authenticate a private the key operation if needed
 */
int pkcs11_authenticate(PKCS11_KEY *key)
{
	PKCS11_KEY_private *kpriv = PRIVKEY(key);
	PKCS11_TOKEN *token = KEY2TOKEN(key);
	PKCS11_SLOT *slot = TOKEN2SLOT(token);
	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
	PKCS11_CTX *ctx = SLOT2CTX(slot);
	char pin[MAX_PIN_LENGTH+1];
	UI *ui;
	int rv;

	/* Handle CKF_PROTECTED_AUTHENTICATION_PATH */
	if (token->secureLogin) {
		rv = CRYPTOKI_call(ctx,
			C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, NULL, 0));
		return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
	}

	/* Call UI to ask for a PIN */
	ui = UI_new_method(kpriv->ui_method);
	if (ui == NULL)
		return PKCS11_UI_FAILED;
	if (kpriv->ui_user_data != NULL)
		UI_add_user_data(ui, kpriv->ui_user_data);
	memset(pin, 0, MAX_PIN_LENGTH+1);
	if (!UI_add_input_string(ui, "PKCS#11 key PIN: ",
			UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) {
		UI_free(ui);
		return PKCS11_UI_FAILED;
	}
	if (UI_process(ui)) {
		UI_free(ui);
		return PKCS11_UI_FAILED;
	}
	UI_free(ui);

	/* Login with the PIN */
	rv = CRYPTOKI_call(ctx,
		C_Login(spriv->session, CKU_CONTEXT_SPECIFIC,
			(CK_UTF8CHAR *)pin, strlen(pin)));
	OPENSSL_cleanse(pin, MAX_PIN_LENGTH+1);
	return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
}
Example #12
0
static void crypto_token_login(CK_SESSION_HANDLE_PTR phSession)
{
	CK_RV rv = CKR_OK;

	rv = C_Initialize(NULL_PTR);
	assert(rv == CKR_OK);

	rv = C_OpenSession(FEPKCS11_APP0_TOKEN_SLOT_ID,
		    CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, phSession);
	assert(rv == CKR_OK);

	rv = C_Login(*phSession, CKU_USER, NULL_PTR, 0);
	assert(rv == CKR_OK);
}
Example #13
0
void TestsBase::setUp() {
	TestsNoPINInitBase::setUp();

	CK_SESSION_HANDLE hSession;

	// Open session
	CPPUNIT_ASSERT( CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession)==CKR_OK ) );

	// Login SO
	CPPUNIT_ASSERT( CRYPTOKI_F_PTR( C_Login(hSession,CKU_SO, m_soPin1, m_soPin1Length)==CKR_OK ) );

	// Initialize the user pin
	CPPUNIT_ASSERT( CRYPTOKI_F_PTR( C_InitPIN(hSession, m_userPin1, m_userPin1Length)==CKR_OK ) );
}
Example #14
0
/*
 * Authenticate with the card. relogin should be set if we automatically
 * relogin after a fork.
 */
static
int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin)
{
	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
	PKCS11_CTX *ctx = priv->parent;
	int rv;

	if (relogin == 0) {
		CHECK_SLOT_FORK(slot);

		/* Calling PKCS11_login invalidates all cached
		 * keys we have */
		if (slot->token) {
			pkcs11_destroy_keys(slot->token, CKO_PRIVATE_KEY);
			pkcs11_destroy_keys(slot->token, CKO_PUBLIC_KEY);
		}
		if (priv->loggedIn) {
			/* already logged in, log out first */
			if (PKCS11_logout(slot))
				return -1;
		}
	}
	if (!priv->haveSession) {
		/* SO gets a r/w session by default,
		 * user gets a r/o session by default. */
		if (pkcs11_open_session(slot, so, relogin))
			return -1;
	}

