bool DeriveTests::compareSecret(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey1, CK_OBJECT_HANDLE hKey2)
{
CK_ATTRIBUTE keyAttribs[] = {
{ CKA_VALUE, NULL_PTR, 0 },
{ CKA_CHECK_VALUE, NULL_PTR, 0 }
};
CK_BYTE val1[128];
CK_BYTE check1[3];
keyAttribs[0].pValue = val1;
keyAttribs[0].ulValueLen = sizeof(val1);
keyAttribs[1].pValue = check1;
keyAttribs[1].ulValueLen = sizeof(check1);
CK_RV rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hKey1, keyAttribs, 2) );
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(keyAttribs[0].ulValueLen == 32);
CPPUNIT_ASSERT(keyAttribs[1].ulValueLen == 3);
CK_BYTE val2[128];
CK_BYTE check2[3];
keyAttribs[0].pValue = val2;
keyAttribs[0].ulValueLen = sizeof(val2);
keyAttribs[1].pValue = check2;
keyAttribs[1].ulValueLen = sizeof(check2);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hKey2, keyAttribs, 2) );
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(keyAttribs[0].ulValueLen == 32);
CPPUNIT_ASSERT(keyAttribs[1].ulValueLen == 3);
return memcmp(val1, val2, 32) == 0 &&
memcmp(check1, check2, 3) == 0;
}
void DeriveTests::dhDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_OBJECT_HANDLE &hKey)
{
CK_ATTRIBUTE valAttrib = { CKA_VALUE, NULL_PTR, 0 };
CK_RV rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPublicKey, &valAttrib, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
valAttrib.pValue = (CK_BYTE_PTR)malloc(valAttrib.ulValueLen);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPublicKey, &valAttrib, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
CK_MECHANISM mechanism = { CKM_DH_PKCS_DERIVE, NULL_PTR, 0 };
mechanism.pParameter = valAttrib.pValue;
mechanism.ulParameterLen = valAttrib.ulValueLen;
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_ULONG secLen = 32;
CK_ATTRIBUTE keyAttribs[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_PRIVATE, &bFalse, sizeof(bFalse) },
{ CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
{ CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) },
{ CKA_VALUE_LEN, &secLen, sizeof(secLen) }
};
hKey = CK_INVALID_HANDLE;
rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hPrivateKey,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hKey) );
free(valAttrib.pValue);
CPPUNIT_ASSERT(rv == CKR_OK);
}
CryptoPP::PK_Signer * initRSASigner (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
{
CK_RV ret = CKR_OK;
CryptoPP::Integer modulus, privateExponent;
CK_ATTRIBUTE rsaTemplate[]=
{
{CKA_MODULUS, NULL_PTR, 0},
{CKA_PRIVATE_EXPONENT, NULL_PTR, 0}
};
try
{
ret = C_GetAttributeValue(hSession, hObject, &rsaTemplate[0], 2);
if (ret != CKR_OK)
return NULL;
if (rsaTemplate[0].ulValueLen == (unsigned long)-1 ||
rsaTemplate[1].ulValueLen == (unsigned long)-1)
return NULL;
rsaTemplate[0].pValue = malloc(rsaTemplate[0].ulValueLen);
rsaTemplate[1].pValue = malloc(rsaTemplate[1].ulValueLen);
std::auto_ptr<byte> pValue1((byte *)rsaTemplate[0].pValue);
std::auto_ptr<byte> pValue2((byte *)rsaTemplate[1].pValue);
ret = C_GetAttributeValue(hSession, hObject, &rsaTemplate[0], 2);
if (ret != CKR_OK)
return NULL;
modulus.Decode((byte *) rsaTemplate[0].pValue, rsaTemplate[0].ulValueLen,
CryptoPP::Integer::SIGNED);
privateExponent.Decode((byte *) rsaTemplate[1].pValue,
rsaTemplate[1].ulValueLen, CryptoPP::Integer::SIGNED);
if (rsaTemplate[1].ulValueLen > 0)
{
CryptoPP::RSA::PrivateKey key;
key.SetModulus(modulus);
key.SetPrivateExponent(privateExponent);
return new CryptoPP::RSASSA_PKCS1v15_SHA_Signer(key);
}
}
catch(...)
{
/* do nothing */
}
return NULL;
}
/*
* PKCS_AcquirePublicKeyHandle
*
* Given an assymetric key keyblob, attempts to find the appropriate
* public key.
*
* Methods of finding the public key:
* - Public Key with data present:
* Parses the key and creates a temporary session object.
* - Public Key with handle:
* The handle is type converted and returned. Validity of the handle is
* not checked.
* - Public Key with label:
* Attempts to find a public key with the corresponding label.
*/
static KMF_RETURN
PKCS_AcquirePublicKeyHandle(CK_SESSION_HANDLE ckSession,
const KMF_X509_SPKI *pKey,
CK_KEY_TYPE ckRequestedKeyType,
CK_OBJECT_HANDLE *pckKeyHandle)
{
KMF_RETURN mrReturn = KMF_OK;
/* Key searching variables */
CK_OBJECT_HANDLE ckKeyHandle = 0;
CK_OBJECT_CLASS ckObjClass;
CK_KEY_TYPE ckKeyType;
CK_ATTRIBUTE ckTemplate[3];
CK_ULONG ckNumTemplates;
static const CK_ULONG ckMaxTemplates = (sizeof (ckTemplate) /
sizeof (CK_ATTRIBUTE));
CK_RV ckRv;
/* Extract the data from the SPKI into individual fields */
mrReturn = PKCS_CreatePublicKey(pKey, ckSession, &ckKeyHandle);
if (mrReturn != KMF_OK)
return (mrReturn);
/* Fetch the key class and algorithm from the object */
ckNumTemplates = 0;
if (!PKCS_AddTemplate(ckTemplate, &ckNumTemplates,
ckMaxTemplates, CKA_CLASS, (CK_BYTE *)&ckObjClass,
sizeof (ckObjClass)) ||
!PKCS_AddTemplate(ckTemplate, &ckNumTemplates,
ckMaxTemplates, CKA_KEY_TYPE, (CK_BYTE *)&ckKeyType,
sizeof (ckKeyType))) {
(void) C_DestroyObject(ckSession, ckKeyHandle);
return (KMF_ERR_INTERNAL);
}
ckRv = C_GetAttributeValue(ckSession, ckKeyHandle,
ckTemplate, ckNumTemplates);
if (ckRv != CKR_OK) {
(void) C_DestroyObject(ckSession, ckKeyHandle);
return (ckRv);
}
/* Make sure the results match the expected values */
if ((ckKeyType != ckRequestedKeyType) ||
(ckObjClass != CKO_PUBLIC_KEY)) {
(void) C_DestroyObject(ckSession, ckKeyHandle);
return (KMF_ERR_BAD_KEY_FORMAT);
}
/* Set the return values */
*pckKeyHandle = ckKeyHandle;
return (KMF_OK);
}
static unsigned char *get_key_serial_number(CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hIKey, unsigned char ksn[10])
