File: | s/cmd/pk11mode/pk11mode.c |
Warning: | line 3645, column 13 Potential leak of memory pointed to by 'pTemplate' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* | |||
2 | * pk11mode.c - Test FIPS or NONFIPS Modes for the NSS PKCS11 api. | |||
3 | * The goal of this program is to test every function | |||
4 | * entry point of the PKCS11 api at least once. | |||
5 | * To test in FIPS mode: pk11mode | |||
6 | * To test in NONFIPS mode: pk11mode -n | |||
7 | * usage: pk11mode -h | |||
8 | * | |||
9 | * This Source Code Form is subject to the terms of the Mozilla Public | |||
10 | * License, v. 2.0. If a copy of the MPL was not distributed with this | |||
11 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |||
12 | ||||
13 | #include <assert.h> | |||
14 | #include <stdio.h> | |||
15 | #include <stdlib.h> | |||
16 | #include <string.h> | |||
17 | #include <stdarg.h> | |||
18 | ||||
19 | #if defined(XP_UNIX1) && defined(DO_FORK_CHECK) | |||
20 | #include <unistd.h> | |||
21 | #include <sys/wait.h> | |||
22 | #else | |||
23 | #ifndef NO_FORK_CHECK | |||
24 | #define NO_FORK_CHECK | |||
25 | #endif | |||
26 | #endif | |||
27 | ||||
28 | #ifdef _WIN32 | |||
29 | #include <windows.h> | |||
30 | #define LIB_NAME "softokn3.dll" | |||
31 | #endif | |||
32 | #include "prlink.h" | |||
33 | #include "prprf.h" | |||
34 | #include "plgetopt.h" | |||
35 | #include "prenv.h" | |||
36 | ||||
37 | #include "pk11table.h" | |||
38 | ||||
39 | #define NUM_ELEM(array)(sizeof(array) / sizeof(array[0])) (sizeof(array) / sizeof(array[0])) | |||
40 | ||||
41 | #ifndef NULL_PTR0 | |||
42 | #define NULL_PTR0 0 | |||
43 | #endif | |||
44 | ||||
45 | /* Returns constant error string for "CRV". | |||
46 | * Returns "unknown error" if errNum is unknown. | |||
47 | */ | |||
48 | const char * | |||
49 | PKM_CK_RVtoStr(CK_RV errNum) | |||
50 | { | |||
51 | const char *err; | |||
52 | ||||
53 | err = getName(errNum, ConstResult); | |||
54 | ||||
55 | if (err) | |||
56 | return err; | |||
57 | ||||
58 | return "unknown error"; | |||
59 | } | |||
60 | ||||
61 | #include "pkcs11p.h" | |||
62 | ||||
63 | typedef struct CK_C_INITIALIZE_ARGS_NSS { | |||
64 | CK_CREATEMUTEX CreateMutex; | |||
65 | CK_DESTROYMUTEX DestroyMutex; | |||
66 | CK_LOCKMUTEX LockMutex; | |||
67 | CK_UNLOCKMUTEX UnlockMutex; | |||
68 | CK_FLAGS flags; | |||
69 | /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but | |||
70 | * a reserved field. NSS needs a way to pass instance-specific information | |||
71 | * to the library (like where to find its config files, etc). This | |||
72 | * information is usually provided by the installer and passed uninterpreted | |||
73 | * by NSS to the library, though NSS does know the specifics of the softoken | |||
74 | * version of this parameter. Most compliant PKCS#11 modules expect this | |||
75 | * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from | |||
76 | * C_Initialize if Library parameters is supplied. */ | |||
77 | CK_CHAR_PTR *LibraryParameters; | |||
78 | /* This field is only present if the LibraryParameters is not NULL. It must | |||
79 | * be NULL in all cases */ | |||
80 | CK_VOID_PTR pReserved; | |||
81 | } CK_C_INITIALIZE_ARGS_NSS; | |||
82 | ||||
83 | #include "pkcs11u.h" | |||
84 | ||||
85 | #define MAX_SIG_SZ128 128 | |||
86 | #define MAX_CIPHER_SZ128 128 | |||
87 | #define MAX_DATA_SZ64 64 | |||
88 | #define MAX_DIGEST_SZ64 64 | |||
89 | #define HMAC_MAX_LENGTH64 64 | |||
90 | #define FIPSMODE0 0 | |||
91 | #define NONFIPSMODE1 1 | |||
92 | #define HYBRIDMODE2 2 | |||
93 | #define NOMODE3 3 | |||
94 | int MODE = FIPSMODE0; | |||
95 | ||||
96 | CK_BBOOL true = CK_TRUE1; | |||
97 | CK_BBOOL false = CK_FALSE0; | |||
98 | static const CK_BYTE PLAINTEXT[] = { "Firefox Rules!" }; | |||
99 | static const CK_BYTE PLAINTEXT_PAD[] = { "Firefox and thunderbird rule the world!" }; | |||
100 | CK_ULONG NUMTESTS = 0; | |||
101 | ||||
102 | static const char *slotFlagName[] = { | |||
103 | "CKF_TOKEN_PRESENT", | |||
104 | "CKF_REMOVABLE_DEVICE", | |||
105 | "CKF_HW_SLOT", | |||
106 | "unknown token flag 0x00000008", | |||
107 | "unknown token flag 0x00000010", | |||
108 | "unknown token flag 0x00000020", | |||
109 | "unknown token flag 0x00000040", | |||
110 | "unknown token flag 0x00000080", | |||
111 | "unknown token flag 0x00000100", | |||
112 | "unknown token flag 0x00000200", | |||
113 | "unknown token flag 0x00000400", | |||
114 | "unknown token flag 0x00000800", | |||
115 | "unknown token flag 0x00001000", | |||
116 | "unknown token flag 0x00002000", | |||
117 | "unknown token flag 0x00004000", | |||
118 | "unknown token flag 0x00008000" | |||
119 | "unknown token flag 0x00010000", | |||
120 | "unknown token flag 0x00020000", | |||
121 | "unknown token flag 0x00040000", | |||
122 | "unknown token flag 0x00080000", | |||
123 | "unknown token flag 0x00100000", | |||
124 | "unknown token flag 0x00200000", | |||
125 | "unknown token flag 0x00400000", | |||
126 | "unknown token flag 0x00800000" | |||
127 | "unknown token flag 0x01000000", | |||
128 | "unknown token flag 0x02000000", | |||
129 | "unknown token flag 0x04000000", | |||
130 | "unknown token flag 0x08000000", | |||
131 | "unknown token flag 0x10000000", | |||
132 | "unknown token flag 0x20000000", | |||
133 | "unknown token flag 0x40000000", | |||
134 | "unknown token flag 0x80000000" | |||
135 | }; | |||
136 | ||||
137 | static const char *tokenFlagName[] = { | |||
138 | "CKF_PKM_RNG", | |||
139 | "CKF_WRITE_PROTECTED", | |||
140 | "CKF_LOGIN_REQUIRED", | |||
141 | "CKF_USER_PIN_INITIALIZED", | |||
142 | "unknown token flag 0x00000010", | |||
143 | "CKF_RESTORE_KEY_NOT_NEEDED", | |||
144 | "CKF_CLOCK_ON_TOKEN", | |||
145 | "unknown token flag 0x00000080", | |||
146 | "CKF_PROTECTED_AUTHENTICATION_PATH", | |||
147 | "CKF_DUAL_CRYPTO_OPERATIONS", | |||
148 | "CKF_TOKEN_INITIALIZED", | |||
149 | "CKF_SECONDARY_AUTHENTICATION", | |||
150 | "unknown token flag 0x00001000", | |||
151 | "unknown token flag 0x00002000", | |||
152 | "unknown token flag 0x00004000", | |||
153 | "unknown token flag 0x00008000", | |||
154 | "CKF_USER_PIN_COUNT_LOW", | |||
155 | "CKF_USER_PIN_FINAL_TRY", | |||
156 | "CKF_USER_PIN_LOCKED", | |||
157 | "CKF_USER_PIN_TO_BE_CHANGED", | |||
158 | "CKF_SO_PIN_COUNT_LOW", | |||
159 | "CKF_SO_PIN_FINAL_TRY", | |||
160 | "CKF_SO_PIN_LOCKED", | |||
161 | "CKF_SO_PIN_TO_BE_CHANGED", | |||
162 | "unknown token flag 0x01000000", | |||
163 | "unknown token flag 0x02000000", | |||
164 | "unknown token flag 0x04000000", | |||
165 | "unknown token flag 0x08000000", | |||
166 | "unknown token flag 0x10000000", | |||
167 | "unknown token flag 0x20000000", | |||
168 | "unknown token flag 0x40000000", | |||
169 | "unknown token flag 0x80000000" | |||
170 | }; | |||
171 | ||||
172 | static const unsigned char TLSClientRandom[] = { | |||
173 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |||
174 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |||
175 | 0x0d, 0x90, 0xbb, 0x5e, 0xc6, 0xe1, 0x3f, 0x71, | |||
176 | 0x0a, 0xa2, 0x70, 0x5a, 0x4f, 0xbc, 0x3f, 0x0d | |||
177 | }; | |||
178 | static const unsigned char TLSServerRandom[] = { | |||
179 | 0x00, 0x00, 0x1d, 0x4a, 0x7a, 0x0a, 0xa5, 0x01, | |||
180 | 0x8e, 0x79, 0x72, 0xde, 0x9e, 0x2f, 0x8a, 0x0d, | |||
181 | 0xed, 0xb2, 0x5d, 0xf1, 0x14, 0xc2, 0xc6, 0x66, | |||
182 | 0x95, 0x86, 0xb0, 0x0d, 0x87, 0x2a, 0x2a, 0xc9 | |||
183 | }; | |||
184 | ||||
185 | typedef enum { | |||
186 | CORRECT, | |||
187 | BOGUS_CLIENT_RANDOM, | |||
188 | BOGUS_CLIENT_RANDOM_LEN, | |||
189 | BOGUS_SERVER_RANDOM, | |||
190 | BOGUS_SERVER_RANDOM_LEN | |||
191 | } enum_random_t; | |||
192 | ||||
193 | void | |||
194 | dumpToHash64(const unsigned char *buf, unsigned int bufLen) | |||
195 | { | |||
196 | unsigned int i; | |||
197 | for (i = 0; i < bufLen; i += 8) { | |||
198 | if (i % 32 == 0) | |||
199 | printf("\n"); | |||
200 | printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,", | |||
201 | buf[i], buf[i + 1], buf[i + 2], buf[i + 3], | |||
202 | buf[i + 4], buf[i + 5], buf[i + 6], buf[i + 7]); | |||
203 | } | |||
204 | printf("\n"); | |||
205 | } | |||
206 | ||||
207 | #ifdef _WIN32 | |||
208 | HMODULE hModule; | |||
209 | #else | |||
210 | PRLibrary *lib; | |||
211 | #endif | |||
212 | ||||
213 | /* | |||
214 | * All api that belongs to pk11mode.c layer start with the prefix PKM_ | |||
215 | */ | |||
216 | void PKM_LogIt(const char *fmt, ...); | |||
217 | void PKM_Error(const char *fmt, ...); | |||
218 | CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList, | |||
219 | CK_ULONG slotID); | |||
220 | CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID); | |||
221 | CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList, | |||
222 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
223 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
224 | CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, | |||
225 | CK_SLOT_ID *pSlotList, CK_ULONG slotID); | |||
226 | CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, | |||
227 | CK_ULONG slotID); | |||
228 | CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList, | |||
229 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
230 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
231 | CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, | |||
232 | CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
233 | CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, | |||
234 | CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
235 | CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, | |||
236 | CK_C_INITIALIZE_ARGS_NSS *initArgs); | |||
237 | CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, | |||
238 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
239 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
240 | CK_RV PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList, | |||
241 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
242 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
243 | CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList, | |||
244 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
245 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
246 | CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList, | |||
247 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
248 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
249 | CK_RV PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList, | |||
250 | CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj, | |||
251 | CK_ATTRIBUTE_PTR expected_attrs, | |||
252 | CK_ULONG expected_attrs_count); | |||
253 | CK_RV PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, | |||
254 | CK_SESSION_HANDLE hSession, CK_MECHANISM_TYPE mechType, | |||
255 | CK_FLAGS flags, CK_BBOOL check_sizes, | |||
256 | CK_ULONG minkeysize, CK_ULONG maxkeysize); | |||
257 | CK_RV PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList, | |||
258 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
259 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, | |||
260 | CK_MECHANISM_TYPE mechType, enum_random_t rnd); | |||
261 | CK_RV PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList, | |||
262 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
263 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, | |||
264 | CK_MECHANISM_TYPE mechType, | |||
265 | enum_random_t rnd); | |||
266 | CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList, | |||
267 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
268 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); | |||
269 | CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList, | |||
270 | CK_SESSION_HANDLE hRwSession, | |||
271 | CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey, | |||
272 | CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey, | |||
273 | CK_MECHANISM *cryptMech, | |||
274 | const CK_BYTE *pData, CK_ULONG pDataLen); | |||
275 | CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList, | |||
276 | CK_SESSION_HANDLE hSession, | |||
277 | CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech, | |||
278 | CK_OBJECT_HANDLE hSecKeyDigest, | |||
279 | CK_MECHANISM *digestMech, | |||
280 | const CK_BYTE *pData, CK_ULONG pDataLen); | |||
281 | CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList, | |||
282 | CK_SESSION_HANDLE hRwSession, | |||
283 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, | |||
284 | CK_MECHANISM *signMech, const CK_BYTE *pData, | |||
285 | CK_ULONG dataLen); | |||
286 | CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList, | |||
287 | CK_SESSION_HANDLE hSession, | |||
288 | CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech, | |||
289 | const CK_BYTE *pData, CK_ULONG dataLen); | |||
290 | CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, | |||
291 | CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech, | |||
292 | const CK_BYTE *pData, CK_ULONG pDataLen); | |||
293 | CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList, | |||
294 | CK_SESSION_HANDLE hRwSession, | |||
295 | CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey, | |||
296 | const CK_BYTE *pData, CK_ULONG pDataLen); | |||
297 | CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList, | |||
298 | CK_SESSION_HANDLE hSession, | |||
299 | CK_OBJECT_HANDLE hPublicKey, | |||
300 | CK_OBJECT_HANDLE hPrivateKey, | |||
301 | CK_MECHANISM *wrapMechanism, | |||
302 | CK_OBJECT_HANDLE hSecretKey, | |||
303 | CK_ATTRIBUTE *sKeyTemplate, | |||
304 | CK_ULONG skeyTempSize); | |||
305 | CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList, | |||
306 | CK_SESSION_HANDLE hSession, | |||
307 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, | |||
308 | CK_MECHANISM *signMech, const CK_BYTE *pData, | |||
309 | CK_ULONG pDataLen); | |||
310 | CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList, | |||
311 | PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs); | |||
312 | ||||
313 | void PKM_Help(); | |||
314 | void PKM_CheckPath(char *string); | |||
315 | char *PKM_FilePasswd(char *pwFile); | |||
316 | static PRBool verbose = PR_FALSE0; | |||
317 | ||||
318 | int | |||
319 | main(int argc, char **argv) | |||
320 | { | |||
321 | CK_C_GetFunctionList pC_GetFunctionList; | |||
322 | CK_FUNCTION_LIST_PTR pFunctionList; | |||
323 | CK_RV crv = CKR_OK0x00000000UL; | |||
324 | CK_C_INITIALIZE_ARGS_NSS initArgs; | |||
325 | CK_C_INITIALIZE_ARGS_NSS initArgsRerun; /* rerun selftests */ | |||
326 | CK_SLOT_ID *pSlotList = NULL((void*)0); | |||
327 | CK_TOKEN_INFO tokenInfo; | |||
328 | CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */ | |||
329 | ||||
330 | CK_UTF8CHAR *pwd = NULL((void*)0); | |||
331 | CK_ULONG pwdLen = 0; | |||
332 | char *moduleSpec = NULL((void*)0); | |||
333 | char *moduleSpecRerun = NULL((void*)0); | |||
334 | char *configDir = NULL((void*)0); | |||
335 | char *dbPrefix = NULL((void*)0); | |||
336 | char *disableUnload = NULL((void*)0); | |||
337 | PRBool doForkTests = PR_TRUE1; | |||
338 | ||||
339 | PLOptStatus os; | |||
340 | PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:"); | |||
341 | while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) { | |||
342 | if (PL_OPT_BAD == os) | |||
343 | continue; | |||
344 | switch (opt->option) { | |||
345 | case 'F': /* disable fork tests */ | |||
346 | doForkTests = PR_FALSE0; | |||
347 | break; | |||
348 | case 'n': /* non fips mode */ | |||
349 | MODE = NONFIPSMODE1; | |||
350 | slotID = 1; | |||
351 | break; | |||
352 | case 'f': /* password file */ | |||
353 | pwd = (CK_UTF8CHAR *)PKM_FilePasswd((char *)opt->value); | |||
354 | if (!pwd) | |||
355 | PKM_Help(); | |||
356 | break; | |||
357 | case 'd': /* opt_CertDir */ | |||
358 | if (!opt->value) | |||
359 | PKM_Help(); | |||
360 | configDir = strdup(opt->value); | |||
361 | PKM_CheckPath(configDir); | |||
362 | break; | |||
363 | case 'p': /* opt_DBPrefix */ | |||
364 | if (!opt->value) | |||
365 | PKM_Help(); | |||
366 | dbPrefix = strdup(opt->value); | |||
367 | break; | |||
368 | case 'v': | |||
369 | verbose = PR_TRUE1; | |||
370 | break; | |||
371 | case 'h': /* help message */ | |||
372 | default: | |||
373 | PKM_Help(); | |||
374 | break; | |||
375 | } | |||
376 | } | |||
377 | PL_DestroyOptState(opt); | |||
378 | ||||
379 | if (!pwd) { | |||
380 | pwd = (CK_UTF8CHAR *)strdup("1Mozilla"); | |||
381 | } | |||
382 | pwdLen = strlen((const char *)pwd); | |||
383 | if (!configDir) { | |||
384 | configDir = strdup("."); | |||
385 | } | |||
386 | if (!dbPrefix) { | |||
387 | dbPrefix = strdup(""); | |||
388 | } | |||
389 | ||||
390 | if (doForkTests) { | |||
391 | /* first, try to fork without softoken loaded to make sure | |||
392 | * everything is OK */ | |||
393 | crv = PKM_ForkCheck(123, NULL((void*)0), PR_FALSE0, NULL((void*)0)); | |||
394 | if (crv != CKR_OK0x00000000UL) | |||
395 | goto cleanup; | |||
396 | } | |||
397 | ||||
398 | #ifdef _WIN32 | |||
399 | hModule = LoadLibrary(LIB_NAME); | |||
400 | if (hModule == NULL((void*)0)) { | |||
401 | PKM_Error("cannot load %s\n", LIB_NAME); | |||
402 | goto cleanup; | |||
403 | } | |||
404 | if (MODE == FIPSMODE0) { | |||
405 | /* FIPS mode == FC_GetFunctionList */ | |||
406 | pC_GetFunctionList = (CK_C_GetFunctionList) | |||
407 | GetProcAddress(hModule, "FC_GetFunctionList"); | |||
408 | } else { | |||
409 | /* NON FIPS mode == C_GetFunctionList */ | |||
410 | pC_GetFunctionList = (CK_C_GetFunctionList) | |||
411 | GetProcAddress(hModule, "C_GetFunctionList"); | |||
412 | } | |||
413 | if (pC_GetFunctionList == NULL((void*)0)) { | |||
414 | PKM_Error("cannot load %s\n", LIB_NAME); | |||
415 | goto cleanup; | |||
416 | } | |||
417 | #else | |||
418 | { | |||
419 | char *libname = NULL((void*)0); | |||
420 | /* Get the platform-dependent library name of the NSS cryptographic module */ | |||
421 | libname = PR_GetLibraryName(NULL((void*)0), "softokn3"); | |||
422 | assert(libname != NULL)((libname != ((void*)0)) ? (void) (0) : __assert_fail ("libname != NULL" , "pk11mode.c", 422, __extension__ __PRETTY_FUNCTION__)); | |||
423 | lib = PR_LoadLibrary(libname); | |||
424 | assert(lib != NULL)((lib != ((void*)0)) ? (void) (0) : __assert_fail ("lib != NULL" , "pk11mode.c", 424, __extension__ __PRETTY_FUNCTION__)); | |||
425 | PR_FreeLibraryName(libname); | |||
426 | } | |||
427 | if (MODE == FIPSMODE0) { | |||
428 | pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, | |||
429 | "FC_GetFunctionList"); | |||
430 | assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pC_GetFunctionList != NULL", "pk11mode.c", 430, __extension__ __PRETTY_FUNCTION__)); | |||
431 | slotID = 0; | |||
432 | } else { | |||
433 | pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, | |||
434 | "C_GetFunctionList"); | |||
435 | assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pC_GetFunctionList != NULL", "pk11mode.c", 435, __extension__ __PRETTY_FUNCTION__)); | |||
436 | slotID = 1; | |||
437 | } | |||
438 | #endif | |||
439 | ||||
440 | if (MODE == FIPSMODE0) { | |||
441 | printf("Loaded FC_GetFunctionList for FIPS MODE; slotID %d \n", | |||
442 | (int)slotID); | |||
443 | } else { | |||
444 | printf("loaded C_GetFunctionList for NON FIPS MODE; slotID %d \n", | |||
445 | (int)slotID); | |||
446 | } | |||
447 | ||||
448 | crv = (*pC_GetFunctionList)(&pFunctionList); | |||
449 | assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK" , "pk11mode.c", 449, __extension__ __PRETTY_FUNCTION__)); | |||
450 | ||||
451 | if (doForkTests) { | |||
452 | /* now, try to fork with softoken loaded, but not initialized */ | |||
453 | crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED0x00000190UL, pFunctionList, | |||
454 | PR_TRUE1, NULL((void*)0)); | |||
455 | if (crv != CKR_OK0x00000000UL) | |||
456 | goto cleanup; | |||
457 | } | |||
458 | ||||
459 | initArgs.CreateMutex = NULL((void*)0); | |||
460 | initArgs.DestroyMutex = NULL((void*)0); | |||
461 | initArgs.LockMutex = NULL((void*)0); | |||
462 | initArgs.UnlockMutex = NULL((void*)0); | |||
463 | initArgs.flags = CKF_OS_LOCKING_OK0x00000002UL; | |||
464 | moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' " | |||
465 | "keyPrefix='%s' secmod='secmod.db' flags= ", | |||
466 | configDir, dbPrefix, dbPrefix); | |||
467 | moduleSpecRerun = PR_smprintf("configdir='%s' certPrefix='%s' " | |||
468 | "keyPrefix='%s' secmod='secmod.db' flags=forcePOST ", | |||
469 | configDir, dbPrefix, dbPrefix); | |||
470 | initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec; | |||
471 | initArgs.pReserved = NULL((void*)0); | |||
472 | initArgsRerun = initArgs; | |||
473 | initArgsRerun.LibraryParameters = (CK_CHAR_PTR *)moduleSpecRerun; | |||
474 | ||||
475 | /*DebugBreak();*/ | |||
476 | /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */ | |||
477 | /* NSS cryptographic module library initialization for the FIPS */ | |||
478 | /* Approved mode when FC_Initialize is envoked will perfom */ | |||
479 | /* software integrity test, and power-up self-tests before */ | |||
480 | /* FC_Initialize returns */ | |||
481 | crv = pFunctionList->C_Initialize(&initArgs); | |||
482 | if (crv == CKR_OK0x00000000UL) { | |||
483 | PKM_LogIt("C_Initialize succeeded\n"); | |||
484 | } else { | |||
485 | PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv, | |||
486 | PKM_CK_RVtoStr(crv)); | |||
487 | goto cleanup; | |||
488 | } | |||
489 | ||||
490 | if (doForkTests) { | |||
491 | /* Disable core on fork for this test, since we are testing the | |||
492 | * pathological case, and if enabled, the child process would dump | |||
493 | * core in C_GetTokenInfo . | |||
494 | * We can still differentiate the correct from incorrect behavior | |||
495 | * by the PKCS#11 return code. | |||