	rv = CRYPTOKI_call(ctx,
		C_Login(priv->session, so ? CKU_SO : CKU_USER,
			(CK_UTF8CHAR *) pin, pin ? strlen(pin) : 0));
	if (rv && rv != CKR_USER_ALREADY_LOGGED_IN)  /* logged in -> OK   */
		CRYPTOKI_checkerr(PKCS11_F_PKCS11_LOGIN, rv);
	priv->loggedIn = 1;

	if (priv->prev_pin != pin) {
		if (priv->prev_pin) {
			OPENSSL_cleanse(priv->prev_pin, strlen(priv->prev_pin));
			OPENSSL_free(priv->prev_pin);
		}
		priv->prev_pin = BUF_strdup(pin);
	}
	priv->prev_so = so;
	return 0;
}
void EncryptDecryptTests::testRsaEncryptDecrypt()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
	CK_ULONG sopinLength = sizeof(sopin) - 1;
	CK_SESSION_HANDLE hSessionRO;
	CK_SESSION_HANDLE hSessionRW;

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Open read-only session on when the token is not initialized should fail
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	// Initialize the library and start the test.
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-only session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = C_Login(hSessionRO,CKU_USER,pin,pinLength);
	CPPUNIT_ASSERT(rv==CKR_OK);

	CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;

	// Generate all combinations of session/token public/private key pairs.
	rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPublicKey,hPrivateKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rsaEncryptDecrypt(CKM_RSA_PKCS,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_X_509,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_PKCS_OAEP,hSessionRO,hPublicKey,hPrivateKey);
}
void AsymEncryptDecryptTests::testRsaEncryptDecrypt()
{
	CK_RV rv;
	CK_SESSION_HANDLE hSessionRO;
	CK_SESSION_HANDLE hSessionRW;

	// Just make sure that we finalize any previous tests
	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );

	// Open read-only session on when the token is not initialized should fail
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	// Initialize the library and start the test.
	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-only session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
	CPPUNIT_ASSERT(rv==CKR_OK);

	CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;

	// Generate all combinations of session/token public/private key pairs.
	rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPublicKey,hPrivateKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rsaOAEPParams(hSessionRO,hPublicKey);
	rsaEncryptDecrypt(CKM_RSA_PKCS,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_X_509,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_PKCS_OAEP,hSessionRO,hPublicKey,hPrivateKey);
}
void SymmetricAlgorithmTests::testNonModifiableDesKeyGeneration()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	CK_SESSION_HANDLE hSession;
	CK_MECHANISM mechanism = { CKM_DES3_KEY_GEN, NULL_PTR, 0 };
	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
	CK_BBOOL bFalse = CK_FALSE;
	CK_BBOOL bTrue = CK_TRUE;
	CK_BBOOL bToken = IN_SESSION;

	CK_ATTRIBUTE keyAttribs[] =
		{
		{ CKA_TOKEN, &bToken, sizeof(bToken) },
		{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
		{ CKA_MODIFIABLE, &bTrue, sizeof(bTrue) },
		{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
		{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
		{ CKA_WRAP, &bTrue, sizeof(bTrue) }
	};

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Initialize the library and start the test.
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = C_Login(hSession, CKU_USER, pin, pinLength);
	CPPUNIT_ASSERT(rv==CKR_OK);

	rv = C_GenerateKey(hSession, &mechanism,
		keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
		&hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_DestroyObject(hSession, hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// The C_GenerateKey call failed if CKA_MODIFIABLE was bFalse
	// This was a bug in the SoftHSM implementation
	keyAttribs[2].pValue = &bFalse;
	keyAttribs[2].ulValueLen = sizeof(bFalse);

