|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2006-2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <stdio.h>
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
#include <string.h>
|
|
Packit |
8681c6 |
#include <dlfcn.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include "pkcs11types.h"
|
|
Packit |
8681c6 |
#include "regress.h"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_FUNCTION_LIST *funcs;
|
|
Packit Service |
8aa27d |
CK_FUNCTION_LIST_3_0 *funcs3;
|
|
Packit Service |
8aa27d |
CK_INTERFACE *ifs;
|
|
Packit |
8681c6 |
CK_SLOT_ID SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BBOOL skip_token_obj;
|
|
Packit |
8681c6 |
CK_BBOOL no_stop;
|
|
Packit |
8681c6 |
CK_BBOOL no_init;
|
|
Packit |
8681c6 |
CK_BBOOL securekey;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ULONG t_total = 0; // total test assertions
|
|
Packit |
8681c6 |
CK_ULONG t_ran = 0; // number of assertions ran
|
|
Packit |
8681c6 |
CK_ULONG t_passed = 0; // number of assertions passed
|
|
Packit |
8681c6 |
CK_ULONG t_failed = 0; // number of assertions failed
|
|
Packit |
8681c6 |
CK_ULONG t_skipped = 0; // number of assertions skipped
|
|
Packit |
8681c6 |
CK_ULONG t_errors = 0; // number of errors
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define MAX_MODEL 4
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#define DES_KEY_SIZE 8
|
|
Packit |
8681c6 |
#define DES3_KEY_SIZE 24
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static void *pkcs11lib = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
static void unload_pkcslib(void)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
if (pkcs11lib != NULL) {
|
|
Packit |
8681c6 |
dlclose(pkcs11lib);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
static void free_ifs(void)
|
|
Packit Service |
8aa27d |
{
|
|
Packit Service |
8aa27d |
free(ifs);
|
|
Packit Service |
8aa27d |
ifs = NULL;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
|
|
Packit |
8681c6 |
int mech_supported(CK_SLOT_ID slot_id, CK_ULONG mechanism)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
int rc;
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mechanism, &mech_info);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return (rc == CKR_OK);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int mech_supported_flags(CK_SLOT_ID slot_id, CK_ULONG mechanism, CK_FLAGS flags)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
int rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mechanism, &mech_info);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (mech_info.flags & flags)
|
|
Packit |
8681c6 |
return TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* Check if the specified key size is in the supported range of the mechanism.
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* ATTENTION: It is mechanism dependent if the key size is in bits or bytes.
|
|
Packit |
8681c6 |
* The caller of this function must take care that the keylen parameter is
|
|
Packit |
8681c6 |
* specified in the appropriate unit.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
int check_supp_keysize(CK_SLOT_ID slot_id, CK_ULONG mechanism, CK_ULONG keylen)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
int rc;
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mechanism, &mech_info);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return ((mech_info.ulMinKeySize <= keylen)
|
|
Packit |
8681c6 |
&& (keylen <= mech_info.ulMaxKeySize));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if and only if slot supports
|
|
Packit |
8681c6 |
key wrapping with specified mechanism **/
|
|
Packit |
8681c6 |
int wrap_supported(CK_SLOT_ID slot_id, CK_MECHANISM mech)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
// get mech info
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GetMechanismInfo(), rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
rc = mech_info.flags & CKF_WRAP;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if and only if slot supports
|
|
Packit |
8681c6 |
key unwrapping with specified mechanism **/
|
|
Packit |
8681c6 |
int unwrap_supported(CK_SLOT_ID slot_id, CK_MECHANISM mech)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
// get mech info
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GetMechanismInfo(), rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
rc = mech_info.flags & CKF_UNWRAP;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an AES key handle with given value **/
|
|
Packit |
8681c6 |
int create_AESKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
unsigned char key[], unsigned char key_len,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * h_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_BBOOL false = FALSE;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_AES;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE keyTemplate[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &keyClass, sizeof(keyClass)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &false, sizeof(false)},
|
|
Packit |
8681c6 |
{CKA_VALUE, key, key_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, keyTemplate, 5, h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Generate an AES key handle **/
|
|
Packit |
8681c6 |
int generate_AESKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_ULONG key_len,
|
|
Packit |
8681c6 |