{
CK_ATTRIBUTE ksn_template[] = {
{ CKA_DUKPT_KEY_SERIAL_NUMBER, ksn, 10 }
};
CK_RV rv = CKR_OK;
rv = C_GetAttributeValue(hSession, hIKey, ksn_template,
ARRAY_SIZE(ksn_template));
assert(rv == CKR_OK);
return ksn;
}
/*
* Query pkcs11 attributes
*/
static int
pkcs11_getattr_int(PKCS11_CTX * ctx, CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE o, CK_ATTRIBUTE_TYPE type, void *value,
size_t * size)
{
CK_ATTRIBUTE templ;
int rv;
templ.type = type;
templ.pValue = value;
templ.ulValueLen = *size;
rv = CRYPTOKI_call(ctx, C_GetAttributeValue(session, o, &templ, 1));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_GETATTR, rv);
*size = templ.ulValueLen;
return 0;
}
void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
{
CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_OBJECT_CLASS secretClass = CKO_SECRET_KEY;
CK_KEY_TYPE genKeyType = CKK_GENERIC_SECRET;
CK_BYTE keyPtr[128];
CK_ULONG keyLen =
mechanismType == CKM_AES_KEY_WRAP_PAD ? 125UL : 128UL;
CK_ATTRIBUTE attribs[] = {
{ CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) },
{ CKA_CLASS, &secretClass, sizeof(secretClass) },
{ CKA_KEY_TYPE, &genKeyType, sizeof(genKeyType) },
{ CKA_TOKEN, &bFalse, sizeof(bFalse) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_SENSITIVE, &bTrue, sizeof(bTrue) }, // Wrapping is allowed even on sensitive objects
{ CKA_VALUE, keyPtr, keyLen }
};
CK_OBJECT_HANDLE hSecret;
CK_RV rv;
rv = C_GenerateRandom(hSession, keyPtr, keyLen);
CPPUNIT_ASSERT(rv == CKR_OK);
hSecret = CK_INVALID_HANDLE;
rv = C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hSecret != CK_INVALID_HANDLE);
CK_BYTE_PTR wrappedPtr = NULL_PTR;
CK_ULONG wrappedLen = 0UL;
CK_ULONG zero = 0UL;
CK_ULONG rndKeyLen = keyLen;
if (mechanismType == CKM_AES_KEY_WRAP_PAD)
rndKeyLen = (keyLen + 7) & ~7;
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_KEY_UNEXTRACTABLE);
rv = C_DestroyObject(hSession, hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
attribs[0].pValue = &bTrue;
hSecret = CK_INVALID_HANDLE;
rv = C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hSecret != CK_INVALID_HANDLE);
// Estimate wrapped length
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(wrappedLen == rndKeyLen + 8);
wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen);
CPPUNIT_ASSERT(wrappedPtr != NULL_PTR);
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(wrappedLen == rndKeyLen + 8);
// This should always fail because wrapped data have to be longer than 0 bytes
zero = 0;
rv = C_WrapKey(hSession, &mechanism, hKey, hSecret, wrappedPtr, &zero);
CPPUNIT_ASSERT(rv == CKR_BUFFER_TOO_SMALL);
CK_ATTRIBUTE nattribs[] = {
{ CKA_CLASS, &secretClass, sizeof(secretClass) },
{ CKA_KEY_TYPE, &genKeyType, sizeof(genKeyType) },
{ CKA_TOKEN, &bFalse, sizeof(bFalse) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_ENCRYPT, &bFalse, sizeof(bFalse) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_SIGN, &bFalse,sizeof(bFalse) },
{ CKA_VERIFY, &bTrue, sizeof(bTrue) }
};
CK_OBJECT_HANDLE hNew;
hNew = CK_INVALID_HANDLE;
rv = C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nattribs, sizeof(nattribs)/sizeof(CK_ATTRIBUTE), &hNew);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hNew != CK_INVALID_HANDLE);
free(wrappedPtr);
wrappedPtr = NULL_PTR;
rv = C_DestroyObject(hSession, hSecret);
CPPUNIT_ASSERT(rv == CKR_OK);
#ifdef HAVE_AES_KEY_WRAP_PAD
if (mechanismType != CKM_AES_KEY_WRAP_PAD) return;
CK_OBJECT_HANDLE hRsa;
hRsa = CK_INVALID_HANDLE;
rv = generateRsaPrivateKey(hSession, CK_TRUE, CK_TRUE, hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE);
CK_OBJECT_CLASS privateClass = CKO_PRIVATE_KEY;
CK_KEY_TYPE rsaKeyType = CKK_RSA;
CK_BYTE_PTR p2Ptr = NULL_PTR;
CK_ULONG p2Len = 0UL;
CK_ATTRIBUTE rsaAttribs[] = {
{ CKA_CLASS, &privateClass, sizeof(privateClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_PRIME_2, NULL_PTR, 0UL }
};
rv = C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE));
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS));
CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY);
CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE));
CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA);
p2Len = rsaAttribs[2].ulValueLen;
p2Ptr = (CK_BYTE_PTR) malloc(2 * p2Len);
CPPUNIT_ASSERT(p2Ptr != NULL_PTR);
rsaAttribs[2].pValue = p2Ptr;
rsaAttribs[2].ulValueLen = p2Len;
rv = C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE));
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len);
rv = C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen);
CPPUNIT_ASSERT(wrappedPtr != NULL_PTR);
rv = C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_DestroyObject(hSession, hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
CK_ATTRIBUTE nRsaAttribs[] = {
{ CKA_CLASS, &privateClass, sizeof(privateClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_TOKEN, &bFalse, sizeof(bFalse) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_SIGN, &bFalse,sizeof(bFalse) },
{ CKA_UNWRAP, &bTrue, sizeof(bTrue) },
{ CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
{ CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) }
};
hRsa = CK_INVALID_HANDLE;
rv = C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nRsaAttribs, sizeof(nRsaAttribs)/sizeof(CK_ATTRIBUTE), &hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE);
rsaAttribs[2].pValue = p2Ptr + p2Len;
rv = C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE));
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS));
CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY);
CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE));
CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA);
CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len);
CPPUNIT_ASSERT(memcmp(p2Ptr, p2Ptr + p2Len, p2Len) == 0);
free(wrappedPtr);
free(p2Ptr);
rv = C_DestroyObject(hSession, hRsa);
CPPUNIT_ASSERT(rv == CKR_OK);
#endif
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
static bool initialized = false;
CK_SLOT_ID slot;
CK_ULONG count = 0, type;
CK_SLOT_ID_PTR slotlist = NULL;
CK_RV rv;
CK_SESSION_HANDLE session;
CK_ATTRIBUTE attrs[2];
CK_OBJECT_HANDLE object;
beid_set_fuzz_data(data, size, "3F00DF014031");
check_rv(C_Initialize(NULL));
do {
slotlist = realloc(slotlist, sizeof(CK_SLOT_ID) * count);
} while((rv = C_GetSlotList(CK_TRUE, slotlist, &count)) == CKR_BUFFER_TOO_SMALL);
check_rv_late("C_GetSlotList");
assert(count > 0);
check_rv(C_OpenSession(slotlist[0], CKF_SERIAL_SESSION, NULL, NULL, &session));
free(slotlist);
slotlist = NULL;
attrs[0].type = CKA_CLASS;
attrs[0].pValue = &type;
type = CKO_DATA;
attrs[0].ulValueLen = sizeof(CK_ULONG);
attrs[1].type = CKA_OBJECT_ID;
attrs[1].pValue = "id";
attrs[1].ulValueLen = strlen("id");
check_rv(C_FindObjectsInit(session, attrs, 2));
char *label_str = NULL;
char *value_str = NULL;
char *objid_str = NULL;
do {
char junk[1024];
CK_ATTRIBUTE data[3] = {
{CKA_LABEL, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0},
{CKA_OBJECT_ID, NULL_PTR, 0},
};
check_rv(C_FindObjects(session, &object, 1, &count));
if(!count) continue;
free(label_str);
free(value_str);
free(objid_str);
check_rv(C_GetAttributeValue(session, object, data, 3));
label_str = calloc(data[0].ulValueLen + 1, 1);
data[0].pValue = label_str;
value_str = calloc(data[1].ulValueLen + 1, 1);
data[1].pValue = value_str;
objid_str = calloc(data[2].ulValueLen + 1, 1);
data[2].pValue = objid_str;
check_rv(C_GetAttributeValue(session, object, data, 3));
snprintf(junk, sizeof(junk), "%s%s%s", label_str, value_str, objid_str);
} while(count);
printf("label: %s, objid: %s, value: %s\n", label_str, objid_str, value_str);
free(label_str);
free(value_str);
free(objid_str);
check_rv(C_CloseSession(session));
check_rv(C_Finalize(NULL));
return 0;
}
void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_OBJECT_HANDLE &hDerive, CK_MECHANISM_TYPE mechType, CK_KEY_TYPE keyType)
{
CK_RV rv;
CK_MECHANISM mechanism = { mechType, NULL_PTR, 0 };
CK_MECHANISM mechEncrypt = { CKM_VENDOR_DEFINED, NULL_PTR, 0 };
CK_KEY_DERIVATION_STRING_DATA param1;
CK_DES_CBC_ENCRYPT_DATA_PARAMS param2;
CK_AES_CBC_ENCRYPT_DATA_PARAMS param3;
CK_BYTE data[] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 0x23, 0x24,
0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
};
CK_ULONG secLen = 0;
switch (mechType)
{
case CKM_DES_ECB_ENCRYPT_DATA:
case CKM_DES3_ECB_ENCRYPT_DATA:
case CKM_AES_ECB_ENCRYPT_DATA:
param1.pData = &data[0];
param1.ulLen = sizeof(data);
mechanism.pParameter = ¶m1;
mechanism.ulParameterLen = sizeof(param1);
break;
case CKM_DES_CBC_ENCRYPT_DATA:
case CKM_DES3_CBC_ENCRYPT_DATA:
memcpy(param2.iv, "12345678", 8);
param2.pData = &data[0];
param2.length = sizeof(data);
mechanism.pParameter = ¶m2;
mechanism.ulParameterLen = sizeof(param2);
break;
case CKM_AES_CBC_ENCRYPT_DATA:
memcpy(param3.iv, "1234567890ABCDEF", 16);
param3.pData = &data[0];
param3.length = sizeof(data);
mechanism.pParameter = ¶m3;
mechanism.ulParameterLen = sizeof(param3);
break;
default:
CPPUNIT_FAIL("Invalid mechanism");
}
switch (keyType)
{
case CKK_GENERIC_SECRET:
secLen = 32;
break;
case CKK_DES:
mechEncrypt.mechanism = CKM_DES_ECB;
break;
case CKK_DES2:
case CKK_DES3:
mechEncrypt.mechanism = CKM_DES3_ECB;
break;
case CKK_AES:
mechEncrypt.mechanism = CKM_AES_ECB;
secLen = 32;
break;
default:
CPPUNIT_FAIL("Invalid key type");
}
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_ATTRIBUTE keyAttribs[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_PRIVATE, &bFalse, sizeof(bFalse) },
{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
{ CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) },
{ CKA_VALUE_LEN, &secLen, sizeof(secLen) }
};
hDerive = CK_INVALID_HANDLE;
if (secLen > 0)
{
rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hKey,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hDerive) );
}
else
{
rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hKey,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
&hDerive) );
}
CPPUNIT_ASSERT(rv == CKR_OK);
// Check that KCV has been set
CK_ATTRIBUTE checkAttribs[] = {
{ CKA_CHECK_VALUE, NULL_PTR, 0 }
};
CK_BYTE check[3];
checkAttribs[0].pValue = check;
checkAttribs[0].ulValueLen = sizeof(check);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hDerive, checkAttribs, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
CPPUNIT_ASSERT(checkAttribs[0].ulValueLen == 3);
if (keyType == CKK_GENERIC_SECRET) return;
CK_BYTE cipherText[300];
CK_ULONG ulCipherTextLen;
CK_BYTE recoveredText[300];
CK_ULONG ulRecoveredTextLen;
rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextLen = sizeof(cipherText);
rv = CRYPTOKI_F_PTR( C_Encrypt(hSession,data,sizeof(data),cipherText,&ulCipherTextLen) );
CPPUNIT_ASSERT(rv==CKR_OK);
rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,&mechEncrypt,hDerive) );
CPPUNIT_ASSERT(rv==CKR_OK);
ulRecoveredTextLen = sizeof(recoveredText);
rv = CRYPTOKI_F_PTR( C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen) );
CPPUNIT_ASSERT(rv==CKR_OK);
CPPUNIT_ASSERT(ulRecoveredTextLen==sizeof(data));
CPPUNIT_ASSERT(memcmp(data, recoveredText, sizeof(data)) == 0);
}
void DeriveTests::ecdhDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_OBJECT_HANDLE &hKey, bool useRaw)
