/*
* COPYRIGHT (c) International Business Machines Corp. 2020
*
* This program is provided under the terms of the Common Public License,
* version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
* software constitutes recipient's acceptance of CPL-1.0 terms which can be
* found in the file LICENSE file or at
* https://opensource.org/licenses/cpl1.0.php
*/
/* File: reencrypt.c
*
* Test driver. In-depth regression test for PKCS #11
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <memory.h>
#include <unistd.h>
#include <dlfcn.h>
#include <sys/types.h>
#include <sys/wait.h>
#include "pkcs11types.h"
#include "regress.h"
#include "mech_to_str.h"
#include "common.c"
CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
CK_ULONG user_pin_len;
CK_SLOT_ID slot_id = 1;
CK_SESSION_HANDLE session;
CK_OBJECT_HANDLE sym_key1 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE sym_key2 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE publ_key1 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE priv_key1 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE publ_key2 = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE priv_key2 = CK_INVALID_HANDLE;
CK_C_IBM_ReencryptSingle _C_IBM_ReencryptSingle;
CK_RSA_PKCS_OAEP_PARAMS oaep_params_sha1 = {
.hashAlg = CKM_SHA_1,
.mgf = CKG_MGF1_SHA1,
.source = 0,
.pSourceData = NULL,
.ulSourceDataLen = 0,
};
CK_RSA_PKCS_OAEP_PARAMS oaep_params_sha1_source = {
.hashAlg = CKM_SHA_1,
.mgf = CKG_MGF1_SHA1,
.source = CKZ_DATA_SPECIFIED,
.pSourceData = "abc",
.ulSourceDataLen = 3,
};
CK_RSA_PKCS_OAEP_PARAMS oaep_params_sha256 = {
.hashAlg = CKM_SHA256,
.mgf = CKG_MGF1_SHA256,
.source = 0,
.pSourceData = NULL,
.ulSourceDataLen = 0,
};
CK_RSA_PKCS_OAEP_PARAMS oaep_params_sha256_source = {
.hashAlg = CKM_SHA256,
.mgf = CKG_MGF1_SHA256,
.source = CKZ_DATA_SPECIFIED,
.pSourceData = "abc",
.ulSourceDataLen = 3,
};
CK_BYTE aes_iv[16] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
CK_BYTE des_iv[8] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 };
CK_BYTE clear_data[32];
CK_BYTE encrypted_data1[2048];
CK_ULONG encrypted_data1_len = sizeof(encrypted_data1);
CK_BYTE encrypted_data2[2048];
CK_ULONG encrypted_data2_len = sizeof(encrypted_data2);
CK_BYTE decrypted_data[1024];
CK_ULONG decrypted_data_len = sizeof(decrypted_data);
struct mech_info {
char *name;
CK_MECHANISM mech;
CK_MECHANISM key_gen_mech;
CK_ULONG rsa_modbits;
CK_ULONG rsa_publ_exp_len;
CK_BYTE rsa_publ_exp[4];
CK_ULONG sym_keylen;
CK_ULONG clear_data_len;
};
struct mech_info reencrypt_tests[] = {
{
.name = "AES 128 ECB",
.mech = { CKM_AES_ECB, 0, 0 },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 16,
.clear_data_len = 32,
},
{
.name = "AES 192 ECB",
.mech = { CKM_AES_ECB, 0, 0 },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 24,
.clear_data_len = 32,
},
{
.name = "AES 256 ECB",
.mech = { CKM_AES_ECB, 0, 0 },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 32,
.clear_data_len = 32,
},
{
.name = "AES 128 CBC",
