コード例 #1
0
ファイル: des3_func.c プロジェクト: IanMDavis/openCryptoki
/** Tests triple DES decryption with published test vectors. **/
CK_RV do_DecryptDES3(struct published_test_suite_info *tsuite)
{
	int			i;		      	// test vector index
	CK_BYTE		 	expected[BIG_REQUEST];  // decrypted data
	CK_BYTE		 	actual[BIG_REQUEST];    // decryption buffer
	CK_ULONG		expected_len, actual_len;

	CK_SLOT_ID	      	slot_id = SLOT_ID;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_SESSION_HANDLE	session;
	CK_MECHANISM		mech;
	CK_OBJECT_HANDLE	h_key;
	CK_RV			rc;
	CK_FLAGS		flags;

	/** begin testsuite **/
	testsuite_begin("%s Decryption.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();


	/** skip test if the slot does not support this mechanism **/
	if (! mech_supported(slot_id, tsuite->mechanism)){
		testsuite_skip( tsuite->tvcount,
				"Slot %u doesn't support %s (%u)",
				(unsigned int) slot_id,
				mech_to_str(tsuite->mechanism),
				(unsigned int)tsuite->mechanism );
		goto testcase_cleanup;
	}

	/** iterate over test vectors **/
	for (i = 0; i < tsuite->tvcount; i++){

		/** begin test **/
		testcase_begin( "%s Decryption with test vector %d.",
				tsuite->name, i );

		rc = CKR_OK;    // set rc

		/** clear buffers **/
		memset(expected, 0, sizeof(expected));
		memset(actual, 0, sizeof(actual));

		/** get plaintext (expected result) **/
		expected_len = tsuite->tv[i].plen;
		memcpy(expected, tsuite->tv[i].plaintext, expected_len);

		/** get ciphertext **/
		actual_len = tsuite->tv[i].clen;
		memcpy(actual, tsuite->tv[i].ciphertext, actual_len);

		/** get mechanism **/
		mech.mechanism = tsuite->mechanism;
		mech.ulParameterLen = tsuite->tv[i].ivlen;
		mech.pParameter = tsuite->tv[i].iv;

		/** create key handle. **/
		rc = create_DES3Key( session,
				tsuite->tv[i].key,
				tsuite->tv[i].klen,
				&h_key);

		if (rc != CKR_OK) {
			testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		/** initialize single (in-place) decryption **/
		rc = funcs->C_DecryptInit(session, &mech, h_key);
		if (rc != CKR_OK) {
			testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
			goto error;
		}

		/** do single (in-place) decryption **/
		rc = funcs->C_Decrypt( session,
					actual,
					actual_len,
					actual,
					&actual_len );
		if (rc != CKR_OK){
			testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
			goto error;
		}

		/** compare decryption results with expected results. **/
		testcase_new_assertion();

		if (actual_len != expected_len) {
			testcase_fail("decrypted data length does not match "
			"test vector's decrypted data length.\nexpected length="
			"%ld, but found length=%ld\n",
			expected_len, actual_len );
		}

		else if (memcmp(actual, expected, expected_len)) {
			testcase_fail(  "decrypted data does not match test "
					"vector's decrypted data.\n" );
			}

		else {
			testcase_pass( "%s Decryption with test vector %d "
					"passed.", tsuite->name, i );
		}

		/** clean up **/
		rc = funcs->C_DestroyObject(session, h_key);
		if (rc != CKR_OK) {
			testcase_error( "C_DestroyObject rc=%s.",
					p11_get_ckr(rc) );
			goto testcase_cleanup;
		}
	}
	goto testcase_cleanup;

error:
	rc = funcs->C_DestroyObject(session, h_key);
	if (rc != CKR_OK)
		testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));

testcase_cleanup:
	testcase_user_logout();
	rc = funcs->C_CloseAllSessions(slot_id);
	if (rc != CKR_OK) {
		testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
	}
	return rc;
}
コード例 #2
0
ファイル: des3_func.c プロジェクト: IanMDavis/openCryptoki
/** Tests triple DES multipart decryption with  published test vectors **/
CK_RV do_DecryptUpdateDES3(struct published_test_suite_info *tsuite) {
	int		i;			// test vector index
	CK_BYTE		expected[BIG_REQUEST];
	CK_BYTE		cipher[BIG_REQUEST];
	CK_BYTE		plaintext[BIG_REQUEST];
	CK_ULONG	expected_len, p_len, cipher_len, k;

	CK_SLOT_ID     		slot_id = SLOT_ID;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_SESSION_HANDLE	session;
	CK_MECHANISM		mech;
	CK_OBJECT_HANDLE	h_key;
	CK_RV			rc;
	CK_FLAGS		flags;

	/** begin testsuite **/
	testsuite_begin("%s Decryption.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();


	/** skip test if the slot does not support this mechanism **/
	if (! mech_supported(slot_id, tsuite->mechanism)){
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support %s (%u)",
			(unsigned int) slot_id,
			mech_to_str(tsuite->mechanism),
			(unsigned int) tsuite->mechanism);
		goto testcase_cleanup;
	}

	/** iterate over test vectors **/
	for (i = 0; i < tsuite->tvcount; i++){

		/** begin test **/
		testcase_begin("%s Decryption with test vector %d.", tsuite->name, i);

		rc = CKR_OK;    // set rc

		/** clear buffers **/
		memset(expected, 0, sizeof(expected));
		memset(cipher, 0, sizeof(cipher));
		memset(plaintext, 0, sizeof(plaintext));
		p_len = sizeof(plaintext);

		/** get plaintext (expected results) **/
		expected_len = tsuite->tv[i].plen;
		memcpy(expected, tsuite->tv[i].plaintext, expected_len);

		/** get ciphertext **/
		cipher_len = k = tsuite->tv[i].clen;
		memcpy(cipher, tsuite->tv[i].ciphertext, cipher_len);

		/** get mech **/
		mech.mechanism = tsuite->mechanism;
		mech.ulParameterLen = tsuite->tv[i].ivlen;
		mech.pParameter = tsuite->tv[i].iv;


		/** create key handle. **/
		rc = create_DES3Key(session,
				tsuite->tv[i].key,
				tsuite->tv[i].klen,
				&h_key);

		if (rc != CKR_OK) {
			testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		/** initialize multipart (in-place) decryption **/
		rc = funcs->C_DecryptInit(session, &mech, h_key);
		if (rc != CKR_OK) {
			testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
			goto error;
		}

		/* do multipart encryption
		 * for chunks, -1 is NULL, and 0 is empty string,
		 * and a value > 0 is amount of data from test vector's
		 * plaintext data. The is way we test input in various sizes.
		 */
		if (tsuite->tv[i].num_chunks) {
			int j;
			CK_ULONG outlen, len;
			CK_BYTE *data_chunk = NULL;

			k = 0;
			p_len = 0;
			outlen = sizeof(plaintext);

			for (j = 0; j < tsuite->tv[i].num_chunks; j++) {
				if (tsuite->tv[i].chunks[j] == -1) {
					len = 0;
					data_chunk = NULL;
				} else if (tsuite->tv[i].chunks[j] == 0) {
					len = 0;
					data_chunk = (CK_BYTE *)"";
				} else {
					len = tsuite->tv[i].chunks[j];
					data_chunk = cipher + k;
				}
				rc = funcs->C_DecryptUpdate(session, data_chunk,
							    len,
							    &plaintext[p_len],
							    &outlen);
				if (rc != CKR_OK) {
					testcase_error("C_DecryptUpdate rc=%s",
							p11_get_ckr(rc));
					goto error;
				}
				k += len;
				p_len += outlen;
				outlen = sizeof(plaintext) - p_len;
			}
		} else {
			p_len = sizeof(plaintext);
			rc = funcs->C_DecryptUpdate(session, cipher, cipher_len,
						    plaintext, &p_len);
			if (rc != CKR_OK) {
				testcase_error("C_DecryptUpdate rc=%s",
						p11_get_ckr(rc));
				goto error;
			}
		}

		k = sizeof(plaintext) - p_len;
		rc = funcs->C_DecryptFinal(session, &plaintext[p_len], &k);
		if (rc != CKR_OK) {
			testcase_error("C_DecryptFinal rc=%s", p11_get_ckr(rc));
			goto error;
		}

		/** compare decryption results with expected results. **/
		testcase_new_assertion();

		if (p_len != expected_len) {
			testcase_fail("decrypted multipart data length does "
				      "not match test vector's decrypted data "
				      "length.\nexpected length=%ld, but "
				      "found length=%ld\n", expected_len,p_len);
		}

		else if (memcmp(plaintext, expected, expected_len)) {
			testcase_fail("decrypted multipart data does not "
				      "match test vector's decrypted data.\n");
		}

		else {
			testcase_pass("%s Multipart Decryption with test "
				      "vector %d passed.", tsuite->name, i);
		}

		/** clean up **/
		rc = funcs->C_DestroyObject(session, h_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
			goto testcase_cleanup;
		}
	}
	goto testcase_cleanup;

error:
	rc = funcs->C_DestroyObject(session, h_key);
	if (rc != CKR_OK)
		testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));

testcase_cleanup:
	testcase_user_logout();
	rc = funcs->C_CloseAllSessions(slot_id);
	if (rc != CKR_OK) {
		testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
	}
	return rc;
}
コード例 #3
0
ファイル: aes_func.c プロジェクト: shpedoikal/opencryptoki
CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite)
{
	int		i;
	CK_BYTE		original[BIG_REQUEST];
	CK_BYTE		crypt[BIG_REQUEST + AES_BLOCK_SIZE];
	CK_BYTE		decrypt[BIG_REQUEST + AES_BLOCK_SIZE];
	CK_BYTE		user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG	j;
	CK_ULONG	user_pin_len;
	CK_ULONG	orig_len, crypt_len, decrypt_len;

	CK_SESSION_HANDLE	session;
	CK_MECHANISM		mechkey, mech;
	CK_OBJECT_HANDLE	h_key;
	CK_FLAGS		flags;
	CK_RV			rc = 0;
	CK_SLOT_ID	       slot_id = SLOT_ID;

	testsuite_begin("%s Encryption/Decryption.",tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	/** skip tests if the slot doesn't support this mechanism **/
	if (! mech_supported(slot_id, tsuite->mech.mechanism)){
		testsuite_skip(3,
			"Slot %u doesn't support %u",
			(unsigned int) slot_id,
			(unsigned int) tsuite->mech.mechanism);
		goto testcase_cleanup;
	}


