static void test_initialize_multiple (void) { CK_FUNCTION_LIST_PTR proxy; CK_RV rv; rv = C_GetFunctionList (&proxy); assert (rv == CKR_OK); assert (p11_proxy_module_check (proxy)); rv = proxy->C_Initialize (NULL); assert (rv == CKR_OK); rv = proxy->C_Initialize (NULL); assert (rv == CKR_OK); rv = proxy->C_Finalize (NULL); assert (rv == CKR_OK); rv = proxy->C_Finalize (NULL); assert (rv == CKR_OK); rv = proxy->C_Finalize (NULL); assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED); p11_proxy_module_cleanup (); }
static void test_initalize() { asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); }
static void teardown_mock_module (CK_FUNCTION_LIST_PTR module) { CK_RV rv; rv = module->C_Finalize (NULL); assert (rv == CKR_OK); }
static void test_initialize_finalize (void) { CK_FUNCTION_LIST_PTR proxy; CK_RV rv; rv = C_GetFunctionList (&proxy); assert (rv == CKR_OK); assert (p11_proxy_module_check (proxy)); rv = proxy->C_Initialize (NULL); assert (rv == CKR_OK); rv = proxy->C_Finalize (NULL); assert_num_eq (rv, CKR_OK); p11_proxy_module_cleanup (); }
static void test_login() { CK_SESSION_HANDLE session; CK_SESSION_INFO info; asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1"); asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER"); asrt(funcs->C_Logout(session), CKR_OK, "Logout USER"); asrt(funcs->C_Login(session, CKU_SO, "010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO"); asrt(funcs->C_Logout(session), CKR_OK, "Logout SO"); asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession"); asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); }
CK_RV pkcs11_close(FILE *err, CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE h_session) { CK_RV rc = funcs->C_Logout(h_session); if (rc != CKR_OK) { show_error(err, "C_Logout", rc); return rc; } rc = funcs->C_CloseSession(h_session); if (rc != CKR_OK) { show_error(err, "C_CloseSession", rc); return rc; } rc = funcs->C_Finalize(NULL); if (rc != CKR_OK) { show_error(err, "C_Finalize", rc); return rc; } return rc; }
static void test_token_info() { const CK_CHAR_PTR TOKEN_LABEL = "YubiKey PIV"; const CK_CHAR_PTR TOKEN_MODEL = "YubiKey "; // Skip last 3 characters (version dependent) const CK_CHAR_PTR TOKEN_SERIAL = "1234"; const CK_FLAGS TOKEN_FLAGS = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED; const CK_VERSION HW = {0, 0}; const CK_CHAR_PTR TOKEN_TIME = " "; CK_TOKEN_INFO info; asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); asrt(funcs->C_GetTokenInfo(0, &info), CKR_OK, "GetTokeninfo"); asrt(strncmp(info.label, TOKEN_LABEL, strlen(TOKEN_LABEL)), 0, "TOKEN_LABEL"); // Skip manufacturer id (not used) asrt(strncmp(info.model, TOKEN_MODEL, strlen(TOKEN_MODEL)), 0, "TOKEN_MODEL"); asrt(strncmp(info.serialNumber, TOKEN_SERIAL, strlen(TOKEN_SERIAL)), 0, "SERIAL_NUMBER"); asrt(info.flags, TOKEN_FLAGS, "TOKEN_FLAGS"); asrt(info.ulMaxSessionCount, CK_UNAVAILABLE_INFORMATION, "MAX_SESSION_COUNT"); asrt(info.ulSessionCount, CK_UNAVAILABLE_INFORMATION, "SESSION_COUNT"); asrt(info.ulMaxRwSessionCount, CK_UNAVAILABLE_INFORMATION, "MAX_RW_SESSION_COUNT"); asrt(info.ulRwSessionCount, CK_UNAVAILABLE_INFORMATION, "RW_SESSION_COUNT"); asrt(info.ulMaxPinLen, 8, "MAX_PIN_LEN"); asrt(info.ulMinPinLen, 6, "MIN_PIN_LEN"); asrt(info.ulTotalPublicMemory, CK_UNAVAILABLE_INFORMATION, "TOTAL_PUB_MEM"); asrt(info.ulFreePublicMemory, CK_UNAVAILABLE_INFORMATION, "FREE_PUB_MEM"); asrt(info.ulTotalPrivateMemory, CK_UNAVAILABLE_INFORMATION, "TOTAL_PVT_MEM"); asrt(info.ulFreePrivateMemory, CK_UNAVAILABLE_INFORMATION, "FREE_PVT_MEM"); asrt(info.hardwareVersion.major, HW.major, "HW_MAJ"); asrt(info.hardwareVersion.minor, HW.minor, "HW_MIN"); if (info.firmwareVersion.major != 4 && info.firmwareVersion.major != 0) asrt(info.firmwareVersion.major, 4, "FW_MAJ"); asrt(strcmp(info.utcTime, TOKEN_TIME), 0, "TOKEN_TIME"); asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); }
static void test_session() { CK_SESSION_HANDLE session; CK_SESSION_INFO info; asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1"); asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession"); asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession2"); asrt(funcs->C_GetSessionInfo(session, &info), CKR_OK, "GetSessionInfo"); asrt(info.state, CKS_RW_PUBLIC_SESSION, "CHECK STATE"); asrt(info.flags, CKF_SERIAL_SESSION | CKF_RW_SESSION, "CHECK FLAGS"); asrt(info.ulDeviceError, 0, "CHECK DEVICE ERROR"); asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession"); asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession3"); asrt(funcs->C_CloseAllSessions(0), CKR_OK, "CloseAllSessions"); asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); }