496 | */ | |||
497 | /* try to fork with softoken both loaded and initialized */ | |||
498 | crv = PKM_ForkCheck(CKR_DEVICE_ERROR0x00000030UL, pFunctionList, PR_FALSE0, NULL((void*)0)); | |||
499 | if (crv != CKR_OK0x00000000UL) | |||
500 | goto cleanup; | |||
501 | } | |||
502 | ||||
503 | if (doForkTests) { | |||
504 | /* In this next test, we fork and try to re-initialize softoken in | |||
505 | * the child. This should now work because softoken has the ability | |||
506 | * to hard reset. | |||
507 | */ | |||
508 | /* try to fork with softoken both loaded and initialized */ | |||
509 | crv = PKM_ForkCheck(CKR_OK0x00000000UL, pFunctionList, PR_TRUE1, &initArgs); | |||
510 | if (crv != CKR_OK0x00000000UL) | |||
511 | goto cleanup; | |||
512 | } | |||
513 | ||||
514 | crv = PKM_ShowInfo(pFunctionList, slotID); | |||
515 | if (crv == CKR_OK0x00000000UL) { | |||
516 | PKM_LogIt("PKM_ShowInfo succeeded\n"); | |||
517 | } else { | |||
518 | PKM_Error("PKM_ShowInfo failed with 0x%08X, %-26s\n", crv, | |||
519 | PKM_CK_RVtoStr(crv)); | |||
520 | goto cleanup; | |||
521 | } | |||
522 | pSlotList = PKM_GetSlotList(pFunctionList, slotID); | |||
523 | if (pSlotList == NULL((void*)0)) { | |||
524 | PKM_Error("PKM_GetSlotList failed with \n"); | |||
525 | goto cleanup; | |||
526 | } | |||
527 | crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo); | |||
528 | if (crv == CKR_OK0x00000000UL) { | |||
529 | PKM_LogIt("C_GetTokenInfo succeeded\n\n"); | |||
530 | } else { | |||
531 | PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv, | |||
532 | PKM_CK_RVtoStr(crv)); | |||
533 | goto cleanup; | |||
534 | } | |||
535 | ||||
536 | if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED0x00000008UL)) { | |||
537 | PKM_LogIt("Initing PW for DB\n"); | |||
538 | crv = PKM_InitPWforDB(pFunctionList, pSlotList, slotID, | |||
539 | pwd, pwdLen); | |||
540 | if (crv == CKR_OK0x00000000UL) { | |||
541 | PKM_LogIt("PKM_InitPWforDB succeeded\n\n"); | |||
542 | } else { | |||
543 | PKM_Error("PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv, | |||
544 | PKM_CK_RVtoStr(crv)); | |||
545 | goto cleanup; | |||
546 | } | |||
547 | } else { | |||
548 | PKM_LogIt("using existing DB\n"); | |||
549 | } | |||
550 | ||||
551 | /* general mechanism by token */ | |||
552 | crv = PKM_Mechanism(pFunctionList, pSlotList, slotID); | |||
553 | if (crv == CKR_OK0x00000000UL) { | |||
554 | PKM_LogIt("PKM_Mechanism succeeded\n\n"); | |||
555 | } else { | |||
556 | PKM_Error("PKM_Mechanism failed with 0x%08X, %-26s\n", crv, | |||
557 | PKM_CK_RVtoStr(crv)); | |||
558 | goto cleanup; | |||
559 | } | |||
560 | /* RNG example without Login */ | |||
561 | crv = PKM_RNG(pFunctionList, pSlotList, slotID); | |||
562 | if (crv == CKR_OK0x00000000UL) { | |||
563 | PKM_LogIt("PKM_RNG succeeded\n\n"); | |||
564 | } else { | |||
565 | PKM_Error("PKM_RNG failed with 0x%08X, %-26s\n", crv, | |||
566 | PKM_CK_RVtoStr(crv)); | |||
567 | goto cleanup; | |||
568 | } | |||
569 | ||||
570 | crv = PKM_SessionLogin(pFunctionList, pSlotList, slotID, | |||
571 | pwd, pwdLen); | |||
572 | if (crv == CKR_OK0x00000000UL) { | |||
573 | PKM_LogIt("PKM_SessionLogin succeeded\n\n"); | |||
574 | } else { | |||
575 | PKM_Error("PKM_SessionLogin failed with 0x%08X, %-26s\n", crv, | |||
576 | PKM_CK_RVtoStr(crv)); | |||
577 | goto cleanup; | |||
578 | } | |||
579 | ||||
580 | /* | |||
581 | * PKM_KeyTest creates RSA,DSA public keys | |||
582 | * and AES, DES3 secret keys. | |||
583 | * then does digest, hmac, encrypt/decrypt, signing operations. | |||
584 | */ | |||
585 | crv = PKM_KeyTests(pFunctionList, pSlotList, slotID, | |||
586 | pwd, pwdLen); | |||
587 | if (crv == CKR_OK0x00000000UL) { | |||
588 | PKM_LogIt("PKM_KeyTests succeeded\n\n"); | |||
589 | } else { | |||
590 | PKM_Error("PKM_KeyTest failed with 0x%08X, %-26s\n", crv, | |||
591 | PKM_CK_RVtoStr(crv)); | |||
592 | goto cleanup; | |||
593 | } | |||
594 | ||||
595 | crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd, | |||
596 | pwdLen); | |||
597 | if (crv == CKR_OK0x00000000UL) { | |||
598 | PKM_LogIt("PKM_SecretKey succeeded\n\n"); | |||
599 | } else { | |||
600 | PKM_Error("PKM_SecretKey failed with 0x%08X, %-26s\n", crv, | |||
601 | PKM_CK_RVtoStr(crv)); | |||
602 | goto cleanup; | |||
603 | } | |||
604 | ||||
605 | crv = PKM_PublicKey(pFunctionList, pSlotList, slotID, | |||
606 | pwd, pwdLen); | |||
607 | if (crv == CKR_OK0x00000000UL) { | |||
608 | PKM_LogIt("PKM_PublicKey succeeded\n\n"); | |||
609 | } else { | |||
610 | PKM_Error("PKM_PublicKey failed with 0x%08X, %-26s\n", crv, | |||
611 | PKM_CK_RVtoStr(crv)); | |||
612 | goto cleanup; | |||
613 | } | |||
614 | crv = PKM_OperationalState(pFunctionList, pSlotList, slotID, | |||
615 | pwd, pwdLen); | |||
616 | if (crv == CKR_OK0x00000000UL) { | |||
617 | PKM_LogIt("PKM_OperationalState succeeded\n\n"); | |||
618 | } else { | |||
619 | PKM_Error("PKM_OperationalState failed with 0x%08X, %-26s\n", crv, | |||
620 | PKM_CK_RVtoStr(crv)); | |||
621 | goto cleanup; | |||
622 | } | |||
623 | crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID, | |||
624 | pwd, pwdLen); | |||
625 | if (crv == CKR_OK0x00000000UL) { | |||
626 | PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n"); | |||
627 | } else { | |||
628 | PKM_Error("PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv, | |||
629 | PKM_CK_RVtoStr(crv)); | |||
630 | goto cleanup; | |||
631 | } | |||
632 | crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID, | |||
633 | pwd, pwdLen); | |||
634 | if (crv == CKR_OK0x00000000UL) { | |||
635 | PKM_LogIt("PKM_LegacyFunctions succeeded\n\n"); | |||
636 | } else { | |||
637 | PKM_Error("PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv, | |||
638 | PKM_CK_RVtoStr(crv)); | |||
639 | goto cleanup; | |||
640 | } | |||
641 | crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID, | |||
642 | pwd, pwdLen, | |||
643 | CKM_TLS_KEY_AND_MAC_DERIVE0x00000376UL, CORRECT); | |||
644 | ||||
645 | if (crv == CKR_OK0x00000000UL) { | |||
646 | PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n"); | |||
647 | } else { | |||
648 | PKM_Error("PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv, | |||
649 | PKM_CK_RVtoStr(crv)); | |||
650 | goto cleanup; | |||
651 | } | |||
652 | crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID, | |||
653 | pwd, pwdLen, | |||
654 | CKM_TLS_MASTER_KEY_DERIVE0x00000375UL, | |||
655 | CORRECT); | |||
656 | if (crv == CKR_OK0x00000000UL) { | |||
657 | PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n"); | |||
658 | } else { | |||
659 | PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv, | |||
660 | PKM_CK_RVtoStr(crv)); | |||
661 | goto cleanup; | |||
662 | } | |||
663 | crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID, | |||
664 | pwd, pwdLen, | |||
665 | CKM_TLS_MASTER_KEY_DERIVE_DH0x00000377UL, | |||
666 | CORRECT); | |||
667 | if (crv == CKR_OK0x00000000UL) { | |||
668 | PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n"); | |||
669 | } else { | |||
670 | PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv, | |||
671 | PKM_CK_RVtoStr(crv)); | |||
672 | goto cleanup; | |||
673 | } | |||
674 | crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID, | |||
675 | pwd, pwdLen); | |||
676 | if (crv == CKR_OK0x00000000UL) { | |||
677 | PKM_LogIt("PKM_FindAllObjects succeeded\n\n"); | |||
678 | } else { | |||
679 | PKM_Error("PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv, | |||
680 | PKM_CK_RVtoStr(crv)); | |||
681 | goto cleanup; | |||
682 | } | |||
683 | crv = pFunctionList->C_Finalize(NULL((void*)0)); | |||
684 | if (crv == CKR_OK0x00000000UL) { | |||
685 | PKM_LogIt("C_Finalize succeeded\n"); | |||
686 | } else { | |||
687 | PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv, | |||
688 | PKM_CK_RVtoStr(crv)); | |||
689 | goto cleanup; | |||
690 | } | |||
691 | ||||
692 | if (doForkTests) { | |||
693 | /* try to fork with softoken still loaded, but de-initialized */ | |||
694 | crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED0x00000190UL, pFunctionList, | |||
695 | PR_TRUE1, NULL((void*)0)); | |||
696 | if (crv != CKR_OK0x00000000UL) | |||
697 | goto cleanup; | |||
698 | } | |||
699 | ||||
700 | free(pSlotList); | |||
701 | ||||
702 | /* demonstrate how an application can be in Hybrid mode */ | |||
703 | /* PKM_HybridMode shows how to switch between NONFIPS */ | |||
704 | /* mode to FIPS mode */ | |||
705 | ||||
706 | PKM_LogIt("Testing Hybrid mode \n"); | |||
707 | crv = PKM_HybridMode(pwd, pwdLen, &initArgs); | |||
708 | if (crv == CKR_OK0x00000000UL) { | |||
709 | PKM_LogIt("PKM_HybridMode succeeded\n"); | |||
710 | } else { | |||
711 | PKM_Error("PKM_HybridMode failed with 0x%08X, %-26s\n", crv, | |||
712 | PKM_CK_RVtoStr(crv)); | |||
713 | goto cleanup; | |||
714 | } | |||
715 | ||||
716 | if (doForkTests) { | |||
717 | /* testing one more C_Initialize / C_Finalize to exercise getpid() | |||
718 | * fork check code */ | |||
719 | crv = pFunctionList->C_Initialize(&initArgsRerun); | |||
720 | if (crv == CKR_OK0x00000000UL) { | |||
721 | PKM_LogIt("C_Initialize succeeded\n"); | |||
722 | } else { | |||
723 | PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv, | |||
724 | PKM_CK_RVtoStr(crv)); | |||
725 | goto cleanup; | |||
726 | } | |||
727 | crv = pFunctionList->C_Finalize(NULL((void*)0)); | |||
728 | if (crv == CKR_OK0x00000000UL) { | |||
729 | PKM_LogIt("C_Finalize succeeded\n"); | |||
730 | } else { | |||
731 | PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv, | |||
732 | PKM_CK_RVtoStr(crv)); | |||
733 | goto cleanup; | |||
734 | } | |||
735 | /* try to C_Initialize / C_Finalize in child. This should succeed */ | |||
736 | crv = PKM_ForkCheck(CKR_OK0x00000000UL, pFunctionList, PR_TRUE1, &initArgs); | |||
737 | } | |||
738 | ||||
739 | PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n"); | |||
740 | ||||
741 | cleanup: | |||
742 | ||||
743 | if (pwd) { | |||
744 | free(pwd); | |||
745 | } | |||
746 | if (configDir) { | |||
747 | free(configDir); | |||
748 | } | |||
749 | if (dbPrefix) { | |||
750 | free(dbPrefix); | |||
751 | } | |||
752 | if (moduleSpec) { | |||
753 | PR_smprintf_free(moduleSpec); | |||
754 | } | |||
755 | if (moduleSpecRerun) { | |||
756 | PR_smprintf_free(moduleSpecRerun); | |||
757 | } | |||
758 | ||||
759 | #ifdef _WIN32 | |||
760 | FreeLibrary(hModule); | |||
761 | #else | |||
762 | disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); | |||
763 | if (!disableUnload) { | |||
764 | PR_UnloadLibrary(lib); | |||
765 | } | |||
766 | #endif | |||
767 | if (CKR_OK0x00000000UL == crv && doForkTests && !disableUnload) { | |||
768 | /* try to fork with softoken both de-initialized and unloaded */ | |||
769 | crv = PKM_ForkCheck(123, NULL((void*)0), PR_TRUE1, NULL((void*)0)); | |||
770 | } | |||
771 | ||||
772 | printf("**** Total number of TESTS ran in %s is %d. ****\n", | |||
773 | ((MODE == FIPSMODE0) ? "FIPS MODE" : "NON FIPS MODE"), (int)NUMTESTS); | |||
774 | if (CKR_OK0x00000000UL == crv) { | |||
775 | printf("**** ALL TESTS PASSED ****\n"); | |||
776 | } | |||
777 | ||||
778 | return crv; | |||
779 | } | |||
780 | ||||
781 | /* | |||
782 | * PKM_KeyTests | |||
783 | * | |||
784 | * | |||
785 | */ | |||
786 | ||||
787 | CK_RV | |||
788 | PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList, | |||
789 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
790 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
791 | { | |||
792 | CK_SESSION_HANDLE hRwSession; | |||
793 | ||||
794 | CK_RV crv = CKR_OK0x00000000UL; | |||
795 | ||||
796 | /*** DSA Key ***/ | |||
797 | CK_MECHANISM dsaParamGenMech; | |||
798 | CK_ULONG primeBits = 1024; | |||
799 | CK_ATTRIBUTE dsaParamGenTemplate[1]; | |||
800 | CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE0; | |||
801 | CK_BYTE DSA_P[128]; | |||
802 | CK_BYTE DSA_Q[20]; | |||
803 | CK_BYTE DSA_G[128]; | |||
804 | CK_MECHANISM dsaKeyPairGenMech; | |||
805 | CK_ATTRIBUTE dsaPubKeyTemplate[5]; | |||
806 | CK_ATTRIBUTE dsaPrivKeyTemplate[5]; | |||
807 | CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE0; | |||
808 | CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE0; | |||
809 | ||||
810 | /**** RSA Key ***/ | |||
811 | CK_KEY_TYPE rsatype = CKK_RSA0x00000000UL; | |||
812 | CK_MECHANISM rsaKeyPairGenMech; | |||
813 | CK_BYTE subject[] = { "RSA Private Key" }; | |||
814 | CK_ULONG modulusBits = 1024; | |||
815 | CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 }; | |||
816 | CK_BYTE id[] = { "RSA123" }; | |||
817 | CK_ATTRIBUTE rsaPubKeyTemplate[9]; | |||
818 | CK_ATTRIBUTE rsaPrivKeyTemplate[11]; | |||
819 | CK_OBJECT_HANDLE hRSApubKey = CK_INVALID_HANDLE0; | |||
820 | CK_OBJECT_HANDLE hRSAprivKey = CK_INVALID_HANDLE0; | |||
821 | ||||
822 | /*** AES Key ***/ | |||
823 | CK_MECHANISM sAESKeyMech = { | |||
824 | CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0 | |||
825 | }; | |||
826 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; | |||
827 | CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL; | |||
828 | CK_UTF8CHAR AESlabel[] = "An AES secret key object"; | |||
829 | CK_ULONG AESvalueLen = 32; | |||
830 | CK_ATTRIBUTE sAESKeyTemplate[9]; | |||
831 | CK_OBJECT_HANDLE hAESSecKey; | |||
832 | ||||
833 | /*** DES3 Key ***/ | |||
834 | CK_KEY_TYPE keyDES3Type = CKK_DES30x00000015UL; | |||
835 | CK_UTF8CHAR DES3label[] = "An Triple DES secret key object"; | |||
836 | CK_ULONG DES3valueLen = 56; | |||
837 | CK_MECHANISM sDES3KeyGenMechanism = { | |||
838 | CKM_DES3_KEY_GEN0x00000131UL, NULL((void*)0), 0 | |||
839 | }; | |||
840 | CK_ATTRIBUTE sDES3KeyTemplate[9]; | |||
841 | CK_OBJECT_HANDLE hDES3SecKey; | |||
842 | ||||
843 | CK_MECHANISM dsaWithSha1Mech = { | |||
844 | CKM_DSA_SHA10x00000012UL, NULL((void*)0), 0 | |||
845 | }; | |||
846 | ||||
847 | CK_BYTE IV[16]; | |||
848 | CK_MECHANISM mech_DES3_CBC; | |||
849 | CK_MECHANISM mech_DES3_CBC_PAD; | |||
850 | CK_MECHANISM mech_AES_CBC_PAD; | |||
851 | CK_MECHANISM mech_AES_CBC; | |||
852 | struct mech_str { | |||
853 | CK_ULONG mechanism; | |||
854 | const char *mechanismStr; | |||
855 | }; | |||
856 | ||||
857 | typedef struct mech_str mech_str; | |||
858 | ||||
859 | mech_str digestMechs[] = { | |||
860 | { CKM_SHA_10x00000220UL, "CKM_SHA_1 " }, | |||
861 | { CKM_SHA2240x00000255UL, "CKM_SHA224" }, | |||
862 | { CKM_SHA2560x00000250UL, "CKM_SHA256" }, | |||
863 | { CKM_SHA3840x00000260UL, "CKM_SHA384" }, | |||
864 | { CKM_SHA5120x00000270UL, "CKM_SHA512" } | |||
865 | }; | |||
866 | mech_str hmacMechs[] = { | |||
867 | { CKM_SHA_1_HMAC0x00000221UL, "CKM_SHA_1_HMAC" }, | |||
868 | { CKM_SHA224_HMAC0x00000256UL, "CKM_SHA224_HMAC" }, | |||
869 | { CKM_SHA256_HMAC0x00000251UL, "CKM_SHA256_HMAC" }, | |||
870 | { CKM_SHA384_HMAC0x00000261UL, "CKM_SHA384_HMAC" }, | |||
871 | { CKM_SHA512_HMAC0x00000271UL, "CKM_SHA512_HMAC" } | |||
872 | }; | |||
873 | mech_str sigRSAMechs[] = { | |||
874 | { CKM_SHA1_RSA_PKCS0x00000006UL, "CKM_SHA1_RSA_PKCS" }, | |||
875 | { CKM_SHA224_RSA_PKCS0x00000046UL, "CKM_SHA224_RSA_PKCS" }, | |||
876 | { CKM_SHA256_RSA_PKCS0x00000040UL, "CKM_SHA256_RSA_PKCS" }, | |||
877 | { CKM_SHA384_RSA_PKCS0x00000041UL, "CKM_SHA384_RSA_PKCS" }, | |||
878 | { CKM_SHA512_RSA_PKCS0x00000042UL, "CKM_SHA512_RSA_PKCS" } | |||
879 | }; | |||
880 | ||||
881 | CK_ULONG digestMechsSZ = NUM_ELEM(digestMechs)(sizeof(digestMechs) / sizeof(digestMechs[0])); | |||
882 | CK_ULONG sigRSAMechsSZ = NUM_ELEM(sigRSAMechs)(sizeof(sigRSAMechs) / sizeof(sigRSAMechs[0])); | |||
883 | CK_ULONG hmacMechsSZ = NUM_ELEM(hmacMechs)(sizeof(hmacMechs) / sizeof(hmacMechs[0])); | |||
884 | CK_MECHANISM mech; | |||
885 | ||||
886 | unsigned int i; | |||
887 | ||||
888 | NUMTESTS++; /* increment NUMTESTS */ | |||
889 | ||||
890 | /* DSA key init */ | |||
891 | dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN0x00002000UL; | |||
892 | dsaParamGenMech.pParameter = NULL_PTR0; | |||
893 | dsaParamGenMech.ulParameterLen = 0; | |||
894 | dsaParamGenTemplate[0].type = CKA_PRIME_BITS0x00000133UL; | |||
895 | dsaParamGenTemplate[0].pValue = &primeBits; | |||
896 | dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits); | |||
897 | dsaPubKeyTemplate[0].type = CKA_PRIME0x00000130UL; | |||
898 | dsaPubKeyTemplate[0].pValue = DSA_P; | |||
899 | dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P); | |||
900 | dsaPubKeyTemplate[1].type = CKA_SUBPRIME0x00000131UL; | |||
901 | dsaPubKeyTemplate[1].pValue = DSA_Q; | |||
902 | dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q); | |||
903 | dsaPubKeyTemplate[2].type = CKA_BASE0x00000132UL; | |||
904 | dsaPubKeyTemplate[2].pValue = DSA_G; | |||
905 | dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G); | |||
906 | dsaPubKeyTemplate[3].type = CKA_TOKEN0x00000001UL; | |||
907 | dsaPubKeyTemplate[3].pValue = &true; | |||
908 | dsaPubKeyTemplate[3].ulValueLen = sizeof(true); | |||
909 | dsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL; | |||
910 | dsaPubKeyTemplate[4].pValue = &true; | |||
911 | dsaPubKeyTemplate[4].ulValueLen = sizeof(true); | |||
912 | dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN0x00000010UL; | |||
913 | dsaKeyPairGenMech.pParameter = NULL_PTR0; | |||
914 | dsaKeyPairGenMech.ulParameterLen = 0; | |||
915 | dsaPrivKeyTemplate[0].type = CKA_TOKEN0x00000001UL; | |||
916 | dsaPrivKeyTemplate[0].pValue = &true; | |||
917 | dsaPrivKeyTemplate[0].ulValueLen = sizeof(true); | |||
918 | dsaPrivKeyTemplate[1].type = CKA_PRIVATE0x00000002UL; | |||
919 | dsaPrivKeyTemplate[1].pValue = &true; | |||
920 | dsaPrivKeyTemplate[1].ulValueLen = sizeof(true); | |||
921 | dsaPrivKeyTemplate[2].type = CKA_SENSITIVE0x00000103UL; | |||
922 | dsaPrivKeyTemplate[2].pValue = &true; | |||
923 | dsaPrivKeyTemplate[2].ulValueLen = sizeof(true); | |||
924 | dsaPrivKeyTemplate[3].type = CKA_SIGN0x00000108UL, | |||
925 | dsaPrivKeyTemplate[3].pValue = &true; | |||
926 | dsaPrivKeyTemplate[3].ulValueLen = sizeof(true); | |||
927 | dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE0x00000162UL; | |||
928 | dsaPrivKeyTemplate[4].pValue = &true; | |||
929 | dsaPrivKeyTemplate[4].ulValueLen = sizeof(true); | |||
930 | ||||
931 | /* RSA key init */ | |||
932 | rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN0x00000000UL; | |||
933 | rsaKeyPairGenMech.pParameter = NULL_PTR0; | |||
934 | rsaKeyPairGenMech.ulParameterLen = 0; | |||
935 | ||||
936 | rsaPubKeyTemplate[0].type = CKA_KEY_TYPE0x00000100UL; | |||
937 | rsaPubKeyTemplate[0].pValue = &rsatype; | |||
938 | rsaPubKeyTemplate[0].ulValueLen = sizeof(rsatype); | |||
939 | rsaPubKeyTemplate[1].type = CKA_PRIVATE0x00000002UL; | |||
940 | rsaPubKeyTemplate[1].pValue = &true; | |||
941 | rsaPubKeyTemplate[1].ulValueLen = sizeof(true); | |||
942 | rsaPubKeyTemplate[2].type = CKA_ENCRYPT0x00000104UL; | |||
943 | rsaPubKeyTemplate[2].pValue = &true; | |||
944 | rsaPubKeyTemplate[2].ulValueLen = sizeof(true); | |||
945 | rsaPubKeyTemplate[3].type = CKA_DECRYPT0x00000105UL; | |||
946 | rsaPubKeyTemplate[3].pValue = &true; | |||
947 | rsaPubKeyTemplate[3].ulValueLen = sizeof(true); | |||
948 | rsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL; | |||
949 | rsaPubKeyTemplate[4].pValue = &true; | |||
950 | rsaPubKeyTemplate[4].ulValueLen = sizeof(true); | |||
951 | rsaPubKeyTemplate[5].type = CKA_SIGN0x00000108UL; | |||
952 | rsaPubKeyTemplate[5].pValue = &true; | |||
953 | rsaPubKeyTemplate[5].ulValueLen = sizeof(true); | |||
954 | rsaPubKeyTemplate[6].type = CKA_WRAP0x00000106UL; | |||
955 | rsaPubKeyTemplate[6].pValue = &true; | |||
956 | rsaPubKeyTemplate[6].ulValueLen = sizeof(true); | |||
957 | rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS0x00000121UL; | |||
958 | rsaPubKeyTemplate[7].pValue = &modulusBits; | |||
959 | rsaPubKeyTemplate[7].ulValueLen = sizeof(modulusBits); | |||
960 | rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT0x00000122UL; | |||
961 | rsaPubKeyTemplate[8].pValue = publicExponent; | |||
962 | rsaPubKeyTemplate[8].ulValueLen = sizeof(publicExponent); | |||
963 | ||||
964 | rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE0x00000100UL; | |||
965 | rsaPrivKeyTemplate[0].pValue = &rsatype; | |||
966 | rsaPrivKeyTemplate[0].ulValueLen = sizeof(rsatype); | |||
967 | rsaPrivKeyTemplate[1].type = CKA_TOKEN0x00000001UL; | |||
968 | rsaPrivKeyTemplate[1].pValue = &true; | |||
969 | rsaPrivKeyTemplate[1].ulValueLen = sizeof(true); | |||
970 | rsaPrivKeyTemplate[2].type = CKA_PRIVATE0x00000002UL; | |||
971 | rsaPrivKeyTemplate[2].pValue = &true; | |||
972 | rsaPrivKeyTemplate[2].ulValueLen = sizeof(true); | |||
973 | rsaPrivKeyTemplate[3].type = CKA_SUBJECT0x00000101UL; | |||
974 | rsaPrivKeyTemplate[3].pValue = subject; | |||
975 | rsaPrivKeyTemplate[3].ulValueLen = sizeof(subject); | |||
976 | rsaPrivKeyTemplate[4].type = CKA_ID0x00000102UL; | |||
977 | rsaPrivKeyTemplate[4].pValue = id; | |||
978 | rsaPrivKeyTemplate[4].ulValueLen = sizeof(id); | |||
979 | rsaPrivKeyTemplate[5].type = CKA_SENSITIVE0x00000103UL; | |||
980 | rsaPrivKeyTemplate[5].pValue = &true; | |||
981 | rsaPrivKeyTemplate[5].ulValueLen = sizeof(true); | |||
982 | rsaPrivKeyTemplate[6].type = CKA_ENCRYPT0x00000104UL; | |||
983 | rsaPrivKeyTemplate[6].pValue = &true; | |||
984 | rsaPrivKeyTemplate[6].ulValueLen = sizeof(true); | |||
985 | rsaPrivKeyTemplate[7].type = CKA_DECRYPT0x00000105UL; | |||
986 | rsaPrivKeyTemplate[7].pValue = &true; | |||
987 | rsaPrivKeyTemplate[7].ulValueLen = sizeof(true); | |||
988 | rsaPrivKeyTemplate[8].type = CKA_VERIFY0x0000010AUL; | |||
989 | rsaPrivKeyTemplate[8].pValue = &true; | |||
990 | rsaPrivKeyTemplate[8].ulValueLen = sizeof(true); | |||
991 | rsaPrivKeyTemplate[9].type = CKA_SIGN0x00000108UL; | |||