	/** iterate over test key sizes **/
	for (i = 0; i < 3; i++) {

		testcase_begin("%s Encryption/Decryption with key len=%ld.",
			tsuite->name, key_lens[i]);

		/** generate key **/
		mechkey = aes_keygen;
		rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key);

		if (rc != CKR_OK) {
			testcase_error("C_GenerateKey rc=%s",
				p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		/** clear buffers **/
		memset(original,0,sizeof(original));
		memset(crypt,0,sizeof(crypt));
		memset(decrypt,0,sizeof(decrypt));

		/** generate data **/
		orig_len = sizeof(original);

		for (j=0; j < orig_len; j++)
			original[j] = j % 255;

		/** set crypto mech **/
		mech = tsuite->mech;

		/** single encryption **/
		rc = funcs->C_EncryptInit(session, &mech, h_key);
		if (rc != CKR_OK) {
			testcase_error("C_EncryptInit rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		crypt_len = sizeof(crypt);

		rc = funcs->C_Encrypt(session,
				original,
				orig_len,
				crypt,
				&crypt_len);

		if (rc != CKR_OK) {
			testcase_error("C_Encrypt rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		/** single decryption **/
		rc = funcs->C_DecryptInit(session, &mech, h_key);
		if (rc != CKR_OK) {
			testcase_error("C_DecryptInit rc=%s",
				p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		decrypt_len = sizeof(decrypt);

		rc = funcs->C_Decrypt(session,
				crypt,
				crypt_len,
				decrypt,
				&decrypt_len);

		if (rc != CKR_OK) {
			testcase_error("C_Decrypt rc=%s",
				p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		/** compare actual results with expected results **/
		testcase_new_assertion();

		if (decrypt_len != orig_len) {
		       testcase_fail("decrypted data length does not "
				"match original data length.\nexpected "					"length=%ld, but found length=%ld\n",
				orig_len, decrypt_len);
		}

		else if (memcmp(decrypt, original, orig_len)){
			testcase_fail("decrypted data does not match "
				"original data");
		}

		else {
			testcase_pass("%s Encryption/Decryption with "
				"key length %ld passed.", tsuite->name, 					key_lens[i]);
		}

	}
	/** clean up **/
	rc = funcs->C_DestroyObject(session, h_key);
	if (rc != CKR_OK) {
		testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
	}
	goto testcase_cleanup;

error:
	rc = funcs->C_DestroyObject(session, h_key);
	if (rc != CKR_OK)
		testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));

testcase_cleanup:
	testcase_user_logout();
	rc = funcs->C_CloseAllSessions(slot_id);
	if (rc != CKR_OK) {
		testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
	}
	return rc;
}
コード例 #4
0
ファイル: aes_func.c プロジェクト: shpedoikal/opencryptoki
CK_RV do_DecryptUpdateAES(struct published_test_suite_info *tsuite)
{
	int			i;
	CK_BYTE			actual[BIG_REQUEST];    // decryption buffer
	CK_BYTE			expected[BIG_REQUEST];  // decrypted data
	CK_ULONG		actual_len, expected_len, original_len, k;
	CK_ULONG		user_pin_len;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_SESSION_HANDLE	session;
	CK_MECHANISM		mech;
	CK_OBJECT_HANDLE	h_key;
	CK_RV			rc;
	CK_FLAGS		flags;
	CK_SLOT_ID	      slot_id = SLOT_ID;

	testsuite_begin("%s Multipart Decryption.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	/** skip tests if the slot doesn't support this mechanism **/
	if (! mech_supported(slot_id, tsuite->mech.mechanism)){
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support %u",
			(unsigned int) slot_id,
			(unsigned int)tsuite->mech.mechanism);
		goto testcase_cleanup;
	}

	for (i = 0; i < tsuite->tvcount; i++) {

		testcase_begin("%s Multipart Decryption with published test "
			"vector %d.", tsuite->name, i);

		/** create key handle **/
		rc = create_AESKey(session,
			tsuite->tv[i].key,
			tsuite->tv[i].klen,
			&h_key);

		if (rc != CKR_OK) {
			testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
			goto error;
		}

		/** get mech **/
		mech = tsuite->mech;

		/** clear buffers **/
		memset(expected, 0, sizeof(expected));
		memset(actual, 0, sizeof(actual));

		/** get plaintext (expected results) **/
		expected_len = tsuite->tv[i].plen;
		memcpy(expected, tsuite->tv[i].plaintext, expected_len);

		/** get plaintext **/
		original_len = tsuite->tv[i].clen;
		actual_len = original_len;
		memcpy(actual, tsuite->tv[i].ciphertext, actual_len);

		/** multipart (in-place) decryption **/
		rc = funcs->C_DecryptInit(session, &mech, h_key);
		if (rc != CKR_OK) {
			testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
			goto error;
		}

		k = original_len;
		actual_len = 0;
		while (actual_len < original_len) {
			rc = funcs->C_DecryptUpdate(session,
						&actual[actual_len],
						AES_BLOCK_SIZE,
						&actual[actual_len],
						&k);

			if (rc != CKR_OK) {
				testcase_error("C_DecryptUpdate rc=%s",
					p11_get_ckr(rc));
				goto error;
			}

			actual_len += k;
			k = original_len - k;
		}

		/** according to pkcs11 spec,
			nothing should be returned in final. **/
		rc = funcs->C_DecryptFinal(session, &actual[actual_len], &k);
		if (rc != CKR_OK) {
			testcase_error("C_EncryptFinal rc=%s", p11_get_ckr(rc));
				goto error;
		}

		/** compare decryption results with expected results. **/
		testcase_new_assertion();

		if (actual_len != expected_len) {
			testcase_fail("decrypted multipart data length does "
				"not match test vector's decrypted data "
				"length.\n\nexpected length=%ld, but found "
				"length=%ld\n", expected_len, actual_len);
		}

		else if (memcmp(actual, expected, expected_len)) {
			testcase_fail("decrypted multipart data does not match"
				" test vector's decrypted data.\n");
		}

		else {
			testcase_pass("%s Multipart Decryption with test "
				"vector %d passed.", tsuite->name, i);
		}
	}
	/** clean up **/
	rc = funcs->C_DestroyObject(session, h_key);
	if (rc != CKR_OK) {
		testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
		goto testcase_cleanup;
	}
	goto testcase_cleanup;

error:
	rc = funcs->C_DestroyObject(session, h_key);
	if (rc != CKR_OK)
		testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));

testcase_cleanup:
	testcase_user_logout();
        rc = funcs->C_CloseAllSessions(slot_id);
        if (rc != CKR_OK) {
                testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
        }
        return rc;
}
コード例 #5
0
ファイル: digest_func.c プロジェクト: srajiv/opencryptoki
/** Tests messge digest with published test vectors. **/
CK_RV do_Digest(struct digest_test_suite_info *tsuite)
{

    int		i;
    CK_BYTE		data[MAX_DATA_SIZE];
    CK_ULONG	data_len;
    CK_BYTE		actual[MAX_HASH_SIZE];
    CK_ULONG	actual_len;
    CK_BYTE		expected[MAX_HASH_SIZE];
    CK_ULONG	expected_len;
    CK_MECHANISM	mech;

    CK_SESSION_HANDLE       session;
    CK_SLOT_ID		slot_id = SLOT_ID;
    CK_ULONG		flags;
    CK_RV		   	rc;


    /** begin test suite **/
    testsuite_begin("%s Digest.", tsuite->name);
    testcase_rw_session();

    /** skip test if mech is not supported with this slot **/
    if (! mech_supported(slot_id, tsuite->mech.mechanism)) {
        testsuite_skip(tsuite->tvcount,
                       "mechanism %s is not supported with slot %ld",
                       tsuite->name, slot_id);
        goto testcase_cleanup;
    }

    /** iterate over test vectors **/
    for(i = 0; i < tsuite->tvcount; i++) {

        rc = CKR_OK;    // set rc

        /** clear buffers **/
        memset(data, 0, sizeof(data));
        memset(actual, 0, sizeof(actual));
        memset(expected, 0, sizeof(expected));

        /** get test vector info **/
        data_len = tsuite->tv[i].data_len;
        expected_len = tsuite->tv[i].hash_len;
        memcpy(data, tsuite->tv[i].data, data_len);
        memcpy(expected, tsuite->tv[i].hash, expected_len);

        /** get mech **/
        mech = tsuite->mech;

        /** initialize single digest **/
        rc = funcs->C_DigestInit(session, &mech);
        if (rc != CKR_OK) {
            testcase_error("C_DigestInit rc=%s", p11_get_ckr(rc));
            goto testcase_cleanup;
        }

        actual_len = sizeof(actual);    // set digest buffer size

        /** do single digest **/
        rc = funcs->C_Digest(session, data, data_len, actual, &actual_len);
        if (rc != CKR_OK) {
            testcase_error("C_Digest rc=%s", p11_get_ckr(rc));
            goto testcase_cleanup;
        }

        /** compare digest results with expected results **/
        testcase_new_assertion();

        if (actual_len != expected_len) {
            testcase_fail("hashed data length does not match test vector's"					" hashed data length.\nexpected length=%ld, found "
                          "length=%ld.", expected_len, actual_len);
        }

        else if (memcmp(actual, expected, expected_len)) {
            testcase_fail("hashed data does not match test vector's"
                          " hashed data.");
        }

        else {
            testcase_pass("%s Digest with test vector %d passed.",
                          tsuite->name, i);
        }
    }

testcase_cleanup:
    rc = funcs->C_CloseAllSessions(slot_id);
    if (rc != CKR_OK) {
        testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
    }
    return rc;
}
コード例 #6
0
ファイル: digest_func.c プロジェクト: srajiv/opencryptoki
/** Tests signature verification with published test vectors. **/
CK_RV do_SignVerify_HMAC(struct HMAC_TEST_SUITE_INFO *tsuite) {

    int	     	i;
    CK_MECHANISM    mech;
    CK_BYTE	 	key[MAX_KEY_SIZE];
    CK_ULONG	key_len;
    CK_BYTE	 	data[MAX_DATA_SIZE];
    CK_ULONG	data_len;
    CK_BYTE	 	actual[MAX_HASH_SIZE];
    CK_ULONG	actual_len;
    CK_BYTE	 	expected[MAX_HASH_SIZE];
    CK_ULONG	expected_len;

