void AsymEncryptDecryptTests::rsaEncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey)
{
CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
CK_RSA_PKCS_OAEP_PARAMS oaepParams = { CKM_SHA_1, CKG_MGF1_SHA1, 1, NULL_PTR, 0 };
CK_BYTE plainText[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,0x0C, 0x0D, 0x0F };
CK_BYTE cipherText[256];
CK_ULONG ulCipherTextLen;
CK_BYTE recoveredText[256];
CK_ULONG ulRecoveredTextLen;
CK_RV rv;
if (mechanismType == CKM_RSA_PKCS_OAEP)
{
mechanism.pParameter = &oaepParams;
mechanism.ulParameterLen = sizeof(oaepParams);
}
rv = C_EncryptInit(hSession,&mechanism,hPublicKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextLen = sizeof(cipherText);
rv =C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
rv = C_DecryptInit(hSession,&mechanism,hPrivateKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulRecoveredTextLen = sizeof(recoveredText);
rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(memcmp(plainText, &recoveredText[ulRecoveredTextLen-sizeof(plainText)], sizeof(plainText)) == 0);
}
/* RSA private key decryption */
int pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
PKCS11_KEY *key, int padding)
{
PKCS11_SLOT *slot = KEY2SLOT(key);
PKCS11_CTX *ctx = KEY2CTX(key);
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
CK_MECHANISM mechanism;
CK_ULONG size = flen;
CK_RV rv;
if (pkcs11_mechanism(&mechanism, padding) < 0)
return -1;
CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock);
rv = CRYPTOKI_call(ctx,
C_DecryptInit(spriv->session, &mechanism, kpriv->object));
if (rv == CKR_USER_NOT_LOGGED_IN)
rv = pkcs11_authenticate(key);
if (!rv)
rv = CRYPTOKI_call(ctx,
C_Decrypt(spriv->session, (CK_BYTE *)from, size,
(CK_BYTE_PTR)to, &size));
CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
return -1;
}
return size;
}
int
PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
PKCS11_KEY * key, int padding)
{
CK_RV rv;
PKCS11_KEY_private *priv;
PKCS11_SLOT *slot;
PKCS11_CTX *ctx;
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
CK_ULONG size = flen;
if (padding != RSA_PKCS1_PADDING) {
printf("pkcs11 engine: only RSA_PKCS1_PADDING allowed so far\n");
return -1;
}
if (key == NULL)
return -1;
/* PKCS11 calls go here */
ctx = KEY2CTX(key);
priv = PRIVKEY(key);
slot = TOKEN2SLOT(priv->parent);
CHECK_KEY_FORK(key);
session = PRIVSLOT(slot)->session;
memset(&mechanism, 0, sizeof(mechanism));
mechanism.mechanism = CKM_RSA_PKCS;
pkcs11_w_lock(PRIVSLOT(slot)->lockid);
rv = CRYPTOKI_call(ctx, C_DecryptInit(session, &mechanism, priv->object)) ||
CRYPTOKI_call(ctx,
C_Decrypt(session, (CK_BYTE *) from, (CK_ULONG)flen,
(CK_BYTE_PTR)to, &size));
pkcs11_w_unlock(PRIVSLOT(slot)->lockid);
if (rv) {
PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));
}
return rv ? 0 : size;
}
void CPKCSDemoDlg::OnBtnDecrypt()
{
StartOP();
CK_BYTE_PTR pbRestoredMsg = NULL;
CK_ULONG ulRestoredMsgLen = 0;
CK_RV rv;
rv = C_DecryptInit(m_hSession,
&ckMechanism,
m_hPriKey);
if(CKR_OK != rv)
{
ShowErr(NEWLINE"Failed to call DecryptInit!Error code 0x%08X."NEWLINE, rv);
return;
}
rv = C_Decrypt(m_hSession, m_pbCipherBuffer, m_ulCipherLen, NULL_PTR, &ulRestoredMsgLen);
if(CKR_OK != rv)
{
ShowErr(NEWLINE"Can't acquire size of Data after Decrypt! Error code 0x%08X."NEWLINE, rv);
return;
}
pbRestoredMsg = (CK_BYTE_PTR)new CK_BYTE[ulRestoredMsgLen + 1];
if (! pbRestoredMsg)
{
ShowMsg(NEWLINE"Can't allocate enough memory for Decrypt!"NEWLINE);
return;
}
ZeroMemory(pbRestoredMsg, ulRestoredMsgLen + 1);
rv = C_Decrypt(m_hSession, m_pbCipherBuffer, m_ulCipherLen, pbRestoredMsg, &ulRestoredMsgLen);
if (CKR_OK != rv)
{
ShowErr(NEWLINE"Failed to call decrypt,Error code 0x%08X."NEWLINE, rv);
delete[] pbRestoredMsg;
return;
}
ShowMsg(NEWLINE"Decrypt Successfully, Data after Decrypt is :"NEWLINE);
ShowMsg(pbRestoredMsg);
ShowMsg(NEWLINE);
