static void
test_initialize_multiple (void)
{
CK_FUNCTION_LIST_PTR proxy;
CK_RV rv;
rv = C_GetFunctionList (&proxy);
assert (rv == CKR_OK);
assert (p11_proxy_module_check (proxy));
rv = proxy->C_Initialize (NULL);
assert (rv == CKR_OK);
rv = proxy->C_Initialize (NULL);
assert (rv == CKR_OK);
rv = proxy->C_Finalize (NULL);
assert (rv == CKR_OK);
rv = proxy->C_Finalize (NULL);
assert (rv == CKR_OK);
rv = proxy->C_Finalize (NULL);
assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED);
p11_proxy_module_cleanup ();
}
static void test_initalize() {
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE");
}
static void
teardown_mock_module (CK_FUNCTION_LIST_PTR module)
{
CK_RV rv;
rv = module->C_Finalize (NULL);
assert (rv == CKR_OK);
}
static void
test_initialize_finalize (void)
{
CK_FUNCTION_LIST_PTR proxy;
CK_RV rv;
rv = C_GetFunctionList (&proxy);
assert (rv == CKR_OK);
assert (p11_proxy_module_check (proxy));
rv = proxy->C_Initialize (NULL);
assert (rv == CKR_OK);
rv = proxy->C_Finalize (NULL);
assert_num_eq (rv, CKR_OK);
p11_proxy_module_cleanup ();
}
static void test_login() {
CK_SESSION_HANDLE session;
CK_SESSION_INFO info;
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1");
asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER");
asrt(funcs->C_Logout(session), CKR_OK, "Logout USER");
asrt(funcs->C_Login(session, CKU_SO, "010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO");
asrt(funcs->C_Logout(session), CKR_OK, "Logout SO");
asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession");
asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE");
}
CK_RV pkcs11_close(FILE *err, CK_FUNCTION_LIST_PTR funcs, CK_SESSION_HANDLE h_session)
{
CK_RV rc = funcs->C_Logout(h_session);
if (rc != CKR_OK) {
show_error(err, "C_Logout", rc);
return rc;
}
rc = funcs->C_CloseSession(h_session);
if (rc != CKR_OK) {
show_error(err, "C_CloseSession", rc);
return rc;
}
rc = funcs->C_Finalize(NULL);
if (rc != CKR_OK) {
show_error(err, "C_Finalize", rc);
return rc;
}
return rc;
}
static void test_token_info() {
const CK_CHAR_PTR TOKEN_LABEL = "YubiKey PIV";
const CK_CHAR_PTR TOKEN_MODEL = "YubiKey "; // Skip last 3 characters (version dependent)
const CK_CHAR_PTR TOKEN_SERIAL = "1234";
const CK_FLAGS TOKEN_FLAGS = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED;
const CK_VERSION HW = {0, 0};
const CK_CHAR_PTR TOKEN_TIME = " ";
CK_TOKEN_INFO info;
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
asrt(funcs->C_GetTokenInfo(0, &info), CKR_OK, "GetTokeninfo");
asrt(strncmp(info.label, TOKEN_LABEL, strlen(TOKEN_LABEL)), 0, "TOKEN_LABEL");
// Skip manufacturer id (not used)
asrt(strncmp(info.model, TOKEN_MODEL, strlen(TOKEN_MODEL)), 0, "TOKEN_MODEL");
asrt(strncmp(info.serialNumber, TOKEN_SERIAL, strlen(TOKEN_SERIAL)), 0, "SERIAL_NUMBER");
asrt(info.flags, TOKEN_FLAGS, "TOKEN_FLAGS");
asrt(info.ulMaxSessionCount, CK_UNAVAILABLE_INFORMATION, "MAX_SESSION_COUNT");
asrt(info.ulSessionCount, CK_UNAVAILABLE_INFORMATION, "SESSION_COUNT");
asrt(info.ulMaxRwSessionCount, CK_UNAVAILABLE_INFORMATION, "MAX_RW_SESSION_COUNT");
asrt(info.ulRwSessionCount, CK_UNAVAILABLE_INFORMATION, "RW_SESSION_COUNT");
asrt(info.ulMaxPinLen, 8, "MAX_PIN_LEN");
asrt(info.ulMinPinLen, 6, "MIN_PIN_LEN");
asrt(info.ulTotalPublicMemory, CK_UNAVAILABLE_INFORMATION, "TOTAL_PUB_MEM");
asrt(info.ulFreePublicMemory, CK_UNAVAILABLE_INFORMATION, "FREE_PUB_MEM");
asrt(info.ulTotalPrivateMemory, CK_UNAVAILABLE_INFORMATION, "TOTAL_PVT_MEM");
asrt(info.ulFreePrivateMemory, CK_UNAVAILABLE_INFORMATION, "FREE_PVT_MEM");
asrt(info.hardwareVersion.major, HW.major, "HW_MAJ");
asrt(info.hardwareVersion.minor, HW.minor, "HW_MIN");
if (info.firmwareVersion.major != 4 && info.firmwareVersion.major != 0)
asrt(info.firmwareVersion.major, 4, "FW_MAJ");
asrt(strcmp(info.utcTime, TOKEN_TIME), 0, "TOKEN_TIME");
asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE");
}
static void test_session() {
CK_SESSION_HANDLE session;
CK_SESSION_INFO info;
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1");
asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession");
asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession2");
asrt(funcs->C_GetSessionInfo(session, &info), CKR_OK, "GetSessionInfo");
asrt(info.state, CKS_RW_PUBLIC_SESSION, "CHECK STATE");
asrt(info.flags, CKF_SERIAL_SESSION | CKF_RW_SESSION, "CHECK FLAGS");
asrt(info.ulDeviceError, 0, "CHECK DEVICE ERROR");
asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession");
asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession3");
asrt(funcs->C_CloseAllSessions(0), CKR_OK, "CloseAllSessions");
asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE");
}
// The main function
int main(int argc, char* argv[])
{
int option_index = 0;
int opt;
char* dbPath = NULL;
char* userPIN = NULL;
char* module = NULL;
char* slot = NULL;
char* serial = NULL;
char* token = NULL;
char *errMsg = NULL;
int noPublicKey = 0;
int result = 0;
CK_RV rv;
moduleHandle = NULL;
p11 = NULL;
CK_SLOT_ID slotID = 0;
if (argc == 1)
{
usage();
exit(0);
}
while ((opt = getopt_long(argc, argv, "hv", long_options, &option_index)) != -1)
{
switch (opt)
{
case OPT_DB:
dbPath = optarg;
break;
case OPT_SLOT:
slot = optarg;
break;
case OPT_SERIAL:
serial = optarg;
break;
case OPT_TOKEN:
token = optarg;
break;
case OPT_MODULE:
module = optarg;
break;
case OPT_NO_PUBLIC_KEY:
noPublicKey = 1;
break;
case OPT_PIN:
userPIN = optarg;
break;
case OPT_VERSION:
case 'v':
printf("%s\n", PACKAGE_VERSION);