992 | rsaPrivKeyTemplate[9].pValue = &true; | |||
993 | rsaPrivKeyTemplate[9].ulValueLen = sizeof(true); | |||
994 | rsaPrivKeyTemplate[10].type = CKA_UNWRAP0x00000107UL; | |||
995 | rsaPrivKeyTemplate[10].pValue = &true; | |||
996 | rsaPrivKeyTemplate[10].ulValueLen = sizeof(true); | |||
997 | ||||
998 | /* AES key template */ | |||
999 | sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL; | |||
1000 | sAESKeyTemplate[0].pValue = &class; | |||
1001 | sAESKeyTemplate[0].ulValueLen = sizeof(class); | |||
1002 | sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; | |||
1003 | sAESKeyTemplate[1].pValue = &keyAESType; | |||
1004 | sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType); | |||
1005 | sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL; | |||
1006 | sAESKeyTemplate[2].pValue = AESlabel; | |||
1007 | sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1; | |||
1008 | sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; | |||
1009 | sAESKeyTemplate[3].pValue = &true; | |||
1010 | sAESKeyTemplate[3].ulValueLen = sizeof(true); | |||
1011 | sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL; | |||
1012 | sAESKeyTemplate[4].pValue = &true; | |||
1013 | sAESKeyTemplate[4].ulValueLen = sizeof(true); | |||
1014 | sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL; | |||
1015 | sAESKeyTemplate[5].pValue = &true; | |||
1016 | sAESKeyTemplate[5].ulValueLen = sizeof(true); | |||
1017 | sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL; | |||
1018 | sAESKeyTemplate[6].pValue = &true; | |||
1019 | sAESKeyTemplate[6].ulValueLen = sizeof(true); | |||
1020 | sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL; | |||
1021 | sAESKeyTemplate[7].pValue = &true; | |||
1022 | sAESKeyTemplate[7].ulValueLen = sizeof(true); | |||
1023 | sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; | |||
1024 | sAESKeyTemplate[8].pValue = &AESvalueLen; | |||
1025 | sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen); | |||
1026 | ||||
1027 | /* DES3 key template */ | |||
1028 | sDES3KeyTemplate[0].type = CKA_CLASS0x00000000UL; | |||
1029 | sDES3KeyTemplate[0].pValue = &class; | |||
1030 | sDES3KeyTemplate[0].ulValueLen = sizeof(class); | |||
1031 | sDES3KeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; | |||
1032 | sDES3KeyTemplate[1].pValue = &keyDES3Type; | |||
1033 | sDES3KeyTemplate[1].ulValueLen = sizeof(keyDES3Type); | |||
1034 | sDES3KeyTemplate[2].type = CKA_LABEL0x00000003UL; | |||
1035 | sDES3KeyTemplate[2].pValue = DES3label; | |||
1036 | sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label) - 1; | |||
1037 | sDES3KeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; | |||
1038 | sDES3KeyTemplate[3].pValue = &true; | |||
1039 | sDES3KeyTemplate[3].ulValueLen = sizeof(true); | |||
1040 | sDES3KeyTemplate[4].type = CKA_DECRYPT0x00000105UL; | |||
1041 | sDES3KeyTemplate[4].pValue = &true; | |||
1042 | sDES3KeyTemplate[4].ulValueLen = sizeof(true); | |||
1043 | sDES3KeyTemplate[5].type = CKA_UNWRAP0x00000107UL; | |||
1044 | sDES3KeyTemplate[5].pValue = &true; | |||
1045 | sDES3KeyTemplate[5].ulValueLen = sizeof(true); | |||
1046 | sDES3KeyTemplate[6].type = CKA_SIGN0x00000108UL, | |||
1047 | sDES3KeyTemplate[6].pValue = &true; | |||
1048 | sDES3KeyTemplate[6].ulValueLen = sizeof(true); | |||
1049 | sDES3KeyTemplate[7].type = CKA_VERIFY0x0000010AUL; | |||
1050 | sDES3KeyTemplate[7].pValue = &true; | |||
1051 | sDES3KeyTemplate[7].ulValueLen = sizeof(true); | |||
1052 | sDES3KeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; | |||
1053 | sDES3KeyTemplate[8].pValue = &DES3valueLen; | |||
1054 | sDES3KeyTemplate[8].ulValueLen = sizeof(DES3valueLen); | |||
1055 | ||||
1056 | /* mech init */ | |||
1057 | memset(IV, 0x01, sizeof(IV)); | |||
1058 | mech_DES3_CBC.mechanism = CKM_DES3_CBC0x00000133UL; | |||
1059 | mech_DES3_CBC.pParameter = IV; | |||
1060 | mech_DES3_CBC.ulParameterLen = sizeof(IV); | |||
1061 | mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD0x00000136UL; | |||
1062 | mech_DES3_CBC_PAD.pParameter = IV; | |||
1063 | mech_DES3_CBC_PAD.ulParameterLen = sizeof(IV); | |||
1064 | mech_AES_CBC.mechanism = CKM_AES_CBC0x00001082UL; | |||
1065 | mech_AES_CBC.pParameter = IV; | |||
1066 | mech_AES_CBC.ulParameterLen = sizeof(IV); | |||
1067 | mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD0x00001085UL; | |||
1068 | mech_AES_CBC_PAD.pParameter = IV; | |||
1069 | mech_AES_CBC_PAD.ulParameterLen = sizeof(IV); | |||
1070 | ||||
1071 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], | |||
1072 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, | |||
1073 | NULL((void*)0), NULL((void*)0), &hRwSession); | |||
1074 | if (crv == CKR_OK0x00000000UL) { | |||
1075 | PKM_LogIt("Opening a read/write session succeeded\n"); | |||
1076 | } else { | |||
1077 | PKM_Error("Opening a read/write session failed " | |||
1078 | "with 0x%08X, %-26s\n", | |||
1079 | crv, PKM_CK_RVtoStr(crv)); | |||
1080 | return crv; | |||
1081 | } | |||
1082 | ||||
1083 | if (MODE == FIPSMODE0) { | |||
1084 | crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech, | |||
1085 | sAESKeyTemplate, | |||
1086 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), | |||
1087 | &hAESSecKey); | |||
1088 | if (crv == CKR_OK0x00000000UL) { | |||
1089 | PKM_Error("C_GenerateKey succeeded when not logged in.\n"); | |||
1090 | return CKR_GENERAL_ERROR0x00000005UL; | |||
1091 | } else { | |||
1092 | PKM_LogIt("C_GenerateKey returned as EXPECTED with 0x%08X, %-26s\n" | |||
1093 | "since not logged in\n", | |||
1094 | crv, PKM_CK_RVtoStr(crv)); | |||
1095 | } | |||
1096 | crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech, | |||
1097 | rsaPubKeyTemplate, | |||
1098 | NUM_ELEM(rsaPubKeyTemplate)(sizeof(rsaPubKeyTemplate) / sizeof(rsaPubKeyTemplate[0])), | |||
1099 | rsaPrivKeyTemplate, | |||
1100 | NUM_ELEM(rsaPrivKeyTemplate)(sizeof(rsaPrivKeyTemplate) / sizeof(rsaPrivKeyTemplate[0])), | |||
1101 | &hRSApubKey, &hRSAprivKey); | |||
1102 | if (crv == CKR_OK0x00000000UL) { | |||
1103 | PKM_Error("C_GenerateKeyPair succeeded when not logged in.\n"); | |||
1104 | return CKR_GENERAL_ERROR0x00000005UL; | |||
1105 | } else { | |||
1106 | PKM_LogIt("C_GenerateKeyPair returned as EXPECTED with 0x%08X, " | |||
1107 | "%-26s\n since not logged in\n", | |||
1108 | crv, | |||
1109 | PKM_CK_RVtoStr(crv)); | |||
1110 | } | |||
1111 | } | |||
1112 | ||||
1113 | crv = pFunctionList->C_Login(hRwSession, CKU_USER1, pwd, pwdLen); | |||
1114 | if (crv == CKR_OK0x00000000UL) { | |||
1115 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
1116 | } else { | |||
1117 | PKM_Error("C_Login with correct password failed " | |||
1118 | "with 0x%08X, %-26s\n", | |||
1119 | crv, PKM_CK_RVtoStr(crv)); | |||
1120 | return crv; | |||
1121 | } | |||
1122 | ||||
1123 | PKM_LogIt("Generate an AES key ... \n"); | |||
1124 | /* generate an AES Secret Key */ | |||
1125 | crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech, | |||
1126 | sAESKeyTemplate, | |||
1127 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), | |||
1128 | &hAESSecKey); | |||
1129 | if (crv == CKR_OK0x00000000UL) { | |||
1130 | PKM_LogIt("C_GenerateKey AES succeeded\n"); | |||
1131 | } else { | |||
1132 | PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n", | |||
1133 | crv, PKM_CK_RVtoStr(crv)); | |||
1134 | return crv; | |||
1135 | } | |||
1136 | ||||
1137 | PKM_LogIt("Generate an 3DES key ...\n"); | |||
1138 | /* generate an 3DES Secret Key */ | |||
1139 | crv = pFunctionList->C_GenerateKey(hRwSession, &sDES3KeyGenMechanism, | |||
1140 | sDES3KeyTemplate, | |||
1141 | NUM_ELEM(sDES3KeyTemplate)(sizeof(sDES3KeyTemplate) / sizeof(sDES3KeyTemplate[0])), | |||
1142 | &hDES3SecKey); | |||
1143 | if (crv == CKR_OK0x00000000UL) { | |||
1144 | PKM_LogIt("C_GenerateKey DES3 succeeded\n"); | |||
1145 | } else { | |||
1146 | PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv, | |||
1147 | PKM_CK_RVtoStr(crv)); | |||
1148 | return crv; | |||
1149 | } | |||
1150 | ||||
1151 | PKM_LogIt("Generate DSA PQG domain parameters ... \n"); | |||
1152 | /* Generate DSA domain parameters PQG */ | |||
1153 | crv = pFunctionList->C_GenerateKey(hRwSession, &dsaParamGenMech, | |||
1154 | dsaParamGenTemplate, | |||
1155 | 1, | |||
1156 | &hDsaParams); | |||
1157 | if (crv == CKR_OK0x00000000UL) { | |||
1158 | PKM_LogIt("DSA domain parameter generation succeeded\n"); | |||
1159 | } else { | |||
1160 | PKM_Error("DSA domain parameter generation failed " | |||
1161 | "with 0x%08X, %-26s\n", | |||
1162 | crv, PKM_CK_RVtoStr(crv)); | |||
1163 | return crv; | |||
1164 | } | |||
1165 | crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams, | |||
1166 | dsaPubKeyTemplate, 3); | |||
1167 | if (crv == CKR_OK0x00000000UL) { | |||
1168 | PKM_LogIt("Getting DSA domain parameters succeeded\n"); | |||
1169 | } else { | |||
1170 | PKM_Error("Getting DSA domain parameters failed " | |||
1171 | "with 0x%08X, %-26s\n", | |||
1172 | crv, PKM_CK_RVtoStr(crv)); | |||
1173 | return crv; | |||
1174 | } | |||
1175 | crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams); | |||
1176 | if (crv == CKR_OK0x00000000UL) { | |||
1177 | PKM_LogIt("Destroying DSA domain parameters succeeded\n"); | |||
1178 | } else { | |||
1179 | PKM_Error("Destroying DSA domain parameters failed " | |||
1180 | "with 0x%08X, %-26s\n", | |||
1181 | crv, PKM_CK_RVtoStr(crv)); | |||
1182 | return crv; | |||
1183 | } | |||
1184 | ||||
1185 | PKM_LogIt("Generate a DSA key pair ... \n"); | |||
1186 | /* Generate a persistent DSA key pair */ | |||
1187 | crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech, | |||
1188 | dsaPubKeyTemplate, | |||
1189 | NUM_ELEM(dsaPubKeyTemplate)(sizeof(dsaPubKeyTemplate) / sizeof(dsaPubKeyTemplate[0])), | |||
1190 | dsaPrivKeyTemplate, | |||
1191 | NUM_ELEM(dsaPrivKeyTemplate)(sizeof(dsaPrivKeyTemplate) / sizeof(dsaPrivKeyTemplate[0])), | |||
1192 | &hDSApubKey, &hDSAprivKey); | |||
1193 | if (crv == CKR_OK0x00000000UL) { | |||
1194 | PKM_LogIt("DSA key pair generation succeeded\n"); | |||
1195 | } else { | |||
1196 | PKM_Error("DSA key pair generation failed " | |||
1197 | "with 0x%08X, %-26s\n", | |||
1198 | crv, PKM_CK_RVtoStr(crv)); | |||
1199 | return crv; | |||
1200 | } | |||
1201 | ||||
1202 | PKM_LogIt("Generate a RSA key pair ... \n"); | |||
1203 | /*** GEN RSA Key ***/ | |||
1204 | crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech, | |||
1205 | rsaPubKeyTemplate, | |||
1206 | NUM_ELEM(rsaPubKeyTemplate)(sizeof(rsaPubKeyTemplate) / sizeof(rsaPubKeyTemplate[0])), | |||
1207 | rsaPrivKeyTemplate, | |||
1208 | NUM_ELEM(rsaPrivKeyTemplate)(sizeof(rsaPrivKeyTemplate) / sizeof(rsaPrivKeyTemplate[0])), | |||
1209 | &hRSApubKey, &hRSAprivKey); | |||
1210 | if (crv == CKR_OK0x00000000UL) { | |||
1211 | PKM_LogIt("C_GenerateKeyPair created an RSA key pair. \n"); | |||
1212 | } else { | |||
1213 | PKM_Error("C_GenerateKeyPair failed to create an RSA key pair.\n" | |||
1214 | "with 0x%08X, %-26s\n", | |||
1215 | crv, PKM_CK_RVtoStr(crv)); | |||
1216 | return crv; | |||
1217 | } | |||
1218 | ||||
1219 | PKM_LogIt("**** Generation of keys completed ***** \n"); | |||
1220 | ||||
1221 | mech.mechanism = CKM_RSA_PKCS0x00000001UL; | |||
1222 | mech.pParameter = NULL((void*)0); | |||
1223 | mech.ulParameterLen = 0; | |||
1224 | ||||
1225 | crv = PKM_wrapUnwrap(pFunctionList, | |||
1226 | hRwSession, | |||
1227 | hRSApubKey, hRSAprivKey, | |||
1228 | &mech, | |||
1229 | hAESSecKey, | |||
1230 | sAESKeyTemplate, | |||
1231 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0]))); | |||
1232 | ||||
1233 | if (crv == CKR_OK0x00000000UL) { | |||
1234 | PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap AES key " | |||
1235 | "succeeded\n\n"); | |||
1236 | } else { | |||
1237 | PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap AES key failed " | |||
1238 | "with 0x%08X, %-26s\n", | |||
1239 | crv, | |||
1240 | PKM_CK_RVtoStr(crv)); | |||
1241 | return crv; | |||
1242 | } | |||
1243 | ||||
1244 | crv = PKM_wrapUnwrap(pFunctionList, | |||
1245 | hRwSession, | |||
1246 | hRSApubKey, hRSAprivKey, | |||
1247 | &mech, | |||
1248 | hDES3SecKey, | |||
1249 | sDES3KeyTemplate, | |||
1250 | NUM_ELEM(sDES3KeyTemplate)(sizeof(sDES3KeyTemplate) / sizeof(sDES3KeyTemplate[0]))); | |||
1251 | ||||
1252 | if (crv == CKR_OK0x00000000UL) { | |||
1253 | PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap DES3 key " | |||
1254 | "succeeded\n\n"); | |||
1255 | } else { | |||
1256 | PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap DES3 key " | |||
1257 | "failed with 0x%08X, %-26s\n", | |||
1258 | crv, | |||
1259 | PKM_CK_RVtoStr(crv)); | |||
1260 | return crv; | |||
1261 | } | |||
1262 | ||||
1263 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, | |||
1264 | hAESSecKey, &mech_AES_CBC_PAD, | |||
1265 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); | |||
1266 | if (crv == CKR_OK0x00000000UL) { | |||
1267 | PKM_LogIt("PKM_SecKeyCrypt succeeded \n\n"); | |||
1268 | } else { | |||
1269 | PKM_Error("PKM_SecKeyCrypt failed " | |||
1270 | "with 0x%08X, %-26s\n", | |||
1271 | crv, PKM_CK_RVtoStr(crv)); | |||
1272 | return crv; | |||
1273 | } | |||
1274 | ||||
1275 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, | |||
1276 | hAESSecKey, &mech_AES_CBC, | |||
1277 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1278 | if (crv == CKR_OK0x00000000UL) { | |||
1279 | PKM_LogIt("PKM_SecKeyCrypt AES succeeded \n\n"); | |||
1280 | } else { | |||
1281 | PKM_Error("PKM_SecKeyCrypt failed " | |||
1282 | "with 0x%08X, %-26s\n", | |||
1283 | crv, PKM_CK_RVtoStr(crv)); | |||
1284 | return crv; | |||
1285 | } | |||
1286 | ||||
1287 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, | |||
1288 | hDES3SecKey, &mech_DES3_CBC, | |||
1289 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1290 | if (crv == CKR_OK0x00000000UL) { | |||
1291 | PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n"); | |||
1292 | } else { | |||
1293 | PKM_Error("PKM_SecKeyCrypt DES3 failed " | |||
1294 | "with 0x%08X, %-26s\n", | |||
1295 | crv, PKM_CK_RVtoStr(crv)); | |||
1296 | return crv; | |||
1297 | } | |||
1298 | ||||
1299 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, | |||
1300 | hDES3SecKey, &mech_DES3_CBC_PAD, | |||
1301 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); | |||
1302 | if (crv == CKR_OK0x00000000UL) { | |||
1303 | PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n\n"); | |||
1304 | } else { | |||
1305 | PKM_Error("PKM_SecKeyCrypt DES3 failed " | |||
1306 | "with 0x%08X, %-26s\n", | |||
1307 | crv, PKM_CK_RVtoStr(crv)); | |||
1308 | return crv; | |||
1309 | } | |||
1310 | ||||
1311 | mech.mechanism = CKM_RSA_PKCS0x00000001UL; | |||
1312 | crv = PKM_RecoverFunctions(pFunctionList, hRwSession, | |||
1313 | hRSApubKey, hRSAprivKey, | |||
1314 | &mech, | |||
1315 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1316 | if (crv == CKR_OK0x00000000UL) { | |||
1317 | PKM_LogIt("PKM_RecoverFunctions for CKM_RSA_PKCS succeeded\n\n"); | |||
1318 | } else { | |||
1319 | PKM_Error("PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv, | |||
1320 | PKM_CK_RVtoStr(crv)); | |||
1321 | return crv; | |||
1322 | } | |||
1323 | ||||
1324 | mech.pParameter = NULL((void*)0); | |||
1325 | mech.ulParameterLen = 0; | |||
1326 | ||||
1327 | for (i = 0; i < sigRSAMechsSZ; i++) { | |||
1328 | ||||
1329 | mech.mechanism = sigRSAMechs[i].mechanism; | |||
1330 | ||||
1331 | crv = PKM_PubKeySign(pFunctionList, hRwSession, | |||
1332 | hRSApubKey, hRSAprivKey, | |||
1333 | &mech, | |||
1334 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1335 | if (crv == CKR_OK0x00000000UL) { | |||
1336 | PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n", | |||
1337 | sigRSAMechs[i].mechanismStr); | |||
1338 | } else { | |||
1339 | PKM_Error("PKM_PubKeySign failed for %-10s " | |||
1340 | "with 0x%08X, %-26s\n", | |||
1341 | sigRSAMechs[i].mechanismStr, crv, | |||
1342 | PKM_CK_RVtoStr(crv)); | |||
1343 | return crv; | |||
1344 | } | |||
1345 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1346 | hRSApubKey, hRSAprivKey, | |||
1347 | &mech, | |||
1348 | hAESSecKey, &mech_AES_CBC, | |||
1349 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1350 | if (crv == CKR_OK0x00000000UL) { | |||
1351 | PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded " | |||
1352 | "for %-10s\n\n", | |||
1353 | sigRSAMechs[i].mechanismStr); | |||
1354 | } else { | |||
1355 | PKM_Error("PKM_DualFuncSign with AES secret key failed " | |||
1356 | "for %-10s " | |||
1357 | "with 0x%08X, %-26s\n", | |||
1358 | sigRSAMechs[i].mechanismStr, crv, | |||
1359 | PKM_CK_RVtoStr(crv)); | |||
1360 | return crv; | |||
1361 | } | |||
1362 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1363 | hRSApubKey, hRSAprivKey, | |||
1364 | &mech, | |||
1365 | hDES3SecKey, &mech_DES3_CBC, | |||
1366 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1367 | if (crv == CKR_OK0x00000000UL) { | |||
1368 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded " | |||
1369 | "for %-10s\n\n", | |||
1370 | sigRSAMechs[i].mechanismStr); | |||
1371 | } else { | |||
1372 | PKM_Error("PKM_DualFuncSign with DES3 secret key failed " | |||
1373 | "for %-10s " | |||
1374 | "with 0x%08X, %-26s\n", | |||
1375 | sigRSAMechs[i].mechanismStr, crv, | |||
1376 | PKM_CK_RVtoStr(crv)); | |||
1377 | return crv; | |||
1378 | } | |||
1379 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1380 | hRSApubKey, hRSAprivKey, | |||
1381 | &mech, | |||
1382 | hAESSecKey, &mech_AES_CBC_PAD, | |||
1383 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); | |||
1384 | if (crv == CKR_OK0x00000000UL) { | |||
1385 | PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD " | |||
1386 | "succeeded for %-10s\n\n", | |||
1387 | sigRSAMechs[i].mechanismStr); | |||
1388 | } else { | |||
1389 | PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD " | |||
1390 | "failed for %-10s " | |||
1391 | "with 0x%08X, %-26s\n", | |||
1392 | sigRSAMechs[i].mechanismStr, crv, | |||
1393 | PKM_CK_RVtoStr(crv)); | |||
1394 | return crv; | |||
1395 | } | |||
1396 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1397 | hRSApubKey, hRSAprivKey, | |||
1398 | &mech, | |||
1399 | hDES3SecKey, &mech_DES3_CBC_PAD, | |||
1400 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); | |||
1401 | if (crv == CKR_OK0x00000000UL) { | |||
1402 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD " | |||
1403 | "succeeded for %-10s\n\n", | |||
1404 | sigRSAMechs[i].mechanismStr); | |||
1405 | } else { | |||
1406 | PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD " | |||
1407 | "failed for %-10s " | |||
1408 | "with 0x%08X, %-26s\n", | |||
1409 | sigRSAMechs[i].mechanismStr, crv, | |||
1410 | PKM_CK_RVtoStr(crv)); | |||
1411 | return crv; | |||
1412 | } | |||
1413 | ||||
1414 | } /* end of RSA for loop */ | |||
1415 | ||||
1416 | crv = PKM_PubKeySign(pFunctionList, hRwSession, | |||
1417 | hDSApubKey, hDSAprivKey, | |||
1418 | &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT)); | |||
1419 | if (crv == CKR_OK0x00000000UL) { | |||
1420 | PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n"); | |||
1421 | } else { | |||
1422 | PKM_Error("PKM_PubKeySign failed " | |||
1423 | "with 0x%08X, %-26s\n", | |||
1424 | crv, PKM_CK_RVtoStr(crv)); | |||
1425 | return crv; | |||
1426 | } | |||
1427 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1428 | hDSApubKey, hDSAprivKey, | |||
1429 | &dsaWithSha1Mech, | |||
1430 | hAESSecKey, &mech_AES_CBC, | |||
1431 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1432 | if (crv == CKR_OK0x00000000UL) { | |||
1433 | PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded " | |||
1434 | "for DSAWithSHA1\n\n"); | |||
1435 | } else { | |||
1436 | PKM_Error("PKM_DualFuncSign with AES secret key failed " | |||
1437 | "for DSAWithSHA1 with 0x%08X, %-26s\n", | |||
1438 | crv, PKM_CK_RVtoStr(crv)); | |||
1439 | return crv; | |||
1440 | } | |||
1441 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1442 | hDSApubKey, hDSAprivKey, | |||
1443 | &dsaWithSha1Mech, | |||
1444 | hDES3SecKey, &mech_DES3_CBC, | |||
1445 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1446 | if (crv == CKR_OK0x00000000UL) { | |||
1447 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded " | |||
1448 | "for DSAWithSHA1\n\n"); | |||
1449 | } else { | |||
1450 | PKM_Error("PKM_DualFuncSign with DES3 secret key failed " | |||
1451 | "for DSAWithSHA1 with 0x%08X, %-26s\n", | |||
1452 | crv, PKM_CK_RVtoStr(crv)); | |||
1453 | return crv; | |||
1454 | } | |||
1455 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1456 | hDSApubKey, hDSAprivKey, | |||
1457 | &dsaWithSha1Mech, | |||
1458 | hAESSecKey, &mech_AES_CBC_PAD, | |||
1459 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); | |||
1460 | if (crv == CKR_OK0x00000000UL) { | |||
1461 | PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded " | |||
1462 | "for DSAWithSHA1\n\n"); | |||
1463 | } else { | |||
1464 | PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD failed " | |||
1465 | "for DSAWithSHA1 with 0x%08X, %-26s\n", | |||
1466 | crv, PKM_CK_RVtoStr(crv)); | |||
1467 | return crv; | |||
1468 | } | |||
1469 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, | |||
1470 | hDSApubKey, hDSAprivKey, | |||
1471 | &dsaWithSha1Mech, | |||
1472 | hDES3SecKey, &mech_DES3_CBC_PAD, | |||
1473 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); | |||
1474 | if (crv == CKR_OK0x00000000UL) { | |||
1475 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded " | |||
1476 | "for DSAWithSHA1\n\n"); | |||
1477 | } else { | |||
1478 | PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD failed " | |||
