HRESULT Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_CryptokiRNG::GenerateRandom___VOID__SZARRAY_U1__I4__I4__BOOLEAN( CLR_RT_StackFrame& stack )
{
TINYCLR_HEADER();
CLR_RT_HeapBlock* pThis = stack.This();
CLR_RT_HeapBlock* pSession;
CLR_RT_HeapBlock_Array* pData = stack.Arg1().DereferenceArray();
CLR_INT32 offset = stack.Arg2().NumericByRef().s4;
CLR_INT32 len = stack.Arg3().NumericByRef().s4;
bool fNonZero = stack.Arg4().NumericByRef().s4 == 1;
CK_SESSION_HANDLE hSession;
CLR_UINT8* pDataElem;
FAULT_ON_NULL_ARG(pData);
if(len+offset > (CLR_INT32)pData->m_numOfElements) TINYCLR_SET_AND_LEAVE(CLR_E_OUT_OF_RANGE);
pSession = pThis[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_SessionContainer::FIELD__m_session].Dereference(); FAULT_ON_NULL(pSession);
hSession = pSession[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Session::FIELD__m_handle].NumericByRef().s4;
pDataElem = pData->GetElement(offset);
CRYPTOKI_CHECK_RESULT(stack, C_GenerateRandom(hSession, pDataElem, len));
if(fNonZero)
{
int i,idx = -1;
CLR_UINT8 replacements[20];
for(i=0; i<len; i++)
{
if(*pDataElem == 0)
{
if(idx == -1 || idx >= ARRAYSIZE(replacements))
{
CRYPTOKI_CHECK_RESULT(stack, C_GenerateRandom(hSession, replacements, ARRAYSIZE(replacements)));
idx = 0;
}
*pDataElem = replacements[idx++];
}
}
}
TINYCLR_NOCLEANUP();
}
/*ARGSUSED*/
krb5_error_code KRB5_CALLCONV
krb5_c_random_make_octets(krb5_context context, krb5_data *data)
{
/*
* Solaris kerberos uses /dev/[u]random
*/
#ifndef _KERNEL /* User space code */
krb5_error_code err = 0;
CK_RV rv;
KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, user space using "
"krb5_get_random_octets()\n");
rv = C_GenerateRandom(krb_ctx_hSession(context), (CK_BYTE_PTR)data->data,
(CK_ULONG)data->length);
if (rv != CKR_OK) {
KRB5_LOG(KRB5_ERR, "C_GenerateRandom failed in "
"krb5_c_random_make_octets: rv = 0x%x.", rv);
err = PKCS_ERR;
}
if (err != 0) {
KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, error");
return (err);
}
#else /* Kernel code section */
/*
* Solaris Kerberos: for kernel code we use the randomness generator native
* to Solaris 9. We avoid global variables and other nastiness this way.
*
* Using random_get_pseudo_bytes() instead of random_get_bytes() because it
* will not return an error code if there isn't enough entropy but will use
* a pseudo random algorithm to produce randomness. Most of the time it
* should be as good as random_get_bytes() and we don't have to worry about
* dealing with a non-fatal error.