exit(0);
break;
case OPT_HELP:
case 'h':
default:
usage();
exit(0);
break;
}
}
// Get a pointer to the function list for PKCS#11 library
CK_C_GetFunctionList pGetFunctionList = loadLibrary(module, &moduleHandle, &errMsg);
if (pGetFunctionList == NULL)
{
fprintf(stderr, "ERROR: Could not load the library: %s\n", errMsg);
exit(1);
}
// Load the function list
(*pGetFunctionList)(&p11);
// Initialize the library
rv = p11->C_Initialize(NULL_PTR);
if (rv != CKR_OK)
{
fprintf(stderr, "ERROR: Could not initialize the library.\n");
exit(1);
}
// Get the slotID
result = findSlot(slot, serial, token, slotID);
if (!result)
{
// Migrate the database
result = migrate(dbPath, slotID, userPIN, noPublicKey);
}
// Finalize the library
p11->C_Finalize(NULL_PTR);
unloadLibrary(moduleHandle);
return result;
}
void
processRequest(int client)
{
DataMarshalling *d = NULL;
while (1) {
d = new DataMarshalling(client);
d->recvData();
if (!strcmp(d->getMsgType(), "C_Initialize")) {
int p = 0;
printf("Processing: C_Initialize\n");
p = d->unpackInt();
if (p == 0)
pFunctionList->C_Initialize(NULL);
else {
printf("ERROR: C_Initialize shouldn't be called with not NULL\n");
}
} else if (!strcmp(d->getMsgType(), "C_Finalize")) {
int p = 0;
CK_RV ret = 0;
printf("Processing: C_Finalize\n");
p = d->unpackInt();
if (p == NULL) {
ret = pFunctionList->C_Finalize(NULL);
} else {
printf("ERROR: C_Finalize shouldn't be called with not NULL\n");
ret = CKR_CANCEL;
}
{
CK_ULONG count = 0;
DataMarshalling *d2 = new DataMarshalling(client);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
break;
} else if (!strcmp(d->getMsgType(), "C_GetSlotList")) {
int p = 0;
printf("Processing: C_GetSlotList\n");
p = d->unpackInt();
if (p == 0) {
CK_ULONG count = 0;
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Retrieving Slots size
*/
ret = pFunctionList->C_GetSlotList(TRUE, NULL, &count);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&count);
d2->sendData();
delete d2;
} else {
CK_ULONG count = 0;
CK_SLOT_ID_PTR slot = NULL;
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Retrieving Slots size
*/
pFunctionList->C_GetSlotList(TRUE, NULL, &count);
slot = new(CK_SLOT_ID[count]);
ret = pFunctionList->C_GetSlotList(TRUE, slot, &count);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&count);
for (int i = 0; i < count; i ++)
d2->packInt((char *)&slot[i]);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_OpenSession")) {
unsigned int slotId = 0, flags = 0;
CK_SESSION_HANDLE sessionId = 0;
printf("Processing: C_OpenSession\n");
slotId = d->unpackInt();
flags = d->unpackInt();
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_OpenSession(slotId, flags, NULL, NULL, &sessionId);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&sessionId);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_CloseSession")) {
CK_SESSION_HANDLE sessionId = 0;
printf("Processing: C_CloseSession\n");
sessionId = d->unpackInt();
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_CloseSession(sessionId);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GetInfo")) {
unsigned int slotId = 0, flags = 0;
CK_SESSION_HANDLE sessionId = 0;
CK_INFO info;
printf("Processing: C_GetInfo\n");
slotId = d->unpackInt();
{
CK_RV ret = 0;
CK_TOKEN_INFO token;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_GetInfo(&info);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packChar(info.cryptokiVersion.major);
d2->packChar(info.cryptokiVersion.minor);
d2->packMem((char *)info.manufacturerID, 32);
d2->packInt((char *)&info.flags);
d2->packMem((char *)info.libraryDescription, 32);
d2->packChar(info.libraryVersion.major);
d2->packChar(info.libraryVersion.minor);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GetSlotInfo")) {
unsigned int slotId = 0, flags = 0;
CK_SESSION_HANDLE sessionId = 0;
printf("Processing: C_GetSlotInfo\n");
slotId = d->unpackInt();
{
CK_RV ret = 0;
CK_SLOT_INFO slot;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_GetSlotInfo(slotId, &slot);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packMem((char *)slot.slotDescription, 64);
d2->packMem((char *)slot.manufacturerID, 32);
d2->packInt((char *)&slot.flags);
d2->packChar(slot.hardwareVersion.major);
d2->packChar(slot.hardwareVersion.minor);
d2->packChar(slot.firmwareVersion.major);
d2->packChar(slot.firmwareVersion.minor);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GetTokenInfo")) {
unsigned int slotId = 0, flags = 0;
CK_SESSION_HANDLE sessionId = 0;
printf("Processing: C_GetTokenInfo\n");
slotId = d->unpackInt();
{
CK_RV ret = 0;
CK_TOKEN_INFO token;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_GetTokenInfo(slotId, &token);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packMem((char *)token.label, 32);
d2->packMem((char *)token.manufacturerID, 32);
d2->packMem((char *)token.model, 16);
d2->packMem((char *)token.serialNumber, 16);
d2->packInt((char *)&token.flags);
d2->packInt((char *)&token.ulMaxSessionCount);
d2->packInt((char *)&token.ulSessionCount);
d2->packInt((char *)&token.ulMaxRwSessionCount);
d2->packInt((char *)&token.ulRwSessionCount);
d2->packInt((char *)&token.ulMaxPinLen);
d2->packInt((char *)&token.ulMinPinLen);
d2->packInt((char *)&token.ulTotalPublicMemory);
d2->packInt((char *)&token.ulFreePublicMemory);
d2->packInt((char *)&token.ulTotalPrivateMemory);
d2->packInt((char *)&token.ulFreePrivateMemory);
d2->packChar(token.hardwareVersion.major);
d2->packChar(token.hardwareVersion.minor);