1479 | "for DSAWithSHA1 with 0x%08X, %-26s\n", | |||
1480 | crv, PKM_CK_RVtoStr(crv)); | |||
1481 | return crv; | |||
1482 | } | |||
1483 | ||||
1484 | for (i = 0; i < digestMechsSZ; i++) { | |||
1485 | mech.mechanism = digestMechs[i].mechanism; | |||
1486 | crv = PKM_Digest(pFunctionList, hRwSession, | |||
1487 | &mech, hAESSecKey, | |||
1488 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1489 | if (crv == CKR_OK0x00000000UL) { | |||
1490 | PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n", | |||
1491 | digestMechs[i].mechanismStr); | |||
1492 | } else { | |||
1493 | PKM_Error("PKM_Digest with AES secret key failed for " | |||
1494 | "%-10s with 0x%08X, %-26s\n", | |||
1495 | digestMechs[i].mechanismStr, crv, | |||
1496 | PKM_CK_RVtoStr(crv)); | |||
1497 | return crv; | |||
1498 | } | |||
1499 | crv = PKM_DualFuncDigest(pFunctionList, hRwSession, | |||
1500 | hAESSecKey, &mech_AES_CBC, | |||
1501 | 0, &mech, | |||
1502 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1503 | if (crv == CKR_OK0x00000000UL) { | |||
1504 | PKM_LogIt("PKM_DualFuncDigest with AES secret key succeeded\n\n"); | |||
1505 | } else { | |||
1506 | PKM_Error("PKM_DualFuncDigest with AES secret key " | |||
1507 | "failed with 0x%08X, %-26s\n", | |||
1508 | crv, | |||
1509 | PKM_CK_RVtoStr(crv)); | |||
1510 | } | |||
1511 | ||||
1512 | crv = PKM_Digest(pFunctionList, hRwSession, | |||
1513 | &mech, hDES3SecKey, | |||
1514 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1515 | if (crv == CKR_OK0x00000000UL) { | |||
1516 | PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n", | |||
1517 | digestMechs[i].mechanismStr); | |||
1518 | } else { | |||
1519 | PKM_Error("PKM_Digest with DES3 secret key failed for " | |||
1520 | "%-10s with 0x%08X, %-26s\n", | |||
1521 | digestMechs[i].mechanismStr, crv, | |||
1522 | PKM_CK_RVtoStr(crv)); | |||
1523 | return crv; | |||
1524 | } | |||
1525 | crv = PKM_DualFuncDigest(pFunctionList, hRwSession, | |||
1526 | hDES3SecKey, &mech_DES3_CBC, | |||
1527 | 0, &mech, | |||
1528 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1529 | if (crv == CKR_OK0x00000000UL) { | |||
1530 | PKM_LogIt("PKM_DualFuncDigest DES3 secret key succeeded\n\n"); | |||
1531 | } else { | |||
1532 | PKM_Error("PKM_DualFuncDigest DES3 secret key " | |||
1533 | "failed with 0x%08X, %-26s\n", | |||
1534 | crv, | |||
1535 | PKM_CK_RVtoStr(crv)); | |||
1536 | } | |||
1537 | ||||
1538 | crv = PKM_Digest(pFunctionList, hRwSession, | |||
1539 | &mech, 0, | |||
1540 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1541 | if (crv == CKR_OK0x00000000UL) { | |||
1542 | PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n", | |||
1543 | digestMechs[i].mechanismStr); | |||
1544 | } else { | |||
1545 | PKM_Error("PKM_Digest with no secret key failed for %-10s " | |||
1546 | "with 0x%08X, %-26s\n", | |||
1547 | digestMechs[i].mechanismStr, crv, | |||
1548 | PKM_CK_RVtoStr(crv)); | |||
1549 | return crv; | |||
1550 | } | |||
1551 | } /* end of digest loop */ | |||
1552 | ||||
1553 | for (i = 0; i < hmacMechsSZ; i++) { | |||
1554 | mech.mechanism = hmacMechs[i].mechanism; | |||
1555 | crv = PKM_Hmac(pFunctionList, hRwSession, | |||
1556 | hAESSecKey, &mech, | |||
1557 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1558 | if (crv == CKR_OK0x00000000UL) { | |||
1559 | PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n", | |||
1560 | hmacMechs[i].mechanismStr); | |||
1561 | } else { | |||
1562 | PKM_Error("PKM_Hmac with AES secret key failed for %-10s " | |||
1563 | "with 0x%08X, %-26s\n", | |||
1564 | hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv)); | |||
1565 | return crv; | |||
1566 | } | |||
1567 | if ((MODE == FIPSMODE0) && (mech.mechanism == CKM_SHA512_HMAC0x00000271UL)) | |||
1568 | break; | |||
1569 | crv = PKM_Hmac(pFunctionList, hRwSession, | |||
1570 | hDES3SecKey, &mech, | |||
1571 | PLAINTEXT, sizeof(PLAINTEXT)); | |||
1572 | if (crv == CKR_OK0x00000000UL) { | |||
1573 | PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n", | |||
1574 | hmacMechs[i].mechanismStr); | |||
1575 | } else { | |||
1576 | PKM_Error("PKM_Hmac with DES3 secret key failed for %-10s " | |||
1577 | "with 0x%08X, %-26s\n", | |||
1578 | hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv)); | |||
1579 | return crv; | |||
1580 | } | |||
1581 | ||||
1582 | } /* end of hmac loop */ | |||
1583 | ||||
1584 | crv = pFunctionList->C_Logout(hRwSession); | |||
1585 | if (crv == CKR_OK0x00000000UL) { | |||
1586 | PKM_LogIt("C_Logout succeeded\n"); | |||
1587 | } else { | |||
1588 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
1589 | PKM_CK_RVtoStr(crv)); | |||
1590 | return crv; | |||
1591 | } | |||
1592 | ||||
1593 | crv = pFunctionList->C_CloseSession(hRwSession); | |||
1594 | if (crv != CKR_OK0x00000000UL) { | |||
1595 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
1596 | PKM_CK_RVtoStr(crv)); | |||
1597 | return crv; | |||
1598 | } | |||
1599 | ||||
1600 | return crv; | |||
1601 | } | |||
1602 | ||||
1603 | void | |||
1604 | PKM_LogIt(const char *fmt, ...) | |||
1605 | { | |||
1606 | va_list args; | |||
1607 | ||||
1608 | if (verbose) { | |||
1609 | va_start(args, fmt)__builtin_va_start(args, fmt); | |||
1610 | if (MODE == FIPSMODE0) { | |||
1611 | printf("FIPS MODE: "); | |||
1612 | } else if (MODE == NONFIPSMODE1) { | |||
1613 | printf("NON FIPS MODE: "); | |||
1614 | } else if (MODE == HYBRIDMODE2) { | |||
1615 | printf("Hybrid MODE: "); | |||
1616 | } | |||
1617 | vprintf(fmt, args); | |||
1618 | va_end(args)__builtin_va_end(args); | |||
1619 | } | |||
1620 | } | |||
1621 | ||||
1622 | void | |||
1623 | PKM_Error(const char *fmt, ...) | |||
1624 | { | |||
1625 | va_list args; | |||
1626 | va_start(args, fmt)__builtin_va_start(args, fmt); | |||
1627 | ||||
1628 | if (MODE == FIPSMODE0) { | |||
1629 | fprintf(stderrstderr, "\nFIPS MODE PKM_Error: "); | |||
1630 | } else if (MODE == NONFIPSMODE1) { | |||
1631 | fprintf(stderrstderr, "NON FIPS MODE PKM_Error: "); | |||
1632 | } else if (MODE == HYBRIDMODE2) { | |||
1633 | fprintf(stderrstderr, "Hybrid MODE PKM_Error: "); | |||
1634 | } else | |||
1635 | fprintf(stderrstderr, "NOMODE PKM_Error: "); | |||
1636 | vfprintf(stderrstderr, fmt, args); | |||
1637 | va_end(args)__builtin_va_end(args); | |||
1638 | } | |||
1639 | CK_SLOT_ID * | |||
1640 | PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList, | |||
1641 | CK_ULONG slotID) | |||
1642 | { | |||
1643 | CK_RV crv = CKR_OK0x00000000UL; | |||
1644 | CK_SLOT_ID *pSlotList = NULL((void*)0); | |||
1645 | CK_ULONG slotCount; | |||
1646 | ||||
1647 | NUMTESTS++; /* increment NUMTESTS */ | |||
1648 | ||||
1649 | /* Get slot list */ | |||
1650 | crv = pFunctionList->C_GetSlotList(CK_FALSE0 /* all slots */, | |||
1651 | NULL((void*)0), &slotCount); | |||
1652 | if (crv != CKR_OK0x00000000UL) { | |||
1653 | PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv, | |||
1654 | PKM_CK_RVtoStr(crv)); | |||
1655 | return NULL((void*)0); | |||
1656 | } | |||
1657 | PKM_LogIt("C_GetSlotList reported there are %lu slots\n", slotCount); | |||
1658 | pSlotList = (CK_SLOT_ID *)malloc(slotCount * sizeof(CK_SLOT_ID)); | |||
1659 | if (!pSlotList) { | |||
1660 | PKM_Error("failed to allocate slot list\n"); | |||
1661 | return NULL((void*)0); | |||
1662 | } | |||
1663 | crv = pFunctionList->C_GetSlotList(CK_FALSE0 /* all slots */, | |||
1664 | pSlotList, &slotCount); | |||
1665 | if (crv != CKR_OK0x00000000UL) { | |||
1666 | PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv, | |||
1667 | PKM_CK_RVtoStr(crv)); | |||
1668 | if (pSlotList) | |||
1669 | free(pSlotList); | |||
1670 | return NULL((void*)0); | |||
1671 | } | |||
1672 | return pSlotList; | |||
1673 | } | |||
1674 | ||||
1675 | CK_RV | |||
1676 | PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList, | |||
1677 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
1678 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
1679 | { | |||
1680 | CK_RV crv = CKR_OK0x00000000UL; | |||
1681 | CK_SESSION_HANDLE hSession; | |||
1682 | static const CK_UTF8CHAR testPin[] = { "0Mozilla" }; | |||
1683 | static const CK_UTF8CHAR weakPin[] = { "mozilla" }; | |||
1684 | ||||
1685 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], | |||
1686 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, | |||
1687 | NULL((void*)0), NULL((void*)0), &hSession); | |||
1688 | if (crv != CKR_OK0x00000000UL) { | |||
1689 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
1690 | PKM_CK_RVtoStr(crv)); | |||
1691 | return crv; | |||
1692 | } | |||
1693 | PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER1); | |||
1694 | ||||
1695 | crv = pFunctionList->C_Login(hSession, CKU_SO0, NULL((void*)0), 0); | |||
1696 | if (crv != CKR_OK0x00000000UL) { | |||
1697 | PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv, | |||
1698 | PKM_CK_RVtoStr(crv)); | |||
1699 | return crv; | |||
1700 | } | |||
1701 | if (MODE == FIPSMODE0) { | |||
1702 | crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)weakPin, | |||
1703 | strlen((char *)weakPin)); | |||
1704 | if (crv == CKR_OK0x00000000UL) { | |||
1705 | PKM_Error("C_InitPIN with a weak password succeeded\n"); | |||
1706 | return crv; | |||
1707 | } else { | |||
1708 | PKM_LogIt("C_InitPIN with a weak password failed with " | |||
1709 | "0x%08X, %-26s\n", | |||
1710 | crv, PKM_CK_RVtoStr(crv)); | |||
1711 | } | |||
1712 | } | |||
1713 | crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)testPin, | |||
1714 | strlen((char *)testPin)); | |||
1715 | if (crv == CKR_OK0x00000000UL) { | |||
1716 | PKM_LogIt("C_InitPIN succeeded\n"); | |||
1717 | } else { | |||
1718 | PKM_Error("C_InitPIN failed with 0x%08X, %-26s\n", crv, | |||
1719 | PKM_CK_RVtoStr(crv)); | |||
1720 | return crv; | |||
1721 | } | |||
1722 | crv = pFunctionList->C_Logout(hSession); | |||
1723 | if (crv != CKR_OK0x00000000UL) { | |||
1724 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
1725 | PKM_CK_RVtoStr(crv)); | |||
1726 | return crv; | |||
1727 | } | |||
1728 | crv = pFunctionList->C_CloseSession(hSession); | |||
1729 | if (crv != CKR_OK0x00000000UL) { | |||
1730 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
1731 | PKM_CK_RVtoStr(crv)); | |||
1732 | return crv; | |||
1733 | } | |||
1734 | ||||
1735 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], | |||
1736 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, | |||
1737 | NULL((void*)0), NULL((void*)0), &hSession); | |||
1738 | if (crv != CKR_OK0x00000000UL) { | |||
1739 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
1740 | PKM_CK_RVtoStr(crv)); | |||
1741 | return crv; | |||
1742 | } | |||
1743 | ||||
1744 | PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER1); | |||
1745 | ||||
1746 | crv = pFunctionList->C_Login(hSession, CKU_USER1, (CK_UTF8CHAR *)testPin, | |||
1747 | strlen((const char *)testPin)); | |||
1748 | if (crv != CKR_OK0x00000000UL) { | |||
1749 | PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv, | |||
1750 | PKM_CK_RVtoStr(crv)); | |||
1751 | return crv; | |||
1752 | } | |||
1753 | if (MODE == FIPSMODE0) { | |||
1754 | crv = pFunctionList->C_SetPIN( | |||
1755 | hSession, (CK_UTF8CHAR *)testPin, | |||
1756 | strlen((const char *)testPin), | |||
1757 | (CK_UTF8CHAR *)weakPin, | |||
1758 | strlen((const char *)weakPin)); | |||
1759 | if (crv == CKR_OK0x00000000UL) { | |||
1760 | PKM_Error("C_SetPIN with a weak password succeeded\n"); | |||
1761 | return crv; | |||
1762 | } else { | |||
1763 | PKM_LogIt("C_SetPIN with a weak password returned with " | |||
1764 | "0x%08X, %-26s\n", | |||
1765 | crv, PKM_CK_RVtoStr(crv)); | |||
1766 | } | |||
1767 | } | |||
1768 | crv = pFunctionList->C_SetPIN( | |||
1769 | hSession, (CK_UTF8CHAR *)testPin, | |||
1770 | strlen((const char *)testPin), | |||
1771 | pwd, pwdLen); | |||
1772 | if (crv != CKR_OK0x00000000UL) { | |||
1773 | PKM_Error("C_CSetPin failed with 0x%08X, %-26s\n", crv, | |||
1774 | PKM_CK_RVtoStr(crv)); | |||
1775 | return crv; | |||
1776 | } | |||
1777 | crv = pFunctionList->C_Logout(hSession); | |||
1778 | if (crv != CKR_OK0x00000000UL) { | |||
1779 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
1780 | PKM_CK_RVtoStr(crv)); | |||
1781 | return crv; | |||
1782 | } | |||
1783 | crv = pFunctionList->C_CloseSession(hSession); | |||
1784 | if (crv != CKR_OK0x00000000UL) { | |||
1785 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
1786 | PKM_CK_RVtoStr(crv)); | |||
1787 | return crv; | |||
1788 | } | |||
1789 | return crv; | |||
1790 | } | |||
1791 | ||||
1792 | CK_RV | |||
1793 | PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) | |||
1794 | { | |||
1795 | CK_RV crv = CKR_OK0x00000000UL; | |||
1796 | CK_INFO info; | |||
1797 | CK_SLOT_ID *pSlotList = NULL((void*)0); | |||
1798 | unsigned i; | |||
1799 | ||||
1800 | CK_SLOT_INFO slotInfo; | |||
1801 | CK_TOKEN_INFO tokenInfo; | |||
1802 | CK_FLAGS bitflag; | |||
1803 | ||||
1804 | NUMTESTS++; /* increment NUMTESTS */ | |||
1805 | ||||
1806 | crv = pFunctionList->C_GetInfo(&info); | |||
1807 | if (crv == CKR_OK0x00000000UL) { | |||
1808 | PKM_LogIt("C_GetInfo succeeded\n"); | |||
1809 | } else { | |||
1810 | PKM_Error("C_GetInfo failed with 0x%08X, %-26s\n", crv, | |||
1811 | PKM_CK_RVtoStr(crv)); | |||
1812 | return crv; | |||
1813 | } | |||
1814 | PKM_LogIt("General information about the PKCS #11 library:\n"); | |||
1815 | PKM_LogIt(" PKCS #11 version: %d.%d\n", | |||
1816 | (int)info.cryptokiVersion.major, | |||
1817 | (int)info.cryptokiVersion.minor); | |||
1818 | PKM_LogIt(" manufacturer ID: %.32s\n", info.manufacturerID); | |||
1819 | PKM_LogIt(" flags: 0x%08lX\n", info.flags); | |||
1820 | PKM_LogIt(" library description: %.32s\n", info.libraryDescription); | |||
1821 | PKM_LogIt(" library version: %d.%d\n", | |||
1822 | (int)info.libraryVersion.major, (int)info.libraryVersion.minor); | |||
1823 | PKM_LogIt("\n"); | |||
1824 | ||||
1825 | /* Get slot list */ | |||
1826 | pSlotList = PKM_GetSlotList(pFunctionList, slotID); | |||
1827 | if (pSlotList == NULL((void*)0)) { | |||
1828 | PKM_Error("PKM_GetSlotList failed with \n"); | |||
1829 | return crv; | |||
1830 | } | |||
1831 | crv = pFunctionList->C_GetSlotInfo(pSlotList[slotID], &slotInfo); | |||
1832 | if (crv == CKR_OK0x00000000UL) { | |||
1833 | PKM_LogIt("C_GetSlotInfo succeeded\n"); | |||
1834 | } else { | |||
1835 | PKM_Error("C_GetSlotInfo failed with 0x%08X, %-26s\n", crv, | |||
1836 | PKM_CK_RVtoStr(crv)); | |||
1837 | return crv; | |||
1838 | } | |||
1839 | PKM_LogIt("Information about slot %lu:\n", pSlotList[slotID]); | |||
1840 | PKM_LogIt(" slot description: %.64s\n", slotInfo.slotDescription); | |||
1841 | PKM_LogIt(" slot manufacturer ID: %.32s\n", slotInfo.manufacturerID); | |||
1842 | PKM_LogIt(" flags: 0x%08lX\n", slotInfo.flags); | |||
1843 | bitflag = 1; | |||
1844 | for (i = 0; i < sizeof(slotFlagName) / sizeof(slotFlagName[0]); i++) { | |||
1845 | if (slotInfo.flags & bitflag) { | |||
1846 | PKM_LogIt(" %s\n", slotFlagName[i]); | |||
1847 | } | |||
1848 | bitflag <<= 1; | |||
1849 | } | |||
1850 | PKM_LogIt(" slot's hardware version number: %d.%d\n", | |||
1851 | (int)slotInfo.hardwareVersion.major, | |||
1852 | (int)slotInfo.hardwareVersion.minor); | |||
1853 | PKM_LogIt(" slot's firmware version number: %d.%d\n", | |||
1854 | (int)slotInfo.firmwareVersion.major, | |||
1855 | (int)slotInfo.firmwareVersion.minor); | |||
1856 | PKM_LogIt("\n"); | |||
1857 | ||||
1858 | crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo); | |||
1859 | if (crv == CKR_OK0x00000000UL) { | |||
1860 | PKM_LogIt("C_GetTokenInfo succeeded\n"); | |||
1861 | } else { | |||
1862 | PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv, | |||
1863 | PKM_CK_RVtoStr(crv)); | |||
1864 | return crv; | |||
1865 | } | |||
1866 | PKM_LogIt("Information about the token in slot %lu:\n", | |||
1867 | pSlotList[slotID]); | |||
1868 | PKM_LogIt(" label: %.32s\n", tokenInfo.label); | |||
1869 | PKM_LogIt(" device manufacturer ID: %.32s\n", | |||
1870 | tokenInfo.manufacturerID); | |||
1871 | PKM_LogIt(" device model: %.16s\n", tokenInfo.model); | |||
1872 | PKM_LogIt(" device serial number: %.16s\n", tokenInfo.serialNumber); | |||
1873 | PKM_LogIt(" flags: 0x%08lX\n", tokenInfo.flags); | |||
1874 | bitflag = 1; | |||
1875 | for (i = 0; i < sizeof(tokenFlagName) / sizeof(tokenFlagName[0]); i++) { | |||
1876 | if (tokenInfo.flags & bitflag) { | |||
1877 | PKM_LogIt(" %s\n", tokenFlagName[i]); | |||
1878 | } | |||
1879 | bitflag <<= 1; | |||
1880 | } | |||
1881 | PKM_LogIt(" maximum session count: %lu\n", | |||
1882 | tokenInfo.ulMaxSessionCount); | |||
1883 | PKM_LogIt(" session count: %lu\n", tokenInfo.ulSessionCount); | |||
1884 | PKM_LogIt(" maximum read/write session count: %lu\n", | |||
1885 | tokenInfo.ulMaxRwSessionCount); | |||
1886 | PKM_LogIt(" read/write session count: %lu\n", | |||
1887 | tokenInfo.ulRwSessionCount); | |||
1888 | PKM_LogIt(" maximum PIN length: %lu\n", tokenInfo.ulMaxPinLen); | |||
1889 | PKM_LogIt(" minimum PIN length: %lu\n", tokenInfo.ulMinPinLen); | |||
1890 | PKM_LogIt(" total public memory: %lu\n", | |||
1891 | tokenInfo.ulTotalPublicMemory); | |||
1892 | PKM_LogIt(" free public memory: %lu\n", | |||
1893 | tokenInfo.ulFreePublicMemory); | |||
1894 | PKM_LogIt(" total private memory: %lu\n", | |||
1895 | tokenInfo.ulTotalPrivateMemory); | |||
1896 | PKM_LogIt(" free private memory: %lu\n", | |||
1897 | tokenInfo.ulFreePrivateMemory); | |||
1898 | PKM_LogIt(" hardware version number: %d.%d\n", | |||
1899 | (int)tokenInfo.hardwareVersion.major, | |||
1900 | (int)tokenInfo.hardwareVersion.minor); | |||
1901 | PKM_LogIt(" firmware version number: %d.%d\n", | |||
1902 | (int)tokenInfo.firmwareVersion.major, | |||
1903 | (int)tokenInfo.firmwareVersion.minor); | |||
1904 | if (tokenInfo.flags & CKF_CLOCK_ON_TOKEN0x00000040UL) { | |||
1905 | PKM_LogIt(" current time: %.16s\n", tokenInfo.utcTime); | |||
1906 | } | |||
1907 | PKM_LogIt("PKM_ShowInfo done \n\n"); | |||
1908 | free(pSlotList); | |||
1909 | return crv; | |||
1910 | } | |||
1911 | ||||
1912 | /* PKM_HybridMode */ | |||
1913 | /* The NSS cryptographic module has two modes of operation: FIPS Approved */ | |||
1914 | /* mode and NONFIPS Approved mode. The two modes of operation are */ | |||
1915 | /* independent of each other -- they have their own copies of data */ | |||
1916 | /* structures and they are even allowed to be active at the same time. */ | |||
1917 | /* The module is FIPS 140-2 compliant only when the NONFIPS mode */ | |||
1918 | /* is inactive. */ | |||
1919 | /* PKM_HybridMode demostrates how an application can switch between the */ | |||
1920 | /* two modes: FIPS Approved mode and NONFIPS mode. */ | |||
1921 | CK_RV | |||
1922 | PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, | |||
1923 | CK_C_INITIALIZE_ARGS_NSS *initArgs) | |||
1924 | { | |||
1925 | ||||
1926 | CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */ | |||
1927 | CK_FUNCTION_LIST_PTR pC_FunctionList; | |||
1928 | CK_SLOT_ID *pC_SlotList = NULL((void*)0); | |||
1929 | CK_ULONG slotID_C = 1; | |||
1930 | CK_C_GetFunctionList pFC_GetFunctionList; /* FIPSMode */ | |||
1931 | CK_FUNCTION_LIST_PTR pFC_FunctionList; | |||
1932 | CK_SLOT_ID *pFC_SlotList = NULL((void*)0); | |||
1933 | CK_ULONG slotID_FC = 0; | |||
1934 | CK_RV crv = CKR_OK0x00000000UL; | |||
1935 | CK_SESSION_HANDLE hSession; | |||
1936 | int origMode = MODE; /* remember the orginal MODE value */ | |||
1937 | ||||
1938 | NUMTESTS++; /* increment NUMTESTS */ | |||
1939 | MODE = NONFIPSMODE1; | |||
1940 | #ifdef _WIN32 | |||
1941 | /* NON FIPS mode == C_GetFunctionList */ | |||
1942 | pC_GetFunctionList = (CK_C_GetFunctionList) | |||
1943 | GetProcAddress(hModule, "C_GetFunctionList"); | |||
1944 | if (pC_GetFunctionList == NULL((void*)0)) { | |||
1945 | PKM_Error("cannot load %s\n", LIB_NAME); | |||
1946 | return crv; | |||
1947 | } | |||
1948 | #else | |||
1949 | pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, | |||
1950 | "C_GetFunctionList"); | |||
1951 | assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pC_GetFunctionList != NULL", "pk11mode.c", 1951, __extension__ __PRETTY_FUNCTION__)); | |||
1952 | #endif | |||
1953 | PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n", | |||
1954 | slotID_C); | |||
1955 | crv = (*pC_GetFunctionList)(&pC_FunctionList); | |||
1956 | assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK" , "pk11mode.c", 1956, __extension__ __PRETTY_FUNCTION__)); | |||
1957 | ||||
1958 | /* invoke C_Initialize as pC_FunctionList->C_Initialize */ | |||
1959 | crv = pC_FunctionList->C_Initialize(initArgs); | |||
1960 | if (crv == CKR_OK0x00000000UL) { | |||
1961 | PKM_LogIt("C_Initialize succeeded\n"); | |||
1962 | } else { | |||
1963 | PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv, | |||
1964 | PKM_CK_RVtoStr(crv)); | |||
1965 | return crv; | |||
1966 | } | |||
1967 | ||||
1968 | pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C); | |||
1969 | if (pC_SlotList == NULL((void*)0)) { | |||
1970 | PKM_Error("PKM_GetSlotList failed with \n"); | |||
1971 | return crv; | |||
1972 | } | |||
1973 | crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C], | |||
1974 | CKF_SERIAL_SESSION0x00000004UL, | |||
1975 | NULL((void*)0), NULL((void*)0), &hSession); | |||
1976 | if (crv == CKR_OK0x00000000UL) { | |||
1977 | PKM_LogIt("NONFIPS C_OpenSession succeeded\n"); | |||
1978 | } else { | |||
1979 | PKM_Error("C_OpenSession failed for NONFIPS token " | |||
1980 | "with 0x%08X, %-26s\n", | |||
1981 | crv, PKM_CK_RVtoStr(crv)); | |||
1982 | return crv; | |||
1983 | } | |||
1984 | ||||
1985 | crv = pC_FunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
1986 | if (crv == CKR_OK0x00000000UL) { | |||
