Exemplo n.º 1
0
int do_setUserPIN( void )
{
   CK_BYTE  so_pin[PKCS11_MAX_PIN_LEN];
   CK_BYTE  user_pin[PKCS11_MAX_PIN_LEN];
   CK_ULONG user_pin_len, so_pin_len;
   CK_FLAGS flags;
   CK_SESSION_HANDLE h_session;
   CK_ULONG rc;

   if (get_user_pin(user_pin))
	   return CKR_FUNCTION_FAILED;
   user_pin_len = (CK_ULONG)strlen((char *)user_pin);

   if (get_so_pin(so_pin))
	   return CKR_FUNCTION_FAILED;
   so_pin_len = (CK_ULONG)strlen((char *)so_pin);


   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( SLOT_ID, flags, NULL, NULL, &h_session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = funcs->C_Login( h_session, CKU_SO, so_pin, so_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = funcs->C_InitPIN( h_session, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_InitPIN #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = TRUE;

done:
   funcs->C_CloseAllSessions( SLOT_ID );
   return rc;
}
Exemplo n.º 2
0
CK_RV
open_session_and_login(void)
{
CK_FLAGS          flags;
CK_SESSION_HANDLE h_session;
CK_RV             rc;
CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
CK_ULONG          user_pin_len;

   if (get_user_pin(user_pin))
	   return CKR_FUNCTION_FAILED;
   user_pin_len = (CK_ULONG)strlen((char *)user_pin);

   // create a USER R/W session
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( SLOT_ID, flags, NULL, NULL, &h_session );

   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );

   return rc;
}
Exemplo n.º 3
0
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
 * C_OpenSession
 * C_CloseSession
 *
 * API routines exercised that result in stdll taking
 * /var/lock/opencryptoki_stdll spinlock.
 * C_FindObjectsInit
 * C_FindObjects
 * C_CreateObject
 *
 *  1) Create 3 certificates as PUBLIC token objects
 *  2) Search for a particular CKA_ID.  Verify that this works.
 *  3) Do FindObjects with a NULL template.  Verify that all 3 token objects
 *     are found.
 *  4) Search for a particular CKA_ID.  Verify it works.
 *  5) Search for a non-existant CKA_ID.  Verify it returns nothing.
 *  6) Close all sessions.  Then create a new session.
 *  7) Search for a particular CKA_ID.  Verify it works.
 *  8) Search for a non-existant CKA_ID.  Verify it returns nothing.
 *  9) Destroy all 3 token objects
 */
CK_RV do_CreateTokenObjects(void)
{
	int 		  i, got_it = 0;
	CK_SLOT_ID        slot_id;
	CK_FLAGS          flags;
	CK_SESSION_HANDLE h_session;
	CK_RV             rc = 0, loc_rc = 0;
	CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG          user_pin_len;

	CK_BYTE           true = TRUE;
	CK_BYTE           false = FALSE;

	CK_OBJECT_HANDLE    h_cert1;
	CK_OBJECT_CLASS     cert1_class         = CKO_CERTIFICATE;
	CK_CERTIFICATE_TYPE cert1_type          = CKC_X_509;
	CK_BYTE             cert1_subject[]     = "Certificate subject #1";
	CK_BYTE             cert1_id[]          = "Certificate ID #1";
	CK_BYTE             cert1_value[]       = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";

	CK_ATTRIBUTE        cert1_attribs[] =
	{
		{CKA_CLASS,            &cert1_class,       sizeof(cert1_class)   },
		{CKA_TOKEN,            &true,              sizeof(true)          },
		{CKA_CERTIFICATE_TYPE, &cert1_type,        sizeof(cert1_type)    },
		{CKA_SUBJECT,          &cert1_subject,     sizeof(cert1_subject) },
		{CKA_ID,               &cert1_id,          sizeof(cert1_id)      },
		{CKA_VALUE,            &cert1_value,       sizeof(cert1_value)   },
		{CKA_PRIVATE,          &false,             sizeof(false)         }
	};

	CK_OBJECT_HANDLE    h_cert2;
	CK_OBJECT_CLASS     cert2_class        = CKO_CERTIFICATE;
	CK_CERTIFICATE_TYPE cert2_type         = CKC_X_509;
	CK_BYTE             cert2_subject[]    = "Certificate subject #2";
	CK_BYTE             cert2_id[]         = "Certificate ID #2";
	CK_BYTE             cert2_value[]      = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";

	CK_ATTRIBUTE        cert2_attribs[] =
	{
		{CKA_CLASS,            &cert2_class,       sizeof(cert2_class)   },
		{CKA_TOKEN,            &true,              sizeof(true)          },
		{CKA_CERTIFICATE_TYPE, &cert2_type,        sizeof(cert2_type)    },
		{CKA_SUBJECT,          &cert2_subject,     sizeof(cert2_subject) },
		{CKA_ID,               &cert2_id,          sizeof(cert2_id)      },
		{CKA_VALUE,            &cert2_value,       sizeof(cert2_value)   },
		{CKA_PRIVATE,          &false,             sizeof(false)         }
	};

	CK_OBJECT_HANDLE    h_cert3;
	CK_OBJECT_CLASS     cert3_class        = CKO_CERTIFICATE;
	CK_CERTIFICATE_TYPE cert3_type         = CKC_X_509;
	CK_BYTE             cert3_subject[]    = "Certificate subject #3";
	CK_BYTE             cert3_id[]         = "Certificate ID #3";
	CK_BYTE             cert3_value[]      = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";

	CK_ATTRIBUTE        cert3_attribs[] =
	{
		{CKA_CLASS,            &cert3_class,       sizeof(cert3_class)   },
		{CKA_TOKEN,            &true,              sizeof(true)          },
		{CKA_CERTIFICATE_TYPE, &cert3_type,        sizeof(cert3_type)    },
		{CKA_SUBJECT,          &cert3_subject,     sizeof(cert3_subject) },
		{CKA_ID,               &cert3_id,          sizeof(cert3_id)      },
		{CKA_VALUE,            &cert3_value,       sizeof(cert3_value)   },
		{CKA_PRIVATE,          &false,             sizeof(false)         }
	};

	CK_BYTE  find1_id[] = "Certificate ID #2";
	CK_ATTRIBUTE   find1_attribs[] =
	{
		{CKA_ID, &find1_id,  sizeof(find1_id)}
	};

	CK_BYTE  find2_id[] = "Certificate ID #123456";
	CK_ATTRIBUTE   find2_attribs[] =
	{
		{CKA_ID, &find2_id,  sizeof(find2_id)}
	};

	CK_OBJECT_HANDLE  obj_list[10];
	CK_ULONG          find_count;



        testcase_begin("starting...");

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	slot_id = SLOT_ID;

	/* create a USER R/W session */
	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
	if (rc != CKR_OK) {
                testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
	if (rc != CKR_OK) {
                testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	/* create the token objects */
	rc = funcs->C_CreateObject(h_session, cert1_attribs, 7, &h_cert1);
	if (rc != CKR_OK) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_CreateObject(h_session, cert2_attribs, 7, &h_cert2);
	if (rc != CKR_OK) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		goto destroy_1;
	}

	rc = funcs->C_CreateObject(h_session, cert3_attribs, 7, &h_cert3);
	if (rc != CKR_OK) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		goto destroy_2;
	}

	/* now, search for the 2nd object */
	rc = funcs->C_FindObjectsInit(h_session, find1_attribs, 1);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

        /* step through list and find 2nd object's handle */
        for (i=0; i<find_count; i++) {
                if (obj_list[i] == h_cert2)
                        got_it++;
        }
	if (got_it == 0) {
                testcase_fail("could not find 2nd object's handle");
		rc = -1;
		goto destroy;
	}

	rc = funcs->C_FindObjectsFinal(h_session);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	/* now, search for a non-existant attribute */
	rc = funcs->C_FindObjectsInit(h_session, find2_attribs, 1);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	if (find_count != 0) {
                testcase_fail("found %ld objects when none where expected", find_count);
		rc = -1;
		goto destroy;
	}

	rc = funcs->C_FindObjectsFinal(h_session);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	/* done...close all sessions and open a new one */
	rc = funcs->C_CloseAllSessions( slot_id );
	if (rc != CKR_OK) {
                testcase_fail("C_CloseAllSessions() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	/* create a USER R/W session */
	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
	if (rc != CKR_OK) {
                testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
	if (rc != CKR_OK) {
                testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	/* now, search for the 2nd object */
	rc = funcs->C_FindObjectsInit(h_session, find1_attribs, 1);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