	rv = C_GenerateKey(hSession, &mechanism,
		keyAttribs, sizeof(keyAttribs) / sizeof(CK_ATTRIBUTE),
		&hKey);
	// The call would fail with CKR_ATTRIBUTE_READ_ONLY
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Now create a template where the CKA_MODIFIABLE attribute is last in the list
	CK_ATTRIBUTE keyAttribs1[] =
	{
		{ CKA_TOKEN, &bToken, sizeof(bToken) },
		{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
		{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
		{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
		{ CKA_WRAP, &bTrue, sizeof(bTrue) },
		{ CKA_MODIFIABLE, &bTrue, sizeof(bTrue) }
	};

	rv = C_GenerateKey(hSession, &mechanism,
		keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE),
		&hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Now when CKA_MODIFIABLE is bFalse the key generation succeeds
	keyAttribs1[2].pValue = &bFalse;
	keyAttribs1[2].ulValueLen = sizeof(bFalse);

	rv = C_GenerateKey(hSession, &mechanism,
		keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE),
		&hKey);
	CPPUNIT_ASSERT(rv == CKR_OK);
}
Example #18
0
void UserTests::testLogin()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
	CK_ULONG sopinLength = sizeof(sopin) - 1;
	CK_SESSION_HANDLE hSession[2];

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Set up user PIN
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession[0]);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_USER_PIN_NOT_INITIALIZED);
	rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = C_InitPIN(hSession[0], pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);
	C_Finalize(NULL_PTR);

	rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession[0]);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(CK_INVALID_HANDLE, CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);

	rv = C_Login(hSession[0], CKU_SO, NULL_PTR, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);

	rv = C_Login(hSession[0], CKU_SO, sopin, 0);
	CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);

	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession[1]);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY_EXISTS);

	rv = C_CloseSession(hSession[1]);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_USER_ANOTHER_ALREADY_LOGGED_IN);

	rv = C_Logout(hSession[0]);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
	CPPUNIT_ASSERT(rv == CKR_USER_ALREADY_LOGGED_IN);

	rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_USER_ANOTHER_ALREADY_LOGGED_IN);

	rv = C_Logout(hSession[0]);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession[0], CKU_USER, pin, pinLength - 1);
	CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);

	rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
	CPPUNIT_ASSERT(rv == CKR_USER_ALREADY_LOGGED_IN);
}
Example #19
0
void UserTests::testSetPIN()
{
	CK_RV rv;
	CK_UTF8CHAR pin1[] = SLOT_0_USER1_PIN;
	CK_ULONG pin1Length = sizeof(pin1) - 1;
	CK_UTF8CHAR pin2[] = SLOT_0_USER2_PIN;
	CK_ULONG pin2Length = sizeof(pin2) - 1;
	CK_UTF8CHAR so1pin[] = SLOT_0_SO1_PIN;
	CK_ULONG so1pinLength = sizeof(so1pin) - 1;
	CK_UTF8CHAR so2pin[] = SLOT_0_SO2_PIN;
	CK_ULONG so2pinLength = sizeof(so2pin) - 1;
	CK_SESSION_HANDLE hSession;

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Set up user PIN
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = C_Login(hSession, CKU_SO, so1pin, so1pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = C_InitPIN(hSession, pin1, pin1Length);
	CPPUNIT_ASSERT(rv == CKR_OK);
	C_Finalize(NULL_PTR);

	rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_SetPIN(CK_INVALID_HANDLE, pin1, pin1Length, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);

	rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);

	rv = C_CloseSession(hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_SetPIN(hSession, NULL_PTR, pin1Length, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);

	rv = C_SetPIN(hSession, pin1, pin1Length, NULL_PTR, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);

	rv = C_SetPIN(hSession, pin1, pin1Length, pin2, 0);
	CPPUNIT_ASSERT(rv == CKR_PIN_LEN_RANGE);

	rv = C_SetPIN(hSession, pin2, pin2Length, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);

	rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession, CKU_USER, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
	CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);

	rv = C_SetPIN(hSession, pin2, pin2Length, pin1, pin1Length);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession, CKU_SO, so1pin, so1pinLength);
	CPPUNIT_ASSERT(rv == CKR_USER_ANOTHER_ALREADY_LOGGED_IN);