delete[] pbRestoredMsg;
}
HRESULT Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Decryptor::DecryptInit___VOID__MicrosoftSPOTCryptokiSession__MicrosoftSPOTCryptokiMechanism__SystemSecurityCryptographyCryptoKey( CLR_RT_StackFrame& stack )
{
TINYCLR_HEADER();
CLR_RT_HeapBlock* pSession = stack.Arg1().Dereference();
CLR_RT_HeapBlock* pMech = stack.Arg2().Dereference();
CLR_RT_HeapBlock* pKeyHandle = stack.Arg3().Dereference();
CLR_RT_HeapBlock_Array* pArrParam;
CK_MECHANISM mech;
CK_OBJECT_HANDLE hKey;
CK_SESSION_HANDLE hSession;
FAULT_ON_NULL_ARG(pSession);
FAULT_ON_NULL_ARG(pMech);
FAULT_ON_NULL_ARG(pKeyHandle);
hSession = (CK_SESSION_HANDLE)pSession[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Session::FIELD__m_handle].NumericByRef().s4;
if(hSession == CK_SESSION_HANDLE_INVALID) TINYCLR_SET_AND_LEAVE(CLR_E_OBJECT_DISPOSED);
mech.mechanism = pMech[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Mechanism::FIELD__Type].NumericByRef().u4;
pArrParam = pMech[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Mechanism::FIELD__Parameter].DereferenceArray();
if(pArrParam != NULL && pArrParam->m_numOfElements > 0)
{
mech.pParameter = pArrParam->GetFirstElement();
mech.ulParameterLen = pArrParam->m_numOfElements;
}
else
{
mech.pParameter = NULL;
mech.ulParameterLen = 0;
}
hKey = (CK_OBJECT_HANDLE)pKeyHandle[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_CryptokiObject::FIELD__m_handle].NumericByRef().s4;
CRYPTOKI_CHECK_RESULT(stack, C_DecryptInit(hSession, &mech, hKey));
TINYCLR_NOCLEANUP();
}
void SymmetricAlgorithmTests::des3EncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
{
CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
CK_BYTE iv[8];
CK_BYTE plainText[256];
CK_BYTE cipherText[300];
CK_ULONG ulCipherTextLen;
CK_BYTE recoveredText[300];
CK_ULONG ulRecoveredTextLen;
CK_RV rv;
rv = C_GenerateRandom(hSession, plainText, sizeof(plainText));
CPPUNIT_ASSERT(rv==CKR_OK);
if (mechanismType == CKM_DES3_CBC)
{
rv = C_GenerateRandom(hSession, iv, sizeof(iv));
CPPUNIT_ASSERT(rv==CKR_OK);
mechanism.pParameter = iv;
mechanism.ulParameterLen = sizeof(iv);
}
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextLen = sizeof(cipherText);
rv = C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulCipherTextLen==sizeof(plainText));
rv = C_DecryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulRecoveredTextLen = sizeof(recoveredText);
rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(plainText));
CPPUNIT_ASSERT(memcmp(plainText, recoveredText, sizeof(plainText)) == 0);
}
static CK_RV decryptData(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey,
CK_CHAR* pEncData,
CK_SIZE encDataLen,
CK_CHAR** ppData,
CK_SIZE* pDataLen)
{
CK_RV rv = CKR_OK;
CK_MECHANISM mech;
CK_MECHANISM_TYPE mechType = CKM_DES3_ECB;
mech.mechanism = mechType;
mech.pParameter = NULL;
mech.parameterLen = 0;
/* Initialise the decrypt operation */
rv = C_DecryptInit(hSession, &mech, hKey);
CHECK_CK_RV_GOTO(rv, "C_DecryptInit", end);
/* Length predication */
rv = C_Decrypt(hSession, pEncData, encDataLen, NULL, pDataLen);
CHECK_CK_RV_GOTO(rv, "C_Decrypt", end);
*ppData = (CK_CHAR*)malloc(*pDataLen);
if (*ppData == NULL) return CKR_HOST_MEMORY;
/* Do the actual decrypt operation */
rv = C_Decrypt(hSession, pEncData, encDataLen, *ppData, pDataLen);
CHECK_CK_RV_GOTO(rv, "C_Decrypt", end);
end:
return rv;
}
void SymmetricAlgorithmTests::des3EncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
{
CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
CK_BYTE iv[8];
CK_BYTE plainText[256];
CK_BYTE cipherText[300];
CK_ULONG ulCipherTextLen;
CK_BYTE cipherTextMulti[300];
CK_ULONG ulCipherTextMultiLen;
CK_ULONG ulCipherTextMultiPartLen;
CK_BYTE recoveredText[300];
CK_ULONG ulRecoveredTextLen;
CK_RV rv;
rv = C_GenerateRandom(hSession, plainText, sizeof(plainText));