        /* step through list and find 2nd object's handle */
        for (i=0; i<find_count; i++) {
                if (obj_list[i] == h_cert2)
                        got_it++;
        }
	if (got_it == 0) {
                testcase_fail("could not find 2nd object's handle in new session");
		rc = -1;
		goto destroy;
	}

	rc = funcs->C_FindObjectsFinal(h_session);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	/* now, search for a non-existant attribute */
	rc = funcs->C_FindObjectsInit(h_session, find2_attribs, 1);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	if (find_count != 0) {
                testcase_fail("found %ld objects when none where expected", find_count);
		rc = -1;
		goto destroy;
	}

	rc = funcs->C_FindObjectsFinal(h_session);
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	testcase_pass("Looks okay...");

	/* Destroy the created objects, don't clobber the rc */
destroy:
	loc_rc = funcs->C_DestroyObject(h_session, h_cert3);
	if (loc_rc != CKR_OK)
                testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));

destroy_2:
	loc_rc = funcs->C_DestroyObject(h_session, h_cert2);
	if (loc_rc != CKR_OK)
                testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));

destroy_1:
	loc_rc = funcs->C_DestroyObject(h_session, h_cert1);
	if (loc_rc != CKR_OK)
                testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));

	/* done...close the session */
	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK)
                testcase_error("C_CloseAllSessions() loc_rc = %s", p11_get_ckr(loc_rc));

	return rc;
}
Exemplo n.º 4
0
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
 * C_OpenSession
 * C_CloseSession
 *
 * API routines exercised that result in stdll taking
 * /var/lock/opencryptoki_stdll spinlock.
 *    C_CreateObject
 *    C_GetAttributeValue
 *    C_SetAttributeValue
 *
 * 1) create a certificate object with no CKA_SERIAL_NUMBER or CKA_ISSUER
 * 2) add CKA_SERIAL_NUMBER and CKA_ISSUER and modify CKA_ID.
 *    verify this works.
 * 3) try to modify CKA_VALUE and CKA_ID in a single call to
 *    C_SetAttributeValue.  verify that this fails correctly and that
 *    the object is not modified.
 */
CK_RV do_SetAttributeValues(void)
{
	CK_SLOT_ID        slot_id;
	CK_FLAGS          flags;
	CK_SESSION_HANDLE h_session;
	CK_RV             rc = 0, loc_rc = 0;
	CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG          user_pin_len;

	CK_BYTE           true = TRUE;

	CK_OBJECT_HANDLE    h_cert;
	CK_OBJECT_CLASS     cert_class         = CKO_CERTIFICATE;
	CK_CERTIFICATE_TYPE cert_type          = CKC_X_509;
	CK_BYTE             cert_subject[]     = "Certificate subject";
	CK_BYTE             cert_id[]          = "Certificate ID";
	CK_BYTE             cert_value[]       = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";

	CK_ATTRIBUTE        cert_attribs[] =
	{
		{CKA_CLASS,            &cert_class,       sizeof(cert_class)   },
		{CKA_TOKEN,            &true,             sizeof(true)         },
		{CKA_CERTIFICATE_TYPE, &cert_type,        sizeof(cert_type)    },
		{CKA_SUBJECT,          &cert_subject,     sizeof(cert_subject) },
		{CKA_ID,               &cert_id,          sizeof(cert_id)      },
		{CKA_VALUE,            &cert_value,       sizeof(cert_value)   }
	};

	CK_BYTE       cert_id2[]    = "New ID";
	CK_BYTE       cert_issuer[] = "Certificate Issuer";
	CK_BYTE       cert_ser_no[] = "Serial Number: 12345";
	CK_ATTRIBUTE  update_attr[] =
	{
		{CKA_SERIAL_NUMBER, &cert_ser_no,  sizeof(cert_ser_no) },
		{CKA_ISSUER,        &cert_issuer,  sizeof(cert_issuer) },
		{CKA_ID,            &cert_id2,     sizeof(cert_id2)    }
	};

	CK_BYTE       cert_value2[] = "Invalid Value";
	CK_BYTE       cert_id3[]    = "ID #3";
	CK_ATTRIBUTE  invalid_attr[] =
	{
		{CKA_VALUE, &cert_value2,  sizeof(cert_value2) },
		{CKA_ID,    &cert_id3,     sizeof(cert_id3)    }
	};

	testcase_begin("starting...");

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	slot_id = SLOT_ID;


	/*  create a USER R/W session */
	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
	if (rc != CKR_OK) {
                testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
	if (rc != CKR_OK) {
                testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
		return rc;
	}


	/* create the object */
	rc = funcs->C_CreateObject(h_session, cert_attribs, 6, &h_cert);
	if (rc != CKR_OK) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	/* Add CKA_SERIAL_NUMBER and CKA_ISSUER and change the
	 *  existing CKA_ID
	 */
	rc = funcs->C_SetAttributeValue(h_session, h_cert, update_attr, 3);
	if (rc != CKR_OK) {
                testcase_fail("C_SetAttributeValue() rc = %s", p11_get_ckr(rc));
		goto done;
	}
	else {
		CK_BYTE       buf1[100];
		CK_BYTE       buf2[100];
		CK_BYTE       buf3[100];
		CK_ATTRIBUTE  check1[] =
		{
			{CKA_ISSUER,        &buf1, sizeof(buf1)},
			{CKA_SERIAL_NUMBER, &buf2, sizeof(buf2)},
			{CKA_ID,            &buf3, sizeof(buf3)}
		};

		rc = funcs->C_GetAttributeValue(h_session, h_cert, (CK_ATTRIBUTE *)&check1, 3);
		if (rc != CKR_OK) {
                        testcase_fail("C_GetAttributeValue() rc = %s", p11_get_ckr(rc));
			goto done;
		}

		if (memcmp(check1[0].pValue, cert_issuer, check1[0].ulValueLen) != 0) {
                        testcase_fail("CKA_ISSUER mismatch");
			rc = -1;
			goto done;
		}

		if (memcmp(check1[1].pValue, cert_ser_no, check1[1].ulValueLen) != 0) {
                        testcase_fail("CKA_SERIAL_NUMBER mismatch");
			return -1;
		}

		if (memcmp(check1[2].pValue, cert_id2, check1[2].ulValueLen) != 0) {
                        testcase_fail("CKA_ID mismatch");
			rc = -1;
			goto done;
		}
	}

	/* the next template tries to update a CK_ID (valid) and
	 * CKA_VALUE (read-only). the entire operation should fail -- no
	 * attributes should get modified
	 */
	rc = funcs->C_SetAttributeValue(h_session, h_cert, invalid_attr, 2);
	if (rc != CKR_ATTRIBUTE_READ_ONLY) {
                testcase_fail("C_SetAttributeValue() rc = %s (expected CKR_ATTRIBUTE_READ_ONLY)", p11_get_ckr(rc));
		goto done;
	}
	else {
		CK_BYTE       buf1[100];
		CK_ATTRIBUTE  check1[] =
		{
			{CKA_ID, &buf1, sizeof(buf1)}
		};

		rc = funcs->C_GetAttributeValue(h_session, h_cert, check1, 1);
		if (rc != CKR_OK) {
                        testcase_fail("C_GetAttributeValue() rc = %s", p11_get_ckr(rc));
			goto done;
		}

		if (memcmp(check1[0].pValue, cert_id2, check1[0].ulValueLen) != 0) {
                        testcase_fail("CKA_ID mismatch");
			rc = -1;
			goto done;
		}
	}

	testcase_pass("Looks okay...");

done:
	/* now destroy the objects but don't clobber rc */
	loc_rc = funcs->C_DestroyObject(h_session, h_cert);
	if (loc_rc != CKR_OK)
                testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));


	/* done...close the session */
	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK)
                testcase_error("C_CloseAllSessions() loc_rc = %s", p11_get_ckr(loc_rc));

	return rc;
}
Exemplo n.º 5
0
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
 * C_OpenSession
 * C_CloseSession
 *
 * API Routines exercised that cause stdll to take /var/lock/opencryptoki_stdll
 * spinlock.
 * C_CreateObject
 * C_Login
 *
 * 1) create a data object
 * 2) create a certificate
 * 3) create a key object
 */
CK_RV do_CreateSessionObject(void)
{
	CK_SLOT_ID        slot_id;
	CK_FLAGS          flags;
	CK_SESSION_HANDLE h_session;
	CK_RV             rc = 0;
	CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG          user_pin_len;

	CK_BYTE           true  = TRUE;
	CK_BYTE           false = FALSE;

	CK_OBJECT_HANDLE  h_data;
	CK_OBJECT_CLASS   data_class         = CKO_DATA;
	CK_BYTE           data_application[] = "Test Application";
	CK_BYTE           data_value[]       = "1234567890abcedfghijklmnopqrstuvwxyz";
	CK_ATTRIBUTE      data_attribs[] =
	{
		{CKA_CLASS,       &data_class,       sizeof(data_class)       },
		{CKA_TOKEN,       &false,            sizeof(false)            },
		{CKA_APPLICATION, &data_application, sizeof(data_application) },
		{CKA_VALUE,       &data_value,       sizeof(data_value)       }
	};