1987 | PKM_LogIt("able to login in NONFIPS token\n"); | |||
1988 | } else { | |||
1989 | PKM_Error("Unable to login in to NONFIPS token " | |||
1990 | "with 0x%08X, %-26s\n", | |||
1991 | crv, PKM_CK_RVtoStr(crv)); | |||
1992 | return crv; | |||
1993 | } | |||
1994 | ||||
1995 | crv = pC_FunctionList->C_Logout(hSession); | |||
1996 | if (crv == CKR_OK0x00000000UL) { | |||
1997 | PKM_LogIt("C_Logout succeeded\n"); | |||
1998 | } else { | |||
1999 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
2000 | PKM_CK_RVtoStr(crv)); | |||
2001 | return crv; | |||
2002 | } | |||
2003 | ||||
2004 | PKM_ShowInfo(pC_FunctionList, slotID_C); | |||
2005 | MODE = HYBRIDMODE2; | |||
2006 | ||||
2007 | /* Now load the FIPS token */ | |||
2008 | /* FIPS mode == FC_GetFunctionList */ | |||
2009 | pFC_GetFunctionList = NULL((void*)0); | |||
2010 | #ifdef _WIN32 | |||
2011 | pFC_GetFunctionList = (CK_C_GetFunctionList) | |||
2012 | GetProcAddress(hModule, "FC_GetFunctionList"); | |||
2013 | #else | |||
2014 | pFC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, | |||
2015 | "FC_GetFunctionList"); | |||
2016 | assert(pFC_GetFunctionList != NULL)((pFC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pFC_GetFunctionList != NULL", "pk11mode.c", 2016, __extension__ __PRETTY_FUNCTION__)); | |||
2017 | #endif | |||
2018 | ||||
2019 | PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n", | |||
2020 | slotID_FC); | |||
2021 | PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n"); | |||
2022 | if (pFC_GetFunctionList == NULL((void*)0)) { | |||
2023 | PKM_Error("unable to load pFC_GetFunctionList\n"); | |||
2024 | return crv; | |||
2025 | } | |||
2026 | ||||
2027 | crv = (*pFC_GetFunctionList)(&pFC_FunctionList); | |||
2028 | assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK" , "pk11mode.c", 2028, __extension__ __PRETTY_FUNCTION__)); | |||
2029 | ||||
2030 | /* invoke FC_Initialize as pFunctionList->C_Initialize */ | |||
2031 | crv = pFC_FunctionList->C_Initialize(initArgs); | |||
2032 | if (crv == CKR_OK0x00000000UL) { | |||
2033 | PKM_LogIt("FC_Initialize succeeded\n"); | |||
2034 | } else { | |||
2035 | PKM_Error("FC_Initialize failed with 0x%08X, %-26s\n", crv, | |||
2036 | PKM_CK_RVtoStr(crv)); | |||
2037 | return crv; | |||
2038 | } | |||
2039 | PKM_ShowInfo(pFC_FunctionList, slotID_FC); | |||
2040 | ||||
2041 | pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC); | |||
2042 | if (pFC_SlotList == NULL((void*)0)) { | |||
2043 | PKM_Error("PKM_GetSlotList failed with \n"); | |||
2044 | return crv; | |||
2045 | } | |||
2046 | ||||
2047 | crv = pC_FunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
2048 | if (crv != CKR_OK0x00000000UL) { | |||
2049 | PKM_LogIt("NONFIPS token cannot log in when FIPS token is loaded\n"); | |||
2050 | } else { | |||
2051 | PKM_Error("Able to login in to NONFIPS token\n"); | |||
2052 | return crv; | |||
2053 | } | |||
2054 | crv = pC_FunctionList->C_CloseSession(hSession); | |||
2055 | if (crv == CKR_OK0x00000000UL) { | |||
2056 | PKM_LogIt("NONFIPS pC_CloseSession succeeded\n"); | |||
2057 | } else { | |||
2058 | PKM_Error("pC_CloseSession failed for NONFIPS token " | |||
2059 | "with 0x%08X, %-26s\n", | |||
2060 | crv, PKM_CK_RVtoStr(crv)); | |||
2061 | return crv; | |||
2062 | } | |||
2063 | ||||
2064 | PKM_LogIt("The module is FIPS 140-2 compliant\n" | |||
2065 | "only when the NONFIPS Approved mode is inactive by \n" | |||
2066 | "calling C_Finalize on the NONFIPS token.\n"); | |||
2067 | ||||
2068 | /* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */ | |||
2069 | crv = pC_FunctionList->C_Finalize(NULL((void*)0)); | |||
2070 | if (crv == CKR_OK0x00000000UL) { | |||
2071 | PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n"); | |||
2072 | MODE = FIPSMODE0; | |||
2073 | } else { | |||
2074 | PKM_Error("C_Finalize of NONFIPS Token failed with " | |||
2075 | "0x%08X, %-26s\n", | |||
2076 | crv, | |||
2077 | PKM_CK_RVtoStr(crv)); | |||
2078 | return crv; | |||
2079 | } | |||
2080 | ||||
2081 | PKM_LogIt("*** In FIPS mode! ***\n"); | |||
2082 | ||||
2083 | /* could do some operations in FIPS MODE */ | |||
2084 | ||||
2085 | crv = pFC_FunctionList->C_Finalize(NULL((void*)0)); | |||
2086 | if (crv == CKR_OK0x00000000UL) { | |||
2087 | PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n"); | |||
2088 | MODE = NOMODE3; | |||
2089 | } else { | |||
2090 | PKM_Error("FC_Finalize failed with 0x%08X, %-26s\n", crv, | |||
2091 | PKM_CK_RVtoStr(crv)); | |||
2092 | return crv; | |||
2093 | } | |||
2094 | ||||
2095 | if (pC_SlotList) | |||
2096 | free(pC_SlotList); | |||
2097 | if (pFC_SlotList) | |||
2098 | free(pFC_SlotList); | |||
2099 | ||||
2100 | MODE = origMode; /* set the mode back to the orginal Mode value */ | |||
2101 | PKM_LogIt("PKM_HybridMode test Completed\n\n"); | |||
2102 | return crv; | |||
2103 | } | |||
2104 | ||||
2105 | CK_RV | |||
2106 | PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, | |||
2107 | CK_SLOT_ID *pSlotList, CK_ULONG slotID) | |||
2108 | { | |||
2109 | ||||
2110 | CK_RV crv = CKR_OK0x00000000UL; | |||
2111 | CK_MECHANISM_TYPE *pMechanismList; | |||
2112 | CK_ULONG mechanismCount; | |||
2113 | CK_ULONG i; | |||
2114 | const char *mechName = NULL((void*)0); | |||
2115 | ||||
2116 | NUMTESTS++; /* increment NUMTESTS */ | |||
2117 | ||||
2118 | /* Get the mechanism list */ | |||
2119 | crv = pFunctionList->C_GetMechanismList(pSlotList[slotID], | |||
2120 | NULL((void*)0), &mechanismCount); | |||
2121 | if (crv != CKR_OK0x00000000UL) { | |||
2122 | PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv, | |||
2123 | PKM_CK_RVtoStr(crv)); | |||
2124 | return crv; | |||
2125 | } | |||
2126 | PKM_LogIt("C_GetMechanismList reported there are %lu mechanisms\n", | |||
2127 | mechanismCount); | |||
2128 | pMechanismList = (CK_MECHANISM_TYPE *) | |||
2129 | malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE)); | |||
2130 | if (!pMechanismList) { | |||
2131 | PKM_Error("failed to allocate mechanism list\n"); | |||
2132 | return crv; | |||
2133 | } | |||
2134 | crv = pFunctionList->C_GetMechanismList(pSlotList[slotID], | |||
2135 | pMechanismList, &mechanismCount); | |||
2136 | if (crv != CKR_OK0x00000000UL) { | |||
2137 | PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv, | |||
2138 | PKM_CK_RVtoStr(crv)); | |||
2139 | return crv; | |||
2140 | } | |||
2141 | PKM_LogIt("C_GetMechanismList returned the mechanism types:\n"); | |||
2142 | if (verbose) { | |||
2143 | for (i = 0; i < mechanismCount; i++) { | |||
2144 | mechName = getName(pMechanismList[(i)], ConstMechanism); | |||
2145 | ||||
2146 | /* output two mechanism name on each line */ | |||
2147 | /* currently the longest known mechansim name length is 37 */ | |||
2148 | if (mechName) { | |||
2149 | printf("%-40s", mechName); | |||
2150 | } else { | |||
2151 | printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]); | |||
2152 | } | |||
2153 | if ((i % 2) == 1) | |||
2154 | printf("\n"); | |||
2155 | } | |||
2156 | printf("\n\n"); | |||
2157 | } | |||
2158 | ||||
2159 | for (i = 0; i < mechanismCount; i++) { | |||
2160 | CK_MECHANISM_INFO minfo; | |||
2161 | ||||
2162 | memset(&minfo, 0, sizeof(CK_MECHANISM_INFO)); | |||
2163 | crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotID], | |||
2164 | pMechanismList[i], &minfo); | |||
2165 | if (CKR_OK0x00000000UL != crv) { | |||
2166 | PKM_Error("C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n", | |||
2167 | pSlotList[slotID], pMechanismList[i], crv, | |||
2168 | PKM_CK_RVtoStr(crv)); | |||
2169 | return crv; | |||
2170 | } | |||
2171 | ||||
2172 | mechName = getName(pMechanismList[i], ConstMechanism); | |||
2173 | if (!mechName) | |||
2174 | mechName = "Unknown mechanism"; | |||
2175 | PKM_LogIt(" [%lu]: CK_MECHANISM_TYPE = %s 0x%08lX\n", (i + 1), | |||
2176 | mechName, | |||
2177 | pMechanismList[i]); | |||
2178 | PKM_LogIt(" ulMinKeySize = %lu\n", minfo.ulMinKeySize); | |||
2179 | PKM_LogIt(" ulMaxKeySize = %lu\n", minfo.ulMaxKeySize); | |||
2180 | PKM_LogIt(" flags = 0x%08x\n", minfo.flags); | |||
2181 | PKM_LogIt(" -> HW = %s\n", minfo.flags & CKF_HW0x00000001UL ? "TRUE" : "FALSE"); | |||
2182 | PKM_LogIt(" -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT0x00000100UL ? "TRUE" : "FALSE"); | |||
2183 | PKM_LogIt(" -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT0x00000200UL ? "TRUE" : "FALSE"); | |||
2184 | PKM_LogIt(" -> DIGEST = %s\n", minfo.flags & CKF_DIGEST0x00000400UL ? "TRUE" : "FALSE"); | |||
2185 | PKM_LogIt(" -> SIGN = %s\n", minfo.flags & CKF_SIGN0x00000800UL ? "TRUE" : "FALSE"); | |||
2186 | PKM_LogIt(" -> SIGN_RECOVER = %s\n", minfo.flags & CKF_SIGN_RECOVER0x00001000UL ? "TRUE" : "FALSE"); | |||
2187 | PKM_LogIt(" -> VERIFY = %s\n", minfo.flags & CKF_VERIFY0x00002000 ? "TRUE" : "FALSE"); | |||
2188 | PKM_LogIt(" -> VERIFY_RECOVER = %s\n", | |||
2189 | minfo.flags & CKF_VERIFY_RECOVER0x00004000UL ? "TRUE" : "FALSE"); | |||
2190 | PKM_LogIt(" -> GENERATE = %s\n", minfo.flags & CKF_GENERATE0x00008000UL ? "TRUE" : "FALSE"); | |||
2191 | PKM_LogIt(" -> GENERATE_KEY_PAIR = %s\n", | |||
2192 | minfo.flags & CKF_GENERATE_KEY_PAIR0x00010000UL ? "TRUE" : "FALSE"); | |||
2193 | PKM_LogIt(" -> WRAP = %s\n", minfo.flags & CKF_WRAP0x00020000UL ? "TRUE" : "FALSE"); | |||
2194 | PKM_LogIt(" -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP0x00040000UL ? "TRUE" : "FALSE"); | |||
2195 | PKM_LogIt(" -> DERIVE = %s\n", minfo.flags & CKF_DERIVE0x00080000UL ? "TRUE" : "FALSE"); | |||
2196 | PKM_LogIt(" -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION0x80000000UL ? "TRUE" : "FALSE"); | |||
2197 | ||||
2198 | PKM_LogIt("\n"); | |||
2199 | } | |||
2200 | ||||
2201 | return crv; | |||
2202 | } | |||
2203 | ||||
2204 | CK_RV | |||
2205 | PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, | |||
2206 | CK_ULONG slotID) | |||
2207 | { | |||
2208 | CK_SESSION_HANDLE hSession; | |||
2209 | CK_RV crv = CKR_OK0x00000000UL; | |||
2210 | CK_BYTE randomData[16]; | |||
2211 | CK_BYTE seed[] = { 0x01, 0x03, 0x35, 0x55, 0xFF }; | |||
2212 | ||||
2213 | NUMTESTS++; /* increment NUMTESTS */ | |||
2214 | ||||
2215 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
2216 | NULL((void*)0), NULL((void*)0), &hSession); | |||
2217 | if (crv != CKR_OK0x00000000UL) { | |||
2218 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
2219 | PKM_CK_RVtoStr(crv)); | |||
2220 | return crv; | |||
2221 | } | |||
2222 | ||||
2223 | crv = pFunctionList->C_GenerateRandom(hSession, | |||
2224 | randomData, sizeof randomData); | |||
2225 | if (crv == CKR_OK0x00000000UL) { | |||
2226 | PKM_LogIt("C_GenerateRandom without login succeeded\n"); | |||
2227 | } else { | |||
2228 | PKM_Error("C_GenerateRandom without login failed " | |||
2229 | "with 0x%08X, %-26s\n", | |||
2230 | crv, PKM_CK_RVtoStr(crv)); | |||
2231 | return crv; | |||
2232 | } | |||
2233 | crv = pFunctionList->C_SeedRandom(hSession, seed, sizeof(seed)); | |||
2234 | if (crv == CKR_OK0x00000000UL) { | |||
2235 | PKM_LogIt("C_SeedRandom without login succeeded\n"); | |||
2236 | } else { | |||
2237 | PKM_Error("C_SeedRandom without login failed " | |||
2238 | "with 0x%08X, %-26s\n", | |||
2239 | crv, PKM_CK_RVtoStr(crv)); | |||
2240 | return crv; | |||
2241 | } | |||
2242 | crv = pFunctionList->C_GenerateRandom(hSession, | |||
2243 | randomData, sizeof randomData); | |||
2244 | if (crv == CKR_OK0x00000000UL) { | |||
2245 | PKM_LogIt("C_GenerateRandom without login succeeded\n"); | |||
2246 | } else { | |||
2247 | PKM_Error("C_GenerateRandom without login failed " | |||
2248 | "with 0x%08X, %-26s\n", | |||
2249 | crv, PKM_CK_RVtoStr(crv)); | |||
2250 | return crv; | |||
2251 | } | |||
2252 | crv = pFunctionList->C_CloseSession(hSession); | |||
2253 | if (crv != CKR_OK0x00000000UL) { | |||
2254 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
2255 | PKM_CK_RVtoStr(crv)); | |||
2256 | return crv; | |||
2257 | } | |||
2258 | ||||
2259 | return crv; | |||
2260 | } | |||
2261 | ||||
2262 | CK_RV | |||
2263 | PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList, | |||
2264 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
2265 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
2266 | { | |||
2267 | CK_SESSION_HANDLE hSession; | |||
2268 | CK_RV crv = CKR_OK0x00000000UL; | |||
2269 | ||||
2270 | NUMTESTS++; /* increment NUMTESTS */ | |||
2271 | ||||
2272 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
2273 | NULL((void*)0), NULL((void*)0), &hSession); | |||
2274 | if (crv != CKR_OK0x00000000UL) { | |||
2275 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
2276 | PKM_CK_RVtoStr(crv)); | |||
2277 | return crv; | |||
2278 | } | |||
2279 | ||||
2280 | crv = pFunctionList->C_Login(hSession, CKU_USER1, (unsigned char *)"netscape", 8); | |||
2281 | if (crv == CKR_OK0x00000000UL) { | |||
2282 | PKM_Error("C_Login with wrong password succeeded\n"); | |||
2283 | return CKR_FUNCTION_FAILED0x00000006UL; | |||
2284 | } else { | |||
2285 | PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, " | |||
2286 | "%-26s.\n ", | |||
2287 | crv, PKM_CK_RVtoStr(crv)); | |||
2288 | } | |||
2289 | crv = pFunctionList->C_Login(hSession, CKU_USER1, (unsigned char *)"red hat", 7); | |||
2290 | if (crv == CKR_OK0x00000000UL) { | |||
2291 | PKM_Error("C_Login with wrong password succeeded\n"); | |||
2292 | return CKR_FUNCTION_FAILED0x00000006UL; | |||
2293 | } else { | |||
2294 | PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, " | |||
2295 | "%-26s.\n ", | |||
2296 | crv, PKM_CK_RVtoStr(crv)); | |||
2297 | } | |||
2298 | crv = pFunctionList->C_Login(hSession, CKU_USER1, | |||
2299 | (unsigned char *)"sun", 3); | |||
2300 | if (crv == CKR_OK0x00000000UL) { | |||
2301 | PKM_Error("C_Login with wrong password succeeded\n"); | |||
2302 | return CKR_FUNCTION_FAILED0x00000006UL; | |||
2303 | } else { | |||
2304 | PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, " | |||
2305 | "%-26s.\n ", | |||
2306 | crv, PKM_CK_RVtoStr(crv)); | |||
2307 | } | |||
2308 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
2309 | if (crv == CKR_OK0x00000000UL) { | |||
2310 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
2311 | } else { | |||
2312 | PKM_Error("C_Login with correct password failed " | |||
2313 | "with 0x%08X, %-26s\n", | |||
2314 | crv, PKM_CK_RVtoStr(crv)); | |||
2315 | return crv; | |||
2316 | } | |||
2317 | ||||
2318 | crv = pFunctionList->C_Logout(hSession); | |||
2319 | if (crv == CKR_OK0x00000000UL) { | |||
2320 | PKM_LogIt("C_Logout succeeded\n"); | |||
2321 | } else { | |||
2322 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
2323 | PKM_CK_RVtoStr(crv)); | |||
2324 | return crv; | |||
2325 | } | |||
2326 | ||||
2327 | crv = pFunctionList->C_CloseSession(hSession); | |||
2328 | if (crv != CKR_OK0x00000000UL) { | |||
2329 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
2330 | PKM_CK_RVtoStr(crv)); | |||
2331 | return crv; | |||
2332 | } | |||
2333 | ||||
2334 | return crv; | |||
2335 | } | |||
2336 | ||||
2337 | /* | |||
2338 | * PKM_LegacyFunctions | |||
2339 | * | |||
2340 | * Legacyfunctions exist only for backwards compatibility. | |||
2341 | * C_GetFunctionStatus and C_CancelFunction functions were | |||
2342 | * meant for managing parallel execution of cryptographic functions. | |||
2343 | * | |||
2344 | * C_GetFunctionStatus is a legacy function which should simply return | |||
2345 | * the value CKR_FUNCTION_NOT_PARALLEL. | |||
2346 | * | |||
2347 | * C_CancelFunction is a legacy function which should simply return the | |||
2348 | * value CKR_FUNCTION_NOT_PARALLEL. | |||
2349 | * | |||
2350 | */ | |||
2351 | CK_RV | |||
2352 | PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList, | |||
2353 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
2354 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
2355 | { | |||
2356 | CK_SESSION_HANDLE hSession; | |||
2357 | CK_RV crv = CKR_OK0x00000000UL; | |||
2358 | NUMTESTS++; /* increment NUMTESTS */ | |||
2359 | ||||
2360 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
2361 | NULL((void*)0), NULL((void*)0), &hSession); | |||
2362 | if (crv != CKR_OK0x00000000UL) { | |||
2363 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
2364 | PKM_CK_RVtoStr(crv)); | |||
2365 | return crv; | |||
2366 | } | |||
2367 | ||||
2368 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
2369 | if (crv == CKR_OK0x00000000UL) { | |||
2370 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
2371 | } else { | |||
2372 | PKM_Error("C_Login with correct password failed " | |||
2373 | "with 0x%08X, %-26s\n", | |||
2374 | crv, PKM_CK_RVtoStr(crv)); | |||
2375 | return crv; | |||
2376 | } | |||
2377 | ||||
2378 | crv = pFunctionList->C_GetFunctionStatus(hSession); | |||
2379 | if (crv == CKR_FUNCTION_NOT_PARALLEL0x00000051UL) { | |||
2380 | PKM_LogIt("C_GetFunctionStatus correctly" | |||
2381 | "returned CKR_FUNCTION_NOT_PARALLEL \n"); | |||
2382 | } else { | |||
2383 | PKM_Error("C_GetFunctionStatus failed " | |||
2384 | "with 0x%08X, %-26s\n", | |||
2385 | crv, PKM_CK_RVtoStr(crv)); | |||
2386 | return crv; | |||
2387 | } | |||
2388 | ||||
2389 | crv = pFunctionList->C_CancelFunction(hSession); | |||
2390 | if (crv == CKR_FUNCTION_NOT_PARALLEL0x00000051UL) { | |||
2391 | PKM_LogIt("C_CancelFunction correctly " | |||
2392 | "returned CKR_FUNCTION_NOT_PARALLEL \n"); | |||
2393 | } else { | |||
2394 | PKM_Error("C_CancelFunction failed " | |||
2395 | "with 0x%08X, %-26s\n", | |||
2396 | crv, PKM_CK_RVtoStr(crv)); | |||
2397 | return crv; | |||
2398 | } | |||
2399 | ||||
2400 | crv = pFunctionList->C_Logout(hSession); | |||
2401 | if (crv == CKR_OK0x00000000UL) { | |||
2402 | PKM_LogIt("C_Logout succeeded\n"); | |||
2403 | } else { | |||
2404 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
2405 | PKM_CK_RVtoStr(crv)); | |||
2406 | return crv; | |||
2407 | } | |||
2408 | ||||
2409 | crv = pFunctionList->C_CloseSession(hSession); | |||
2410 | if (crv != CKR_OK0x00000000UL) { | |||
2411 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
2412 | PKM_CK_RVtoStr(crv)); | |||
2413 | return crv; | |||
2414 | } | |||
2415 | ||||
2416 | return crv; | |||
2417 | } | |||
2418 | ||||
2419 | /* | |||
2420 | * PKM_DualFuncDigest - demostrates the Dual-function | |||
2421 | * cryptograpic functions: | |||
2422 | * | |||
2423 | * C_DigestEncryptUpdate - multi-part Digest and Encrypt | |||
2424 | * C_DecryptDigestUpdate - multi-part Decrypt and Digest | |||
2425 | * | |||
2426 | * | |||
2427 | */ | |||
2428 | ||||
2429 | CK_RV | |||
2430 | PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList, | |||
2431 | CK_SESSION_HANDLE hSession, | |||
2432 | CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech, | |||
2433 | CK_OBJECT_HANDLE hSecKeyDigest, | |||
2434 | CK_MECHANISM *digestMech, | |||
2435 | const CK_BYTE *pData, CK_ULONG pDataLen) | |||
2436 | { | |||
2437 | CK_RV crv = CKR_OK0x00000000UL; | |||
2438 | CK_BYTE eDigest[MAX_DIGEST_SZ64]; | |||
2439 | CK_BYTE dDigest[MAX_DIGEST_SZ64]; | |||
2440 | CK_ULONG ulDigestLen; | |||
2441 | CK_BYTE ciphertext[MAX_CIPHER_SZ128]; | |||
2442 | CK_ULONG ciphertextLen, lastLen; | |||
2443 | CK_BYTE plaintext[MAX_DATA_SZ64]; | |||
2444 | CK_ULONG plaintextLen; | |||
2445 | unsigned int i; | |||
2446 | ||||
2447 | memset(eDigest, 0, sizeof(eDigest)); | |||
2448 | memset(dDigest, 0, sizeof(dDigest)); | |||
2449 | memset(ciphertext, 0, sizeof(ciphertext)); | |||
2450 | memset(plaintext, 0, sizeof(plaintext)); | |||
2451 | ||||
2452 | NUMTESTS++; /* increment NUMTESTS */ | |||
2453 | ||||
2454 | /* | |||
2455 | * First init the Digest and Ecrypt operations | |||
2456 | */ | |||
2457 | crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSecKey); | |||
2458 | if (crv != CKR_OK0x00000000UL) { | |||
2459 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, | |||
2460 | PKM_CK_RVtoStr(crv)); | |||
2461 | return crv; | |||
2462 | } | |||
2463 | crv = pFunctionList->C_DigestInit(hSession, digestMech); | |||
2464 | if (crv != CKR_OK0x00000000UL) { | |||
2465 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, | |||
2466 | PKM_CK_RVtoStr(crv)); | |||
2467 | return crv; | |||
2468 | } | |||
2469 | ||||
2470 | ciphertextLen = sizeof(ciphertext); | |||
2471 | crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE *)pData, | |||
2472 | pDataLen, | |||
2473 | ciphertext, &ciphertextLen); | |||
2474 | if (crv != CKR_OK0x00000000UL) { | |||
2475 | PKM_Error("C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv, | |||
2476 | PKM_CK_RVtoStr(crv)); | |||
2477 | return crv; | |||
2478 | } | |||
2479 | ||||
2480 | ulDigestLen = sizeof(eDigest); | |||
2481 | crv = pFunctionList->C_DigestFinal(hSession, eDigest, &ulDigestLen); | |||
2482 | if (crv != CKR_OK0x00000000UL) { | |||
2483 | PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv, | |||
2484 | PKM_CK_RVtoStr(crv)); | |||
2485 | return crv; | |||
2486 | } | |||
2487 | ||||
2488 | /* get the last piece of ciphertext (length should be 0 */ | |||
2489 | lastLen = sizeof(ciphertext) - ciphertextLen; | |||
2490 | crv = pFunctionList->C_EncryptFinal(hSession, | |||
2491 | (CK_BYTE *)&ciphertext[ciphertextLen], | |||
2492 | &lastLen); | |||
2493 | if (crv != CKR_OK0x00000000UL) { | |||
2494 | PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv, | |||
2495 | PKM_CK_RVtoStr(crv)); | |||
2496 | return crv; | |||
2497 | } | |||
2498 | ciphertextLen = ciphertextLen + lastLen; | |||
2499 | if (verbose) { | |||
2500 | printf("ciphertext = "); | |||
2501 | for (i = 0; i < ciphertextLen; i++) { | |||
2502 | printf("%02x", (unsigned)ciphertext[i]); | |||
2503 | } | |||
2504 | printf("\n"); | |||
2505 | printf("eDigest = "); | |||
2506 | for (i = 0; i < ulDigestLen; i++) { | |||
