static int dsa_exact_size_test(void) {
/*
* For a 2048-bit p, q should be either 224 or 256 bits per the table in
* FIPS 186-4 4.2.
*/
return sign_and_verify(224 / 8) && sign_and_verify(256 / 8);
}
int main(int argc, char** argv) {
bench_options_t opts;
int ret = parse_args(&opts, argc, argv) ? 0 : -1;
if (!ret) {
sign_and_verify(&opts);
}
return ret;
}
int
main_v1_1( void )
{
char *function = "Tspi_Context_LoadKeyByBlob04";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hSigningKey, hBindingKey;
TSS_HPOLICY hPolicy;
TSS_RESULT result;
UINT32 exitCode, attrib;
TSS_FLAG initFlags;
BYTE *signBlob, *bindBlob;
UINT32 signBlobLen, bindBlobLen;
print_begin_test( function );
// Create Context
if ((result = connect_load_srk(&hContext, &hSRK))) {
print_error( "connect_load_srk", result );
exit( result );
}
// create a no-auth, signing key
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION;
if ((result = create_load_key(hContext, initFlags, hSRK, &hSigningKey))) {
print_error( "create_load_key(Signing Key)", result );
Tspi_Context_Close( hContext );
exit( result );
}
print_success("Signing key created successfully", TSS_SUCCESS);
// get blob
result = Tspi_GetAttribData( hSigningKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&signBlobLen, &signBlob );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_Close( hContext );
exit( result );
}
// create a auth, binding key
initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_AUTHORIZATION;
if ((result = create_load_key(hContext, initFlags, hSRK, &hBindingKey))) {
print_error( "create_load_key(Binding Key)", result );
Tspi_Context_Close( hContext );
exit( result );
}
print_success("Binding key created successfully", TSS_SUCCESS);
// get blob
result = Tspi_GetAttribData( hBindingKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&bindBlobLen, &bindBlob );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs before we close the context
if ((result = verify_sign_attribs(hSigningKey))) {
print_error( "verify_sign_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs before we close the context
if ((result = verify_bind_attribs(hBindingKey))) {
print_error( "verify_bind_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// close context, to get rid of all context state
if ((result = Tspi_Context_Close(hContext))) {
print_error( "Tspi_Context_Close", result );
exit( result );
}
// re-connect
if ((result = connect_load_srk(&hContext, &hSRK))) {
print_error( "connect_load_srk", result );
Tspi_Context_Close( hContext );
exit( result );
}
// Load both Keys by blob
if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK,
signBlobLen,
signBlob,
&hSigningKey ))) {
print_error( "Tspi_Context_LoadKeyByBlob", result );
Tspi_Context_Close( hContext );
exit( result );
}
if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK,
bindBlobLen,
bindBlob,
&hBindingKey ))) {
print_error( "Tspi_Context_LoadKeyByBlob", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs after we've re-loaded by blob
if ((result = verify_sign_attribs(hSigningKey))) {
print_error( "verify_sign_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs after we've re-loaded by blob
if ((result = verify_bind_attribs(hBindingKey))) {
print_error( "verify_bind_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// Do a sign/verify test
if ((result = sign_and_verify(hContext, hSigningKey))) {
print_error( "sign_and_verify", result );
Tspi_Context_Close( hContext );
exit( result );
}
// Do a bind/unbind test
