isc_result_t pk11_rand_bytes(unsigned char *buf, int num) { isc_result_t ret; CK_RV rv; pk11_context_t ctx; ret = pk11_get_session(&ctx, OP_RAND, ISC_FALSE, ISC_FALSE, NULL, 0); if (ret != ISC_R_SUCCESS) return (ret); RUNTIME_CHECK(ctx.session != CK_INVALID_HANDLE); rv = pkcs_C_GenerateRandom(ctx.session, (CK_BYTE_PTR) buf, (CK_ULONG) num); pk11_return_session(&ctx); if (rv == CKR_OK) return (ISC_R_SUCCESS); else return (DST_R_CRYPTOFAILURE); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_ULONG len; CK_ULONG slen; CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; CK_OBJECT_CLASS kClass = CKO_PUBLIC_KEY; CK_KEY_TYPE kType = CKK_RSA; CK_ATTRIBUTE kTemplate[] = { { CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) }, { CKA_KEY_TYPE, &kType, (CK_ULONG) sizeof(kType) }, { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_VERIFY, &truevalue, (CK_ULONG) sizeof(truevalue) }, { CKA_MODULUS, modulus, (CK_ULONG) sizeof(modulus) }, { CKA_PUBLIC_EXPONENT, exponent, (CK_ULONG) sizeof(exponent) } }; CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 }; pk11_context_t pctx; pk11_optype_t op_type = OP_RSA; char *lib_name = NULL; char *pin = NULL; int error = 0; int c, errflg = 0; int ontoken = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'p': pin = isc_commandline_argument; break; case 't': ontoken = 1; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tverify [-m module] [-s slot] [-p pin] " "[-t] [-n count]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE, ISC_TRUE, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NODIGESTSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; /* Create the private RSA key */ if (ontoken) kTemplate[2].pValue = &truevalue; rv = pkcs_C_CreateObject(hSession, kTemplate, 7, &hKey); if (rv != CKR_OK) { fprintf(stderr, "C_CreateObject: Error = 0x%.8lX\n", rv); error = 1; goto exit_key; } /* Randomize the buffer */ len = (CK_ULONG) sizeof(buf); rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom: Error = 0x%.8lX\n", rv); goto exit_key; } if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_key; } for (i = 0; i < count; i++) { /* Initialize Verify */ rv = pkcs_C_VerifyInit(hSession, &mech, hKey); if (rv != CKR_OK) { fprintf(stderr, "C_VerifyInit[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } /* Perform Verify */ slen = (CK_ULONG) sizeof(sig); rv = pkcs_C_Verify(hSession, buf, len, sig, slen); if ((rv != CKR_OK) && (rv != CKR_SIGNATURE_INVALID)) { fprintf(stderr, "C_Verify[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_key; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%u RSA verify in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g RSA verify/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_key: if (hKey != CK_INVALID_HANDLE) { rv = pkcs_C_DestroyObject(hSession, hKey); if (rv != CKR_OK) { fprintf(stderr, "C_DestroyObject: Error = 0x%.8lX\n", rv); errflg = 1; } } pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_ULONG len = sizeof(buf); pk11_context_t pctx; pk11_optype_t op_type = OP_RAND; char *lib_name = NULL; int error = 0; int c, errflg = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:n:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\trandom [-m module] [-s slot] [-n count]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, ISC_FALSE, NULL, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NODIGESTSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } hSession = pctx.session; if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_session; } for (i = 0; i < count; i++) { /* Get random bytes */ rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_session; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%uK random bytes in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g random bytes/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_session: pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_OBJECT_HANDLE *hKey; CK_OBJECT_CLASS kClass = CKO_DATA; CK_ULONG len = sizeof(buf); CK_ATTRIBUTE kTemplate[] = { { CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) }, { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_LABEL, (CK_BYTE_PTR) label, (CK_ULONG) sizeof(label) }, { CKA_VALUE, buf, (CK_ULONG) sizeof(buf) } }; pk11_context_t pctx; char *lib_name = NULL; char *pin = NULL; int error = 0; int c, errflg = 0; int ontoken = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); break; case 't': ontoken = 1; break; case 'p': pin = isc_commandline_argument; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tcreate [-m module] [-s slot] [-t] [-n count]\n"); exit(1); } pk11_result_register(); /* Allocate hanles */ hKey = (CK_SESSION_HANDLE *) malloc(count * sizeof(CK_SESSION_HANDLE)); if (hKey == NULL) { perror("malloc"); exit(1); } for (i = 0; i < count; i++) hKey[i] = CK_INVALID_HANDLE; /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE, ISC_TRUE, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NODIGESTSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; /* Randomize the buffer */ rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom: Error = 0x%.8lX\n", rv); goto exit_objects; } if (ontoken) kTemplate[1].pValue = &truevalue; if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_objects; } for (i = 0; i < count; i++) { (void) snprintf(label, sizeof(label), "obj%u", i); kTemplate[3].ulValueLen = strlen(label); rv = pkcs_C_CreateObject(hSession, kTemplate, 5, &hKey[i]); if (rv != CKR_OK) { fprintf(stderr, "C_CreateObject[%u]: Error = 0x%.8lX\n", i, rv); error = 1; if (i == 0) goto exit_objects; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_objects; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%u created objects in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g created objects/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_objects: for (i = 0; i < count; i++) { /* Destroy objects */ if (hKey[i] == CK_INVALID_HANDLE) continue; rv = pkcs_C_DestroyObject(hSession, hKey[i]); if ((rv != CKR_OK) && !errflg) { fprintf(stderr, "C_DestroyObject[%u]: Error = 0x%.8lX\n", i, rv); errflg = 1; } } free(hKey); pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_MECHANISM mech = { CKM_SHA_1, NULL, 0 }; CK_ULONG len = sizeof(buf); pk11_context_t pctx; char *lib_name = NULL; int error = 0; int c, errflg = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:n:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tssha1 [-m module] [-s slot] [-n count]\n"); exit(1); } /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE, NULL, slot); if (result != ISC_R_SUCCESS) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } hSession = pctx.session; /* Randomize the buffer */ rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom: Error = 0x%.8lX\n", rv); goto exit_session; } if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_session; } /* Initialize Digest */ rv = pkcs_C_DigestInit(hSession, &mech); if (rv != CKR_OK) { fprintf(stderr, "C_DigestInit: Error = 0x%.8lX\n", rv); goto exit_session; } for (i = 0; i < count; i++) { /* Digest buffer */ rv = pkcs_C_DigestUpdate(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } /* Finalize Digest (unconditionally) */ len = 20U; rv = pkcs_C_DigestFinal(hSession, buf, &len); if ((rv != CKR_OK) && !error) fprintf(stderr, "C_DigestFinal: Error = 0x%.8lX\n", rv); if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_session; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%uK digested bytes in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g digested bytes/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_session: pk11_return_session(&pctx); pk11_shutdown(); exit(error); }