	CK_OBJECT_HANDLE    h_cert;
	CK_OBJECT_CLASS     cert_class         = CKO_CERTIFICATE;
	CK_CERTIFICATE_TYPE cert_type          = CKC_X_509;
	CK_BYTE             cert_subject[]     = "Certificate subject";
	CK_BYTE             cert_id[]          = "Certificate ID";
	CK_BYTE             cert_value[]       = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
	CK_ATTRIBUTE        cert_attribs[] =
	{
		{CKA_CLASS,            &cert_class,       sizeof(cert_class)   },
		{CKA_TOKEN,            &false,            sizeof(false)        },
		{CKA_CERTIFICATE_TYPE, &cert_type,        sizeof(cert_type)    },
		{CKA_SUBJECT,          &cert_subject,     sizeof(cert_subject) },
		{CKA_ID,               &cert_id,          sizeof(cert_id)      },
		{CKA_VALUE,            &cert_value,       sizeof(cert_value)   }
	};

	CK_OBJECT_HANDLE  h_key;
	CK_OBJECT_CLASS   key_class          = CKO_PUBLIC_KEY;
	CK_KEY_TYPE       key_type           = CKK_RSA;
	CK_BYTE           key_modulus[]      = "1234567890987654321";
	CK_BYTE           key_exponent[]     = "123";
	CK_ATTRIBUTE      key_attribs[] =
	{
		{CKA_CLASS,           &key_class,    sizeof(key_class)    },
		{CKA_KEY_TYPE,        &key_type,     sizeof(key_type)     },
		{CKA_WRAP,            &true,         sizeof(true)         },
		{CKA_MODULUS,         &key_modulus,  sizeof(key_modulus)  },
		{CKA_PUBLIC_EXPONENT, &key_exponent, sizeof(key_exponent) }
	};

	testcase_begin("starting...");

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	slot_id = SLOT_ID;


	// create a USER R/W session
	//
	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
	if (rc != CKR_OK) {
		testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
	if (rc != CKR_OK) {
		testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	//
	// now, create the objects
	//

	rc = funcs->C_CreateObject(h_session, data_attribs, 4, &h_data);
	if (rc != CKR_OK) {
		testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_CreateObject(h_session, cert_attribs, 6, &h_cert);
	if (rc != CKR_OK) {
		testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_CreateObject(h_session, key_attribs, 5, &h_key);
	if (rc != CKR_OK) {
		testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	// done...close the session and verify the object is deleted
	//
	rc = funcs->C_CloseAllSessions(slot_id);
	if (rc != CKR_OK) {
		testcase_fail("C_CloseAllSessions() rc=%s", p11_get_ckr(rc));
		return rc;
	}

	testcase_pass("looks okay...");
	return rc;
}
Exemplo n.º 6
0
/* API Routines exercised that take /var/lock/LCK..opencryptoki spinlock.
 * C_OpenSession
 * C_CloseSession
 *
 * API routines exercised that result in stdll taking
 * /var/lock/opencryptoki_stdll spinlock.
 *    C_CreateObject
 *    C_CopyObject
 *    C_DestroyObject
 *    C_GetAttributeValue
 *    C_GetObjectSize
 *
 * 1) create a data object with no CKA_APPLICATION attribute
 * 2) create a copy of the object specifying the CKA_APPLICATION attribute
 * 3) extract the CK_VALUE attribute from the copy. Ensure matches the original
 * 4) extract the CKA_APPLICATION attribute from the original. ensure empty.
 * 5) extract the CKA_APPLICATION attribute from the copy. ensure is correct.
 * 6) attempt to extract CK_PRIME from the original. ensure fails correctly.
 * 7) attempt to extract CK_PRIME from a non-existant object. ensure fails
 *    correctly.
 * 8) get the size of the original object and copied objects
 * 9) destroy the original object.  ensure this succeeds.
 * A) destroy a non-existant object.  ensure this fails correctly.
 * B) get the size of the original object.  ensure this fails correctly.
 */
CK_RV do_CopyObject(void)
{
	CK_SLOT_ID        slot_id;
	CK_FLAGS          flags;
	CK_SESSION_HANDLE h_session;
	CK_RV             rc = 0, loc_rc = 0;
	CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG          user_pin_len;
	CK_ULONG          obj_size;

	CK_BYTE           true = TRUE;

	CK_OBJECT_HANDLE  h_data;
	CK_OBJECT_CLASS   data_class         = CKO_DATA;
	CK_BYTE           data_application[] = "Test Application";
	CK_BYTE           data_value[]       = "1234567890abcedfghijklmnopqrstuvwxyz";
	CK_ATTRIBUTE      data_attribs[] =
	{
		{CKA_CLASS,       &data_class,       sizeof(data_class)       },
		{CKA_TOKEN,       &true,             sizeof(true)             },
		{CKA_VALUE,       &data_value,       sizeof(data_value)       }
	};

	CK_OBJECT_HANDLE  h_copy;
	CK_ATTRIBUTE      copy_attribs[] =
	{
		{CKA_APPLICATION, &data_application, sizeof(data_application) }
	};

	CK_BYTE           buf1[100];
	CK_ATTRIBUTE      verify_attribs[] =
	{
		{CKA_APPLICATION, &buf1, sizeof(buf1) }
	};

	CK_BYTE           buf2[100];
	CK_ATTRIBUTE      prime_attribs[] =
	{
		{CKA_PRIME, &buf2, sizeof(buf2) }
	};

	testcase_begin("starting...");

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	slot_id = SLOT_ID;


	/* create a USER R/W session */
	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &h_session);
	if (rc != CKR_OK) {
		testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
	if (rc != CKR_OK) {
		testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
		return rc;
	}


	/* create the object */
	rc = funcs->C_CreateObject(h_session, data_attribs, 3, &h_data);
	if (rc != CKR_OK) {
		testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	/* create the copy */
	rc = funcs->C_CopyObject(h_session, h_data, copy_attribs, 1, &h_copy);
	if (rc != CKR_OK) {
                testcase_fail("C_CopyObject() rc = %s", p11_get_ckr(rc));
		goto destroy_1;
	}

	/* now, try to extract the CKA_APPLICATION attribute from the original
	 * this will pull in the token's default value for CKA_APPLICATION which
	 */
	verify_attribs[0].ulValueLen = sizeof(buf1);
	rc = funcs->C_GetAttributeValue(h_session, h_data, verify_attribs, 1);
	if (rc != CKR_OK) {
		testcase_fail("C_GetAttributeValue() rc=%s", p11_get_ckr(rc));
		goto destroy;
	}

	/* now, try to extract the CKA_APPLICATION attribute from the copy */
	verify_attribs[0].ulValueLen = sizeof(buf1);
	rc = funcs->C_GetAttributeValue(h_session, h_copy, verify_attribs, 1);
	if (rc != CKR_OK) {
		testcase_fail("C_GetAttributeValue() rc=%s", p11_get_ckr(rc));
		goto destroy;
	}

	if (memcmp(&data_application, verify_attribs[0].pValue, sizeof(data_application)) != 0) {
		testcase_fail("extracted attribute doesn't match");
		rc = -1;
		goto destroy;
	}

	/* now, try to extract CKA_PRIME from the original.
	 * this should not exist
	 */
	prime_attribs[0].ulValueLen = sizeof(buf2);
	rc = funcs->C_GetAttributeValue(h_session, h_data, prime_attribs, 1);
	if (rc != CKR_ATTRIBUTE_TYPE_INVALID) {
                testcase_fail("C_GetAttributeValue() rc = %s (expected CKR_ATTRIBUTE_TYPE_INVALID)", p11_get_ckr(rc));
		goto destroy;
	}

	/* now, try to extract CKA_PRIME from a bogus object handle.
	 * this should not exist
	 */
	rc = funcs->C_GetAttributeValue(h_session, 98765, prime_attribs, 1);
	if (rc != CKR_OBJECT_HANDLE_INVALID) {
                testcase_fail("C_GetAttributeValue() rc = %s (expected CKR_OBJECT_HANDLE_INVALID)", p11_get_ckr(rc));
		goto destroy;
	}