2507 | printf("%02x", (unsigned)eDigest[i]); | |||
2508 | } | |||
2509 | printf("\n"); | |||
2510 | } | |||
2511 | ||||
2512 | /* Decrypt the text */ | |||
2513 | crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSecKey); | |||
2514 | if (crv != CKR_OK0x00000000UL) { | |||
2515 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2516 | PKM_CK_RVtoStr(crv)); | |||
2517 | return crv; | |||
2518 | } | |||
2519 | crv = pFunctionList->C_DigestInit(hSession, digestMech); | |||
2520 | if (crv != CKR_OK0x00000000UL) { | |||
2521 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2522 | PKM_CK_RVtoStr(crv)); | |||
2523 | return crv; | |||
2524 | } | |||
2525 | ||||
2526 | plaintextLen = sizeof(plaintext); | |||
2527 | crv = pFunctionList->C_DecryptDigestUpdate(hSession, ciphertext, | |||
2528 | ciphertextLen, | |||
2529 | plaintext, | |||
2530 | &plaintextLen); | |||
2531 | if (crv != CKR_OK0x00000000UL) { | |||
2532 | PKM_Error("C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv, | |||
2533 | PKM_CK_RVtoStr(crv)); | |||
2534 | return crv; | |||
2535 | } | |||
2536 | lastLen = sizeof(plaintext) - plaintextLen; | |||
2537 | ||||
2538 | crv = pFunctionList->C_DecryptFinal(hSession, | |||
2539 | (CK_BYTE *)&plaintext[plaintextLen], | |||
2540 | &lastLen); | |||
2541 | if (crv != CKR_OK0x00000000UL) { | |||
2542 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, | |||
2543 | PKM_CK_RVtoStr(crv)); | |||
2544 | return crv; | |||
2545 | } | |||
2546 | plaintextLen = plaintextLen + lastLen; | |||
2547 | ||||
2548 | ulDigestLen = sizeof(dDigest); | |||
2549 | crv = pFunctionList->C_DigestFinal(hSession, dDigest, &ulDigestLen); | |||
2550 | if (crv != CKR_OK0x00000000UL) { | |||
2551 | PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv, | |||
2552 | PKM_CK_RVtoStr(crv)); | |||
2553 | return crv; | |||
2554 | } | |||
2555 | ||||
2556 | if (plaintextLen != pDataLen) { | |||
2557 | PKM_Error("plaintextLen is %lu\n", plaintextLen); | |||
2558 | return crv; | |||
2559 | } | |||
2560 | ||||
2561 | if (verbose) { | |||
2562 | printf("plaintext = "); | |||
2563 | for (i = 0; i < plaintextLen; i++) { | |||
2564 | printf("%02x", (unsigned)plaintext[i]); | |||
2565 | } | |||
2566 | printf("\n"); | |||
2567 | printf("dDigest = "); | |||
2568 | for (i = 0; i < ulDigestLen; i++) { | |||
2569 | printf("%02x", (unsigned)dDigest[i]); | |||
2570 | } | |||
2571 | printf("\n"); | |||
2572 | } | |||
2573 | ||||
2574 | if (memcmp(eDigest, dDigest, ulDigestLen) == 0) { | |||
2575 | PKM_LogIt("Encrypted Digest equals Decrypted Digest\n"); | |||
2576 | } else { | |||
2577 | PKM_Error("Digests don't match\n"); | |||
2578 | } | |||
2579 | ||||
2580 | if ((plaintextLen == pDataLen) && | |||
2581 | (memcmp(plaintext, pData, pDataLen)) == 0) { | |||
2582 | PKM_LogIt("DualFuncDigest decrypt test case passed\n"); | |||
2583 | } else { | |||
2584 | PKM_Error("DualFuncDigest derypt test case failed\n"); | |||
2585 | } | |||
2586 | ||||
2587 | return crv; | |||
2588 | } | |||
2589 | ||||
2590 | /* | |||
2591 | * PKM_SecKeyCrypt - Symmetric key encrypt/decyprt | |||
2592 | * | |||
2593 | */ | |||
2594 | ||||
2595 | CK_RV | |||
2596 | PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList, | |||
2597 | CK_SESSION_HANDLE hSession, | |||
2598 | CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech, | |||
2599 | const CK_BYTE *pData, CK_ULONG dataLen) | |||
2600 | { | |||
2601 | CK_RV crv = CKR_OK0x00000000UL; | |||
2602 | ||||
2603 | CK_BYTE cipher1[MAX_CIPHER_SZ128]; | |||
2604 | CK_BYTE cipher2[MAX_CIPHER_SZ128]; | |||
2605 | CK_BYTE data1[MAX_DATA_SZ64]; | |||
2606 | CK_BYTE data2[MAX_DATA_SZ64]; | |||
2607 | CK_ULONG cipher1Len = 0, cipher2Len = 0, lastLen = 0; | |||
2608 | CK_ULONG data1Len = 0, data2Len = 0; | |||
2609 | ||||
2610 | NUMTESTS++; /* increment NUMTESTS */ | |||
2611 | ||||
2612 | memset(cipher1, 0, sizeof(cipher1)); | |||
2613 | memset(cipher2, 0, sizeof(cipher2)); | |||
2614 | memset(data1, 0, sizeof(data1)); | |||
2615 | memset(data2, 0, sizeof(data2)); | |||
2616 | ||||
2617 | /* C_Encrypt */ | |||
2618 | crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey); | |||
2619 | if (crv != CKR_OK0x00000000UL) { | |||
2620 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, | |||
2621 | PKM_CK_RVtoStr(crv)); | |||
2622 | return crv; | |||
2623 | } | |||
2624 | cipher1Len = sizeof(cipher1); | |||
2625 | crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)pData, dataLen, | |||
2626 | cipher1, &cipher1Len); | |||
2627 | if (crv != CKR_OK0x00000000UL) { | |||
2628 | PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv, | |||
2629 | PKM_CK_RVtoStr(crv)); | |||
2630 | return crv; | |||
2631 | } | |||
2632 | ||||
2633 | /* C_EncryptUpdate */ | |||
2634 | crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey); | |||
2635 | if (crv != CKR_OK0x00000000UL) { | |||
2636 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, | |||
2637 | PKM_CK_RVtoStr(crv)); | |||
2638 | return crv; | |||
2639 | } | |||
2640 | cipher2Len = sizeof(cipher2); | |||
2641 | crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)pData, | |||
2642 | dataLen, | |||
2643 | cipher2, &cipher2Len); | |||
2644 | if (crv != CKR_OK0x00000000UL) { | |||
2645 | PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv, | |||
2646 | PKM_CK_RVtoStr(crv)); | |||
2647 | return crv; | |||
2648 | } | |||
2649 | lastLen = sizeof(cipher2) - cipher2Len; | |||
2650 | ||||
2651 | crv = pFunctionList->C_EncryptFinal(hSession, | |||
2652 | (CK_BYTE *)&cipher2[cipher2Len], | |||
2653 | &lastLen); | |||
2654 | cipher2Len = cipher2Len + lastLen; | |||
2655 | ||||
2656 | if ((cipher1Len == cipher2Len) && | |||
2657 | (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0)) { | |||
2658 | PKM_LogIt("encrypt test case passed\n"); | |||
2659 | } else { | |||
2660 | PKM_Error("encrypt test case failed\n"); | |||
2661 | return CKR_GENERAL_ERROR0x00000005UL; | |||
2662 | } | |||
2663 | ||||
2664 | /* C_Decrypt */ | |||
2665 | crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey); | |||
2666 | if (crv != CKR_OK0x00000000UL) { | |||
2667 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2668 | PKM_CK_RVtoStr(crv)); | |||
2669 | return crv; | |||
2670 | } | |||
2671 | data1Len = sizeof(data1); | |||
2672 | crv = pFunctionList->C_Decrypt(hSession, cipher1, cipher1Len, | |||
2673 | data1, &data1Len); | |||
2674 | if (crv != CKR_OK0x00000000UL) { | |||
2675 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2676 | PKM_CK_RVtoStr(crv)); | |||
2677 | return crv; | |||
2678 | } | |||
2679 | /* now use C_DecryptUpdate the text */ | |||
2680 | crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey); | |||
2681 | if (crv != CKR_OK0x00000000UL) { | |||
2682 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2683 | PKM_CK_RVtoStr(crv)); | |||
2684 | return crv; | |||
2685 | } | |||
2686 | data2Len = sizeof(data2); | |||
2687 | crv = pFunctionList->C_DecryptUpdate(hSession, cipher2, | |||
2688 | cipher2Len, | |||
2689 | data2, &data2Len); | |||
2690 | if (crv != CKR_OK0x00000000UL) { | |||
2691 | PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv, | |||
2692 | PKM_CK_RVtoStr(crv)); | |||
2693 | return crv; | |||
2694 | } | |||
2695 | lastLen = sizeof(data2) - data2Len; | |||
2696 | crv = pFunctionList->C_DecryptFinal(hSession, | |||
2697 | (CK_BYTE *)&data2[data2Len], | |||
2698 | &lastLen); | |||
2699 | if (crv != CKR_OK0x00000000UL) { | |||
2700 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, | |||
2701 | PKM_CK_RVtoStr(crv)); | |||
2702 | return crv; | |||
2703 | } | |||
2704 | data2Len = data2Len + lastLen; | |||
2705 | ||||
2706 | /* Comparison of Decrypt data */ | |||
2707 | ||||
2708 | if ((data1Len == data2Len) && (dataLen == data1Len) && | |||
2709 | (memcmp(data1, pData, dataLen) == 0) && | |||
2710 | (memcmp(data2, pData, dataLen) == 0)) { | |||
2711 | PKM_LogIt("decrypt test case passed\n"); | |||
2712 | } else { | |||
2713 | PKM_Error("derypt test case failed\n"); | |||
2714 | } | |||
2715 | ||||
2716 | return crv; | |||
2717 | } | |||
2718 | ||||
2719 | CK_RV | |||
2720 | PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, | |||
2721 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
2722 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
2723 | { | |||
2724 | CK_SESSION_HANDLE hSession; | |||
2725 | CK_RV crv = CKR_OK0x00000000UL; | |||
2726 | CK_MECHANISM sAESKeyMech = { | |||
2727 | CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0 | |||
2728 | }; | |||
2729 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; | |||
2730 | CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL; | |||
2731 | CK_UTF8CHAR AESlabel[] = "An AES secret key object"; | |||
2732 | CK_ULONG AESvalueLen = 16; | |||
2733 | CK_ATTRIBUTE sAESKeyTemplate[9]; | |||
2734 | CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE0; | |||
2735 | ||||
2736 | CK_BYTE KEY[16]; | |||
2737 | CK_BYTE IV[16]; | |||
2738 | static const CK_BYTE CIPHERTEXT[] = { | |||
2739 | 0x7e, 0x6a, 0x3f, 0x3b, 0x39, 0x3c, 0xf2, 0x4b, | |||
2740 | 0xce, 0xcc, 0x23, 0x6d, 0x80, 0xfd, 0xe0, 0xff | |||
2741 | }; | |||
2742 | CK_BYTE ciphertext[64]; | |||
2743 | CK_BYTE ciphertext2[64]; | |||
2744 | CK_ULONG ciphertextLen, ciphertext2Len, lastLen; | |||
2745 | CK_BYTE plaintext[32]; | |||
2746 | CK_BYTE plaintext2[32]; | |||
2747 | CK_ULONG plaintextLen, plaintext2Len; | |||
2748 | CK_BYTE wrappedKey[16]; | |||
2749 | CK_ULONG wrappedKeyLen; | |||
2750 | CK_MECHANISM aesEcbMech = { | |||
2751 | CKM_AES_ECB0x00001081UL, NULL((void*)0), 0 | |||
2752 | }; | |||
2753 | CK_OBJECT_HANDLE hTestKey; | |||
2754 | CK_MECHANISM mech_AES_CBC; | |||
2755 | ||||
2756 | NUMTESTS++; /* increment NUMTESTS */ | |||
2757 | ||||
2758 | memset(ciphertext, 0, sizeof(ciphertext)); | |||
2759 | memset(ciphertext2, 0, sizeof(ciphertext2)); | |||
2760 | memset(IV, 0x00, sizeof(IV)); | |||
2761 | memset(KEY, 0x00, sizeof(KEY)); | |||
2762 | ||||
2763 | mech_AES_CBC.mechanism = CKM_AES_CBC0x00001082UL; | |||
2764 | mech_AES_CBC.pParameter = IV; | |||
2765 | mech_AES_CBC.ulParameterLen = sizeof(IV); | |||
2766 | ||||
2767 | /* AES key template */ | |||
2768 | sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL; | |||
2769 | sAESKeyTemplate[0].pValue = &class; | |||
2770 | sAESKeyTemplate[0].ulValueLen = sizeof(class); | |||
2771 | sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; | |||
2772 | sAESKeyTemplate[1].pValue = &keyAESType; | |||
2773 | sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType); | |||
2774 | sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL; | |||
2775 | sAESKeyTemplate[2].pValue = AESlabel; | |||
2776 | sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1; | |||
2777 | sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; | |||
2778 | sAESKeyTemplate[3].pValue = &true; | |||
2779 | sAESKeyTemplate[3].ulValueLen = sizeof(true); | |||
2780 | sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL; | |||
2781 | sAESKeyTemplate[4].pValue = &true; | |||
2782 | sAESKeyTemplate[4].ulValueLen = sizeof(true); | |||
2783 | sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL; | |||
2784 | sAESKeyTemplate[5].pValue = &true; | |||
2785 | sAESKeyTemplate[5].ulValueLen = sizeof(true); | |||
2786 | sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL; | |||
2787 | sAESKeyTemplate[6].pValue = &true; | |||
2788 | sAESKeyTemplate[6].ulValueLen = sizeof(true); | |||
2789 | sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL; | |||
2790 | sAESKeyTemplate[7].pValue = &true; | |||
2791 | sAESKeyTemplate[7].ulValueLen = sizeof(true); | |||
2792 | sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; | |||
2793 | sAESKeyTemplate[8].pValue = &AESvalueLen; | |||
2794 | sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen); | |||
2795 | ||||
2796 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
2797 | NULL((void*)0), NULL((void*)0), &hSession); | |||
2798 | if (crv != CKR_OK0x00000000UL) { | |||
2799 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
2800 | PKM_CK_RVtoStr(crv)); | |||
2801 | return crv; | |||
2802 | } | |||
2803 | ||||
2804 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
2805 | if (crv == CKR_OK0x00000000UL) { | |||
2806 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
2807 | } else { | |||
2808 | PKM_Error("C_Login with correct password failed " | |||
2809 | "with 0x%08X, %-26s\n", | |||
2810 | crv, PKM_CK_RVtoStr(crv)); | |||
2811 | return crv; | |||
2812 | } | |||
2813 | ||||
2814 | PKM_LogIt("Generate an AES key ... \n"); | |||
2815 | /* generate an AES Secret Key */ | |||
2816 | crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech, | |||
2817 | sAESKeyTemplate, | |||
2818 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), | |||
2819 | &hKey); | |||
2820 | if (crv == CKR_OK0x00000000UL) { | |||
2821 | PKM_LogIt("C_GenerateKey AES succeeded\n"); | |||
2822 | } else { | |||
2823 | PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n", | |||
2824 | crv, PKM_CK_RVtoStr(crv)); | |||
2825 | return crv; | |||
2826 | } | |||
2827 | ||||
2828 | crv = pFunctionList->C_EncryptInit(hSession, &aesEcbMech, hKey); | |||
2829 | if (crv != CKR_OK0x00000000UL) { | |||
2830 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, | |||
2831 | PKM_CK_RVtoStr(crv)); | |||
2832 | return crv; | |||
2833 | } | |||
2834 | wrappedKeyLen = sizeof(wrappedKey); | |||
2835 | crv = pFunctionList->C_Encrypt(hSession, KEY, sizeof(KEY), | |||
2836 | wrappedKey, &wrappedKeyLen); | |||
2837 | if (crv != CKR_OK0x00000000UL) { | |||
2838 | PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv, | |||
2839 | PKM_CK_RVtoStr(crv)); | |||
2840 | return crv; | |||
2841 | } | |||
2842 | if (wrappedKeyLen != sizeof(wrappedKey)) { | |||
2843 | PKM_Error("wrappedKeyLen is %lu\n", wrappedKeyLen); | |||
2844 | return crv; | |||
2845 | } | |||
2846 | /* Import an encrypted key */ | |||
2847 | crv = pFunctionList->C_UnwrapKey(hSession, &aesEcbMech, hKey, | |||
2848 | wrappedKey, wrappedKeyLen, | |||
2849 | sAESKeyTemplate, | |||
2850 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), | |||
2851 | &hTestKey); | |||
2852 | if (crv != CKR_OK0x00000000UL) { | |||
2853 | PKM_Error("C_UnwraPKey failed with 0x%08X, %-26s\n", crv, | |||
2854 | PKM_CK_RVtoStr(crv)); | |||
2855 | return crv; | |||
2856 | } | |||
2857 | /* AES Encrypt the text */ | |||
2858 | crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey); | |||
2859 | if (crv != CKR_OK0x00000000UL) { | |||
2860 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, | |||
2861 | PKM_CK_RVtoStr(crv)); | |||
2862 | return crv; | |||
2863 | } | |||
2864 | ciphertextLen = sizeof(ciphertext); | |||
2865 | crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)PLAINTEXT, | |||
2866 | sizeof(PLAINTEXT), | |||
2867 | ciphertext, &ciphertextLen); | |||
2868 | if (crv != CKR_OK0x00000000UL) { | |||
2869 | PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv, | |||
2870 | PKM_CK_RVtoStr(crv)); | |||
2871 | return crv; | |||
2872 | } | |||
2873 | ||||
2874 | if ((ciphertextLen == sizeof(CIPHERTEXT)) && | |||
2875 | (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) { | |||
2876 | PKM_LogIt("AES CBCVarKey128 encrypt test case 1 passed\n"); | |||
2877 | } else { | |||
2878 | PKM_Error("AES CBCVarKey128 encrypt test case 1 failed\n"); | |||
2879 | return crv; | |||
2880 | } | |||
2881 | ||||
2882 | /* now use EncryptUpdate the text */ | |||
2883 | crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey); | |||
2884 | if (crv != CKR_OK0x00000000UL) { | |||
2885 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, | |||
2886 | PKM_CK_RVtoStr(crv)); | |||
2887 | return crv; | |||
2888 | } | |||
2889 | ciphertext2Len = sizeof(ciphertext2); | |||
2890 | crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)PLAINTEXT, | |||
2891 | sizeof(PLAINTEXT), | |||
2892 | ciphertext2, &ciphertext2Len); | |||
2893 | if (crv != CKR_OK0x00000000UL) { | |||
2894 | PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv, | |||
2895 | PKM_CK_RVtoStr(crv)); | |||
2896 | return crv; | |||
2897 | } | |||
2898 | lastLen = sizeof(ciphertext2) - ciphertext2Len; | |||
2899 | ||||
2900 | crv = pFunctionList->C_EncryptFinal(hSession, | |||
2901 | (CK_BYTE *)&ciphertext2[ciphertext2Len], | |||
2902 | &lastLen); | |||
2903 | ciphertext2Len = ciphertext2Len + lastLen; | |||
2904 | ||||
2905 | if ((ciphertextLen == ciphertext2Len) && | |||
2906 | (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) && | |||
2907 | (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) { | |||
2908 | PKM_LogIt("AES CBCVarKey128 encrypt test case 2 passed\n"); | |||
2909 | } else { | |||
2910 | PKM_Error("AES CBCVarKey128 encrypt test case 2 failed\n"); | |||
2911 | return CKR_GENERAL_ERROR0x00000005UL; | |||
2912 | } | |||
2913 | ||||
2914 | /* AES CBC Decrypt the text */ | |||
2915 | crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey); | |||
2916 | if (crv != CKR_OK0x00000000UL) { | |||
2917 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2918 | PKM_CK_RVtoStr(crv)); | |||
2919 | return crv; | |||
2920 | } | |||
2921 | plaintextLen = sizeof(plaintext); | |||
2922 | crv = pFunctionList->C_Decrypt(hSession, ciphertext, ciphertextLen, | |||
2923 | plaintext, &plaintextLen); | |||
2924 | if (crv != CKR_OK0x00000000UL) { | |||
2925 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2926 | PKM_CK_RVtoStr(crv)); | |||
2927 | return crv; | |||
2928 | } | |||
2929 | if ((plaintextLen == sizeof(PLAINTEXT)) && | |||
2930 | (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) { | |||
2931 | PKM_LogIt("AES CBCVarKey128 decrypt test case 1 passed\n"); | |||
2932 | } else { | |||
2933 | PKM_Error("AES CBCVarKey128 derypt test case 1 failed\n"); | |||
2934 | } | |||
2935 | /* now use DecryptUpdate the text */ | |||
2936 | crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey); | |||
2937 | if (crv != CKR_OK0x00000000UL) { | |||
2938 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
2939 | PKM_CK_RVtoStr(crv)); | |||
2940 | return crv; | |||
2941 | } | |||
2942 | plaintext2Len = sizeof(plaintext2); | |||
2943 | crv = pFunctionList->C_DecryptUpdate(hSession, ciphertext2, | |||
2944 | ciphertext2Len, | |||
2945 | plaintext2, &plaintext2Len); | |||
2946 | if (crv != CKR_OK0x00000000UL) { | |||
2947 | PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv, | |||
2948 | PKM_CK_RVtoStr(crv)); | |||
2949 | return crv; | |||
2950 | } | |||
2951 | lastLen = sizeof(plaintext2) - plaintext2Len; | |||
2952 | crv = pFunctionList->C_DecryptFinal(hSession, | |||
2953 | (CK_BYTE *)&plaintext2[plaintext2Len], | |||
2954 | &lastLen); | |||
2955 | plaintext2Len = plaintext2Len + lastLen; | |||
2956 | ||||
2957 | if ((plaintextLen == plaintext2Len) && | |||
2958 | (memcmp(plaintext, plaintext2, plaintext2Len) == 0) && | |||
2959 | (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) { | |||
2960 | PKM_LogIt("AES CBCVarKey128 decrypt test case 2 passed\n"); | |||
2961 | } else { | |||
2962 | PKM_Error("AES CBCVarKey128 decrypt test case 2 failed\n"); | |||
2963 | return CKR_GENERAL_ERROR0x00000005UL; | |||
2964 | } | |||
2965 | ||||
2966 | crv = pFunctionList->C_Logout(hSession); | |||
2967 | if (crv == CKR_OK0x00000000UL) { | |||
2968 | PKM_LogIt("C_Logout succeeded\n"); | |||
2969 | } else { | |||
2970 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
2971 | PKM_CK_RVtoStr(crv)); | |||
2972 | return crv; | |||
2973 | } | |||
2974 | crv = pFunctionList->C_CloseSession(hSession); | |||
2975 | if (crv != CKR_OK0x00000000UL) { | |||
2976 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
2977 | PKM_CK_RVtoStr(crv)); | |||
2978 | return crv; | |||
2979 | } | |||
2980 | ||||
2981 | return crv; | |||
2982 | } | |||
2983 | ||||
2984 | CK_RV | |||
2985 | PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList, | |||
2986 | CK_SESSION_HANDLE hRwSession, | |||
2987 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, | |||
2988 | CK_MECHANISM *signMech, const CK_BYTE *pData, | |||
2989 | CK_ULONG pDataLen) | |||
2990 | { | |||
2991 | CK_RV crv = CKR_OK0x00000000UL; | |||
2992 | CK_BYTE sig[MAX_SIG_SZ128]; | |||
2993 | CK_ULONG sigLen = 0; | |||
2994 | ||||
2995 | NUMTESTS++; /* increment NUMTESTS */ | |||
2996 | memset(sig, 0, sizeof(sig)); | |||
2997 | ||||
2998 | /* C_Sign */ | |||
2999 | crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey); | |||
3000 | if (crv != CKR_OK0x00000000UL) { | |||
3001 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, | |||
3002 | PKM_CK_RVtoStr(crv)); | |||
3003 | return crv; | |||
3004 | } | |||
3005 | sigLen = sizeof(sig); | |||
3006 | crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)pData, pDataLen, | |||
3007 | sig, &sigLen); | |||
3008 | if (crv != CKR_OK0x00000000UL) { | |||
3009 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, | |||
3010 | PKM_CK_RVtoStr(crv)); | |||
3011 | return crv; | |||
3012 | } | |||
3013 | ||||
3014 | /* C_Verify the signature */ | |||
3015 | crv = pFunctionList->C_VerifyInit(hRwSession, signMech, hPubKey); | |||
3016 | if (crv != CKR_OK0x00000000UL) { | |||
3017 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
3018 | PKM_CK_RVtoStr(crv)); | |||
3019 | return crv; | |||
3020 | } | |||
3021 | crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE *)pData, pDataLen, | |||
3022 | sig, sigLen); | |||
3023 | if (crv == CKR_OK0x00000000UL) { | |||
3024 | PKM_LogIt("C_Verify succeeded\n"); | |||
3025 | } else { | |||
3026 | PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv, | |||
3027 | PKM_CK_RVtoStr(crv)); | |||
3028 | return crv; | |||
3029 | } | |||
3030 | ||||
3031 | /* Check that the mechanism is Multi-part */ | |||