	rv = C_Logout(hSession);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_Login(hSession, CKU_SO, so1pin, so1pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_SetPIN(hSession, so2pin, so2pinLength, so2pin, so2pinLength);
	CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);

	rv = C_SetPIN(hSession, so1pin, so1pinLength, so2pin, so2pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rv = C_SetPIN(hSession, so1pin, so1pinLength, so1pin, so1pinLength);
	CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);

	rv = C_SetPIN(hSession, so2pin, so2pinLength, so1pin, so1pinLength);
	CPPUNIT_ASSERT(rv == CKR_OK);
}
Example #20
0
int main(int argc, char const *argv[]){
	CK_RV rv = CKR_OK;
	CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
	CK_SLOT_ID slotId = 0;
	FILE *file;
	FILE *file_out;
	
	char * key_name;
	char command;

	if (argc !=3) {
		printf("Wrong arguments\n");
		printf("Usage:\n");
		printf("\t%s <command> <key name>\n", argv[0]);
		printf("\t\te - encode\n\t\td - decode\n\n");
		return 1;
	}

	/* read the command and key name arguments from the command line */
	command = argv[1][0];
	key_name = argv[2];

	/* Initialise the cryptoki API */
	printf( "Initializing Cryptoki API ... " );
    rv = C_Initialize(NULL);
    CHECK_CK_RV_GOTO(rv, "C_Initialize", end);
	printf( "OK\n" );

	/* Obtain a session so we can perform cryptoki operations */
	printf( "Obtaining a session ... " );
    rv = C_OpenSession(slotId, CKF_RW_SESSION, NULL, NULL, &hSession);
    CHECK_CK_RV_GOTO(rv, "C_OpenSession", end);
	printf( "OK\n" );

	printf("Using key: %s\n", key_name);

    /* Login as a user with a PIN */
	printf( "Logining as a user with a PIN ... " );
	rv = C_Login(hSession, CKU_USER, (CK_CHAR_PTR)USERPIN, (CK_SIZE) strlen((char*)USERPIN));
	CHECK_CK_RV_GOTO(rv, "C_Login as User", end);
	printf( "OK\n" );

	printf("Creating 3DES secret key ... ");
	rv = CreateSecretKeyObject(hSession, &hKey, key_name);
	CHECK_CK_RV_GOTO(rv, "CreateSecretKeyObject", end);
	printf("OK\n");

	printf("Finding 3DES key ... ");
	rv = findObject(hSession, CKO_SECRET_KEY, key_name, &hKey);
	CHECK_CK_RV_GOTO(rv, "findObject", end);
	printf("OK\n");
		
	switch(command) {
		
		case 'e':
			printf("Opening file... ");
			file = fopen("input.txt", "rb");
			if (!file) {
				printf("file not found\n");
				return 1;
			} else {
				file_out = fopen("output.txt", "wb");
				printf("ok\n");
			}
			
			printf("Encrypting file with 3DES ... ");
			rv = encryptDataLoop(file, file_out, hSession, hKey);
			CHECK_CK_RV_GOTO(rv, "encryptDataLoop", end);
			printf("OK\n");

			fclose(file);
			fclose(file_out);
			break;
		
		case 'd':
			printf("Opening file... ");
			file = fopen("output.txt", "rb");
			if (!file) {
				printf("file not found\n");
				return 1;
			} else {
				file_out = fopen("output2.txt", "wb");
				printf("ok\n");
			}

			printf("Decrypting file with 3DES ... ");
			rv = decryptDataLoop(file, file_out, hSession, hKey);
			CHECK_CK_RV_GOTO(rv, "decryptDataLoop", end);
			printf("OK\n");

			fclose(file);
			fclose(file_out);
			break;

		default:
			printf("Unknown command: %s\n", argv[1]);
	}

	/** Destroying the 3DES key */
	printf("Destrying the 3DES key ... ");
	rv = C_DestroyObject(hSession, hKey);
	CHECK_CK_RV_GOTO(rv, "DestroyObject", end);
	printf("OK\n");