    CK_SESSION_HANDLE 	session;
    CK_SLOT_ID		slot_id = SLOT_ID;
    CK_ULONG	  	flags;
    CK_RV	     		rc;
    CK_OBJECT_HANDLE  	h_key;

    CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
    CK_ULONG		user_pin_len;

    /** begin testsuite **/
    testsuite_begin("%s Sign Verify.", tsuite->name);
    testcase_rw_session();
    testcase_user_login();

    rc = CKR_OK;    // set rc

    /** skip test if mech is not supported with this slot **/
    if (! mech_supported(SLOT_ID, tsuite->mech.mechanism)) {
        testsuite_skip(tsuite->tvcount,
                       "mechanism %s is not supported with slot %ld",
                       tsuite->name, slot_id);
        goto testcase_cleanup;
    }

    /** iterate over test vectors **/
    for(i = 0; i < tsuite->tvcount; i++) {

        /** begin test **/
        testcase_begin("Sign Verify %s with test vector %d.",
                       tsuite->name, i);

        /** clear buffers **/
        memset(key, 0, sizeof(key));
        memset(data, 0, sizeof(data));
        memset(actual, 0, sizeof(actual));
        memset(expected, 0, sizeof(expected));

        /** get test vector info **/
        key_len = tsuite->tv[i].key_len;
        data_len = tsuite->tv[i].data_len;
        actual_len = sizeof(actual);
        expected_len = tsuite->tv[i].hash_len;
        memcpy(key, tsuite->tv[i].key, key_len);
        memcpy(data, tsuite->tv[i].data, data_len);
        memcpy(expected, tsuite->tv[i].result, expected_len);

        /** get mechanism **/
        mech = tsuite->mech;

        /** create key object **/
        rc = create_GenericSecretKey(session, key, key_len, &h_key);
        if(rc != CKR_OK) {
            testcase_error("create_GenericSecretKey rc=%s",
                           p11_get_ckr(rc));
            goto error;
        }

        /** initialize signing **/
        rc = funcs->C_SignInit(session, &mech, h_key);
        if (rc != CKR_OK) {
            testcase_error("C_SignInit rc=%s", p11_get_ckr(rc));
            goto error;
        }

        /** do signing  **/
        rc = funcs->C_Sign(session,
                           data,
                           data_len,
                           actual,
                           &actual_len);

        if (rc != CKR_OK) {
            testcase_error("C_Sign rc=%s", p11_get_ckr(rc));
            goto error;
        }

        /** initilaize verification **/
        rc = funcs->C_VerifyInit(session, &mech, h_key);
        if (rc != CKR_OK) {
            testcase_error("C_VerifyInit rc=%s", p11_get_ckr(rc));
            goto error;
        }

        /** do verification **/
        rc = funcs->C_Verify(session,
                             data,
                             data_len,
                             actual,
                             actual_len);

        if (rc != CKR_OK) {
            testcase_error("C_Verify rc=%s", p11_get_ckr(rc));
            goto error;
        }

        /** compare sign/verify results with expected results **/
        testcase_new_assertion();

        if(actual_len != expected_len) {
            testcase_fail("hashed data length does not match test "
                          "vector's hashed data length\nexpected length="
                          "%ld, found length=%ld",
                          expected_len, actual_len);
        }

        else if(memcmp(actual, expected, expected_len)) {
            testcase_fail("hashed data does not match test "
                          "vector's hashed data");
        }

        else {
            testcase_pass("%s Sign Verify with test vector %d "
                          "passed.", tsuite->name, i);
        }

        /** clean up **/
        rc = funcs->C_DestroyObject(session, h_key);
        if (rc != CKR_OK) {
            testcase_error("C_DestroyObject rc=%s.",
                           p11_get_ckr(rc));
            goto testcase_cleanup;
        }
    }
    goto testcase_cleanup;

error:
    rc = funcs->C_DestroyObject(session, h_key);
    if (rc != CKR_OK) {
        testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
    }

testcase_cleanup:
    testcase_user_logout();
    rc = funcs->C_CloseAllSessions(slot_id);
    if (rc != CKR_OK) {
        testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
    }
    return rc;
}
コード例 #7
0
ファイル: rsa_func.c プロジェクト: hcl2014/opencryptoki
/* This function should test:
 * RSA Key Generation, using CKM_PKCS_KEY_PAIR_GEN
 * RSA Public-Key Wrap
 * RSA Private-Key Unwrap
 *
 */
CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
{
	int			i = 0, j = 0;
	CK_OBJECT_HANDLE        publ_key, priv_key, secret_key, unwrapped_key;
	CK_BYTE_PTR		wrapped_key = NULL;
	CK_ULONG		wrapped_keylen, unwrapped_keylen;
	CK_MECHANISM		wrap_mech, keygen_mech, mech;
	CK_BYTE			clear[32];
	CK_BYTE			cipher[32];
	CK_BYTE			re_cipher[32];
	CK_ULONG		cipher_len = 32;
	CK_ULONG		re_cipher_len = 32;

	char 			*s;

	CK_SESSION_HANDLE	session;
	CK_FLAGS		flags;
	CK_SLOT_ID		slot_id = SLOT_ID;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_RV			rc, loc_rc;


	// begin test suite
	testsuite_begin("%s Wrap Unwrap.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	// skip all tests if the slot doesn't support this mechanism
        if (! mech_supported(slot_id, tsuite->mech.mechanism)){
                testsuite_skip(tsuite->tvcount,
                           "Slot %u doesn't support %u",
                           (unsigned int) slot_id,
                           (unsigned int) tsuite->mech.mechanism );
                goto testcase_cleanup;
        }

	// skip all tests if the slot doesn't support wrapping
	else if (! wrap_supported(slot_id, tsuite->mech)) {
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support key wrapping",
			(unsigned int) slot_id);
		goto testcase_cleanup;

	}

	// skip all tests if the slot doesn't support unwrapping
	else if (! unwrap_supported(slot_id, tsuite->mech)) {
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support key unwrapping",
			(unsigned int) slot_id);
		goto testcase_cleanup;
	}

	for (i = 0; i < tsuite->tvcount; i++) {

		// wrap templates & unwrap templates
		CK_ATTRIBUTE            unwrap_tmpl[] = {
						{CKA_CLASS, NULL, 0},
						{CKA_KEY_TYPE, NULL, 0},
						{CKA_VALUE_LEN, NULL, 0}
					};
		CK_ULONG                unwrap_tmpl_len;

		// get public exponent from test vector
		if ( p11_ahex_dump(&s, tsuite->tv[i].publ_exp,
				tsuite->tv[i].publ_exp_len) == NULL) {
				testcase_error("p11_ahex_dump() failed");
			rc = -1;
			goto testcase_cleanup;
		}

		// begin test
		testcase_begin("%s Wrap Unwrap with test vector %d, "
			"\npubl_exp='%s', mod_bits='%lu', keylen='%lu', "
			"keytype='%s'", tsuite->name, i, s,
			tsuite->tv[i].modbits,
			tsuite->tv[i].keylen,
			p11_get_ckm(tsuite->tv[i].keytype.mechanism));

		// free memory
		free(s);

		// get key gen mechanism
		keygen_mech = tsuite->tv[i].keytype;

		// get wrapping mechanism
		wrap_mech = tsuite->mech;

		// skip this test if the slot doesn't support this
		// keygen mechanism
		if (! mech_supported(slot_id,
			keygen_mech.mechanism)) {
			testcase_skip();
			continue;
		}

		if (!keysize_supported(slot_id, tsuite->mech.mechanism,
					tsuite->tv[i].modbits)) {
			testcase_skip("Token in slot %ld cannot be used with "
					"modbits.='%ld'",
					SLOT_ID,tsuite->tv[i].modbits);
			continue;
		}

		if (is_ep11_token(slot_id)) {
			if (! is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
						  tsuite->tv[i].publ_exp_len)) {
				testcase_skip("EP11 Token cannot "
					       "be used with publ_exp.='%s'",s);
				continue;
			}
		}

		// initialize buffer lengths
		wrapped_keylen = PKCS11_MAX_PIN_LEN;

		// generate RSA key pair
		rc = generate_RSA_PKCS_KeyPair(session,
				tsuite->tv[i].modbits,
				tsuite->tv[i].publ_exp,
				tsuite->tv[i].publ_exp_len,
				&publ_key,
				&priv_key);
		if (rc != CKR_OK) {
                        testcase_error("C_GenerateKeyPair() rc = %s",
					p11_get_ckr(rc));
                        goto testcase_cleanup;
		}

		// generate secret key
		rc = generate_SecretKey(session,
				tsuite->tv[i].keylen,
				&keygen_mech,
				&secret_key);
		if (rc != CKR_OK) {
			testcase_error("generate_SecretKey(), rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		// extract CKA_CLASS and CKA_KEY_TYPE from generated key
		// we will use this for unwrapping

		// extract sizes first
		rc = funcs->C_GetAttributeValue(session,
						secret_key,
						unwrap_tmpl,
						2);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s",
					p11_get_ckr(rc));
			goto error;
		}

		// allocate memory for extraction
		unwrap_tmpl[0].pValue = calloc(sizeof(CK_BYTE),
						unwrap_tmpl[0].ulValueLen);
		unwrap_tmpl[1].pValue = calloc(sizeof(CK_BYTE),
						unwrap_tmpl[1].ulValueLen);

		if ( (unwrap_tmpl[0].pValue == NULL) ||
			(unwrap_tmpl[1].pValue == NULL) ) {
			testcase_error("Error allocating %lu bytes"
				"for unwrap template attributes",
				unwrap_tmpl[0].ulValueLen +
				unwrap_tmpl[1].ulValueLen);
			rc = -1;
			goto error;
		}

		// now extract values
		rc = funcs->C_GetAttributeValue(session,
						secret_key,
						unwrap_tmpl,
						2);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s",
					p11_get_ckr(rc));
			goto error;
		}

		// wrap key (length only)
		rc = funcs->C_WrapKey(session,
				&wrap_mech,
				publ_key,
				secret_key,
				NULL,
				&wrapped_keylen);
		if (rc != CKR_OK) {
			testcase_error("C_WrapKey(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