{
CK_ATTRIBUTE valAttrib = { CKA_EC_POINT, NULL_PTR, 0 };
CK_RV rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPublicKey, &valAttrib, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
valAttrib.pValue = (CK_BYTE_PTR)malloc(valAttrib.ulValueLen);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPublicKey, &valAttrib, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
CK_ECDH1_DERIVE_PARAMS parms = { CKD_NULL, 0, NULL_PTR, 0, NULL_PTR };
// Use RAW or DER format
if (useRaw)
{
size_t offset = 0;
unsigned char* buf = (unsigned char*)valAttrib.pValue;
if (valAttrib.ulValueLen > 2 && buf[0] == 0x04)
{
if (buf[1] < 0x80)
{
offset = 2;
}
else
{
if (valAttrib.ulValueLen > ((buf[1] & 0x7F) + (unsigned int)2))
{
offset = 2 + (buf[1] & 0x7F);
}
}
}
parms.pPublicData = buf + offset;
parms.ulPublicDataLen = valAttrib.ulValueLen - offset;
}
else
{
parms.pPublicData = (unsigned char*)valAttrib.pValue;
parms.ulPublicDataLen = valAttrib.ulValueLen;
}
CK_MECHANISM mechanism = { CKM_ECDH1_DERIVE, NULL, 0 };
mechanism.pParameter = &parms;
mechanism.ulParameterLen = sizeof(parms);
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_ULONG secLen = 32;
CK_ATTRIBUTE keyAttribs[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_PRIVATE, &bFalse, sizeof(bFalse) },
{ CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
{ CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) },
{ CKA_VALUE_LEN, &secLen, sizeof(secLen) }
};
hKey = CK_INVALID_HANDLE;
rv = CRYPTOKI_F_PTR( C_DeriveKey(hSession, &mechanism, hPrivateKey,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hKey) );
free(valAttrib.pValue);
CPPUNIT_ASSERT(rv == CKR_OK);
}
FLAG ECCTest_out()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BBOOL isTrue = TRUE;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE Id[] = "MY_ECC_KEY";
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE CreateECCPubKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_ID, NULL_PTR, 0},
{CKA_EC_POINT, NULL_PTR, 0}
};
CK_ATTRIBUTE CreateECCPriKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_ID, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
printf("ECC Outside Encrypt and Decrypt!\n");
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
rv = C_CloseSession(hSession);
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
if (rv == 0)
{
CreateECCPubKey[0].pValue = malloc(CreateECCPubKey[0].ulValueLen);
if (CreateECCPubKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPubKey[1].pValue = malloc(CreateECCPubKey[1].ulValueLen);
if (CreateECCPubKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 1);
return -1;
}
CreateECCPubKey[2].pValue = malloc(CreateECCPubKey[2].ulValueLen);
if (CreateECCPubKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 2);
return -1;
}
CreateECCPubKey[3].pValue = malloc(CreateECCPubKey[3].ulValueLen);
if (CreateECCPubKey[3].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 3);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
rv = C_DestroyObject(hSession, hECCPubKey);
rv = C_CreateObject(hSession, CreateECCPubKey, 4, &hECCPubKey);
}
FreeAttribute(CreateECCPubKey, 4);
memset(indata, 0x33, 110);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
if (rv == 0)
{
CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
if (CreateECCPriKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
if (CreateECCPriKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 1);
return -1;
}
CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
if (CreateECCPriKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 2);
return -1;
}
CreateECCPriKey[3].pValue = malloc(CreateECCPriKey[3].ulValueLen);
if (CreateECCPriKey[3].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 3);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
rv = C_DestroyObject(hSession, hECCPriKey);
rv = C_CreateObject(hSession, CreateECCPriKey, 4, &hECCPriKey);
}
FreeAttribute(CreateECCPriKey, 4);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
rv = C_CloseSession(hSession);
if (memcmp(indata, temp, 110) == 0 && templength == 110)
{
printf("OK ECC OUT!\n");
}
else
{
printf("ERROR ECC OUT!\n");
}
return 0;
}
FLAG ECCTest_in()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE ECCPubLabel[] = "ECC_PUBLIC_KEY_7";
CK_BYTE ECCPriLabel[] = "ECC_PRIVATE_KEY_7";
CK_BBOOL isFalse = TRUE;
#if 0 /* CKA_LABEL TEST*/
CK_ATTRUBUTE ECCKeyLabel = {
CAK_LABEL,//type
ECCPub//value
//value_len
};
#endif /* END CAK_LABEL TEST*/
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_LABEL, &ECCPubLabel, sizeof(ECCPubLabel)},
{CKA_TOKEN, &isFalse, sizeof(isFalse)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_LABEL, &ECCPriLabel, sizeof(ECCPriLabel)},
{CKA_TOKEN, &isFalse, sizeof(isFalse)}
};
CK_ATTRIBUTE CreateECCPriKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
memset(indata, 0x31, 40);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
printf("ECC Inside Encrypt and Decrypt!\n");
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 40, outdata, &outlength);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
if (memcmp(indata, temp, 40) == 0 && templength == 40)
{
printf("OK ECC IN!\n");
}
else
{
printf("ERROR ECC IN!\n");
}
printf("ECC Crossing Encrypt and Decrypt!\n");
memset(indata, 0x33, 110);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
if (rv == 0)
{
CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
if (CreateECCPriKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
if (CreateECCPriKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 1);
return -1;
}
CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