.mech = { CKM_AES_CBC, aes_iv, sizeof(aes_iv) },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 16,
.clear_data_len = 32,
},
{
.name = "AES 192 CBC",
.mech = { CKM_AES_CBC, aes_iv, sizeof(aes_iv) },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 24,
.clear_data_len = 32,
},
{
.name = "AES 256 CBC",
.mech = { CKM_AES_CBC, aes_iv, sizeof(aes_iv) },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 32,
.clear_data_len = 32,
},
{
.name = "AES 128 CBC PAD",
.mech = { CKM_AES_CBC_PAD, aes_iv, sizeof(aes_iv) },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 16,
.clear_data_len = 30,
},
{
.name = "AES 192 CBC PAD",
.mech = { CKM_AES_CBC_PAD, aes_iv, sizeof(aes_iv) },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 24,
.clear_data_len = 30,
},
{
.name = "AES 256 CBC PAD",
.mech = { CKM_AES_CBC_PAD, aes_iv, sizeof(aes_iv) },
.key_gen_mech = { CKM_AES_KEY_GEN, 0, 0 },
.sym_keylen = 32,
.clear_data_len = 30,
},
{
.name = "DES ECB",
.mech = { CKM_DES_ECB, 0, 0 },
.key_gen_mech = { CKM_DES_KEY_GEN, 0, 0 },
.clear_data_len = 32,
},
{
.name = "DES CCB",
.mech = { CKM_DES_CBC, des_iv, sizeof(des_iv) },
.key_gen_mech = { CKM_DES_KEY_GEN, 0, 0 },
.clear_data_len = 32,
},
{
.name = "DES CBC PAD",
.mech = { CKM_DES_CBC_PAD, des_iv, sizeof(des_iv) },
.key_gen_mech = { CKM_DES_KEY_GEN, 0, 0 },
.clear_data_len = 30,
},
{
.name = "DES3 ECB",
.mech = { CKM_DES3_ECB, 0, 0 },
.key_gen_mech = { CKM_DES3_KEY_GEN, 0, 0 },
.clear_data_len = 32,
},
{
.name = "DES3 CCB",
.mech = { CKM_DES3_CBC, des_iv, sizeof(des_iv) },
.key_gen_mech = { CKM_DES3_KEY_GEN, 0, 0 },
.clear_data_len = 32,
},
{
.name = "DES3 CBC PAD",
.mech = { CKM_DES3_CBC_PAD, des_iv, sizeof(des_iv) },
.key_gen_mech = { CKM_DES3_KEY_GEN, 0, 0 },
.clear_data_len = 30,
},
{
.name = "RSA 512 PKCS",
.mech = { CKM_RSA_PKCS, 0, 0 },
.key_gen_mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, 0, 0 },
.rsa_modbits = 512,
.rsa_publ_exp_len = 3,
.rsa_publ_exp = {0x01, 0x00, 0x01},
.clear_data_len = 30,
},
{
.name = "RSA 1024 PKCS",
.mech = { CKM_RSA_PKCS, 0, 0 },
.key_gen_mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, 0, 0 },
.rsa_modbits = 1024,
.rsa_publ_exp_len = 3,
.rsa_publ_exp = {0x01, 0x00, 0x01},
.clear_data_len = 30,
},
{
.name = "RSA 2048 PKCS",
.mech = { CKM_RSA_PKCS, 0, 0 },
.key_gen_mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, 0, 0 },
.rsa_modbits = 2048,
.rsa_publ_exp_len = 3,
.rsa_publ_exp = {0x01, 0x00, 0x01},
.clear_data_len = 30,
},
{
.name = "RSA 1024 PKCS OAEP (SHA1)",
.mech = { CKM_RSA_PKCS_OAEP, &oaep_params_sha1,
sizeof(CK_RSA_PKCS_OAEP_PARAMS) },
.key_gen_mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, 0, 0 },
.rsa_modbits = 1024,
.rsa_publ_exp_len = 3,
.rsa_publ_exp = {0x01, 0x00, 0x01},
.clear_data_len = 30,
},
{
.name = "RSA 1024 PKCS OAEP (SHA1, source data)",
.mech = { CKM_RSA_PKCS_OAEP, &oaep_params_sha1_source,
sizeof(CK_RSA_PKCS_OAEP_PARAMS) },
.key_gen_mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, 0, 0 },
.rsa_modbits = 1024,
.rsa_publ_exp_len = 3,
.rsa_publ_exp = {0x01, 0x00, 0x01},
.clear_data_len = 30,
