CK_RV Login()
{
char *s;
s = getpass("You must input user pin before login:"******"\nCan't use your pin login to Token ,Error code 0x%08X\n", rv);
return rv;
}
else
{
printf("Success Login to Token\n");
return rv;
}
}
void SymmetricAlgorithmTests::setUp()
{
// printf("\nObjectTests\n");
setenv("SOFTHSM2_CONF", "./softhsm2.conf", 1);
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
CK_ULONG sopinLength = sizeof(sopin) - 1;
CK_SESSION_HANDLE hSession;
CK_UTF8CHAR label[32];
memset(label, ' ', 32);
memcpy(label, "token1", strlen("token1"));
// (Re)initialize the token
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_InitToken(SLOT_INIT_TOKEN, sopin,sopinLength, label);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login SO
rv = C_Login(hSession,CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
// Initialize the user pin
rv = C_InitPIN(hSession, pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
}
void SymmetricAlgorithmTests::testDesEncryptDecrypt()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
// CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
// CK_ULONG sopinLength = sizeof(sopin) - 1;
CK_SESSION_HANDLE hSessionRO;
CK_SESSION_HANDLE hSessionRW;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Open read-only session on when the token is not initialized should fail
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-only session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = C_Login(hSessionRO,CKU_USER,pin,pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
// Generate all combinations of session/token keys.
rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
desEncryptDecrypt(CKM_DES_ECB,hSessionRO,hKey);
desEncryptDecrypt(CKM_DES_CBC,hSessionRO,hKey);
CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
// Generate all combinations of session/token keys.
rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
CPPUNIT_ASSERT(rv == CKR_OK);
des3EncryptDecrypt(CKM_DES3_ECB,hSessionRO,hKey2);
des3EncryptDecrypt(CKM_DES3_CBC,hSessionRO,hKey2);
CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
// Generate all combinations of session/token keys.
rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
CPPUNIT_ASSERT(rv == CKR_OK);
des3EncryptDecrypt(CKM_DES3_ECB,hSessionRO,hKey3);
des3EncryptDecrypt(CKM_DES3_CBC,hSessionRO,hKey3);
}
void SymmetricAlgorithmTests::testAesWrapUnwrap()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
// CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
// CK_ULONG sopinLength = sizeof(sopin) - 1;
CK_SESSION_HANDLE hSession;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the session so we can create a private object
rv = C_Login(hSession,CKU_USER,pin,pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
// Generate a wrapping session public key
rv = generateAesKey(hSession,IN_SESSION,IS_PUBLIC,hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
aesWrapUnwrap(CKM_AES_KEY_WRAP, hSession, hKey);
#ifdef HAVE_AES_KEY_WRAP_PAD
aesWrapUnwrap(CKM_AES_KEY_WRAP_PAD, hSession, hKey);
#endif
}
void UserTests::testLogout()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_SO1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_SESSION_HANDLE hSession;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
rv = C_Logout(hSession);
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession, CKU_SO, pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Logout(CK_INVALID_HANDLE);
CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);
rv = C_Logout(hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Logout(hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
}
void SymmetricAlgorithmTests::testNullTemplate()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_SESSION_HANDLE hSession;
CK_MECHANISM mechanism1 = { CKM_DES3_KEY_GEN, NULL_PTR, 0 };
CK_MECHANISM mechanism2 = { CKM_AES_KEY_GEN, NULL_PTR, 0 };
