int testRSAPub(CK_SESSION_HANDLE hSession)
{
CK_RV rv;
int retVal = 0;
CK_BBOOL ckTrue = CK_TRUE;
CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
CK_BYTE publicExponent[] = { 1, 0, 1 };
CK_ULONG modulusBits = 1024;
CK_MECHANISM mechanism = {
CKM_VENDOR_DEFINED, NULL_PTR, 0
};
CK_OBJECT_HANDLE hPublicKey, hPrivateKey;
CK_ATTRIBUTE publicKeyTemplate[] = {
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_WRAP, &ckTrue, sizeof(ckTrue) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits) },
{ CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) }
};
CK_ATTRIBUTE privateKeyTemplate[] = {
{ CKA_PRIVATE, &ckTrue, sizeof(ckTrue) },
{ CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_UNWRAP, &ckTrue, sizeof(ckTrue) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) }
};
printf("\n******************************************************\n");
printf("* Test for public information in the RSA private key *\n");
printf("******************************************************\n\n");
printf("You normally have a public and private key object.\n");
printf("But the private key could contain all the necessary\n");
printf("information in order to export the public key from the\n");
printf("private key object. However, PKCS#11 cannot guarantee\n");
printf("that the HSM can do this. If the private key object\n");
printf("has all the necessary information, then you only need\n");
printf("to keep the private key. Thus saving space in the HSM.\n\n");
printf("Generate a key pair: ");
rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, &hPublicKey, &hPrivateKey);
if (rv != CKR_OK)
{
printf("Failed to generate a keypair. rv=%s\n", rv2string(rv));
return 1;
}
printf("OK\n");
retVal = testRSAPub_keypair(hSession, hPublicKey, hPrivateKey);
p11->C_DestroyObject(hSession, hPublicKey);
p11->C_DestroyObject(hSession, hPrivateKey);
return retVal;
}
int testStability_generate(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE *hPublicKey, CK_OBJECT_HANDLE *hPrivateKey)
{
CK_RV rv;
CK_BBOOL ckTrue = CK_TRUE;
CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0};
CK_BYTE publicExponent[] = { 1, 0, 1 };
CK_ULONG modulusBits = 1024;
CK_MECHANISM mechanism = {
CKM_VENDOR_DEFINED, NULL_PTR, 0
};
CK_ATTRIBUTE publicKeyTemplate[] = {
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_WRAP, &ckTrue, sizeof(ckTrue) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits) },
{ CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) }
};
CK_ATTRIBUTE privateKeyTemplate[] = {
{ CKA_PRIVATE, &ckTrue, sizeof(ckTrue) },
{ CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_UNWRAP, &ckTrue, sizeof(ckTrue) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) }
};
printf("Generating a key pair...\n");
rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, hPublicKey, hPrivateKey);
if (rv != CKR_OK)
{
printf("ERROR: Failed to generate a keypair. rv=%s\n", rv2string(rv));
return 1;
}
return 0;
}