d2->packChar(token.firmwareVersion.major);
d2->packChar(token.firmwareVersion.minor);
d2->packMem((char *)token.utcTime, 16);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GetMechanismList")) {
unsigned int slotId = 0;
CK_MECHANISM_TYPE_PTR pMechanismList = NULL;
printf("Processing: C_GetMechanismList\n");
slotId = d->unpackInt();
pMechanismList = (CK_MECHANISM_TYPE_PTR)d->unpackInt();
if (pMechanismList == NULL) {
CK_ULONG count = 0;
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Retrieving Slots size
*/
ret = pFunctionList->C_GetMechanismList(slotId, pMechanismList, &count);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&count);
printf("C_GetMechanismList count: %d\n", count);
d2->sendData();
delete d2;
} else {
CK_ULONG count = 0;
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Retrieving Slots size
*/
pFunctionList->C_GetMechanismList(TRUE, NULL, &count);
pMechanismList = new(CK_MECHANISM_TYPE[count]);
ret = pFunctionList->C_GetMechanismList(slotId, pMechanismList, &count);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&count);
printf("C_GetMechanismList count: %d\n", count);
for (int i = 0; i < count; i ++)
d2->packInt((char *)&pMechanismList[i]);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GetMechanismInfo")) {
unsigned int slotId = 0, mechanismType = 0;
printf("Processing: C_GetMechanismInfo\n");
slotId = d->unpackInt();
mechanismType = d->unpackInt();
{
CK_RV ret = 0;
CK_MECHANISM_INFO mechanism;
DataMarshalling *d2 = new DataMarshalling(client);
ret = pFunctionList->C_GetMechanismInfo(slotId, mechanismType, &mechanism);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&mechanism.ulMinKeySize);
d2->packInt((char *)&mechanism.ulMaxKeySize);
d2->packInt((char *)&mechanism.flags);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_Login")) {
CK_SESSION_HANDLE sessionId = 0;
unsigned int user = 0, len = 0;
CK_CHAR_PTR pin = NULL;
printf("Processing: C_Login\n");
sessionId = d->unpackInt();
user = d->unpackInt();
len = d->unpackInt();
pin = (CK_CHAR_PTR) calloc(1, len + 1);
if (!pin) {
printf("ERROR: NO MEMORY\n");
break;
}
d->unpackMem((char *)pin, len);
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_Login(sessionId, user, pin, len);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_Logout")) {
CK_SESSION_HANDLE sessionId = 0;
printf("Processing: C_Logout\n");
sessionId = d->unpackInt();
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_Logout(sessionId);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_FindObjectsInit")) {
CK_SESSION_HANDLE sessionId = 0;
unsigned int len = 0;
CK_ATTRIBUTE_PTR attr = NULL;
printf("Processing: C_FindObjectsInit\n");
sessionId = d->unpackInt();
len = d->unpackInt();
attr = (CK_ATTRIBUTE_PTR) calloc(len, sizeof(CK_ATTRIBUTE));
if (!attr) {
printf("ERROR: NO MEMORY\n");
break;
}
for (int i = 0; i < len; i ++) {
attr[i].type = d->unpackInt();
attr[i].ulValueLen = d->unpackInt();
attr[i].pValue = (char *)calloc(1, attr[i].ulValueLen);
d->unpackMem((char *)attr[i].pValue, attr[i].ulValueLen);
}
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_FindObjectsInit(sessionId, attr, len);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_FindObjects")) {
CK_SESSION_HANDLE sessionId = 0;
CK_OBJECT_HANDLE_PTR phObject = NULL;
CK_ULONG len = 0, maxlen = 0;
printf("Processing: C_FindObjects\n");
sessionId = d->unpackInt();
maxlen = d->unpackInt();
if (maxlen > 0) {
phObject = new(CK_OBJECT_HANDLE[maxlen]);
}
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_FindObjects(sessionId, phObject, maxlen, &len);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&len);
for (int i = 0; i < len && i < maxlen; i ++)
d2->packInt((char *)&phObject[i]);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GetAttributeValue")) {
CK_SESSION_HANDLE sessionId = 0;
CK_OBJECT_HANDLE hObject = 0;
CK_ULONG len = 0;
CK_ATTRIBUTE_PTR attr = NULL;
printf("Processing: C_GetAttributeValue\n");
sessionId = d->unpackInt();
hObject = d->unpackInt();
len = d->unpackInt();
attr = (CK_ATTRIBUTE_PTR) calloc(len, sizeof(CK_ATTRIBUTE));
if (!attr) {
printf("ERROR: NO MEM C_GetAttributeValue\n");
break;
}
for (int i = 0; i < len; i ++) {
attr[i].type = d->unpackInt();
attr[i].ulValueLen = d->unpackInt();
attr[i].pValue = (char *)d->unpackInt();
if (attr[i].pValue != NULL) {
attr[i].pValue = (char *)calloc(1, attr[i].ulValueLen);
if (!attr[i].pValue) {
printf("ERROR: NO MEM\n");
exit(-1);
}
//d->unpackMem((char *)attr[i].pValue, attr[i].ulValueLen);
}
}
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
ret = pFunctionList->C_GetAttributeValue(sessionId, hObject, attr, len);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
for (int i = 0; i < len; i ++) {
d2->packInt((char *)&attr[i].type);
d2->packInt((char *)&attr[i].ulValueLen);
d2->packInt((char *)&attr[i].pValue);
if (attr[i].pValue != NULL) {
d2->packMem((char *)attr[i].pValue, attr[i].ulValueLen);
#ifdef FUNC_DEBUG_
if (i == 2) {
PCCERT_CONTEXT pCertContext;
pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING,((BYTE *)attr[i].pValue),attr[i].ulValueLen);
printf("data len: %d\n", attr[i].ulValueLen);
printf("issuer len: %d\n", pCertContext->pCertInfo->Issuer.cbData);
std::wcout << byte2str(pCertContext->pCertInfo->Issuer.pbData, pCertContext->pCertInfo->Issuer.cbData);
CertFreeCertificateContext(pCertContext);
}
#endif
}
}
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_FindObjectsFinal")) {
CK_SESSION_HANDLE sessionId = 0;
