|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2006-2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <stdio.h>
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
#include <string.h>
|
|
Packit |
8681c6 |
#include <memory.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include "pkcs11types.h"
|
|
Packit |
8681c6 |
#include "regress.h"
|
|
Packit |
8681c6 |
#include "aes.h"
|
|
Packit |
8681c6 |
#include "common.c"
|
|
Packit |
8681c6 |
#include "mech_to_str.h"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ULONG key_lens[] = { 16, 24, 32 };
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* aes-ctr has 3encck+3decck+3encsk+3decsk+3keywrap+1RSA
|
|
Packit |
8681c6 |
* aes-ecb has 3encck+3decck+3encsk+3decsk+3keywrap+1RSA
|
|
Packit |
8681c6 |
* aec-cbc has 3encck+3decck+3encsk+3decsk+3keywrap+3encpad+3decpad+
|
|
Packit |
8681c6 |
* 3keywrappad+2RSA
|
|
Packit |
8681c6 |
* Note: securekey and clearkey both have 3enc and 3dec, so number
|
|
Packit |
8681c6 |
* of assertions is the same whether using clearkey or securekey.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int i;
|
|
Packit |
8681c6 |
CK_BYTE original[BIG_REQUEST];
|
|
Packit |
8681c6 |
CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG j;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_ULONG orig_len, crypt_len, decrypt_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mechkey, mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s Encryption/Decryption.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip tests if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(3,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** iterate over test key sizes **/
|
|
Packit |
8681c6 |
for (i = 0; i < 3; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s Encryption/Decryption with key len=%ld.",
|
|
Packit |
8681c6 |
tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate key **/
|
|
Packit |
8681c6 |
mechkey = aes_keygen;
|
|
Packit |
8681c6 |
rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clear buffers **/
|
|
Packit |
8681c6 |
memset(original, 0, sizeof(original));
|
|
Packit |
8681c6 |
memset(crypt, 0, sizeof(crypt));
|
|
Packit |
8681c6 |
memset(decrypt, 0, sizeof(decrypt));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate data **/
|
|
Packit |
8681c6 |
orig_len = sizeof(original);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (j = 0; j < orig_len; j++)
|
|
Packit |
8681c6 |
original[j] = j % 255;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set crypto mech **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** single encryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
crypt_len = sizeof(crypt);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Encrypt(session, original, orig_len, crypt, &crypt_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** single decryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
decrypt_len = sizeof(decrypt);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Decrypt(session, crypt, crypt_len, decrypt, &decrypt_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare actual results with expected results **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (decrypt_len != orig_len) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted data length does not "
|
|
Packit |
8681c6 |
"match original data length.\nexpected "
|
|
Packit |
8681c6 |
"length=%ld, but found length=%ld\n",
|
|
Packit |
8681c6 |
orig_len, decrypt_len);
|
|
Packit |
8681c6 |
} else if (memcmp(decrypt, original, orig_len)) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted data does not match " "original data");
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s Encryption/Decryption with "
|
|
Packit |
8681c6 |
"key length %ld passed.", tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clean up **/
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_user_logout();
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int i;
|
|
Packit |
8681c6 |
CK_BYTE original[BIG_REQUEST];
|
|
Packit |
8681c6 |
CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_ULONG j, k, tmp;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_ULONG orig_len, crypt_len, decrypt_len;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mechkey, mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** begin testsuite **/
|
|
Packit |
8681c6 |
testsuite_begin("%s Multipart Encryption/Decryption.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testcase_skip("Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** iterate over key sizes **/
|
|
Packit |
8681c6 |
for (i = 0; i < 3; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s Multipart Encryption/Decryption with "
|
|
Packit |
8681c6 |
"key len=%ld.", tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate key **/
|
|
Packit |
8681c6 |
mechkey = aes_keygen;
|
|
Packit |
8681c6 |
rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clear buffers **/
|
|
Packit |
8681c6 |
memset(original, 0, sizeof(original));
|
|
Packit |
8681c6 |
memset(crypt, 0, sizeof(crypt));
|
|
Packit |
8681c6 |
memset(decrypt, 0, sizeof(decrypt));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate data **/
|
|
Packit |
8681c6 |
orig_len = sizeof(original);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (j = 0; j < orig_len; j++)
|
|
Packit |
8681c6 |
original[j] = j % 255;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set crypto mech **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** multipart encryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Encrypt in place except for CBC_PAD, since it
|
|
Packit |
8681c6 |
* pads and pkcs padding can make it unclear about what is
|
|
Packit |
8681c6 |
* output at what stage. (See pkcs11v2.20 Section 11.2)
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if (mech.mechanism != CKM_AES_CBC_PAD) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memcpy(crypt, original, orig_len);
|
|
Packit |
8681c6 |
crypt_len = orig_len;
|
|
Packit |
8681c6 |
k = 0;
|
|
Packit |
8681c6 |
while (k < orig_len) {
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptUpdate(session,
|
|
Packit |
8681c6 |
&crypt[k],
|
|
Packit |
8681c6 |
AES_BLOCK_SIZE,
|
|
Packit |
8681c6 |
&crypt[k], &crypt_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
k += crypt_len; // encrypted amount
|
|
Packit |
8681c6 |
crypt_len = orig_len - k; // space in out buf
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
j = k = 0; // j indexes source buffer
|
|
Packit |
8681c6 |
// k indexes destination buffer
|
|
Packit |
8681c6 |
crypt_len = sizeof(crypt);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
while (j < orig_len) {
|
|
Packit |
8681c6 |
tmp = crypt_len - k; // room left
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptUpdate(session,
|
|
Packit |
8681c6 |
&original[j],
|
|
Packit |
8681c6 |
AES_BLOCK_SIZE, &crypt[k], &tmp);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
k += tmp;
|
|
Packit |
8681c6 |
j += AES_BLOCK_SIZE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
crypt_len = sizeof(crypt) - k;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptFinal(session, &crypt[k], &crypt_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptFinal rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
crypt_len += k;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** multipart decryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* decrypt in place. skip for AES_CBC_PAD since it
|
|
Packit |
8681c6 |
* pads and pkcs padding can make it unclear about what is
|
|
Packit |
8681c6 |