// The main function int main(int argc, char* argv[]) { int option_index = 0; int opt; char* dbPath = NULL; char* userPIN = NULL; char* module = NULL; char* slot = NULL; char* serial = NULL; char* token = NULL; char *errMsg = NULL; int noPublicKey = 0; int result = 0; CK_RV rv; moduleHandle = NULL; p11 = NULL; CK_SLOT_ID slotID = 0; if (argc == 1) { usage(); exit(0); } while ((opt = getopt_long(argc, argv, "hv", long_options, &option_index)) != -1) { switch (opt) { case OPT_DB: dbPath = optarg; break; case OPT_SLOT: slot = optarg; break; case OPT_SERIAL: serial = optarg; break; case OPT_TOKEN: token = optarg; break; case OPT_MODULE: module = optarg; break; case OPT_NO_PUBLIC_KEY: noPublicKey = 1; break; case OPT_PIN: userPIN = optarg; break; case OPT_VERSION: case 'v': printf("%s\n", PACKAGE_VERSION); exit(0); break; case OPT_HELP: case 'h': default: usage(); exit(0); break; } } // Get a pointer to the function list for PKCS#11 library CK_C_GetFunctionList pGetFunctionList = loadLibrary(module, &moduleHandle, &errMsg); if (pGetFunctionList == NULL) { fprintf(stderr, "ERROR: Could not load the library: %s\n", errMsg); exit(1); } // Load the function list (*pGetFunctionList)(&p11); // Initialize the library rv = p11->C_Initialize(NULL_PTR); if (rv != CKR_OK) { fprintf(stderr, "ERROR: Could not initialize the library.\n"); exit(1); } // Get the slotID result = findSlot(slot, serial, token, slotID); if (!result) { // Migrate the database result = migrate(dbPath, slotID, userPIN, noPublicKey); } // Finalize the library p11->C_Finalize(NULL_PTR); unloadLibrary(moduleHandle); return result; }
void processRequest(int client) { DataMarshalling *d = NULL; while (1) { d = new DataMarshalling(client); d->recvData(); if (!strcmp(d->getMsgType(), "C_Initialize")) { int p = 0; printf("Processing: C_Initialize\n"); p = d->unpackInt(); if (p == 0) pFunctionList->C_Initialize(NULL); else { printf("ERROR: C_Initialize shouldn't be called with not NULL\n"); } } else if (!strcmp(d->getMsgType(), "C_Finalize")) { int p = 0; CK_RV ret = 0; printf("Processing: C_Finalize\n"); p = d->unpackInt(); if (p == NULL) { ret = pFunctionList->C_Finalize(NULL); } else { printf("ERROR: C_Finalize shouldn't be called with not NULL\n"); ret = CKR_CANCEL; } { CK_ULONG count = 0; DataMarshalling *d2 = new DataMarshalling(client); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } break; } else if (!strcmp(d->getMsgType(), "C_GetSlotList")) { int p = 0; printf("Processing: C_GetSlotList\n"); p = d->unpackInt(); if (p == 0) { CK_ULONG count = 0; CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Retrieving Slots size */ ret = pFunctionList->C_GetSlotList(TRUE, NULL, &count); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&count); d2->sendData(); delete d2; } else { CK_ULONG count = 0; CK_SLOT_ID_PTR slot = NULL; CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Retrieving Slots size */ pFunctionList->C_GetSlotList(TRUE, NULL, &count); slot = new(CK_SLOT_ID[count]); ret = pFunctionList->C_GetSlotList(TRUE, slot, &count); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&count); for (int i = 0; i < count; i ++) d2->packInt((char *)&slot[i]); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_OpenSession")) { unsigned int slotId = 0, flags = 0; CK_SESSION_HANDLE sessionId = 0; printf("Processing: C_OpenSession\n"); slotId = d->unpackInt(); flags = d->unpackInt(); { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_OpenSession(slotId, flags, NULL, NULL, &sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&sessionId); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_CloseSession")) { CK_SESSION_HANDLE sessionId = 0; printf("Processing: C_CloseSession\n"); sessionId = d->unpackInt(); { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_CloseSession(sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GetInfo")) { unsigned int slotId = 0, flags = 0; CK_SESSION_HANDLE sessionId = 0; CK_INFO info; printf("Processing: C_GetInfo\n"); slotId = d->unpackInt(); { CK_RV ret = 0; CK_TOKEN_INFO token; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_GetInfo(&info); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packChar(info.cryptokiVersion.major); d2->packChar(info.cryptokiVersion.minor); d2->packMem((char *)info.manufacturerID, 32); d2->packInt((char *)&info.flags); d2->packMem((char *)info.libraryDescription, 32); d2->packChar(info.libraryVersion.major); d2->packChar(info.libraryVersion.minor); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GetSlotInfo")) { unsigned int slotId = 0, flags = 0; CK_SESSION_HANDLE sessionId = 0; printf("Processing: C_GetSlotInfo\n"); slotId = d->unpackInt(); { CK_RV ret = 0; CK_SLOT_INFO slot; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_GetSlotInfo(slotId, &slot); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packMem((char *)slot.slotDescription, 64); d2->packMem((char *)slot.manufacturerID, 32); d2->packInt((char *)&slot.flags); d2->packChar(slot.hardwareVersion.major); d2->packChar(slot.hardwareVersion.minor); d2->packChar(slot.firmwareVersion.major); d2->packChar(slot.firmwareVersion.minor); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GetTokenInfo")) { unsigned