printf("Processing: C_FindObjectsFinal\n");
sessionId = d->unpackInt();
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_FindObjectsFinal(sessionId);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_SignInit")) {
CK_SESSION_HANDLE sessionId = 0;
CK_MECHANISM mechanism;
CK_OBJECT_HANDLE hKey;
printf("Processing: C_SignInit\n");
sessionId = d->unpackInt();
hKey = d->unpackInt();
mechanism.mechanism = d->unpackInt();
mechanism.ulParameterLen = d->unpackInt();
mechanism.pParameter = NULL;
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_SignInit(sessionId, &mechanism, hKey);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_Sign")) {
CK_SESSION_HANDLE sessionId = 0;
char *data = NULL, *signature = NULL;
CK_ULONG dataLen = 0, signatureLen = 0;
printf("Processing: C_Sign\n");
sessionId = d->unpackInt();
dataLen = d->unpackInt();
data = (char *)d->unpackInt();
if (data != NULL) {
data = (char *)calloc(1, dataLen);
if (!data) {
printf("ERROR: NO MEM C_Sign\n");
break;
}
d->unpackMem((char *)data, dataLen);
}
signatureLen = d->unpackInt();
signature = (char *)d->unpackInt();
if (signature != NULL) {
signature = (char *)calloc(1, signatureLen);
if (!signature) {
printf("ERROR: NO MEM C_Sign\n");
break;
}
d->unpackMem((char *)signature, signatureLen);
}
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_Sign(sessionId, (CK_BYTE_PTR)data, dataLen, (CK_BYTE_PTR)signature, &signatureLen);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&signatureLen);
if (signature != NULL)
d2->packMem((char *)signature, signatureLen);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_VerifyInit")) {
CK_SESSION_HANDLE sessionId = 0;
CK_MECHANISM mechanism;
CK_OBJECT_HANDLE hKey;
printf("Processing: C_VerifyInit\n");
sessionId = d->unpackInt();
hKey = d->unpackInt();
mechanism.mechanism = d->unpackInt();
mechanism.ulParameterLen = d->unpackInt();
mechanism.pParameter = NULL;
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_VerifyInit(sessionId, &mechanism, hKey);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_Verify")) {
CK_SESSION_HANDLE sessionId = 0;
char *data = NULL, *signature = NULL;
CK_ULONG dataLen = 0, signatureLen = 0;
printf("Processing: C_Verify\n");
sessionId = d->unpackInt();
dataLen = d->unpackInt();
data = (char *)d->unpackInt();
if (data != NULL) {
data = (char *)calloc(1, dataLen);
if (!data) {
printf("ERROR: NO MEM C_Verify\n");
break;
}
d->unpackMem((char *)data, dataLen);
}
signatureLen = d->unpackInt();
signature = (char *)d->unpackInt();
if (signature != NULL) {
signature = (char *)calloc(1, signatureLen);
if (!signature) {
printf("ERROR: NO MEM C_Verify\n");
break;
}
d->unpackMem((char *)signature, signatureLen);
}
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_Verify(sessionId, (CK_BYTE_PTR)data, dataLen, (CK_BYTE_PTR)signature, signatureLen);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GenerateRandom")) {
CK_SESSION_HANDLE sessionId = 0;
char *data = NULL;
CK_ULONG dataLen = 0;
printf("Processing: C_GenerateRandom\n");
sessionId = d->unpackInt();
dataLen = d->unpackInt();
data = (char *)d->unpackInt();
if (data != NULL) {
data = (char *)calloc(1, dataLen);
if (!data) {
printf("ERROR: NO MEM C_GenerateRandom\n");
break;
}
//d->unpackMem((char *)data, dataLen);
}
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_GenerateRandom(sessionId, (CK_BYTE_PTR)data, dataLen);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
if (data != NULL)
d2->packMem((char *)data, dataLen);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_SeedRandom")) {
CK_SESSION_HANDLE sessionId = 0;
char *data = NULL;
CK_ULONG dataLen = 0;
printf("Processing: C_SeedRandom\n");
sessionId = d->unpackInt();
dataLen = d->unpackInt();
data = (char *)d->unpackInt();
if (data != NULL) {
data = (char *)calloc(1, dataLen);
if (!data) {
printf("ERROR: NO MEM C_SeedRandom\n");
break;
}
d->unpackMem((char *)data, dataLen);
}
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_SeedRandom(sessionId, (CK_BYTE_PTR)data, dataLen);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_GetSessionInfo")) {
CK_SESSION_HANDLE sessionId = 0;
printf("Processing: C_GetSessionInfo\n");
sessionId = d->unpackInt();
{
CK_RV ret = 0;
CK_SESSION_INFO info;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_GetSessionInfo(sessionId, &info);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->packInt((char *)&info.slotID);
d2->packInt((char *)&info.state);
d2->packInt((char *)&info.flags);
d2->packInt((char *)&info.ulDeviceError);
d2->sendData();
delete d2;
}
} else if (!strcmp(d->getMsgType(), "C_CloseAllSessions")) {
CK_SLOT_ID slotID = 0;
printf("Processing: C_Logout\n");
slotID = d->unpackInt();
{
CK_RV ret = 0;
DataMarshalling *d2 = new DataMarshalling(client);
/*
* Opening session
*/
ret = pFunctionList->C_CloseAllSessions(slotID);
d2->setMsgType(d->getMsgType());
d2->packInt((char *)&ret);
d2->sendData();
delete d2;
}
} else {
pFunctionList->C_Finalize(NULL);
}
delete d;
}
}
int
list_metaslot_info(boolean_t show_mechs, boolean_t verbose,
mechlist_t *mechlist)
{
int rc = SUCCESS;
CK_RV rv;
CK_SLOT_INFO slot_info;
CK_TOKEN_INFO token_info;
CK_MECHANISM_TYPE_PTR pmech_list = NULL;
CK_ULONG mech_count;
int i;
CK_RV (*Tmp_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR);
CK_FUNCTION_LIST_PTR funcs;
void *dldesc = NULL;
boolean_t lib_initialized = B_FALSE;
uentry_t *puent;
char buf[128];
/*
* Display the system-wide metaslot settings as specified
* in pkcs11.conf file.