* output at what stage. (See pkcs11v2.20 Section 11.2)
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if (mech.mechanism != CKM_AES_CBC_PAD) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memcpy(decrypt, crypt, crypt_len);
|
|
Packit |
8681c6 |
k = 0;
|
|
Packit |
8681c6 |
decrypt_len = crypt_len;
|
|
Packit |
8681c6 |
while (k < crypt_len) {
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptUpdate(session,
|
|
Packit |
8681c6 |
&decrypt[k],
|
|
Packit |
8681c6 |
AES_BLOCK_SIZE,
|
|
Packit |
8681c6 |
&decrypt[k], &decrypt_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
k += decrypt_len; // decrypted amount
|
|
Packit |
8681c6 |
decrypt_len = crypt_len - k; // space in out buf
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
j = k = 0; // j indexes source buffer,
|
|
Packit |
8681c6 |
// k indexes destination buffer
|
|
Packit |
8681c6 |
decrypt_len = sizeof(decrypt);
|
|
Packit |
8681c6 |
while (j < crypt_len) {
|
|
Packit |
8681c6 |
tmp = decrypt_len - k; // room left in outbuf
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptUpdate(session,
|
|
Packit |
8681c6 |
&crypt[j],
|
|
Packit |
8681c6 |
AES_BLOCK_SIZE, &decrypt[k], &tmp);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
k += tmp;
|
|
Packit |
8681c6 |
j += AES_BLOCK_SIZE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
decrypt_len = sizeof(decrypt) - k;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptFinal(session, &decrypt[k], &decrypt_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptFinal rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
decrypt_len += k;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare actual results with expected results **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (decrypt_len != orig_len) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted multipart data length does not"
|
|
Packit |
8681c6 |
" match original data length.\nexpected "
|
|
Packit |
8681c6 |
"length=%ld, but found length=%ld\n",
|
|
Packit |
8681c6 |
orig_len, decrypt_len);
|
|
Packit |
8681c6 |
} else if (memcmp(decrypt, original, orig_len)) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted multipart data does not match"
|
|
Packit |
8681c6 |
" original data");
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s Multipart Encryption/Decryption with"
|
|
Packit |
8681c6 |
" key length %ld passed.", tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_user_logout();
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_EncryptAES(struct published_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_BYTE input[BIG_REQUEST]; // cleartext buffer
|
|
Packit |
8681c6 |
CK_BYTE output[BIG_REQUEST]; // encryption buffer
|
|
Packit |
8681c6 |
CK_BYTE expected[BIG_REQUEST]; // encrypted data
|
|
Packit |
8681c6 |
CK_ULONG input_len, output_len, expected_len;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
CK_GCM_PARAMS *gcm_param;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** begin testsuite **/
|
|
Packit |
8681c6 |
testsuite_begin("%s Encryption.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(tsuite->tvcount,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < tsuite->tvcount; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s Encryption with published test vector %d.",
|
|
Packit |
8681c6 |
tsuite->name, i);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** create key handle **/
|
|
Packit |
8681c6 |
rc = create_AESKey(session,
|
|
Packit |
8681c6 |
tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
if (mech.mechanism == CKM_AES_GCM) {
|
|
Packit |
8681c6 |
gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
|
|
Packit |
8681c6 |
gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
|
|
Packit |
8681c6 |
gcm_param->ulIvLen = tsuite->tv[i].ivlen;
|
|
Packit |
8681c6 |
gcm_param->pAAD = tsuite->tv[i].aad;
|
|
Packit |
8681c6 |
gcm_param->ulAADLen = tsuite->tv[i].aadlen;
|
|
Packit |
8681c6 |
gcm_param->ulTagBits = tsuite->tv[i].taglen;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clear buffers **/
|
|
Packit |
8681c6 |
memset(expected, 0, sizeof(expected));
|
|
Packit |
8681c6 |
memset(input, 0, sizeof(input));
|
|
Packit |
8681c6 |
memset(output, 0, sizeof(output));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get ciphertext (expected results) **/
|
|
Packit |
8681c6 |
expected_len = tsuite->tv[i].clen;
|
|
Packit |
8681c6 |
memcpy(expected, tsuite->tv[i].ciphertext, expected_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get plaintext **/
|
|
Packit |
8681c6 |
input_len = tsuite->tv[i].plen;
|
|
Packit |
8681c6 |
memcpy(input, tsuite->tv[i].plaintext, input_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** single (in-place) encryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Encrypt(session, input, input_len, NULL, &output_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Encrypt(session, input, input_len, output, &output_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare actual results with expected results. **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (output_len != expected_len) {
|
|
Packit |
8681c6 |
testcase_fail("encrypted data length does not match "
|
|
Packit |
8681c6 |
"test vector's encrypted data length.\n\n"
|
|
Packit |
8681c6 |
"expected length=%ld, but found length=%ld\n",
|
|
Packit |
8681c6 |
expected_len, output_len);
|
|
Packit |
8681c6 |
} else if (memcmp(output, expected, expected_len)) {
|
|
Packit |
8681c6 |
testcase_fail("encrypted data does not match test "
|
|
Packit |
8681c6 |
"vector's encrypted data");
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s Encryption with test vector %d "
|
|
Packit |
8681c6 |
"passed.", tsuite->name, i);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_user_logout();
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_EncryptUpdateAES(struct published_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_BYTE plaintext[BIG_REQUEST];
|
|
Packit |
8681c6 |
CK_BYTE expected[BIG_REQUEST]; // encrypted data
|
|
Packit |
8681c6 |
CK_BYTE crypt[BIG_REQUEST];
|
|
Packit |
8681c6 |
CK_ULONG expected_len, p_len, crypt_len, k;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
CK_GCM_PARAMS *gcm_param;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s Multipart Encryption.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(tsuite->tvcount,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < tsuite->tvcount; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s Multipart Encryption with published test "
|
|
Packit |
8681c6 |
"vector %d.", tsuite->name, i);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** create key handle **/
|
|
Packit |
8681c6 |
rc = create_AESKey(session,
|
|
Packit |
8681c6 |
tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
if (mech.mechanism == CKM_AES_GCM) {
|
|
Packit |
8681c6 |
gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
|
|
Packit |
8681c6 |
gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
|
|
Packit |
8681c6 |
gcm_param->ulIvLen = tsuite->tv[i].ivlen;
|
|
Packit |
8681c6 |
gcm_param->pAAD = tsuite->tv[i].aad;
|
|
Packit |
8681c6 |
gcm_param->ulAADLen = tsuite->tv[i].aadlen;
|
|
Packit |
8681c6 |
gcm_param->ulTagBits = tsuite->tv[i].taglen;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clear buffers **/
|
|
Packit |
8681c6 |
memset(expected, 0, sizeof(expected));
|
|
Packit |
8681c6 |
memset(plaintext, 0, sizeof(plaintext));
|
|
Packit |
8681c6 |
memset(crypt, 0, sizeof(crypt));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get ciphertext (expected results) **/
|
|
Packit |
8681c6 |