CK_MECHANISM * mechkey, CK_OBJECT_HANDLE * h_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_ATTRIBUTE key_gen_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_VALUE_LEN, &key_len, sizeof(CK_ULONG)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV rc = funcs->C_GenerateKey(session,
|
|
Packit |
8681c6 |
mechkey,
|
|
Packit |
8681c6 |
key_gen_tmpl,
|
|
Packit |
8681c6 |
1,
|
|
Packit |
8681c6 |
h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create a DES key handle with given value **/
|
|
Packit |
8681c6 |
int create_DESKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
unsigned char key[], unsigned char klen,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * h_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_DES;
|
|
Packit |
8681c6 |
CK_BYTE value[DES_KEY_SIZE];
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_BBOOL false = FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE keyTemplate[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &keyClass, sizeof(keyClass)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &false, sizeof(false)},
|
|
Packit |
8681c6 |
{CKA_VALUE, value, klen}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(value, 0, sizeof(value));
|
|
Packit |
8681c6 |
memcpy(value, key, klen);
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, keyTemplate, 5, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create DES2 key handle with given value **/
|
|
Packit |
8681c6 |
int create_DES2Key(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
unsigned char key[], unsigned char klen,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * h_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_DES2;
|
|
Packit |
8681c6 |
CK_BYTE value[2 * DES_KEY_SIZE];
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_BBOOL false = FALSE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE keyTemplate[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &keyClass, sizeof(keyClass)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &false, sizeof(false)},
|
|
Packit |
8681c6 |
{CKA_VALUE, value, klen}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(value, 0, sizeof(value));
|
|
Packit |
8681c6 |
memcpy(value, key, klen);
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, keyTemplate, 5, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create DES3 key handle with given value **/
|
|
Packit |
8681c6 |
int create_DES3Key(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
unsigned char key[], unsigned char klen,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * h_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_DES3;
|
|
Packit |
8681c6 |
CK_BYTE value[DES3_KEY_SIZE];
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_BBOOL false = FALSE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE keyTemplate[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &keyClass, sizeof(keyClass)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &false, sizeof(false)},
|
|
Packit |
8681c6 |
{CKA_VALUE, value, klen}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(value, 0, sizeof(value));
|
|
Packit |
8681c6 |
memcpy(value, key, klen);
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, keyTemplate, 5, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create Generic Secret key handle with given value **/
|
|
Packit |
8681c6 |
int create_GenericSecretKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE key[],
|
|
Packit |
8681c6 |
CK_ULONG key_len, CK_OBJECT_HANDLE * h_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE key_type = CKK_GENERIC_SECRET;
|
|
Packit |
8681c6 |
CK_BBOOL false = FALSE;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE key_attribs[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &key_class, sizeof(key_class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &key_type, sizeof(key_type)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &false, sizeof(false)},
|
|
Packit |
8681c6 |
{CKA_VALUE, key, key_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, key_attribs, 4, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an RSA private key using ctr
|
|
Packit |
8681c6 |
(chinese remainder theorem) values **/
|
|
Packit |
8681c6 |
CK_RV create_RSAPrivateKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE modulus[],
|
|
Packit |
8681c6 |
CK_BYTE publicExponent[],
|
|
Packit |
8681c6 |
CK_BYTE privateExponent[],
|
|
Packit |
8681c6 |
CK_BYTE prime1[],
|
|
Packit |
8681c6 |
CK_BYTE prime2[],
|
|
Packit |
8681c6 |
CK_BYTE exponent1[],
|
|
Packit |
8681c6 |
CK_BYTE exponent2[],
|
|
Packit |
8681c6 |
CK_BYTE coefficient[],
|
|
Packit |
8681c6 |
CK_ULONG modulus_len,
|
|
Packit |
8681c6 |
CK_ULONG publicExponent_len,
|
|
Packit |
8681c6 |
CK_ULONG privateExponent_len,
|
|
Packit |
8681c6 |
CK_ULONG prime1_len,
|
|
Packit |
8681c6 |
CK_ULONG prime2_len,
|
|
Packit |
8681c6 |
CK_ULONG exponent1_len,
|
|
Packit |
8681c6 |
CK_ULONG exponent2_len,
|
|
Packit |
8681c6 |
CK_ULONG coefficient_len,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * priv_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_RSA;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An RSA private key object";
|
|
Packit |
8681c6 |
CK_BYTE subject[] = {0};
|
|
Packit |
8681c6 |
CK_BYTE id[] = { 123 };