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = C_Login(hSession, CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
rv = C_GenerateKey(hSession, &mechanism1, NULL_PTR, 0, &hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_DestroyObject(hSession, hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_GenerateKey(hSession, &mechanism2, NULL_PTR, 0, &hKey);
CPPUNIT_ASSERT(rv == CKR_TEMPLATE_INCOMPLETE);
}
int open_session_and_login()
{
CK_RV rv = CKR_OK;
rv = C_Initialize(NULL_PTR);
if (CKR_OK != rv)
return EXIT_FAILURE;
rv = C_OpenSession(FEPKCS11_APP0_TOKEN_SLOT_ID,
CKF_RW_SESSION | CKF_SERIAL_SESSION,
NULL,
NULL,
&hSession);
if (CKR_OK != rv) {
C_Finalize(NULL_PTR);
return EXIT_FAILURE;
}
rv = C_Login(hSession, CKU_USER, NULL_PTR, 0);
if (CKR_OK != rv) {
C_CloseSession(hSession);
C_Finalize(NULL_PTR);
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
CK_RV RunC_Login(
CK_SESSION_HANDLE hSession, // the session's handle
CK_USER_TYPE userType, // the user type
CK_CHAR_PTR pPin, // the user's PIN
CK_ULONG ulPinLen // the length of the PIN)
)
{
//convert ANSI to UTF8
CK_ULONG ulPinUtf8_length = 0;
char *pszPinUtf8 = NULL;
if(ulPinLen > 0)
{
ulPinUtf8_length = AppStringToUtf8String((const char *)pPin,ulPinLen, NULL);
if(ulPinUtf8_length > 0)
{
pszPinUtf8 = new char[ulPinUtf8_length+1];
memset(pszPinUtf8, 0x00, ulPinUtf8_length+1);
AppStringToUtf8String((const char *)pPin,ulPinLen, pszPinUtf8);
}
}
//end convert
CK_RV rv = C_Login(hSession, userType, (unsigned char *)pszPinUtf8, ulPinUtf8_length);
if (CKR_USER_ALREADY_LOGGED_IN == rv)
rv = CKR_OK;
if(pszPinUtf8 != NULL)
{
delete[] pszPinUtf8;
pszPinUtf8 = NULL;
}
return rv;
}
void
login(CK_SESSION_HANDLE session, CK_BYTE *pin) {
CK_RV rv;
if (pin) {
rv = C_Login(session, CKU_USER, pin, strlen((char *) pin));
check_return_value(rv, "log in");
}
}
void CPKCSDemoDlg::OnBtnKeypairgen()
{
StartOP();
CK_TOKEN_INFO tokenInfo = {0};
CK_RV rv = C_GetTokenInfo(m_pSlotList[0], &tokenInfo);
if (CKR_OK != rv)
{
ShowMsg(NEWLINE"Can not get token information!"NEWLINE);
return;
}
DlgUserPIN* dlgUserPIN = new DlgUserPIN;
dlgUserPIN->DoModal();
delete dlgUserPIN;
if("" == g_strUserPIN)
{
ShowMsg(NEWLINE"You should enter User PIN before generating RSA Key pair!"NEWLINE);
return;
}
CK_ULONG ulPIN = g_strUserPIN.GetLength();
CK_BYTE_PTR pPIN = (CK_BYTE_PTR)g_strUserPIN.GetBuffer(ulPIN);
::SetCursor(::LoadCursor(NULL, IDC_WAIT));
rv = C_Login(m_hSession, CKU_USER, pPIN, ulPIN);
if(CKR_OK != rv)
{
ShowErr(NEWLINE"Can't use your User PIN login to token ,ErrorCode: 0x%08X."NEWLINE, rv);
return;
}
else
ShowMsg(NEWLINE"Logging in to token Successfully!"NEWLINE);
::SetCursor(::LoadCursor(NULL, IDC_WAIT));
rv = C_GenerateKeyPair(
m_hSession, &keyGenMechanism,
pubTemplate, countof(pubTemplate),
priTemplate, countof(priTemplate),
&m_hPubKey, &m_hPriKey);
if(CKR_OK != rv)
{
ShowErr(NEWLINE"Can't generate RSA key pair, ErrorCode: 0x%08X."NEWLINE, rv);
return;
}
else
{
m_btnKeyPairGen.EnableWindow(FALSE);
m_btnSign.EnableWindow(TRUE);
m_btnEncrypt.EnableWindow(TRUE);
ShowMsg(NEWLINE"Generate Key Pair Successfully!"NEWLINE);
ShowMsg(NEWLINE"Now you can Sign, Verify, Encrypt and Decrypt by using the Key Pair!"NEWLINE);
m_bKeyGen = TRUE;
}
}
/*
* Authenticate a private the key operation if needed
*/
int pkcs11_authenticate(PKCS11_KEY *key)
{
PKCS11_KEY_private *kpriv = PRIVKEY(key);
PKCS11_TOKEN *token = KEY2TOKEN(key);
PKCS11_SLOT *slot = TOKEN2SLOT(token);
PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
PKCS11_CTX *ctx = SLOT2CTX(slot);
char pin[MAX_PIN_LENGTH+1];
UI *ui;
int rv;
/* Handle CKF_PROTECTED_AUTHENTICATION_PATH */
if (token->secureLogin) {
rv = CRYPTOKI_call(ctx,
C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, NULL, 0));
return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
}
/* Call UI to ask for a PIN */
ui = UI_new_method(kpriv->ui_method);
if (ui == NULL)
return PKCS11_UI_FAILED;