*/
KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() start, kernel using "
"random_get_pseudo_bytes()\n ");
if(random_get_pseudo_bytes((uint8_t *)data->data, data->length) != 0) {
KRB5_LOG0(KRB5_ERR, "krb5_c_random_make_octets() end, "
"random_get_pseudo_bytes() error.\n");
return(KRB5_CRYPTO_INTERNAL);
}
#endif /* !_KERNEL */
KRB5_LOG0(KRB5_INFO, "krb5_c_random_make_octets() end\n");
return(0);
}
void SymmetricAlgorithmTests::des3EncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
{
CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
CK_BYTE iv[8];
CK_BYTE plainText[256];
CK_BYTE cipherText[300];
CK_ULONG ulCipherTextLen;
CK_BYTE recoveredText[300];
CK_ULONG ulRecoveredTextLen;
CK_RV rv;
rv = C_GenerateRandom(hSession, plainText, sizeof(plainText));
CPPUNIT_ASSERT(rv==CKR_OK);
if (mechanismType == CKM_DES3_CBC)
{
rv = C_GenerateRandom(hSession, iv, sizeof(iv));
CPPUNIT_ASSERT(rv==CKR_OK);
mechanism.pParameter = iv;
mechanism.ulParameterLen = sizeof(iv);
}
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextLen = sizeof(cipherText);
rv = C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulCipherTextLen==sizeof(plainText));
rv = C_DecryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulRecoveredTextLen = sizeof(recoveredText);
rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(plainText));
CPPUNIT_ASSERT(memcmp(plainText, recoveredText, sizeof(plainText)) == 0);
}
static int getRandomFunction( DEVICE_INFO *deviceInfo, void *buffer,
const int length,
MESSAGE_FUNCTION_EXTINFO *messageExtInfo )
{
CK_RV status;
PKCS11_INFO *pkcs11Info = deviceInfo->devicePKCS11;
assert( isWritePtr( deviceInfo, sizeof( DEVICE_INFO ) ) );
assert( isWritePtr( buffer, length ) );
status = C_GenerateRandom( pkcs11Info->hSession, buffer, length );
return( pkcs11MapError( status, CRYPT_ERROR_FAILED ) );
}
/*
* generate random data
*/
int pkcs_random (u_char * buf, size_t buflen)
{
CK_SESSION_HANDLE hSession;
if (pSlot != NULL &&
get_slot_session_handle (pSlot->pSession, &hSession) == CKR_OK &&
C_GenerateRandom (hSession, buf, buflen) == CKR_OK)
{
return SNMPERR_SUCCESS;
}
return SNMPERR_GENERR;
}
/*
* Generate random numbers
*/
int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r,
unsigned int r_len)
{
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
PKCS11_CTX *ctx = priv->parent;
int rv;
CHECK_SLOT_FORK(slot);
if (!priv->haveSession && PKCS11_open_session(slot, 0)) {
PKCS11err(PKCS11_F_PKCS11_GENERATE_RANDOM, PKCS11_NO_SESSION);
return -1;
}
rv = CRYPTOKI_call(ctx,
C_GenerateRandom(priv->session, (CK_BYTE_PTR) r, r_len));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_GENERATE_RANDOM, rv);
return pkcs11_check_token(ctx, slot);
}
void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
{
CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_OBJECT_CLASS secretClass = CKO_SECRET_KEY;
CK_KEY_TYPE genKeyType = CKK_GENERIC_SECRET;
CK_BYTE keyPtr[128];
CK_ULONG keyLen =
mechanismType == CKM_AES_KEY_WRAP_PAD ? 125UL : 128UL;
CK_ATTRIBUTE attribs[] = {
{ CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) },
{ CKA_CLASS, &secretClass, sizeof(secretClass) },
{ CKA_KEY_TYPE, &genKeyType, sizeof(genKeyType) },
{ CKA_TOKEN, &bFalse, sizeof(bFalse) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_SENSITIVE, &bTrue, sizeof(bTrue) }, // Wrapping is allowed even on sensitive objects
{ CKA_VALUE, keyPtr, keyLen }
};
CK_OBJECT_HANDLE hSecret;
CK_RV rv;
rv = C_GenerateRandom(hSession, keyPtr, keyLen);
CPPUNIT_ASSERT(rv == CKR_OK);
hSecret = CK_INVALID_HANDLE;
rv = C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hSecret != CK_INVALID_HANDLE);
CK_BYTE_PTR wrappedPtr = NULL_PTR;
CK_ULONG wrappedLen = 0UL;