expected_len = tsuite->tv[i].clen;
|
|
Packit |
8681c6 |
memcpy(expected, tsuite->tv[i].ciphertext, expected_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get plaintext **/
|
|
Packit |
8681c6 |
p_len = tsuite->tv[i].plen;
|
|
Packit |
8681c6 |
memcpy(plaintext, tsuite->tv[i].plaintext, p_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** multipart encryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* for chunks, -1 is NULL, and 0 is empty string,
|
|
Packit |
8681c6 |
* and a value > 0 is amount of data from test vector's
|
|
Packit |
8681c6 |
* plaintext data. This way we test vary-sized chunks.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if (tsuite->tv[i].num_chunks_plain) {
|
|
Packit |
8681c6 |
int j;
|
|
Packit |
8681c6 |
CK_ULONG outlen, len;
|
|
Packit |
8681c6 |
CK_BYTE *data_chunk = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
k = 0;
|
|
Packit |
8681c6 |
crypt_len = 0;
|
|
Packit |
8681c6 |
outlen = sizeof(crypt);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (j = 0; j < tsuite->tv[i].num_chunks_plain; j++) {
|
|
Packit |
8681c6 |
if (tsuite->tv[i].chunks_plain[j] == -1) {
|
|
Packit |
8681c6 |
len = 0;
|
|
Packit |
8681c6 |
data_chunk = NULL;
|
|
Packit |
8681c6 |
} else if (tsuite->tv[i].chunks_plain[j] == 0) {
|
|
Packit |
8681c6 |
len = 0;
|
|
Packit |
8681c6 |
data_chunk = (CK_BYTE *) "";
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
len = tsuite->tv[i].chunks_plain[j];
|
|
Packit |
8681c6 |
data_chunk = plaintext + k;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptUpdate(session, data_chunk,
|
|
Packit |
8681c6 |
len, &crypt[crypt_len], &outlen);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
k += len;
|
|
Packit |
8681c6 |
crypt_len += outlen;
|
|
Packit |
8681c6 |
outlen = sizeof(crypt) - crypt_len;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
crypt_len = sizeof(crypt);
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptUpdate(session, plaintext, p_len,
|
|
Packit |
8681c6 |
crypt, &crypt_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
k = sizeof(crypt) - crypt_len;
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptFinal(session, &crypt[crypt_len], &k);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptFinal rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
crypt_len += k;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare encryption results with expected results. **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (crypt_len != expected_len) {
|
|
Packit |
8681c6 |
testcase_fail("encrypted multipart data length does "
|
|
Packit |
8681c6 |
"not match test vector's encrypted data length."
|
|
Packit |
8681c6 |
"\n\nexpected length=%ld, but found length=%ld"
|
|
Packit |
8681c6 |
"\n", expected_len, crypt_len);
|
|
Packit |
8681c6 |
} else if (memcmp(crypt, expected, expected_len)) {
|
|
Packit |
8681c6 |
testcase_fail("encrypted multipart data does not match"
|
|
Packit |
8681c6 |
" test vector's encrypted data.\n");
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s Multipart Encryption with test "
|
|
Packit |
8681c6 |
"vector %d passed.", tsuite->name, i);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_user_logout();
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_DecryptAES(struct published_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_BYTE input[BIG_REQUEST]; // encrypted buffer
|
|
Packit |
8681c6 |
CK_BYTE output[BIG_REQUEST]; // decryption buffer
|
|
Packit |
8681c6 |
CK_BYTE expected[BIG_REQUEST]; // decrypted data
|
|
Packit |
8681c6 |
CK_ULONG input_len, output_len, expected_len;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
CK_GCM_PARAMS *gcm_param;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s Decryption.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(tsuite->tvcount,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < tsuite->tvcount; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s Decryption with published test vector %d.",
|
|
Packit |
8681c6 |
tsuite->name, i);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** create key handle **/
|
|
Packit |
8681c6 |
rc = create_AESKey(session,
|
|
Packit |
8681c6 |
tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
if (mech.mechanism == CKM_AES_GCM) {
|
|
Packit |
8681c6 |
gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
|
|
Packit |
8681c6 |
gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
|
|
Packit |
8681c6 |
gcm_param->ulIvLen = tsuite->tv[i].ivlen;
|
|
Packit |
8681c6 |
gcm_param->pAAD = tsuite->tv[i].aad;
|
|
Packit |
8681c6 |
gcm_param->ulAADLen = tsuite->tv[i].aadlen;
|
|
Packit |
8681c6 |
gcm_param->ulTagBits = tsuite->tv[i].taglen;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clear buffers **/
|
|
Packit |
8681c6 |
memset(expected, 0, sizeof(expected));
|
|
Packit |
8681c6 |
memset(input, 0, sizeof(input));
|
|
Packit |
8681c6 |
memset(output, 0, sizeof(output));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get plaintext (expected results) **/
|
|
Packit |
8681c6 |
expected_len = tsuite->tv[i].plen;
|
|
Packit |
8681c6 |
memcpy(expected, tsuite->tv[i].plaintext, expected_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get ciphertext **/
|
|
Packit |
8681c6 |
input_len = tsuite->tv[i].clen;
|
|
Packit |
8681c6 |
memcpy(input, tsuite->tv[i].ciphertext, input_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** single (in-place) decryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Decrypt(session, input, input_len, NULL, &output_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_Decrypt(session, input, input_len, output, &output_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare actual results with expected results. **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (output_len != expected_len) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted data length does not match "
|
|
Packit |
8681c6 |
"test vector's decrypted data length.\n\n"
|
|
Packit |
8681c6 |
"expected length=%ld, but found length=%ld\n",
|
|
Packit |
8681c6 |
expected_len, output_len);
|
|
Packit |
8681c6 |
} else if (memcmp(output, expected, expected_len)) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted data does not match test "
|
|
Packit |
8681c6 |
"vector's decrypted data");
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s Decryption with test vector %d "
|
|
Packit |
8681c6 |
"passed.", tsuite->name, i);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clean up **/
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_user_logout();
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_DecryptUpdateAES(struct published_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_BYTE cipher[BIG_REQUEST];
|
|
Packit |
8681c6 |
CK_BYTE expected[BIG_REQUEST]; // decrypted data
|
|
Packit |
8681c6 |
CK_BYTE plaintext[BIG_REQUEST];
|
|
Packit |
8681c6 |
CK_ULONG cipher_len, expected_len, p_len, k;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
CK_GCM_PARAMS *gcm_param;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s Multipart Decryption.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip tests if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(tsuite->tvcount,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < tsuite->tvcount; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s Multipart Decryption with published test "
|
|
Packit |
8681c6 |
"vector %d.", tsuite->name, i);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** create key handle **/
|
|
Packit |
8681c6 |
rc = create_AESKey(session,
|
|
Packit |
8681c6 |
tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
if (mech.mechanism == CKM_AES_GCM) {
|
|
Packit |
8681c6 |
gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
|
|
Packit |
8681c6 |
gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
|
|
Packit |
8681c6 |
gcm_param->ulIvLen = tsuite->tv[i].ivlen;
|
|
Packit |
8681c6 |
gcm_param->pAAD = tsuite->tv[i].aad;
|
|
Packit |
8681c6 |
gcm_param->ulAADLen = tsuite->tv[i].aadlen;
|
|
Packit |
8681c6 |
gcm_param->ulTagBits = tsuite->tv[i].taglen;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clear buffers **/
|
|
Packit |
8681c6 |
memset(expected, 0, sizeof(expected));
|
|
Packit |
8681c6 |
memset(cipher, 0, sizeof(cipher));
|
|
Packit |
8681c6 |
memset(plaintext, 0, sizeof(plaintext));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get plaintext (expected results) **/
|
|
Packit |
8681c6 |
expected_len = tsuite->tv[i].plen;
|
|
Packit |
8681c6 |
memcpy(expected, tsuite->tv[i].plaintext, expected_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
p_len = sizeof(plaintext);
|
|
Packit |
8681c6 |
cipher_len = tsuite->tv[i].clen;
|
|
Packit |
8681c6 |
memcpy(cipher, tsuite->tv[i].ciphertext, cipher_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** multipart (in-place) decryption **/
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* for chunks, -1 is NULL, and 0 is empty string,
|
|
Packit |
8681c6 |
* and a value > 0 is amount of data from test vector's
|
|
Packit |
8681c6 |
* plaintext data. This way we test vary-sized chunks.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
if (tsuite->tv[i].num_chunks_ciph) {
|
|
Packit |
8681c6 |
int j;
|
|
Packit |
8681c6 |
CK_ULONG outlen, len;
|
|
Packit |
8681c6 |
CK_BYTE *data_chunk = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
k = 0;
|
|
Packit |
8681c6 |
p_len = 0;
|
|
Packit |
8681c6 |
outlen = sizeof(plaintext);
|
|
Packit |
8681c6 |
for (j = 0; j < tsuite->tv[i].num_chunks_ciph; j++) {
|
|
Packit |
8681c6 |
if (tsuite->tv[i].chunks_ciph[j] == -1) {
|
|
Packit |
8681c6 |
len = 0;
|
|
Packit |
8681c6 |
data_chunk = NULL;
|
|
Packit |
8681c6 |
} else if (tsuite->tv[i].chunks_ciph[j] == 0) {
|
|
Packit |
8681c6 |
len = 0;
|
|
Packit |
8681c6 |
data_chunk = (CK_BYTE *) "";
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
len = tsuite->tv[i].chunks_ciph[j];
|
|
Packit |
8681c6 |
data_chunk = cipher + k;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptUpdate(session, data_chunk,
|
|
Packit |
8681c6 |
len, &plaintext[p_len], &outlen);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
k += len;
|
|
Packit |
8681c6 |
p_len += outlen;
|
|
Packit |
8681c6 |
outlen = sizeof(plaintext) - p_len;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
p_len = sizeof(plaintext);
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptUpdate(session, cipher, cipher_len,
|
|
Packit |
8681c6 |
plaintext, &p_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
k = sizeof(plaintext) - p_len;
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptFinal(session, &plaintext[p_len], &k);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptFinal rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
p_len += k; /* add possible last part to overall length */
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare decryption results with expected results. **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (p_len != expected_len) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted multipart data length does "
|
|
Packit |
8681c6 |
"not match test vector's decrypted data "
|
|
Packit |
8681c6 |
"length.\n\nexpected length=%ld, but found "
|
|
Packit |
8681c6 |
"length=%ld\n", expected_len, p_len);
|
|
Packit |
8681c6 |
} else if (memcmp(plaintext, expected, expected_len)) {
|
|
Packit |
8681c6 |
testcase_fail("decrypted multipart data does not match"
|
|
Packit |
8681c6 |
" test vector's decrypted data.\n");
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s Multipart Decryption with test "
|
|
Packit |
8681c6 |
"vector %d passed.", tsuite->name, i);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_user_logout();
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_WrapUnwrapAES(struct generated_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i, j;
|
|
Packit |
8681c6 |
CK_BYTE original[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE_PTR wrapped_data = NULL;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mechkey, mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE w_key = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE uw_key = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
CK_ULONG wrapped_data_len = 0;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_ULONG orig_len, crypt_len, decrypt_len;
|
|
Packit |
8681c6 |
CK_ULONG tmpl_count = 2; /* Use only the first 2 attrs, except for CCA */
|
|
Packit |
8681c6 |
CK_ULONG key_size;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE key_type = CKK_AES;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE template[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &key_class, sizeof(key_class)},
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &key_type, sizeof(key_type)},
|
|
Packit |
8681c6 |
{CKA_VALUE_LEN, &key_size, sizeof(key_size)} /* For CCA only */
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s Wrap/Unwrap.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(3,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (!wrap_supported(slot_id, tsuite->mech)) {
|
|
Packit |
8681c6 |
testsuite_skip(3, "Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* key sizes must be a multiple of AES block size in order to be passed
|
|
Packit |
8681c6 |
in as data. Recall AES expects data in multiple of AES block size.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
for (i = 0; i < 3; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (key_lens[i] % AES_BLOCK_SIZE != 0)
|
|
Packit |
8681c6 |
continue;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s Wrap/Unwrap key test with keylength=%ld.",
|
|
Packit |
8681c6 |
tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set mechanisms **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
mechkey = aes_keygen;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set key_size **/
|
|
Packit |
8681c6 |
key_size = key_lens[i];
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** clear buffers **/
|
|
Packit |
8681c6 |
memset(original, 0, sizeof(original));
|
|
Packit |
8681c6 |
memset(crypt, 0, sizeof(crypt));
|
|
Packit |
8681c6 |
memset(decrypt, 0, sizeof(decrypt));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate crypto key **/
|
|
Packit |
8681c6 |
rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate wrapping key **/
|
|
Packit |
8681c6 |
rc = generate_AESKey(session, key_lens[i], &mechkey, &w_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate data **/
|
|
Packit |
8681c6 |
orig_len = BIG_REQUEST;
|
|
Packit |
8681c6 |
crypt_len = BIG_REQUEST + AES_BLOCK_SIZE;
|
|
Packit |
8681c6 |
decrypt_len = BIG_REQUEST + AES_BLOCK_SIZE;
|
|
Packit |
8681c6 |
for (j = 0; j < orig_len; j++) {
|
|
Packit |
8681c6 |
original[j] = j % 255;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** initiate the encrypt **/
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** continue with encrypt **/
|
|
Packit |
8681c6 |
rc = funcs->C_Encrypt(session, original, orig_len, crypt, &crypt_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** wrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session,
|
|
Packit |
8681c6 |