	/* now, get the size of the original object */
	rc = funcs->C_GetObjectSize(h_session, h_data, &obj_size);
	if (rc != CKR_OK) {
                testcase_fail("C_GetObjectSize() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	testcase_pass("Looks okay...");

destroy:
	/* now, destroy the original object and the copy */
	loc_rc = funcs->C_DestroyObject(h_session, h_copy);
	if (loc_rc != CKR_OK)
                testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));

destroy_1:
	loc_rc = funcs->C_DestroyObject(h_session, h_data);
	if (loc_rc != CKR_OK)
                testcase_error("C_DestroyObject() loc_rc = %s", p11_get_ckr(loc_rc));

	loc_rc = funcs->C_CloseAllSessions(slot_id);
	if (loc_rc != CKR_OK)
                testcase_error("C_CloseAllSessions() loc_rc=%s", p11_get_ckr(loc_rc));

	return rc;
}
Exemplo n.º 7
0
CK_RV do_HWFeatureSearch(void)
{
	unsigned int            i, got_it = 0;
	CK_RV 			rc, loc_rc;
	CK_ULONG		find_count;
	CK_SLOT_ID		slot_id;
	CK_BBOOL		false = FALSE;
	CK_BBOOL                true = TRUE;

	CK_SESSION_HANDLE 	h_session;
	CK_BYTE           	user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG          	user_pin_len;

	/* A counter object */
	CK_OBJECT_CLASS         counter1_class = CKO_HW_FEATURE;
	CK_HW_FEATURE_TYPE      feature1_type = CKH_MONOTONIC_COUNTER;
	CK_UTF8CHAR             counter1_label[] = "Monotonic counter";
	CK_CHAR			counter1_value[16];
	CK_ATTRIBUTE            counter1_template[] = {
		{CKA_CLASS,		&counter1_class, sizeof(counter1_class)},
		{CKA_HW_FEATURE_TYPE,	&feature1_type,  sizeof(feature1_type)},
		{CKA_LABEL,		counter1_label,  sizeof(counter1_label)-1},
		{CKA_VALUE,		counter1_value,	sizeof(counter1_value)},
		{CKA_RESET_ON_INIT,	&true,		sizeof(true)},
		{CKA_HAS_RESET,		&false,		sizeof(false)}
	};
	/* A clock object */
	CK_OBJECT_CLASS         clock_class = CKO_HW_FEATURE;
	CK_HW_FEATURE_TYPE      clock_type = CKH_CLOCK;
	CK_UTF8CHAR             clock_label[] = "Clock";
	CK_CHAR			clock_value[16];
	CK_ATTRIBUTE            clock_template[] = {
		{CKA_CLASS,		&clock_class, sizeof(clock_class)},
		{CKA_HW_FEATURE_TYPE,	&clock_type,  sizeof(clock_type)},
		{CKA_LABEL,		clock_label,  sizeof(clock_label)-1},
		{CKA_VALUE,		clock_value,	sizeof(clock_value)}
	};
	/* A data object */
	CK_OBJECT_CLASS		obj1_class = CKO_DATA;
	CK_UTF8CHAR             obj1_label[] = "Object 1";
	CK_BYTE			obj1_data[] = "Object 1's data";
	CK_ATTRIBUTE            obj1_template[] = {
		{CKA_CLASS,		&obj1_class,    sizeof(obj1_class)},
		{CKA_TOKEN,		&true,          sizeof(true)},
		{CKA_LABEL,		obj1_label,     sizeof(obj1_label)-1},
		{CKA_VALUE,		obj1_data,	sizeof(obj1_data)}
	};
	/* A secret key object */
	CK_OBJECT_CLASS		obj2_class = CKO_SECRET_KEY;
	CK_KEY_TYPE		obj2_type = CKK_AES;
	CK_UTF8CHAR             obj2_label[] = "Object 2";
	CK_BYTE			obj2_data[AES_KEY_SIZE_128];
	CK_ATTRIBUTE            obj2_template[] = {
		{CKA_CLASS,		&obj2_class,    sizeof(obj2_class)},
		{CKA_TOKEN,		&true,          sizeof(true)},
		{CKA_KEY_TYPE,		&obj2_type,	sizeof(obj2_type)},
		{CKA_LABEL,		obj2_label,     sizeof(obj2_label)-1},
		{CKA_VALUE,		obj2_data,	sizeof(obj2_data)}
	};

	CK_OBJECT_HANDLE        h_counter1,
				h_clock,
				h_obj1,
				h_obj2,
				obj_list[10];
	CK_ATTRIBUTE		find_tmpl[] = {
		{CKA_CLASS,	&counter1_class, sizeof(counter1_class)}
	};

	slot_id = SLOT_ID;

        testcase_begin("starting...");

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	/* Open a session with the token */
	if( (rc = funcs->C_OpenSession(slot_id,
					(CKF_SERIAL_SESSION|CKF_RW_SESSION),
					NULL_PTR,
					NULL_PTR,
					&h_session)) != CKR_OK ) {
                testcase_fail("C_OpenSession() rc = %s", p11_get_ckr(rc));
		return rc;
	}

	// Login correctly
	rc = funcs->C_Login(h_session, CKU_USER, user_pin, user_pin_len);
	if( rc != CKR_OK ) {
                testcase_fail("C_Login() rc = %s", p11_get_ckr(rc));
		goto session_close;
	}

	/* Create the 3 test objects */
	if( (rc = funcs->C_CreateObject(h_session, obj1_template, 4, &h_obj1)) != CKR_OK) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		goto session_close;
	}

	if( (rc = funcs->C_CreateObject(h_session, obj2_template, 5, &h_obj2)) != CKR_OK) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		goto destroy_1;
	}

	/* try and create a monotonic object. This should fail
	 * since it is a read only feature.
	 */
	if( (rc = funcs->C_CreateObject(h_session, counter1_template, 6, &h_counter1)) != CKR_ATTRIBUTE_READ_ONLY) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		goto destroy_2;
	}

	if( (rc = funcs->C_CreateObject(h_session, clock_template, 4, &h_clock)) != CKR_OK) {
                testcase_fail("C_CreateObject() rc = %s", p11_get_ckr(rc));
		goto destroy_2;
	}

	/* Now find the hardware feature objects */
	rc = funcs->C_FindObjectsInit(h_session, find_tmpl, 1 );
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsInit() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	rc = funcs->C_FindObjects(h_session, obj_list, 10, &find_count );
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjects() rc = %s", p11_get_ckr(rc));
		goto destroy;
	}

	got_it = 0;
	/* Make sure we got the right ones */
	for(i=0; i < find_count; i++) {
		if(obj_list[i] == h_clock) {
			got_it++;
		}
	}

	if (got_it != 1) {
		testcase_fail("could not find the corect object handle");
		rc = -1;
		goto destroy;
	}

	rc = funcs->C_FindObjectsFinal(h_session );
	if (rc != CKR_OK) {
                testcase_fail("C_FindObjectsFinal() rc = %s", p11_get_ckr(rc));
	}

        testcase_pass("Looks okay...");

destroy:
	/* Destroy the created objects, don't clobber the rc */
	loc_rc = funcs->C_DestroyObject(h_session, h_clock);
	if( loc_rc != CKR_OK )
                testcase_error("C_DestroyObject() rc = %s", p11_get_ckr(loc_rc));
destroy_2:
	loc_rc = funcs->C_DestroyObject(h_session, h_obj2);
	if( loc_rc != CKR_OK )
                testcase_error("C_DestroyObject() rc = %s", p11_get_ckr(loc_rc));
destroy_1:
	loc_rc = funcs->C_DestroyObject(h_session, h_obj1);
	if( loc_rc != CKR_OK )
                testcase_error("C_DestroyObject() rc = %s", p11_get_ckr(loc_rc));

	loc_rc = funcs->C_Logout(h_session);
	if( loc_rc != CKR_OK )
                testcase_error("C_Logout() rc = %s", p11_get_ckr(loc_rc));

session_close:
	/* Close the session */
	if( (loc_rc = funcs->C_CloseSession(h_session)) != CKR_OK )
                testcase_error("C_CloseSession() rc = %s", p11_get_ckr(loc_rc));

	return rc;
}
Exemplo n.º 8
0
int
main( int argc, char **argv )
{
	CK_C_INITIALIZE_ARGS  cinit_args;
	int  i, nodelete = 0;
	CK_RV rv;
	SLOT_ID = 0;
	CK_BYTE             user_pin[128];
	CK_ULONG            user_pin_len;
	CK_SLOT_ID          slot_id;
	CK_SESSION_HANDLE   session;
	CK_FLAGS            flags;
	CK_BYTE		    tdes_label[] = "XXX DELETE ME TEST 3DES KEY";
	CK_BYTE		    des_label[] = "XXX DELETE ME TEST DES KEY";


	for (i=1; i < argc; i++) {
		if (strcmp(argv[i], "-slot") == 0) {
			++i;
			SLOT_ID = atoi(argv[i]);
		}

		if (strcmp(argv[i], "-nodelete") == 0) {
			nodelete = 1;
		}

		if (strcmp(argv[i], "-h") == 0) {
			printf("usage:  %s [-noskip] [-slot <num>] [-h]\n\n", argv[0] );
			printf("By default, Slot #1 is used\n\n");
			printf("By default we skip anything that creates or modifies\n");
			printf("token objects to preserve flash lifetime.\n");
			return -1;
		}
	}

	printf("Using slot #%lu...\n\n", SLOT_ID );

	slot_id = SLOT_ID;

	rv = do_GetFunctionList();
	if (rv != TRUE) {
		show_error("do_GetFunctionList", rv);
		return -1;
	}

	memset( &cinit_args, 0x0, sizeof(cinit_args) );
	cinit_args.flags = CKF_OS_LOCKING_OK;