		// allocate memory for wrapped_key
		wrapped_key = calloc(sizeof(CK_BYTE), wrapped_keylen);
		if (wrapped_key == NULL) {
			testcase_error("Can't allocate memory "
				"for %lu bytes.",
				sizeof(CK_BYTE) * wrapped_keylen);
			rc = -1;
			goto error;
		}

		// wrap key
		rc = funcs->C_WrapKey(session,
				&wrap_mech,
				publ_key,
				secret_key,
				wrapped_key,
				&wrapped_keylen);
		if (rc != CKR_OK) {
			testcase_error("C_WrapKey, rc=%s", p11_get_ckr(rc));
			goto error;
		}

		unwrapped_keylen = tsuite->tv[i].keylen;

		// variable key length specific case:
		// According to PKCS#11 v2.2 section 12.1.12
		// CKM_RSA_X_509 does not wrap the key type, key length,
		// or any other information about the key; the application
		// must convey these separately, and supply them when
		// unwrapping the key.
		if (((keygen_mech.mechanism == CKM_AES_KEY_GEN) ||
		    (keygen_mech.mechanism == CKM_GENERIC_SECRET_KEY_GEN)) && 
		    (wrap_mech.mechanism == CKM_RSA_X_509)) {
			unwrapped_keylen = tsuite->tv[i].keylen;
			unwrap_tmpl[2].type = CKA_VALUE_LEN;
			unwrap_tmpl[2].ulValueLen = sizeof(unwrapped_keylen);
			unwrap_tmpl[2].pValue = &unwrapped_keylen;
			unwrap_tmpl_len = 3;
		}
		else {
			unwrap_tmpl_len = 2;
		}

		// unwrap key
		rc = funcs->C_UnwrapKey(session,
				&wrap_mech,
				priv_key,
				wrapped_key,
				wrapped_keylen,
				unwrap_tmpl,
				unwrap_tmpl_len,
				&unwrapped_key);
		if (rc != CKR_OK) {
			testcase_error("C_UnwrapKey, rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		testcase_new_assertion();

		// encode/decode with secrect key and peer secret key
		for (j = 0; j < 32; j++)
			clear[j] = j;

		switch (keygen_mech.mechanism) {
		case CKM_AES_KEY_GEN:
			mech.mechanism = CKM_AES_ECB;
			break;
		case CKM_GENERIC_SECRET_KEY_GEN:
		case CKM_DES3_KEY_GEN:
			mech.mechanism = CKM_DES3_ECB;
			break;
		case CKM_DES_KEY_GEN:
			mech.mechanism = CKM_DES_ECB;
			break;
		case CKM_CDMF_KEY_GEN:
			mech.mechanism = CKM_CDMF_ECB;
			break;
		default:
			testcase_error("unknowm mech");
			goto error;
		}
		
		mech.ulParameterLen = 0;
		mech.pParameter = NULL;

		rc = funcs->C_EncryptInit(session, &mech, secret_key);
		if (rc != CKR_OK) {
			testcase_error("C_EncryptInit secret_key: rc = %s",
					p11_get_ckr(rc));
			goto error;
		}

		rc = funcs->C_Encrypt(session, clear, 32, cipher, &cipher_len);
		if (rc != CKR_OK) {
			testcase_error("C_Encrypt secret_key: rc = %s",
					p11_get_ckr(rc));
			goto error;
		}

		rc = funcs->C_DecryptInit(session,&mech,unwrapped_key);
		if (rc != CKR_OK) {
			testcase_error("C_DecryptInit unwrapped_key: rc = %s",
					p11_get_ckr(rc));
			goto error;
		}

		rc = funcs->C_Decrypt(session, cipher, cipher_len, re_cipher,
					&re_cipher_len);
		if (rc != CKR_OK) {
		testcase_error("C_Decrypt unwrapped_key: rc = %s",
				p11_get_ckr(rc));
			testcase_fail("Unwrapped key differs in CKA_VALUE.");
			goto error;
		}

		if (memcmp(clear, re_cipher, 32) != 0) {
			testcase_fail("ERROR:data mismatch\n");
			goto error;
		} else
			testcase_pass("C_Wrap and C_Unwrap.");

		// clean up
		if (wrapped_key)
			free(wrapped_key);

		rc = funcs->C_DestroyObject(session, secret_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		rc = funcs->C_DestroyObject(session, publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		rc = funcs->C_DestroyObject(session, priv_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));
			goto testcase_cleanup;
		}
	}
	goto testcase_cleanup;

error:
	if (wrapped_key)
		free(wrapped_key);

	funcs->C_DestroyObject(session, secret_key);
	funcs->C_DestroyObject(session, publ_key);
	funcs->C_DestroyObject(session, priv_key);

testcase_cleanup:
	testcase_user_logout();
	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK) {
		testcase_error("C_CloseAllSessions(), rc=%s.",
			p11_get_ckr(rc));
	}
	return rc;
}
コード例 #8
0
ファイル: rsa_func.c プロジェクト: hcl2014/opencryptoki
/* This function should test:
 * C_Sign, mechanism chosen by caller
 *
 * 1. Get message from test vector
 * 2. Get expected signature from test vector
 * 3. Sign message
 * 4. Compare expected signature with actual signature
 *
 */
CK_RV do_SignRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
{
	int 			i;
	CK_BYTE			message[MAX_MESSAGE_SIZE];
	CK_BYTE			actual[MAX_SIGNATURE_SIZE];
	CK_BYTE			expected[MAX_SIGNATURE_SIZE];
	CK_ULONG		message_len, actual_len, expected_len;

	CK_MECHANISM		mech;
	CK_OBJECT_HANDLE	priv_key;

	CK_SLOT_ID		slot_id = SLOT_ID;
	CK_SESSION_HANDLE	session;
	CK_FLAGS		flags;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_RV			rc, loc_rc;

	// begin testsuite
	testsuite_begin("%s Sign. ", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	// skip tests if the slot doesn't support this mechanism **/
        if (! mech_supported(slot_id, tsuite->mech.mechanism)){
                testsuite_skip(tsuite->tvcount,
                           "Slot %u doesn't support %u",
                           (unsigned int) slot_id,
                           (unsigned int) tsuite->mech.mechanism );
                goto testcase_cleanup;
        }

	// iterate over test vectors
	for (i = 0; i < tsuite->tvcount; i++){
		testcase_begin("%s Sign with test vector %d.",
				tsuite->name, i);

		rc = CKR_OK; // set return value

		// special case for ica
		// prime1, prime2, exp1, exp2, coef
		// must be size mod_len/2 or smaller
		// skip test if prime1, or prime2, or exp1,
		// or exp2 or coef are too long
		if (is_ica_token(slot_id)) {
			// check sizes
			if ((tsuite->tv[i].prime1_len >
				(tsuite->tv[i].mod_len/2)) ||
				(tsuite->tv[i].prime2_len >
				(tsuite->tv[i].mod_len/2)) ||
				(tsuite->tv[i].exp1_len >
				(tsuite->tv[i].mod_len/2)) ||
				(tsuite->tv[i].exp2_len >
				(tsuite->tv[i].mod_len/2)) ||
				(tsuite->tv[i].coef_len >
				(tsuite->tv[i].mod_len/2))) {
				testcase_skip("ICA Token cannot be used with "
					"this test vector.");
				continue;
			}

		}

		// clear buffers
		memset(message, 0, MAX_MESSAGE_SIZE);
		memset(actual, 0, MAX_SIGNATURE_SIZE);
		memset(expected, 0, MAX_SIGNATURE_SIZE);

		actual_len = MAX_SIGNATURE_SIZE; // set buffer size

		// get message
		message_len = tsuite->tv[i].msg_len;
		memcpy(message, tsuite->tv[i].msg, message_len);

		// get (expected) signature
		expected_len = tsuite->tv[i].sig_len;
		memcpy(expected, tsuite->tv[i].sig, expected_len);

		// create (private) key handle
		rc = create_RSAPrivateKey(session,
                                        tsuite->tv[i].mod,
                                        tsuite->tv[i].pub_exp,
                                        tsuite->tv[i].priv_exp,
                                        tsuite->tv[i].prime1,
                                        tsuite->tv[i].prime2,
                                        tsuite->tv[i].exp1,
                                        tsuite->tv[i].exp2,
                                        tsuite->tv[i].coef,
					tsuite->tv[i].mod_len,
					tsuite->tv[i].pubexp_len,
					tsuite->tv[i].privexp_len,
					tsuite->tv[i].prime1_len,
					tsuite->tv[i].prime2_len,
					tsuite->tv[i].exp1_len,
					tsuite->tv[i].exp2_len,
					tsuite->tv[i].coef_len,
                                        &priv_key);
                if (rc != CKR_OK) {
                        testcase_error("create_RSAPrivateKey(), rc=%s",
                                p11_get_ckr(rc));
                        goto error;
                }

		// set mechanism
		mech = tsuite->mech;

		// initialize signing
		rc = funcs->C_SignInit(session, &mech, priv_key);
		if (rc != CKR_OK) {
			testcase_error("C_SignInit(), rc=%s.", p11_get_ckr(rc));
			goto error;
		}

		// do signing
		rc = funcs->C_Sign(session,
				message,
				message_len,
				actual,
				&actual_len);

		if (rc != CKR_OK) {
			testcase_error("C_Sign(), rc=%s.", p11_get_ckr(rc));
			goto error;
		}

		// check results
		testcase_new_assertion();

		if (actual_len != expected_len) {
			testcase_fail("%s Sign with test vector %d failed. "
				"Expected len=%ld, found len=%ld.",
				tsuite->name, i, expected_len, actual_len);
		}

		else if (memcmp(actual, expected, expected_len)) {
			testcase_fail("%s Sign with test vector %d failed. "
				"Signature data does not match test vector "
				"signature.", tsuite->name, i);