&mech, w_key, h_key, NULL, &wrapped_data_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
wrapped_data = malloc(wrapped_data_len);
|
|
Packit |
8681c6 |
if (wrapped_data == NULL) {
|
|
Packit |
8681c6 |
testcase_error("malloc failed");
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
memset(wrapped_data, 0, wrapped_data_len);
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session, &mech, w_key, h_key, wrapped_data,
|
|
Packit |
8681c6 |
&wrapped_data_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (is_cca_token(slot_id)) {
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* CCA requires the CKA_VALUE_LEN attribute in the unwrap template,
|
|
Packit |
8681c6 |
* although the PKCS#11 standard states that it can not be specified
|
|
Packit |
8681c6 |
* for unwrap.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
tmpl_count = 3;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** unwrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_UnwrapKey(session,
|
|
Packit |
8681c6 |
&mech,
|
|
Packit |
8681c6 |
w_key,
|
|
Packit |
8681c6 |
wrapped_data,
|
|
Packit |
8681c6 |
wrapped_data_len,
|
|
Packit |
8681c6 |
template, tmpl_count, &uw_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_UnwrapKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (wrapped_data) {
|
|
Packit |
8681c6 |
free(wrapped_data);
|
|
Packit |
8681c6 |
wrapped_data = NULL;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** initiate decryption (with unwrapped key) **/
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptInit(session, &mech, uw_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** do decryption (with the unwrapped key) **/
|
|
Packit |
8681c6 |
rc = funcs->C_Decrypt(session, crypt, crypt_len, decrypt, &decrypt_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare actual results with expected results **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (decrypt_len != orig_len) {
|
|
Packit |
8681c6 |
testcase_fail("Decrypted length doesn't match the "
|
|
Packit |
8681c6 |
"original plaintext length.");
|
|
Packit |
8681c6 |
rc = CKR_GENERAL_ERROR;
|
|
Packit |
8681c6 |
} else if (memcmp(decrypt, original, orig_len)) {
|
|
Packit |
8681c6 |
testcase_fail("Decrypted data does not match original "
|
|
Packit |
8681c6 |
"plaintext data.");
|
|
Packit |
8681c6 |
rc = CKR_GENERAL_ERROR;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s Wrap/UnWrap test with key length "
|
|
Packit |
8681c6 |
"%u passed.", tsuite->name,
|
|
Packit |
8681c6 |
(unsigned int) key_lens[i]);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
/** clean up **/
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
h_key = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, w_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
w_key = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, uw_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
uw_key = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
if (wrapped_data)
|
|
Packit |
8681c6 |
free(wrapped_data);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (h_key != CK_INVALID_HANDLE) {
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (w_key != CK_INVALID_HANDLE) {
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, w_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (uw_key != CK_INVALID_HANDLE) {
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, uw_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
rc = funcs->C_CloseAllSessions(slot_id);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_BYTE original[BIG_REQUEST];
|
|
Packit |
8681c6 |
CK_BYTE decipher[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE cipher[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 };
|
|
Packit |
8681c6 |
CK_MECHANISM mech, mech2;
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE publ_key, priv_key, w_key, uw_key;
|
|
Packit |
8681c6 |
CK_ULONG orig_len, cipher_len, decipher_len;
|
|
Packit |
8681c6 |
CK_ULONG bits = 1024;
|
|
Packit |
8681c6 |
CK_ULONG wrapped_data_len;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_ULONG key_size;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keytype = CKK_RSA;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE pub_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_MODULUS_BITS, &bits, sizeof(bits)}
|
|
Packit |
8681c6 |
,
|
|
Packit |
8681c6 |
{CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE uw_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &keyclass, sizeof(keyclass)}
|
|
Packit |
8681c6 |
,
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keytype, sizeof(keytype)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE key_gen_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s wrap/unwrap of RSA key.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip AES_EBC/AES_CBC (only supported for symmetric keys) **/
|
|
Packit |
8681c6 |
if ((tsuite->mech.mechanism == CKM_AES_ECB) ||
|
|
Packit |
8681c6 |
(tsuite->mech.mechanism == CKM_AES_CBC)) {
|
|
Packit |
8681c6 |
testcase_skip
|
|
Packit |
8681c6 |
("Mechanism %s (%u) not supported to wrap/unwrap asymmetric Keys",
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(3,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, CKM_RSA_PKCS)) {
|
|
Packit |
8681c6 |
testsuite_skip(3,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(CKM_RSA_PKCS),
|
|
Packit |
8681c6 |
(unsigned int) CKM_RSA_PKCS);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < 3; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s wrap/unwrap of RSA key for key length=%ld.",
|
|
Packit |
8681c6 |
tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
key_size = key_lens[i];
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** first mechanism generate AES wrapping key **/
|
|
Packit |
8681c6 |
mech.mechanism = CKM_AES_KEY_GEN;
|
|
Packit |
8681c6 |
mech.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** mechanism to generate an RSA key pair to be wrapped **/
|
|
Packit |
8681c6 |
mech2.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
|
|
Packit |
8681c6 |
mech2.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech2.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate an RSA key pair. **/
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKeyPair(session,
|
|
Packit |
8681c6 |
&mech2,
|
|
Packit |
8681c6 |
pub_tmpl,
|
|
Packit |
8681c6 |
2, NULL, 0, &publ_key, &priv_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKeyPair rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate the wrapping key **/
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set the mech for AES crypto **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** wrap the key **/
|
|
Packit |
8681c6 |
wrapped_data_len = sizeof(wrapped_data);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech info **/
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GetMechanismInfo rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** key is wrappable **/
|
|
Packit |
8681c6 |
if (mech_info.flags & CKF_WRAP) {
|
|
Packit |
8681c6 |
/** wrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session,
|
|
Packit |
8681c6 |
&mech,
|
|
Packit |
8681c6 |
w_key,
|
|
Packit |
8681c6 |
priv_key, wrapped_data, &wrapped_data_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** unwrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_UnwrapKey(session,
|
|
Packit |
8681c6 |
&mech,
|
|
Packit |
8681c6 |
w_key,
|
|
Packit |
8681c6 |
wrapped_data,
|
|
Packit |
8681c6 |
wrapped_data_len, uw_tmpl, 2, &uw_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_UnWrapKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate data **/