	// SAB Add calls to ALL functions before the C_Initialize gets hit

	if ((rv = funcs->C_Initialize( &cinit_args ))) {
		show_error("C_Initialize", rv);
		return -1;
	}

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rv = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
	if (rv != CKR_OK) {
		show_error("   C_OpenSession #1", rv );
		return rv;
	}

	rv = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
	if (rv != CKR_OK) {
		show_error("   C_Login #1", rv );
		return rv;
	}

	rv = do_GenerateTokenSymKey(session, des_label, CKM_DES_KEY_GEN);
	if (rv != CKR_OK) {
		show_error("do_GenerateTokenRSAKeyPair(512)", rv);
		return -1;
	}

	rv = do_GenerateTokenSymKey(session, tdes_label, CKM_DES3_KEY_GEN);
	if (rv != CKR_OK) {
		show_error("do_GenerateTokenRSAKeyPair(512)", rv);
		return -1;
	}

	rv = funcs->C_CloseSession( session );
	if (rv != CKR_OK) {
		show_error("   C_CloseSession #3", rv );
		return rv;
	}

	rv = funcs->C_Finalize( NULL );
	if (rv != CKR_OK) {
		show_error("C_Finalize", rv);
		return -1;
	}

	if (nodelete)
		return 0;

	/* Open a new session and re-login */
	if ((rv = funcs->C_Initialize( &cinit_args ))) {
		show_error("C_Initialize", rv);
		return -1;
	}

	rv = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
	if (rv != CKR_OK) {
		show_error("   C_OpenSession #2", rv );
		goto finalize;
	}

	rv = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
	if (rv != CKR_OK) {
		show_error("   C_Login #2", rv );
		goto close_session;
	}

	rv = do_VerifyTokenSymKey(session, des_label);
	if (rv != CKR_OK) {
		show_error("do_VerifyTokenRSAKeyPair(512)", rv);
		goto close_session;
	}

	rv = do_VerifyTokenSymKey(session, tdes_label);
	if (rv != CKR_OK) {
		show_error("do_VerifyTokenRSAKeyPair(1024)", rv);
		goto close_session;
	}

close_session:
	rv = funcs->C_CloseSession( session );
	if (rv != CKR_OK) {
		show_error("   C_CloseSession #3", rv );
		return rv;
	}
finalize:
	rv = funcs->C_Finalize( NULL );
	if (rv != CKR_OK) {
		show_error("C_Finalize", rv);
		return -1;
	}

	printf("%s: Success\n", argv[0]);

	return 0;
}
Exemplo n.º 9
0
// do_create_token_object()
//
int do_create_token_object( void )
{
   CK_FLAGS          flags;
   CK_SESSION_HANDLE h_session;
   CK_RV             rc;
   CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
   CK_ULONG          user_pin_len;

   CK_BYTE           true  = TRUE;
   CK_BYTE           false = FALSE;

   CK_OBJECT_HANDLE    h_cert1;
   CK_OBJECT_CLASS     cert1_class         = CKO_CERTIFICATE;
   CK_CERTIFICATE_TYPE cert1_type          = CKC_X_509;
   CK_BYTE             cert1_subject[]     = "Certificate subject #1";
   CK_BYTE             cert1_id[]          = "Certificate ID #1";
   CK_BYTE             cert1_value[]       = "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";

   CK_ATTRIBUTE        cert1_attribs[] =
   {
       {CKA_CLASS,            &cert1_class,       sizeof(cert1_class)   },
       {CKA_TOKEN,            &true,              sizeof(true)          },
       {CKA_CERTIFICATE_TYPE, &cert1_type,        sizeof(cert1_type)    },
       {CKA_SUBJECT,          &cert1_subject,     sizeof(cert1_subject) },
       {CKA_VALUE,            &cert1_value,       sizeof(cert1_value)   },
       {CKA_PRIVATE,          &true,              sizeof(false)         }
   };
   CK_ATTRIBUTE  cert_id_attr[] =
   {
       {CKA_ID,               &cert1_id,          sizeof(cert1_id)      }
   };
   CK_OBJECT_HANDLE   obj_list[20];
   CK_ULONG           objcount;



   if (get_user_pin(user_pin))
	   return CKR_FUNCTION_FAILED;
   user_pin_len = (CK_ULONG)strlen((char *)user_pin);

   // create a USER R/W session
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   printf("open ing session \n");
   rc = funcs->C_OpenSession( SLOT_ID, flags, NULL, NULL, &h_session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      rc = FALSE;
      goto done;
   }

   printf("login ing session \n");
   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      rc = FALSE;
      goto done;
   }

   // create the token objects
   //
   printf("create ing session \n");
   rc = funcs->C_CreateObject( h_session, cert1_attribs, 6, &h_cert1 );
   if (rc != CKR_OK) {
      show_error("   C_CreateObject #1", rc );
      rc = FALSE;
      goto done;
   }

   printf("set ing session \n");
   rc = funcs->C_SetAttributeValue(h_session,h_cert1,cert_id_attr,1);
   if (rc != CKR_OK) {
      show_error("   C_SetAttribute #1", rc );
      rc = FALSE;
      goto done;
   }
   // now, retrieve a list of all object handles
   //
   printf("find init ing session \n");
   rc = funcs->C_FindObjectsInit( h_session, cert_id_attr, 1 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #1", rc );
      rc = FALSE;
      goto done;
   }

   printf("find  session \n");
   rc = funcs->C_FindObjects( h_session, obj_list, 20, &objcount );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #1", rc );
      rc = FALSE;
      goto done;
   }

   printf("find final  session \n");
   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = TRUE;

done:
   printf("close all  session \n");
   funcs->C_CloseAllSessions( SLOT_ID );
   return rc;
}
Exemplo n.º 10
0
int do_destroy_all_token_objects( void )
{
   CK_FLAGS          flags;
   CK_SESSION_HANDLE h_session;
   CK_RV             rc;
   CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
   CK_ULONG          user_pin_len;

   CK_OBJECT_HANDLE  obj_list[20];
   CK_ULONG          find_count;
   CK_ULONG          i;


   if (get_user_pin(user_pin))
	   return CKR_FUNCTION_FAILED;
   user_pin_len = (CK_ULONG)strlen((char *)user_pin);


   // create a USER R/W session
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( SLOT_ID, flags, NULL, NULL, &h_session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      rc = FALSE;
      goto done;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, retrieve a list of all object handles
   //
   rc = funcs->C_FindObjectsInit( h_session, NULL, 0 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #1", rc );
      rc = FALSE;
      goto done;
   }

   do {
      rc = funcs->C_FindObjects( h_session, obj_list, 20, &find_count );
      if (rc != CKR_OK) {
         show_error("   C_FindObjects #1", rc );
         rc = FALSE;
         goto done;
      }

      for (i=0; i < find_count; i++) {
         rc = funcs->C_DestroyObject( h_session, obj_list[i] );
         if (rc != CKR_OK) {
            printf("   C_DestroyObject #%ld returned", i);
            show_error(" ", rc );
            rc = FALSE;
            goto done;
         }
      }
   } while (find_count != 0);

   rc = funcs->C_FindObjectsFinal( h_session );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsFinal #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = TRUE;

done:
   funcs->C_CloseAllSessions( SLOT_ID );
   return rc;
}
Exemplo n.º 11
0
// do_verify_token_object()
//
int do_verify_token_object( void )
{
   CK_FLAGS          flags;
   CK_SESSION_HANDLE h_session;
   CK_RV             rc;
   CK_BYTE           user_pin[PKCS11_MAX_PIN_LEN];
   CK_ULONG          user_pin_len;
   CK_OBJECT_HANDLE  obj_list[20];
   CK_ULONG          find_count;

   CK_BYTE           cert1_id[]          = "Certificate ID #1";

