static int dsa_exact_size_test(void) { /* * For a 2048-bit p, q should be either 224 or 256 bits per the table in * FIPS 186-4 4.2. */ return sign_and_verify(224 / 8) && sign_and_verify(256 / 8); }
int main(int argc, char** argv) { bench_options_t opts; int ret = parse_args(&opts, argc, argv) ? 0 : -1; if (!ret) { sign_and_verify(&opts); } return ret; }
int main_v1_1( void ) { char *function = "Tspi_Context_LoadKeyByBlob04"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hSigningKey, hBindingKey; TSS_HPOLICY hPolicy; TSS_RESULT result; UINT32 exitCode, attrib; TSS_FLAG initFlags; BYTE *signBlob, *bindBlob; UINT32 signBlobLen, bindBlobLen; print_begin_test( function ); // Create Context if ((result = connect_load_srk(&hContext, &hSRK))) { print_error( "connect_load_srk", result ); exit( result ); } // create a no-auth, signing key initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION; if ((result = create_load_key(hContext, initFlags, hSRK, &hSigningKey))) { print_error( "create_load_key(Signing Key)", result ); Tspi_Context_Close( hContext ); exit( result ); } print_success("Signing key created successfully", TSS_SUCCESS); // get blob result = Tspi_GetAttribData( hSigningKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &signBlobLen, &signBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_Close( hContext ); exit( result ); } // create a auth, binding key initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_AUTHORIZATION; if ((result = create_load_key(hContext, initFlags, hSRK, &hBindingKey))) { print_error( "create_load_key(Binding Key)", result ); Tspi_Context_Close( hContext ); exit( result ); } print_success("Binding key created successfully", TSS_SUCCESS); // get blob result = Tspi_GetAttribData( hBindingKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &bindBlobLen, &bindBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs before we close the context if ((result = verify_sign_attribs(hSigningKey))) { print_error( "verify_sign_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs before we close the context if ((result = verify_bind_attribs(hBindingKey))) { print_error( "verify_bind_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // close context, to get rid of all context state if ((result = Tspi_Context_Close(hContext))) { print_error( "Tspi_Context_Close", result ); exit( result ); } // re-connect if ((result = connect_load_srk(&hContext, &hSRK))) { print_error( "connect_load_srk", result ); Tspi_Context_Close( hContext ); exit( result ); } // Load both Keys by blob if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, signBlobLen, signBlob, &hSigningKey ))) { print_error( "Tspi_Context_LoadKeyByBlob", result ); Tspi_Context_Close( hContext ); exit( result ); } if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, bindBlobLen, bindBlob, &hBindingKey ))) { print_error( "Tspi_Context_LoadKeyByBlob", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs after we've re-loaded by blob if ((result = verify_sign_attribs(hSigningKey))) { print_error( "verify_sign_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs after we've re-loaded by blob if ((result = verify_bind_attribs(hBindingKey))) { print_error( "verify_bind_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // Do a sign/verify test if ((result = sign_and_verify(hContext, hSigningKey))) { print_error( "sign_and_verify", result ); Tspi_Context_Close( hContext ); exit( result ); } // Do a bind/unbind test result = bind_and_unbind(hContext, hBindingKey); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_verifyerr("bind and unbind", TSS_E_POLICY_NO_SECRET, result); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } // set up policies if ((result = set_secret(hContext, hBindingKey, &hPolicy))) { print_error("set_secret", result); Tspi_Context_Close( hContext ); exit( result ); } if ((result = bind_and_unbind(hContext, hBindingKey))) { print_error( "bind_and_unbind", result ); Tspi_Context_Close( hContext ); exit( result ); } exitCode = 0; print_success(function, TSS_SUCCESS); print_end_test( function ); Tspi_Context_Close( hContext ); exit( exitCode ); }
static int dsa_large_digest_test(void) { return sign_and_verify(33) && sign_and_verify(64); }
static int dsa_small_digest_test(void) { return sign_and_verify(16) && sign_and_verify(1); }
int main(int argc, char** argv, char** envp) { extern char *optarg; extern int optind; CK_RV rv = CKR_OK; if(argc != 2) { printf("Wrong number of arguments\nusage: %s <user_pin>\n",argv[0]); exit(1); } rv = C_GetFunctionList(&pFunctionList); if(rv != CKR_OK) { printf("FAIL: could not get function pointer list: %ld\n",rv); exit(1); } rv = (pFunctionList->C_Initialize)(NULL_PTR); if(rv != CKR_OK) { printf("FAIL: could not initialize: %ld\n",rv); exit(1); } /* get the slot list with token. this is not a test of C_OpenSession, * thus only open sessions on token and not on slots */ { CK_ULONG ulSlotCount; CK_SLOT_ID_PTR pSlotList; int i; rv = (pFunctionList->C_GetSlotList)(TRUE,NULL_PTR,&ulSlotCount); if(rv != CKR_OK) { printf("FAIL: could not get slot count: %ld\n",rv); exit(1); } pSlotList = malloc(sizeof(CK_SLOT_ID)*ulSlotCount); if(pSlotList == NULL) { printf("could not allocate slot list: %d\n",CKR_HOST_MEMORY); exit(1); } rv = (pFunctionList->C_GetSlotList)(TRUE,pSlotList,&ulSlotCount); if(rv != CKR_OK) { printf("FAIL: could not get slot List: %ld\n",rv); exit(1); } /* for each slot with a token */ for(i=0;(unsigned long)i<ulSlotCount;i++) { CK_SESSION_HANDLE sign_sess=0, verify_sess=0; CK_ULONG mech_count; CK_MECHANISM_TYPE_PTR mech_list; CK_ULONG j,k, pub_handle_count,priv_handle_count; CK_BBOOL do_token; CK_OBJECT_HANDLE_PTR pub_handle_arr; CK_OBJECT_HANDLE_PTR priv_handle_arr; CK_SLOT_ID verify_slot; printf("starting with token on slot %ld\n", pSlotList[i]); /* check that the token supports RSA sign */ /* first only get the length of the list */ (pFunctionList->C_GetMechanismList)(pSlotList[i], NULL_PTR, &mech_count); mech_list = malloc(mech_count * sizeof(CK_MECHANISM_TYPE)); if(mech_list == NULL_PTR) { printf("FAIL: mem alloc\n"); exit(1); } (pFunctionList->C_GetMechanismList)(pSlotList[i],mech_list, &mech_count); /* look for the RSA operations */ for(j=0,do_token=FALSE;j<mech_count;j++) if(mech_list[j] == CKM_RSA_PKCS) do_token = TRUE; if(!do_token) { printf("FAIL: no RSA PKCS#11 on slot %lu\n",pSlotList[i]); continue; } /* clean up */ free(mech_list); /* open session */ rv = (pFunctionList->C_OpenSession)(pSlotList[i], CKF_SERIAL_SESSION, NULL,NULL,&sign_sess); if(rv != CKR_OK) { printf("FAIL: C_OpenSession failed on slot %ld: %ld\n",pSlotList[i],rv); continue; } // To be able to retrieve private objects from the token, the user must be authenticated */ rv = (pFunctionList->C_Login) (sign_sess, CKU_USER, argv[1], 8); if(rv != CKR_OK) { printf("Bad login, rv: %d",rv); exit(1); } /* find the public keys */ rv = pkcs11_find_object(sign_sess, CK_I_rsa_public_key_template, CK_I_rsa_public_key_count , &pub_handle_arr, &pub_handle_count); if(rv != CKR_OK) { printf("FAIL: unable to find public key: 