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label) - 1},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, subject, 0},
|
|
Packit |
8681c6 |
{CKA_ID, id, sizeof(id)},
|
|
Packit |
8681c6 |
{CKA_SENSITIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DECRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_SIGN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_MODULUS, modulus, modulus_len},
|
|
Packit |
8681c6 |
{CKA_PUBLIC_EXPONENT, publicExponent, publicExponent_len},
|
|
Packit |
8681c6 |
{CKA_PRIVATE_EXPONENT, privateExponent, privateExponent_len},
|
|
Packit |
8681c6 |
{CKA_PRIME_1, prime1, prime1_len},
|
|
Packit |
8681c6 |
{CKA_PRIME_2, prime2, prime2_len},
|
|
Packit |
8681c6 |
{CKA_EXPONENT_1, exponent1, exponent1_len},
|
|
Packit |
8681c6 |
{CKA_EXPONENT_2, exponent2, exponent2_len},
|
|
Packit |
8681c6 |
{CKA_COEFFICIENT, coefficient, coefficient_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template, 17, priv_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an RSA public key **/
|
|
Packit |
8681c6 |
CK_RV create_RSAPublicKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE modulus[],
|
|
Packit |
8681c6 |
CK_BYTE publicExponent[],
|
|
Packit |
8681c6 |
CK_ULONG modulus_len,
|
|
Packit |
8681c6 |
CK_ULONG publicExponent_len,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * publ_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_RSA;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An RSA public key object";
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label) - 1},
|
|
Packit |
8681c6 |
{CKA_WRAP, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_MODULUS, modulus, modulus_len},
|
|
Packit |
8681c6 |
{CKA_PUBLIC_EXPONENT, publicExponent, publicExponent_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template, 8, publ_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Generate an RSA (PKCS) key pair **/
|
|
Packit |
8681c6 |
CK_RV generate_RSA_PKCS_KeyPair(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_ULONG modulusBits,
|
|
Packit |
8681c6 |
CK_BYTE publicExponent[],
|
|
Packit |
8681c6 |
CK_ULONG publicExponent_len,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * publ_key,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * priv_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_MECHANISM mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL, 0 };
|
|
Packit |
8681c6 |
CK_BYTE subject[] = {0};
|
|
Packit |
8681c6 |
CK_BYTE id[] = { 123 };
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE publicKeyTemplate[] = {
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_VERIFY, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_WRAP, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)},
|
|
Packit |
8681c6 |
{CKA_PUBLIC_EXPONENT, publicExponent, publicExponent_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE privateKeyTemplate[] = {
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_PRIVATE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, subject, 0},
|
|
Packit |
8681c6 |
{CKA_ID, id, sizeof(id)},
|
|
Packit |
8681c6 |
{CKA_SENSITIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DECRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_SIGN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_UNWRAP, &true, sizeof(true)},
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// generate keys
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKeyPair(session,
|
|
Packit |
8681c6 |
&mech,
|
|
Packit |
8681c6 |
publicKeyTemplate,
|
|
Packit |
8681c6 |
5, privateKeyTemplate, 8, publ_key, priv_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
// no error checking due to
|
|
Packit |
8681c6 |
// ICA Token + public exponent values + CKR_TEMPLATE_INCONSISTENT
|
|
Packit |
8681c6 |
// work around
|
|
Packit |
8681c6 |
// see rsa_func.c
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
/** Generate an EC key pair **/
|
|
Packit Service |
8aa27d |
CK_RV generate_EC_KeyPair(CK_SESSION_HANDLE session,
|
|
Packit Service |
8aa27d |
CK_BYTE* ec_params, CK_ULONG ec_params_len,
|
|
Packit Service |
8aa27d |
CK_OBJECT_HANDLE * publ_key,
|
|
Packit Service |
8aa27d |
CK_OBJECT_HANDLE * priv_key)
|
|
Packit Service |
8aa27d |
{
|
|
Packit Service |
8aa27d |
CK_RV rc;
|
|
Packit Service |
8aa27d |
CK_MECHANISM mech = { CKM_EC_KEY_PAIR_GEN, NULL, 0 };
|
|
Packit Service |
8aa27d |
CK_BYTE subject[] = {0};
|
|
Packit Service |
8aa27d |
CK_BYTE id[] = { 123 };
|
|
Packit Service |
8aa27d |
CK_BBOOL true = TRUE;
|
|
Packit Service |
8aa27d |
CK_ATTRIBUTE publicKeyTemplate[] = {
|
|
Packit Service |
8aa27d |
{CKA_VERIFY, &true, sizeof(true)},
|
|
Packit Service |
8aa27d |
{CKA_EC_PARAMS, ec_params, ec_params_len},
|
|
Packit Service |
8aa27d |
};
|
|
Packit Service |
8aa27d |
CK_ATTRIBUTE privateKeyTemplate[] = {
|
|
Packit Service |
8aa27d |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit Service |
8aa27d |
{CKA_PRIVATE, &true, sizeof(true)},
|
|
Packit Service |
8aa27d |
{CKA_SUBJECT, subject, 0},
|
|
Packit Service |
8aa27d |
{CKA_ID, id, sizeof(id)},
|
|
Packit Service |
8aa27d |
{CKA_SENSITIVE, &true, sizeof(true)},
|
|
Packit Service |
8aa27d |
{CKA_SIGN, &true, sizeof(true)},
|
|
Packit Service |
8aa27d |
{CKA_DERIVE, &true, sizeof(true)},
|
|
Packit Service |
8aa27d |
};
|
|
Packit Service |
8aa27d |
CK_ULONG num_publ_attrs = sizeof(publicKeyTemplate)/sizeof(CK_ATTRIBUTE);
|
|
Packit Service |
8aa27d |