if (CreateECCPriKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 2);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
rv = C_CreateObject(hSession, CreateECCPriKey, 3, &hECCPriKey);
}
FreeAttribute(CreateECCPriKey, 3);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
if (memcmp(indata, temp, 110) == 0 && templength == 110)
{
printf("OK ECC Crossing!\n");
}
else
{
printf("ERROR ECC Crossing!\n");
}
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
C_CloseSession(hSession);
return 0;
}
HRESULT Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_FindObjectEnum::FindObjects___SZARRAY_MicrosoftSPOTCryptokiCryptokiObject__I4( CLR_RT_StackFrame& stack )
{
TINYCLR_HEADER();
CLR_RT_HeapBlock* pThis = stack.This();
CLR_RT_HeapBlock* pSession = pThis[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_FindObjectEnum::FIELD__m_session].Dereference();
CLR_RT_HeapBlock ref, *pRef;
CK_SESSION_HANDLE hSession;
CK_ULONG cntObj = (CK_ULONG)stack.Arg1().NumericByRef().u4;
CK_OBJECT_HANDLE objs[128];
CK_OBJECT_CLASS objType = CKO_DATA;
CLR_INT32 i;
CLR_RT_TypeDef_Index objIndex = g_CLR_RT_WellKnownTypes.m_CryptokiObject;
BOOL isKey = FALSE;
CK_ATTRIBUTE attribs[] =
{
{ CKA_CLASS, &objType, sizeof(objType) },
};
FAULT_ON_NULL(pSession);
if(cntObj > ARRAYSIZE(objs)) TINYCLR_SET_AND_LEAVE(CLR_E_OUT_OF_RANGE);
hSession = pSession[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_Session::FIELD__m_handle].NumericByRef().u4;
CRYPTOKI_CHECK_RESULT(stack, C_FindObjects(hSession, objs, cntObj, &cntObj ));
CRYPTOKI_CHECK_RESULT(stack, C_GetAttributeValue(hSession, objs[0], attribs, ARRAYSIZE(attribs)));
SwapEndianAndAssignIfBEc32(objType, objType);
switch(objType)
{
case CKO_CERTIFICATE:
objIndex = g_CLR_RT_WellKnownTypes.m_CryptokiCertificate;
break;
case CKO_PRIVATE_KEY:
case CKO_PUBLIC_KEY:
case CKO_SECRET_KEY:
case CKO_OTP_KEY:
objIndex = g_CLR_RT_WellKnownTypes.m_CryptoKey;
isKey = TRUE;
break;
}
TINYCLR_CHECK_HRESULT(CLR_RT_HeapBlock_Array::CreateInstance(ref, (CLR_UINT32)cntObj, objIndex));
if(cntObj == 0)
{
stack.SetResult_Object(ref.DereferenceArray());
TINYCLR_SET_AND_LEAVE(S_OK);
}
pRef = (CLR_RT_HeapBlock*)ref.DereferenceArray()->GetFirstElement();
for(i=0; i<(INT32)cntObj; i++)
{
CLR_RT_HeapBlock *pObject;
TINYCLR_CHECK_HRESULT(g_CLR_RT_ExecutionEngine.NewObjectFromIndex( *pRef, objIndex ));
pObject = pRef->Dereference();
pObject[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_CryptokiObject::FIELD__m_handle ].SetInteger((CLR_INT32)objs[i]);
pObject[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_SessionContainer::FIELD__m_session ].SetObjectReference(pSession);
pObject[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_SessionContainer::FIELD__m_ownsSession ].SetBoolean(false);
pObject[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_SessionContainer::FIELD__m_isDisposed ].SetBoolean(false);
pObject[Library_security_pkcs11_native_Microsoft_SPOT_Cryptoki_SessionContainer::FIELD__m_isSessionClosing].SetBoolean(false);
if(isKey)
{
CK_ULONG keySize = (CK_ULONG)-1;
CK_ULONG keyType = (CK_ULONG)-1;
CK_ATTRIBUTE attribs[] =
{
{ CKA_VALUE_BITS, &keySize, sizeof(keySize) },
{ CKA_KEY_TYPE , &keyType, sizeof(keyType) },
};
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_keyType].NumericByRef().s4 = SwapEndianIfBEc32(keyType);
C_GetAttributeValue(hSession, objs[i], attribs, ARRAYSIZE(attribs));
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_length].NumericByRef().u4 = SwapEndianIfBEc32(keySize);
switch(objType)
{
case CKO_PRIVATE_KEY:
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_privateKeyHandle].NumericByRef().u4 = objs[i];
break;
case CKO_PUBLIC_KEY:
case CKO_SECRET_KEY:
default:
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_privateKeyHandle].NumericByRef().u4 = CK_OBJECT_HANDLE_INVALID;
break;
}
}
else if(objType == CKO_CERTIFICATE)
{
CK_ULONG keySize = (CK_ULONG)-1;
CK_ULONG keyType = (CK_ULONG)-1;
BOOL isPrivate = FALSE;
CK_ATTRIBUTE attribs[] =
{
{ CKA_VALUE_BITS, &keySize, sizeof(keySize)},
{ CKA_KEY_TYPE , &keyType, sizeof(keyType)},
{ CKA_PRIVATE , &isPrivate, sizeof(isPrivate)},
};
C_GetAttributeValue(hSession, objs[i], attribs, ARRAYSIZE(attribs));
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_keyType].NumericByRef().s4 = SwapEndianIfBEc32(keyType);
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_length].NumericByRef().u4 = SwapEndianIfBEc32(keySize);
if(isPrivate == TRUE)
{
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_privateKeyHandle].NumericByRef().u4 = objs[i];
}
else
{
pObject[Library_security_pkcs11_native_System_Security_Cryptography_CryptoKey::FIELD__m_privateKeyHandle].NumericByRef().u4 = CK_OBJECT_HANDLE_INVALID;
}
}
pRef++;
}
stack.SetResult_Object(ref.DereferenceArray());
TINYCLR_NOCLEANUP();
}
CK_RV
dump_object (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
{
CK_RV err;
CK_OBJECT_CLASS obj_class;
CK_ATTRIBUTE attr_class = { CKA_CLASS, &obj_class, sizeof (obj_class) };
err = C_GetAttributeValue (session, object, &attr_class, 1);
if (err)
return err;
printf (" Object Class: %lu = ", obj_class);
switch (obj_class)
{
#define MAX_CERT_LEN 4096
case CKO_CERTIFICATE:
{
CK_CERTIFICATE_TYPE cert_type;
CK_BBOOL cert_token;
CK_BBOOL cert_private;
CK_BBOOL cert_modifiable;
CK_BYTE cert_label[MAX_CERT_LEN];
CK_BBOOL cert_trusted;
CK_ULONG cert_cc;
CK_BYTE cert_check[3];
CK_DATE cert_sdate;
CK_DATE cert_edate;
CK_BYTE cert_subject[MAX_CERT_LEN];
CK_BYTE cert_id[MAX_CERT_LEN];
CK_BYTE cert_issuer[MAX_CERT_LEN];
CK_BYTE cert_serial[MAX_CERT_LEN];
CK_BYTE cert_value[MAX_CERT_LEN];
CK_ULONG cert_jm;