},
{
.name = "RSA 1024 PKCS OAEP (SHA256)",
.mech = { CKM_RSA_PKCS_OAEP, &oaep_params_sha256,
sizeof(CK_RSA_PKCS_OAEP_PARAMS) },
.key_gen_mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, 0, 0 },
.rsa_modbits = 1024,
.rsa_publ_exp_len = 3,
.rsa_publ_exp = {0x01, 0x00, 0x01},
.clear_data_len = 30,
},
{
.name = "RSA 1024 PKCS OAEP (SHA256, source data)",
.mech = { CKM_RSA_PKCS_OAEP, &oaep_params_sha256_source,
sizeof(CK_RSA_PKCS_OAEP_PARAMS) },
.key_gen_mech = { CKM_RSA_PKCS_KEY_PAIR_GEN, 0, 0 },
.rsa_modbits = 1024,
.rsa_publ_exp_len = 3,
.rsa_publ_exp = {0x01, 0x00, 0x01},
.clear_data_len = 30,
},
};
#define NUM_REENCRYPT_TESTS sizeof(reencrypt_tests) / \
sizeof(struct mech_info)
CK_RV do_reencrypt(struct mech_info *mech1, struct mech_info *mech2)
{
CK_RSA_PKCS_OAEP_PARAMS *oaep;
CK_RV loc_rc, rc = CKR_OK;
char *s = NULL;
testcase_begin("Reencrypt from '%s' to '%s'", mech1->name, mech2->name);
if (!mech_supported(slot_id, mech2->key_gen_mech.mechanism)) {
testcase_skip("Slot %u doesn't support %s (%u)",
(unsigned int)slot_id,
mech_to_str(mech2->key_gen_mech.mechanism),
(unsigned int)mech2->key_gen_mech.mechanism);
goto testcase_cleanup;
}
if (!mech_supported(slot_id, mech2->mech.mechanism)) {
testcase_skip("Slot %u doesn't support %s (%u)",
(unsigned int)slot_id,
mech_to_str(mech2->mech.mechanism),
(unsigned int)mech2->mech.mechanism);
goto testcase_cleanup;
}
switch (mech2->mech.mechanism) {
case CKM_DES_ECB:
case CKM_DES_CBC:
case CKM_DES_CBC_PAD:
if (is_cca_token(slot_id)) {
testcase_skip("CCA does not support DES with reencrypt");
goto testcase_cleanup;
}
break;
case CKM_DES3_CBC_PAD:
if (is_cca_token(slot_id)) {
testcase_skip("CCA does not support DES3 CBC PAD with reencrypt");
goto testcase_cleanup;
}
break;
case CKM_RSA_PKCS:
case CKM_RSA_PKCS_OAEP:
if (is_cca_token(slot_id)) {
testcase_skip("CCA does not support RSA with reencrypt");
goto testcase_cleanup;
}
break;
default:
break;
}
switch (mech1->mech.mechanism) {
case CKM_AES_CBC_PAD:
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_RSA_PKCS:
case CKM_RSA_PKCS_OAEP:
switch (mech2->mech.mechanism) {
case CKM_AES_CBC_PAD:
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
case CKM_RSA_PKCS:
case CKM_RSA_PKCS_OAEP:
break;
default:
testcase_skip("Cannot reencrypt from %s (%u) to %s (%u), because "
"the target mechanism does not pad.",
mech_to_str(mech1->mech.mechanism),
(unsigned int)mech1->mech.mechanism,
mech_to_str(mech2->mech.mechanism),
(unsigned int)mech2->mech.mechanism);
goto testcase_cleanup;
}
break;
default:
break;
}
/*
* Generate the key 1
*/
switch (mech2->key_gen_mech.mechanism) {
case CKM_RSA_PKCS_KEY_PAIR_GEN:
if (p11_ahex_dump(&s, mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len) == NULL) {
testcase_error("p11_ahex_dump() failed");
rc = CKR_FUNCTION_FAILED;
goto testcase_cleanup;
}
if (!keysize_supported(slot_id, mech2->key_gen_mech.mechanism,
mech2->rsa_modbits)) {
testcase_skip("Token in slot %ld cannot be used with "
"modbits.='%ld'", slot_id, mech2->rsa_modbits);
goto testcase_cleanup;