int slotId = 0, flags = 0; CK_SESSION_HANDLE sessionId = 0; printf("Processing: C_GetTokenInfo\n"); slotId = d->unpackInt(); { CK_RV ret = 0; CK_TOKEN_INFO token; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_GetTokenInfo(slotId, &token); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packMem((char *)token.label, 32); d2->packMem((char *)token.manufacturerID, 32); d2->packMem((char *)token.model, 16); d2->packMem((char *)token.serialNumber, 16); d2->packInt((char *)&token.flags); d2->packInt((char *)&token.ulMaxSessionCount); d2->packInt((char *)&token.ulSessionCount); d2->packInt((char *)&token.ulMaxRwSessionCount); d2->packInt((char *)&token.ulRwSessionCount); d2->packInt((char *)&token.ulMaxPinLen); d2->packInt((char *)&token.ulMinPinLen); d2->packInt((char *)&token.ulTotalPublicMemory); d2->packInt((char *)&token.ulFreePublicMemory); d2->packInt((char *)&token.ulTotalPrivateMemory); d2->packInt((char *)&token.ulFreePrivateMemory); d2->packChar(token.hardwareVersion.major); d2->packChar(token.hardwareVersion.minor); d2->packChar(token.firmwareVersion.major); d2->packChar(token.firmwareVersion.minor); d2->packMem((char *)token.utcTime, 16); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GetMechanismList")) { unsigned int slotId = 0; CK_MECHANISM_TYPE_PTR pMechanismList = NULL; printf("Processing: C_GetMechanismList\n"); slotId = d->unpackInt(); pMechanismList = (CK_MECHANISM_TYPE_PTR)d->unpackInt(); if (pMechanismList == NULL) { CK_ULONG count = 0; CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Retrieving Slots size */ ret = pFunctionList->C_GetMechanismList(slotId, pMechanismList, &count); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&count); printf("C_GetMechanismList count: %d\n", count); d2->sendData(); delete d2; } else { CK_ULONG count = 0; CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Retrieving Slots size */ pFunctionList->C_GetMechanismList(TRUE, NULL, &count); pMechanismList = new(CK_MECHANISM_TYPE[count]); ret = pFunctionList->C_GetMechanismList(slotId, pMechanismList, &count); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&count); printf("C_GetMechanismList count: %d\n", count); for (int i = 0; i < count; i ++) d2->packInt((char *)&pMechanismList[i]); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GetMechanismInfo")) { unsigned int slotId = 0, mechanismType = 0; printf("Processing: C_GetMechanismInfo\n"); slotId = d->unpackInt(); mechanismType = d->unpackInt(); { CK_RV ret = 0; CK_MECHANISM_INFO mechanism; DataMarshalling *d2 = new DataMarshalling(client); ret = pFunctionList->C_GetMechanismInfo(slotId, mechanismType, &mechanism); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&mechanism.ulMinKeySize); d2->packInt((char *)&mechanism.ulMaxKeySize); d2->packInt((char *)&mechanism.flags); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_Login")) { CK_SESSION_HANDLE sessionId = 0; unsigned int user = 0, len = 0; CK_CHAR_PTR pin = NULL; printf("Processing: C_Login\n"); sessionId = d->unpackInt(); user = d->unpackInt(); len = d->unpackInt(); pin = (CK_CHAR_PTR) calloc(1, len + 1); if (!pin) { printf("ERROR: NO MEMORY\n"); break; } d->unpackMem((char *)pin, len); { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_Login(sessionId, user, pin, len); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_Logout")) { CK_SESSION_HANDLE sessionId = 0; printf("Processing: C_Logout\n"); sessionId = d->unpackInt(); { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_Logout(sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_FindObjectsInit")) { CK_SESSION_HANDLE sessionId = 0; unsigned int len = 0; CK_ATTRIBUTE_PTR attr = NULL; printf("Processing: C_FindObjectsInit\n"); sessionId = d->unpackInt(); len = d->unpackInt(); attr = (CK_ATTRIBUTE_PTR) calloc(len, sizeof(CK_ATTRIBUTE)); if (!attr) { printf("ERROR: NO MEMORY\n"); break; } for (int i = 0; i < len; i ++) { attr[i].type = d->unpackInt(); attr[i].ulValueLen = d->unpackInt(); attr[i].pValue = (char *)calloc(1, attr[i].ulValueLen); d->unpackMem((char *)attr[i].pValue, attr[i].ulValueLen); } { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_FindObjectsInit(sessionId, attr, len); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_FindObjects")) { CK_SESSION_HANDLE sessionId = 0; CK_OBJECT_HANDLE_PTR phObject = NULL; CK_ULONG len = 0, maxlen = 0; printf("Processing: C_FindObjects\n"); sessionId = d->unpackInt(); maxlen = d->unpackInt(); if (maxlen > 0) { phObject = new(CK_OBJECT_HANDLE[maxlen]); } { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_FindObjects(sessionId, phObject, maxlen, &len); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&len); for (int i = 0; i < len && i < maxlen; i ++) d2->packInt((char *)&phObject[i]); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GetAttributeValue")) { CK_SESSION_HANDLE sessionId = 0; CK_OBJECT_HANDLE hObject = 0; CK_ULONG len = 0; CK_ATTRIBUTE_PTR attr = NULL; printf("Processing: C_GetAttributeValue\n"); sessionId = d->unpackInt(); hObject = d->unpackInt(); len = d->unpackInt(); attr = (CK_ATTRIBUTE_PTR) calloc(len, sizeof(CK_ATTRIBUTE)); if (!attr) { printf("ERROR: NO MEM C_GetAttributeValue\n"); break; } for (int i = 0; i < len; i ++) { attr[i].type = d->unpackInt(); attr[i].ulValueLen = d->unpackInt(); attr[i].pValue = (char *)d->unpackInt(); if (attr[i].pValue != NULL) { attr[i].pValue = (char *)calloc(1, attr[i].ulValueLen); if (!attr[i].pValue) { printf("ERROR: NO MEM\n"); exit(-1); } //d->unpackMem((char *)attr[i].pValue, attr[i].ulValueLen); } } { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); ret = pFunctionList->C_GetAttributeValue(sessionId, hObject, attr, len); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); for (int i = 0; i < len; i ++) { d2->packInt((char *)&attr[i].type); d2->packInt((char *)&attr[i].ulValueLen); d2->packInt((char *)&attr[i].pValue); if (attr[i].pValue != NULL) { d2->packMem((char *)attr[i].pValue, attr[i].ulValueLen); #ifdef FUNC_DEBUG_ if (i == 2) { PCCERT_CONTEXT pCertContext; pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,((BYTE *)attr[i].pValue),attr[i].ulValueLen); printf("data len: %d\n", attr[i].ulValueLen); printf("issuer len: %d\n", pCertContext->pCertInfo->Issuer.cbData); std::wcout << byte2str(pCertContext->pCertInfo->Issuer.pbData, pCertContext->pCertInfo->Issuer.cbData); CertFreeCertificateContext(pCertContext); } #endif } } d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_FindObjectsFinal")) { CK_SESSION_HANDLE sessionId = 0; printf("Processing: C_FindObjectsFinal\n"); sessionId = d->unpackInt(); { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_FindObjectsFinal(sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_SignInit")) { CK_SESSION_HANDLE sessionId = 0; CK_MECHANISM mechanism; CK_OBJECT_HANDLE hKey; printf("Processing: C_SignInit\n"); sessionId = d->unpackInt(); hKey = d->unpackInt(); mechanism.mechanism = d->unpackInt(); mechanism.ulParameterLen = d->unpackInt(); mechanism.pParameter = NULL; { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_SignInit(sessionId, &mechanism, hKey); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_Sign")) { CK_SESSION_HANDLE sessionId = 0; char *data = NULL, *signature = NULL; CK_ULONG dataLen = 0, signatureLen = 0; printf("Processing: C_Sign\n"); sessionId = d->unpackInt(); dataLen = d->unpackInt(); data = (char *)d->unpackInt(); if (data != NULL) { data = (char *)calloc(1, dataLen); if (!data) { printf("ERROR: NO MEM C_Sign\n"); break; } d->unpackMem((char *)data, dataLen); } signatureLen = d->unpackInt(); signature = (char *)d->unpackInt(); if (signature != NULL) { signature = (char *)calloc(1, signatureLen); if (!signature) { printf("ERROR: NO MEM C_Sign\n"); break; } d->unpackMem((char *)signature, signatureLen); } { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_Sign(sessionId, (CK_BYTE_PTR)data, dataLen, (CK_BYTE_PTR)signature, &signatureLen); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&signatureLen); if (signature != NULL) d2->packMem((char *)signature, signatureLen); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_VerifyInit")) { CK_SESSION_HANDLE sessionId = 0; CK_MECHANISM mechanism; CK_OBJECT_HANDLE hKey; printf("Processing: C_VerifyInit\n"); sessionId = d->unpackInt(); hKey = d->unpackInt(); mechanism.mechanism = d->unpackInt(); mechanism.ulParameterLen = d->unpackInt(); mechanism.pParameter = NULL; { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_VerifyInit(sessionId, &mechanism, hKey); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_Verify")) { CK_SESSION_HANDLE sessionId = 0; char *data = NULL, *signature = NULL; CK_ULONG dataLen = 0, signatureLen = 0; printf("Processing: C_Verify\n"); sessionId = d->unpackInt(); dataLen = d->unpackInt(); data = (char *)d->unpackInt(); if (data != NULL) { data = (char *)calloc(1, dataLen); if (!data) { printf("ERROR: NO MEM C_Verify\n"); break; } d->unpackMem((char *)data, dataLen); } signatureLen = d->unpackInt(); signature = (char *)d->unpackInt(); if (signature != NULL) { signature = (char *)calloc(1, signatureLen); if (!signature) { printf("ERROR: NO MEM C_Verify\n"); break; } d->unpackMem((char *)signature, signatureLen); } { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_Verify(sessionId, (CK_BYTE_PTR)data, dataLen, (CK_BYTE_PTR)signature, signatureLen); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GenerateRandom")) { CK_SESSION_HANDLE sessionId = 0; char *data = NULL; CK_ULONG dataLen = 0; printf("Processing: C_GenerateRandom\n"); sessionId = d->unpackInt(); dataLen = d->unpackInt(); data = (char *)d->unpackInt(); if (data != NULL) { data = (char *)calloc(1, dataLen); if (!data) { printf("ERROR: NO MEM C_GenerateRandom\n"); break; } //d->unpackMem((char *)data, dataLen); } { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_GenerateRandom(sessionId, (CK_BYTE_PTR)data, dataLen); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); if (data != NULL) d2->packMem((char *)data, dataLen); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_SeedRandom")) { CK_SESSION_HANDLE sessionId = 0; char *data = NULL; CK_ULONG dataLen = 0; printf("Processing: C_SeedRandom\n"); sessionId = d->unpackInt(); dataLen = d->unpackInt(); data = (char *)d->unpackInt(); if (data != NULL) { data = (char *)calloc(1, dataLen); if (!data) { printf("ERROR: NO MEM C_SeedRandom\n"); break; } d->unpackMem((char *)data, dataLen); } { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_SeedRandom(sessionId, (CK_BYTE_PTR)data, dataLen); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_GetSessionInfo")) { CK_SESSION_HANDLE sessionId = 0; printf("Processing: C_GetSessionInfo\n"); sessionId = d->unpackInt(); { CK_RV ret = 0; CK_SESSION_INFO info; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_GetSessionInfo(sessionId, &info); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&info.slotID); d2->packInt((char *)&info.state); d2->packInt((char *)&info.flags); d2->packInt((char *)&info.ulDeviceError); d2->sendData(); delete d2; } } else if (!strcmp(d->getMsgType(), "C_CloseAllSessions")) { CK_SLOT_ID slotID = 0; printf("Processing: C_Logout\n"); slotID = d->unpackInt(); { CK_RV ret = 0; DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = pFunctionList->C_CloseAllSessions(slotID); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->sendData(); delete d2; } } else { pFunctionList->C_Finalize(NULL); } delete d; } }
int list_metaslot_info(boolean_t show_mechs, boolean_t verbose, mechlist_t *mechlist) { int rc = SUCCESS; CK_RV rv; CK_SLOT_INFO slot_info; CK_TOKEN_INFO token_info; CK_MECHANISM_TYPE_PTR pmech_list = NULL; CK_ULONG mech_count; int i; CK_RV (*Tmp_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR); CK_FUNCTION_LIST_PTR funcs; void *dldesc = NULL; boolean_t lib_initialized = B_FALSE; uentry_t *puent; char buf[128]; /* * Display the system-wide metaslot settings as specified * in pkcs11.conf file. */ if ((puent = getent_uef(METASLOT_KEYWORD)) == NULL) { cryptoerror(LOG_STDERR, gettext("metaslot entry doesn't exist.")); return (FAILURE); } (void) printf(gettext("System-wide Meta Slot Configuration:\n")); /* * TRANSLATION_NOTE * Strictly for appearance's sake, this line should be as long as * the length of the translated text above. */ (void) printf(gettext("------------------------------------\n")); (void) printf(gettext("Status: %s\n"), puent->flag_metaslot_enabled ? gettext("enabled") : gettext("disabled")); (void) printf(gettext("Sensitive Token Object Automatic Migrate: %s\n"), puent->flag_metaslot_auto_key_migrate ? gettext("enabled") : gettext("disabled")); bzero(buf, sizeof (buf)); if (memcmp(puent->metaslot_ks_slot, buf, SLOT_DESCRIPTION_SIZE) != 0) { (void) printf(gettext("Persistent object store slot: %s\n"), puent->metaslot_ks_slot); } if (memcmp(puent->metaslot_ks_token, buf, TOKEN_LABEL_SIZE) != 0) { (void) printf(gettext("Persistent object store token: %s\n"), puent->metaslot_ks_token); } if ((!verbose) && (!show_mechs)) { return (SUCCESS); } if (verbose) { (void) printf(gettext("\nDetailed Meta Slot Information:\n")); /* * TRANSLATION_NOTE * Strictly for appearance's sake, this line should be as * long as the length of the translated text above. */ (void) printf(gettext("-------------------------------\n")); } /* * Need to actually make calls to libpkcs11.so to get * information about metaslot. */ dldesc = dlopen(UEF_FRAME_LIB, RTLD_NOW); if (dldesc == NULL) { char *dl_error; dl_error = dlerror(); cryptodebug("Cannot load PKCS#11 framework library. " "dlerror:%s", dl_error); return (FAILURE); } /* Get the pointer to library's C_GetFunctionList() */ Tmp_C_GetFunctionList = (CK_RV(*)())dlsym(dldesc, "C_GetFunctionList"); if (Tmp_C_GetFunctionList == NULL) { cryptodebug("Cannot get the address of the C_GetFunctionList " "from framework"); rc = FAILURE; goto finish; } /* Get the provider's function list */ rv = Tmp_C_GetFunctionList(&funcs); if (rv != CKR_OK) { cryptodebug("failed to call C_GetFunctionList in " "framework library"); rc = FAILURE; goto finish; } /* Initialize this provider */ rv = funcs->C_Initialize(NULL_PTR); if (rv != CKR_OK) { cryptodebug("C_Initialize failed with error code 0x%x\n", rv); rc = FAILURE; goto finish; } else { lib_initialized = B_TRUE; } /* * We know for sure that metaslot is slot 0 in the framework, * so, we will do a C_GetSlotInfo() trying to see if it works. * If it fails with CKR_SLOT_ID_INVALID, we know that metaslot * is not really enabled. */ rv = funcs->C_GetSlotInfo(METASLOT_ID, &slot_info); if (rv == CKR_SLOT_ID_INVALID) { (void) printf(gettext("actual status: disabled.\n")); /* * Even if the -m and -v flag is supplied, there's nothing * interesting to display about metaslot since it is disabled, * so, just stop right here. */ goto finish; } if (rv != CKR_OK) { cryptodebug("C_GetSlotInfo failed with error " "code 0x%x\n", rv); rc = FAILURE; goto finish; } if (!verbose) { goto display_mechs; } (void) printf(gettext("actual status: enabled.