/* Note that the order is encoded below in the various length
checks. */
CK_ATTRIBUTE cert_attr[]
= { { CKA_CERTIFICATE_TYPE, &cert_type, sizeof (cert_type) },
{ CKA_TOKEN, &cert_token, sizeof (cert_token) },
{ CKA_PRIVATE, &cert_private, sizeof (cert_private) },
{ CKA_MODIFIABLE, &cert_modifiable, sizeof (cert_modifiable) },
{ CKA_LABEL, &cert_label, sizeof (cert_label) },
{ CKA_TRUSTED, &cert_trusted, sizeof (cert_trusted) },
{ CKA_CERTIFICATE_CATEGORY, &cert_cc, sizeof (cert_cc) },
{ CKA_CHECK_VALUE, &cert_check, sizeof (cert_check) },
{ CKA_START_DATE, &cert_sdate, sizeof (cert_sdate) },
{ CKA_END_DATE, &cert_edate, sizeof (cert_edate) },
{ CKA_SUBJECT, &cert_subject, sizeof (cert_subject) },
{ CKA_ID, &cert_id, sizeof (cert_id) },
{ CKA_ISSUER, &cert_issuer, sizeof (cert_issuer) },
{ CKA_SERIAL_NUMBER, &cert_serial, sizeof (cert_serial) },
{ CKA_VALUE, cert_value, sizeof (cert_value) },
{ CKA_URL, NULL, 0 },
{ CKA_HASH_OF_SUBJECT_PUBLIC_KEY, NULL, 0 },
{ CKA_HASH_OF_ISSUER_PUBLIC_KEY, NULL, 0 },
{ CKA_JAVA_MIDP_SECURITY_DOMAIN, &cert_jm, sizeof (cert_jm) } };
printf ("CKO_CERTIFICATE\n");
err = C_GetAttributeValue (session, object,
cert_attr, DIM (cert_attr));
if (err)
return err;
fail_if_err ((cert_attr[0].ulValueLen != sizeof (cert_type)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Type: %lu = ", cert_type);
switch (cert_type)
{
case CKC_X_509:
printf ("CKC_X_509");
break;
case CKC_WTLS:
printf ("CKC_WTLS");
break;
case CKC_X_509_ATTR_CERT:
printf ("CKC_X_509_ATTR_CERT");
break;
default:
printf ("(unknown");
break;
}
printf ("\n");
fail_if_err ((cert_attr[1].ulValueLen != sizeof (cert_token)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Token: %s\n",
cert_token ? "true" : "false");
fail_if_err ((cert_attr[2].ulValueLen != sizeof (cert_private)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Private: %s\n",
cert_private ? "true" : "false");
fail_if_err ((cert_attr[3].ulValueLen != sizeof (cert_modifiable)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Modifiable: %s\n",
cert_modifiable ? "true" : "false");
printf (" Certificate Label: Length %lu\n",
cert_attr[4].ulValueLen);
err = dump_one (&cert_attr[4], cert_label, sizeof (cert_label));
fail_if_err (err);
fail_if_err ((cert_attr[5].ulValueLen != sizeof (cert_trusted)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Trusted: %s\n",
cert_trusted ? "true" : "false");
fail_if_err ((cert_attr[6].ulValueLen != sizeof (cert_cc)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Category: %lu = ", cert_cc);
switch (cert_cc)
{
case 0:
printf ("unspecified");
break;
case 1:
printf ("token user");
break;
case 2:
printf ("authority");
break;
case 3:
printf ("other entity");
break;
default:
printf ("(unknown)");
break;
}
printf ("\n");
fail_if_err ((cert_attr[7].ulValueLen != sizeof (cert_check)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Check Value: %02x%02x%02x\n",
cert_check[0], cert_check[1], cert_check[2]);
if (cert_attr[8].ulValueLen && cert_attr[9].ulValueLen)
{
fail_if_err ((cert_attr[8].ulValueLen != sizeof (cert_sdate)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Start Date: %.4s/%.2s/%.2s\n",
cert_sdate.year, cert_sdate.month, cert_sdate.day);
fail_if_err ((cert_attr[9].ulValueLen != sizeof (cert_edate)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate End Date: %.4s/%.2s/%.2s\n",
cert_edate.year, cert_edate.month, cert_edate.day);
}
printf (" Certificate Subject: Length %lu\n",
cert_attr[10].ulValueLen);
err = dump_one (&cert_attr[10], cert_subject, sizeof (cert_subject));
fail_if_err (err);
printf (" Certificate ID: Length %lu\n",
cert_attr[11].ulValueLen);
err = dump_one (&cert_attr[11], cert_id, sizeof (cert_id));
fail_if_err (err);
printf (" Certificate Issuer: Length %lu\n",
cert_attr[12].ulValueLen);
err = dump_one (&cert_attr[12], cert_issuer, sizeof (cert_issuer));
fail_if_err (err);
printf (" Certificate Serial Number: Length %lu\n",
cert_attr[13].ulValueLen);
err = dump_one (&cert_attr[13], cert_serial, sizeof (cert_serial));
fail_if_err (err);
printf (" Certificate Value: Length %lu\n",
cert_attr[14].ulValueLen);
err = dump_one (&cert_attr[14], cert_value, sizeof (cert_value));
fail_if_err (err);
fail_if_err ((cert_attr[15].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);
fail_if_err ((cert_attr[16].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);
fail_if_err ((cert_attr[17].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);
fail_if_err ((cert_attr[18].ulValueLen != sizeof (cert_jm)) ?
CKR_GENERAL_ERROR : 0);
printf (" Certificate Java MIDP Security Domain: %lu = ", cert_jm);
switch (cert_jm)
{
case 0:
printf ("unspecified");
break;
case 1:
printf ("manufacturer");
break;
case 2:
printf ("operator");
break;
case 3:
printf ("third party");
break;
default:
printf ("(unknown)");
break;
}
printf ("\n");
}
break;
case CKO_PRIVATE_KEY:
{
CK_KEY_TYPE key_type;
CK_BBOOL key_token;
CK_BBOOL key_private;
CK_BBOOL key_modifiable;
CK_BYTE key_label[MAX_CERT_LEN];
CK_BYTE key_id[MAX_CERT_LEN];
CK_DATE key_sdate;
CK_DATE key_edate;
CK_BBOOL key_derive;
CK_BBOOL key_local;
CK_MECHANISM_TYPE key_gen;
CK_MECHANISM_TYPE key_mechanisms[1]; /* FIXME, hard-coded constant. */
CK_BYTE key_subject[MAX_CERT_LEN];
CK_BBOOL key_sensitive;
CK_BBOOL key_decrypt;
CK_BBOOL key_sign;
CK_BBOOL key_sign_recover;
CK_BBOOL key_unwrap;
CK_BBOOL key_extractable;
CK_BBOOL key_always_sensitive;
CK_BBOOL key_never_extractable;
CK_BBOOL key_wrap_with_trusted;
CK_BBOOL key_always_authenticate;
CK_BYTE key_modulus[MAX_CERT_LEN];
CK_BYTE key_public_exp[MAX_CERT_LEN];
/* Note that the order is encoded below in the various length