3032 | if (signMech->mechanism == CKM_DSA0x00000011UL || | |||
3033 | signMech->mechanism == CKM_RSA_PKCS0x00000001UL) { | |||
3034 | return crv; | |||
3035 | } | |||
3036 | ||||
3037 | memset(sig, 0, sizeof(sig)); | |||
3038 | /* SignUpdate */ | |||
3039 | crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey); | |||
3040 | if (crv != CKR_OK0x00000000UL) { | |||
3041 | PKM_Error("C_SignInit failed with 0x%08lX %-26s\n", crv, | |||
3042 | PKM_CK_RVtoStr(crv)); | |||
3043 | return crv; | |||
3044 | } | |||
3045 | crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE *)pData, pDataLen); | |||
3046 | if (crv != CKR_OK0x00000000UL) { | |||
3047 | PKM_Error("C_Sign failed with 0x%08lX %-26s\n", crv, | |||
3048 | PKM_CK_RVtoStr(crv)); | |||
3049 | return crv; | |||
3050 | } | |||
3051 | ||||
3052 | sigLen = sizeof(sig); | |||
3053 | crv = pFunctionList->C_SignFinal(hRwSession, sig, &sigLen); | |||
3054 | if (crv != CKR_OK0x00000000UL) { | |||
3055 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, | |||
3056 | PKM_CK_RVtoStr(crv)); | |||
3057 | return crv; | |||
3058 | } | |||
3059 | ||||
3060 | /* C_VerifyUpdate the signature */ | |||
3061 | crv = pFunctionList->C_VerifyInit(hRwSession, signMech, | |||
3062 | hPubKey); | |||
3063 | if (crv != CKR_OK0x00000000UL) { | |||
3064 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
3065 | PKM_CK_RVtoStr(crv)); | |||
3066 | return crv; | |||
3067 | } | |||
3068 | crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE *)pData, | |||
3069 | pDataLen); | |||
3070 | if (crv != CKR_OK0x00000000UL) { | |||
3071 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, | |||
3072 | PKM_CK_RVtoStr(crv)); | |||
3073 | return crv; | |||
3074 | } | |||
3075 | crv = pFunctionList->C_VerifyFinal(hRwSession, sig, sigLen); | |||
3076 | if (crv == CKR_OK0x00000000UL) { | |||
3077 | PKM_LogIt("C_VerifyFinal succeeded\n"); | |||
3078 | } else { | |||
3079 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, | |||
3080 | PKM_CK_RVtoStr(crv)); | |||
3081 | return crv; | |||
3082 | } | |||
3083 | return crv; | |||
3084 | } | |||
3085 | ||||
3086 | CK_RV | |||
3087 | PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, | |||
3088 | CK_SLOT_ID *pSlotList, | |||
3089 | CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, | |||
3090 | CK_ULONG pwdLen) | |||
3091 | { | |||
3092 | CK_SESSION_HANDLE hSession; | |||
3093 | CK_RV crv = CKR_OK0x00000000UL; | |||
3094 | ||||
3095 | /*** DSA Key ***/ | |||
3096 | CK_MECHANISM dsaParamGenMech; | |||
3097 | CK_ULONG primeBits = 1024; | |||
3098 | CK_ATTRIBUTE dsaParamGenTemplate[1]; | |||
3099 | CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE0; | |||
3100 | CK_BYTE DSA_P[128]; | |||
3101 | CK_BYTE DSA_Q[20]; | |||
3102 | CK_BYTE DSA_G[128]; | |||
3103 | CK_MECHANISM dsaKeyPairGenMech; | |||
3104 | CK_ATTRIBUTE dsaPubKeyTemplate[5]; | |||
3105 | CK_ATTRIBUTE dsaPrivKeyTemplate[5]; | |||
3106 | CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE0; | |||
3107 | CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE0; | |||
3108 | ||||
3109 | /* From SHA1ShortMsg.req, Len = 136 */ | |||
3110 | CK_BYTE MSG[] = { | |||
3111 | 0xba, 0x33, 0x95, 0xfb, | |||
3112 | 0x5a, 0xfa, 0x8e, 0x6a, | |||
3113 | 0x43, 0xdf, 0x41, 0x6b, | |||
3114 | 0x32, 0x7b, 0x74, 0xfa, | |||
3115 | 0x44 | |||
3116 | }; | |||
3117 | CK_BYTE MD[] = { | |||
3118 | 0xf7, 0x5d, 0x92, 0xa4, | |||
3119 | 0xbb, 0x4d, 0xec, 0xc3, | |||
3120 | 0x7c, 0x5c, 0x72, 0xfa, | |||
3121 | 0x04, 0x75, 0x71, 0x0a, | |||
3122 | 0x06, 0x75, 0x8c, 0x1d | |||
3123 | }; | |||
3124 | ||||
3125 | CK_BYTE sha1Digest[20]; | |||
3126 | CK_ULONG sha1DigestLen; | |||
3127 | CK_BYTE dsaSig[40]; | |||
3128 | CK_ULONG dsaSigLen; | |||
3129 | CK_MECHANISM sha1Mech = { | |||
3130 | CKM_SHA_10x00000220UL, NULL((void*)0), 0 | |||
3131 | }; | |||
3132 | CK_MECHANISM dsaMech = { | |||
3133 | CKM_DSA0x00000011UL, NULL((void*)0), 0 | |||
3134 | }; | |||
3135 | CK_MECHANISM dsaWithSha1Mech = { | |||
3136 | CKM_DSA_SHA10x00000012UL, NULL((void*)0), 0 | |||
3137 | }; | |||
3138 | ||||
3139 | NUMTESTS++; /* increment NUMTESTS */ | |||
3140 | ||||
3141 | /* DSA key init */ | |||
3142 | dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN0x00002000UL; | |||
3143 | dsaParamGenMech.pParameter = NULL_PTR0; | |||
3144 | dsaParamGenMech.ulParameterLen = 0; | |||
3145 | dsaParamGenTemplate[0].type = CKA_PRIME_BITS0x00000133UL; | |||
3146 | dsaParamGenTemplate[0].pValue = &primeBits; | |||
3147 | dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits); | |||
3148 | dsaPubKeyTemplate[0].type = CKA_PRIME0x00000130UL; | |||
3149 | dsaPubKeyTemplate[0].pValue = DSA_P; | |||
3150 | dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P); | |||
3151 | dsaPubKeyTemplate[1].type = CKA_SUBPRIME0x00000131UL; | |||
3152 | dsaPubKeyTemplate[1].pValue = DSA_Q; | |||
3153 | dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q); | |||
3154 | dsaPubKeyTemplate[2].type = CKA_BASE0x00000132UL; | |||
3155 | dsaPubKeyTemplate[2].pValue = DSA_G; | |||
3156 | dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G); | |||
3157 | dsaPubKeyTemplate[3].type = CKA_TOKEN0x00000001UL; | |||
3158 | dsaPubKeyTemplate[3].pValue = &true; | |||
3159 | dsaPubKeyTemplate[3].ulValueLen = sizeof(true); | |||
3160 | dsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL; | |||
3161 | dsaPubKeyTemplate[4].pValue = &true; | |||
3162 | dsaPubKeyTemplate[4].ulValueLen = sizeof(true); | |||
3163 | dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN0x00000010UL; | |||
3164 | dsaKeyPairGenMech.pParameter = NULL_PTR0; | |||
3165 | dsaKeyPairGenMech.ulParameterLen = 0; | |||
3166 | dsaPrivKeyTemplate[0].type = CKA_TOKEN0x00000001UL; | |||
3167 | dsaPrivKeyTemplate[0].pValue = &true; | |||
3168 | dsaPrivKeyTemplate[0].ulValueLen = sizeof(true); | |||
3169 | dsaPrivKeyTemplate[1].type = CKA_PRIVATE0x00000002UL; | |||
3170 | dsaPrivKeyTemplate[1].pValue = &true; | |||
3171 | dsaPrivKeyTemplate[1].ulValueLen = sizeof(true); | |||
3172 | dsaPrivKeyTemplate[2].type = CKA_SENSITIVE0x00000103UL; | |||
3173 | dsaPrivKeyTemplate[2].pValue = &true; | |||
3174 | dsaPrivKeyTemplate[2].ulValueLen = sizeof(true); | |||
3175 | dsaPrivKeyTemplate[3].type = CKA_SIGN0x00000108UL, | |||
3176 | dsaPrivKeyTemplate[3].pValue = &true; | |||
3177 | dsaPrivKeyTemplate[3].ulValueLen = sizeof(true); | |||
3178 | dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE0x00000162UL; | |||
3179 | dsaPrivKeyTemplate[4].pValue = &true; | |||
3180 | dsaPrivKeyTemplate[4].ulValueLen = sizeof(true); | |||
3181 | ||||
3182 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], | |||
3183 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, | |||
3184 | NULL((void*)0), NULL((void*)0), &hSession); | |||
3185 | if (crv != CKR_OK0x00000000UL) { | |||
3186 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
3187 | PKM_CK_RVtoStr(crv)); | |||
3188 | return crv; | |||
3189 | } | |||
3190 | ||||
3191 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
3192 | if (crv == CKR_OK0x00000000UL) { | |||
3193 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
3194 | } else { | |||
3195 | PKM_Error("C_Login with correct password failed " | |||
3196 | "with 0x%08X, %-26s\n", | |||
3197 | crv, PKM_CK_RVtoStr(crv)); | |||
3198 | return crv; | |||
3199 | } | |||
3200 | ||||
3201 | PKM_LogIt("Generate DSA PQG domain parameters ... \n"); | |||
3202 | /* Generate DSA domain parameters PQG */ | |||
3203 | crv = pFunctionList->C_GenerateKey(hSession, &dsaParamGenMech, | |||
3204 | dsaParamGenTemplate, | |||
3205 | 1, | |||
3206 | &hDsaParams); | |||
3207 | if (crv == CKR_OK0x00000000UL) { | |||
3208 | PKM_LogIt("DSA domain parameter generation succeeded\n"); | |||
3209 | } else { | |||
3210 | PKM_Error("DSA domain parameter generation failed " | |||
3211 | "with 0x%08X, %-26s\n", | |||
3212 | crv, PKM_CK_RVtoStr(crv)); | |||
3213 | return crv; | |||
3214 | } | |||
3215 | crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams, | |||
3216 | dsaPubKeyTemplate, 3); | |||
3217 | if (crv == CKR_OK0x00000000UL) { | |||
3218 | PKM_LogIt("Getting DSA domain parameters succeeded\n"); | |||
3219 | } else { | |||
3220 | PKM_Error("Getting DSA domain parameters failed " | |||
3221 | "with 0x%08X, %-26s\n", | |||
3222 | crv, PKM_CK_RVtoStr(crv)); | |||
3223 | return crv; | |||
3224 | } | |||
3225 | crv = pFunctionList->C_DestroyObject(hSession, hDsaParams); | |||
3226 | if (crv == CKR_OK0x00000000UL) { | |||
3227 | PKM_LogIt("Destroying DSA domain parameters succeeded\n"); | |||
3228 | } else { | |||
3229 | PKM_Error("Destroying DSA domain parameters failed " | |||
3230 | "with 0x%08X, %-26s\n", | |||
3231 | crv, PKM_CK_RVtoStr(crv)); | |||
3232 | return crv; | |||
3233 | } | |||
3234 | ||||
3235 | PKM_LogIt("Generate a DSA key pair ... \n"); | |||
3236 | /* Generate a persistent DSA key pair */ | |||
3237 | crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech, | |||
3238 | dsaPubKeyTemplate, | |||
3239 | NUM_ELEM(dsaPubKeyTemplate)(sizeof(dsaPubKeyTemplate) / sizeof(dsaPubKeyTemplate[0])), | |||
3240 | dsaPrivKeyTemplate, | |||
3241 | NUM_ELEM(dsaPrivKeyTemplate)(sizeof(dsaPrivKeyTemplate) / sizeof(dsaPrivKeyTemplate[0])), | |||
3242 | &hDSApubKey, &hDSAprivKey); | |||
3243 | if (crv == CKR_OK0x00000000UL) { | |||
3244 | PKM_LogIt("DSA key pair generation succeeded\n"); | |||
3245 | } else { | |||
3246 | PKM_Error("DSA key pair generation failed " | |||
3247 | "with 0x%08X, %-26s\n", | |||
3248 | crv, PKM_CK_RVtoStr(crv)); | |||
3249 | return crv; | |||
3250 | } | |||
3251 | ||||
3252 | /* Compute SHA-1 digest */ | |||
3253 | crv = pFunctionList->C_DigestInit(hSession, &sha1Mech); | |||
3254 | if (crv != CKR_OK0x00000000UL) { | |||
3255 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, | |||
3256 | PKM_CK_RVtoStr(crv)); | |||
3257 | return crv; | |||
3258 | } | |||
3259 | sha1DigestLen = sizeof(sha1Digest); | |||
3260 | crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG), | |||
3261 | sha1Digest, &sha1DigestLen); | |||
3262 | if (crv != CKR_OK0x00000000UL) { | |||
3263 | PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv, | |||
3264 | PKM_CK_RVtoStr(crv)); | |||
3265 | return crv; | |||
3266 | } | |||
3267 | if (sha1DigestLen != sizeof(sha1Digest)) { | |||
3268 | PKM_Error("sha1DigestLen is %lu\n", sha1DigestLen); | |||
3269 | return crv; | |||
3270 | } | |||
3271 | ||||
3272 | if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) { | |||
3273 | PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n"); | |||
3274 | } else { | |||
3275 | PKM_Error("SHA-1 SHA1ShortMsg test case Len = 136 failed\n"); | |||
3276 | } | |||
3277 | ||||
3278 | crv = PKM_PubKeySign(pFunctionList, hSession, | |||
3279 | hDSApubKey, hDSAprivKey, | |||
3280 | &dsaMech, sha1Digest, sizeof(sha1Digest)); | |||
3281 | if (crv == CKR_OK0x00000000UL) { | |||
3282 | PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n"); | |||
3283 | } else { | |||
3284 | PKM_Error("PKM_PubKeySign failed " | |||
3285 | "with 0x%08X, %-26s\n", | |||
3286 | crv, PKM_CK_RVtoStr(crv)); | |||
3287 | return crv; | |||
3288 | } | |||
3289 | crv = PKM_PubKeySign(pFunctionList, hSession, | |||
3290 | hDSApubKey, hDSAprivKey, | |||
3291 | &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT)); | |||
3292 | if (crv == CKR_OK0x00000000UL) { | |||
3293 | PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n"); | |||
3294 | } else { | |||
3295 | PKM_Error("PKM_PubKeySign failed " | |||
3296 | "with 0x%08X, %-26s\n", | |||
3297 | crv, PKM_CK_RVtoStr(crv)); | |||
3298 | return crv; | |||
3299 | } | |||
3300 | ||||
3301 | /* Sign with DSA */ | |||
3302 | crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey); | |||
3303 | if (crv != CKR_OK0x00000000UL) { | |||
3304 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, | |||
3305 | PKM_CK_RVtoStr(crv)); | |||
3306 | return crv; | |||
3307 | } | |||
3308 | dsaSigLen = sizeof(dsaSig); | |||
3309 | crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen, | |||
3310 | dsaSig, &dsaSigLen); | |||
3311 | if (crv != CKR_OK0x00000000UL) { | |||
3312 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, | |||
3313 | PKM_CK_RVtoStr(crv)); | |||
3314 | return crv; | |||
3315 | } | |||
3316 | ||||
3317 | /* Verify the DSA signature */ | |||
3318 | crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey); | |||
3319 | if (crv != CKR_OK0x00000000UL) { | |||
3320 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
3321 | PKM_CK_RVtoStr(crv)); | |||
3322 | return crv; | |||
3323 | } | |||
3324 | crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen, | |||
3325 | dsaSig, dsaSigLen); | |||
3326 | if (crv == CKR_OK0x00000000UL) { | |||
3327 | PKM_LogIt("C_Verify succeeded\n"); | |||
3328 | } else { | |||
3329 | PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv, | |||
3330 | PKM_CK_RVtoStr(crv)); | |||
3331 | return crv; | |||
3332 | } | |||
3333 | ||||
3334 | /* Verify the signature in a different way */ | |||
3335 | crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech, | |||
3336 | hDSApubKey); | |||
3337 | if (crv != CKR_OK0x00000000UL) { | |||
3338 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
3339 | PKM_CK_RVtoStr(crv)); | |||
3340 | return crv; | |||
3341 | } | |||
3342 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1); | |||
3343 | if (crv != CKR_OK0x00000000UL) { | |||
3344 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, | |||
3345 | PKM_CK_RVtoStr(crv)); | |||
3346 | return crv; | |||
3347 | } | |||
3348 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1); | |||
3349 | if (crv != CKR_OK0x00000000UL) { | |||
3350 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, | |||
3351 | PKM_CK_RVtoStr(crv)); | |||
3352 | return crv; | |||
3353 | } | |||
3354 | crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen); | |||
3355 | if (crv == CKR_OK0x00000000UL) { | |||
3356 | PKM_LogIt("C_VerifyFinal succeeded\n"); | |||
3357 | } else { | |||
3358 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, | |||
3359 | PKM_CK_RVtoStr(crv)); | |||
3360 | return crv; | |||
3361 | } | |||
3362 | ||||
3363 | /* Verify the signature in a different way */ | |||
3364 | crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech, | |||
3365 | hDSApubKey); | |||
3366 | if (crv != CKR_OK0x00000000UL) { | |||
3367 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", | |||
3368 | crv, PKM_CK_RVtoStr(crv)); | |||
3369 | return crv; | |||
3370 | } | |||
3371 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1); | |||
3372 | if (crv != CKR_OK0x00000000UL) { | |||
3373 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", | |||
3374 | crv, PKM_CK_RVtoStr(crv)); | |||
3375 | return crv; | |||
3376 | } | |||
3377 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1); | |||
3378 | if (crv != CKR_OK0x00000000UL) { | |||
3379 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", | |||
3380 | crv, PKM_CK_RVtoStr(crv)); | |||
3381 | return crv; | |||
3382 | } | |||
3383 | crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen); | |||
3384 | if (crv == CKR_OK0x00000000UL) { | |||
3385 | PKM_LogIt("C_VerifyFinal of multi update succeeded.\n"); | |||
3386 | } else { | |||
3387 | PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n", | |||
3388 | crv, PKM_CK_RVtoStr(crv)); | |||
3389 | return crv; | |||
3390 | } | |||
3391 | /* Now modify the data */ | |||
3392 | MSG[0] += 1; | |||
3393 | /* Compute SHA-1 digest */ | |||
3394 | crv = pFunctionList->C_DigestInit(hSession, &sha1Mech); | |||
3395 | if (crv != CKR_OK0x00000000UL) { | |||
3396 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, | |||
3397 | PKM_CK_RVtoStr(crv)); | |||
3398 | return crv; | |||
3399 | } | |||
3400 | sha1DigestLen = sizeof(sha1Digest); | |||
3401 | crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG), | |||
3402 | sha1Digest, &sha1DigestLen); | |||
3403 | if (crv != CKR_OK0x00000000UL) { | |||
3404 | PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv, | |||
3405 | PKM_CK_RVtoStr(crv)); | |||
3406 | return crv; | |||
3407 | } | |||
3408 | crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey); | |||
3409 | if (crv != CKR_OK0x00000000UL) { | |||
3410 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
3411 | PKM_CK_RVtoStr(crv)); | |||
3412 | return crv; | |||
3413 | } | |||
3414 | crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen, | |||
3415 | dsaSig, dsaSigLen); | |||
3416 | if (crv != CKR_SIGNATURE_INVALID0x000000C0UL) { | |||
3417 | PKM_Error("C_Verify of modified data succeeded\n"); | |||
3418 | return crv; | |||
3419 | } else { | |||
3420 | PKM_LogIt("C_Verify of modified data returned as EXPECTED " | |||
3421 | " with 0x%08X, %-26s\n", | |||
3422 | crv, PKM_CK_RVtoStr(crv)); | |||
3423 | } | |||
3424 | ||||
3425 | crv = pFunctionList->C_Logout(hSession); | |||
3426 | if (crv == CKR_OK0x00000000UL) { | |||
3427 | PKM_LogIt("C_Logout succeeded\n"); | |||
3428 | } else { | |||
3429 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
3430 | PKM_CK_RVtoStr(crv)); | |||
3431 | return crv; | |||
3432 | } | |||
3433 | ||||
3434 | crv = pFunctionList->C_CloseSession(hSession); | |||
3435 | if (crv != CKR_OK0x00000000UL) { | |||
3436 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
3437 | PKM_CK_RVtoStr(crv)); | |||
3438 | return crv; | |||
3439 | } | |||
3440 | ||||
3441 | return crv; | |||
3442 | } | |||
3443 | ||||
3444 | CK_RV | |||
3445 | PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, | |||
3446 | CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech, | |||
3447 | const CK_BYTE *pData, CK_ULONG pDataLen) | |||
3448 | { | |||
3449 | ||||
3450 | CK_RV crv = CKR_OK0x00000000UL; | |||
3451 | ||||
3452 | CK_BYTE hmac1[HMAC_MAX_LENGTH64]; | |||
3453 | CK_ULONG hmac1Len = 0; | |||
3454 | CK_BYTE hmac2[HMAC_MAX_LENGTH64]; | |||
3455 | CK_ULONG hmac2Len = 0; | |||
3456 | ||||
3457 | memset(hmac1, 0, sizeof(hmac1)); | |||
3458 | memset(hmac2, 0, sizeof(hmac2)); | |||
3459 | ||||
3460 | NUMTESTS++; /* increment NUMTESTS */ | |||
3461 | ||||
3462 | crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey); | |||
3463 | if (crv == CKR_OK0x00000000UL) { | |||
3464 | PKM_LogIt("C_SignInit succeeded\n"); | |||
3465 | } else { | |||
3466 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, | |||
3467 | PKM_CK_RVtoStr(crv)); | |||
3468 | return crv; | |||
3469 | } | |||
3470 | ||||
3471 | hmac1Len = sizeof(hmac1); | |||
3472 | crv = pFunctionList->C_Sign(hSession, (CK_BYTE *)pData, | |||
3473 | pDataLen, | |||
3474 | (CK_BYTE *)hmac1, &hmac1Len); | |||
3475 | if (crv == CKR_OK0x00000000UL) { | |||
3476 | PKM_LogIt("C_Sign succeeded\n"); | |||
3477 | } else { | |||
3478 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, | |||
3479 | PKM_CK_RVtoStr(crv)); | |||
3480 | return crv; | |||
3481 | } | |||
3482 | ||||
3483 | crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey); | |||
3484 | if (crv == CKR_OK0x00000000UL) { | |||
3485 | PKM_LogIt("C_SignInit succeeded\n"); | |||
3486 | } else { | |||
3487 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, | |||
3488 | PKM_CK_RVtoStr(crv)); | |||
3489 | return crv; | |||
3490 | } | |||
3491 | ||||
3492 | crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE *)pData, | |||
3493 | pDataLen); | |||
3494 | if (crv == CKR_OK0x00000000UL) { | |||
3495 | PKM_LogIt("C_SignUpdate succeeded\n"); | |||
3496 | } else { | |||
3497 | PKM_Error("C_SignUpdate failed with 0x%08X, %-26s\n", crv, | |||
3498 | PKM_CK_RVtoStr(crv)); | |||
3499 | return crv; | |||
3500 | } | |||
3501 | ||||
3502 | hmac2Len = sizeof(hmac2); | |||
3503 | crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE *)hmac2, &hmac2Len); | |||
3504 | if (crv == CKR_OK0x00000000UL) { | |||
3505 | PKM_LogIt("C_SignFinal succeeded\n"); | |||
3506 | } else { | |||
3507 | PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv, | |||
3508 | PKM_CK_RVtoStr(crv)); | |||
3509 | return crv; | |||
3510 | } | |||
3511 | ||||
3512 | if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0)) { | |||
3513 | PKM_LogIt("hmacs are equal!\n"); | |||
3514 | } else { | |||
3515 | PKM_Error("hmacs are not equal!\n"); | |||
3516 | } | |||
3517 | crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey); | |||
3518 | if (crv != CKR_OK0x00000000UL) { | |||
3519 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
3520 | PKM_CK_RVtoStr(crv)); | |||
3521 | return crv; | |||
3522 | } | |||
3523 | crv = pFunctionList->C_Verify(hSession, (CK_BYTE *)pData, | |||
3524 | pDataLen, | |||
3525 | (CK_BYTE *)hmac2, hmac2Len); | |||
3526 | if (crv == CKR_OK0x00000000UL) { | |||
3527 | PKM_LogIt("C_Verify of hmac succeeded\n"); | |||
3528 | } else { | |||
3529 | PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv, | |||
3530 | PKM_CK_RVtoStr(crv)); | |||
3531 | return crv; | |||
3532 | } | |||
3533 | crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey); | |||
3534 | if (crv != CKR_OK0x00000000UL) { | |||
3535 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
3536 | PKM_CK_RVtoStr(crv)); | |||
3537 | return crv; | |||
3538 | } | |||
3539 | crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE *)pData, | |||
3540 | pDataLen); | |||
3541 | if (crv == CKR_OK0x00000000UL) { | |||
3542 | PKM_LogIt("C_VerifyUpdate of hmac succeeded\n"); | |||
3543 | } else { | |||
3544 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, | |||
3545 | PKM_CK_RVtoStr(crv)); | |||
3546 | return crv; | |||
3547 | } | |||
3548 | crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE *)hmac1, | |||
3549 | hmac1Len); | |||
3550 | if (crv == CKR_OK0x00000000UL) { | |||
3551 | PKM_LogIt("C_VerifyFinal of hmac succeeded\n"); | |||
3552 | } else { | |||