|
|
Packit |
8681c6 |
orig_len = 30;
|
|
Packit |
8681c6 |
for (i = 0; i < orig_len; i++)
|
|
Packit |
8681c6 |
original[i] = i % 255;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set mech2 for RSA crypto **/
|
|
Packit |
8681c6 |
mech2.mechanism = CKM_RSA_PKCS;
|
|
Packit |
8681c6 |
mech2.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech2.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** initialize RSA encryption (with public key) **/
|
|
Packit |
8681c6 |
rc = funcs->C_EncryptInit(session, &mech2, publ_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
cipher_len = sizeof(cipher); // set cipher buffer size
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** do RSA encryption (with public key) **/
|
|
Packit |
8681c6 |
rc = funcs->C_Encrypt(session,
|
|
Packit |
8681c6 |
original, orig_len, cipher, &cipher_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** initialize RSA decryption
|
|
Packit |
8681c6 |
(with unwrapped private key) **/
|
|
Packit |
8681c6 |
rc = funcs->C_DecryptInit(session, &mech2, uw_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
decipher_len = sizeof(decipher);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** do RSA decryption (with unwrapped private key) **/
|
|
Packit |
8681c6 |
rc = funcs->C_Decrypt(session,
|
|
Packit |
8681c6 |
cipher, cipher_len, decipher, &decipher_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare actual results with expected results **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
if (orig_len != decipher_len) {
|
|
Packit |
8681c6 |
testcase_fail("lengths don't match: "
|
|
Packit |
8681c6 |
"%ld vs %ld\n", orig_len, decipher_len);
|
|
Packit |
8681c6 |
rc = CKR_GENERAL_ERROR;
|
|
Packit |
8681c6 |
} else if (memcmp(original, decipher, orig_len)) {
|
|
Packit |
8681c6 |
testcase_fail("deciphered data does not match"
|
|
Packit |
8681c6 |
" original data");
|
|
Packit |
8681c6 |
rc = CKR_GENERAL_ERROR;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s passed wrap/unwrap RSA key "
|
|
Packit |
8681c6 |
"test.", tsuite->name);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
} else { /** key is not wrappable **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** try to wrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session,
|
|
Packit |
8681c6 |
&mech,
|
|
Packit |
8681c6 |
w_key,
|
|
Packit |
8681c6 |
priv_key, wrapped_data, &wrapped_data_len);
|
|
Packit |
8681c6 |
if (rc != CKR_MECHANISM_INVALID && rc != CKR_KEY_NOT_WRAPPABLE) {
|
|
Packit |
8681c6 |
testcase_fail("Expected CKR_MECHANISM_INVALID or "
|
|
Packit |
8681c6 |
"CKR_KEY_NOT_WRAPPABLE, but got %s",
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s passed wrap/unwrap RSA key "
|
|
Packit |
8681c6 |
"test.", tsuite->name);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_close_session();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_WrapRSA_Err(struct generated_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE];
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 };
|
|
Packit |
8681c6 |
CK_MECHANISM mech, mech2;
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE publ_key, priv_key, w_key;
|
|
Packit |
8681c6 |
CK_ULONG bits = 1024;
|
|
Packit |
8681c6 |
CK_ULONG wrapped_data_len, user_pin_len, key_size;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE pub_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_MODULUS_BITS, &bits, sizeof(bits)}
|
|
Packit |
8681c6 |
,
|
|
Packit |
8681c6 |
{CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE key_gen_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s wrap/unwrap of RSA key.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(3, "Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < 3; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s wrap/unwrap of RSA key for key length=%ld.",
|
|
Packit |
8681c6 |
tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
key_size = key_lens[i];
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** first mechanism generate AES wrapping key **/
|
|
Packit |
8681c6 |
mech.mechanism = CKM_AES_KEY_GEN;
|
|
Packit |
8681c6 |
mech.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** mechanism to generate an RSA key pair to be wrapped **/
|
|
Packit |
8681c6 |
mech2.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
|
|
Packit |
8681c6 |
mech2.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech2.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate an RSA key pair. **/
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKeyPair(session, &mech2, pub_tmpl, 2, NULL,
|
|
Packit |
8681c6 |
0, &publ_key, &priv_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKeyPair rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate the wrapping key **/
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set the mech for AES crypto **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** wrap the key **/
|
|
Packit |
8681c6 |
wrapped_data_len = sizeof(wrapped_data);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech info **/
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GetMechanismInfo rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** key is wrappable **/
|
|
Packit |
8681c6 |
if (mech_info.flags & CKF_WRAP) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** wrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session, &mech, w_key, priv_key,
|
|
Packit |
8681c6 |
wrapped_data, &wrapped_data_len);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Expect dedicated error code here, since it's not allowed
|
|
Packit |
8681c6 |
* to unwrap non secret keys with AES_ECB/AES_CBC */
|
|
Packit |
8681c6 |
if (rc != CKR_KEY_NOT_WRAPPABLE) {
|
|
Packit |
8681c6 |
testcase_error("Expected C_WrapKey rc=%s, but returned rc=%s",
|
|
Packit |
8681c6 |
p11_get_ckr(CKR_KEY_NOT_WRAPPABLE),
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s passed wrap RSA key test.", tsuite->name);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
/** key is not wrappable **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** try to wrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session, &mech, w_key, priv_key,
|
|
Packit |
8681c6 |
wrapped_data, &wrapped_data_len);
|
|
Packit |
8681c6 |
if (rc != CKR_MECHANISM_INVALID && rc != CKR_KEY_NOT_WRAPPABLE)
|
|
Packit |
8681c6 |
testcase_fail("Expected CKR_MECHANISM_INVALID or "
|
|
Packit |
8681c6 |
"CKR_KEY_NOT_WRAPPABLE, but got %s",
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
else
|
|
Packit |
8681c6 |
testcase_pass("%s passed wrap/unwrap RSA key test.",
|
|
Packit |
8681c6 |
tsuite->name);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_close_session();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info * tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE] = {0};
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN] = {0};
|
|
Packit |
8681c6 |
CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 };
|
|
Packit |
8681c6 |
CK_MECHANISM mech, mech1, mech2;
|
|
Packit |
8681c6 |
CK_MECHANISM_INFO mech_info;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE publ_key = CK_INVALID_HANDLE,
|
|
Packit |
8681c6 |
priv_key = CK_INVALID_HANDLE, w_key = CK_INVALID_HANDLE,
|
|
Packit |
8681c6 |
uw_key = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
CK_ULONG bits = 1024;
|
|
Packit |
8681c6 |
CK_ULONG wrapped_data_len = 0, user_pin_len = 0, key_size = 0;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_FLAGS flags = 0;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
|
|
Packit |
8681c6 |
CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
|
|
Packit |
8681c6 |
CK_KEY_TYPE keytype = CKK_RSA;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&mech, 0, sizeof(mech));
|
|
Packit |
8681c6 |
memset(&mech1, 0, sizeof(mech1));
|
|
Packit |
8681c6 |
memset(&mech2, 0, sizeof(mech2));
|
|
Packit |
8681c6 |
memset(&mech_info, 0, sizeof(mech_info));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_ATTRIBUTE pub_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_MODULUS_BITS, &bits, sizeof(bits)}
|
|
Packit |
8681c6 |
,
|
|
Packit |
8681c6 |
{CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE uw_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_CLASS, &keyclass, sizeof(keyclass)}
|
|
Packit |
8681c6 |
,
|
|
Packit |
8681c6 |
{CKA_KEY_TYPE, &keytype, sizeof(keytype)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
CK_ATTRIBUTE key_gen_tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testsuite_begin("%s wrap/unwrap of RSA key.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip test if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(3,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < 3; i++) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_begin("%s wrap/unwrap of RSA key for key length=%ld.",
|
|
Packit |
8681c6 |
tsuite->name, key_lens[i]);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
key_size = key_lens[i];
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** first mechanism generate AES wrapping key **/
|
|
Packit |
8681c6 |
mech.mechanism = CKM_AES_KEY_GEN;
|
|
Packit |
8681c6 |
mech.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** mechanism to generate an RSA key pair to be wrapped **/
|
|
Packit |
8681c6 |
mech2.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
|
|
Packit |
8681c6 |
mech2.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech2.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate an RSA key pair. **/
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKeyPair(session, &mech2, pub_tmpl, 2, NULL,
|
|
Packit |
8681c6 |
0, &publ_key, &priv_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKeyPair rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** generate the wrapping key **/
|
|
Packit |
8681c6 |
rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** set the mech for AES crypto **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** wrap the key **/
|
|
Packit |
8681c6 |
wrapped_data_len = sizeof(wrapped_data);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech info **/
|
|
Packit |
8681c6 |
rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_GetMechanismInfo rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** key is wrappable **/
|
|
Packit |
8681c6 |
if (mech_info.flags & CKF_UNWRAP) {
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** mechanism for wrapping the key **/
|
|
Packit |
8681c6 |
mech1.mechanism = CKM_AES_CBC_PAD;
|
|
Packit |
8681c6 |
mech1.ulParameterLen = AES_IV_SIZE;
|
|
Packit |
8681c6 |
mech1.pParameter = &aes_iv;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** wrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session, &mech1, w_key, priv_key,
|
|
Packit |
8681c6 |
wrapped_data, &wrapped_data_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** unwrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_UnwrapKey(session, &mech, w_key, wrapped_data,
|
|
Packit |
8681c6 |
wrapped_data_len, uw_tmpl, 2, &uw_key);
|
|
Packit |
8681c6 |
/* Expect dedicated error code here, since it's not allowed
|
|
Packit |
8681c6 |
* to unwrap non secret keys with AES_ECB/AES_CBC */
|
|
Packit |
8681c6 |
if (rc != CKR_ARGUMENTS_BAD) {
|
|
Packit |
8681c6 |
testcase_error("Expected C_UnWrapKey rc=%s, but returned rc=%s",
|
|
Packit |
8681c6 |
p11_get_ckr(CKR_ARGUMENTS_BAD), p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
testcase_pass("%s passed unwrap RSA key test.", tsuite->name);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
/** key is not wrappable **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** try to wrap key **/
|
|
Packit |
8681c6 |
rc = funcs->C_WrapKey(session, &mech, w_key, priv_key,
|
|
Packit |
8681c6 |
wrapped_data, &wrapped_data_len);
|
|
Packit |
8681c6 |
if (rc != CKR_MECHANISM_INVALID && rc != CKR_KEY_NOT_WRAPPABLE) {
|
|
Packit |
8681c6 |
testcase_fail("Expected CKR_MECHANISM_INVALID or "
|
|
Packit |
8681c6 |
"CKR_KEY_NOT_WRAPPABLE, but got %s",
|
|
Packit |
8681c6 |
p11_get_ckr(rc));
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_pass("%s passed unwrap RSA key test.", tsuite->name);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_close_session();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
CK_RV do_SignVerifyMAC(struct published_mac_test_suite_info *tsuite)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
int k;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_MECHANISM mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE h_key;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_RV rc = CKR_OK;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
|
|
Packit |
8681c6 |
CK_MAC_GENERAL_PARAMS mac_param;
|
|
Packit |
8681c6 |
CK_ULONG ofs;
|
|
Packit |
8681c6 |
CK_BYTE actual[MAX_KEY_SIZE];
|
|
Packit Service |
8aa27d |
CK_ULONG actual_len, mac_len;
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
testsuite_begin("%s Sign/Verify MAC.", tsuite->name);
|
|
Packit |
8681c6 |
testcase_rw_session();
|
|
Packit |
8681c6 |
testcase_user_login();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** skip tests if the slot doesn't support this mechanism **/
|
|
Packit |
8681c6 |
if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
|
|
Packit |
8681c6 |
testsuite_skip(3,
|
|
Packit |
8681c6 |
"Slot %u doesn't support %s (%u)",
|
|
Packit |
8681c6 |
(unsigned int) slot_id,
|
|
Packit |
8681c6 |
mech_to_str(tsuite->mech.mechanism),
|
|
Packit |
8681c6 |
(unsigned int) tsuite->mech.mechanism);
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < tsuite->tvcount; i++) {
|
|
Packit Service |
8aa27d |
testcase_begin("%s Sign/Verify MAC with published test vector %d.",
|
|
Packit |
8681c6 |
tsuite->name, i);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** create key handle **/
|
|
Packit |
8681c6 |
rc = create_AESKey(session,
|
|
Packit |
8681c6 |
tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** get mech **/
|
|
Packit |
8681c6 |
mech = tsuite->mech;
|
|
Packit Service |
8aa27d |
switch (mech.mechanism) {
|
|
Packit Service |
8aa27d |
case CKM_AES_CMAC_GENERAL:
|
|
Packit Service |
8aa27d |
case CKM_AES_MAC_GENERAL:
|
|
Packit |
8681c6 |
mac_param = tsuite->tv[i].tlen;
|
|
Packit |
8681c6 |
mech.pParameter = &mac_param;
|
|
Packit |
8681c6 |
mech.ulParameterLen = sizeof(mac_param);
|
|
Packit Service |
8aa27d |
mac_len = mac_param;
|
|
Packit Service |
8aa27d |
break;
|
|
Packit Service |
8aa27d |
case CKM_AES_CMAC:
|
|
Packit Service |
8aa27d |
case CKM_IBM_CMAC:
|
|
Packit Service |
8aa27d |
mac_len = AES_BLOCK_SIZE;
|
|
Packit Service |
8aa27d |
break;
|
|
Packit Service |
8aa27d |
case CKM_AES_MAC:
|
|
Packit Service |
8aa27d |
mac_len = AES_BLOCK_SIZE / 2;
|
|
Packit Service |
8aa27d |
break;
|
|
Packit Service |
8aa27d |
default:
|
|
Packit Service |
8aa27d |
testcase_error("Invalid mechanism: %s",
|
|
Packit Service |
8aa27d |
p11_get_ckm(mech.mechanism));
|
|
Packit Service |
8aa27d |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** initialize signing **/
|
|
Packit |
8681c6 |
rc = funcs->C_SignInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_SignInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