}
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len)) {
testcase_skip("EP11 Token in cannot be used with "
"publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len)) {
testcase_skip("CCA Token in cannot be used with "
" publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_tpm_token(slot_id) ) {
if (!is_valid_tpm_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len) ||
!is_valid_tpm_modbits(mech2->rsa_modbits)) {
testcase_skip("TPM Token cannot be used with "
"publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_icsf_token(slot_id)) {
if (!is_valid_icsf_pubexp(mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len) ||
mech2->rsa_modbits < 1024) {
testcase_skip("ICSF Token cannot be used with "
"publ_exp='%s'.", s);
goto testcase_cleanup;
}
}
rc = generate_RSA_PKCS_KeyPair(session, mech2->rsa_modbits,
mech2->rsa_publ_exp,
mech2->rsa_publ_exp_len,
&publ_key2, &priv_key2);
break;
case CKM_AES_KEY_GEN:
rc = generate_AESKey(session, mech2->sym_keylen,
&mech2->key_gen_mech, &sym_key2);
break;
case CKM_DES3_KEY_GEN:
case CKM_DES2_KEY_GEN:
case CKM_DES_KEY_GEN:
rc = funcs->C_GenerateKey(session, &mech2->key_gen_mech,
NULL, 0, &sym_key2);
break;
default:
testcase_error("Testcase does not support %s (%u)",
mech_to_str(mech2->key_gen_mech.mechanism),
(unsigned int)mech2->key_gen_mech.mechanism);
goto testcase_cleanup;
}
if (rc != CKR_OK) {
testcase_error("generate key-2 with mech %s (%u) in slot %lu "
"failed, rc=%s",
mech_to_str(mech2->key_gen_mech.mechanism),
(unsigned int)mech2->key_gen_mech.mechanism,
slot_id, p11_get_ckr(rc));
goto testcase_cleanup;
}
encrypted_data2_len = sizeof(encrypted_data2);
rc = _C_IBM_ReencryptSingle(session, &mech1->mech,
sym_key1 != CK_INVALID_HANDLE ? sym_key1 :
priv_key1,
&mech2->mech, sym_key2 != CK_INVALID_HANDLE ?
sym_key2 : publ_key2,
encrypted_data1, encrypted_data1_len,
encrypted_data2, &encrypted_data2_len);
if (rc != CKR_OK) {
oaep = (CK_RSA_PKCS_OAEP_PARAMS *)mech2->mech.pParameter;
if (rc == CKR_MECHANISM_PARAM_INVALID &&
mech2->mech.mechanism == CKM_RSA_PKCS_OAEP &&
is_ep11_token(slot_id) &&
(oaep->hashAlg != CKM_SHA_1 || oaep->mgf != CKG_MGF1_SHA1)) {
testcase_skip("EP11 Token does not support RSA OAEP with hash "
"and/or MGF other than SHA-1");
goto testcase_cleanup;
}
if (rc == CKR_FUNCTION_NOT_SUPPORTED) {
testcase_skip("Slot %lu does not support C_IBM_ReencryptSingle",
slot_id);
goto testcase_cleanup;
}
testcase_error("C_IBM_ReencryptSingle with decr-mech %s (%u) and "
"encr-mech %s (%u) failed, rc=%s",
mech_to_str(mech1->mech.mechanism),
(unsigned int)mech1->mech.mechanism,
mech_to_str(mech2->mech.mechanism),
(unsigned int)mech2->mech.mechanism,
p11_get_ckr(rc));
goto testcase_cleanup;
}
rc = funcs->C_DecryptInit(session, &mech2->mech,
sym_key2 != CK_INVALID_HANDLE ? sym_key2 :
priv_key2);
if (rc != CKR_OK) {
testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
goto testcase_cleanup;
}
decrypted_data_len = sizeof(decrypted_data);
rc = funcs->C_Decrypt(session, encrypted_data2, encrypted_data2_len,