\n")); (void) printf(gettext("Description: %.64s\n"), slot_info.slotDescription); (void) printf(gettext("Token Present: %s\n"), (slot_info.flags & CKF_TOKEN_PRESENT ? gettext("True") : gettext("False"))); rv = funcs->C_GetTokenInfo(METASLOT_ID, &token_info); if (rv != CKR_OK) { cryptodebug("C_GetTokenInfo failed with error " "code 0x%x\n", rv); rc = FAILURE; goto finish; } (void) printf(gettext("Token Label: %.32s\n" "Manufacturer ID: %.32s\n" "Model: %.16s\n" "Serial Number: %.16s\n" "Hardware Version: %d.%d\n" "Firmware Version: %d.%d\n" "UTC Time: %.16s\n" "PIN Min Length: %d\n" "PIN Max Length: %d\n"), token_info.label, token_info.manufacturerID, token_info.model, token_info.serialNumber, token_info.hardwareVersion.major, token_info.hardwareVersion.minor, token_info.firmwareVersion.major, token_info.firmwareVersion.minor, token_info.utcTime, token_info.ulMinPinLen, token_info.ulMaxPinLen); display_token_flags(token_info.flags); if (!show_mechs) { goto finish; } display_mechs: if (mechlist == NULL) { rv = funcs->C_GetMechanismList(METASLOT_ID, NULL_PTR, &mech_count); if (rv != CKR_OK) { cryptodebug("C_GetMechanismList failed with error " "code 0x%x\n", rv); rc = FAILURE; goto finish; } if (mech_count > 0) { pmech_list = malloc(mech_count * sizeof (CK_MECHANISM_TYPE)); if (pmech_list == NULL) { cryptodebug("out of memory"); rc = FAILURE; goto finish; } rv = funcs->C_GetMechanismList(METASLOT_ID, pmech_list, &mech_count); if (rv != CKR_OK) { cryptodebug("C_GetMechanismList failed with " "error code 0x%x\n", rv); rc = FAILURE; goto finish; } } } else { rc = convert_mechlist(&pmech_list, &mech_count, mechlist); if (rc != SUCCESS) { goto finish; } } (void) printf(gettext("Mechanisms:\n")); if (mech_count == 0) { /* should never be this case */ (void) printf(gettext("No mechanisms\n")); goto finish; } if (verbose) { display_verbose_mech_header(); } for (i = 0; i < mech_count; i++) { CK_MECHANISM_TYPE mech = pmech_list[i]; if (mech >= CKM_VENDOR_DEFINED) { (void) printf("%#lx", mech); } else { (void) printf("%-29s", pkcs11_mech2str(mech)); } if (verbose) { CK_MECHANISM_INFO mech_info; rv = funcs->C_GetMechanismInfo(METASLOT_ID, mech, &mech_info); if (rv != CKR_OK) { cryptodebug("C_GetMechanismInfo failed with " "error code 0x%x\n", rv); rc = FAILURE; goto finish; } display_mech_info(&mech_info); } (void) printf("\n"); } finish: if ((rc == FAILURE) && (show_mechs)) { (void) printf(gettext( "metaslot: failed to retrieve the mechanism list.\n")); } if (lib_initialized) { (void) funcs->C_Finalize(NULL_PTR); } if (dldesc != NULL) { (void) dlclose(dldesc); } if (pmech_list != NULL) { (void) free(pmech_list); } return (rc); }
// // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM) // // PURPOSE: Processes messages for the main window. // // WM_COMMAND - process the application menu // WM_PAINT - Paint the main window // WM_DESTROY - post a quit message and return // // LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) { int wmId, wmEvent; DWORD flags = 0; PAINTSTRUCT ps; HDC hdc; RECT rcClient; HMENU hmenu; // top-level menu DWORD retval = 0; switch (message) { case WM_COMMAND: wmId = LOWORD(wParam); wmEvent = HIWORD(wParam); // Parse the menu selections: switch (wmId) { case IDM_AUTOREGISTER: flags=AUTO_REGISTER; case IDM_AUTOREMOVE: if(flags==0) flags=AUTO_REMOVE; // Get the menu. if (( hmenu = GetMenu(hWnd)) == NULL) return; if( (gAutoFlags & flags) != 0) { //flag was on, turn it off CheckMenuItem(hmenu,wmId,MF_UNCHECKED|MF_BYCOMMAND); gAutoFlags -= flags; } else { CheckMenuItem(hmenu,wmId,MF_CHECKED|MF_BYCOMMAND); gAutoFlags |= flags; } break; case IDM_ABOUT: DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About); break; case IDB_REG: SendMessage(hTextEdit, EM_REPLACESEL,0, (LPARAM)"Searching for eID card..\r\n"); getcertificates(hTextEdit,gfunctions); break; case IDB_CANCEL: case IDM_EXIT: if(gStopThreads != PKCS11THREAD_STOPPED) gStopThreads = STOP_PKCS11THREAD; gfunctions->C_Finalize(NULL_PTR); break; default: return DefWindowProc(hWnd, message, wParam, lParam); } break; case WM_SIZE: GetClientRect(hWnd,&rcClient); EnumChildWindows(hWnd,ChildWindowResize, (LPARAM) &rcClient); break; case WM_PAINT: hdc = BeginPaint(hWnd, &ps); // TODO: Add any drawing code here... EndPaint(hWnd, &ps); break; case WM_DESTROY: PostQuitMessage(0); break; default: return DefWindowProc(hWnd, message, wParam, lParam); } return 0; }
