void SymmetricAlgorithmTests::testNullTemplate() { CK_RV rv; CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN; CK_ULONG pinLength = sizeof(pin) - 1; CK_SESSION_HANDLE hSession; CK_MECHANISM mechanism1 = { CKM_DES3_KEY_GEN, NULL_PTR, 0 }; CK_MECHANISM mechanism2 = { CKM_AES_KEY_GEN, NULL_PTR, 0 }; CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; // Just make sure that we finalize any previous tests C_Finalize(NULL_PTR); // Initialize the library and start the test. rv = C_Initialize(NULL_PTR); CPPUNIT_ASSERT(rv == CKR_OK); // Open read-write session rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession); CPPUNIT_ASSERT(rv == CKR_OK); // Login USER into the sessions so we can create a private objects rv = C_Login(hSession, CKU_USER, pin, pinLength); CPPUNIT_ASSERT(rv==CKR_OK); rv = C_GenerateKey(hSession, &mechanism1, NULL_PTR, 0, &hKey); CPPUNIT_ASSERT(rv == CKR_OK); rv = C_DestroyObject(hSession, hKey); CPPUNIT_ASSERT(rv == CKR_OK); rv = C_GenerateKey(hSession, &mechanism2, NULL_PTR, 0, &hKey); CPPUNIT_ASSERT(rv == CKR_TEMPLATE_INCOMPLETE); }
CK_RV DeriveTests::generateDes2Key(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey) { CK_MECHANISM mechanism = { CKM_DES2_KEY_GEN, NULL_PTR, 0 }; // CK_BBOOL bFalse = CK_FALSE; CK_BBOOL bTrue = CK_TRUE; CK_ATTRIBUTE keyAttribs[] = { { CKA_TOKEN, &bToken, sizeof(bToken) }, { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) }, { CKA_SENSITIVE, &bTrue, sizeof(bTrue) }, { CKA_DERIVE, &bTrue, sizeof(bTrue) } }; hKey = CK_INVALID_HANDLE; return CRYPTOKI_F_PTR( C_GenerateKey(hSession, &mechanism, keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE), &hKey) ); }
CK_RV SymmetricAlgorithmTests::generateDes3Key(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey) { CK_MECHANISM mechanism = { CKM_DES3_KEY_GEN, NULL_PTR, 0 }; // CK_BBOOL bFalse = CK_FALSE; CK_BBOOL bTrue = CK_TRUE; CK_ATTRIBUTE keyAttribs[] = { { CKA_TOKEN, &bToken, sizeof(bToken) }, { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) }, { CKA_ENCRYPT, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, }; hKey = CK_INVALID_HANDLE; return C_GenerateKey(hSession, &mechanism, keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE), &hKey); }
void SymmetricAlgorithmTests::testNonModifiableDesKeyGeneration() { CK_RV rv; CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN; CK_ULONG pinLength = sizeof(pin) - 1; CK_SESSION_HANDLE hSession; CK_MECHANISM mechanism = { CKM_DES3_KEY_GEN, NULL_PTR, 0 }; CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; CK_BBOOL bFalse = CK_FALSE; CK_BBOOL bTrue = CK_TRUE; CK_BBOOL bToken = IN_SESSION; CK_ATTRIBUTE keyAttribs[] = { { CKA_TOKEN, &bToken, sizeof(bToken) }, { CKA_PRIVATE, &bTrue, sizeof(bTrue) }, { CKA_MODIFIABLE, &bTrue, sizeof(bTrue) }, { CKA_ENCRYPT, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, { CKA_WRAP, &bTrue, sizeof(bTrue) } }; // Just make sure that we finalize any previous tests C_Finalize(NULL_PTR); // Initialize the library and start the test. rv = C_Initialize(NULL_PTR); CPPUNIT_ASSERT(rv == CKR_OK); // Open read-write session rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession); CPPUNIT_ASSERT(rv == CKR_OK); // Login USER into the sessions so we can create a private objects rv = C_Login(hSession, CKU_USER, pin, pinLength); CPPUNIT_ASSERT(rv==CKR_OK); rv = C_GenerateKey(hSession, &mechanism, keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE), &hKey); CPPUNIT_ASSERT(rv == CKR_OK); rv = C_DestroyObject(hSession, hKey); CPPUNIT_ASSERT(rv == CKR_OK); // The C_GenerateKey call failed if CKA_MODIFIABLE was bFalse // This was a bug in the SoftHSM implementation keyAttribs[2].pValue = &bFalse; keyAttribs[2].ulValueLen = sizeof(bFalse); rv = C_GenerateKey(hSession, &mechanism, keyAttribs, sizeof(keyAttribs) / sizeof(CK_ATTRIBUTE), &hKey); // The call would fail with CKR_ATTRIBUTE_READ_ONLY CPPUNIT_ASSERT(rv == CKR_OK); // Now create a template where the CKA_MODIFIABLE attribute is last in the list CK_ATTRIBUTE keyAttribs1[] = { { CKA_TOKEN, &bToken, sizeof(bToken) }, { CKA_PRIVATE, &bTrue, sizeof(bTrue) }, { CKA_ENCRYPT, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, { CKA_WRAP, &bTrue, sizeof(bTrue) }, { CKA_MODIFIABLE, &bTrue, sizeof(bTrue) } }; rv = C_GenerateKey(hSession, &mechanism, keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE), &hKey); CPPUNIT_ASSERT(rv == CKR_OK); // Now when CKA_MODIFIABLE is bFalse the key generation succeeds keyAttribs1[2].pValue = &bFalse; keyAttribs1[2].ulValueLen = sizeof(bFalse); rv = C_GenerateKey(hSession, &mechanism, keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE), &hKey); CPPUNIT_ASSERT(rv == CKR_OK); }
static CK_RV CreateSecretKeyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_CHAR *objLabel){ CK_RV rv = CKR_OK; static CK_BBOOL ckTrue = TRUE; static CK_BBOOL ckFalse = FALSE; /* * This is the mechanism used to generate a 3DES secret key. The fields * of the structure are : * * CKM_DES3_KEY_GEN - Type of the mechanism. This informs the cryptoki * library that we want to create a 3DES key. * NULL - This field is the parameter field. Some mechanisms * require certain parameters to perform their * functions. CKM_DES3_KEY_GEN does not require a * parameter, hence the NULL value. * 0 - This field is the parameter length field. Since * this mechanism type does not require a parameter, * 0 is passed in as the length. */ static CK_MECHANISM mechanism = {CKM_DES3_KEY_GEN, NULL, 0}; /* * This is the attribute template, which lays out some of the attributes the * object will have when it is created. The object will also contain other * attributes, which are populated with default values. * The attributes in the template are : * * CKA_LABEL - Points to a char array containing what will be the label * of the key object. * * CKA_TOKEN - Points to a CK_BBOOL variable containing the value TRUE. * This object, therefore will be a token object, which * means it will persist on the token between sessions. * * CKA_ENCRYPT - Points to a CK_BBOOL variable containing the value TRUE. * This key, therefore will be able to encrypt data. * * CKA_DECRYPT - Points to a CK_BBOOL variable containing the value TRUE. * This key, therefore will be able to decrypt data. * * CKA_SIGN - Points to a CK_BBOOL variable containing the value TRUE. * This key, therefore will be able to sign data. * * CKA_VERIFY - Points to a CK_BBOOL variable containing the value TRUE. * This key, therefore will be able to verify signatures. * * Other attributes are explicitly set to FALSE to ensure that they are * not set to TRUE by default. * * The CKA_KEY_TYPE attribute is not set, since it is implied by the * mechanism. The same goes for the CKA_CLASS attribute. */ CK_ATTRIBUTE objectTemplate[] = { {CKA_LABEL, NULL, 0}, {CKA_TOKEN, &ckTrue, sizeof(CK_BBOOL)}, {CKA_ENCRYPT, &ckTrue, sizeof(CK_BBOOL)}, {CKA_DECRYPT, &ckTrue, sizeof(CK_BBOOL)}, {CKA_SIGN, &ckTrue, sizeof(CK_BBOOL)}, {CKA_VERIFY, &ckTrue, sizeof(CK_BBOOL)}, {CKA_EXPORT, &ckFalse, sizeof(CK_BBOOL)}, {CKA_IMPORT, &ckFalse, sizeof(CK_BBOOL)}, {CKA_WRAP, &ckFalse, sizeof(CK_BBOOL)}, {CKA_UNWRAP, &ckFalse, sizeof(CK_BBOOL)}, {CKA_EXPORTABLE, &ckFalse, sizeof(CK_BBOOL)}, {CKA_EXTRACTABLE, &ckFalse, sizeof(CK_BBOOL)}, {CKA_MODIFIABLE, &ckFalse, sizeof(CK_BBOOL)}, {CKA_SENSITIVE, &ckFalse, sizeof(CK_BBOOL)}, {CKA_DERIVE, &ckFalse, sizeof(CK_BBOOL)}, }; CK_SIZE objectSize = sizeof(objectTemplate) / sizeof(CK_ATTRIBUTE); CK_ATTRIBUTE* pAttr = NULL; /* Fill in the public key label */ pAttr = FindAttribute(CKA_LABEL, objectTemplate, objectSize); pAttr->pValue = objLabel; pAttr->ulValueLen = (CK_ULONG)strlen((char*)objLabel); rv = C_GenerateKey(hSession, &mechanism, objectTemplate, objectSize, phObject); CHECK_CK_RV_GOTO(rv, "C_GenerateKey", end); end: return rv; }