decrypted_data, &decrypted_data_len);
if (rc != CKR_OK) {
testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
goto testcase_cleanup;
}
if (decrypted_data_len != mech1->clear_data_len) {
testcase_error("The decrypted data length differs from the original "
"clear data: original: %lu, decrypted: %lu",
mech1->clear_data_len, decrypted_data_len);
rc = CKR_FUNCTION_FAILED;
goto testcase_cleanup;
}
if (memcmp(clear_data, decrypted_data, mech1->clear_data_len) != 0) {
testcase_error("The decrypted data differs from the original "
"clear data.");
rc = CKR_FUNCTION_FAILED;
goto testcase_cleanup;
}
testcase_new_assertion();
testcase_pass("Reencrypt from '%s' to '%s'", mech1->name, mech2->name);
testcase_cleanup:
if (sym_key2 != CK_INVALID_HANDLE) {
loc_rc = funcs->C_DestroyObject(session, sym_key2);
if (loc_rc != CKR_OK)
testcase_error("C_DestroyObject(), rc=%s.", p11_get_ckr(loc_rc));
}
sym_key2 = CK_INVALID_HANDLE;
if (publ_key2 != CK_INVALID_HANDLE) {
loc_rc = funcs->C_DestroyObject(session, publ_key2);
if (loc_rc != CKR_OK)
testcase_error("C_DestroyObject(), rc=%s.", p11_get_ckr(loc_rc));
}
publ_key2 = CK_INVALID_HANDLE;
if (priv_key2 != CK_INVALID_HANDLE) {
loc_rc = funcs->C_DestroyObject(session, priv_key2);
if (loc_rc != CKR_OK)
testcase_error("C_DestroyObject(), rc=%s.", p11_get_ckr(loc_rc));
}
priv_key2 = CK_INVALID_HANDLE;
if (s != NULL)
free(s);
return rc;
}
CK_RV do_encrypt_reencrypt(struct mech_info *mech1)
{
CK_RSA_PKCS_OAEP_PARAMS *oaep;
CK_RV loc_rc, rc = CKR_OK;
char *s = NULL;
CK_ULONG i;
testsuite_begin("with '%s'", mech1->name);
if (!mech_supported(slot_id, mech1->key_gen_mech.mechanism)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "Slot %u doesn't support %s (%u)",
(unsigned int)slot_id,
mech_to_str(mech1->key_gen_mech.mechanism),
(unsigned int)mech1->key_gen_mech.mechanism);
goto testcase_cleanup;
}
if (!mech_supported(slot_id, mech1->mech.mechanism)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "Slot %u doesn't support %s (%u)",
(unsigned int)slot_id,
mech_to_str(mech1->mech.mechanism),
(unsigned int)mech1->mech.mechanism);
goto testcase_cleanup;
}
switch (mech1->mech.mechanism) {
case CKM_DES_ECB:
case CKM_DES_CBC:
case CKM_DES_CBC_PAD:
if (is_cca_token(slot_id)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "CCA does not support DES "
"with reencrypt");
goto testcase_cleanup;
}
break;
case CKM_DES3_CBC_PAD:
if (is_cca_token(slot_id)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "CCA does not support DES3 "
"CBC PAD with reencrypt");
goto testcase_cleanup;
}
break;
case CKM_RSA_PKCS:
case CKM_RSA_PKCS_OAEP:
if (is_cca_token(slot_id)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "CCA does not support RSA "
"with reencrypt");
goto testcase_cleanup;
}
break;
default:
break;
}
/*
* Generate the key 1
*/
switch (mech1->key_gen_mech.mechanism) {
case CKM_RSA_PKCS_KEY_PAIR_GEN:
if (p11_ahex_dump(&s, mech1->rsa_publ_exp,
mech1->rsa_publ_exp_len) == NULL) {
testcase_error("p11_ahex_dump() failed");
rc = CKR_FUNCTION_FAILED;
goto testcase_cleanup;
