Exemplo n.º 1
0
void EncryptDecryptTests::testRsaEncryptDecrypt()
{
	CK_RV rv;
	CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
	CK_ULONG pinLength = sizeof(pin) - 1;
	CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
	CK_ULONG sopinLength = sizeof(sopin) - 1;
	CK_SESSION_HANDLE hSessionRO;
	CK_SESSION_HANDLE hSessionRW;

	// Just make sure that we finalize any previous tests
	C_Finalize(NULL_PTR);

	// Open read-only session on when the token is not initialized should fail
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	// Initialize the library and start the test.
	rv = C_Initialize(NULL_PTR);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-only session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW);
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = C_Login(hSessionRO,CKU_USER,pin,pinLength);
	CPPUNIT_ASSERT(rv==CKR_OK);

	CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;

	// Generate all combinations of session/token public/private key pairs.
	rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPublicKey,hPrivateKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rsaEncryptDecrypt(CKM_RSA_PKCS,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_X_509,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_PKCS_OAEP,hSessionRO,hPublicKey,hPrivateKey);
}
Exemplo n.º 2
0
void AsymEncryptDecryptTests::testRsaEncryptDecrypt()
{
	CK_RV rv;
	CK_SESSION_HANDLE hSessionRO;
	CK_SESSION_HANDLE hSessionRW;

	// Just make sure that we finalize any previous tests
	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );

	// Open read-only session on when the token is not initialized should fail
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);

	// Initialize the library and start the test.
	rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-only session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Open read-write session
	rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
	CPPUNIT_ASSERT(rv == CKR_OK);

	// Login USER into the sessions so we can create a private objects
	rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
	CPPUNIT_ASSERT(rv==CKR_OK);

	CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
	CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;

	// Generate all combinations of session/token public/private key pairs.
	rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPublicKey,hPrivateKey);
	CPPUNIT_ASSERT(rv == CKR_OK);

	rsaOAEPParams(hSessionRO,hPublicKey);
	rsaEncryptDecrypt(CKM_RSA_PKCS,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_X_509,hSessionRO,hPublicKey,hPrivateKey);
	rsaEncryptDecrypt(CKM_RSA_PKCS_OAEP,hSessionRO,hPublicKey,hPrivateKey);
}
Exemplo n.º 3
0
int keygen(int argc, char **argv)
{
    CK_ULONG          nslots, keysize;
    CK_SLOT_ID        *pslots = NULL;
    CK_FUNCTION_LIST  *funcs = NULL;
    CK_SESSION_HANDLE h_session;
    CK_BYTE_PTR       opt_label = NULL;
    CK_UTF8CHAR_PTR   opt_pin = NULL;
    CK_ULONG          opt_pin_len = 0;
    CK_ULONG          opt_slot = -1;
    CK_RV             rc;
    char *opt_module = NULL, *opt_dir = NULL;
    char *gen_param = NULL, *tmp;
    int long_optind = 0;
    int genkey = 0;
    char c;

    init_crypto();

    while (1) {
        c = getopt_long(argc, argv, "d:hl:p:s:k:m:",
                        options, &long_optind);
        if (c == -1)
            break;
        switch (c) {
            case 'd':
                opt_dir = optarg;
                break;
            case 'l':
                opt_label = (CK_BYTE_PTR)optarg;
                break;
            case 'p':
                opt_pin = (CK_UTF8CHAR_PTR) strdup(optarg);
                if(opt_pin) {
                    opt_pin_len = strlen(optarg);
                }
                break;
            case 's':
                opt_slot = (CK_SLOT_ID) atoi(optarg);
                break;
            case 'm':
                opt_module = optarg;
                break;
            case 'k':
                gen_param = optarg;
                genkey = 1;
                break;
            case 'h':
            default:
                print_usage_and_die(app_name, options, option_help);
        }
    }