	/* We've finished our work, close the session */
	printf( "Closing the session ... " );
    rv = C_CloseSession(hSession);
    CHECK_CK_RV_GOTO(rv, "C_CloseSession", end);
	printf("OK\n");

    /* We no longer need the cryptoki API ... */
	printf( "Finilizing the cryptoki ... " );
    rv = C_Finalize(NULL);
    CHECK_CK_RV_GOTO(rv, "C_Finalize", end);
	printf("OK\n");

	end:
    if (rv != CKR_OK)
    {
        fprintf(stderr,
                "Error performing create key operation : 0x%lx\n",
                rv);
        /* Clean up... we don't care if there are any errors.
         */
        if (hSession != CK_INVALID_HANDLE) C_CloseSession(hSession);
        C_Finalize(NULL);
    }
    return rv;
}
Example #21
0
void DeriveTests::testSymDerive()
{
	CK_RV rv;
	CK_SESSION_HANDLE hSessionRO;
	CK_SESSION_HANDLE hSessionRW;

	// Just make sure that we finalize any previous tests
	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );

	// Open read-only session on when the token is not initialized should fail
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	// Initialize the library and start the test.
	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-only session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create private objects
	rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Generate base key
#ifndef WITH_FIPS
        CK_OBJECT_HANDLE hKeyDes = CK_INVALID_HANDLE;
#endif
        CK_OBJECT_HANDLE hKeyDes2 = CK_INVALID_HANDLE;
        CK_OBJECT_HANDLE hKeyDes3 = CK_INVALID_HANDLE;
        CK_OBJECT_HANDLE hKeyAes = CK_INVALID_HANDLE;
#ifndef WITH_FIPS
        rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes);
        CPPUNIT_ASSERT(rv == CKR_OK);
#endif
        rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes2);
        CPPUNIT_ASSERT(rv == CKR_OK);
        rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes3);
        CPPUNIT_ASSERT(rv == CKR_OK);
        rv = generateAesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyAes);
        CPPUNIT_ASSERT(rv == CKR_OK);

	// Derive keys
	CK_OBJECT_HANDLE hDerive = CK_INVALID_HANDLE;
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_AES);
#endif
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES);
#endif
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_AES);
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES);
#endif
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_AES);
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES);
#endif
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_AES);
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_AES);
#endif
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES);
#endif
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_AES);
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES);
#endif
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_AES);
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES);
#endif
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES2);
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES3);
	symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_AES);
}
Example #22
0
void DeriveTests::testEcdhDerive()
{
	CK_RV rv;
	CK_SESSION_HANDLE hSessionRO;
	CK_SESSION_HANDLE hSessionRW;

	// Just make sure that we finalize any previous tests
	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );

	// Open read-only session on when the token is not initialized should fail
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	// Initialize the library and start the test.
	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-only session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Public Session keys
	CK_OBJECT_HANDLE hPuk1 = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hPrk1 = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hPuk2 = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hPrk2 = CK_INVALID_HANDLE;

	rv = generateEcKeyPair("P-256",hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPuk1,hPrk1);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = generateEcKeyPair("P-256",hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPuk2,hPrk2);
	CPPUNIT_ASSERT(rv == CKR_OK);
	CK_OBJECT_HANDLE hKey1 = CK_INVALID_HANDLE;
	ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
	CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
	ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
	CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));

	// Private Session Keys
	rv = generateEcKeyPair("P-384",hSessionRW,IN_SESSION,IS_PRIVATE,IN_SESSION,IS_PRIVATE,hPuk1,hPrk1);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = generateEcKeyPair("P-384",hSessionRW,IN_SESSION,IS_PRIVATE,IN_SESSION,IS_PRIVATE,hPuk2,hPrk2);
	CPPUNIT_ASSERT(rv == CKR_OK);
	ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
	ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
	CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));