CPPUNIT_ASSERT(rv==CKR_OK);
if (mechanismType == CKM_DES3_CBC ||
mechanismType == CKM_DES3_CBC_PAD)
{
rv = C_GenerateRandom(hSession, iv, sizeof(iv));
CPPUNIT_ASSERT(rv==CKR_OK);
mechanism.pParameter = iv;
mechanism.ulParameterLen = sizeof(iv);
}
// Single-part encryption
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
// Test invalid plain text size
if (mechanismType == CKM_DES3_ECB ||
mechanismType == CKM_DES3_CBC)
{
ulCipherTextLen = sizeof(cipherText);
rv = C_Encrypt(hSession,plainText,sizeof(plainText)-1,cipherText,&ulCipherTextLen);
CPPUNIT_ASSERT(rv==CKR_DATA_LEN_RANGE);
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
}
ulCipherTextLen = sizeof(cipherText);
rv = C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
if (mechanismType == CKM_DES3_CBC_PAD)
{
CPPUNIT_ASSERT(ulCipherTextLen==(sizeof(plainText)+8));
}
else
{
CPPUNIT_ASSERT(ulCipherTextLen==sizeof(plainText));
}
// Multi-part encryption
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
// Test invalid plain text size
if (mechanismType == CKM_DES3_ECB ||
mechanismType == CKM_DES3_CBC)
{
ulCipherTextMultiLen = sizeof(cipherTextMulti);
rv = C_EncryptUpdate(hSession,plainText,sizeof(plainText)/2-1,cipherTextMulti,&ulCipherTextMultiLen);
CPPUNIT_ASSERT(rv==CKR_DATA_LEN_RANGE);
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
}
ulCipherTextMultiLen = sizeof(cipherTextMulti);
rv = C_EncryptUpdate(hSession,plainText,sizeof(plainText)/2,cipherTextMulti,&ulCipherTextMultiLen);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextMultiPartLen = sizeof(cipherTextMulti) - ulCipherTextMultiLen;
rv = C_EncryptUpdate(hSession,plainText+sizeof(plainText)/2,sizeof(plainText)/2,cipherTextMulti+ulCipherTextMultiLen,&ulCipherTextMultiPartLen);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextMultiLen += ulCipherTextMultiPartLen;
ulCipherTextMultiPartLen = sizeof(cipherTextMulti) - ulCipherTextMultiLen;
rv = C_EncryptFinal(hSession,cipherTextMulti+ulCipherTextMultiLen,&ulCipherTextMultiPartLen);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextMultiLen += ulCipherTextMultiPartLen;
CPPUNIT_ASSERT(ulCipherTextLen==ulCipherTextMultiLen);
CPPUNIT_ASSERT(memcmp(cipherText, cipherTextMulti, ulCipherTextLen) == 0);
// Single-part decryption
rv = C_DecryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulRecoveredTextLen = sizeof(recoveredText);
rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(plainText));
CPPUNIT_ASSERT(memcmp(plainText, recoveredText, sizeof(plainText)) == 0);
}
void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_OBJECT_HANDLE &hDerive, CK_MECHANISM_TYPE mechType, CK_KEY_TYPE keyType)
{
CK_RV rv;
CK_MECHANISM mechanism = { mechType, NULL_PTR, 0 };
CK_MECHANISM mechEncrypt = { CKM_VENDOR_DEFINED, NULL_PTR, 0 };
CK_KEY_DERIVATION_STRING_DATA param1;
CK_DES_CBC_ENCRYPT_DATA_PARAMS param2;
CK_AES_CBC_ENCRYPT_DATA_PARAMS param3;
CK_BYTE data[] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 0x23, 0x24,
0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
};
CK_ULONG secLen = 0;
switch (mechType)
{
case CKM_DES_ECB_ENCRYPT_DATA:
case CKM_DES3_ECB_ENCRYPT_DATA:
case CKM_AES_ECB_ENCRYPT_DATA:
param1.pData = &data[0];
param1.ulLen = sizeof(data);
mechanism.pParameter = ¶m1;
mechanism.ulParameterLen = sizeof(param1);
break;
case CKM_DES_CBC_ENCRYPT_DATA:
case CKM_DES3_CBC_ENCRYPT_DATA:
memcpy(param2.iv, "12345678", 8);
param2.pData = &data[0];
param2.length = sizeof(data);
mechanism.pParameter = ¶m2;
mechanism.ulParameterLen = sizeof(param2);
break;
case CKM_AES_CBC_ENCRYPT_DATA:
memcpy(param3.iv, "1234567890ABCDEF", 16);
param3.pData = &data[0];
param3.length = sizeof(data);
mechanism.pParameter = ¶m3;
mechanism.ulParameterLen = sizeof(param3);
break;
default:
CPPUNIT_FAIL("Invalid mechanism");
}
switch (keyType)
{
case CKK_GENERIC_SECRET:
secLen = 32;
break;
case CKK_DES:
mechEncrypt.mechanism = CKM_DES_ECB;
break;
case CKK_DES2:
case CKK_DES3:
mechEncrypt.mechanism = CKM_DES3_ECB;
break;
case CKK_AES:
mechEncrypt.mechanism = CKM_AES_ECB;
secLen = 32;
break;
default:
CPPUNIT_FAIL("Invalid key type");
}
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_ATTRIBUTE keyAttribs[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_PRIVATE, &bFalse, sizeof(bFalse) },
{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
{ CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) },
{ CKA_VALUE_LEN, &secLen, sizeof(secLen) }
};
hDerive = CK_INVALID_HANDLE;
if (secLen > 0)
{
rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hKey,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hDerive) );
}
else
{
rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hKey,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
&hDerive) );
}
CPPUNIT_ASSERT(rv == CKR_OK);
// Check that KCV has been set
CK_ATTRIBUTE checkAttribs[] = {
{ CKA_CHECK_VALUE, NULL_PTR, 0 }
};
CK_BYTE check[3];
checkAttribs[0].pValue = check;
checkAttribs[0].ulValueLen = sizeof(check);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hDerive, checkAttribs, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(checkAttribs[0].ulValueLen == 3);
if (keyType == CKK_GENERIC_SECRET) return;
CK_BYTE cipherText[300];
CK_ULONG ulCipherTextLen;
CK_BYTE recoveredText[300];
CK_ULONG ulRecoveredTextLen;
rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextLen = sizeof(cipherText);
rv = CRYPTOKI_F_PTR( C_Encrypt(hSession,data,sizeof(data),cipherText,&ulCipherTextLen) );
CPPUNIT_ASSERT(rv==CKR_OK);
rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,&mechEncrypt,hDerive) );
CPPUNIT_ASSERT(rv==CKR_OK);
ulRecoveredTextLen = sizeof(recoveredText);
rv = CRYPTOKI_F_PTR( C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen) );
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(data));
CPPUNIT_ASSERT(memcmp(data, recoveredText, sizeof(data)) == 0);
}
void ECCSpeedTest()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BBOOL isTrue = FALSE;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE Id[] = "MY_ECC_KEY";
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
CK_ULONG i = 0;
LARGE_INTEGER Frequency;
LARGE_INTEGER StartNum;
LARGE_INTEGER EndNum;
double Second;
memset(indata, 0x42, 111);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
QueryPerformanceFrequency(&Frequency);
QueryPerformanceCounter(&StartNum);
for (i=0; i<LOOPTIMES; i++)
{
C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
}
QueryPerformanceCounter(&EndNum);
Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart);
printf("Generate ECC Key Time is: %03f s\n", Second/LOOPTIMES);
QueryPerformanceCounter(&StartNum);
for (i=0; i<LOOPTIMES; i++)
{
C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
C_Encrypt(hSession, indata, 111, outdata, &outlength);
C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
C_Decrypt(hSession, outdata, outlength, temp, &templength);
}
QueryPerformanceCounter(&EndNum);
Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart);
printf("ECC Encrypt and Decrypt Time is: %03f s\n", Second/LOOPTIMES);
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
C_CloseSession(hSession);
}
FLAG ECCTest_out()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BBOOL isTrue = TRUE;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE Id[] = "MY_ECC_KEY";
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE CreateECCPubKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_ID, NULL_PTR, 0},
{CKA_EC_POINT, NULL_PTR, 0}
};
CK_ATTRIBUTE CreateECCPriKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_ID, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
printf("ECC Outside Encrypt and Decrypt!\n");
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
rv = C_CloseSession(hSession);