*/
if ((puent = getent_uef(METASLOT_KEYWORD)) == NULL) {
cryptoerror(LOG_STDERR,
gettext("metaslot entry doesn't exist."));
return (FAILURE);
}
(void) printf(gettext("System-wide Meta Slot Configuration:\n"));
/*
* TRANSLATION_NOTE
* Strictly for appearance's sake, this line should be as long as
* the length of the translated text above.
*/
(void) printf(gettext("------------------------------------\n"));
(void) printf(gettext("Status: %s\n"), puent->flag_metaslot_enabled ?
gettext("enabled") : gettext("disabled"));
(void) printf(gettext("Sensitive Token Object Automatic Migrate: %s\n"),
puent->flag_metaslot_auto_key_migrate ? gettext("enabled") :
gettext("disabled"));
bzero(buf, sizeof (buf));
if (memcmp(puent->metaslot_ks_slot, buf, SLOT_DESCRIPTION_SIZE) != 0) {
(void) printf(gettext("Persistent object store slot: %s\n"),
puent->metaslot_ks_slot);
}
if (memcmp(puent->metaslot_ks_token, buf, TOKEN_LABEL_SIZE) != 0) {
(void) printf(gettext("Persistent object store token: %s\n"),
puent->metaslot_ks_token);
}
if ((!verbose) && (!show_mechs)) {
return (SUCCESS);
}
if (verbose) {
(void) printf(gettext("\nDetailed Meta Slot Information:\n"));
/*
* TRANSLATION_NOTE
* Strictly for appearance's sake, this line should be as
* long as the length of the translated text above.
*/
(void) printf(gettext("-------------------------------\n"));
}
/*
* Need to actually make calls to libpkcs11.so to get
* information about metaslot.
*/
dldesc = dlopen(UEF_FRAME_LIB, RTLD_NOW);
if (dldesc == NULL) {
char *dl_error;
dl_error = dlerror();
cryptodebug("Cannot load PKCS#11 framework library. "
"dlerror:%s", dl_error);
return (FAILURE);
}
/* Get the pointer to library's C_GetFunctionList() */
Tmp_C_GetFunctionList = (CK_RV(*)())dlsym(dldesc, "C_GetFunctionList");
if (Tmp_C_GetFunctionList == NULL) {
cryptodebug("Cannot get the address of the C_GetFunctionList "
"from framework");
rc = FAILURE;
goto finish;
}
/* Get the provider's function list */
rv = Tmp_C_GetFunctionList(&funcs);
if (rv != CKR_OK) {
cryptodebug("failed to call C_GetFunctionList in "
"framework library");
rc = FAILURE;
goto finish;
}
/* Initialize this provider */
rv = funcs->C_Initialize(NULL_PTR);
if (rv != CKR_OK) {
cryptodebug("C_Initialize failed with error code 0x%x\n", rv);
rc = FAILURE;
goto finish;
} else {
lib_initialized = B_TRUE;
}
/*
* We know for sure that metaslot is slot 0 in the framework,
* so, we will do a C_GetSlotInfo() trying to see if it works.
* If it fails with CKR_SLOT_ID_INVALID, we know that metaslot
* is not really enabled.
*/
rv = funcs->C_GetSlotInfo(METASLOT_ID, &slot_info);
if (rv == CKR_SLOT_ID_INVALID) {
(void) printf(gettext("actual status: disabled.\n"));
/*
* Even if the -m and -v flag is supplied, there's nothing
* interesting to display about metaslot since it is disabled,
* so, just stop right here.
*/
goto finish;
}
if (rv != CKR_OK) {
cryptodebug("C_GetSlotInfo failed with error "
"code 0x%x\n", rv);
rc = FAILURE;
goto finish;
}
if (!verbose) {
goto display_mechs;
}
(void) printf(gettext("actual status: enabled.\n"));
(void) printf(gettext("Description: %.64s\n"),
slot_info.slotDescription);
(void) printf(gettext("Token Present: %s\n"),
(slot_info.flags & CKF_TOKEN_PRESENT ?
gettext("True") : gettext("False")));
rv = funcs->C_GetTokenInfo(METASLOT_ID, &token_info);
if (rv != CKR_OK) {
cryptodebug("C_GetTokenInfo failed with error "
"code 0x%x\n", rv);
rc = FAILURE;
goto finish;
}
(void) printf(gettext("Token Label: %.32s\n"
"Manufacturer ID: %.32s\n"
"Model: %.16s\n"
"Serial Number: %.16s\n"
"Hardware Version: %d.%d\n"
"Firmware Version: %d.%d\n"
"UTC Time: %.16s\n"
"PIN Min Length: %d\n"
"PIN Max Length: %d\n"),
token_info.label,
token_info.manufacturerID,
token_info.model,
token_info.serialNumber,
token_info.hardwareVersion.major,
token_info.hardwareVersion.minor,
token_info.firmwareVersion.major,
token_info.firmwareVersion.minor,
token_info.utcTime,
token_info.ulMinPinLen,
token_info.ulMaxPinLen);
display_token_flags(token_info.flags);
if (!show_mechs) {
goto finish;
}
display_mechs:
if (mechlist == NULL) {
rv = funcs->C_GetMechanismList(METASLOT_ID, NULL_PTR,
&mech_count);
if (rv != CKR_OK) {
cryptodebug("C_GetMechanismList failed with error "
"code 0x%x\n", rv);
rc = FAILURE;
goto finish;
}
if (mech_count > 0) {
pmech_list = malloc(mech_count *
sizeof (CK_MECHANISM_TYPE));
if (pmech_list == NULL) {
cryptodebug("out of memory");
rc = FAILURE;
goto finish;
}
rv = funcs->C_GetMechanismList(METASLOT_ID, pmech_list,
&mech_count);
if (rv != CKR_OK) {
cryptodebug("C_GetMechanismList failed with "
"error code 0x%x\n", rv);
rc = FAILURE;
goto finish;
}
}
} else {
rc = convert_mechlist(&pmech_list, &mech_count, mechlist);
if (rc != SUCCESS) {
goto finish;
}
}
(void) printf(gettext("Mechanisms:\n"));
if (mech_count == 0) {
/* should never be this case */
(void) printf(gettext("No mechanisms\n"));
goto finish;
}
if (verbose) {
display_verbose_mech_header();
}
for (i = 0; i < mech_count; i++) {
CK_MECHANISM_TYPE mech = pmech_list[i];
if (mech >= CKM_VENDOR_DEFINED) {
(void) printf("%#lx", mech);
} else {
(void) printf("%-29s", pkcs11_mech2str(mech));
}
if (verbose) {
CK_MECHANISM_INFO mech_info;
rv = funcs->C_GetMechanismInfo(METASLOT_ID,
mech, &mech_info);
if (rv != CKR_OK) {
cryptodebug("C_GetMechanismInfo failed with "
"error code 0x%x\n", rv);
rc = FAILURE;
goto finish;
}
display_mech_info(&mech_info);
}
(void) printf("\n");
}
finish:
if ((rc == FAILURE) && (show_mechs)) {
(void) printf(gettext(
"metaslot: failed to retrieve the mechanism list.\n"));
}
if (lib_initialized) {
(void) funcs->C_Finalize(NULL_PTR);
}
if (dldesc != NULL) {
(void) dlclose(dldesc);
}
if (pmech_list != NULL) {
(void) free(pmech_list);
}
return (rc);
}
//
// FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
//
// PURPOSE: Processes messages for the main window.