if (kpriv->ui_user_data != NULL)
UI_add_user_data(ui, kpriv->ui_user_data);
memset(pin, 0, MAX_PIN_LENGTH+1);
if (!UI_add_input_string(ui, "PKCS#11 key PIN: ",
UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) {
UI_free(ui);
return PKCS11_UI_FAILED;
}
if (UI_process(ui)) {
UI_free(ui);
return PKCS11_UI_FAILED;
}
UI_free(ui);
/* Login with the PIN */
rv = CRYPTOKI_call(ctx,
C_Login(spriv->session, CKU_CONTEXT_SPECIFIC,
(CK_UTF8CHAR *)pin, strlen(pin)));
OPENSSL_cleanse(pin, MAX_PIN_LENGTH+1);
return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
}
static void crypto_token_login(CK_SESSION_HANDLE_PTR phSession)
{
CK_RV rv = CKR_OK;
rv = C_Initialize(NULL_PTR);
assert(rv == CKR_OK);
rv = C_OpenSession(FEPKCS11_APP0_TOKEN_SLOT_ID,
CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, phSession);
assert(rv == CKR_OK);
rv = C_Login(*phSession, CKU_USER, NULL_PTR, 0);
assert(rv == CKR_OK);
}
void TestsBase::setUp() {
TestsNoPINInitBase::setUp();
CK_SESSION_HANDLE hSession;
// Open session
CPPUNIT_ASSERT( CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession)==CKR_OK ) );
// Login SO
CPPUNIT_ASSERT( CRYPTOKI_F_PTR( C_Login(hSession,CKU_SO, m_soPin1, m_soPin1Length)==CKR_OK ) );
// Initialize the user pin
CPPUNIT_ASSERT( CRYPTOKI_F_PTR( C_InitPIN(hSession, m_userPin1, m_userPin1Length)==CKR_OK ) );
}
/*
* Authenticate with the card. relogin should be set if we automatically
* relogin after a fork.
*/
static
int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin)
{
PKCS11_SLOT_private *priv = PRIVSLOT(slot);
PKCS11_CTX *ctx = priv->parent;
int rv;
if (relogin == 0) {
CHECK_SLOT_FORK(slot);
/* Calling PKCS11_login invalidates all cached
* keys we have */
if (slot->token) {
pkcs11_destroy_keys(slot->token, CKO_PRIVATE_KEY);
pkcs11_destroy_keys(slot->token, CKO_PUBLIC_KEY);
}
if (priv->loggedIn) {
/* already logged in, log out first */
if (PKCS11_logout(slot))
return -1;
}
}
if (!priv->haveSession) {
/* SO gets a r/w session by default,
* user gets a r/o session by default. */
if (pkcs11_open_session(slot, so, relogin))
return -1;
}
rv = CRYPTOKI_call(ctx,
C_Login(priv->session, so ? CKU_SO : CKU_USER,
(CK_UTF8CHAR *) pin, pin ? strlen(pin) : 0));
if (rv && rv != CKR_USER_ALREADY_LOGGED_IN) /* logged in -> OK */
CRYPTOKI_checkerr(PKCS11_F_PKCS11_LOGIN, rv);
priv->loggedIn = 1;
if (priv->prev_pin != pin) {
if (priv->prev_pin) {
OPENSSL_cleanse(priv->prev_pin, strlen(priv->prev_pin));
OPENSSL_free(priv->prev_pin);
}
priv->prev_pin = BUF_strdup(pin);
}
priv->prev_so = so;
return 0;
}
void EncryptDecryptTests::testRsaEncryptDecrypt()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
CK_ULONG sopinLength = sizeof(sopin) - 1;
CK_SESSION_HANDLE hSessionRO;
CK_SESSION_HANDLE hSessionRW;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Open read-only session on when the token is not initialized should fail
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-only session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = C_Login(hSessionRO,CKU_USER,pin,pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;
// Generate all combinations of session/token public/private key pairs.
rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPublicKey,hPrivateKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rsaEncryptDecrypt(CKM_RSA_PKCS,hSessionRO,hPublicKey,hPrivateKey);
rsaEncryptDecrypt(CKM_RSA_X_509,hSessionRO,hPublicKey,hPrivateKey);
rsaEncryptDecrypt(CKM_RSA_PKCS_OAEP,hSessionRO,hPublicKey,hPrivateKey);
}
void AsymEncryptDecryptTests::testRsaEncryptDecrypt()
{
CK_RV rv;
CK_SESSION_HANDLE hSessionRO;
CK_SESSION_HANDLE hSessionRW;
// Just make sure that we finalize any previous tests
CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
// Open read-only session on when the token is not initialized should fail
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
// Initialize the library and start the test.
rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-only session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
CPPUNIT_ASSERT(rv==CKR_OK);
CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;
// Generate all combinations of session/token public/private key pairs.
rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPublicKey,hPrivateKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rsaOAEPParams(hSessionRO,hPublicKey);
rsaEncryptDecrypt(CKM_RSA_PKCS,hSessionRO,hPublicKey,hPrivateKey);
rsaEncryptDecrypt(CKM_RSA_X_509,hSessionRO,hPublicKey,hPrivateKey);
rsaEncryptDecrypt(CKM_RSA_PKCS_OAEP,hSessionRO,hPublicKey,hPrivateKey);
}
void SymmetricAlgorithmTests::testNonModifiableDesKeyGeneration()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_SESSION_HANDLE hSession;
CK_MECHANISM mechanism = { CKM_DES3_KEY_GEN, NULL_PTR, 0 };
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
CK_BBOOL bFalse = CK_FALSE;
CK_BBOOL bTrue = CK_TRUE;
CK_BBOOL bToken = IN_SESSION;
CK_ATTRIBUTE keyAttribs[] =
{
{ CKA_TOKEN, &bToken, sizeof(bToken) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_MODIFIABLE, &bTrue, sizeof(bTrue) },
{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_WRAP, &bTrue, sizeof(bTrue) }
};
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = C_Login(hSession, CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
&hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_DestroyObject(hSession, hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
// The C_GenerateKey call failed if CKA_MODIFIABLE was bFalse
// This was a bug in the SoftHSM implementation
keyAttribs[2].pValue = &bFalse;
keyAttribs[2].ulValueLen = sizeof(bFalse);
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs, sizeof(keyAttribs) / sizeof(CK_ATTRIBUTE),
&hKey);
// The call would fail with CKR_ATTRIBUTE_READ_ONLY
CPPUNIT_ASSERT(rv == CKR_OK);
// Now create a template where the CKA_MODIFIABLE attribute is last in the list
CK_ATTRIBUTE keyAttribs1[] =
{
{ CKA_TOKEN, &bToken, sizeof(bToken) },
{ CKA_PRIVATE, &bTrue, sizeof(bTrue) },
{ CKA_ENCRYPT, &bTrue, sizeof(bTrue) },
{ CKA_DECRYPT, &bTrue, sizeof(bTrue) },
{ CKA_WRAP, &bTrue, sizeof(bTrue) },
{ CKA_MODIFIABLE, &bTrue, sizeof(bTrue) }
};
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE),
&hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
// Now when CKA_MODIFIABLE is bFalse the key generation succeeds
keyAttribs1[2].pValue = &bFalse;
keyAttribs1[2].ulValueLen = sizeof(bFalse);
rv = C_GenerateKey(hSession, &mechanism,
keyAttribs1, sizeof(keyAttribs1) / sizeof(CK_ATTRIBUTE),
&hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
}
void UserTests::testLogin()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
CK_ULONG sopinLength = sizeof(sopin) - 1;
CK_SESSION_HANDLE hSession[2];
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Set up user PIN
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession[0]);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_USER_PIN_NOT_INITIALIZED);
rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_InitPIN(hSession[0], pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
C_Finalize(NULL_PTR);
rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession[0]);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(CK_INVALID_HANDLE, CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);
rv = C_Login(hSession[0], CKU_SO, NULL_PTR, sopinLength);
CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);
rv = C_Login(hSession[0], CKU_SO, sopin, 0);
CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession[1]);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY_EXISTS);
rv = C_CloseSession(hSession[1]);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
rv = C_Logout(hSession[0]);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_SO, sopin, sopinLength);
CPPUNIT_ASSERT(rv == CKR_USER_ALREADY_LOGGED_IN);
rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
rv = C_Logout(hSession[0]);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_USER, pin, pinLength - 1);
CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);
rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession[0], CKU_USER, pin, pinLength);
CPPUNIT_ASSERT(rv == CKR_USER_ALREADY_LOGGED_IN);
}
void UserTests::testSetPIN()
{
CK_RV rv;
CK_UTF8CHAR pin1[] = SLOT_0_USER1_PIN;
CK_ULONG pin1Length = sizeof(pin1) - 1;
CK_UTF8CHAR pin2[] = SLOT_0_USER2_PIN;
CK_ULONG pin2Length = sizeof(pin2) - 1;
CK_UTF8CHAR so1pin[] = SLOT_0_SO1_PIN;
CK_ULONG so1pinLength = sizeof(so1pin) - 1;
CK_UTF8CHAR so2pin[] = SLOT_0_SO2_PIN;
CK_ULONG so2pinLength = sizeof(so2pin) - 1;
CK_SESSION_HANDLE hSession;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Set up user PIN
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession, CKU_SO, so1pin, so1pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_InitPIN(hSession, pin1, pin1Length);
CPPUNIT_ASSERT(rv == CKR_OK);
C_Finalize(NULL_PTR);
rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_SetPIN(CK_INVALID_HANDLE, pin1, pin1Length, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);
rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
rv = C_CloseSession(hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_SetPIN(hSession, NULL_PTR, pin1Length, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);
rv = C_SetPIN(hSession, pin1, pin1Length, NULL_PTR, pin2Length);
CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);
rv = C_SetPIN(hSession, pin1, pin1Length, pin2, 0);
CPPUNIT_ASSERT(rv == CKR_PIN_LEN_RANGE);
rv = C_SetPIN(hSession, pin2, pin2Length, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);
rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession, CKU_USER, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_SetPIN(hSession, pin1, pin1Length, pin2, pin2Length);
CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);
rv = C_SetPIN(hSession, pin2, pin2Length, pin1, pin1Length);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession, CKU_SO, so1pin, so1pinLength);
CPPUNIT_ASSERT(rv == CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
rv = C_Logout(hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_Login(hSession, CKU_SO, so1pin, so1pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_SetPIN(hSession, so2pin, so2pinLength, so2pin, so2pinLength);
CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);
rv = C_SetPIN(hSession, so1pin, so1pinLength, so2pin, so2pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = C_SetPIN(hSession, so1pin, so1pinLength, so1pin, so1pinLength);
CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);
rv = C_SetPIN(hSession, so2pin, so2pinLength, so1pin, so1pinLength);
CPPUNIT_ASSERT(rv == CKR_OK);
}
int main(int argc, char const *argv[]){
CK_RV rv = CKR_OK;
CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
CK_SLOT_ID slotId = 0;
FILE *file;
FILE *file_out;
char * key_name;
char command;
if (argc !=3) {
printf("Wrong arguments\n");
printf("Usage:\n");
printf("\t%s <command> <key name>\n", argv[0]);
printf("\t\te - encode\n\t\td - decode\n\n");
return 1;
}
/* read the command and key name arguments from the command line */
command = argv[1][0];
key_name = argv[2];
/* Initialise the cryptoki API */
printf( "Initializing Cryptoki API ... " );
rv = C_Initialize(NULL);
CHECK_CK_RV_GOTO(rv, "C_Initialize", end);
printf( "OK\n" );
/* Obtain a session so we can perform cryptoki operations */
printf( "Obtaining a session ... " );
rv = C_OpenSession(slotId, CKF_RW_SESSION, NULL, NULL, &hSession);
CHECK_CK_RV_GOTO(rv, "C_OpenSession", end);
printf( "OK\n" );
printf("Using key: %s\n", key_name);
/* Login as a user with a PIN */
printf( "Logining as a user with a PIN ... " );
rv = C_Login(hSession, CKU_USER, (CK_CHAR_PTR)USERPIN, (CK_SIZE) strlen((char*)USERPIN));
CHECK_CK_RV_GOTO(rv, "C_Login as User", end);
printf( "OK\n" );
printf("Creating 3DES secret key ... ");
rv = CreateSecretKeyObject(hSession, &hKey, key_name);
CHECK_CK_RV_GOTO(rv, "CreateSecretKeyObject", end);
printf("OK\n");
printf("Finding 3DES key ... ");
rv = findObject(hSession, CKO_SECRET_KEY, key_name, &hKey);
CHECK_CK_RV_GOTO(rv, "findObject", end);
printf("OK\n");
switch(command) {
case 'e':
printf("Opening file... ");
file = fopen("input.txt", "rb");