	// Public Token Keys
	rv = generateEcKeyPair("P-521",hSessionRW,ON_TOKEN,IS_PUBLIC,ON_TOKEN,IS_PUBLIC,hPuk1,hPrk1);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = generateEcKeyPair("P-521",hSessionRW,ON_TOKEN,IS_PUBLIC,ON_TOKEN,IS_PUBLIC,hPuk2,hPrk2);
	CPPUNIT_ASSERT(rv == CKR_OK);
	ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
	ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
	CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));

	// Private Token Keys
	rv = generateEcKeyPair("P-256",hSessionRW,ON_TOKEN,IS_PRIVATE,ON_TOKEN,IS_PRIVATE,hPuk1,hPrk1);
	CPPUNIT_ASSERT(rv == CKR_OK);
	rv = generateEcKeyPair("P-256",hSessionRW,ON_TOKEN,IS_PRIVATE,ON_TOKEN,IS_PRIVATE,hPuk2,hPrk2);
	CPPUNIT_ASSERT(rv == CKR_OK);
	ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
	ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
	CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));
}
Example #23
0
void ECCSpeedTest()
{
	CK_RV rv = 0;
	CK_SLOT_ID SlotId = 0;
	CK_SESSION_HANDLE hSession = 0;
	CK_OBJECT_HANDLE hECCPubKey = 0;
	CK_OBJECT_HANDLE hECCPriKey = 0;
	CK_BBOOL isTrue = FALSE;
	CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
	CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
	CK_BYTE Id[] = "MY_ECC_KEY";
	
	CK_ATTRIBUTE ECCPubKey[] = {
		{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
		{CKA_ID, &Id, strlen(Id)},
		{CKA_TOKEN, &isTrue, sizeof(isTrue)}
	};
	
	CK_ATTRIBUTE ECCPriKey[] = {
		{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
		{CKA_ID, &Id, strlen(Id)},
		{CKA_TOKEN, &isTrue, sizeof(isTrue)}
	};
	
	CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
	CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
	CK_BYTE indata[160] = {0x00};
	CK_BYTE outdata[300] = {0x00};
	CK_BYTE temp[300] = {0x00};
	CK_ULONG outlength = 0;
	CK_ULONG templength = 0;
	CK_ULONG i = 0;

	LARGE_INTEGER Frequency;
	LARGE_INTEGER StartNum;
	LARGE_INTEGER EndNum;
	double Second;

	memset(indata, 0x42, 111);
	memset(outdata, 0x00, 300);
	memset(temp, 0x00, 300);

	rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
	C_Login(hSession, CKU_SO, "11111111", 8);
#endif
	QueryPerformanceFrequency(&Frequency);
	QueryPerformanceCounter(&StartNum);
	for (i=0; i<LOOPTIMES; i++)
	{
		C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
	}
	QueryPerformanceCounter(&EndNum);
	Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart);
	printf("Generate ECC Key Time is: %03f s\n", Second/LOOPTIMES);
	
	QueryPerformanceCounter(&StartNum);
	for (i=0; i<LOOPTIMES; i++)
	{
		C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
		C_Encrypt(hSession, indata, 111, outdata, &outlength);
		C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
		C_Decrypt(hSession, outdata, outlength, temp, &templength);
	}
	QueryPerformanceCounter(&EndNum);
	Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart);
	printf("ECC Encrypt and Decrypt Time is: %03f s\n", Second/LOOPTIMES);
#ifdef DEVICE_KEY
	C_Logout(hSession);
#endif
	C_CloseSession(hSession);