    if(!genkey) {
        print_usage_and_die(app_name, options, option_help);
    }

    rc = pkcs11_load_init(opt_module, opt_dir, stdout, &funcs);
    if (rc != CKR_OK) {
        return rc;
    }

    rc = pkcs11_get_slots(funcs, stdout, &pslots, &nslots);
    if (rc != CKR_OK) {
        return rc;
    }

    if(opt_slot != -1) {
        CK_ULONG i = 0;
        while (i < nslots && pslots[i] != opt_slot) {
            i++;
        }
        if (i == nslots) {
            fprintf(stderr, "Unknown slot '%lu'\n", opt_slot);
            return -1;            
        }
    } else {
        if(nslots == 1) {
            opt_slot = pslots[0];
        } else {
            fprintf(stdout, "Found %ld slots, use --slot parameter to choose.\n", nslots);
            exit(-1);
        }
    }

    rc = pkcs11_login_session(funcs, stdout, opt_slot, &h_session,
                              CK_TRUE, CKU_USER, opt_pin, opt_pin_len);
    free(opt_pin);
    if (rc != CKR_OK) {
        return rc;
    }

    fprintf(stdout, "Generating key with param '%s'\n", gen_param);
    keysize = strtol(gen_param, &tmp, 10);
    if(gen_param != tmp) {
        fprintf(stdout, "Generating RSA key with size %ld\n", keysize);
        rc = generateRsaKeyPair(funcs, h_session, keysize, opt_label);
    } else if(strncmp(gen_param, "gost", 4) == 0) {
        fprintf(stdout, "Generating GOST R34.10-2001 key (%s) in slot %ld\n",
                gen_param, opt_slot);
        rc = generateGostKeyPair(funcs, h_session, gen_param, opt_label);
    } else if((strncmp(gen_param, "secp", 4) == 0) ||
              (strncmp(gen_param, "nistp", 5) == 0) ||
              (strncmp(gen_param, "prime", 5) == 0) ||
              (strncmp(gen_param, "ansiX9", 6) == 0)) {
        CK_BBOOL full;
        rc = ecdsaNeedsEcParams(funcs, opt_slot, &full);
        if(rc == CKR_OK) {
            fprintf(stdout, "Generating ECDSA key with curve '%s' "
                    "in slot %ld with %s\n", gen_param, opt_slot,
                    full ? "EC Parameters" : "Named Curve");
            rc = generateEcdsaKeyPair(funcs, h_session, gen_param, full, opt_label);
        }
    } else if(strncmp(gen_param, "aes", 3) == 0) {
        if(strcmp(gen_param, "aes256") == 0) {
            fprintf(stdout, "Generating 256-bit AES key in slot %ld\n", opt_slot);
            generateKey(funcs, h_session, CKK_AES, CKM_AES_KEY_GEN, 256 / 8, opt_label);
        } else if(strcmp(gen_param, "aes192") == 0) {
            fprintf(stdout, "Generating 192-bit AES key in slot %ld\n", opt_slot);
            generateKey(funcs, h_session, CKK_AES, CKM_AES_KEY_GEN, 192 /8, opt_label);
        } else if((strcmp(gen_param, "aes128") == 0) ||
                  (strcmp(gen_param, "aes") == 0)) {
            fprintf(stdout, "Generating 128-bit AES key in slot %ld\n", opt_slot);
            generateKey(funcs, h_session, CKK_AES, CKM_AES_KEY_GEN, 128 / 8, opt_label);
        } else {
            fprintf(stdout, "Unknown key type '%s'\n", gen_param);
            return -1;
        }
    } else if(strncmp(gen_param, "des3", 4) == 0) {
        fprintf(stdout, "Generating 3DES key in slot %ld\n", opt_slot);
        generateKey(funcs, h_session, CKK_DES3, CKM_DES3_KEY_GEN, 0, opt_label);
    } else {
        fprintf(stdout, "Unknown key type '%s'\n", gen_param);
        return -1;
    }

    rc = pkcs11_close(stdout, funcs, h_session);
    return rc;
}