|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* COPYRIGHT (c) International Business Machines Corp. 2006-2017
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
|
|
Packit |
8681c6 |
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
|
|
Packit |
8681c6 |
* found in the file LICENSE file or at
|
|
Packit |
8681c6 |
* https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* File: driver.c
|
|
Packit |
8681c6 |
*
|
|
Packit |
8681c6 |
* Test driver. In-depth regression test for PKCS #11
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <stdio.h>
|
|
Packit |
8681c6 |
#include <stdlib.h>
|
|
Packit |
8681c6 |
#include <string.h>
|
|
Packit |
8681c6 |
#include <memory.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include <dlfcn.h>
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#include "pkcs11types.h"
|
|
Packit |
8681c6 |
#include "regress.h"
|
|
Packit |
8681c6 |
#include "common.c"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_VerifyTokenSymKey(CK_SESSION_HANDLE sess, CK_BYTE * label)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE obj_handles[20];
|
|
Packit |
8681c6 |
CK_ULONG pulCount = 0, obj_class = CKO_SECRET_KEY, i;
|
|
Packit |
8681c6 |
CK_RV rv;
|
|
Packit |
8681c6 |
CK_BBOOL true = 1;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("do_VerifyTokenSymKey...\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Find token objects based on the label */
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_ATTRIBUTE tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_LABEL, label, (CK_ULONG) strlen((char *) label) + 1},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(CK_BBOOL)},
|
|
Packit |
8681c6 |
{CKA_CLASS, &obj_class, sizeof(obj_class)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_FindObjectsInit(sess, tmpl, 3);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_FindObjectsInit #1", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_FindObjects(sess, obj_handles, 20, &pulCount);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_FindObjects #1", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_FindObjectsFinal(sess);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_FindObjectsFinal #1", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 0; i < pulCount; i++) {
|
|
Packit |
8681c6 |
CK_ULONG valueLen = 0;
|
|
Packit |
8681c6 |
CK_BYTE value[256] = { 0, };
|
|
Packit |
8681c6 |
CK_ATTRIBUTE tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_VALUE, NULL, valueLen}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_GetAttributeValue(sess, obj_handles[i], tmpl, 1);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_GetAttributeValue #1", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
tmpl[0].pValue = value;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (is_ep11_token(SLOT_ID) || is_cca_token(SLOT_ID)) {
|
|
Packit |
8681c6 |
/*
|
|
Packit |
8681c6 |
* Secure key, there is no value or just a dummy
|
|
Packit |
8681c6 |
* value attribute. So skip processing the value.
|
|
Packit |
8681c6 |
*/
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
rv = funcs->C_GetAttributeValue(sess, obj_handles[i], tmpl, 1);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_GetAttributeValue", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
/* The public exponent is element 0 and modulus is element 1 */
|
|
Packit |
8681c6 |
if (tmpl[0].ulValueLen > 256 || tmpl[0].ulValueLen < 8) {
|
|
Packit |
8681c6 |
PRINT_ERR("secret key value (%lu) OOB!", tmpl[0].ulValueLen);
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
printf("%lu byte secret key found.\nValue:\n", tmpl[0].ulValueLen);
|
|
Packit |
8681c6 |
print_hex(tmpl[0].pValue, tmpl[0].ulValueLen);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_DestroyObject(sess, obj_handles[i]);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_DestroyObject", rv);
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
printf("Object destroyed.\n");
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("%s: Success\n", __func__);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CK_RV do_GenerateTokenSymKey(CK_SESSION_HANDLE sess, CK_BYTE * label,
|
|
Packit |
8681c6 |
CK_ULONG type)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_MECHANISM mech;
|
|
Packit |
8681c6 |
CK_OBJECT_HANDLE key;
|
|
Packit |
8681c6 |
CK_RV rv;
|
|
Packit |
8681c6 |
CK_BBOOL true = 1;
|
|
Packit |
8681c6 |
CK_ULONG key_len = 16;
|
|
Packit |
8681c6 |
CK_ATTRIBUTE tmpl[] = {
|
|
Packit |
8681c6 |
{CKA_LABEL, label, (CK_ULONG) strlen((char *) label) + 1},
|
|
Packit |
8681c6 |
{CKA_TOKEN, &true, sizeof(CK_BBOOL)},
|
|
Packit |
8681c6 |
{CKA_VALUE_LEN, &key_len, sizeof(CK_ULONG)}
|
|
Packit |
8681c6 |
};
|
|
Packit |
8681c6 |
int attr = (type == CKM_AES_KEY_GEN ? 3 : 2);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("do_GenerateTokenSymKey...\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
mech.mechanism = type;
|
|
Packit |
8681c6 |
mech.ulParameterLen = 0;
|
|
Packit |
8681c6 |
mech.pParameter = NULL;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_GenerateKey(sess, &mech, tmpl, attr, &key);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_GenerateKey #1", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Success\n");
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return CKR_OK;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
int main(int argc, char **argv)
|
|
Packit |
8681c6 |
{
|
|
Packit |
8681c6 |
CK_C_INITIALIZE_ARGS cinit_args;