}
Example #24
0
FLAG ECCTest_out()
{
	CK_RV rv = 0;
	CK_SLOT_ID SlotId = 0;
	CK_SESSION_HANDLE hSession = 0;
	CK_OBJECT_HANDLE hECCPubKey = 0;
	CK_OBJECT_HANDLE hECCPriKey = 0;
	CK_BBOOL isTrue = TRUE;
	CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
	CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
	CK_BYTE Id[] = "MY_ECC_KEY";

	CK_ATTRIBUTE ECCPubKey[] = {
		{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
		{CKA_ID, &Id, strlen(Id)},
		{CKA_TOKEN, &isTrue, sizeof(isTrue)}
								};

	CK_ATTRIBUTE ECCPriKey[] = {
		{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
		{CKA_ID, &Id, strlen(Id)},
		{CKA_TOKEN, &isTrue, sizeof(isTrue)}
								};

	CK_ATTRIBUTE CreateECCPubKey[] = {
		{CKA_CLASS, NULL_PTR, 0},
		{CKA_MODULUS_BITS, NULL_PTR, 0},
		{CKA_ID, NULL_PTR, 0},
		{CKA_EC_POINT, NULL_PTR, 0}
								};

	CK_ATTRIBUTE CreateECCPriKey[] = {
		{CKA_CLASS, NULL_PTR, 0},
		{CKA_ID, NULL_PTR, 0},
		{CKA_MODULUS_BITS, NULL_PTR, 0},
		{CKA_VALUE, NULL_PTR, 0}
								};
	
	CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
	CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
	CK_BYTE indata[160] = {0x00};
	CK_BYTE outdata[300] = {0x00};
	CK_BYTE temp[300] = {0x00};
	CK_ULONG outlength = 0;
	CK_ULONG templength = 0;

	printf("ECC Outside Encrypt and Decrypt!\n");
	rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
	C_Login(hSession, CKU_SO, "11111111", 8);
#endif
	rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
	rv = C_CloseSession(hSession);

	rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
	C_Login(hSession, CKU_SO, "11111111", 8);
#endif
	rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
	if (rv == 0)
	{
		CreateECCPubKey[0].pValue = malloc(CreateECCPubKey[0].ulValueLen);
		if (CreateECCPubKey[0].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			return -1;
		}
		CreateECCPubKey[1].pValue = malloc(CreateECCPubKey[1].ulValueLen);
		if (CreateECCPubKey[1].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPubKey, 1);
			return -1;
		}
		CreateECCPubKey[2].pValue = malloc(CreateECCPubKey[2].ulValueLen);
		if (CreateECCPubKey[2].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPubKey, 2);
			return -1;
		}
		CreateECCPubKey[3].pValue = malloc(CreateECCPubKey[3].ulValueLen);
		if (CreateECCPubKey[3].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPubKey, 3);
			return -1;
		}
		rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
		rv = C_DestroyObject(hSession, hECCPubKey);
		rv = C_CreateObject(hSession, CreateECCPubKey, 4, &hECCPubKey);
	}
	FreeAttribute(CreateECCPubKey, 4);

	memset(indata, 0x33, 110);
	memset(outdata, 0x00, 300);
	memset(temp, 0x00, 300);
	
	rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
	rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);

	rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
	if (rv == 0)
	{
		CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
		if (CreateECCPriKey[0].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			return -1;
		}
		CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
		if (CreateECCPriKey[1].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPriKey, 1);
			return -1;
		}
	
		CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
		if (CreateECCPriKey[2].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPriKey, 2);
			return -1;
		}
		CreateECCPriKey[3].pValue = malloc(CreateECCPriKey[3].ulValueLen);
		if (CreateECCPriKey[3].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPriKey, 3);
			return -1;
		}
		rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
		rv = C_DestroyObject(hSession, hECCPriKey);
		rv = C_CreateObject(hSession, CreateECCPriKey, 4, &hECCPriKey);
	}
	FreeAttribute(CreateECCPriKey, 4);

	rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
	rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
#ifdef DEVICE_KEY
	C_Logout(hSession);
#endif
	rv = C_CloseSession(hSession);