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
if (rv == 0)
{
CreateECCPubKey[0].pValue = malloc(CreateECCPubKey[0].ulValueLen);
if (CreateECCPubKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPubKey[1].pValue = malloc(CreateECCPubKey[1].ulValueLen);
if (CreateECCPubKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 1);
return -1;
}
CreateECCPubKey[2].pValue = malloc(CreateECCPubKey[2].ulValueLen);
if (CreateECCPubKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 2);
return -1;
}
CreateECCPubKey[3].pValue = malloc(CreateECCPubKey[3].ulValueLen);
if (CreateECCPubKey[3].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 3);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
rv = C_DestroyObject(hSession, hECCPubKey);
rv = C_CreateObject(hSession, CreateECCPubKey, 4, &hECCPubKey);
}
FreeAttribute(CreateECCPubKey, 4);
memset(indata, 0x33, 110);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
if (rv == 0)
{
CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
if (CreateECCPriKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
if (CreateECCPriKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 1);
return -1;
}
CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
if (CreateECCPriKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 2);
return -1;
}
CreateECCPriKey[3].pValue = malloc(CreateECCPriKey[3].ulValueLen);
if (CreateECCPriKey[3].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 3);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
rv = C_DestroyObject(hSession, hECCPriKey);
rv = C_CreateObject(hSession, CreateECCPriKey, 4, &hECCPriKey);
}
FreeAttribute(CreateECCPriKey, 4);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
rv = C_CloseSession(hSession);
if (memcmp(indata, temp, 110) == 0 && templength == 110)
{
printf("OK ECC OUT!\n");
}
else
{
printf("ERROR ECC OUT!\n");
}
return 0;
}
FLAG ECCTest_in()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE ECCPubLabel[] = "ECC_PUBLIC_KEY_7";
CK_BYTE ECCPriLabel[] = "ECC_PRIVATE_KEY_7";
CK_BBOOL isFalse = TRUE;
#if 0 /* CKA_LABEL TEST*/
CK_ATTRUBUTE ECCKeyLabel = {
CAK_LABEL,//type
ECCPub//value
//value_len
};
#endif /* END CAK_LABEL TEST*/
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_LABEL, &ECCPubLabel, sizeof(ECCPubLabel)},
{CKA_TOKEN, &isFalse, sizeof(isFalse)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_LABEL, &ECCPriLabel, sizeof(ECCPriLabel)},
{CKA_TOKEN, &isFalse, sizeof(isFalse)}
};
CK_ATTRIBUTE CreateECCPriKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
memset(indata, 0x31, 40);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
printf("ECC Inside Encrypt and Decrypt!\n");
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 40, outdata, &outlength);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
if (memcmp(indata, temp, 40) == 0 && templength == 40)
{
printf("OK ECC IN!\n");
}
else
{
printf("ERROR ECC IN!\n");
}
printf("ECC Crossing Encrypt and Decrypt!\n");
memset(indata, 0x33, 110);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
if (rv == 0)
{
CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
if (CreateECCPriKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
if (CreateECCPriKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 1);
return -1;
}
CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
if (CreateECCPriKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 2);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
rv = C_CreateObject(hSession, CreateECCPriKey, 3, &hECCPriKey);
}
FreeAttribute(CreateECCPriKey, 3);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
if (memcmp(indata, temp, 110) == 0 && templength == 110)
{
printf("OK ECC Crossing!\n");
}
else
{
printf("ERROR ECC Crossing!\n");
}
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
C_CloseSession(hSession);
return 0;
}