		}

		else {
			testcase_pass("C_Sign.");
		}

		// clean up
		rc = funcs->C_DestroyObject(session, priv_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(rc));
			goto testcase_cleanup;
		}
	}
	goto testcase_cleanup;
error:
	loc_rc = funcs->C_DestroyObject(session, priv_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject, rc=%s.", p11_get_ckr(loc_rc));
	}
testcase_cleanup:
	testcase_user_logout();
	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK) {
		testcase_error("C_CloseAllSessions, rc=%s.", p11_get_ckr(rc));
	}
	return rc;
}
コード例 #9
0
ファイル: rsa_func.c プロジェクト: hcl2014/opencryptoki
/* This function should test:
 * RSA Key Generation, CKM_RSA_PKCS_KEY_PAIR_GEN
 * RSA Encryption, mechanism chosen by caller
 * RSA Decryption, mechanism chosen by caller
 *
 * 1. Generate RSA Key Pair
 * 2. Generate plaintext
 * 3. Encrypt plaintext
 * 4. Decrypt encrypted data
 * 5. Compare plaintext with decrypted data
 *
 */
CK_RV do_EncryptDecryptRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
{
	int 			i, j;
	CK_BYTE			original[BIG_REQUEST];
	CK_ULONG		original_len;
	CK_BYTE			crypt[BIG_REQUEST];
	CK_ULONG		crypt_len;
	CK_BYTE			decrypt[BIG_REQUEST];
	CK_ULONG		decrypt_len;
	CK_MECHANISM		mech;
	CK_OBJECT_HANDLE	publ_key, priv_key;
	CK_SLOT_ID		slot_id = SLOT_ID;
	CK_SESSION_HANDLE	session;
	CK_FLAGS		flags;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_RV			rc, loc_rc;

	char 			*s;

	// begin testsuite
	testsuite_begin("%s Encrypt Decrypt.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	// skip tests if the slot doesn't support this mechanism
        if (! mech_supported(slot_id, tsuite->mech.mechanism)) {
                testsuite_skip(tsuite->tvcount,
                        "Slot %u doesn't support %u",
                        (unsigned int) slot_id,
                        (unsigned int) tsuite->mech.mechanism );
                goto testcase_cleanup;
        }

	// iterate over test vectors
	for (i = 0; i < tsuite->tvcount; i++) {

		// get public exponent from test vector
                if ( p11_ahex_dump(&s, tsuite->tv[i].publ_exp,
                                tsuite->tv[i].publ_exp_len) == NULL) {
                        testcase_error("p11_ahex_dump() failed");
                        rc = -1;
                        goto testcase_cleanup;
                }

		// begin testcase
		testcase_begin("%s Encrypt and Decrypt with test vector %d."
			"\npubl_exp='%s', modbits=%ld, publ_exp_len=%ld, "
			"inputlen=%ld.", tsuite->name, i, s,
			tsuite->tv[i].modbits,
			tsuite->tv[i].publ_exp_len,
			tsuite->tv[i].inputlen);

		rc = CKR_OK; // set rc

		if (!keysize_supported(slot_id, tsuite->mech.mechanism,
					tsuite->tv[i].modbits)) {
			testcase_skip("Token in slot %ld cannot be used with "
					"modbits.='%ld'",
					SLOT_ID,tsuite->tv[i].modbits);
			continue;
		}

		if (is_ep11_token(slot_id)) {
			if (! is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
						  tsuite->tv[i].publ_exp_len)) {
				testcase_skip("EP11 Token cannot "
					       "be used with publ_exp.='%s'",s);
				continue;
			}
		}

		// cca special cases:
		// cca token can only use the following public exponents
		// 0x03 or 0x010001 (65537)
		// so skip test if invalid public exponent is used
		if (is_cca_token(slot_id)) {
			if (! is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
				tsuite->tv[i].publ_exp_len) ) {
				testcase_skip("CCA Token cannot "
					"be used with publ_exp.='%s'",s);
				continue;
			}
		}

		// tpm special cases:
		// tpm token can only use public exponent 0x010001 (65537)
		// so skip test if invalid public exponent is used
		if (is_tpm_token(slot_id)) {
			if ((! is_valid_tpm_pubexp(tsuite->tv[i].publ_exp,
				tsuite->tv[i].publ_exp_len) ) || (! is_valid_tpm_modbits(tsuite->tv[i].modbits))) {
				testcase_skip("TPM Token cannot "
					"be used with publ_exp.='%s'",s);
				continue;
			}
		}

		free(s);

		// clear buffers
                memset(original, 0, BIG_REQUEST);
                memset(crypt, 0, BIG_REQUEST);
                memset(decrypt, 0, BIG_REQUEST);

                // get test vector parameters
                original_len = tsuite->tv[i].inputlen;

		// generate key pair
		rc = generate_RSA_PKCS_KeyPair(session,
					tsuite->tv[i].modbits,
					tsuite->tv[i].publ_exp,
					tsuite->tv[i].publ_exp_len,
					&publ_key,
					&priv_key);

		if (rc != CKR_OK) {
			testcase_error("generate_RSA_PKCS_KeyPair(), "
				       "rc=%s", p11_get_ckr(rc));
                        goto error;
		}

		// generate plaintext
		for (j = 0; j < original_len; j++) {
			original[j] = (j + 1) % 255;
		}

		// set cipher buffer length
		crypt_len = BIG_REQUEST;
		decrypt_len = BIG_REQUEST;

		// get mech
		mech = tsuite->mech;

		// initialize (public key) encryption
		rc = funcs->C_EncryptInit(session, &mech, publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_EncryptInit, rc=%s", p11_get_ckr(rc));
		}

		// do (public key) encryption
		rc = funcs->C_Encrypt(session,
				original,
				original_len,
				crypt,
				&crypt_len);
		if (rc != CKR_OK) {
			testcase_error("C_Encrypt, rc=%s", p11_get_ckr(rc));
			goto error;
		}

		// initialize (private key) decryption
		rc = funcs->C_DecryptInit(session, &mech, priv_key);
		if (rc != CKR_OK) {
			testcase_error("C_DecryptInit, rc=%s", p11_get_ckr(rc));
			goto error;
		}

		// do (private key) decryption
		rc = funcs->C_Decrypt(session,
				crypt,
				crypt_len,
				decrypt,
				&decrypt_len);
		if (rc != CKR_OK) {
			testcase_error("C_Decrypt, rc=%s", p11_get_ckr(rc));
			goto error;
		}

		// FIXME: there shouldn't be any padding here
		// remove padding if mech is CKM_RSA_X_509
		if (mech.mechanism == CKM_RSA_X_509) {
			memmove(decrypt,
				decrypt + decrypt_len - original_len,
				original_len);
			decrypt_len = original_len;
		}

		// check results
		testcase_new_assertion();

		if (decrypt_len != original_len) {
			testcase_fail("decrypted length does not match"
				"original data length.\n expected length = %ld,"
				"but found length=%ld.\n",
				original_len, decrypt_len);
		}

		else if (memcmp(decrypt, original, original_len)) {
			testcase_fail("decrypted data does not match "
				"original data.");
		}

		else {
			testcase_pass("C_Encrypt and C_Decrypt.");
		}

		// clean up
		rc = funcs->C_DestroyObject(session, publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

		rc = funcs->C_DestroyObject(session, priv_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

	}
	goto testcase_cleanup;
error:
	loc_rc = funcs->C_DestroyObject(session, publ_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject(), rc=%s.",
			p11_get_ckr(loc_rc));
	}

	loc_rc = funcs->C_DestroyObject(session, priv_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject(), rc=%s.",
			p11_get_ckr(loc_rc));
	}

testcase_cleanup:
	testcase_user_logout();
	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK) {
		testcase_error("C_CloseAllSessions, rc=%s",
			p11_get_ckr(loc_rc));
	}
	return rc;

}
コード例 #10
0
ファイル: rsa_func.c プロジェクト: hcl2014/opencryptoki
/* This function should test:
 * RSA Key Generation, usign CKM_RSA_PKCS_KEY_PAIR_GEN
 * RSA Sign, mechanism chosen by caller
 * RSA Verify, mechanism chosen by caller
 *
 * 1. Generate RSA Key Pair
 * 2. Generate message
 * 3. Sign message
 * 4. Verify signature
 *
 */
CK_RV do_SignVerifyRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
{
	int 			i; // test vector index
	int			j; // message byte index
	CK_BYTE			message[MAX_MESSAGE_SIZE];
	CK_ULONG		message_len;
	CK_BYTE			signature[MAX_SIGNATURE_SIZE];
	CK_ULONG		signature_len;

	CK_MECHANISM		mech;
	CK_OBJECT_HANDLE	publ_key, priv_key;

	CK_SLOT_ID		slot_id = SLOT_ID;
	CK_SESSION_HANDLE	session;
	CK_FLAGS		flags;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_RV			rc, loc_rc;

	char 			*s;

	// begin testsuite
	testsuite_begin("%s Sign Verify.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	// skip tests if the slot doesn't support this mechanism
	if (! mech_supported(slot_id, tsuite->mech.mechanism)){
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support %u",
			(unsigned int) slot_id,
                        (unsigned int) tsuite->mech.mechanism );
                goto testcase_cleanup;
	}


	// iterate over test vectors
	for (i = 0; i < tsuite->tvcount; i++){

                // get public exponent from test vector
                if ( p11_ahex_dump(&s, tsuite->tv[i].publ_exp,
                                tsuite->tv[i].publ_exp_len) == NULL) {
                        testcase_error("p11_ahex_dump() failed");
                        rc = -1;
                        goto testcase_cleanup;
                }

                // begin test
                testcase_begin("%s Sign and Verify with test vector %d, "
                        "\npubl_exp='%s', mod_bits='%lu', keylen='%lu'.",
			tsuite->name, i, s,
                        tsuite->tv[i].modbits,
                        tsuite->tv[i].keylen);

		if (!keysize_supported(slot_id, tsuite->mech.mechanism,
					tsuite->tv[i].modbits)) {
			testcase_skip("Token in slot %ld cannot be used with "
					"modbits.='%ld'",
					SLOT_ID,tsuite->tv[i].modbits);
			continue;
		}

		if (is_ep11_token(slot_id)) {
			if (! is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
						  tsuite->tv[i].publ_exp_len)) {
				testcase_skip("EP11 Token cannot "
					       "be used with publ_exp.='%s'",s);
				continue;
			}
		}

		if (is_cca_token(slot_id)) {
                        if (! is_valid_cca_pubexp(tsuite->tv[i].publ_exp,
                                tsuite->tv[i].publ_exp_len)) {
                                testcase_skip("CCA Token cannot "
                                        "be used with publ_exp='%s'.",s);
                                continue;
                        }
                }

		if (is_tpm_token(slot_id)) {
                        if ((! is_valid_tpm_pubexp(tsuite->tv[i].publ_exp,
                                tsuite->tv[i].publ_exp_len)) || (!is_valid_tpm_modbits(tsuite->tv[i].modbits))) {
                                testcase_skip("TPM Token cannot "
                                        "be used with publ_exp='%s'.",s);
                                continue;
                        }
                }