result = bind_and_unbind(hContext, hBindingKey);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_verifyerr("bind and unbind", TSS_E_POLICY_NO_SECRET, result);
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
}
// set up policies
if ((result = set_secret(hContext, hBindingKey, &hPolicy))) {
print_error("set_secret", result);
Tspi_Context_Close( hContext );
exit( result );
}
if ((result = bind_and_unbind(hContext, hBindingKey))) {
print_error( "bind_and_unbind", result );
Tspi_Context_Close( hContext );
exit( result );
}
exitCode = 0;
print_success(function, TSS_SUCCESS);
print_end_test( function );
Tspi_Context_Close( hContext );
exit( exitCode );
}
static int dsa_large_digest_test(void) {
return sign_and_verify(33) && sign_and_verify(64);
}
static int dsa_small_digest_test(void) {
return sign_and_verify(16) && sign_and_verify(1);
}
int main(int argc, char** argv, char** envp)
{
extern char *optarg;
extern int optind;
CK_RV rv = CKR_OK;
if(argc != 2)
{
printf("Wrong number of arguments\nusage: %s <user_pin>\n",argv[0]);
exit(1);
}
rv = C_GetFunctionList(&pFunctionList);
if(rv != CKR_OK)
{
printf("FAIL: could not get function pointer list: %ld\n",rv);
exit(1);
}
rv = (pFunctionList->C_Initialize)(NULL_PTR);
if(rv != CKR_OK)
{
printf("FAIL: could not initialize: %ld\n",rv);
exit(1);
}
/* get the slot list with token. this is not a test of C_OpenSession,
* thus only open sessions on token and not on slots
*/
{
CK_ULONG ulSlotCount;
CK_SLOT_ID_PTR pSlotList;
int i;
rv = (pFunctionList->C_GetSlotList)(TRUE,NULL_PTR,&ulSlotCount);
if(rv != CKR_OK)
{
printf("FAIL: could not get slot count: %ld\n",rv);
exit(1);
}
pSlotList = malloc(sizeof(CK_SLOT_ID)*ulSlotCount);
if(pSlotList == NULL)
{
printf("could not allocate slot list: %d\n",CKR_HOST_MEMORY);
exit(1);
}
rv = (pFunctionList->C_GetSlotList)(TRUE,pSlotList,&ulSlotCount);
if(rv != CKR_OK)
{
printf("FAIL: could not get slot List: %ld\n",rv);
exit(1);
}
/* for each slot with a token */
for(i=0;(unsigned long)i<ulSlotCount;i++)
{
CK_SESSION_HANDLE sign_sess=0, verify_sess=0;
CK_ULONG mech_count;
CK_MECHANISM_TYPE_PTR mech_list;
CK_ULONG j,k, pub_handle_count,priv_handle_count;
CK_BBOOL do_token;
CK_OBJECT_HANDLE_PTR pub_handle_arr;
CK_OBJECT_HANDLE_PTR priv_handle_arr;
CK_SLOT_ID verify_slot;
printf("starting with token on slot %ld\n", pSlotList[i]);
/* check that the token supports RSA sign */
/* first only get the length of the list */
(pFunctionList->C_GetMechanismList)(pSlotList[i],
NULL_PTR, &mech_count);
mech_list = malloc(mech_count * sizeof(CK_MECHANISM_TYPE));
if(mech_list == NULL_PTR)
{
printf("FAIL: mem alloc\n");
exit(1);
}
(pFunctionList->C_GetMechanismList)(pSlotList[i],mech_list,
&mech_count);
/* look for the RSA operations */
for(j=0,do_token=FALSE;j<mech_count;j++)
if(mech_list[j] == CKM_RSA_PKCS) do_token = TRUE;
if(!do_token)
{
printf("FAIL: no RSA PKCS#11 on slot %lu\n",pSlotList[i]);
continue;
}
/* clean up */
free(mech_list);
/* open session */
rv = (pFunctionList->C_OpenSession)(pSlotList[i],
CKF_SERIAL_SESSION,
NULL,NULL,&sign_sess);
if(rv != CKR_OK)
{
printf("FAIL: C_OpenSession failed on slot %ld: %ld\n",pSlotList[i],rv);
continue;
}
// To be able to retrieve private objects from the token, the user must be authenticated */
rv = (pFunctionList->C_Login) (sign_sess, CKU_USER, argv[1], 8);
if(rv != CKR_OK)
{
printf("Bad login, rv: %d",rv);
exit(1);
}
/* find the public keys */
rv = pkcs11_find_object(sign_sess,
CK_I_rsa_public_key_template, CK_I_rsa_public_key_count ,
&pub_handle_arr, &pub_handle_count);
if(rv != CKR_OK)
{