   CK_BYTE           buf1[100];
   CK_ATTRIBUTE      verify_attribs[] =
   {
      {CKA_ID, &buf1, sizeof(buf1) }
   };



   if (get_user_pin(user_pin))
	   return CKR_FUNCTION_FAILED;
   user_pin_len = (CK_ULONG)strlen((char *)user_pin);


   // create a USER R/W session
   //
   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
   rc = funcs->C_OpenSession( SLOT_ID, flags, NULL, NULL, &h_session );
   if (rc != CKR_OK) {
      show_error("   C_OpenSession #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = funcs->C_Login( h_session, CKU_USER, user_pin, user_pin_len );
   if (rc != CKR_OK) {
      show_error("   C_Login #1", rc );
      rc = FALSE;
      goto done;
   }

   //
   //---------------------------------------------------------------------
   //

   // now, retrieve a list of all object handles
   //
   rc = funcs->C_FindObjectsInit( h_session, NULL, 0 );
   if (rc != CKR_OK) {
      show_error("   C_FindObjectsInit #1", rc );
      rc = FALSE;
      goto done;
   }

   rc = funcs->C_FindObjects( h_session, obj_list, 20, &find_count );
   if (rc != CKR_OK) {
      show_error("   C_FindObjects #1", rc );
      rc = FALSE;
      goto done;
   }

   if (find_count == 0) {
      printf("ERROR:  no objects to examine\n");
      rc = FALSE;
      goto done;
   }

   // now, try to extract the CKA_APPLICATION attribute from the original
   // this will pull in the token's default value for CKA_APPLICATION which
   //
   verify_attribs[0].ulValueLen = sizeof(buf1);
   rc = funcs->C_GetAttributeValue( h_session, obj_list[0], verify_attribs, 1 );
   if (rc != CKR_OK) {
      show_error("   C_GetAttributeValue #1", rc );
      rc = FALSE;
      goto done;
   }

   if (memcmp( &cert1_id, verify_attribs[0].pValue, sizeof(cert1_id) ) != 0) {
      printf("   ERROR:  extracted attribute doesn't match\n");
      rc = FALSE;
      goto done;
   }

   printf("Attribute matches!  Good.\n");
   rc = TRUE;

done:
   funcs->C_CloseAllSessions( SLOT_ID );
   return rc;
}
Exemplo n.º 12
0
int main(int argc, char **argv)
{
	int i;
	CK_RV rc;
	CK_C_INITIALIZE_ARGS initialize_args;
	CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG user_pin_len;

	/* Set default slot to 0 */
	slot_id = 0;

	/* Parse the command line */
	for( i = 1; i < argc; i++ ) {
		if(strncmp(argv[i], "-slot", 5) == 0) {
			slot_id = atoi(argv[i + 1]);
			i++;
			break;
		}
	}

	printf("Using slot %ld...\n\n", slot_id);

	if(do_GetFunctionList())
		return -1;

	/* There will be no multi-threaded Cryptoki access in this app */
	memset( &initialize_args, 0, sizeof(initialize_args) );
	memset( &si, 0, sizeof(CK_SESSION_INFO) );

	if( (rc = funcs->C_Initialize( &initialize_args )) != CKR_OK ) {
		show_error("C_Initialize", rc);
		return -1;
	}

	if (get_user_pin(user_pin))
		return -1;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	//
	// Tests:
	//
	// 1. Open Session
	// 2. Check that the session looks normal
	// 3. Login/Logout as USER with correct PIN
	// 4. Login as USER with an incorrect PIN
	// 5. Check that USER PIN COUNT LOW set
	// 6. Login as USER with an incorrect PIN
	// 7. Check that USER PIN LAST TRY set
	// 8. Login correctly
	// 9. Check that flags are reset
	// 10. Try to set a new PIN, but with newPIN == oldPIN
	// 11. Check that we get CKR_PIN_INVALID
	// 12. Login as USER with an incorrect PIN
	// 13. Check that USER PIN COUNT LOW set
	// 14. Login as USER with an incorrect PIN
	// 15. Check that USER PIN LAST TRY set
	// 16. Login as USER with incorrect PIN
	// 17. Check that USER PIN LOCKED set
	// 

	/* 1. Open a session with the token */
	if( (rc = funcs->C_OpenSession(slot_id, 
					(CKF_SERIAL_SESSION|CKF_RW_SESSION), 
					NULL_PTR, 
					NULL_PTR, 
					&session_handle)) != CKR_OK ) {
		show_error("C_OpenSession #1", rc);
		goto done;
	}

	
	if( (rc = funcs->C_GetSessionInfo(session_handle, &si)) != CKR_OK) {
		show_error("C_GetSessionInfo #1", rc);
		goto session_close;
	}

	/* 2. Test the slot_id change.  This used to be hard coded to 1. 
	 * It should now be the slot number of the token we're using 
	 */
	if(si.slotID != slot_id) {
		printf("Test #2 failed. Slot ID was %ld, expected %ld\n", si.slotID, slot_id);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		show_error("C_GetTokenInfo #2", rc);
		goto session_close;
	}

	if(ti.flags & CKF_USER_PIN_LOCKED) {
		printf("The USER's PIN is locked for the token in slot %ld.\n"
			"Please reset the USER's PIN and re-run this test.\n", slot_id);
		goto session_close;
	}

	if(!(ti.flags & CKF_TOKEN_INITIALIZED)) {
		printf("The token in slot %ld is uninitialized.\n", slot_id);
		goto session_close;
	}

	// 3. Login/Logout with correct USER PIN
	rc = funcs->C_Login(session_handle, CKU_USER, user_pin, user_pin_len);
	if( rc != CKR_OK ) {
		show_error("C_Login #3", rc);
		goto session_close;
	}
	
	rc = funcs->C_Logout(session_handle);
	if( rc != CKR_OK ) {
		show_error("C_Logout #3", rc);
		goto session_close;
	}

	
	// 4. Login as USER with an incorrect PIN
	rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR)BAD_USER_PIN, BAD_USER_PIN_LEN);
	if( rc != CKR_PIN_INCORRECT ) {
		show_error("Test #4", rc);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		show_error("C_GetTokenInfo #4", rc);
		goto session_close;
	}

	// 5. Check that USER PIN COUNT LOW set
	if(((ti.flags & CKF_USER_PIN_COUNT_LOW) == 0) || 
		(ti.flags & CKF_USER_PIN_FINAL_TRY)   ||
		(ti.flags & CKF_USER_PIN_LOCKED)) {
	  printf("Test #5 failed. Token flags: %p.\n", (void *)ti.flags);
		goto session_close;
	}

	// 6. Login as USER with an incorrect PIN
	rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR)BAD_USER_PIN, BAD_USER_PIN_LEN);
	if( rc != CKR_PIN_INCORRECT ) {
		show_error("C_Login #6", rc);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		show_error("C_GetTokenInfo #6", rc);
		goto session_close;
	}

	// 7. Check that USER PIN LAST TRY set
	if((ti.flags & CKF_USER_PIN_COUNT_LOW) || 
		((ti.flags & CKF_USER_PIN_FINAL_TRY) == 0) ||
		(ti.flags & CKF_USER_PIN_LOCKED)) {
	        printf("Test #7 failed. Token flags: %p.\n", (void *)ti.flags);
		goto session_close;
	}
	
	// 8. Login correctly
	rc = funcs->C_Login(session_handle, CKU_USER, user_pin, user_pin_len);
	if( rc != CKR_OK ) {
		show_error("C_Login #8", rc);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		show_error("C_GetTokenInfo #8", rc);
		goto session_close;
	}

	// 9. Check that flags are reset
	if((ti.flags & CKF_USER_PIN_COUNT_LOW) || 
		(ti.flags & CKF_USER_PIN_FINAL_TRY)  ||
		(ti.flags & CKF_USER_PIN_LOCKED) ) {

                printf("Test #9 failed. Token flags: %p.\n", (void *)ti.flags);
		goto session_close;
	}

        // 10. Try to set a new PIN, but with newPIN == oldPIN
	// 11. Check that we get CKR_PIN_INVALID
	rc = funcs->C_SetPIN(session_handle, user_pin, user_pin_len,
       				user_pin, user_pin_len);
	if(rc != CKR_PIN_INVALID) {
		show_error("Test #10", rc);
		goto session_close;
	}
	
        // 12. Login as USER with an incorrect PIN
        rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR)BAD_USER_PIN, BAD_USER_PIN_LEN);
        if( rc != CKR_PIN_INCORRECT ) {
                show_error("C_Login #12", rc);
                goto session_close;
        }

        if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
                show_error("C_GetTokenInfo #12", rc);
                goto session_close;
        }