CK_ULONG num_priv_attrs = sizeof(privateKeyTemplate)/sizeof(CK_ATTRIBUTE);
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
// generate keys
|
|
Packit Service |
8aa27d |
rc = funcs->C_GenerateKeyPair(session,
|
|
Packit Service |
8aa27d |
&mech,
|
|
Packit Service |
8aa27d |
publicKeyTemplate, num_publ_attrs,
|
|
Packit Service |
8aa27d |
privateKeyTemplate, num_priv_attrs,
|
|
Packit Service |
8aa27d |
publ_key, priv_key);
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
return rc;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
|
|
Packit |
8681c6 |
/** Create an EC private key using private value 'd'
|
|
Packit |
8681c6 |
and ec parameter values (alg id of curve) **/
|
|
Packit |
8681c6 |
CK_RV create_ECPrivateKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE params[],
|
|
Packit |
8681c6 |
CK_ULONG params_len,
|
|
Packit |
8681c6 |
CK_BYTE privatekey[],
|
|
Packit |
8681c6 |
CK_ULONG privatekey_len,
|
|
Packit |
8681c6 |
CK_BYTE pubkey[],
|
|
Packit |
8681c6 |
CK_ULONG pubkey_len, CK_OBJECT_HANDLE * priv_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_EC;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An EC private key object";
|
|
Packit |
8681c6 |
CK_BYTE subject[] = {0};
|
|
Packit |
8681c6 |
CK_BYTE id[] = { 123 };
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_PRIVATE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, subject, 0},
|
|
Packit |
8681c6 |
{CKA_ID, id, sizeof(id)},
|
|
Packit |
8681c6 |
{CKA_SENSITIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DECRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_SIGN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DERIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_EC_PARAMS, params, params_len},
|
|
Packit |
8681c6 |
{CKA_EC_POINT, pubkey, pubkey_len},
|
|
Packit |
8681c6 |
{CKA_VALUE, privatekey, privatekey_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
priv_key);
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an EC public key using ec params and point 'Q' **/
|
|
Packit |
8681c6 |
CK_RV create_ECPublicKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE params[],
|
|
Packit |
8681c6 |
CK_ULONG params_len,
|
|
Packit |
8681c6 |
CK_BYTE pointq[],
|
|
Packit |
8681c6 |
CK_ULONG pointq_len, CK_OBJECT_HANDLE * publ_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_EC;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An EC public key object";
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_VERIFY, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DERIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_EC_PARAMS, params, params_len},
|
|
Packit |
8681c6 |
{CKA_EC_POINT, pointq, pointq_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
publ_key);
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an IBM Dilithium private key using private values **/
|
|
Packit |
8681c6 |
CK_RV create_DilithiumPrivateKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE rho[], CK_ULONG rho_len,
|
|
Packit |
8681c6 |
CK_BYTE seed[], CK_ULONG seed_len,
|
|
Packit |
8681c6 |
CK_BYTE tr[], CK_ULONG tr_len,
|
|
Packit |
8681c6 |
CK_BYTE s1[], CK_ULONG s1_len,
|
|
Packit |
8681c6 |
CK_BYTE s2[], CK_ULONG s2_len,
|
|
Packit |
8681c6 |
CK_BYTE t0[], CK_ULONG t0_len,
|
|
Packit |
8681c6 |
CK_BYTE t1[], CK_ULONG t1_len,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * priv_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_IBM_PQC_DILITHIUM;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "A Dilithium private key object";
|
|
Packit |
8681c6 |
CK_BYTE subject[] = {0};
|
|
Packit |
8681c6 |
CK_BYTE id[] = { 123 };
|
|
Packit |
8681c6 |
CK_ULONG keyform = IBM_DILITHIUM_KEYFORM_ROUND2;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_PRIVATE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, subject, 0},
|
|
Packit |
8681c6 |
{CKA_ID, id, sizeof(id)},
|
|
Packit |
8681c6 |
{CKA_SENSITIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_SIGN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_RHO, rho, rho_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_SEED, seed, seed_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_TR, tr, tr_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_S1, s1, s1_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_S2, s2, s2_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_T0, t0, t0_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_T1, t1, t1_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_KEYFORM, &keyform, sizeof(keyform)},
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
priv_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an IBM Dilithium public key using (rho, t1) **/
|
|
Packit |
8681c6 |
CK_RV create_DilithiumPublicKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE rho[], CK_ULONG rho_len,
|
|
Packit |
8681c6 |
CK_BYTE t1[], CK_ULONG t1_len,
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE * publ_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_IBM_PQC_DILITHIUM;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "A Dilithium public key object";
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ULONG keyform = IBM_DILITHIUM_KEYFORM_ROUND2;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_VERIFY, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_RHO, rho, rho_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_T1, t1, t1_len},