}
if (!keysize_supported(slot_id,
mech1->key_gen_mech.mechanism,
mech1->rsa_modbits)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "Token in slot %ld cannot be "
"used with modbits.='%ld'", slot_id,
mech1->rsa_modbits);
goto testcase_cleanup;
}
if (is_ep11_token(slot_id)) {
if (!is_valid_ep11_pubexp(mech1->rsa_publ_exp,
mech1->rsa_publ_exp_len)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "EP11 Token cannot be "
"used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_cca_token(slot_id)) {
if (!is_valid_cca_pubexp(mech1->rsa_publ_exp,
mech1->rsa_publ_exp_len)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "CCA Token cannot be "
"used with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_tpm_token(slot_id) ) {
if (!is_valid_tpm_pubexp(mech1->rsa_publ_exp,
mech1->rsa_publ_exp_len) ||
!is_valid_tpm_modbits(mech1->rsa_modbits)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "TPM Token cannot be used "
"with publ_exp.='%s'", s);
goto testcase_cleanup;
}
}
if (is_icsf_token(slot_id)) {
if (!is_valid_icsf_pubexp(mech1->rsa_publ_exp,
mech1->rsa_publ_exp_len) ||
mech1->rsa_modbits < 1024) {
testsuite_skip(NUM_REENCRYPT_TESTS, "ICSF Token cannot be "
"used with publ_exp='%s'.", s);
goto testcase_cleanup;
}
}
rc = generate_RSA_PKCS_KeyPair(session, mech1->rsa_modbits,
mech1->rsa_publ_exp,
mech1->rsa_publ_exp_len,
&publ_key1, &priv_key1);
break;
case CKM_AES_KEY_GEN:
rc = generate_AESKey(session, mech1->sym_keylen,
&mech1->key_gen_mech, &sym_key1);
break;
case CKM_DES3_KEY_GEN:
case CKM_DES2_KEY_GEN:
case CKM_DES_KEY_GEN:
rc = funcs->C_GenerateKey(session, &mech1->key_gen_mech,
NULL, 0, &sym_key1);
break;
default:
testcase_error("Testcase does not support %s (%u)",
mech_to_str(mech1->key_gen_mech.mechanism),
(unsigned int)mech1->key_gen_mech.mechanism);
goto testcase_cleanup;
}
if (rc != CKR_OK) {
testcase_error("generate key-1 with mech %s (%u) in slot %lu "
"failed, rc=%s",
mech_to_str(mech1->key_gen_mech.mechanism),
(unsigned int)mech1->key_gen_mech.mechanism,
slot_id, p11_get_ckr(rc));
goto testcase_cleanup;
}
rc = funcs->C_EncryptInit(session, &mech1->mech,
sym_key1 != CK_INVALID_HANDLE ? sym_key1 :
publ_key1);
if (rc != CKR_OK) {
oaep = (CK_RSA_PKCS_OAEP_PARAMS *)mech1->mech.pParameter;
if (rc == CKR_MECHANISM_PARAM_INVALID &&
mech1->mech.mechanism == CKM_RSA_PKCS_OAEP &&
is_ep11_token(slot_id) &&
(oaep->hashAlg != CKM_SHA_1 || oaep->mgf != CKG_MGF1_SHA1)) {
testsuite_skip(NUM_REENCRYPT_TESTS, "EP11 Token does not support "
"RSA OAEP with hash and/or MGF other than SHA-1");
goto testcase_cleanup;
}
testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
goto testcase_cleanup;
}
encrypted_data1_len = sizeof(encrypted_data1);
rc = funcs->C_Encrypt(session, clear_data, mech1->clear_data_len,
encrypted_data1, &encrypted_data1_len);
if (rc != CKR_OK) {
testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
goto testcase_cleanup;
}
for (i = 0; i < NUM_REENCRYPT_TESTS; i++) {
rc = do_reencrypt(mech1, &reencrypt_tests[i]);
if (rc != CKR_OK)
break;