0x%lx\n",rv); continue; } /* find a token that supports RSA_PKCS for verify */ rv = find_rsa_verify(pFunctionList,&verify_slot); if(rv != CKR_OK) { printf("FAIL: unable to find token for verify: 0x%lx. Cannot verify the signature\n",rv); verify_sess = 0; } else { if (verify_slot == pSlotList[i]) verify_sess = sign_sess; else { rv = (pFunctionList->C_OpenSession)(verify_slot, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL,NULL,&verify_sess); if(rv != CKR_OK) { printf("FAIL: C_OpenSession failed on slot %ld for verify: %ld\n", pSlotList[i],rv); continue; } } } for(k=0; k<pub_handle_count; k++) { CK_ATTRIBUTE theTemplate = {CKA_ID, NULL, 0}; CK_CHAR_PTR clear_text1 ="foobar1"; CK_CHAR_PTR clear_text2 ="This is a text that is too long even for a 1k key: The quick brown fox jumps over the lazy dog. 1234567890"; CK_OBJECT_HANDLE new_pub_handle=0; /* set the ID of the public key in the private key */ rv = (pFunctionList->C_GetAttributeValue)(sign_sess, pub_handle_arr[k], &theTemplate, 1); if(rv != CKR_OK) { printf("FAIL: unable read id length for public key %li: 0x%lx\n",pub_handle_arr[k],rv); continue; } theTemplate.pValue = malloc(theTemplate.ulValueLen); if(theTemplate.pValue == NULL_PTR) { printf("FAIL: unable allocate memory for private key id\n"); continue; } rv = (pFunctionList->C_GetAttributeValue)(sign_sess, pub_handle_arr[k], &theTemplate, 1); if(rv != CKR_OK) { printf("FAIL: unable to read id for public key %li: 0x%lx\n", pub_handle_arr[k],rv); continue; } rv = set_attribute(CK_I_rsa_private_key_template, CK_I_rsa_private_key_count, CKA_ID, theTemplate.pValue, theTemplate.ulValueLen); if(rv != CKR_OK) { printf("FAIL: unable to set id in templatee for private key: 0x%lx\n",rv); continue; } /* find the matching private key */ rv = pkcs11_find_object(sign_sess, CK_I_rsa_private_key_template, CK_I_rsa_private_key_count, &priv_handle_arr, &priv_handle_count); if(rv != CKR_OK) { printf("FAIL: unable to find public key: 0x%lx\n",rv); continue; } /* is there exactly one (1) private key to this public key? */ if(priv_handle_count != 1) { printf("FAIL: wrong number of private keys: %li\n",priv_handle_count); continue; } /* copy the public key if needed */ if(sign_sess != verify_sess) { if ( verify_sess != 0 ) rv = P11_loadPubRSAKey(pFunctionList, sign_sess, pFunctionList, verify_sess, pub_handle_arr[k], &new_pub_handle); else new_pub_handle = 0; } else new_pub_handle = pub_handle_arr[k]; /* sign test vector */ rv = sign_and_verify(sign_sess,verify_sess,clear_text1, priv_handle_arr[0],new_pub_handle, argv[1]); if(rv != CKR_OK) continue; if ( verify_sess != 0 ) printf("sign and verify succeded for short text session %ld: 0x%08lx\n", sign_sess,rv); else printf("sign succeded for short text session %ld: 0x%08lx\n", sign_sess,rv); rv = sign_and_verify(sign_sess,verify_sess,clear_text2, priv_handle_arr[0],new_pub_handle, argv[1]); if(rv == CKR_OK) { printf("FAIL: over long clear text did not fail\n"); continue; } if ( verify_sess != 0 ) printf("sign and verify succeded in session %ld: 0x%08lx\n", sign_sess,rv); else printf("sign succeded in session %ld: 0x%08lx\n", sign_sess,rv); } /* for each public key */ /* close session */ rv = (pFunctionList->C_CloseSession)(sign_sess); if(rv != CKR_OK) { printf("FAIL: C_CloseSession in session %ld: %ld\n",sign_sess,rv); continue; } printf("slot %ld done\n", pSlotList[i]); } free(pSlotList); } (pFunctionList->C_Finalize)(NULL); #ifdef CK_Win32 { char buf[3]={1}; printf("\nPress any key to continue..."); _cgets(buf); } #endif return 0; }