	if (memcmp(indata, temp, 110) == 0 && templength == 110)
	{
		printf("OK ECC OUT!\n");
	}
	else
	{
		printf("ERROR ECC OUT!\n");
	}
	return 0;
}
Example #25
0
FLAG ECCTest_in()
{
	CK_RV rv = 0;
	CK_SLOT_ID SlotId = 0;
	CK_SESSION_HANDLE hSession = 0;
	CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
	CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
	CK_BYTE ECCPubLabel[] = "ECC_PUBLIC_KEY_7";
	CK_BYTE ECCPriLabel[] = "ECC_PRIVATE_KEY_7";
	CK_BBOOL isFalse = TRUE;
#if 0	/* CKA_LABEL TEST*/
	CK_ATTRUBUTE ECCKeyLabel = {
		CAK_LABEL,//type
		ECCPub//value
		//value_len
	};
#endif	/* END CAK_LABEL TEST*/
	
	CK_ATTRIBUTE ECCPubKey[] = {
		{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
		{CKA_LABEL, &ECCPubLabel, sizeof(ECCPubLabel)},
		{CKA_TOKEN, &isFalse, sizeof(isFalse)}
							};
	
	CK_ATTRIBUTE ECCPriKey[] = {
		{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
		{CKA_LABEL, &ECCPriLabel, sizeof(ECCPriLabel)},
		{CKA_TOKEN, &isFalse, sizeof(isFalse)}
							};

	CK_ATTRIBUTE CreateECCPriKey[] = {
		{CKA_CLASS, NULL_PTR, 0},
		{CKA_MODULUS_BITS, NULL_PTR, 0},
		{CKA_VALUE, NULL_PTR, 0}
							};

	CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
	CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
	CK_OBJECT_HANDLE hECCPubKey = 0;
	CK_OBJECT_HANDLE hECCPriKey = 0;

	CK_BYTE indata[160] = {0x00};
	CK_BYTE outdata[300] = {0x00};
	CK_BYTE temp[300] = {0x00};
	CK_ULONG outlength = 0;
	CK_ULONG templength = 0;
	
	memset(indata, 0x31, 40);
	memset(outdata, 0x00, 300);
	memset(temp, 0x00, 300);
	
	printf("ECC Inside Encrypt and Decrypt!\n");
	rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
	C_Login(hSession, CKU_SO, "11111111", 8);
#endif
	rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);

	rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
	rv = C_Encrypt(hSession, indata, 40, outdata, &outlength);
	rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
	rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
	if (memcmp(indata, temp, 40) == 0 && templength == 40)
	{
		printf("OK ECC IN!\n");
	}
	else
	{
		printf("ERROR ECC IN!\n");
	}

	printf("ECC Crossing Encrypt and Decrypt!\n");
	memset(indata, 0x33, 110);
	memset(outdata, 0x00, 300);
	memset(temp, 0x00, 300);

	rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
	if (rv == 0)
	{
		CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
		if (CreateECCPriKey[0].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			return -1;
		}
		CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
		if (CreateECCPriKey[1].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPriKey, 1);
			return -1;
		}
		
		CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
		if (CreateECCPriKey[2].pValue == NULL)
		{
			printf("ECCTest_out->malloc ERROR!\n");
			FreeAttribute(CreateECCPriKey, 2);
			return -1;
		}
		rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
		rv = C_CreateObject(hSession, CreateECCPriKey, 3, &hECCPriKey);
	}
	FreeAttribute(CreateECCPriKey, 3);

	rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
	rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);
	rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
	rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
	if (memcmp(indata, temp, 110) == 0 && templength == 110)
	{
		printf("OK ECC Crossing!\n");
	}
	else
	{
		printf("ERROR ECC Crossing!\n");
	}
#ifdef DEVICE_KEY
	C_Logout(hSession);
#endif
	C_CloseSession(hSession);

	return 0;
}