}
testcase_cleanup:
if (sym_key1 != CK_INVALID_HANDLE) {
loc_rc = funcs->C_DestroyObject(session, sym_key1);
if (loc_rc != CKR_OK)
testcase_error("C_DestroyObject(), rc=%s.", p11_get_ckr(loc_rc));
}
sym_key1 = CK_INVALID_HANDLE;
if (publ_key1 != CK_INVALID_HANDLE) {
loc_rc = funcs->C_DestroyObject(session, publ_key1);
if (loc_rc != CKR_OK)
testcase_error("C_DestroyObject(), rc=%s.", p11_get_ckr(loc_rc));
}
publ_key1 = CK_INVALID_HANDLE;
if (priv_key1 != CK_INVALID_HANDLE) {
loc_rc = funcs->C_DestroyObject(session, priv_key1);
if (loc_rc != CKR_OK)
testcase_error("C_DestroyObject(), rc=%s.", p11_get_ckr(loc_rc));
}
priv_key1 = CK_INVALID_HANDLE;
if (s != NULL)
free(s);
return rc;
}
CK_RV do_reencrypt_tests()
{
CK_ULONG i;
CK_RV rc;
for (i = 0; i < sizeof(clear_data); i++)
clear_data[i] = (CK_BYTE)i;
for (i = 0; i < NUM_REENCRYPT_TESTS; i++) {
rc = do_encrypt_reencrypt(&reencrypt_tests[i]);
if (rc != CKR_OK)
break;
}
return CKR_OK;
}
int main(int argc, char **argv)
{
CK_C_INITIALIZE_ARGS cinit_args;
int i, ret = 1;
CK_RV rv;
CK_FLAGS flags;
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-slot") == 0) {
++i;
slot_id = atoi(argv[i]);
}
if (strcmp(argv[i], "-h") == 0) {
printf("usage: %s [-slot <num>] [-h]\n\n", argv[0]);
printf("By default, Slot #1 is used\n\n");
return -1;
}
}
if (get_user_pin(user_pin))
return CKR_FUNCTION_FAILED;
user_pin_len = (CK_ULONG) strlen((char *) user_pin);
printf("Using slot #%lu...\n\n", slot_id);
rv = do_GetFunctionList();
if (rv != TRUE) {
testcase_fail("do_GetFunctionList() rc = %s", p11_get_ckr(rv));
goto out;
}
*(void **)(&_C_IBM_ReencryptSingle) =
dlsym(pkcs11lib, "C_IBM_ReencryptSingle");
if (_C_IBM_ReencryptSingle == NULL) {
testcase_skip("C_IBM_ReencryptSingle not supported");
goto out;
}
testcase_setup(0);
testcase_begin("Starting...");
// Initialize
memset(&cinit_args, 0x0, sizeof(cinit_args));
cinit_args.flags = CKF_OS_LOCKING_OK;
if ((rv = funcs->C_Initialize(&cinit_args))) {
testcase_fail("C_Initialize rc = %s", p11_get_ckr(rv));
goto out;
}
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
rv = funcs->C_OpenSession(slot_id, flags, NULL, NULL, &session);
if (rv != CKR_OK) {
testcase_fail("C_OpenSession rc = %s", p11_get_ckr(rv));
goto finalize;
}
rv = funcs->C_Login(session, CKU_USER, user_pin, user_pin_len);
if (rv != CKR_OK) {
testcase_fail("C_Login rc = %s", p11_get_ckr(rv));
goto close_session;
}
rv = do_reencrypt_tests();
if (rv != CKR_OK)
goto close_session;
rv = funcs->C_CloseSession(session);
if (rv != CKR_OK) {
testcase_fail("C_CloseSession rc = %s", p11_get_ckr(rv));
goto finalize;
}
rv = funcs->C_Finalize(NULL);
if (rv != CKR_OK) {
testcase_fail("C_Finalize rc = %s", p11_get_ckr(rv));
goto out;
}
ret = 0;
goto out;
close_session:
rv = funcs->C_CloseSession(session);
if (rv != CKR_OK) {
testcase_fail("C_CloseSession rc = %s", p11_get_ckr(rv));
ret = 1;
}
finalize:
rv = funcs->C_Finalize(NULL);
if (rv != CKR_OK) {
testcase_fail("C_Finalize rc = %s", p11_get_ckr(rv));
ret = 1;
}
out:
testcase_print_result();
return ret;
}