printf("FAIL: unable to find public key: 0x%lx\n",rv);
continue;
}
/* find a token that supports RSA_PKCS for verify */
rv = find_rsa_verify(pFunctionList,&verify_slot);
if(rv != CKR_OK)
{
printf("FAIL: unable to find token for verify: 0x%lx. Cannot verify the signature\n",rv);
verify_sess = 0;
}
else
{
if (verify_slot == pSlotList[i])
verify_sess = sign_sess;
else
{
rv = (pFunctionList->C_OpenSession)(verify_slot,
CKF_SERIAL_SESSION|CKF_RW_SESSION,
NULL,NULL,&verify_sess);
if(rv != CKR_OK)
{
printf("FAIL: C_OpenSession failed on slot %ld for verify: %ld\n",
pSlotList[i],rv);
continue;
}
}
}
for(k=0; k<pub_handle_count; k++)
{
CK_ATTRIBUTE theTemplate = {CKA_ID, NULL, 0};
CK_CHAR_PTR clear_text1 ="foobar1";
CK_CHAR_PTR clear_text2 ="This is a text that is too long even for a 1k key: The quick brown fox jumps over the lazy dog. 1234567890";
CK_OBJECT_HANDLE new_pub_handle=0;
/* set the ID of the public key in the private key */
rv = (pFunctionList->C_GetAttributeValue)(sign_sess, pub_handle_arr[k], &theTemplate, 1);
if(rv != CKR_OK)
{
printf("FAIL: unable read id length for public key %li: 0x%lx\n",pub_handle_arr[k],rv);
continue;
}
theTemplate.pValue = malloc(theTemplate.ulValueLen);
if(theTemplate.pValue == NULL_PTR)
{
printf("FAIL: unable allocate memory for private key id\n");
continue;
}
rv = (pFunctionList->C_GetAttributeValue)(sign_sess, pub_handle_arr[k], &theTemplate, 1);
if(rv != CKR_OK)
{
printf("FAIL: unable to read id for public key %li: 0x%lx\n",
pub_handle_arr[k],rv);
continue;
}
rv = set_attribute(CK_I_rsa_private_key_template,
CK_I_rsa_private_key_count,
CKA_ID,
theTemplate.pValue, theTemplate.ulValueLen);
if(rv != CKR_OK)
{
printf("FAIL: unable to set id in templatee for private key: 0x%lx\n",rv);
continue;
}
/* find the matching private key */
rv = pkcs11_find_object(sign_sess, CK_I_rsa_private_key_template,
CK_I_rsa_private_key_count,
&priv_handle_arr, &priv_handle_count);
if(rv != CKR_OK)
{
printf("FAIL: unable to find public key: 0x%lx\n",rv);
continue;
}
/* is there exactly one (1) private key to this public key? */
if(priv_handle_count != 1)
{
printf("FAIL: wrong number of private keys: %li\n",priv_handle_count);
continue;
}
/* copy the public key if needed */
if(sign_sess != verify_sess)
{ if ( verify_sess != 0 )
rv = P11_loadPubRSAKey(pFunctionList, sign_sess,
pFunctionList, verify_sess,
pub_handle_arr[k], &new_pub_handle);
else
new_pub_handle = 0;
}
else
new_pub_handle = pub_handle_arr[k];
/* sign test vector */
rv = sign_and_verify(sign_sess,verify_sess,clear_text1,
priv_handle_arr[0],new_pub_handle,
argv[1]);
if(rv != CKR_OK)
continue;
if ( verify_sess != 0 )
printf("sign and verify succeded for short text session %ld: 0x%08lx\n",
sign_sess,rv);
else
printf("sign succeded for short text session %ld: 0x%08lx\n",
sign_sess,rv);
rv = sign_and_verify(sign_sess,verify_sess,clear_text2,
priv_handle_arr[0],new_pub_handle,
argv[1]);
if(rv == CKR_OK)
{
printf("FAIL: over long clear text did not fail\n");
continue;
}
if ( verify_sess != 0 )
printf("sign and verify succeded in session %ld: 0x%08lx\n",
sign_sess,rv);
else
printf("sign succeded in session %ld: 0x%08lx\n",
sign_sess,rv);
} /* for each public key */
/* close session */
rv = (pFunctionList->C_CloseSession)(sign_sess);
if(rv != CKR_OK)
{
printf("FAIL: C_CloseSession in session %ld: %ld\n",sign_sess,rv);
continue;
}
printf("slot %ld done\n", pSlotList[i]);
}
free(pSlotList);
}
(pFunctionList->C_Finalize)(NULL);
#ifdef CK_Win32
{
char buf[3]={1};
printf("\nPress any key to continue...");
_cgets(buf);
}
#endif
return 0;
}