actual_len = sizeof(actual);
|
|
Packit |
8681c6 |
memset(actual, 0, sizeof(actual));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (tsuite->tv[i].num_chunks_message > 0) {
|
|
Packit |
8681c6 |
ofs = 0;
|
|
Packit |
8681c6 |
for (k = 0; k < tsuite->tv[i].num_chunks_message; k++) {
|
|
Packit |
8681c6 |
rc = funcs->C_SignUpdate(session, tsuite->tv[i].msg + ofs,
|
|
Packit |
8681c6 |
tsuite->tv[i].chunks_msg[k]);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_SignUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
ofs += tsuite->tv[i].chunks_msg[k];
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_SignFinal(session, actual, &actual_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_SignFinal rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
rc = funcs->C_Sign(session, tsuite->tv[i].msg,tsuite->tv[i].mlen,
|
|
Packit |
8681c6 |
actual, &actual_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Sign rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** initilaize verification **/
|
|
Packit |
8681c6 |
rc = funcs->C_VerifyInit(session, &mech, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_VerifyInit rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** do verification **/
|
|
Packit |
8681c6 |
if (tsuite->tv[i].num_chunks_message > 0) {
|
|
Packit |
8681c6 |
ofs = 0;
|
|
Packit |
8681c6 |
for (k = 0; k < tsuite->tv[i].num_chunks_message; k++) {
|
|
Packit |
8681c6 |
rc = funcs->C_VerifyUpdate(session, tsuite->tv[i].msg + ofs,
|
|
Packit |
8681c6 |
tsuite->tv[i].chunks_msg[k]);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_VerifyUpdate rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
ofs += tsuite->tv[i].chunks_msg[k];
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_VerifyFinal(session, actual, actual_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_VerifyFinal rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
rc = funcs->C_Verify(session, tsuite->tv[i].msg,tsuite->tv[i].mlen,
|
|
Packit |
8681c6 |
actual, actual_len);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_Verify rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto error;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/** compare sign/verify results with expected results **/
|
|
Packit |
8681c6 |
testcase_new_assertion();
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
if ((mech.mechanism == CKM_AES_CMAC_GENERAL ||
|
|
Packit Service |
8aa27d |
mech.mechanism == CKM_AES_MAC_GENERAL) &&
|
|
Packit |
8681c6 |
actual_len != tsuite->tv[i].tlen) {
|
|
Packit |
8681c6 |
testcase_fail("signature length does not match test vector's "
|
|
Packit |
8681c6 |
"signature length\nexpected length=%d, found "
|
|
Packit |
8681c6 |
"length=%ld", tsuite->tv[i].tlen, actual_len);
|
|
Packit |
8681c6 |
} else if (mech.mechanism != CKM_AES_CMAC_GENERAL &&
|
|
Packit Service |
8aa27d |
mech.mechanism != CKM_AES_MAC_GENERAL &&
|
|
Packit Service |
8aa27d |
actual_len != mac_len) {
|
|
Packit |
8681c6 |
testcase_fail("signature length does not match test vector's "
|
|
Packit Service |
8aa27d |
"signature length\nexpected length=%ld, found "
|
|
Packit Service |
8aa27d |
"length=%ld", mac_len, actual_len);
|
|
Packit Service |
8aa27d |
} else if (memcmp(actual, tsuite->tv[i].mac,
|
|
Packit Service |
8aa27d |
tsuite->tv[i].tlen < mac_len ? tsuite->tv[i].tlen :
|
|
Packit Service |
8aa27d |
mac_len)) {
|
|
Packit |
8681c6 |
testcase_fail("signature does not match test vector's signature");
|
|
Packit |
8681c6 |
} else {
|
|
Packit Service |
8aa27d |
testcase_pass("%s Sign/Verify MAC with test vector %d "
|
|
Packit |
8681c6 |
"passed.", tsuite->name, i);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK) {
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
goto testcase_cleanup;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
error:
|
|
Packit |
8681c6 |
rc = funcs->C_DestroyObject(session, h_key);
|
|
Packit |
8681c6 |
if (rc != CKR_OK)
|
|
Packit |
8681c6 |
testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_cleanup:
|
|
Packit |
8681c6 |
testcase_close_session();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV aes_funcs()
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
unsigned int i;
|
|
Packit |
8681c6 |
CK_RV rv = CKR_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < NUM_OF_PUBLISHED_TESTSUITES; i++) {
|
|
Packit |
8681c6 |
rv = do_EncryptAES(&published_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_DecryptAES(&published_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_EncryptUpdateAES(&published_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_DecryptUpdateAES(&published_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < NUM_OF_GENERATED_TESTSUITES; i++) {
|
|
Packit |
8681c6 |
rv = do_EncryptDecryptAES(&generated_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_EncryptDecryptUpdateAES(&generated_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_WrapUnwrapAES(&generated_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_WrapUnwrapRSA(&generated_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/***** Error scenarios *****/
|
|
Packit |
8681c6 |
for (i = 0; i < NUM_OF_GENERATED_ERR_TESTSUITES; i++) {
|
|
Packit |
8681c6 |
rv = do_WrapRSA_Err(&generated_err_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_UnwrapRSA_Err(&generated_err_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit Service |
8aa27d |
/* MAC test cases */
|
|
Packit Service |
8aa27d |
for (i = 0; i < NUM_OF_PUBLISHED_MAC_TESTSUITES; i++) {
|
|
Packit Service |
8aa27d |
rv = do_SignVerifyMAC(&published_mac_test_suites[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK && (!no_stop))
|
|
Packit |
8681c6 |
break;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int main(int argc, char **argv)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
int rc;
|
|
Packit |
8681c6 |
CK_C_INITIALIZE_ARGS cinit_args;
|
|
Packit |
8681c6 |
CK_RV rv = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_ParseArgs(argc, argv);
|
|
Packit |
8681c6 |
if (rc != 1)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Using slot #%lu...\n\n", SLOT_ID);
|
|
Packit |
8681c6 |
printf("With option: nostop: %d\n", no_stop);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = do_GetFunctionList();
|
|
Packit |
8681c6 |
if (!rc) {
|
|
Packit |
8681c6 |
testcase_error("do_getFunctionList(), rc=%s", p11_get_ckr(rc));
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&cinit_args, 0x0, sizeof(cinit_args));
|
|
Packit |
8681c6 |
cinit_args.flags = CKF_OS_LOCKING_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// SAB Add calls to ALL functions before the C_Initialize gets hit
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
funcs->C_Initialize(&cinit_args);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE hsess = 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_GetFunctionStatus(hsess);
|
|
Packit |
8681c6 |
if (rc != CKR_FUNCTION_NOT_PARALLEL)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rc = funcs->C_CancelFunction(hsess);
|
|
Packit |
8681c6 |
if (rc != CKR_FUNCTION_NOT_PARALLEL)
|
|
Packit |
8681c6 |
return rc;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
testcase_setup(0); //TODO
|
|
Packit |
8681c6 |
rv = aes_funcs();
|
|
Packit |
8681c6 |
testcase_print_result();
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
funcs->C_Finalize(NULL);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* make sure we return non-zero if rv is non-zero */
|
|
Packit |
8681c6 |
return ((rv == 0) || (rv % 256) ? (int)rv : -1);
|
|
Packit |
8681c6 |
}
|