if (!file) {
printf("file not found\n");
return 1;
} else {
file_out = fopen("output.txt", "wb");
printf("ok\n");
}
printf("Encrypting file with 3DES ... ");
rv = encryptDataLoop(file, file_out, hSession, hKey);
CHECK_CK_RV_GOTO(rv, "encryptDataLoop", end);
printf("OK\n");
fclose(file);
fclose(file_out);
break;
case 'd':
printf("Opening file... ");
file = fopen("output.txt", "rb");
if (!file) {
printf("file not found\n");
return 1;
} else {
file_out = fopen("output2.txt", "wb");
printf("ok\n");
}
printf("Decrypting file with 3DES ... ");
rv = decryptDataLoop(file, file_out, hSession, hKey);
CHECK_CK_RV_GOTO(rv, "decryptDataLoop", end);
printf("OK\n");
fclose(file);
fclose(file_out);
break;
default:
printf("Unknown command: %s\n", argv[1]);
}
/** Destroying the 3DES key */
printf("Destrying the 3DES key ... ");
rv = C_DestroyObject(hSession, hKey);
CHECK_CK_RV_GOTO(rv, "DestroyObject", end);
printf("OK\n");
/* We've finished our work, close the session */
printf( "Closing the session ... " );
rv = C_CloseSession(hSession);
CHECK_CK_RV_GOTO(rv, "C_CloseSession", end);
printf("OK\n");
/* We no longer need the cryptoki API ... */
printf( "Finilizing the cryptoki ... " );
rv = C_Finalize(NULL);
CHECK_CK_RV_GOTO(rv, "C_Finalize", end);
printf("OK\n");
end:
if (rv != CKR_OK)
{
fprintf(stderr,
"Error performing create key operation : 0x%lx\n",
rv);
/* Clean up... we don't care if there are any errors.
*/
if (hSession != CK_INVALID_HANDLE) C_CloseSession(hSession);
C_Finalize(NULL);
}
return rv;
}
void DeriveTests::testSymDerive()
{
CK_RV rv;
CK_SESSION_HANDLE hSessionRO;
CK_SESSION_HANDLE hSessionRW;
// Just make sure that we finalize any previous tests
CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
// Open read-only session on when the token is not initialized should fail
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
// Initialize the library and start the test.
rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-only session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create private objects
rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Generate base key
#ifndef WITH_FIPS
CK_OBJECT_HANDLE hKeyDes = CK_INVALID_HANDLE;
#endif
CK_OBJECT_HANDLE hKeyDes2 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hKeyDes3 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hKeyAes = CK_INVALID_HANDLE;
#ifndef WITH_FIPS
rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes);
CPPUNIT_ASSERT(rv == CKR_OK);
#endif
rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes2);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes3);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateAesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyAes);
CPPUNIT_ASSERT(rv == CKR_OK);
// Derive keys
CK_OBJECT_HANDLE hDerive = CK_INVALID_HANDLE;
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_AES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_AES);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_AES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_AES);
}
void DeriveTests::testEcdhDerive()
{
CK_RV rv;
CK_SESSION_HANDLE hSessionRO;
CK_SESSION_HANDLE hSessionRW;
// Just make sure that we finalize any previous tests
CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
// Open read-only session on when the token is not initialized should fail
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
// Initialize the library and start the test.
rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-only session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Public Session keys
CK_OBJECT_HANDLE hPuk1 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hPrk1 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hPuk2 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hPrk2 = CK_INVALID_HANDLE;
rv = generateEcKeyPair("P-256",hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPuk1,hPrk1);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateEcKeyPair("P-256",hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPuk2,hPrk2);
CPPUNIT_ASSERT(rv == CKR_OK);
CK_OBJECT_HANDLE hKey1 = CK_INVALID_HANDLE;
ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));
// Private Session Keys
rv = generateEcKeyPair("P-384",hSessionRW,IN_SESSION,IS_PRIVATE,IN_SESSION,IS_PRIVATE,hPuk1,hPrk1);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateEcKeyPair("P-384",hSessionRW,IN_SESSION,IS_PRIVATE,IN_SESSION,IS_PRIVATE,hPuk2,hPrk2);
CPPUNIT_ASSERT(rv == CKR_OK);
ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));
// Public Token Keys
rv = generateEcKeyPair("P-521",hSessionRW,ON_TOKEN,IS_PUBLIC,ON_TOKEN,IS_PUBLIC,hPuk1,hPrk1);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateEcKeyPair("P-521",hSessionRW,ON_TOKEN,IS_PUBLIC,ON_TOKEN,IS_PUBLIC,hPuk2,hPrk2);
CPPUNIT_ASSERT(rv == CKR_OK);
ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));
// Private Token Keys
rv = generateEcKeyPair("P-256",hSessionRW,ON_TOKEN,IS_PRIVATE,ON_TOKEN,IS_PRIVATE,hPuk1,hPrk1);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateEcKeyPair("P-256",hSessionRW,ON_TOKEN,IS_PRIVATE,ON_TOKEN,IS_PRIVATE,hPuk2,hPrk2);
CPPUNIT_ASSERT(rv == CKR_OK);
ecdhDerive(hSessionRW,hPuk1,hPrk2,hKey1,true);
ecdhDerive(hSessionRW,hPuk2,hPrk1,hKey2,false);
CPPUNIT_ASSERT(compareSecret(hSessionRW,hKey1,hKey2));
}
void ECCSpeedTest()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BBOOL isTrue = FALSE;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE Id[] = "MY_ECC_KEY";
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
CK_ULONG i = 0;
LARGE_INTEGER Frequency;
LARGE_INTEGER StartNum;
LARGE_INTEGER EndNum;
double Second;
memset(indata, 0x42, 111);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
QueryPerformanceFrequency(&Frequency);
QueryPerformanceCounter(&StartNum);
for (i=0; i<LOOPTIMES; i++)
{
C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
}
QueryPerformanceCounter(&EndNum);
Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart);
printf("Generate ECC Key Time is: %03f s\n", Second/LOOPTIMES);
QueryPerformanceCounter(&StartNum);
for (i=0; i<LOOPTIMES; i++)
{
C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
C_Encrypt(hSession, indata, 111, outdata, &outlength);
C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
C_Decrypt(hSession, outdata, outlength, temp, &templength);
}
QueryPerformanceCounter(&EndNum);
Second = (double)(((EndNum.QuadPart - StartNum.QuadPart)+0.0)/Frequency.QuadPart);
printf("ECC Encrypt and Decrypt Time is: %03f s\n", Second/LOOPTIMES);
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
C_CloseSession(hSession);
}
FLAG ECCTest_out()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BBOOL isTrue = TRUE;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE Id[] = "MY_ECC_KEY";
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_ID, &Id, strlen(Id)},
{CKA_TOKEN, &isTrue, sizeof(isTrue)}
};
CK_ATTRIBUTE CreateECCPubKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_ID, NULL_PTR, 0},
{CKA_EC_POINT, NULL_PTR, 0}
};
CK_ATTRIBUTE CreateECCPriKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_ID, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
printf("ECC Outside Encrypt and Decrypt!\n");
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
rv = C_CloseSession(hSession);
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
if (rv == 0)
{
CreateECCPubKey[0].pValue = malloc(CreateECCPubKey[0].ulValueLen);
if (CreateECCPubKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPubKey[1].pValue = malloc(CreateECCPubKey[1].ulValueLen);
if (CreateECCPubKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 1);
return -1;
}
CreateECCPubKey[2].pValue = malloc(CreateECCPubKey[2].ulValueLen);
if (CreateECCPubKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 2);
return -1;
}
CreateECCPubKey[3].pValue = malloc(CreateECCPubKey[3].ulValueLen);
if (CreateECCPubKey[3].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPubKey, 3);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPubKey, CreateECCPubKey, 4);
rv = C_DestroyObject(hSession, hECCPubKey);
rv = C_CreateObject(hSession, CreateECCPubKey, 4, &hECCPubKey);
}
FreeAttribute(CreateECCPubKey, 4);
memset(indata, 0x33, 110);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
if (rv == 0)
{
CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
if (CreateECCPriKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
if (CreateECCPriKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 1);
return -1;
}
CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
if (CreateECCPriKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 2);
return -1;
}
CreateECCPriKey[3].pValue = malloc(CreateECCPriKey[3].ulValueLen);
if (CreateECCPriKey[3].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 3);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 4);
rv = C_DestroyObject(hSession, hECCPriKey);
rv = C_CreateObject(hSession, CreateECCPriKey, 4, &hECCPriKey);
}
FreeAttribute(CreateECCPriKey, 4);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
rv = C_CloseSession(hSession);
if (memcmp(indata, temp, 110) == 0 && templength == 110)
{
printf("OK ECC OUT!\n");
}
else
{
printf("ERROR ECC OUT!\n");
}
return 0;
}
FLAG ECCTest_in()
{
CK_RV rv = 0;
CK_SLOT_ID SlotId = 0;
CK_SESSION_HANDLE hSession = 0;
CK_ULONG ECCPubKeyClass = CKO_PUBLIC_KEY;
CK_ULONG ECCPriKeyClass = CKO_PRIVATE_KEY;
CK_BYTE ECCPubLabel[] = "ECC_PUBLIC_KEY_7";
CK_BYTE ECCPriLabel[] = "ECC_PRIVATE_KEY_7";
CK_BBOOL isFalse = TRUE;
#if 0 /* CKA_LABEL TEST*/
CK_ATTRUBUTE ECCKeyLabel = {
CAK_LABEL,//type
ECCPub//value
//value_len
};
#endif /* END CAK_LABEL TEST*/
CK_ATTRIBUTE ECCPubKey[] = {
{CKA_CLASS, &ECCPubKeyClass, sizeof(ECCPubKeyClass)},
{CKA_LABEL, &ECCPubLabel, sizeof(ECCPubLabel)},
{CKA_TOKEN, &isFalse, sizeof(isFalse)}
};
CK_ATTRIBUTE ECCPriKey[] = {
{CKA_CLASS, &ECCPriKeyClass, sizeof(ECCPriKeyClass)},
{CKA_LABEL, &ECCPriLabel, sizeof(ECCPriLabel)},
{CKA_TOKEN, &isFalse, sizeof(isFalse)}
};
CK_ATTRIBUTE CreateECCPriKey[] = {
{CKA_CLASS, NULL_PTR, 0},
{CKA_MODULUS_BITS, NULL_PTR, 0},
{CKA_VALUE, NULL_PTR, 0}
};
CK_MECHANISM ECCGenKey = {CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0};
CK_MECHANISM mECCEncrypt = {CKM_ECDSA_PKCS, NULL_PTR, 0};
CK_OBJECT_HANDLE hECCPubKey = 0;
CK_OBJECT_HANDLE hECCPriKey = 0;
CK_BYTE indata[160] = {0x00};
CK_BYTE outdata[300] = {0x00};
CK_BYTE temp[300] = {0x00};
CK_ULONG outlength = 0;
CK_ULONG templength = 0;
memset(indata, 0x31, 40);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
printf("ECC Inside Encrypt and Decrypt!\n");
rv = C_OpenSession(SlotId, CKF_SERIAL_SESSION|CKF_RW_SESSION, NULL_PTR, NULL, &hSession);
#ifdef DEVICE_KEY
C_Login(hSession, CKU_SO, "11111111", 8);
#endif
rv = C_GenerateKeyPair(hSession, &ECCGenKey, ECCPubKey, 3, ECCPriKey, 3, &hECCPubKey, &hECCPriKey);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 40, outdata, &outlength);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
if (memcmp(indata, temp, 40) == 0 && templength == 40)
{
printf("OK ECC IN!\n");
}
else
{
printf("ERROR ECC IN!\n");
}
printf("ECC Crossing Encrypt and Decrypt!\n");
memset(indata, 0x33, 110);
memset(outdata, 0x00, 300);
memset(temp, 0x00, 300);
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
if (rv == 0)
{
CreateECCPriKey[0].pValue = malloc(CreateECCPriKey[0].ulValueLen);
if (CreateECCPriKey[0].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
return -1;
}
CreateECCPriKey[1].pValue = malloc(CreateECCPriKey[1].ulValueLen);
if (CreateECCPriKey[1].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 1);
return -1;
}
CreateECCPriKey[2].pValue = malloc(CreateECCPriKey[2].ulValueLen);
if (CreateECCPriKey[2].pValue == NULL)
{
printf("ECCTest_out->malloc ERROR!\n");
FreeAttribute(CreateECCPriKey, 2);
return -1;
}
rv = C_GetAttributeValue(hSession, hECCPriKey, CreateECCPriKey, 3);
rv = C_CreateObject(hSession, CreateECCPriKey, 3, &hECCPriKey);
}
FreeAttribute(CreateECCPriKey, 3);
rv = C_EncryptInit(hSession, &mECCEncrypt, hECCPubKey);
rv = C_Encrypt(hSession, indata, 110, outdata, &outlength);
rv = C_DecryptInit(hSession, &mECCEncrypt, hECCPriKey);
rv = C_Decrypt(hSession, outdata, outlength, temp, &templength);
if (memcmp(indata, temp, 110) == 0 && templength == 110)
{
printf("OK ECC Crossing!\n");
}
else
{
printf("ERROR ECC Crossing!\n");
}
#ifdef DEVICE_KEY
C_Logout(hSession);
#endif
C_CloseSession(hSession);
return 0;
}