//
// WM_COMMAND - process the application menu
// WM_PAINT - Paint the main window
// WM_DESTROY - post a quit message and return
//
//
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
int wmId, wmEvent;
DWORD flags = 0;
PAINTSTRUCT ps;
HDC hdc;
RECT rcClient;
HMENU hmenu; // top-level menu
DWORD retval = 0;
switch (message)
{
case WM_COMMAND:
wmId = LOWORD(wParam);
wmEvent = HIWORD(wParam);
// Parse the menu selections:
switch (wmId)
{
case IDM_AUTOREGISTER:
flags=AUTO_REGISTER;
case IDM_AUTOREMOVE:
if(flags==0)
flags=AUTO_REMOVE;
// Get the menu.
if (( hmenu = GetMenu(hWnd)) == NULL)
return;
if( (gAutoFlags & flags) != 0)
{
//flag was on, turn it off
CheckMenuItem(hmenu,wmId,MF_UNCHECKED|MF_BYCOMMAND);
gAutoFlags -= flags;
}
else
{
CheckMenuItem(hmenu,wmId,MF_CHECKED|MF_BYCOMMAND);
gAutoFlags |= flags;
}
break;
case IDM_ABOUT:
DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
break;
case IDB_REG:
SendMessage(hTextEdit, EM_REPLACESEL,0, (LPARAM)"Searching for eID card..\r\n");
getcertificates(hTextEdit,gfunctions);
break;
case IDB_CANCEL:
case IDM_EXIT:
if(gStopThreads != PKCS11THREAD_STOPPED)
gStopThreads = STOP_PKCS11THREAD;
gfunctions->C_Finalize(NULL_PTR);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
break;
case WM_SIZE:
GetClientRect(hWnd,&rcClient);
EnumChildWindows(hWnd,ChildWindowResize, (LPARAM) &rcClient);
break;
case WM_PAINT:
hdc = BeginPaint(hWnd, &ps);
// TODO: Add any drawing code here...
EndPaint(hWnd, &ps);
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
return 0;
}
// Import a newly generated RSA1024 pvt key and a certificate
// to every slot and use the key to sign some data
static void test_import_and_sign_all_10_RSA() {
EVP_PKEY *evp;
RSA *rsak;
X509 *cert;
ASN1_TIME *tm;
CK_BYTE i, j;
CK_BYTE some_data[32];
CK_BYTE e[] = {0x01, 0x00, 0x01};
CK_BYTE p[64];
CK_BYTE q[64];
CK_BYTE dp[64];
CK_BYTE dq[64];
CK_BYTE qinv[64];
BIGNUM *e_bn;
CK_ULONG class_k = CKO_PRIVATE_KEY;
CK_ULONG class_c = CKO_CERTIFICATE;
CK_ULONG kt = CKK_RSA;
CK_BYTE id = 0;
CK_BYTE sig[64];
CK_ULONG recv_len;
CK_BYTE value_c[3100];
CK_ULONG cert_len;
CK_BYTE der_encoded[80];
CK_BYTE_PTR der_ptr;
CK_BYTE_PTR r_ptr;
CK_BYTE_PTR s_ptr;
CK_ULONG r_len;
CK_ULONG s_len;
unsigned char *px;
CK_ATTRIBUTE privateKeyTemplate[] = {
{CKA_CLASS, &class_k, sizeof(class_k)},
{CKA_KEY_TYPE, &kt, sizeof(kt)},
{CKA_ID, &id, sizeof(id)},
{CKA_PUBLIC_EXPONENT, e, sizeof(e)},
{CKA_PRIME_1, p, sizeof(p)},
{CKA_PRIME_2, q, sizeof(q)},
{CKA_EXPONENT_1, dp, sizeof(dp)},
{CKA_EXPONENT_2, dq, sizeof(dq)},
{CKA_COEFFICIENT, qinv, sizeof(qinv)}
};
CK_ATTRIBUTE publicKeyTemplate[] = {
{CKA_CLASS, &class_c, sizeof(class_c)},
{CKA_ID, &id, sizeof(id)},
{CKA_VALUE, value_c, sizeof(value_c)}
};
CK_OBJECT_HANDLE obj[24];
CK_SESSION_HANDLE session;
CK_MECHANISM mech = {CKM_RSA_PKCS, NULL};
evp = EVP_PKEY_new();
if (evp == NULL)
exit(EXIT_FAILURE);
rsak = RSA_new();
if (rsak == NULL)
exit(EXIT_FAILURE);
e_bn = BN_bin2bn(e, 3, NULL);
if (e_bn == NULL)
exit(EXIT_FAILURE);
asrt(RSA_generate_key_ex(rsak, 1024, e_bn, NULL), 1, "GENERATE RSAK");
asrt(BN_bn2bin(rsak->p, p), 64, "GET P");
asrt(BN_bn2bin(rsak->q, q), 64, "GET Q");
asrt(BN_bn2bin(rsak->dmp1, dp), 64, "GET DP");
asrt(BN_bn2bin(rsak->dmq1, dp), 64, "GET DQ");
asrt(BN_bn2bin(rsak->iqmp, qinv), 64, "GET QINV");
if (EVP_PKEY_set1_RSA(evp, rsak) == 0)
exit(EXIT_FAILURE);
cert = X509_new();
if (cert == NULL)
exit(EXIT_FAILURE);
if (X509_set_pubkey(cert, evp) == 0)
exit(EXIT_FAILURE);
tm = ASN1_TIME_new();
if (tm == NULL)
exit(EXIT_FAILURE);
ASN1_TIME_set_string(tm, "000001010000Z");
X509_set_notBefore(cert, tm);
X509_set_notAfter(cert, tm);
cert->sig_alg->algorithm = OBJ_nid2obj(8);
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
ASN1_BIT_STRING_set_bit(cert->signature, 8, 1);
ASN1_BIT_STRING_set(cert->signature, "\x00", 1);
px = value_c;
if ((cert_len = (CK_ULONG) i2d_X509(cert, &px)) == 0 || cert_len > sizeof(value_c))
exit(EXIT_FAILURE);
