void SymmetricAlgorithmTests::testAesWrapUnwrap()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
// CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
// CK_ULONG sopinLength = sizeof(sopin) - 1;
CK_SESSION_HANDLE hSession;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the session so we can create a private object
rv = C_Login(hSession,CKU_USER,pin,pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
// Generate a wrapping session public key
rv = generateAesKey(hSession,IN_SESSION,IS_PUBLIC,hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
aesWrapUnwrap(CKM_AES_KEY_WRAP, hSession, hKey);
#ifdef HAVE_AES_KEY_WRAP_PAD
aesWrapUnwrap(CKM_AES_KEY_WRAP_PAD, hSession, hKey);
#endif
}
void SymmetricAlgorithmTests::testAesEncryptDecrypt()
{
CK_RV rv;
CK_UTF8CHAR pin[] = SLOT_0_USER1_PIN;
CK_ULONG pinLength = sizeof(pin) - 1;
// CK_UTF8CHAR sopin[] = SLOT_0_SO1_PIN;
// CK_ULONG sopinLength = sizeof(sopin) - 1;
CK_SESSION_HANDLE hSessionRO;
CK_SESSION_HANDLE hSessionRW;
// Just make sure that we finalize any previous tests
C_Finalize(NULL_PTR);
// Open read-only session on when the token is not initialized should fail
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
// Initialize the library and start the test.
rv = C_Initialize(NULL_PTR);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-only session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO);
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = C_OpenSession(SLOT_INIT_TOKEN, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW);
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create a private objects
rv = C_Login(hSessionRO,CKU_USER,pin,pinLength);
CPPUNIT_ASSERT(rv==CKR_OK);
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
// Generate all combinations of session/token keys.
rv = generateAesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
CPPUNIT_ASSERT(rv == CKR_OK);
aesEncryptDecrypt(CKM_AES_ECB,hSessionRO,hKey);
aesEncryptDecrypt(CKM_AES_CBC,hSessionRO,hKey);
aesEncryptDecrypt(CKM_AES_CBC_PAD,hSessionRO,hKey);
}
void DeriveTests::testSymDerive()
{
CK_RV rv;
CK_SESSION_HANDLE hSessionRO;
CK_SESSION_HANDLE hSessionRW;
// Just make sure that we finalize any previous tests
CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
// Open read-only session on when the token is not initialized should fail
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
// Initialize the library and start the test.
rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-only session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Open read-write session
rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Login USER into the sessions so we can create private objects
rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
CPPUNIT_ASSERT(rv == CKR_OK);
// Generate base key
#ifndef WITH_FIPS
CK_OBJECT_HANDLE hKeyDes = CK_INVALID_HANDLE;
#endif
CK_OBJECT_HANDLE hKeyDes2 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hKeyDes3 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE hKeyAes = CK_INVALID_HANDLE;
#ifndef WITH_FIPS
rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes);
CPPUNIT_ASSERT(rv == CKR_OK);
#endif
rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes2);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyDes3);
CPPUNIT_ASSERT(rv == CKR_OK);
rv = generateAesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKeyAes);
CPPUNIT_ASSERT(rv == CKR_OK);
// Derive keys
CK_OBJECT_HANDLE hDerive = CK_INVALID_HANDLE;
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_ECB_ENCRYPT_DATA,CKK_AES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_ECB_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_ECB_ENCRYPT_DATA,CKK_AES);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes,hDerive,CKM_DES_CBC_ENCRYPT_DATA,CKK_AES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes2,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyDes3,hDerive,CKM_DES3_CBC_ENCRYPT_DATA,CKK_AES);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_GENERIC_SECRET);
#ifndef WITH_FIPS
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES);
#endif
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES2);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_DES3);
symDerive(hSessionRW,hKeyAes,hDerive,CKM_AES_CBC_ENCRYPT_DATA,CKK_AES);
}