                // free memory
                free(s);

		rc = CKR_OK; // set rc

		// clear buffers
                memset(message, 0, MAX_MESSAGE_SIZE);
                memset(signature, 0, MAX_SIGNATURE_SIZE);

		// get test vector parameters
		message_len = tsuite->tv[i].inputlen;

		// generate key pair
                rc = generate_RSA_PKCS_KeyPair(session,
                                        tsuite->tv[i].modbits,
                                        tsuite->tv[i].publ_exp,
                                        tsuite->tv[i].publ_exp_len,
                                        &publ_key,
                                        &priv_key);
                if (rc != CKR_OK) {
                        testcase_error("generate_RSA_PKCS_KeyPair(), "
					"rc=%s", p11_get_ckr(rc));
                        goto error;
                }

		// generate message
		for (j = 0; j < message_len; j++) {
			message[j] = (j + 1) % 255;
		}

		// get  mech
		mech = tsuite->mech;

		// initialize Sign (length only)
		rc = funcs->C_SignInit(session,
				&mech,
				priv_key);
		if (rc != CKR_OK){
			testcase_error("C_SignInit(), rc=%s", p11_get_ckr(rc));
			goto error;
		}

		// set buffer size
		signature_len = MAX_SIGNATURE_SIZE;

		// do Sign
		rc = funcs->C_Sign(session,
				message,
				message_len,
				signature,
				&signature_len);
		if (rc != CKR_OK) {
			testcase_error("C_Sign(), rc=%s signature len=%ld",
				p11_get_ckr(rc), signature_len);
			goto error;
		}


		// initialize Verify
		rc = funcs->C_VerifyInit(session,
				&mech,
				publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_VerifyInit(), rc=%s",
				p11_get_ckr(rc));
		}

		// do Verify
		rc = funcs->C_Verify(session,
				message,
				message_len,
				signature,
				signature_len);

		// check results
		testcase_new_assertion();
		if (rc == CKR_OK) {
			testcase_pass("C_Verify.");
		}
		else {
			testcase_fail("C_Verify(), rc=%s", p11_get_ckr(rc));
		}

		// clean up
		rc = funcs->C_DestroyObject(session, publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(rc));
		}

		rc = funcs->C_DestroyObject(session, priv_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(rc));
		}
        }
	goto testcase_cleanup;
error:
	loc_rc = funcs->C_DestroyObject(session, publ_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject, rc=%s.", p11_get_ckr(loc_rc));
	}
	loc_rc = funcs->C_DestroyObject(session, priv_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject, rc=%s.", p11_get_ckr(loc_rc));
	}

testcase_cleanup:
	testcase_user_logout();
	rc = funcs->C_CloseAllSessions(slot_id);
	if (rc != CKR_OK) {
		testcase_error("C_CloesAllSessions, rc=%s", p11_get_ckr(rc));
	}
	return rc;
}
コード例 #11
0
ファイル: rsa_func.c プロジェクト: hcl2014/opencryptoki
/* This function should test:
 * C_Verify, mechanism chosen by caller
 *
 * 1. Get message from test vector
 * 2. Get signature from test vector
 * 3. Verify signature
 *
 */
CK_RV do_VerifyRSA(struct PUBLISHED_TEST_SUITE_INFO *tsuite)
{
	int			i;
	CK_BYTE			actual[MAX_SIGNATURE_SIZE];
	CK_BYTE			message[MAX_MESSAGE_SIZE];
	CK_ULONG		message_len;
	CK_BYTE			signature[MAX_SIGNATURE_SIZE];
	CK_ULONG		signature_len;

	CK_MECHANISM		mech;
	CK_OBJECT_HANDLE	publ_key;

	CK_SLOT_ID		slot_id = SLOT_ID;
	CK_SESSION_HANDLE	session;
	CK_FLAGS		flags;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_RV			rc, loc_rc;

	// begin testsuite
	testsuite_begin("%s Verify.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	// skip tests if the slot doesn't support this mechanism
        if (! mech_supported(slot_id, tsuite->mech.mechanism)){
                testsuite_skip(tsuite->tvcount,
                           "Slot %u doesn't support %u",
                           (unsigned int) slot_id,
                           (unsigned int) tsuite->mech.mechanism );
                goto testcase_cleanup;
        }

	// iterate over test vectors
	for (i = 0; i < tsuite->tvcount; i++){

		testcase_begin("%s Verify with test vector %d.",
				tsuite->name, i);

		rc = CKR_OK; // set return value

		// clear buffers
		memset(message, 0, MAX_MESSAGE_SIZE);
		memset(signature, 0, MAX_SIGNATURE_SIZE);
		memset(actual, 0, MAX_SIGNATURE_SIZE);

		// get message
		message_len = tsuite->tv[i].msg_len;
		memcpy(message, tsuite->tv[i].msg, message_len);

		// get signature
		signature_len = tsuite->tv[i].sig_len;
		memcpy(signature, tsuite->tv[i].sig, signature_len);

		// create (public) key handle
		rc = create_RSAPublicKey(session,
				tsuite->tv[i].mod,
				tsuite->tv[i].pub_exp,
				tsuite->tv[i].mod_len,
				tsuite->tv[i].pubexp_len,
				&publ_key);

		if (rc != CKR_OK) {
			testcase_error("create_RSAPublicKey(), rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		// set mechanism
		mech = tsuite->mech;

		// initialize verify
		rc = funcs->C_VerifyInit(session, &mech, publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_VerifyInit(), rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		// do verify
		rc = funcs->C_Verify(session,
			message,
			message_len,
			signature,
			signature_len);

		// check result
		testcase_new_assertion();

		if (rc == CKR_OK){
			testcase_pass("C_Verify.");
		}

		else {
			testcase_fail("%s Sign Verify with test vector %d "
				"failed.", tsuite->name, i);
		}

		// clean up
		rc = funcs->C_DestroyObject(session, publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(rc));
			goto testcase_cleanup;
		}

	}
	goto testcase_cleanup;
error:
	loc_rc = funcs->C_DestroyObject(session, publ_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject(), rc=%s.",
			p11_get_ckr(loc_rc));
	}

testcase_cleanup:
        testcase_user_logout();
        rc = funcs->C_CloseAllSessions(slot_id);
        if (rc != CKR_OK) {
                testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
        }
        return rc;
}
コード例 #12
0
ファイル: rsa_func.c プロジェクト: shpedoikal/opencryptoki
/* This function should test:
 * RSA Key Generation, using CKM_PKCS_KEY_PAIR_GEN
 * RSA Public-Key Wrap
 * RSA Private-Key Unwrap
 *
 */
CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
{
	int			i;
	CK_OBJECT_HANDLE        publ_key, priv_key, secret_key, unwrapped_key;
	CK_BYTE_PTR		wrapped_key;
	CK_ULONG		wrapped_keylen, unwrapped_keylen;
	CK_MECHANISM		wrap_mech, keygen_mech;

	char 			*s;

	CK_SESSION_HANDLE	session;
	CK_FLAGS		flags;
	CK_SLOT_ID		slot_id = SLOT_ID;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_RV			rc, loc_rc;


	// begin test suite
	testsuite_begin("%s Wrap Unwrap.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	// skip all tests if the slot doesn't support this mechanism
        if (! mech_supported(slot_id, tsuite->mech.mechanism)){
                testsuite_skip(tsuite->tvcount,
                           "Slot %u doesn't support %u",
                           (unsigned int) slot_id,
                           (unsigned int) tsuite->mech.mechanism );
                goto testcase_cleanup;
        }

	// skip all tests if the slot doesn't support wrapping
	else if (! wrap_supported(slot_id, tsuite->mech)) {
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support key wrapping",
			(unsigned int) slot_id);
		goto testcase_cleanup;

	}

	// skip all tests if the slot doesn't support unwrapping
	else if (! unwrap_supported(slot_id, tsuite->mech)) {
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support key unwrapping",
			(unsigned int) slot_id);
		goto testcase_cleanup;
	}

	for (i = 0; i < tsuite->tvcount; i++) {

		// wrap templates & unwrap templates
		CK_ATTRIBUTE		secret_value[] = {
						{CKA_VALUE, NULL, 0}
					};
		CK_ATTRIBUTE		unwrapped_value[] = {
						{CKA_VALUE, NULL, 0}
					};
		CK_ULONG		s_valuelen = 0;
		CK_ATTRIBUTE		secret_value_len[] = {
						{CKA_VALUE_LEN,
						&s_valuelen,
						sizeof(s_valuelen)}
					};
		CK_ULONG		u_valuelen = 0;
		CK_ATTRIBUTE		unwrapped_value_len[] = {
						{CKA_VALUE_LEN,
						&u_valuelen,
						sizeof(u_valuelen)}
					};
		CK_ATTRIBUTE            unwrap_tmpl[] = {
						{CKA_CLASS, NULL, 0},
						{CKA_KEY_TYPE, NULL, 0},
						{CKA_VALUE_LEN, NULL, 0}
					};
		CK_ULONG                unwrap_tmpl_len;

		// get public exponent from test vector
		if ( p11_ahex_dump(&s, tsuite->tv[i].publ_exp,
				tsuite->tv[i].publ_exp_len) == NULL) {
				testcase_error("p11_ahex_dump() failed");
			rc = -1;
			goto testcase_cleanup;
		}

		// begin test
		testcase_begin("%s Wrap Unwrap with test vector %d, "
			"\npubl_exp='%s', mod_bits='%lu', keylen='%lu', "
			"keytype='%s'", tsuite->name, i, s,
			tsuite->tv[i].modbits,
			tsuite->tv[i].keylen,
			p11_get_ckm(tsuite->tv[i].keytype.mechanism));

		// free memory
		free(s);

		// get key gen mechanism
		keygen_mech = tsuite->tv[i].keytype;

		// get wrapping mechanism
		wrap_mech = tsuite->mech;