|
|
Packit |
8681c6 |
{CKA_IBM_DILITHIUM_KEYFORM, &keyform, sizeof(keyform)},
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
publ_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an DSA public key using the prime 'p', subprime 'q', base 'g' and private value 'y' **/
|
|
Packit |
8681c6 |
CK_RV create_DSAPrivateKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE prime[],
|
|
Packit |
8681c6 |
CK_ULONG prime_len,
|
|
Packit |
8681c6 |
CK_BYTE subprime[],
|
|
Packit |
8681c6 |
CK_ULONG subprime_len,
|
|
Packit |
8681c6 |
CK_BYTE base[],
|
|
Packit |
8681c6 |
CK_ULONG base_len,
|
|
Packit |
8681c6 |
CK_BYTE privatekey[],
|
|
Packit |
8681c6 |
CK_ULONG privatekey_len, CK_OBJECT_HANDLE * priv_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_DSA;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An DSA private key object";
|
|
Packit |
8681c6 |
CK_BYTE subject[] = {0};
|
|
Packit |
8681c6 |
CK_BYTE id[] = { 123 };
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, subject, 0},
|
|
Packit |
8681c6 |
{CKA_ID, id, sizeof(id)},
|
|
Packit |
8681c6 |
{CKA_SENSITIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DECRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_SIGN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_PRIME, prime, prime_len},
|
|
Packit |
8681c6 |
{CKA_SUBPRIME, subprime, subprime_len},
|
|
Packit |
8681c6 |
{CKA_BASE, base, base_len},
|
|
Packit |
8681c6 |
{CKA_VALUE, privatekey, privatekey_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
priv_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an DSA public key using the prime 'p', subprime 'q', base 'g' and public value 'x' **/
|
|
Packit |
8681c6 |
CK_RV create_DSAPublicKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE prime[],
|
|
Packit |
8681c6 |
CK_ULONG prime_len,
|
|
Packit |
8681c6 |
CK_BYTE subprime[],
|
|
Packit |
8681c6 |
CK_ULONG subprime_len,
|
|
Packit |
8681c6 |
CK_BYTE base[],
|
|
Packit |
8681c6 |
CK_ULONG base_len,
|
|
Packit |
8681c6 |
CK_BYTE publickey[],
|
|
Packit |
8681c6 |
CK_ULONG publickey_len, CK_OBJECT_HANDLE * publ_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_DSA;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An DSA public key object";
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_VERIFY, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_PRIME, prime, prime_len},
|
|
Packit |
8681c6 |
{CKA_SUBPRIME, subprime, subprime_len},
|
|
Packit |
8681c6 |
{CKA_BASE, base, base_len},
|
|
Packit |
8681c6 |
{CKA_VALUE, publickey, publickey_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
publ_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Create an DH public key using the prime 'p', base 'g' and private value 'y' **/
|
|
Packit |
8681c6 |
CK_RV create_DHPrivateKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE prime[],
|
|
Packit |
8681c6 |
CK_ULONG prime_len,
|
|
Packit |
8681c6 |
CK_BYTE base[],
|
|
Packit |
8681c6 |
CK_ULONG base_len,
|
|
Packit |
8681c6 |
CK_BYTE privatekey[],
|
|
Packit |
8681c6 |
CK_ULONG privatekey_len, CK_OBJECT_HANDLE * priv_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_DH;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An DH private key object";
|
|
Packit |
8681c6 |
CK_BYTE subject[] = {0};
|
|
Packit |
8681c6 |
CK_BYTE id[] = { 123 };
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_SUBJECT, subject, 0},
|
|
Packit |
8681c6 |
{CKA_ID, id, sizeof(id)},
|
|
Packit |
8681c6 |
{CKA_SENSITIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DECRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_SIGN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_DERIVE, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_PRIME, prime, prime_len},
|
|
Packit |
8681c6 |
{CKA_BASE, base, base_len},
|
|
Packit |
8681c6 |
{CKA_VALUE, privatekey, privatekey_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
priv_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Create an DH public key using the prime 'p', base 'g' and public value 'x' */
|
|
Packit |
8681c6 |
CK_RV create_DHPublicKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_BYTE prime[],
|
|
Packit |
8681c6 |
CK_ULONG prime_len,
|
|
Packit |
8681c6 |
CK_BYTE base[],
|
|
Packit |
8681c6 |
CK_ULONG base_len,
|
|
Packit |
8681c6 |
CK_BYTE publickey[],
|
|
Packit |
8681c6 |
CK_ULONG publickey_len, CK_OBJECT_HANDLE * publ_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keyType = CKK_DH;
|
|
Packit |
8681c6 |
CK_UTF8CHAR label[] = "An DH public key object";
|
|
Packit |
8681c6 |
CK_BBOOL true = TRUE;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_LABEL, label, sizeof(label)},
|
|
Packit |
8681c6 |
{CKA_ENCRYPT, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_VERIFY, &true, sizeof(true)},
|
|
Packit |
8681c6 |
{CKA_PRIME, prime, prime_len},
|
|
Packit |
8681c6 |
{CKA_BASE, base, base_len},
|
|
Packit |
8681c6 |
{CKA_VALUE, publickey, publickey_len}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// create key
|
|
Packit |
8681c6 |
rc = funcs->C_CreateObject(session, template,
|
|
Packit |
8681c6 |
sizeof(template) / sizeof(CK_ATTRIBUTE),
|
|
Packit |
8681c6 |
publ_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Generate a secret key */
|
|
Packit |
8681c6 |
CK_RV generate_SecretKey(CK_SESSION_HANDLE session,
|
|
Packit |
8681c6 |
CK_ULONG keylen,
|
|
Packit |