CK_ULONG zero = 0UL;
CK_ULONG rndKeyLen = keyLen;
if (mechanismType == CKM_AES_KEY_WRAP_PAD)
rndKeyLen = (keyLen + 7) & ~7;
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_KEY_UNEXTRACTABLE);
rv = C_DestroyObject(hSession, hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
attribs[0].pValue = &bTrue;
hSecret = CK_INVALID_HANDLE;
rv = C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hSecret != CK_INVALID_HANDLE);
// Estimate wrapped length
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(wrappedLen == rndKeyLen + 8);
wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen);
CPPUNIT_ASSERT(wrappedPtr != NULL_PTR);
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(wrappedLen == rndKeyLen + 8);
// This should always fail because wrapped data have to be longer than 0 bytes
zero = 0;
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &zero);
CPPUNIT_ASSERT(rv == CKR_BUFFER_TOO_SMALL);
CK_ATTRIBUTE nattribs[] = {
{ CKA_CLASS, &secretClass, sizeof(secretClass) },
{ CKA_KEY_TYPE, &genKeyType, sizeof(genKeyType) },
{ CKA_TOKEN, &bFalse, sizeof(bFalse) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_ENCRYPT, &bFalse, sizeof(bFalse) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_SIGN, &bFalse,sizeof(bFalse) },
{ CKA_VERIFY, &bTrue, sizeof(bTrue) }
};
CK_OBJECT_HANDLE hNew;
hNew = CK_INVALID_HANDLE;
rv = C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nattribs, sizeof(nattribs)/sizeof(CK_ATTRIBUTE), &hNew);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hNew != CK_INVALID_HANDLE);
free(wrappedPtr);
wrappedPtr = NULL_PTR;
rv = C_DestroyObject(hSession, hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
#ifdef HAVE_AES_KEY_WRAP_PAD
if (mechanismType != CKM_AES_KEY_WRAP_PAD) return;
CK_OBJECT_HANDLE hRsa;
hRsa = CK_INVALID_HANDLE;
rv = generateRsaPrivateKey(hSession, CK_TRUE, CK_TRUE, hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE);
CK_OBJECT_CLASS privateClass = CKO_PRIVATE_KEY;
CK_KEY_TYPE rsaKeyType = CKK_RSA;
CK_BYTE_PTR p2Ptr = NULL_PTR;
CK_ULONG p2Len = 0UL;
CK_ATTRIBUTE rsaAttribs[] = {
{ CKA_CLASS, &privateClass, sizeof(privateClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_PRIME_2, NULL_PTR, 0UL }
};
rv = C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE));
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS));
CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY);
CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE));
CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA);
p2Len = rsaAttribs[2].ulValueLen;
p2Ptr = (CK_BYTE_PTR) malloc(2 * p2Len);
CPPUNIT_ASSERT(p2Ptr != NULL_PTR);
rsaAttribs[2].pValue = p2Ptr;
rsaAttribs[2].ulValueLen = p2Len;
rv = C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE));
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len);
rv = C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen);
CPPUNIT_ASSERT(wrappedPtr != NULL_PTR);
rv = C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_DestroyObject(hSession, hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
CK_ATTRIBUTE nRsaAttribs[] = {
{ CKA_CLASS, &privateClass, sizeof(privateClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_TOKEN, &bFalse, sizeof(bFalse) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_SIGN, &bFalse,sizeof(bFalse) },
{ CKA_UNWRAP, &bTrue, sizeof(bTrue) },
{ CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
{ CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) }
};
hRsa = CK_INVALID_HANDLE;
rv = C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nRsaAttribs, sizeof(nRsaAttribs)/sizeof(CK_ATTRIBUTE), &hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE);
rsaAttribs[2].pValue = p2Ptr + p2Len;