checks. */
CK_ATTRIBUTE key_attr[]
= { { CKA_KEY_TYPE, &key_type, sizeof (key_type) },
{ CKA_TOKEN, &key_token, sizeof (key_token) },
{ CKA_PRIVATE, &key_private, sizeof (key_private) },
{ CKA_MODIFIABLE, &key_modifiable, sizeof (key_modifiable) },
{ CKA_LABEL, &key_label, sizeof (key_label) },
{ CKA_ID, &key_id, sizeof (key_id) },
{ CKA_START_DATE, &key_sdate, sizeof (key_sdate) },
{ CKA_END_DATE, &key_edate, sizeof (key_edate) },
{ CKA_DERIVE, &key_derive, sizeof (key_derive) },
{ CKA_LOCAL, &key_local, sizeof (key_local) },
{ CKA_KEY_GEN_MECHANISM, &key_gen, sizeof (key_gen) },
{ CKA_ALLOWED_MECHANISMS, &key_mechanisms,
sizeof (key_mechanisms) },
{ CKA_SUBJECT, &key_subject, sizeof (key_subject) },
{ CKA_SENSITIVE, &key_sensitive, sizeof (key_sensitive) },
{ CKA_DECRYPT, &key_decrypt, sizeof (key_decrypt) },
{ CKA_SIGN, &key_sign, sizeof (key_sign) },
{ CKA_SIGN_RECOVER, &key_sign_recover,
sizeof (key_sign_recover) },
{ CKA_UNWRAP, &key_unwrap, sizeof (key_unwrap) },
{ CKA_EXTRACTABLE, &key_extractable, sizeof (key_extractable) },
{ CKA_ALWAYS_SENSITIVE, &key_always_sensitive,
sizeof (key_always_sensitive) },
{ CKA_NEVER_EXTRACTABLE, &key_never_extractable,
sizeof (key_never_extractable) },
{ CKA_WRAP_WITH_TRUSTED, &key_wrap_with_trusted,
sizeof (key_wrap_with_trusted) },
{ CKA_UNWRAP_TEMPLATE, NULL, 0 },
{ CKA_ALWAYS_AUTHENTICATE, &key_always_authenticate,
sizeof (key_always_authenticate) },
{ CKA_MODULUS, &key_modulus, sizeof (key_modulus) },
{ CKA_PUBLIC_EXPONENT, &key_public_exp,
sizeof (key_public_exp) } };
printf ("CKO_PRIVATE_KEY\n");
err = C_GetAttributeValue (session, object,
key_attr, DIM (key_attr));
if (err)
return err;
fail_if_err ((key_attr[0].ulValueLen != sizeof (key_type)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Type: %lu = ", key_type);
switch (key_type)
{
case CKK_RSA:
printf ("CKK_RSA");
break;
case CKK_DSA:
printf ("CKK_DSA");
break;
default:
printf ("(unknown");
break;
}
printf ("\n");
fail_if_err ((key_attr[1].ulValueLen != sizeof (key_token)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Token: %s\n",
key_token ? "true" : "false");
fail_if_err ((key_attr[2].ulValueLen != sizeof (key_private)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Private: %s\n",
key_private ? "true" : "false");
fail_if_err ((key_attr[3].ulValueLen != sizeof (key_modifiable)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Modifiable: %s\n",
key_modifiable ? "true" : "false");
printf (" Key Label: Length %lu\n",
key_attr[4].ulValueLen);
err = dump_one (&key_attr[4], key_label, sizeof (key_label));
fail_if_err (err);
printf (" Key ID: Length %lu\n",
key_attr[5].ulValueLen);
err = dump_one (&key_attr[5], key_id, sizeof (key_id));
fail_if_err (err);
if (key_attr[6].ulValueLen && key_attr[7].ulValueLen)
{
fail_if_err ((key_attr[6].ulValueLen != sizeof (key_sdate)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Start Date: %.4s/%.2s/%.2s\n",
key_sdate.year, key_sdate.month, key_sdate.day);
fail_if_err ((key_attr[7].ulValueLen != sizeof (key_edate)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key End Date: %.4s/%.2s/%.2s\n",
key_edate.year, key_edate.month, key_edate.day);
}
fail_if_err ((key_attr[8].ulValueLen != sizeof (key_derive)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Derive: %s\n",
key_derive ? "true" : "false");
fail_if_err ((key_attr[9].ulValueLen != sizeof (key_local)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Local: %s\n",
key_local ? "true" : "false");
fail_if_err ((key_attr[10].ulValueLen != sizeof (key_gen)) ?
CKR_GENERAL_ERROR : 0);
/* FIXME: Print Mechanism. */
printf (" Key Gen Mechanism: %lu\n", key_gen);
/* FIXME: Print supported mechanisms. 11 */
printf (" Key Subject: Length %lu\n",
key_attr[12].ulValueLen);
err = dump_one (&key_attr[12], key_subject, sizeof (key_subject));
fail_if_err (err);
fail_if_err ((key_attr[13].ulValueLen != sizeof (key_sensitive)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Sensitive: %s\n",
key_sensitive ? "true" : "false");
fail_if_err ((key_attr[14].ulValueLen != sizeof (key_decrypt)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Decrypt: %s\n",
key_decrypt ? "true" : "false");
fail_if_err ((key_attr[15].ulValueLen != sizeof (key_sign)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Sign: %s\n",
key_sign ? "true" : "false");
fail_if_err ((key_attr[16].ulValueLen != sizeof (key_sign_recover)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Sign Recover: %s\n",
key_sign_recover ? "true" : "false");
fail_if_err ((key_attr[17].ulValueLen != sizeof (key_unwrap)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Unwrap: %s\n",
key_unwrap ? "true" : "false");
fail_if_err ((key_attr[18].ulValueLen != sizeof (key_extractable)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Extractable: %s\n",
key_extractable ? "true" : "false");
fail_if_err ((key_attr[19].ulValueLen
!= sizeof (key_always_sensitive)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Always Sensitive: %s\n",
key_always_sensitive ? "true" : "false");
fail_if_err ((key_attr[20].ulValueLen
!= sizeof (key_never_extractable)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Never Extractable: %s\n",
key_never_extractable ? "true" : "false");
fail_if_err ((key_attr[21].ulValueLen
!= sizeof (key_wrap_with_trusted)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Wrap With Trusted: %s\n",
key_wrap_with_trusted ? "true" : "false");
fail_if_err ((key_attr[22].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);
fail_if_err ((key_attr[23].ulValueLen
!= sizeof (key_always_authenticate)) ?