8681c6 |
CK_MECHANISM * mech, CK_OBJECT_HANDLE * secret_key)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS class = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE secret_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &class, sizeof(class)},
|
|
Packit |
8681c6 |
{CKA_VALUE_LEN, &keylen, sizeof(keylen)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKey(session, mech, secret_tmpl, 2, secret_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_fail("C_GenerateKey, rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int keysize_supported(CK_SLOT_ID slot_id, CK_ULONG mechanism, CK_ULONG size)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mechanism, &mech_info);
|
|
Packit |
8681c6 |
if (size < mech_info.ulMinKeySize || size > mech_info.ulMaxKeySize)
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return (rc == CKR_OK);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if pubexp is valid for EP11 Tokens **/
|
|
Packit |
8681c6 |
int is_valid_ep11_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_ULONG i;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* everything > 0x10 valid */
|
|
Packit |
8681c6 |
if (pubexp[0] > 0x10) {
|
|
Packit |
8681c6 |
return 1;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
for (i = 1; i < pubexp_len + 1; i++) {
|
|
Packit |
8681c6 |
if (pubexp[i] != 0)
|
|
Packit |
8681c6 |
return 1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if slot_id is an ICA Token **/
|
|
Packit |
8681c6 |
int is_ep11_token(CK_SLOT_ID slot_id)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO tokinfo;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetTokenInfo(slot_id, &tokinfo);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return strstr((const char *) tokinfo.model, "EP11") != NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if pubexp is valid for CCA Tokens **/
|
|
Packit |
8681c6 |
int is_valid_cca_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_BYTE exp3[] = { 0x03 }; // 3
|
|
Packit |
8681c6 |
CK_BYTE exp65537[] = { 0x01, 0x00, 0x01 }; // 65537
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return (pubexp_len == 1 && (!memcmp(pubexp, exp3, 1)))
|
|
Packit |
8681c6 |
|| (pubexp_len == 3 && (!memcmp(pubexp, exp65537, 3)));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if slot_id is an ICSF token
|
|
Packit |
8681c6 |
** ICSF token info is not necessarily hard-coded like the other tokens
|
|
Packit |
8681c6 |
** so there is no single identifying attribute. So, instead just
|
|
Packit |
8681c6 |
** use logical deduction....
|
|
Packit |
8681c6 |
**/
|
|
Packit |
8681c6 |
int is_icsf_token(CK_SLOT_ID slot_id)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO tokinfo;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetTokenInfo(slot_id, &tokinfo);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((strstr((const char *) tokinfo.model, "ICA") == NULL) &&
|
|
Packit |
8681c6 |
(strstr((const char *) tokinfo.model, "EP11") == NULL) &&
|
|
Packit |
8681c6 |
(strstr((const char *) tokinfo.model, "CCA") == NULL) &&
|
|
Packit Service |
8aa27d |
(strstr((const char *) tokinfo.model, "Soft") == NULL) &&
|
|
Packit Service |
8aa27d |
(strstr((const char *) tokinfo.model, "TPM") == NULL))
|
|
Packit |
8681c6 |
return TRUE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if pubexp is valid for ICSF token **/
|
|
Packit |
8681c6 |
int is_valid_icsf_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_BYTE exp65537[] = { 0x01, 0x00, 0x01 }; // 65537
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return (pubexp_len == 3 && (!memcmp(pubexp, exp65537, 3)));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if slot_id is an ICA Token **/
|
|
Packit |
8681c6 |
int is_ica_token(CK_SLOT_ID slot_id)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO tokinfo;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetTokenInfo(slot_id, &tokinfo);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return strstr((const char *) tokinfo.model, "ICA") != NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if slot_id is a CCA Token **/
|
|
Packit |
8681c6 |
int is_cca_token(CK_SLOT_ID slot_id)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO tokinfo;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetTokenInfo(slot_id, &tokinfo);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return strstr((const char *) tokinfo.model, "CCA") != NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
/** Returns true if slot_id is a Soft Token **/
|
|
Packit |
8681c6 |
int is_soft_token(CK_SLOT_ID slot_id)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO tokinfo;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetTokenInfo(slot_id, &tokinfo);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
return strstr((const char *) tokinfo.model, "Soft") != NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if slot_id is a TPM Token **/
|
|
Packit |
8681c6 |
int is_tpm_token(CK_SLOT_ID slot_id)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_TOKEN_INFO tokinfo;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetTokenInfo(slot_id, &tokinfo);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
return FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return strstr((const char *) tokinfo.model, "TPM") != NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** Returns true if pubexp is valid for CCA Tokens **/