		// skip this test if the slot doesn't support this
		// keygen mechanism
		if (! mech_supported(slot_id,
			keygen_mech.mechanism)) {
			testcase_skip();
			continue;
		}

		// initialize buffer lengths
		wrapped_keylen = PKCS11_MAX_PIN_LEN;

		// generate RSA key pair
		rc = generate_RSA_PKCS_KeyPair(session,
				tsuite->tv[i].modbits,
				tsuite->tv[i].publ_exp,
				tsuite->tv[i].publ_exp_len,
				&publ_key,
				&priv_key);
		if (rc != CKR_OK) {
                        testcase_error("C_GenerateKeyPair() rc = %s",
					p11_get_ckr(rc));
                        goto testcase_cleanup;
		}

		// generate secret key
		rc = generate_SecretKey(session,
				tsuite->tv[i].keylen,
				&keygen_mech,
				&secret_key);
		if (rc != CKR_OK) {
			testcase_error("generate_SecretKey(), rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		// extract CKA_CLASS and CKA_KEY_TYPE from generated key
		// we will use this for unwrapping

		// extract sizes first
		rc = funcs->C_GetAttributeValue(session,
						secret_key,
						unwrap_tmpl,
						2);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s",
					p11_get_ckr(rc));
			goto error;
		}

		// allocate memory for extraction
		unwrap_tmpl[0].pValue = calloc(sizeof(CK_BYTE),
						unwrap_tmpl[0].ulValueLen);
		unwrap_tmpl[1].pValue = calloc(sizeof(CK_BYTE),
						unwrap_tmpl[1].ulValueLen);

		if ( (unwrap_tmpl[0].pValue == NULL) ||
			(unwrap_tmpl[1].pValue == NULL) ) {
			testcase_error("Error allocating %lu bytes"
				"for unwrap template attributes",
				unwrap_tmpl[0].ulValueLen +
				unwrap_tmpl[1].ulValueLen);
			rc = -1;
			goto error;
		}

		// now extract values
		rc = funcs->C_GetAttributeValue(session,
						secret_key,
						unwrap_tmpl,
						2);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s",
					p11_get_ckr(rc));
			goto error;
		}

		// wrap key (length only)
		rc = funcs->C_WrapKey(session,
				&wrap_mech,
				publ_key,
				secret_key,
				NULL,
				&wrapped_keylen);
		if (rc != CKR_OK) {
			testcase_error("C_WrapKey(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

		// allocate memory for wrapped_key
		wrapped_key = calloc(sizeof(CK_BYTE), wrapped_keylen);
		if (wrapped_key == NULL) {
			testcase_error("Can't allocate memory "
				"for %lu bytes.",
				sizeof(CK_BYTE) * wrapped_keylen);
			rc = -1;
			goto error;
		}

		// wrap key
		rc = funcs->C_WrapKey(session,
				&wrap_mech,
				publ_key,
				secret_key,
				wrapped_key,
				&wrapped_keylen);
		if (rc != CKR_OK) {
			testcase_error("C_WrapKey, rc=%s", p11_get_ckr(rc));
			goto error;
		}

		unwrapped_keylen = tsuite->tv[i].keylen;

		// variable key length specific case:
		// According to PKCS#11 v2.2 section 12.1.12
		// CKM_RSA_X_509 does not wrap the key type, key length,
		// or any other information about the key; the application
		// must convey these separately, and supply them when
		// unwrapping the key.
		if (keygen_mech.mechanism == CKM_AES_KEY_GEN) {
			unwrapped_keylen = tsuite->tv[i].keylen;
			unwrap_tmpl[2].type = CKA_VALUE_LEN;
			unwrap_tmpl[2].ulValueLen = sizeof(unwrapped_keylen);
			unwrap_tmpl[2].pValue = &unwrapped_keylen;
			unwrap_tmpl_len = 3;
		}
		else {
			unwrap_tmpl_len = 2;
		}

		// unwrap key
		rc = funcs->C_UnwrapKey(session,
				&wrap_mech,
				priv_key,
				wrapped_key,
				wrapped_keylen,
				unwrap_tmpl,
				unwrap_tmpl_len,
				&unwrapped_key);
		if (rc != CKR_OK) {
			testcase_error("C_UnwrapKey, rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		testcase_new_assertion();

		// get secret CKA_VALUE_LEN (if applicable)
		// then compare to expected value
		if (keygen_mech.mechanism == CKM_GENERIC_SECRET_KEY_GEN
			|| keygen_mech.mechanism == CKM_RC4_KEY_GEN
			|| keygen_mech.mechanism == CKM_RC5_KEY_GEN
			|| keygen_mech.mechanism == CKM_AES_KEY_GEN) {

			rc = funcs->C_GetAttributeValue(session,
						secret_key,
						secret_value_len,
						1);

			if (rc != CKR_OK) {
				testcase_error("C_GetAttributeValue(), rc=%s",
					p11_get_ckr(rc));
				goto error;
			}

			rc = funcs->C_GetAttributeValue(session,
						unwrapped_key,
						unwrapped_value_len,
						1);

			if (rc != CKR_OK) {
				testcase_error("C_GetAttributeValue(), rc=%s",
					p11_get_ckr(rc));
				goto error;
			}

			// check results

			if ( * ((CK_ULONG_PTR) secret_value_len[0].pValue) !=
			     * ((CK_ULONG_PTR) unwrapped_value_len[0].pValue)) {

				testcase_fail("CKA_VALUE_LEN value differs "
					"(original %lu, unwrapped %lu)",
					*((CK_ULONG_PTR) secret_value_len),
					*((CK_ULONG_PTR) unwrapped_value_len));
				goto error;
			}
		}

		// get size of secret key's CKA_VALUE
		rc = funcs->C_GetAttributeValue(session, secret_key,
					secret_value, 1);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

		// get size of unwrapped key's CKA_VALUE
		rc = funcs->C_GetAttributeValue(session, unwrapped_key,
					unwrapped_value, 1);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

		// allocate memory for extraction
                secret_value[0].pValue = calloc(sizeof(CK_BYTE),
                                                secret_value[0].ulValueLen);
                if (secret_value[0].pValue == NULL) {
                        testcase_error("Error allocating %lu bytes "
                                        "for Secret Key Value.",
                                        secret_value[0].ulValueLen);
                        goto error;
                }

                unwrapped_value[0].pValue = calloc(sizeof(CK_BYTE),
                                                unwrapped_value[0].ulValueLen);
                if (unwrapped_value[0].pValue == NULL) {
                        testcase_error("Error allocating %lu bytes "
                                        "for Unwrapped Key Value.",
                                        unwrapped_value[0].ulValueLen);
                        goto error;
                }

		// get secret CKA_VALUE
		rc = funcs->C_GetAttributeValue(session,
					secret_key,
					secret_value,
					1);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

		// get unwrapped CKA_VALUE
		rc = funcs->C_GetAttributeValue(session,
					unwrapped_key,
					unwrapped_value,
					1);
		if (rc != CKR_OK) {
			testcase_error("C_GetAttributeValue(), rc=%s.",
				p11_get_ckr(rc));
			goto error;
		}

		// compare secret and unwrapped CKA_VALUE
		if (memcmp(secret_value[0].pValue,
				unwrapped_value[0].pValue,
				secret_value[0].ulValueLen)) {

			testcase_fail("Unwrapped key differs in CKA_VALUE.");
		}

		else {
			testcase_pass("C_Wrap and C_Unwrap.");
		}

		// free memory
		if (unwrap_tmpl[0].pValue) {
			free(unwrap_tmpl[0].pValue);
		}
		if (unwrap_tmpl[1].pValue) {
			free(unwrap_tmpl[1].pValue);
		}
		if (secret_value[0].pValue) {
			free(secret_value[0].pValue);
		}
		if (unwrapped_value[0].pValue) {
			free(unwrapped_value[0].pValue);
		}
		if (wrapped_key) {
			free(wrapped_key);
		}

		// clean up
		rc = funcs->C_DestroyObject(session, secret_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		rc = funcs->C_DestroyObject(session, publ_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));
			goto testcase_cleanup;
		}

		rc = funcs->C_DestroyObject(session, priv_key);
		if (rc != CKR_OK) {
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));
			goto testcase_cleanup;
		}
	}
	goto testcase_cleanup;

error:
	loc_rc = funcs->C_DestroyObject(session, secret_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(loc_rc));
	}

	loc_rc = funcs->C_DestroyObject(session, publ_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(loc_rc));
	}

	loc_rc = funcs->C_DestroyObject(session, priv_key);
	if (loc_rc != CKR_OK) {
		testcase_error("C_DestroyObject(), rc=%s.",
				p11_get_ckr(loc_rc));
	}

testcase_cleanup:
	testcase_user_logout();
	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK) {
		testcase_error("C_CloseAllSessions(), rc=%s.",
			p11_get_ckr(rc));
	}
	return rc;
}
コード例 #13
0
ファイル: rsa_func.c プロジェクト: IanMDavis/openCryptoki
/* This function should test:
 * RSA Key Generation, using CKM_PKCS_KEY_PAIR_GEN
 * RSA Public-Key Wrap
 * RSA Private-Key Unwrap
 *
 */
CK_RV do_WrapUnwrapRSA(struct GENERATED_TEST_SUITE_INFO *tsuite)
{
	int i = 0, j = 0;
	char *s = NULL;
	CK_OBJECT_HANDLE publ_key, priv_key, secret_key, unwrapped_key;
	CK_BYTE_PTR wrapped_key = NULL;
	CK_ULONG wrapped_keylen, unwrapped_keylen = 0;
	CK_MECHANISM wrap_mech, keygen_mech, mech;
	CK_BYTE	clear[32], cipher[32], re_cipher[32];
	CK_ULONG cipher_len = 32, re_cipher_len = 32;
	CK_RSA_PKCS_OAEP_PARAMS oaep_params;

	CK_SESSION_HANDLE	session;
	CK_FLAGS		flags;
	CK_SLOT_ID		slot_id = SLOT_ID;
	CK_BYTE			user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG		user_pin_len;
	CK_RV			rc, loc_rc;