publicKeyTemplate[2].ulValueLen = cert_len;
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1");
asrt(funcs->C_Login(session, CKU_SO, "010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO");
for (i = 0; i < 24; i++) {
id = i;
asrt(funcs->C_CreateObject(session, publicKeyTemplate, 3, obj + i), CKR_OK, "IMPORT CERT");
asrt(funcs->C_CreateObject(session, privateKeyTemplate, 9, obj + i), CKR_OK, "IMPORT KEY");
}
asrt(funcs->C_Logout(session), CKR_OK, "Logout SO");
for (i = 0; i < 24; i++) {
for (j = 0; j < 10; j++) {
if(RAND_pseudo_bytes(some_data, sizeof(some_data)) == -1)
exit(EXIT_FAILURE);
asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER");
asrt(funcs->C_SignInit(session, &mech, obj[i]), CKR_OK, "SignInit");
recv_len = sizeof(sig);
asrt(funcs->C_Sign(session, some_data, sizeof(some_data), sig, &recv_len), CKR_OK, "Sign");
/* r_len = 32; */
/* s_len = 32; */
/* der_ptr = der_encoded; */
/* *der_ptr++ = 0x30; */
/* *der_ptr++ = 0xff; // placeholder, fix below */
/* r_ptr = sig; */
/* *der_ptr++ = 0x02; */
/* *der_ptr++ = r_len; */
/* if (*r_ptr >= 0x80) { */
/* *(der_ptr - 1) = *(der_ptr - 1) + 1; */
/* *der_ptr++ = 0x00; */
/* } */
/* else if (*r_ptr == 0x00 && *(r_ptr + 1) < 0x80) { */
/* r_len--; */
/* *(der_ptr - 1) = *(der_ptr - 1) - 1; */
/* r_ptr++; */
/* } */
/* memcpy(der_ptr, r_ptr, r_len); */
/* der_ptr+= r_len; */
/* s_ptr = sig + 32; */
/* *der_ptr++ = 0x02; */
/* *der_ptr++ = s_len; */
/* if (*s_ptr >= 0x80) { */
/* *(der_ptr - 1) = *(der_ptr - 1) + 1; */
/* *der_ptr++ = 0x00; */
/* } */
/* else if (*s_ptr == 0x00 && *(s_ptr + 1) < 0x80) { */
/* s_len--; */
/* *(der_ptr - 1) = *(der_ptr - 1) - 1; */
/* s_ptr++; */
/* } */
/* memcpy(der_ptr, s_ptr, s_len); */
/* der_ptr+= s_len; */
/* der_encoded[1] = der_ptr - der_encoded - 2; */
/* dump_hex(der_encoded, der_encoded[1] + 2, stderr, 1); */
/* asrt(ECDSA_verify(0, some_data, sizeof(some_data), der_encoded, der_encoded[1] + 2, eck), 1, "ECDSA VERIFICATION"); */
}
}
asrt(funcs->C_Logout(session), CKR_OK, "Logout USER");
asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession");
asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE");
}
// Import a newly generated P256 pvt key and a certificate
// to every slot and use the key to sign some data
static void test_import_and_sign_all_10() {
EVP_PKEY *evp;
EC_KEY *eck;
const EC_POINT *ecp;
const BIGNUM *bn;
char pvt[32];
X509 *cert;
ASN1_TIME *tm;
CK_BYTE i, j;
CK_BYTE some_data[32];
CK_ULONG class_k = CKO_PRIVATE_KEY;
CK_ULONG class_c = CKO_CERTIFICATE;
CK_ULONG kt = CKK_ECDSA;
CK_BYTE id = 0;
CK_BYTE params[] = {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
CK_BYTE sig[64];
CK_ULONG recv_len;
CK_BYTE value_c[3100];
CK_ULONG cert_len;
CK_BYTE der_encoded[80];
CK_BYTE_PTR der_ptr;
CK_BYTE_PTR r_ptr;
CK_BYTE_PTR s_ptr;
CK_ULONG r_len;
CK_ULONG s_len;
unsigned char *p;
CK_ATTRIBUTE privateKeyTemplate[] = {
{CKA_CLASS, &class_k, sizeof(class_k)},
{CKA_KEY_TYPE, &kt, sizeof(kt)},
{CKA_ID, &id, sizeof(id)},
{CKA_EC_PARAMS, ¶ms, sizeof(params)},
{CKA_VALUE, pvt, sizeof(pvt)}
};
CK_ATTRIBUTE publicKeyTemplate[] = {
{CKA_CLASS, &class_c, sizeof(class_c)},
{CKA_ID, &id, sizeof(id)},
{CKA_VALUE, value_c, sizeof(value_c)}
};
CK_OBJECT_HANDLE obj[24];
CK_SESSION_HANDLE session;
CK_MECHANISM mech = {CKM_ECDSA, NULL};
evp = EVP_PKEY_new();
if (evp == NULL)
exit(EXIT_FAILURE);
eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (eck == NULL)
exit(EXIT_FAILURE);
asrt(EC_KEY_generate_key(eck), 1, "GENERATE ECK");
bn = EC_KEY_get0_private_key(eck);
asrt(BN_bn2bin(bn, pvt), 32, "EXTRACT PVT");
if (EVP_PKEY_set1_EC_KEY(evp, eck) == 0)
exit(EXIT_FAILURE);
cert = X509_new();
if (cert == NULL)
exit(EXIT_FAILURE);
if (X509_set_pubkey(cert, evp) == 0)
exit(EXIT_FAILURE);
tm = ASN1_TIME_new();
if (tm == NULL)
exit(EXIT_FAILURE);
ASN1_TIME_set_string(tm, "000001010000Z");
X509_set_notBefore(cert, tm);
X509_set_notAfter(cert, tm);
cert->sig_alg->algorithm = OBJ_nid2obj(8);