// Import a newly generated RSA1024 pvt key and a certificate // to every slot and use the key to sign some data static void test_import_and_sign_all_10_RSA() { EVP_PKEY *evp; RSA *rsak; X509 *cert; ASN1_TIME *tm; CK_BYTE i, j; CK_BYTE some_data[32]; CK_BYTE e[] = {0x01, 0x00, 0x01}; CK_BYTE p[64]; CK_BYTE q[64]; CK_BYTE dp[64]; CK_BYTE dq[64]; CK_BYTE qinv[64]; BIGNUM *e_bn; CK_ULONG class_k = CKO_PRIVATE_KEY; CK_ULONG class_c = CKO_CERTIFICATE; CK_ULONG kt = CKK_RSA; CK_BYTE id = 0; CK_BYTE sig[64]; CK_ULONG recv_len; CK_BYTE value_c[3100]; CK_ULONG cert_len; CK_BYTE der_encoded[80]; CK_BYTE_PTR der_ptr; CK_BYTE_PTR r_ptr; CK_BYTE_PTR s_ptr; CK_ULONG r_len; CK_ULONG s_len; unsigned char *px; CK_ATTRIBUTE privateKeyTemplate[] = { {CKA_CLASS, &class_k, sizeof(class_k)}, {CKA_KEY_TYPE, &kt, sizeof(kt)}, {CKA_ID, &id, sizeof(id)}, {CKA_PUBLIC_EXPONENT, e, sizeof(e)}, {CKA_PRIME_1, p, sizeof(p)}, {CKA_PRIME_2, q, sizeof(q)}, {CKA_EXPONENT_1, dp, sizeof(dp)}, {CKA_EXPONENT_2, dq, sizeof(dq)}, {CKA_COEFFICIENT, qinv, sizeof(qinv)} }; CK_ATTRIBUTE publicKeyTemplate[] = { {CKA_CLASS, &class_c, sizeof(class_c)}, {CKA_ID, &id, sizeof(id)}, {CKA_VALUE, value_c, sizeof(value_c)} }; CK_OBJECT_HANDLE obj[24]; CK_SESSION_HANDLE session; CK_MECHANISM mech = {CKM_RSA_PKCS, NULL}; evp = EVP_PKEY_new(); if (evp == NULL) exit(EXIT_FAILURE); rsak = RSA_new(); if (rsak == NULL) exit(EXIT_FAILURE); e_bn = BN_bin2bn(e, 3, NULL); if (e_bn == NULL) exit(EXIT_FAILURE); asrt(RSA_generate_key_ex(rsak, 1024, e_bn, NULL), 1, "GENERATE RSAK"); asrt(BN_bn2bin(rsak->p, p), 64, "GET P"); asrt(BN_bn2bin(rsak->q, q), 64, "GET Q"); asrt(BN_bn2bin(rsak->dmp1, dp), 64, "GET DP"); asrt(BN_bn2bin(rsak->dmq1, dp), 64, "GET DQ"); asrt(BN_bn2bin(rsak->iqmp, qinv), 64, "GET QINV"); if (EVP_PKEY_set1_RSA(evp, rsak) == 0) exit(EXIT_FAILURE); cert = X509_new(); if (cert == NULL) exit(EXIT_FAILURE); if (X509_set_pubkey(cert, evp) == 0) exit(EXIT_FAILURE); tm = ASN1_TIME_new(); if (tm == NULL) exit(EXIT_FAILURE); ASN1_TIME_set_string(tm, "000001010000Z"); X509_set_notBefore(cert, tm); X509_set_notAfter(cert, tm); cert->sig_alg->algorithm = OBJ_nid2obj(8); cert->cert_info->signature->algorithm = OBJ_nid2obj(8); ASN1_BIT_STRING_set_bit(cert->signature, 8, 1); ASN1_BIT_STRING_set(cert->signature, "\x00", 1); px = value_c; if ((cert_len = (CK_ULONG) i2d_X509(cert, &px)) == 0 || cert_len > sizeof(value_c)) exit(EXIT_FAILURE); publicKeyTemplate[2].ulValueLen = cert_len; asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1"); asrt(funcs->C_Login(session, CKU_SO, "010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO"); for (i = 0; i < 24; i++) { id = i; asrt(funcs->C_CreateObject(session, publicKeyTemplate, 3, obj + i), CKR_OK, "IMPORT CERT"); asrt(funcs->C_CreateObject(session, privateKeyTemplate, 9, obj + i), CKR_OK, "IMPORT KEY"); } asrt(funcs->C_Logout(session), CKR_OK, "Logout SO"); for (i = 0; i < 24; i++) { for (j = 0; j < 10; j++) { if(RAND_pseudo_bytes(some_data, sizeof(some_data)) == -1) exit(EXIT_FAILURE); asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER"); asrt(funcs->C_SignInit(session, &mech, obj[i]), CKR_OK, "SignInit"); recv_len = sizeof(sig); asrt(funcs->C_Sign(session, some_data, sizeof(some_data), sig, &recv_len), CKR_OK, "Sign"); /* r_len = 32; */ /* s_len = 32; */ /* der_ptr = der_encoded; */ /* *der_ptr++ = 0x30; */ /* *der_ptr++ = 0xff; // placeholder, fix below */ /* r_ptr = sig; */ /* *der_ptr++ = 0x02; */ /* *der_ptr++ = r_len; */ /* if (*r_ptr >= 0x80) { */ /* *(der_ptr - 1) = *(der_ptr - 1) + 1; */ /* *der_ptr++ = 0x00; */ /* } */ /* else if (*r_ptr == 0x00 && *(r_ptr + 1) < 0x80) { */ /* r_len--; */ /* *(der_ptr - 1) = *(der_ptr - 1) - 1; */ /* r_ptr++; */ /* } */ /* memcpy(der_ptr, r_ptr, r_len); */ /* der_ptr+= r_len; */ /* s_ptr = sig + 32; */ /* *der_ptr++ = 0x02; */ /* *der_ptr++ = s_len; */ /* if (*s_ptr >= 0x80) { */ /* *(der_ptr - 1) = *(der_ptr - 1) + 1; */ /* *der_ptr++ = 0x00; */ /* } */ /* else if (*s_ptr == 0x00 && *(s_ptr + 1) < 0x80) { */ /* s_len--; */ /* *(der_ptr - 1) = *(der_ptr - 1) - 1; */ /* s_ptr++; */ /* } */ /* memcpy(der_ptr, s_ptr, s_len); */ /* der_ptr+= s_len; */ /* der_encoded[1] = der_ptr - der_encoded - 2; */ /* dump_hex(der_encoded, der_encoded[1] + 2, stderr, 1); */ /* asrt(ECDSA_verify(0, some_data, sizeof(some_data), der_encoded, der_encoded[1] + 2, eck), 1, "ECDSA VERIFICATION"); */ } } asrt(funcs->C_Logout(session), CKR_OK, "Logout USER"); asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession"); asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); }
// Import a newly generated P256 pvt key and a certificate // to every slot and use the key to sign some data static void test_import_and_sign_all_10() { EVP_PKEY *evp; EC_KEY *eck; const EC_POINT *ecp; const BIGNUM *bn; char pvt[32]; X509 *cert; ASN1_TIME *tm; CK_BYTE i, j; CK_BYTE some_data[32]; CK_ULONG class_k = CKO_PRIVATE_KEY; CK_ULONG class_c = CKO_CERTIFICATE; CK_ULONG kt = CKK_ECDSA; CK_BYTE id = 0; CK_BYTE params[] = {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}; CK_BYTE sig[64]; CK_ULONG recv_len; CK_BYTE value_c[3100]; CK_ULONG cert_len; CK_BYTE der_encoded[80]; CK_BYTE_PTR der_ptr; CK_BYTE_PTR r_ptr; CK_BYTE_PTR s_ptr; CK_ULONG r_len; CK_ULONG s_len; unsigned char *p; CK_ATTRIBUTE