rv = C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE));
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS));
CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY);
CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE));
CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA);
CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len);
CPPUNIT_ASSERT(memcmp(p2Ptr, p2Ptr + p2Len, p2Len) == 0);
free(wrappedPtr);
free(p2Ptr);
rv = C_DestroyObject(hSession, hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
#endif
}
void SymmetricAlgorithmTests::des3EncryptDecrypt(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
{
CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
CK_BYTE iv[8];
CK_BYTE plainText[256];
CK_BYTE cipherText[300];
CK_ULONG ulCipherTextLen;
CK_BYTE cipherTextMulti[300];
CK_ULONG ulCipherTextMultiLen;
CK_ULONG ulCipherTextMultiPartLen;
CK_BYTE recoveredText[300];
CK_ULONG ulRecoveredTextLen;
CK_RV rv;
rv = C_GenerateRandom(hSession, plainText, sizeof(plainText));
CPPUNIT_ASSERT(rv==CKR_OK);
if (mechanismType == CKM_DES3_CBC ||
mechanismType == CKM_DES3_CBC_PAD)
{
rv = C_GenerateRandom(hSession, iv, sizeof(iv));
CPPUNIT_ASSERT(rv==CKR_OK);
mechanism.pParameter = iv;
mechanism.ulParameterLen = sizeof(iv);
}
// Single-part encryption
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
// Test invalid plain text size
if (mechanismType == CKM_DES3_ECB ||
mechanismType == CKM_DES3_CBC)
{
ulCipherTextLen = sizeof(cipherText);
rv = C_Encrypt(hSession,plainText,sizeof(plainText)-1,cipherText,&ulCipherTextLen);
CPPUNIT_ASSERT(rv==CKR_DATA_LEN_RANGE);
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
}
ulCipherTextLen = sizeof(cipherText);
rv = C_Encrypt(hSession,plainText,sizeof(plainText),cipherText,&ulCipherTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
if (mechanismType == CKM_DES3_CBC_PAD)
{
CPPUNIT_ASSERT(ulCipherTextLen==(sizeof(plainText)+8));
}
else
{
CPPUNIT_ASSERT(ulCipherTextLen==sizeof(plainText));
}
// Multi-part encryption
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
// Test invalid plain text size
if (mechanismType == CKM_DES3_ECB ||
mechanismType == CKM_DES3_CBC)
{
ulCipherTextMultiLen = sizeof(cipherTextMulti);
rv = C_EncryptUpdate(hSession,plainText,sizeof(plainText)/2-1,cipherTextMulti,&ulCipherTextMultiLen);
CPPUNIT_ASSERT(rv==CKR_DATA_LEN_RANGE);
rv = C_EncryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
}
ulCipherTextMultiLen = sizeof(cipherTextMulti);
rv = C_EncryptUpdate(hSession,plainText,sizeof(plainText)/2,cipherTextMulti,&ulCipherTextMultiLen);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextMultiPartLen = sizeof(cipherTextMulti) - ulCipherTextMultiLen;
rv = C_EncryptUpdate(hSession,plainText+sizeof(plainText)/2,sizeof(plainText)/2,cipherTextMulti+ulCipherTextMultiLen,&ulCipherTextMultiPartLen);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextMultiLen += ulCipherTextMultiPartLen;
ulCipherTextMultiPartLen = sizeof(cipherTextMulti) - ulCipherTextMultiLen;
rv = C_EncryptFinal(hSession,cipherTextMulti+ulCipherTextMultiLen,&ulCipherTextMultiPartLen);
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextMultiLen += ulCipherTextMultiPartLen;
CPPUNIT_ASSERT(ulCipherTextLen==ulCipherTextMultiLen);
CPPUNIT_ASSERT(memcmp(cipherText, cipherTextMulti, ulCipherTextLen) == 0);
// Single-part decryption
rv = C_DecryptInit(hSession,&mechanism,hKey);
CPPUNIT_ASSERT(rv==CKR_OK);
ulRecoveredTextLen = sizeof(recoveredText);
rv = C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen);
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(plainText));
CPPUNIT_ASSERT(memcmp(plainText, recoveredText, sizeof(plainText)) == 0);
}