|
|
Packit |
8681c6 |
int i, nodelete = 0;
|
|
Packit |
8681c6 |
CK_RV rv;
|
|
Packit |
8681c6 |
SLOT_ID = 0;
|
|
Packit |
8681c6 |
CK_BYTE user_pin[128];
|
|
Packit |
8681c6 |
CK_ULONG user_pin_len;
|
|
Packit |
8681c6 |
CK_SLOT_ID slot_id;
|
|
Packit |
8681c6 |
CK_SESSION_HANDLE session;
|
|
Packit |
8681c6 |
CK_FLAGS flags;
|
|
Packit |
8681c6 |
CK_BYTE tdes_label[] = "XXX DELETE ME TEST 3DES KEY";
|
|
Packit |
8681c6 |
CK_BYTE aes_label[] = "XXX DELETE ME TEST AES KEY";
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
for (i = 1; i < argc; i++) {
|
|
Packit |
8681c6 |
if (strcmp(argv[i], "-slot") == 0) {
|
|
Packit |
8681c6 |
++i;
|
|
Packit |
8681c6 |
SLOT_ID = atoi(argv[i]);
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (strcmp(argv[i], "-nodelete") == 0) {
|
|
Packit |
8681c6 |
nodelete = 1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (strcmp(argv[i], "-h") == 0) {
|
|
Packit |
8681c6 |
printf("usage: %s [-noskip] [-slot <num>] [-h]\n\n", argv[0]);
|
|
Packit |
8681c6 |
printf("By default, Slot #1 is used\n\n");
|
|
Packit |
8681c6 |
printf("By default we skip anything that creates or modifies\n");
|
|
Packit |
8681c6 |
printf("token objects to preserve flash lifetime.\n");
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("Using slot #%lu...\n\n", SLOT_ID);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
slot_id = SLOT_ID;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = do_GetFunctionList();
|
|
Packit |
8681c6 |
if (rv != TRUE) {
|
|
Packit |
8681c6 |
show_error("do_GetFunctionList", rv);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
memset(&cinit_args, 0x0, sizeof(cinit_args));
|
|
Packit |
8681c6 |
cinit_args.flags = CKF_OS_LOCKING_OK;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
// SAB Add calls to ALL functions before the C_Initialize gets hit
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if ((rv = funcs->C_Initialize(&cinit_args))) {
|
|
Packit |
8681c6 |
show_error("C_Initialize", rv);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (get_user_pin(user_pin))
|
|
Packit |
8681c6 |
return CKR_FUNCTION_FAILED;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
|
|
Packit |
8681c6 |
rv = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_OpenSession #1", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_Login #1", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (mech_supported(slot_id, CKM_DES3_KEY_GEN)) {
|
|
Packit |
8681c6 |
rv = do_GenerateTokenSymKey(session, tdes_label, CKM_DES3_KEY_GEN);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("do_GenerateTokenSymKey(...DES3_KEY)", rv);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_skip("GenerateTokenSymKey(...DES3_KEY)");
|
|
Packit |
8681c6 |
tdes_label[0] = 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (mech_supported(slot_id, CKM_AES_KEY_GEN)) {
|
|
Packit |
8681c6 |
rv = do_GenerateTokenSymKey(session, aes_label, CKM_AES_KEY_GEN);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("do_GenerateTokenSymKey(...AES_KEY)", rv);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_skip("GenerateTokenSymKey(...AES_KEY)");
|
|
Packit |
8681c6 |
aes_label[0] = 0;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_CloseSession(session);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_CloseSession #3", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_Finalize(NULL);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_Finalize", rv);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (nodelete)
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/* Open a new session and re-login */
|
|
Packit |
8681c6 |
if ((rv = funcs->C_Initialize(&cinit_args))) {
|
|
Packit |
8681c6 |
show_error("C_Initialize", rv);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_OpenSession #2", rv);
|
|
Packit |
8681c6 |
goto finalize;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
rv = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_Login #2", rv);
|
|
Packit |
8681c6 |
goto close_session;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (tdes_label[0]) {
|
|
Packit |
8681c6 |
rv = do_VerifyTokenSymKey(session, tdes_label);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("do_VerifyTokenSymKey(...DES3_KEY...)", rv);
|
|
Packit |
8681c6 |
goto close_session;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_skip("VerifyTokenSymKey(...DES3_KEY...)");
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
if (aes_label[0]) {
|
|
Packit |
8681c6 |
rv = do_VerifyTokenSymKey(session, aes_label);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("do_VerifyTokenSymKey(...AES_KEY...)", rv);
|
|
Packit |
8681c6 |
goto close_session;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
} else {
|
|
Packit |
8681c6 |
testcase_skip("VerifyTokenSymKey(...AES_KEY...)");
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
close_session:
|
|
Packit |
8681c6 |
rv = funcs->C_CloseSession(session);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error(" C_CloseSession #3", rv);
|
|
Packit |
8681c6 |
return rv;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
finalize:
|
|
Packit |
8681c6 |
rv = funcs->C_Finalize(NULL);
|
|
Packit |
8681c6 |
if (rv != CKR_OK) {
|
|
Packit |
8681c6 |
show_error("C_Finalize", rv);
|
|
Packit |
8681c6 |
return -1;
|
|
Packit |
8681c6 |
}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
printf("%s: Success\n", argv[0]);
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
return 0;
|
|
Packit |
8681c6 |
}
|