	CK_OBJECT_CLASS	key_class = CKO_SECRET_KEY;
	CK_KEY_TYPE key_type;
	CK_ATTRIBUTE unwrap_tmpl[] = {
		{CKA_CLASS, &key_class, sizeof(CK_OBJECT_CLASS)},
		{CKA_KEY_TYPE, &key_type, sizeof(CK_KEY_TYPE)},
		{CKA_VALUE_LEN, &unwrapped_keylen, sizeof(CK_ULONG)}
	};
	CK_ULONG                unwrap_tmpl_len;

	// begin test suite
	testsuite_begin("%s Wrap Unwrap.", tsuite->name);
	testcase_rw_session();
	testcase_user_login();

	/* create some data */
	for (j = 0; j < 32; j++)
		clear[j] = j;

	// skip all tests if the slot doesn't support this mechanism
        if (! mech_supported(slot_id, tsuite->mech.mechanism)){
                testsuite_skip(tsuite->tvcount,
                           "Slot %u doesn't support %u",
                           (unsigned int) slot_id,
                           (unsigned int) tsuite->mech.mechanism );
                goto testcase_cleanup;
        }

	// skip all tests if the slot doesn't support wrapping
	else if (! wrap_supported(slot_id, tsuite->mech)) {
		testsuite_skip(tsuite->tvcount,
			"Slot %u doesn't support key wrapping",
			(unsigned int) slot_id);
		goto testcase_cleanup;

	}

	for (i = 0; i < tsuite->tvcount; i++) {

		// skip if the slot doesn't support the keygen mechanism
		if (!mech_supported(slot_id, tsuite->tv[i].keytype.mechanism)) {
			testcase_skip("Slot %u doesn't support %u",
				      (unsigned int)slot_id,
				      (unsigned int)tsuite->tv[i].keytype.mechanism);
			continue;
		}

		if (!keysize_supported(slot_id, tsuite->mech.mechanism,
					tsuite->tv[i].modbits)) {
			testcase_skip("Token in slot %ld cannot be used with "
					"modbits.='%ld'",
					SLOT_ID,tsuite->tv[i].modbits);
			continue;
		}

		// get public exponent from test vector
		if ( p11_ahex_dump(&s, tsuite->tv[i].publ_exp,
				tsuite->tv[i].publ_exp_len) == NULL) {
				testcase_error("p11_ahex_dump() failed");
			rc = -1;
			goto testcase_cleanup;
		}

		if (is_ep11_token(slot_id)) {
			if (! is_valid_ep11_pubexp(tsuite->tv[i].publ_exp,
						  tsuite->tv[i].publ_exp_len)) {
				testcase_skip("EP11 Token cannot "
					       "be used with publ_exp.='%s'",s);
				continue;
			}
		}

		// begin test
		testcase_begin("%s Wrap Unwrap with test vector %d, "
			"\npubl_exp='%s', mod_bits='%lu', keylen='%lu', "
			"keytype='%s'", tsuite->name, i, s,
			tsuite->tv[i].modbits, tsuite->tv[i].keylen,
			p11_get_ckm(tsuite->tv[i].keytype.mechanism));

		// free memory
		if (s)
			free(s);

		// get key gen mechanism
		keygen_mech = tsuite->tv[i].keytype;

		// get wrapping mechanism
		wrap_mech = tsuite->mech;
		if (wrap_mech.mechanism == CKM_RSA_PKCS_OAEP) {
			oaep_params = tsuite->tv[i].oaep_params;
			wrap_mech.pParameter = &oaep_params;
			wrap_mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS);
		}

		// clear out buffers
		memset (cipher, 0, sizeof(cipher));
		memset (re_cipher, 0, sizeof(re_cipher));

		// initialize buffer lengths
		wrapped_keylen = PKCS11_MAX_PIN_LEN;

		// generate RSA key pair
		rc = generate_RSA_PKCS_KeyPair(session, tsuite->tv[i].modbits,
					       tsuite->tv[i].publ_exp,
					       tsuite->tv[i].publ_exp_len,
					       &publ_key, &priv_key);
		if (rc != CKR_OK) {
                        testcase_error("C_GenerateKeyPair() rc = %s",
					p11_get_ckr(rc));
                        goto testcase_cleanup;
		}

		// generate secret key
		rc = generate_SecretKey(session, tsuite->tv[i].keylen,
					&keygen_mech, &secret_key);
		if (rc != CKR_OK) {
			testcase_error("generate_SecretKey(), rc=%s",
				p11_get_ckr(rc));
			goto error;
		}

		/* Testcase Goals:
		 * 1. Encrypt data.
		 * 2. Use RSA to wrap the secret key we just used to encrypt.
		 * 3. Use RSA to unwrap the secret key.
		 * 4. Decrypt with the newly unwrapped key to get original data.
		 *
		 * The first assertion will be the success of RSA to wrap and
		 * unwrap the secret key.
		 * The second assertion will be the success of the unwrapped
		 * key to decrypt the original text.
		 * Note: Generic secret keys are not used for encrypt/decrypt
		 *       by default. So they will not be included in second
		 *	 assertion.
		 */
		if (keygen_mech.mechanism != CKM_GENERIC_SECRET_KEY_GEN) {

			switch (keygen_mech.mechanism) {
			case CKM_AES_KEY_GEN:
				mech.mechanism = CKM_AES_ECB;
				key_type = CKK_AES;
				break;
			case CKM_DES3_KEY_GEN:
				mech.mechanism = CKM_DES3_ECB;
				key_type = CKK_DES3;
				break;
			case CKM_DES_KEY_GEN:
				mech.mechanism = CKM_DES_ECB;
				key_type = CKK_DES;
				break;
			case CKM_CDMF_KEY_GEN:
				mech.mechanism = CKM_CDMF_ECB;
				key_type = CKK_CDMF;
				break;
			default:
				testcase_error("unknown mech");
				goto error;
			}

			mech.ulParameterLen = 0;
			mech.pParameter = NULL;

			rc = funcs->C_EncryptInit(session, &mech, secret_key);
			if (rc != CKR_OK) {
				testcase_error("C_EncryptInit secret_key "
					       ": rc = %s", p11_get_ckr(rc));
				goto error;
			}

			rc = funcs->C_Encrypt(session, clear, 32, cipher,
					      &cipher_len);
			if (rc != CKR_OK) {
				testcase_error("C_Encrypt secret_key: rc = %s",
						p11_get_ckr(rc));
				goto error;
			}
		} else
			key_type = CKK_GENERIC_SECRET;

		testcase_new_assertion();	/* assertion #1 */
		// wrap key (length only)
		rc = funcs->C_WrapKey(session, &wrap_mech, publ_key, secret_key,
				      NULL, &wrapped_keylen);
		if (rc != CKR_OK) {
			testcase_error("C_WrapKey(), rc=%s.", p11_get_ckr(rc));
			goto error;
		}

		// allocate memory for wrapped_key
		wrapped_key = calloc(sizeof(CK_BYTE), wrapped_keylen);
		if (wrapped_key == NULL) {
			testcase_error("Can't allocate memory for %lu bytes.",
					sizeof(CK_BYTE) * wrapped_keylen);
			rc = CKR_HOST_MEMORY;
			goto error;
		}

		// wrap key
		rc = funcs->C_WrapKey(session, &wrap_mech, publ_key, secret_key,
				      wrapped_key, &wrapped_keylen);
		if (rc != CKR_OK) {
			testcase_fail("C_WrapKey, rc=%s", p11_get_ckr(rc));
			goto error;
		}

		/* variable key length specific case:
		 * According to PKCS#11 v2.2 section 12.1.12
		 * CKM_RSA_X_509 does not wrap the key type, key length,
		 * or any other information about the key; the application
		 * must convey these separately, and supply them when
		 * unwrapping the key.
		 */
		if (((keygen_mech.mechanism == CKM_AES_KEY_GEN) ||
		    (keygen_mech.mechanism == CKM_GENERIC_SECRET_KEY_GEN)) && 
		    (wrap_mech.mechanism == CKM_RSA_X_509)) {
			unwrapped_keylen = tsuite->tv[i].keylen;
			unwrap_tmpl_len = 3;
		}
		else {
			unwrap_tmpl_len = 2;
		}

		// unwrap key
		rc = funcs->C_UnwrapKey(session, &wrap_mech, priv_key,
					wrapped_key, wrapped_keylen,
					unwrap_tmpl, unwrap_tmpl_len,
					&unwrapped_key);
		if (rc != CKR_OK) {
			testcase_fail("C_UnwrapKey, rc=%s",
				p11_get_ckr(rc));
			goto error;
		} else
			testcase_pass("wrapped and unwrapped key successful.");

		/* now decrypt the message with the unwrapped key */

		if (keygen_mech.mechanism != CKM_GENERIC_SECRET_KEY_GEN) {
			rc = funcs->C_DecryptInit(session,&mech,unwrapped_key);
			if (rc != CKR_OK) {
				testcase_error("C_DecryptInit unwrapped_key: "
					       " rc = %s", p11_get_ckr(rc));
				goto error;
			}

			rc = funcs->C_Decrypt(session, cipher, cipher_len,
					      re_cipher, &re_cipher_len);
			if (rc != CKR_OK) {
				testcase_error("C_Decrypt unwrapped_key: "
					       "rc = %s", p11_get_ckr(rc));
				goto error;
			}

			testcase_new_assertion();

			if (memcmp(clear, re_cipher, 32) != 0) {
				testcase_fail("ERROR:data mismatch\n");
				goto error;
			} else
				testcase_pass("Decrypted data is correct.");
		}

		// clean up
		if (wrapped_key) {
			free(wrapped_key);
			wrapped_key = NULL;
		}

		rc = funcs->C_DestroyObject(session, secret_key);
		if (rc != CKR_OK)
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));

		rc = funcs->C_DestroyObject(session, publ_key);
		if (rc != CKR_OK)
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));

		rc = funcs->C_DestroyObject(session, priv_key);
		if (rc != CKR_OK)
			testcase_error("C_DestroyObject(), rc=%s.",
					p11_get_ckr(rc));
	}
	goto testcase_cleanup;

error:
	if (wrapped_key) {
		free(wrapped_key);
		wrapped_key = NULL;
	}

	funcs->C_DestroyObject(session, secret_key);
	funcs->C_DestroyObject(session, publ_key);
	funcs->C_DestroyObject(session, priv_key);

testcase_cleanup:
	testcase_user_logout();
	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK) {
		testcase_error("C_CloseAllSessions(), rc=%s.",
			p11_get_ckr(rc));
	}
	return rc;
}