        // 13. Check that USER PIN COUNT LOW set
        if(((ti.flags & CKF_USER_PIN_COUNT_LOW) == 0) ||
                (ti.flags & CKF_USER_PIN_FINAL_TRY)   ||
                (ti.flags & CKF_USER_PIN_LOCKED)) {
                printf("Test #13 failed. Token flags: %p.\n", (void *)ti.flags);
                goto session_close;
        }

        // 14. Login as USER with an incorrect PIN
        rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR)BAD_USER_PIN, BAD_USER_PIN_LEN);
        if( rc != CKR_PIN_INCORRECT ) {
                show_error("C_Login #14", rc);
                goto session_close;
        }

        if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
                show_error("C_GetTokenInfo #14", rc);
                goto session_close;
        }

        // 15. Check that USER PIN LAST TRY set
        if((ti.flags & CKF_USER_PIN_COUNT_LOW) ||
                ((ti.flags & CKF_USER_PIN_FINAL_TRY) == 0) ||
                (ti.flags & CKF_USER_PIN_LOCKED)) {
                printf("Test #15 failed. Token flags: %p.\n", (void *)ti.flags);
                goto session_close;
        }

	
	
	// 16. Login as USER with incorrect PIN
	rc = funcs->C_Login(session_handle, CKU_USER, (CK_CHAR_PTR)BAD_USER_PIN, BAD_USER_PIN_LEN);
	if( rc != CKR_PIN_INCORRECT ) {
		show_error("C_Login #16", rc);
		goto session_close;
	}

	if( (rc = funcs->C_GetTokenInfo(slot_id, &ti)) != CKR_OK) {
		show_error("C_GetTokenInfo #16", rc);
		goto session_close;
	}

	// 17. Check that USER PIN LOCKED set
	if((ti.flags & CKF_USER_PIN_COUNT_LOW) || 
		(ti.flags & CKF_USER_PIN_FINAL_TRY)  ||
		((ti.flags & CKF_USER_PIN_LOCKED) == 0)) {

                printf("Test #17 failed. Token flags: %p.\n", (void *)ti.flags);
		goto session_close;
	}
	
	printf("Tests succeeded. USER PIN is now locked for slot %ld.\n"
		"Re-running this test should return CKR_PIN_LOCKED.\n"
		"To unlock this slot, run the init_tok testcase on the slot.\n", slot_id);
	
session_close:
	
	/* Close the session */
	if( (rc = funcs->C_CloseSession(session_handle)) != CKR_OK )
		show_error("C_CloseSession", rc);
	
done:
	/* Call C_Finalize and dlclose the library */
	return clean_up();
}
Exemplo n.º 13
0
CK_RV do_GenerateDSAKeyPair( void )
{
	CK_SLOT_ID          slot_id;
	CK_SESSION_HANDLE   session;
	CK_MECHANISM        mech;
	CK_OBJECT_HANDLE    publ_key, priv_key;
	CK_FLAGS            flags;
	CK_BYTE             user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG            user_pin_len;
	CK_RV               rc, loc_rc;

	CK_ATTRIBUTE  publ_tmpl[] =
	{
		{CKA_PRIME,    DSA_PUBL_PRIME,    sizeof(DSA_PUBL_PRIME)    },
		{CKA_SUBPRIME, DSA_PUBL_SUBPRIME, sizeof(DSA_PUBL_SUBPRIME) },
		{CKA_BASE,     DSA_PUBL_BASE,     sizeof(DSA_PUBL_BASE)     }
	};


	printf("do_GenerateDSAKeyPair...\n");

	slot_id = SLOT_ID;

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	mech.mechanism      = CKM_DSA_KEY_PAIR_GEN;
	mech.ulParameterLen = 0;
	mech.pParameter     = NULL;


	flags = CKF_SERIAL_SESSION;
	rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
	if (rc != CKR_OK) {
		show_error("   C_OpenSession #3", rc );
		return rc;
	}

	rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
	if (rc != CKR_OK) {
		show_error("   C_Login #1", rc );
		return rc;
	}

	rc = funcs->C_GenerateKeyPair( session,   &mech,
			publ_tmpl,  3,
			NULL,       0,
			&publ_key, &priv_key );
	if (rc != CKR_OK) {
		show_error("   C_GenerateKeyPair #1", rc );
		goto session_close;
	}

	printf("Looks okay...\n");

session_close:

	/* Close the session */
	if( (loc_rc = funcs->C_CloseSession(session)) != CKR_OK )
		show_error("C_CloseSession", loc_rc);
	
	return rc;
}
Exemplo n.º 14
0
// the generic DSA mechanism assumes that the data to be signed has already
// been hashed by SHA-1.  so the input data length must be 20 bytes
//
CK_RV do_SignDSA( void )
{
	CK_BYTE             data1[20];
	CK_BYTE             signature[256];
	CK_SLOT_ID          slot_id;
	CK_SESSION_HANDLE   session;
	CK_MECHANISM        mech;
	CK_OBJECT_HANDLE    publ_key, priv_key;
	CK_FLAGS            flags;
	CK_BYTE             user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG            user_pin_len;
	CK_ULONG            i;
	CK_ULONG            len1, sig_len;
	CK_RV               rc, loc_rc;

	CK_ATTRIBUTE  publ_tmpl[] =
	{
		{CKA_PRIME,    DSA_PUBL_PRIME,    sizeof(DSA_PUBL_PRIME)    },
		{CKA_SUBPRIME, DSA_PUBL_SUBPRIME, sizeof(DSA_PUBL_SUBPRIME) },
		{CKA_BASE,     DSA_PUBL_BASE,     sizeof(DSA_PUBL_BASE)     }
	};

	printf("do_SignDSA...\n");

	slot_id = SLOT_ID;
	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession( slot_id, flags, NULL, NULL, &session );
	if (rc != CKR_OK) {
		show_error("   C_OpenSession #1", rc );
		goto session_close;
	}


	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
	if (rc != CKR_OK) {
		show_error("   C_Login #1", rc );
		goto session_close;
	}

	mech.mechanism      = CKM_DSA_KEY_PAIR_GEN;
	mech.ulParameterLen = 0;
	mech.pParameter     = NULL;

	rc = funcs->C_GenerateKeyPair( session,   &mech,
			publ_tmpl,  3,
			NULL,       0,
			&publ_key, &priv_key );
	if (rc != CKR_OK) {
		show_error("   C_GenerateKeyPair #1", rc );
		goto session_close;
	}

	// now, encrypt some data
	//
	len1 = sizeof(data1);
	sig_len = sizeof(signature);

	for (i=0; i < len1; i++)
		data1[i] = i % 255;

	mech.mechanism      = CKM_DSA;
	mech.ulParameterLen = 0;
	mech.pParameter     = NULL;

	rc = funcs->C_SignInit( session, &mech, priv_key );
	if (rc != CKR_OK) {
		show_error("   C_SignInit #1", rc );
		goto session_close;
	}

	rc = funcs->C_Sign( session, data1, len1, signature, &sig_len );
	if (rc != CKR_OK) {
		show_error("   C_Sign #1", rc );
		goto session_close;
	}

	// now, verify the signature
	//
	rc = funcs->C_VerifyInit( session, &mech, publ_key );
	if (rc != CKR_OK) {
		show_error("   C_VerifyInit #1", rc );
		goto session_close;
	}

	rc = funcs->C_Verify( session, data1, len1, signature, sig_len );
	if (rc != CKR_OK) {
		show_error("   C_Verify #1", rc );
		goto session_close;
	}

	// now, corrupt the signature and try to re-verify.
	//
	memcpy( signature, "ABCDEFGHIJKLMNOPQRSTUV", 26 );

	rc = funcs->C_VerifyInit( session, &mech, publ_key );
	if (rc != CKR_OK) {
		show_error("   C_VerifyInit #2", rc );
		goto session_close;
	}

	rc = funcs->C_Verify( session, data1, len1, signature, sig_len );
	if (rc != CKR_SIGNATURE_INVALID) {
		show_error("   C_Verify #2", rc );
		PRINT_ERR("   Expected CKR_SIGNATURE_INVALID\n");
		goto session_close;
	} else
		rc = CKR_OK;

	printf("Looks okay...\n");

session_close:

	/* Close the session */
	if( (loc_rc = funcs->C_CloseSession(session)) != CKR_OK )
		show_error("C_CloseSession", loc_rc);
	
	return rc;
}
Exemplo n.º 15
0
CK_RV do_SetPIN(void)
{
	CK_SLOT_ID slot_id;
	CK_FLAGS flags;
	CK_SESSION_HANDLE session;
	CK_CHAR old_pin[PKCS11_MAX_PIN_LEN];
	CK_CHAR new_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG old_len;
	CK_ULONG new_len;
	CK_RV rc;

	testcase_begin("Testing C_SetPIN");