CKR_GENERAL_ERROR : 0);
printf (" Key Always Authenticate: %s\n",
key_always_authenticate ? "true" : "false");
printf (" Key Modulus: Length %lu\n",
key_attr[24].ulValueLen);
err = dump_one (&key_attr[24], key_modulus, sizeof (key_modulus));
fail_if_err (err);
printf (" Key Subject: Length %lu\n",
key_attr[25].ulValueLen);
err = dump_one (&key_attr[25], key_public_exp,
sizeof (key_public_exp));
fail_if_err (err);
}
break;
default:
printf ("(unknown)\n");
}
return 0;
}
KMF_RETURN
PKCS_EncryptData(KMF_HANDLE_T kmfh,
KMF_ALGORITHM_INDEX AlgorithmId,
KMF_X509_SPKI *keyp,
KMF_DATA *plaintext,
KMF_DATA *ciphertext)
{
KMF_RETURN rv = KMF_OK;
CK_RV ckRv;
CK_MECHANISM ckMechanism;
CK_MECHANISM_TYPE mechtype;
CK_KEY_TYPE keytype;
CK_OBJECT_HANDLE ckKeyHandle = 0;
CK_SESSION_HANDLE ckSession = NULL;
CK_ULONG out_len = 0, in_len = 0, total_encrypted = 0;
uint8_t *in_data, *out_data;
int i, blocks, block_size;
CK_ATTRIBUTE ckTemplate[2];
CK_ULONG ckNumTemplates;
CK_ULONG ckMaxTemplates = (sizeof (ckTemplate) /
sizeof (CK_ATTRIBUTE));
if (get_pk11_data(AlgorithmId, &keytype, &mechtype, NULL, 0))
return (KMF_ERR_BAD_ALGORITHM);
rv = kmf_create_pk11_session(&ckSession, mechtype, CKF_ENCRYPT);
if (rv != KMF_OK)
return (rv);
/* Get the public key used in encryption */
rv = PKCS_AcquirePublicKeyHandle(ckSession, keyp,
keytype, &ckKeyHandle);
if (rv != KMF_OK) {
(void) C_CloseSession(ckSession);
return (rv);
}
/* Get the modulus length */
ckNumTemplates = 0;
if (!PKCS_AddTemplate(ckTemplate, &ckNumTemplates, ckMaxTemplates,
CKA_MODULUS, (CK_BYTE *)NULL, sizeof (CK_ULONG))) {
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
ckRv = C_GetAttributeValue(ckSession, ckKeyHandle,
ckTemplate, ckNumTemplates);
if (ckRv != CKR_OK) {
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
out_len = ckTemplate[0].ulValueLen;
if (out_len > ciphertext->Length) {
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
(void) C_CloseSession(ckSession);
return (KMF_ERR_BUFFER_SIZE);
}
ckMechanism.mechanism = mechtype;
ckMechanism.pParameter = NULL_PTR;
ckMechanism.ulParameterLen = 0;
/* Compute the fixed input data length for single-part encryption */
block_size = out_len - 11;
in_data = plaintext->Data;
out_data = ciphertext->Data;
blocks = plaintext->Length/block_size;
for (i = 0; i < blocks; i++) {
ckRv = C_EncryptInit(ckSession, &ckMechanism, ckKeyHandle);
if (ckRv != CKR_OK) {
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
ckRv = C_Encrypt(ckSession, (CK_BYTE_PTR)in_data, block_size,
(CK_BYTE_PTR)out_data, &out_len);
if (ckRv != CKR_OK) {
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
out_data += out_len;
total_encrypted += out_len;
in_data += block_size;
}
if (plaintext->Length % block_size) {
/* Encrypt the remaining data */
ckRv = C_EncryptInit(ckSession, &ckMechanism, ckKeyHandle);
if (ckRv != CKR_OK) {
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
in_len = plaintext->Length % block_size;
ckRv = C_Encrypt(ckSession, (CK_BYTE_PTR)in_data, in_len,
(CK_BYTE_PTR)out_data, &out_len);
if (ckRv != CKR_OK) {
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
(void) C_CloseSession(ckSession);
return (KMF_ERR_INTERNAL);
}
out_data += out_len;
total_encrypted += out_len;
in_data += in_len;
}
ciphertext->Length = total_encrypted;
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
(void) C_CloseSession(ckSession);
return (rv);
}
/*
* Utility routine for verifying generic data using
* the cryptographic framework (PKCS#11).
* There are situations where we want to force this
* operation to happen in a specific keystore.
* For example:
* libelfsign.so.1 verifies signatures on crypto libraries.
* We must use pkcs11 functions to verify the pkcs11
* plugins in order to keep the validation within the
* Cryptographic Framework's FIPS-140 boundary. To avoid
* a circular dependency, pksc11_softtoken.so.1 is
* interposed by libkcfd.so.1 via kcfd, which prevents
* libpkcs11.so.1's interfaces from being used when libkmf.so.1
* is called from kcfd.
*
* This also saves code and time because verify operations
* only use public keys and do not need acccess to any
* keystore specific functions.
*/
KMF_RETURN
PKCS_VerifyData(KMF_HANDLE_T handle,
KMF_ALGORITHM_INDEX AlgorithmId,
KMF_X509_SPKI *keyp,
KMF_DATA *data,
KMF_DATA *signature)
{
KMF_RETURN rv = KMF_OK;
CK_RV ckRv;
KMF_HANDLE *kmfh = (KMF_HANDLE *)handle;
CK_MECHANISM ckMechanism;
CK_MECHANISM_TYPE mechtype, hashmech;
CK_OBJECT_HANDLE ckKeyHandle = 0;
CK_KEY_TYPE pk11keytype;
CK_SESSION_HANDLE ckSession = 0;
CK_ATTRIBUTE subprime = { CKA_SUBPRIME, NULL, 0 };
CK_BYTE *dataptr;
CK_ULONG datalen;
KMF_DATA hashData = { 0, NULL };
uchar_t digest[1024];
if (AlgorithmId == KMF_ALGID_NONE)
return (KMF_ERR_BAD_ALGORITHM);
if (get_pk11_data(AlgorithmId, &pk11keytype, &mechtype, &hashmech, 1))
return (KMF_ERR_BAD_ALGORITHM);
/*
* Verify in metaslot/softtoken since only the public key is needed
* and not all hardware tokens support the combined [hash]-RSA/DSA/EC
* mechanisms.
*/
rv = kmf_create_pk11_session(&ckSession, mechtype, 0);
if (rv != KMF_OK)
return (rv);
/* Fetch the verifying key */
rv = PKCS_AcquirePublicKeyHandle(ckSession, keyp,
pk11keytype, &ckKeyHandle);
if (rv != KMF_OK) {
(void) C_CloseSession(ckSession);
return (rv);
}
dataptr = data->Data;
datalen = data->Length;
/*
* For some mechanisms, we must compute the hash separately
* and then do the verify.
*/
if (hashmech != 0 &&
(mechtype == CKM_ECDSA ||
mechtype == CKM_DSA ||
mechtype == CKM_RSA_PKCS)) {
hashData.Data = digest;
hashData.Length = sizeof (digest);
rv = PKCS_DigestData(handle, ckSession,
hashmech, data, &hashData,
(mechtype == CKM_RSA_PKCS));
if (rv)
goto cleanup;
dataptr = hashData.Data;
datalen = hashData.Length;
}
if (mechtype == CKM_DSA &&
hashmech == CKM_SHA256) {
/*
* FIPS 186-3 says that when using DSA
* the hash must be truncated to the size of the
* subprime.
*/
ckRv = C_GetAttributeValue(ckSession,
ckKeyHandle, &subprime, 1);
if (ckRv != CKR_OK) {
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
rv = KMF_ERR_INTERNAL;
goto cleanup;
}
datalen = subprime.ulValueLen;
}
ckMechanism.mechanism = mechtype;
ckMechanism.pParameter = NULL;
ckMechanism.ulParameterLen = 0;
ckRv = C_VerifyInit(ckSession, &ckMechanism, ckKeyHandle);
if (ckRv != CKR_OK) {
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
rv = KMF_ERR_INTERNAL;
goto cleanup;
}
ckRv = C_Verify(ckSession,
dataptr, datalen,
(CK_BYTE *)signature->Data,
(CK_ULONG)signature->Length);
if (ckRv != CKR_OK) {
kmfh->lasterr.kstype = KMF_KEYSTORE_PK11TOKEN;
kmfh->lasterr.errcode = ckRv;
rv = KMF_ERR_INTERNAL;
}
cleanup:
if (ckKeyHandle != 0)
(void) C_DestroyObject(ckSession, ckKeyHandle);
(void) C_CloseSession(ckSession);
return (rv);
}