|
|
Packit |
8681c6 |
int is_valid_tpm_pubexp(CK_BYTE pubexp[], CK_ULONG pubexp_len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_BYTE exp65537[] = { 0x01, 0x00, 0x01 }; // 65537
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return (pubexp_len == 3 && (!memcmp(pubexp, exp65537, 3)));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int is_valid_tpm_modbits(CK_ULONG modbits)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
switch (modbits) {
|
|
Packit |
8681c6 |
case 512:
|
|
Packit |
8681c6 |
case 1024:
|
|
Packit |
8681c6 |
case 2048:
|
|
Packit |
8681c6 |
return 1;
|
|
Packit |
8681c6 |
default:
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int get_so_pin(CK_BYTE * dest)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
char *val;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
val = getenv(PKCS11_SO_PIN_ENV_VAR);
|
|
Packit |
8681c6 |
if (val == NULL) {
|
|
Packit |
8681c6 |
fprintf(stderr, "The environment variable %s must be set "
|
|
Packit |
8681c6 |
"before this testcase is run.\n", PKCS11_SO_PIN_ENV_VAR);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((strlen(val) + 1) > PKCS11_MAX_PIN_LEN) {
|
|
Packit |
8681c6 |
fprintf(stderr, "The environment variable %s must hold a "
|
|
Packit |
8681c6 |
"value less than %d chars in length.\n",
|
|
Packit |
8681c6 |
PKCS11_SO_PIN_ENV_VAR, (int) PKCS11_MAX_PIN_LEN);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memcpy(dest, val, strlen(val) + 1);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int get_user_pin(CK_BYTE * dest)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
char *val;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
val = getenv(PKCS11_USER_PIN_ENV_VAR);
|
|
Packit |
8681c6 |
if (val == NULL) {
|
|
Packit |
8681c6 |
fprintf(stderr, "The environment variable %s must be set "
|
|
Packit |
8681c6 |
"before this testcase is run.\n", PKCS11_USER_PIN_ENV_VAR);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((strlen(val) + 1) > PKCS11_MAX_PIN_LEN) {
|
|
Packit |
8681c6 |
fprintf(stderr, "The environment variable %s must hold a "
|
|
Packit |
8681c6 |
"value less than %d chars in length.\n",
|
|
Packit |
8681c6 |
PKCS11_SO_PIN_ENV_VAR, (int) PKCS11_MAX_PIN_LEN);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memcpy(dest, val, strlen(val) + 1);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
void process_time(SYSTEMTIME t1, SYSTEMTIME t2)
|
|
Packit |
8681c6 |
{
|
|
Packit Service |
8aa27d |
long ms = (t2.tv_usec - t1.tv_usec) / 1000;
|
|
Packit Service |
8aa27d |
long s = t2.tv_sec - t1.tv_sec;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while (ms < 0) {
|
|
Packit |
8681c6 |
ms += 1000;
|
|
Packit |
8681c6 |
s--;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
ms += (s * 1000);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Time: %u msec\n", (unsigned int) ms);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
void print_hex(CK_BYTE * buf, CK_ULONG len)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_ULONG i, j;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
i = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while (i < len) {
|
|
Packit |
8681c6 |
for (j = 0; (j < 16) && (i < len); j++, i++)
|
|
Packit |
8681c6 |
fprintf(stderr, "%02x ", buf[i]);
|
|
Packit |
8681c6 |
fprintf(stderr, "\n");
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
fprintf(stderr, "\n");
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
void usage(char *fct)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
printf("usage: %s [-securekey] [-noskip] [-noinit] [-h] -slot <num>\n\n",
|
|
Packit |
8681c6 |
fct);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int do_ParseArgs(int argc, char **argv)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int i;
|
|
Packit |
8681c6 |
char *endp;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
skip_token_obj = TRUE;
|
|
Packit |
8681c6 |
no_stop = FALSE;
|
|
Packit |
8681c6 |
no_init = FALSE;
|
|
Packit |
8681c6 |
securekey = FALSE;
|
|
Packit |
8681c6 |
SLOT_ID = 1000;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 1; i < argc; i++) {
|
|
Packit |
8681c6 |
if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0) {
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-noskip") == 0) {
|
|
Packit |
8681c6 |
skip_token_obj = FALSE;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-slot") == 0) {
|
|
Packit |
8681c6 |
if (argc <= i + 1) {
|
|
Packit |
8681c6 |
printf("No slot number specified\n");
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
SLOT_ID = strtol(argv[i + 1], &endp, 10);
|
|
Packit |
8681c6 |
if (*endp != '\0') {
|
|
Packit |
8681c6 |
printf("Invalid slot number specified: %s\n", argv[i + 1]);
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
i++;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-securekey") == 0) {
|
|
Packit |
8681c6 |
securekey = TRUE;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-noinit") == 0) {
|
|
Packit |
8681c6 |
no_init = TRUE;
|
|
Packit |
8681c6 |
} else if (strcmp(argv[i], "-nostop") == 0) {
|
|
Packit |
8681c6 |
no_stop = TRUE;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
printf("Invalid argument passed as option: %s\n", argv[i]);
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// error if slot has not been identified.