	// first, try to get the user PIN
	if (get_user_pin(old_pin))
		return CKR_FUNCTION_FAILED;
	old_len = (CK_ULONG)strlen((char *)old_pin);

	memcpy(new_pin, "ABCDEF", 6);
	new_len = 6;

	slot_id = SLOT_ID;

	/* try to call C_SetPIN from a R/O public session, it should fail.
	 */
	flags = CKF_SERIAL_SESSION;
	testcase_new_assertion();
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
	if (rc != CKR_OK) {
		testcase_error("C_OpenSession #1 rc=%s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_SetPIN(session, old_pin, old_len, new_pin, new_len);
	if (rc != CKR_SESSION_READ_ONLY) {
		testcase_fail("C_SetPIN #1 returned %s instead of "
			      "CKR_SESSION_READ_ONLY.", p11_get_ckr(rc));
		rc = CKR_FUNCTION_FAILED;
		goto testcase_cleanup;
	} else
		testcase_pass("C_SetPIN successful in pubic session.");

	if (funcs->C_CloseSession(session) != CKR_OK) {
		testcase_error("C_CloseSession #1 failed.");
		goto testcase_cleanup;
	}

	/* try to call C_SetPIN from a R/W public session, it should work.
	 */
	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
	if (rc != CKR_OK) {
		testcase_error("C_OpenSession #1 rc=%s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_SetPIN(session, old_pin, old_len, new_pin, new_len);
	if (rc != CKR_OK) {
		testcase_fail("C_SetPIN failed: rc = %s", p11_get_ckr(rc));
	} else
		testcase_pass("C_SetPIN successful in r/w pubic session.");

	if (funcs->C_CloseSession(session) != CKR_OK) {
		testcase_error("C_CloseSession #1 failed.");
		goto testcase_cleanup;
	}
	if (rc != CKR_OK) 	// above C_SetPIN failed so leave
		goto testcase_cleanup;

	/* open a new session and try logging in with new pin */

	flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
	if (rc != CKR_OK) {
		testcase_error("C_OpenSession #1 rc=%s", p11_get_ckr(rc));
		return rc;
	}

	testcase_new_assertion();

	rc = funcs->C_Login(session, CKU_USER, new_pin, new_len);
	if (rc != CKR_OK) {
		testcase_fail("C_Login #1 failed: rc=%s", p11_get_ckr(rc));
		goto testcase_cleanup;
	} else
		testcase_pass("Successfully logged in with new pin.");

	/* try to call C_SetPIN from a normal user session, r/w user.
	 * set back to original user pin. this should work.
	 */
	testcase_new_assertion();

	rc = funcs->C_SetPIN(session, new_pin, new_len, old_pin, old_len);
	if (rc != CKR_OK)
		testcase_fail("C_SetPIN #2 rc=%s", p11_get_ckr(rc));
	else
		testcase_pass("C_SetPIN successful.");

	if ((funcs->C_Logout(session)) != CKR_OK) {
		testcase_error("C_Logout #1 falied: rc=%s", p11_get_ckr(rc));
		goto testcase_cleanup;
	}
	if (rc != CKR_OK)	// above C_SetPIN failed.
		goto testcase_cleanup;

	/*
	 *  done with user tests...now try with the SO
	 */

	if (get_so_pin(old_pin))
		return CKR_FUNCTION_FAILED;

	/* try to call C_SetPIN from a normal user session */
	testcase_new_assertion();

	rc = funcs->C_Login(session, CKU_SO, old_pin, old_len);
	if (rc != CKR_OK) {
		testcase_error("C_Login #3failed: rc=%s", p11_get_ckr(rc));
		goto testcase_cleanup;
	}

	rc = funcs->C_SetPIN(session, old_pin, old_len, new_pin, new_len);
	if (rc != CKR_OK)
		testcase_fail("C_SetPIN #4 failed: rc=%s",  p11_get_ckr(rc));
	else
		testcase_pass("C_SetPIN successfully set SO PIN.");

	if ((funcs->C_Logout(session)) != CKR_OK) {
		testcase_error("C_Logout #3 failed.");
		goto testcase_cleanup;
	}

	if (rc != CKR_OK)	// above C_SetPIN failed
		goto testcase_cleanup;

	/* now login with new pin. should work. */
	testcase_new_assertion();

	rc = funcs->C_Login(session, CKU_SO, new_pin, new_len);
	if (rc != CKR_OK) {
		testcase_fail("C_Login #5 failed: rc=%s",  p11_get_ckr(rc));
	} else
		testcase_pass("C_Login #5 was successful.");

	/* change the PIN back to the original so the rest of this program
	 * doesn't break
	 */
	if (funcs->C_SetPIN(session, new_pin, new_len, old_pin, old_len) != CKR_OK)
		testcase_error("C_SetPIN #5 failed to set back to the original "
				"SO PIN, rc=%s", p11_get_ckr(rc));

	if ((funcs->C_Logout(session)) != CKR_OK)
		testcase_error("C_Logout #4 failed.");

testcase_cleanup:
	if (funcs->C_CloseSession(session) != CKR_OK)
		testcase_error("C_CloseSession #1 failed.");

	return rc;
}
Exemplo n.º 16
0
CK_RV do_InitPIN(void)
{
	CK_SLOT_ID slot_id;
	CK_FLAGS flags;
	CK_SESSION_HANDLE session;
	CK_CHAR so_pin[PKCS11_MAX_PIN_LEN];
	CK_CHAR user_pin[PKCS11_MAX_PIN_LEN];
	CK_ULONG so_pin_len;
	CK_ULONG user_pin_len;
	CK_RV rc;

	testcase_begin("Testing C_InitPIN");

	if (get_user_pin(user_pin))
		return CKR_FUNCTION_FAILED;
	user_pin_len = (CK_ULONG)strlen((char *)user_pin);

	if (get_so_pin(so_pin))
		return CKR_FUNCTION_FAILED;
	so_pin_len = (CK_ULONG)strlen((char *)so_pin);

	slot_id = SLOT_ID;
	flags   = CKF_SERIAL_SESSION | CKF_RW_SESSION;

	// try to call C_InitPIN from a public session
	testcase_new_assertion();
	rc = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
	if (rc != CKR_OK) {
		testcase_error("C_OpenSession rc=%s", p11_get_ckr(rc));
		return rc;
	}

	rc = funcs->C_InitPIN(session, user_pin, user_pin_len);
	if (rc != CKR_USER_NOT_LOGGED_IN) {
		testcase_fail("C_InitPIN returned %s instead of "
			      "CKR_USER_NOT_LOGGED_IN", p11_get_ckr(rc));
		goto testcase_cleanup;
	} else
		testcase_pass("C_InitPin correctly returned CKR_USER_NOT_LOGGED_IN.");

	// try to call C_InitPIN from an SO session
	testcase_new_assertion();
	rc = funcs->C_Login(session, CKU_SO, so_pin, so_pin_len);
	if (rc != CKR_OK) {
		testcase_error("C_Login #1 failed: rc=%s", p11_get_ckr(rc));
		goto testcase_cleanup;
	}

	rc = funcs->C_InitPIN(session, user_pin, user_pin_len);
	if (rc != CKR_OK)
		testcase_fail("C_InitPIN failed: rc=%s", p11_get_ckr(rc));
	else
		testcase_pass("C_InitPIN #1 was successful.");

	if ((funcs->C_Logout(session)) != CKR_OK) {
		testcase_error("C_Logout #1 failed.");
		if (rc != CKR_OK)
			goto testcase_cleanup;
	}

	// try to call C_InitPIN from a normal user session
	testcase_new_assertion();
	rc = funcs->C_Login( session, CKU_USER, user_pin, user_pin_len );
	if (rc != CKR_OK) {
		testcase_error("C_Login failed: rc=%s", p11_get_ckr(rc));
		goto testcase_cleanup;
	}

	rc = funcs->C_InitPIN(session, user_pin, user_pin_len);
	if (rc != CKR_USER_NOT_LOGGED_IN) {
		testcase_fail("C_InitPIN returned %s instead of "
			      "CKR_USER_NOT_LOGGED_IN.", p11_get_ckr(rc));
		rc = CKR_FUNCTION_FAILED;
	} else {
		testcase_pass("C_InitPIN #2 was successful.");
		rc = CKR_OK;
	}

	if  ((funcs->C_Logout(session)) != CKR_OK)
		testcase_error("C_Logout #2 rc=%s", p11_get_ckr(rc));

testcase_cleanup:
	if (funcs->C_CloseAllSessions(slot_id) != CKR_OK)
		testcase_error("C_CloseAllSessions #1 rc=%s", p11_get_ckr(rc));

	return rc;
}