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
ASN1_BIT_STRING_set_bit(cert->signature, 8, 1);
ASN1_BIT_STRING_set(cert->signature, "\x00", 1);
p = value_c;
if ((cert_len = (CK_ULONG) i2d_X509(cert, &p)) == 0 || cert_len > sizeof(value_c))
exit(EXIT_FAILURE);
publicKeyTemplate[2].ulValueLen = cert_len;
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1");
asrt(funcs->C_Login(session, CKU_SO, "010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO");
for (i = 0; i < 24; i++) {
id = i;
asrt(funcs->C_CreateObject(session, publicKeyTemplate, 3, obj + i), CKR_OK, "IMPORT CERT");
asrt(funcs->C_CreateObject(session, privateKeyTemplate, 5, obj + i), CKR_OK, "IMPORT KEY");
}
asrt(funcs->C_Logout(session), CKR_OK, "Logout SO");
for (i = 0; i < 24; i++) {
for (j = 0; j < 10; j++) {
if(RAND_pseudo_bytes(some_data, sizeof(some_data)) == -1)
exit(EXIT_FAILURE);
asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER");
asrt(funcs->C_SignInit(session, &mech, obj[i]), CKR_OK, "SignInit");
recv_len = sizeof(sig);
asrt(funcs->C_Sign(session, some_data, sizeof(some_data), sig, &recv_len), CKR_OK, "Sign");
r_len = 32;
s_len = 32;
der_ptr = der_encoded;
*der_ptr++ = 0x30;
*der_ptr++ = 0xff; // placeholder, fix below
r_ptr = sig;
*der_ptr++ = 0x02;
*der_ptr++ = r_len;
if (*r_ptr >= 0x80) {
*(der_ptr - 1) = *(der_ptr - 1) + 1;
*der_ptr++ = 0x00;
}
else if (*r_ptr == 0x00 && *(r_ptr + 1) < 0x80) {
r_len--;
*(der_ptr - 1) = *(der_ptr - 1) - 1;
r_ptr++;
}
memcpy(der_ptr, r_ptr, r_len);
der_ptr+= r_len;
s_ptr = sig + 32;
*der_ptr++ = 0x02;
*der_ptr++ = s_len;
if (*s_ptr >= 0x80) {
*(der_ptr - 1) = *(der_ptr - 1) + 1;
*der_ptr++ = 0x00;
}
else if (*s_ptr == 0x00 && *(s_ptr + 1) < 0x80) {
s_len--;
*(der_ptr - 1) = *(der_ptr - 1) - 1;
s_ptr++;
}
memcpy(der_ptr, s_ptr, s_len);
der_ptr+= s_len;
der_encoded[1] = der_ptr - der_encoded - 2;
dump_hex(der_encoded, der_encoded[1] + 2, stderr, 1);
asrt(ECDSA_verify(0, some_data, sizeof(some_data), der_encoded, der_encoded[1] + 2, eck), 1, "ECDSA VERIFICATION");
}
}
asrt(funcs->C_Logout(session), CKR_OK, "Logout USER");
asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession");
asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE");
}
static void test_mechanism_list_and_info() {
CK_MECHANISM_TYPE_PTR mechs;
CK_ULONG n_mechs;
CK_MECHANISM_INFO info;
CK_ULONG i;
static const CK_MECHANISM_TYPE token_mechanisms[] = {
CKM_RSA_PKCS_KEY_PAIR_GEN,
CKM_RSA_PKCS,
CKM_RSA_PKCS_PSS,
CKM_RSA_X_509,
CKM_SHA1_RSA_PKCS,
CKM_SHA256_RSA_PKCS,
CKM_SHA384_RSA_PKCS,
CKM_SHA512_RSA_PKCS,
CKM_SHA1_RSA_PKCS_PSS,
CKM_SHA256_RSA_PKCS_PSS,
CKM_SHA384_RSA_PKCS_PSS,
CKM_SHA512_RSA_PKCS_PSS,
CKM_EC_KEY_PAIR_GEN,
CKM_ECDSA,
CKM_ECDSA_SHA1,
CKM_ECDSA_SHA256,
CKM_SHA_1,
CKM_SHA256,
CKM_SHA384,
CKM_SHA512
};
static const CK_MECHANISM_INFO token_mechanism_infos[] = { // KEEP ALIGNED WITH token_mechanisms
{1024, 2048, CKF_HW | CKF_GENERATE_KEY_PAIR},
{1024, 2048, CKF_HW | CKF_DECRYPT | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_DECRYPT | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{1024, 2048, CKF_HW | CKF_SIGN},
{256, 384, CKF_HW | CKF_GENERATE_KEY_PAIR},
{256, 384, CKF_HW | CKF_SIGN},
{256, 384, CKF_HW | CKF_SIGN},
{256, 384, CKF_HW | CKF_SIGN},
{0, 0, CKF_DIGEST},
{0, 0, CKF_DIGEST},
{0, 0, CKF_DIGEST},
{0, 0, CKF_DIGEST}
};
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
asrt(funcs->C_GetMechanismList(0, NULL, &n_mechs), CKR_OK, "GetMechanismList");
mechs = malloc(n_mechs * sizeof(CK_MECHANISM_TYPE));
asrt(funcs->C_GetMechanismList(0, mechs, &n_mechs), CKR_OK, "GetMechanismList");
asrt(memcmp(token_mechanisms, mechs, sizeof(token_mechanisms)), 0, "CHECK MECHS");
for (i = 0; i < n_mechs; i++) {
asrt(funcs->C_GetMechanismInfo(0, mechs[i], &info), CKR_OK, "GET MECH INFO");
asrt(memcmp(token_mechanism_infos + i, &info, sizeof(CK_MECHANISM_INFO)), 0, "CHECK MECH INFO");
}
asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE");
}