|
|
Packit |
8681c6 |
if (SLOT_ID == 1000) {
|
|
Packit |
8681c6 |
printf("Please specify the slot to be tested.\n");
|
|
Packit |
8681c6 |
usage(argv[0]);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
//
|
|
Packit |
8681c6 |
//
|
|
Packit Service |
8aa27d |
CK_BBOOL do_GetFunctionList(void)
|
|
Packit |
8681c6 |
{
|
|
Packit Service |
8aa27d |
CK_INTERFACE *interface;
|
|
Packit Service |
8aa27d |
CK_VERSION version;
|
|
Packit Service |
8aa27d |
CK_FLAGS flags;
|
|
Packit Service |
8aa27d |
CK_BBOOL rv;
|
|
Packit |
8681c6 |
CK_RV rc;
|
|
Packit |
8681c6 |
CK_RV(*pfoo) ();
|
|
Packit |
8681c6 |
char *e;
|
|
Packit |
8681c6 |
char *f = "libopencryptoki.so";
|
|
Packit Service |
8aa27d |
CK_ULONG nmemb = 0;
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
rv = FALSE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
e = getenv("PKCSLIB");
|
|
Packit Service |
8aa27d |
if (e == NULL)
|
|
Packit |
8681c6 |
e = f;
|
|
Packit Service |
8aa27d |
|
|
Packit |
8681c6 |
pkcs11lib = dlopen(e, RTLD_NOW);
|
|
Packit Service |
8aa27d |
if (pkcs11lib == NULL)
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
*(void **)(&pfoo) = dlsym(pkcs11lib, "C_GetFunctionList");
|
|
Packit Service |
8aa27d |
if (pfoo == NULL)
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
rc = pfoo(&funcs);
|
|
Packit Service |
8aa27d |
if (rc != CKR_OK) {
|
|
Packit Service |
8aa27d |
testcase_error("C_GetFunctionList rc=%s", p11_get_ckr(rc));
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
*(void **)(&pfoo) = dlsym(pkcs11lib, "C_GetInterfaceList");
|
|
Packit |
8681c6 |
if (pfoo == NULL) {
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
rc = pfoo(NULL, &nmemb);
|
|
Packit Service |
8aa27d |
if (rc != CKR_OK) {
|
|
Packit Service |
8aa27d |
testcase_error("C_GetInterfaceList rc=%s", p11_get_ckr(rc));
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
ifs = calloc(nmemb, sizeof(*ifs));
|
|
Packit Service |
8aa27d |
if (ifs == NULL) {
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
rc = pfoo(ifs, &nmemb);
|
|
Packit Service |
8aa27d |
if (rc != CKR_OK) {
|
|
Packit Service |
8aa27d |
testcase_error("C_GetInterfaceList rc=%s", p11_get_ckr(rc));
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
*(void **)(&pfoo) = dlsym(pkcs11lib, "C_GetInterface");
|
|
Packit Service |
8aa27d |
if (pfoo == NULL) {
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
version.major = 0x03;
|
|
Packit Service |
8aa27d |
version.minor = 0x00;
|
|
Packit Service |
8aa27d |
flags = CKF_INTERFACE_FORK_SAFE;
|
|
Packit Service |
8aa27d |
rc = pfoo((CK_UTF8CHAR *)"PKCS 11", &version, &interface, flags);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit Service |
8aa27d |
testcase_error("C_GetInterface rc=%s", p11_get_ckr(rc));
|
|
Packit Service |
8aa27d |
goto ret;
|
|
Packit |
8681c6 |
}
|
|
Packit Service |
8aa27d |
funcs3 = interface->pFunctionList;
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
rv = TRUE;
|
|
Packit Service |
8aa27d |
ret:
|
|
Packit Service |
8aa27d |
if (rv == TRUE) {
|
|
Packit Service |
8aa27d |
atexit(free_ifs);
|
|
Packit Service |
8aa27d |
atexit(unload_pkcslib);
|
|
Packit Service |
8aa27d |
} else {
|
|
Packit Service |
8aa27d |
free(ifs);
|
|
Packit Service |
8aa27d |
ifs = NULL;
|
|
Packit Service |
8aa27d |
|
|
Packit Service |
8aa27d |
if (pkcs11lib != NULL) {
|
|
Packit Service |
8aa27d |
dlclose(pkcs11lib);
|
|
Packit Service |
8aa27d |
pkcs11lib = NULL;
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
}
|
|
Packit Service |
8aa27d |
return rv;
|
|
Packit |
8681c6 |
}
|