privateKeyTemplate[] = { {CKA_CLASS, &class_k, sizeof(class_k)}, {CKA_KEY_TYPE, &kt, sizeof(kt)}, {CKA_ID, &id, sizeof(id)}, {CKA_EC_PARAMS, ¶ms, sizeof(params)}, {CKA_VALUE, pvt, sizeof(pvt)} }; CK_ATTRIBUTE publicKeyTemplate[] = { {CKA_CLASS, &class_c, sizeof(class_c)}, {CKA_ID, &id, sizeof(id)}, {CKA_VALUE, value_c, sizeof(value_c)} }; CK_OBJECT_HANDLE obj[24]; CK_SESSION_HANDLE session; CK_MECHANISM mech = {CKM_ECDSA, NULL}; evp = EVP_PKEY_new(); if (evp == NULL) exit(EXIT_FAILURE); eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); if (eck == NULL) exit(EXIT_FAILURE); asrt(EC_KEY_generate_key(eck), 1, "GENERATE ECK"); bn = EC_KEY_get0_private_key(eck); asrt(BN_bn2bin(bn, pvt), 32, "EXTRACT PVT"); if (EVP_PKEY_set1_EC_KEY(evp, eck) == 0) exit(EXIT_FAILURE); cert = X509_new(); if (cert == NULL) exit(EXIT_FAILURE); if (X509_set_pubkey(cert, evp) == 0) exit(EXIT_FAILURE); tm = ASN1_TIME_new(); if (tm == NULL) exit(EXIT_FAILURE); ASN1_TIME_set_string(tm, "000001010000Z"); X509_set_notBefore(cert, tm); X509_set_notAfter(cert, tm); cert->sig_alg->algorithm = OBJ_nid2obj(8); cert->cert_info->signature->algorithm = OBJ_nid2obj(8); ASN1_BIT_STRING_set_bit(cert->signature, 8, 1); ASN1_BIT_STRING_set(cert->signature, "\x00", 1); p = value_c; if ((cert_len = (CK_ULONG) i2d_X509(cert, &p)) == 0 || cert_len > sizeof(value_c)) exit(EXIT_FAILURE); publicKeyTemplate[2].ulValueLen = cert_len; asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1"); asrt(funcs->C_Login(session, CKU_SO, "010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO"); for (i = 0; i < 24; i++) { id = i; asrt(funcs->C_CreateObject(session, publicKeyTemplate, 3, obj + i), CKR_OK, "IMPORT CERT"); asrt(funcs->C_CreateObject(session, privateKeyTemplate, 5, obj + i), CKR_OK, "IMPORT KEY"); } asrt(funcs->C_Logout(session), CKR_OK, "Logout SO"); for (i = 0; i < 24; i++) { for (j = 0; j < 10; j++) { if(RAND_pseudo_bytes(some_data, sizeof(some_data)) == -1) exit(EXIT_FAILURE); asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER"); asrt(funcs->C_SignInit(session, &mech, obj[i]), CKR_OK, "SignInit"); recv_len = sizeof(sig); asrt(funcs->C_Sign(session, some_data, sizeof(some_data), sig, &recv_len), CKR_OK, "Sign"); r_len = 32; s_len = 32; der_ptr = der_encoded; *der_ptr++ = 0x30; *der_ptr++ = 0xff; // placeholder, fix below r_ptr = sig; *der_ptr++ = 0x02; *der_ptr++ = r_len; if (*r_ptr >= 0x80) { *(der_ptr - 1) = *(der_ptr - 1) + 1; *der_ptr++ = 0x00; } else if (*r_ptr == 0x00 && *(r_ptr + 1) < 0x80) { r_len--; *(der_ptr - 1) = *(der_ptr - 1) - 1; r_ptr++; } memcpy(der_ptr, r_ptr, r_len); der_ptr+= r_len; s_ptr = sig + 32; *der_ptr++ = 0x02; *der_ptr++ = s_len; if (*s_ptr >= 0x80) { *(der_ptr - 1) = *(der_ptr - 1) + 1; *der_ptr++ = 0x00; } else if (*s_ptr == 0x00 && *(s_ptr + 1) < 0x80) { s_len--; *(der_ptr - 1) = *(der_ptr - 1) - 1; s_ptr++; } memcpy(der_ptr, s_ptr, s_len); der_ptr+= s_len; der_encoded[1] = der_ptr - der_encoded - 2; dump_hex(der_encoded, der_encoded[1] + 2, stderr, 1); asrt(ECDSA_verify(0, some_data, sizeof(some_data), der_encoded, der_encoded[1] + 2, eck), 1, "ECDSA VERIFICATION"); } } asrt(funcs->C_Logout(session), CKR_OK, "Logout USER"); asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession"); asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); }
static void test_mechanism_list_and_info() { CK_MECHANISM_TYPE_PTR mechs; CK_ULONG n_mechs; CK_MECHANISM_INFO info; CK_ULONG i; static const CK_MECHANISM_TYPE token_mechanisms[] = { CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_PKCS_PSS, CKM_RSA_X_509, CKM_SHA1_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_SHA1_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS, CKM_EC_KEY_PAIR_GEN, CKM_ECDSA, CKM_ECDSA_SHA1, CKM_ECDSA_SHA256, CKM_SHA_1, CKM_SHA256, CKM_SHA384, CKM_SHA512 }; static const CK_MECHANISM_INFO token_mechanism_infos[] = { // KEEP ALIGNED WITH token_mechanisms {1024, 2048, CKF_HW | CKF_GENERATE_KEY_PAIR}, {1024, 2048, CKF_HW | CKF_DECRYPT | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_DECRYPT | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {1024, 2048, CKF_HW | CKF_SIGN}, {256, 384, CKF_HW | CKF_GENERATE_KEY_PAIR}, {256, 384, CKF_HW | CKF_SIGN}, {256, 384, CKF_HW | CKF_SIGN}, {256, 384, CKF_HW | CKF_SIGN}, {0, 0, CKF_DIGEST}, {0, 0, CKF_DIGEST}, {0, 0, CKF_DIGEST}, {0, 0, CKF_DIGEST} }; asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); asrt(funcs->C_GetMechanismList(0, NULL, &n_mechs), CKR_OK, "GetMechanismList"); mechs = malloc(n_mechs * sizeof(CK_MECHANISM_TYPE)); asrt(funcs->C_GetMechanismList(0, mechs, &n_mechs), CKR_OK, "GetMechanismList"); asrt(memcmp(token_mechanisms, mechs, sizeof(token_mechanisms)), 0, "CHECK MECHS"); for (i = 0; i < n_mechs; i++) { asrt(funcs->C_GetMechanismInfo(0, mechs[i], &info), CKR_OK, "GET MECH INFO"); asrt(memcmp(token_mechanism_infos + i, &info, sizeof(CK_MECHANISM_INFO)), 0, "CHECK MECH INFO"); } asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); }