3553 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, | |||
3554 | PKM_CK_RVtoStr(crv)); | |||
3555 | return crv; | |||
3556 | } | |||
3557 | return crv; | |||
3558 | } | |||
3559 | ||||
3560 | CK_RV | |||
3561 | PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, | |||
3562 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
3563 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
3564 | { | |||
3565 | CK_RV crv = CKR_OK0x00000000UL; | |||
3566 | ||||
3567 | CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0; | |||
3568 | CK_SESSION_INFO sinfo; | |||
3569 | CK_ATTRIBUTE_PTR pTemplate; | |||
3570 | CK_ULONG tnObjects = 0; | |||
3571 | int curMode; | |||
3572 | unsigned int i; | |||
3573 | unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); | |||
3574 | ||||
3575 | NUMTESTS++; /* increment NUMTESTS */ | |||
3576 | ||||
3577 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
3578 | NULL((void*)0), NULL((void*)0), &h); | |||
3579 | if (CKR_OK0x00000000UL != crv) { | |||
| ||||
3580 | PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )" | |||
3581 | "returned 0x%08X, %-26s\n", | |||
3582 | pSlotList[slotID], crv, | |||
3583 | PKM_CK_RVtoStr(crv)); | |||
3584 | return crv; | |||
3585 | } | |||
3586 | ||||
3587 | PKM_LogIt(" Opened a session: handle = 0x%08x\n", h); | |||
3588 | ||||
3589 | (void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO)); | |||
3590 | crv = pFunctionList->C_GetSessionInfo(h, &sinfo); | |||
3591 | if (CKR_OK0x00000000UL != crv) { | |||
3592 | PKM_LogIt("C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv, | |||
3593 | PKM_CK_RVtoStr(crv)); | |||
3594 | return crv; | |||
3595 | } | |||
3596 | ||||
3597 | PKM_LogIt(" SESSION INFO:\n"); | |||
3598 | PKM_LogIt(" slotID = %lu\n", sinfo.slotID); | |||
3599 | PKM_LogIt(" state = %lu\n", sinfo.state); | |||
3600 | PKM_LogIt(" flags = 0x%08x\n", sinfo.flags); | |||
3601 | #ifdef CKF_EXCLUSIVE_SESSION | |||
3602 | PKM_LogIt(" -> EXCLUSIVE SESSION = %s\n", sinfo.flags & CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE"); | |||
3603 | #endif /* CKF_EXCLUSIVE_SESSION */ | |||
3604 | PKM_LogIt(" -> RW SESSION = %s\n", sinfo.flags & CKF_RW_SESSION0x00000002UL ? "TRUE" : "FALSE"); | |||
3605 | PKM_LogIt(" -> SERIAL SESSION = %s\n", sinfo.flags & CKF_SERIAL_SESSION0x00000004UL ? "TRUE" : "FALSE"); | |||
3606 | #ifdef CKF_INSERTION_CALLBACK | |||
3607 | PKM_LogIt(" -> INSERTION CALLBACK = %s\n", sinfo.flags & CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE"); | |||
3608 | #endif /* CKF_INSERTION_CALLBACK */ | |||
3609 | PKM_LogIt(" ulDeviceError = %lu\n", sinfo.ulDeviceError); | |||
3610 | PKM_LogIt("\n"); | |||
3611 | ||||
3612 | crv = pFunctionList->C_FindObjectsInit(h, NULL((void*)0), 0); | |||
3613 | if (CKR_OK0x00000000UL != crv) { | |||
3614 | PKM_LogIt("C_FindObjectsInit(%lu, NULL, 0) returned " | |||
3615 | "0x%08X, %-26s\n", | |||
3616 | h, crv, PKM_CK_RVtoStr(crv)); | |||
3617 | return crv; | |||
3618 | } | |||
3619 | ||||
3620 | pTemplate = (CK_ATTRIBUTE_PTR)calloc(number_of_all_known_attribute_types, | |||
3621 | sizeof(CK_ATTRIBUTE)); | |||
3622 | if ((CK_ATTRIBUTE_PTR)NULL((void*)0) == pTemplate) { | |||
3623 | PKM_Error("[pTemplate memory allocation of %lu bytes failed]\n", | |||
3624 | number_of_all_known_attribute_types * | |||
3625 | sizeof(CK_ATTRIBUTE)); | |||
3626 | return crv; | |||
3627 | } | |||
3628 | ||||
3629 | PKM_LogIt(" All objects:\n"); | |||
3630 | /* Printing table set to NOMODE */ | |||
3631 | curMode = MODE; | |||
3632 | MODE = NOMODE3; | |||
3633 | ||||
3634 | while (1) { | |||
3635 | CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0; | |||
3636 | CK_ULONG nObjects = 0; | |||
3637 | CK_ULONG k; | |||
3638 | CK_ULONG nAttributes = 0; | |||
3639 | CK_ATTRIBUTE_PTR pT2; | |||
3640 | CK_ULONG l; | |||
3641 | const char *attName = NULL((void*)0); | |||
3642 | ||||
3643 | crv = pFunctionList->C_FindObjects(h, &o, 1, &nObjects); | |||
3644 | if (CKR_OK0x00000000UL != crv) { | |||
3645 | PKM_Error("C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n", | |||
| ||||
3646 | h, crv, PKM_CK_RVtoStr(crv)); | |||
3647 | return crv; | |||
3648 | } | |||
3649 | ||||
3650 | if (0 == nObjects) { | |||
3651 | PKM_LogIt("\n"); | |||
3652 | break; | |||
3653 | } | |||
3654 | ||||
3655 | tnObjects++; | |||
3656 | ||||
3657 | PKM_LogIt(" OBJECT HANDLE %lu:\n", o); | |||
3658 | ||||
3659 | k = 0; | |||
3660 | for (i = 0; i < constCount; i++) { | |||
3661 | if (consts[i].type == ConstAttribute) { | |||
3662 | pTemplate[k].type = consts[i].value; | |||
3663 | pTemplate[k].pValue = (CK_VOID_PTR)NULL((void*)0); | |||
3664 | pTemplate[k].ulValueLen = 0; | |||
3665 | k++; | |||
3666 | } | |||
3667 | assert(k <= number_of_all_known_attribute_types)((k <= number_of_all_known_attribute_types) ? (void) (0) : __assert_fail ("k <= number_of_all_known_attribute_types" , "pk11mode.c", 3667, __extension__ __PRETTY_FUNCTION__)); | |||
3668 | } | |||
3669 | ||||
3670 | crv = pFunctionList->C_GetAttributeValue(h, o, pTemplate, | |||
3671 | number_of_all_known_attribute_types); | |||
3672 | switch (crv) { | |||
3673 | case CKR_OK0x00000000UL: | |||
3674 | case CKR_ATTRIBUTE_SENSITIVE0x00000011UL: | |||
3675 | case CKR_ATTRIBUTE_TYPE_INVALID0x00000012UL: | |||
3676 | case CKR_BUFFER_TOO_SMALL0x00000150UL: | |||
3677 | break; | |||
3678 | default: | |||
3679 | PKM_Error("C_GetAtributeValue(%lu, %lu, {all attribute types}," | |||
3680 | "%lu) returned 0x%08X, %-26s\n", | |||
3681 | h, o, number_of_all_known_attribute_types, crv, | |||
3682 | PKM_CK_RVtoStr(crv)); | |||
3683 | return crv; | |||
3684 | } | |||
3685 | ||||
3686 | for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; k++) { | |||
3687 | if (-1 != (CK_LONG)pTemplate[k].ulValueLen) { | |||
3688 | nAttributes++; | |||
3689 | } | |||
3690 | } | |||
3691 | ||||
3692 | PKM_LogIt(" %lu attributes:\n", nAttributes); | |||
3693 | for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; | |||
3694 | k++) { | |||
3695 | if (-1 != (CK_LONG)pTemplate[k].ulValueLen) { | |||
3696 | attName = getNameFromAttribute(pTemplate[k].type); | |||
3697 | if (!attName) { | |||
3698 | PKM_Error("Unable to find attribute name update pk11table.c\n"); | |||
3699 | } | |||
3700 | PKM_LogIt(" %s 0x%08x (len = %lu)\n", | |||
3701 | attName, | |||
3702 | pTemplate[k].type, | |||
3703 | pTemplate[k].ulValueLen); | |||
3704 | } | |||
3705 | } | |||
3706 | PKM_LogIt("\n"); | |||
3707 | ||||
3708 | pT2 = (CK_ATTRIBUTE_PTR)calloc(nAttributes, sizeof(CK_ATTRIBUTE)); | |||
3709 | if ((CK_ATTRIBUTE_PTR)NULL((void*)0) == pT2) { | |||
3710 | PKM_Error("[pT2 memory allocation of %lu bytes failed]\n", | |||
3711 | nAttributes * sizeof(CK_ATTRIBUTE)); | |||
3712 | return crv; | |||
3713 | } | |||
3714 | ||||
3715 | /* allocate memory for the attribute values */ | |||
3716 | for (l = 0, k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; | |||
3717 | k++) { | |||
3718 | if (-1 != (CK_LONG)pTemplate[k].ulValueLen) { | |||
3719 | pT2[l].type = pTemplate[k].type; | |||
3720 | pT2[l].ulValueLen = pTemplate[k].ulValueLen; | |||
3721 | if (pT2[l].ulValueLen > 0) { | |||
3722 | pT2[l].pValue = (CK_VOID_PTR)malloc(pT2[l].ulValueLen); | |||
3723 | if ((CK_VOID_PTR)NULL((void*)0) == pT2[l].pValue) { | |||
3724 | PKM_Error("pValue memory allocation of %lu bytes failed]\n", | |||
3725 | pT2[l].ulValueLen); | |||
3726 | return crv; | |||
3727 | } | |||
3728 | } else | |||
3729 | pT2[l].pValue = (CK_VOID_PTR)NULL((void*)0); | |||
3730 | l++; | |||
3731 | } | |||
3732 | } | |||
3733 | ||||
3734 | assert(l == nAttributes)((l == nAttributes) ? (void) (0) : __assert_fail ("l == nAttributes" , "pk11mode.c", 3734, __extension__ __PRETTY_FUNCTION__)); | |||
3735 | ||||
3736 | crv = pFunctionList->C_GetAttributeValue(h, o, pT2, nAttributes); | |||
3737 | switch (crv) { | |||
3738 | case CKR_OK0x00000000UL: | |||
3739 | case CKR_ATTRIBUTE_SENSITIVE0x00000011UL: | |||
3740 | case CKR_ATTRIBUTE_TYPE_INVALID0x00000012UL: | |||
3741 | case CKR_BUFFER_TOO_SMALL0x00000150UL: | |||
3742 | break; | |||
3743 | default: | |||
3744 | PKM_Error("C_GetAtributeValue(%lu, %lu, {existent attribute" | |||
3745 | " types}, %lu) returned 0x%08X, %-26s\n", | |||
3746 | h, o, nAttributes, crv, PKM_CK_RVtoStr(crv)); | |||
3747 | return crv; | |||
3748 | } | |||
3749 | ||||
3750 | for (l = 0; l < nAttributes; l++) { | |||
3751 | attName = getNameFromAttribute(pT2[l].type); | |||
3752 | if (!attName) | |||
3753 | attName = "unknown attribute"; | |||
3754 | PKM_LogIt(" type = %s len = %ld", | |||
3755 | attName, (CK_LONG)pT2[l].ulValueLen); | |||
3756 | ||||
3757 | if (-1 == (CK_LONG)pT2[l].ulValueLen) { | |||
3758 | ; | |||
3759 | } else { | |||
3760 | CK_ULONG m; | |||
3761 | ||||
3762 | if (pT2[l].ulValueLen <= 8) { | |||
3763 | PKM_LogIt(", value = "); | |||
3764 | } else { | |||
3765 | PKM_LogIt(", value = \n "); | |||
3766 | } | |||
3767 | ||||
3768 | for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) { | |||
3769 | PKM_LogIt("%02x", (CK_ULONG)(0xff & | |||
3770 | ((CK_CHAR_PTR)pT2[l].pValue)[m])); | |||
3771 | } | |||
3772 | ||||
3773 | PKM_LogIt(" "); | |||
3774 | ||||
3775 | for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) { | |||
3776 | CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m]; | |||
3777 | if ((c < 0x20) || (c >= 0x7f)) { | |||
3778 | c = '.'; | |||
3779 | } | |||
3780 | PKM_LogIt("%c", c); | |||
3781 | } | |||
3782 | } | |||
3783 | ||||
3784 | PKM_LogIt("\n"); | |||
3785 | } | |||
3786 | ||||
3787 | PKM_LogIt("\n"); | |||
3788 | ||||
3789 | for (l = 0; l < nAttributes; l++) { | |||
3790 | if (pT2[l].pValue) { | |||
3791 | free(pT2[l].pValue); | |||
3792 | } | |||
3793 | } | |||
3794 | free(pT2); | |||
3795 | } /* while(1) */ | |||
3796 | ||||
3797 | MODE = curMode; /* reset the logging MODE */ | |||
3798 | ||||
3799 | crv = pFunctionList->C_FindObjectsFinal(h); | |||
3800 | if (CKR_OK0x00000000UL != crv) { | |||
3801 | PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv, | |||
3802 | PKM_CK_RVtoStr(crv)); | |||
3803 | return crv; | |||
3804 | } | |||
3805 | ||||
3806 | PKM_LogIt(" (%lu objects total)\n", tnObjects); | |||
3807 | ||||
3808 | crv = pFunctionList->C_CloseSession(h); | |||
3809 | if (CKR_OK0x00000000UL != crv) { | |||
3810 | PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv, | |||
3811 | PKM_CK_RVtoStr(crv)); | |||
3812 | return crv; | |||
3813 | } | |||
3814 | ||||
3815 | return crv; | |||
3816 | } | |||
3817 | /* session to create, find, and delete a couple session objects */ | |||
3818 | CK_RV | |||
3819 | PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList, | |||
3820 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
3821 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
3822 | { | |||
3823 | ||||
3824 | CK_RV crv = CKR_OK0x00000000UL; | |||
3825 | ||||
3826 | CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0; | |||
3827 | CK_SESSION_HANDLE h2 = (CK_SESSION_HANDLE)0; | |||
3828 | CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1]; | |||
3829 | CK_OBJECT_CLASS cko_data = CKO_DATA0x00000000UL; | |||
3830 | char *key = "TEST PROGRAM"; | |||
3831 | CK_ULONG key_len = 0; | |||
3832 | CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0; | |||
3833 | CK_OBJECT_HANDLE hTwoIn = (CK_OBJECT_HANDLE)0; | |||
3834 | CK_OBJECT_HANDLE hThreeIn = (CK_OBJECT_HANDLE)0; | |||
3835 | CK_OBJECT_HANDLE hDeltaIn = (CK_OBJECT_HANDLE)0; | |||
3836 | CK_OBJECT_HANDLE found[10]; | |||
3837 | CK_ULONG nFound; | |||
3838 | CK_ULONG hDeltaLen, hThreeLen = 0; | |||
3839 | ||||
3840 | CK_TOKEN_INFO tinfo; | |||
3841 | ||||
3842 | NUMTESTS++; /* increment NUMTESTS */ | |||
3843 | key_len = sizeof(key); | |||
3844 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], | |||
3845 | CKF_SERIAL_SESSION0x00000004UL, NULL((void*)0), NULL((void*)0), &h); | |||
3846 | if (CKR_OK0x00000000UL != crv) { | |||
3847 | PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )" | |||
3848 | "returned 0x%08X, %-26s\n", | |||
3849 | pSlotList[slotID], crv, | |||
3850 | PKM_CK_RVtoStr(crv)); | |||
3851 | return crv; | |||
3852 | } | |||
3853 | crv = pFunctionList->C_Login(h, CKU_USER1, pwd, pwdLen); | |||
3854 | if (crv == CKR_OK0x00000000UL) { | |||
3855 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
3856 | } else { | |||
3857 | PKM_Error("C_Login with correct password failed " | |||
3858 | "with 0x%08X, %-26s\n", | |||
3859 | crv, PKM_CK_RVtoStr(crv)); | |||
3860 | return crv; | |||
3861 | } | |||
3862 | ||||
3863 | (void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO)); | |||
3864 | crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tinfo); | |||
3865 | if (CKR_OK0x00000000UL != crv) { | |||
3866 | PKM_Error("C_GetTokenInfo(%lu, ) returned 0x%08X, %-26s\n", | |||
3867 | pSlotList[slotID], crv, PKM_CK_RVtoStr(crv)); | |||
3868 | return crv; | |||
3869 | } | |||
3870 | ||||
3871 | PKM_LogIt(" Opened a session: handle = 0x%08x\n", h); | |||
3872 | ||||
3873 | one[0].type = CKA_CLASS0x00000000UL; | |||
3874 | one[0].pValue = &cko_data; | |||
3875 | one[0].ulValueLen = sizeof(CK_OBJECT_CLASS); | |||
3876 | one[1].type = CKA_TOKEN0x00000001UL; | |||
3877 | one[1].pValue = &false; | |||
3878 | one[1].ulValueLen = sizeof(CK_BBOOL); | |||
3879 | one[2].type = CKA_PRIVATE0x00000002UL; | |||
3880 | one[2].pValue = &false; | |||
3881 | one[2].ulValueLen = sizeof(CK_BBOOL); | |||
3882 | one[3].type = CKA_MODIFIABLE0x00000170UL; | |||
3883 | one[3].pValue = &true; | |||
3884 | one[3].ulValueLen = sizeof(CK_BBOOL); | |||
3885 | one[4].type = CKA_LABEL0x00000003UL; | |||
3886 | one[4].pValue = "Test data object one"; | |||
3887 | one[4].ulValueLen = strlen(one[4].pValue); | |||
3888 | one[5].type = CKA_APPLICATION0x00000010UL; | |||
3889 | one[5].pValue = key; | |||
3890 | one[5].ulValueLen = key_len; | |||
3891 | one[6].type = CKA_VALUE0x00000011UL; | |||
3892 | one[6].pValue = "Object one"; | |||
3893 | one[6].ulValueLen = strlen(one[6].pValue); | |||
3894 | ||||
3895 | two[0].type = CKA_CLASS0x00000000UL; | |||
3896 | two[0].pValue = &cko_data; | |||
3897 | two[0].ulValueLen = sizeof(CK_OBJECT_CLASS); | |||
3898 | two[1].type = CKA_TOKEN0x00000001UL; | |||
3899 | two[1].pValue = &false; | |||
3900 | two[1].ulValueLen = sizeof(CK_BBOOL); | |||
3901 | two[2].type = CKA_PRIVATE0x00000002UL; | |||
3902 | two[2].pValue = &false; | |||
3903 | two[2].ulValueLen = sizeof(CK_BBOOL); | |||
3904 | two[3].type = CKA_MODIFIABLE0x00000170UL; | |||
3905 | two[3].pValue = &true; | |||
3906 | two[3].ulValueLen = sizeof(CK_BBOOL); | |||
3907 | two[4].type = CKA_LABEL0x00000003UL; | |||
3908 | two[4].pValue = "Test data object two"; | |||
3909 | two[4].ulValueLen = strlen(two[4].pValue); | |||
3910 | two[5].type = CKA_APPLICATION0x00000010UL; | |||
3911 | two[5].pValue = key; | |||
3912 | two[5].ulValueLen = key_len; | |||
3913 | two[6].type = CKA_VALUE0x00000011UL; | |||
3914 | two[6].pValue = "Object two"; | |||
3915 | two[6].ulValueLen = strlen(two[6].pValue); | |||
3916 | ||||
3917 | three[0].type = CKA_CLASS0x00000000UL; | |||
3918 | three[0].pValue = &cko_data; | |||
3919 | three[0].ulValueLen = sizeof(CK_OBJECT_CLASS); | |||
3920 | three[1].type = CKA_TOKEN0x00000001UL; | |||
3921 | three[1].pValue = &false; | |||
3922 | three[1].ulValueLen = sizeof(CK_BBOOL); | |||
3923 | three[2].type = CKA_PRIVATE0x00000002UL; | |||
3924 | three[2].pValue = &false; | |||
3925 | three[2].ulValueLen = sizeof(CK_BBOOL); | |||
3926 | three[3].type = CKA_MODIFIABLE0x00000170UL; | |||
3927 | three[3].pValue = &true; | |||
3928 | three[3].ulValueLen = sizeof(CK_BBOOL); | |||
3929 | three[4].type = CKA_LABEL0x00000003UL; | |||
3930 | three[4].pValue = "Test data object three"; | |||
3931 | three[4].ulValueLen = strlen(three[4].pValue); | |||
3932 | three[5].type = CKA_APPLICATION0x00000010UL; | |||
3933 | three[5].pValue = key; | |||
3934 | three[5].ulValueLen = key_len; | |||
3935 | three[6].type = CKA_VALUE0x00000011UL; | |||
3936 | three[6].pValue = "Object three"; | |||
3937 | three[6].ulValueLen = strlen(three[6].pValue); | |||
3938 | ||||
3939 | crv = pFunctionList->C_CreateObject(h, one, 7, &hOneIn); | |||
3940 | if (CKR_OK0x00000000UL != crv) { | |||
3941 | PKM_Error("C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n", | |||
3942 | h, crv, PKM_CK_RVtoStr(crv)); | |||
3943 | return crv; | |||
3944 | } | |||
3945 | ||||
3946 | PKM_LogIt(" Created object one: handle = %lu\n", hOneIn); | |||
3947 | ||||
3948 | crv = pFunctionList->C_CreateObject(h, two, 7, &hTwoIn); | |||
3949 | if (CKR_OK0x00000000UL != crv) { | |||
3950 | PKM_Error("C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n", | |||
3951 | h, crv, PKM_CK_RVtoStr(crv)); | |||
3952 | return crv; | |||
3953 | } | |||
3954 | ||||
3955 | PKM_LogIt(" Created object two: handle = %lu\n", hTwoIn); | |||
3956 | ||||
3957 | crv = pFunctionList->C_CreateObject(h, three, 7, &hThreeIn); | |||
3958 | if (CKR_OK0x00000000UL != crv) { | |||
3959 | PKM_Error("C_CreateObject(%lu, three, 7, ) returned 0x%08x\n", | |||
3960 | h, crv, PKM_CK_RVtoStr(crv)); | |||
3961 | return crv; | |||
3962 | } | |||
3963 | crv = pFunctionList->C_GetObjectSize(h, hThreeIn, &hThreeLen); | |||
3964 | if (crv == CKR_OK0x00000000UL) { | |||
3965 | PKM_LogIt("C_GetObjectSize succeeded\n"); | |||
3966 | } else { | |||
3967 | PKM_Error("C_GetObjectSize failed " | |||
3968 | "with 0x%08X, %-26s\n", | |||
3969 | crv, PKM_CK_RVtoStr(crv)); | |||
3970 | return crv; | |||
3971 | } | |||
3972 | ||||
3973 | PKM_LogIt(" Created object three: handle = %lu\n", hThreeIn); | |||
3974 | ||||
3975 | delta[0].type = CKA_VALUE0x00000011UL; | |||
3976 | delta[0].pValue = "Copied object"; | |||
3977 | delta[0].ulValueLen = strlen(delta[0].pValue); | |||
3978 | ||||
3979 | crv = pFunctionList->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn); | |||
3980 | if (CKR_OK0x00000000UL != crv) { | |||
3981 | PKM_Error("C_CopyObject(%lu, %lu, delta, 1, ) returned " | |||
3982 | "0x%08X, %-26s\n", | |||
3983 | h, hThreeIn, crv, PKM_CK_RVtoStr(crv)); | |||
3984 | return crv; | |||
3985 | } | |||
3986 | crv = pFunctionList->C_GetObjectSize(h, hDeltaIn, &hDeltaLen); | |||
3987 | if (crv == CKR_OK0x00000000UL) { | |||
3988 | PKM_LogIt("C_GetObjectSize succeeded\n"); | |||
3989 | } else { | |||
3990 | PKM_Error("C_GetObjectSize failed " | |||
3991 | "with 0x%08X, %-26s\n", | |||
3992 | crv, PKM_CK_RVtoStr(crv)); | |||
3993 | return crv; | |||
3994 | } | |||
3995 | ||||
3996 | if (hThreeLen == hDeltaLen) { | |||
3997 | PKM_LogIt("Copied object size same as orginal\n"); | |||
3998 | } else { | |||
3999 | PKM_Error("Copied object different from original\n"); | |||
4000 | return CKR_DEVICE_ERROR0x00000030UL; | |||
4001 | } | |||
4002 | ||||
4003 | PKM_LogIt(" Copied object three: new handle = %lu\n", hDeltaIn); | |||
4004 | ||||
4005 | mask[0].type = CKA_APPLICATION0x00000010UL; | |||
4006 | mask[0].pValue = key; | |||
4007 | mask[0].ulValueLen = key_len; | |||
4008 | ||||
4009 | crv = pFunctionList->C_FindObjectsInit(h, mask, 1); | |||
4010 | if (CKR_OK0x00000000UL != crv) { | |||
4011 | PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n", | |||
4012 | h, crv, PKM_CK_RVtoStr(crv)); | |||
4013 | return crv; | |||
4014 | } | |||
4015 | ||||
4016 | (void)memset(&found, 0, sizeof(found)); | |||
4017 | nFound = 0; | |||
4018 | crv = pFunctionList->C_FindObjects(h, found, 10, &nFound); | |||
4019 | if (CKR_OK0x00000000UL != crv) { | |||
4020 | PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n", | |||
4021 | h, crv, PKM_CK_RVtoStr(crv)); | |||
4022 | return crv; | |||
4023 | } | |||
4024 | ||||
4025 | if (4 != nFound) { | |||
4026 | PKM_Error("Found %lu objects, not 4.\n", nFound); | |||
4027 | return crv; | |||
4028 | } | |||
4029 | ||||
4030 | PKM_LogIt(" Found 4 objects: %lu, %lu, %lu, %lu\n", | |||
4031 | found[0], found[1], found[2], found[3]); | |||
4032 | ||||
4033 | crv = pFunctionList->C_FindObjectsFinal(h); | |||
4034 | if (CKR_OK0x00000000UL != crv) { | |||
4035 | PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", | |||
4036 | h, crv, PKM_CK_RVtoStr(crv)); | |||
4037 | return crv; | |||
4038 | } | |||
4039 | ||||
4040 | crv = pFunctionList->C_DestroyObject(h, hThreeIn); | |||
4041 | if (CKR_OK0x00000000UL != crv) { | |||
4042 | PKM_Error("C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h, | |||
4043 | hThreeIn, crv, PKM_CK_RVtoStr(crv)); | |||
4044 | return crv; | |||
4045 | } | |||
4046 | ||||
4047 | PKM_LogIt(" Destroyed object three (handle = %lu)\n", hThreeIn); | |||
4048 | ||||
4049 | delta[0].type = CKA_APPLICATION0x00000010UL; | |||
4050 | delta[0].pValue = "Changed application"; | |||
4051 | delta[0].ulValueLen = strlen(delta[0].pValue); | |||
4052 | ||||
4053 | crv = pFunctionList->C_SetAttributeValue(h, hTwoIn, delta, 1); | |||
4054 | if (CKR_OK0x00000000UL != crv) { | |||
4055 | PKM_Error("C_SetAttributeValue(%lu, %lu, delta, 1) returned " | |||
4056 | "0x%08X, %-26s\n", | |||
4057 | h, hTwoIn, crv, PKM_CK_RVtoStr(crv)); | |||
4058 | return crv; | |||
4059 | } | |||
4060 | ||||
4061 | PKM_LogIt(" Changed object two (handle = %lu).\n", hTwoIn); | |||
4062 | ||||
4063 | /* Can another session find these session objects? */ | |||
4064 | ||||
4065 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
4066 | NULL((void*)0), NULL((void*)0), &h2); | |||
4067 | if (CKR_OK0x00000000UL != crv) { | |||
4068 | PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )" | |||
4069 | " returned 0x%08X, %-26s\n", | |||
4070 | pSlotList[slotID], crv, | |||
4071 | PKM_CK_RVtoStr(crv)); | |||
4072 | return crv; | |||
4073 | } | |||
4074 | PKM_LogIt(" Opened a second session: handle = 0x%08x\n", h2); | |||
4075 | ||||
4076 | /* mask is still the same */ | |||
4077 | ||||
4078 | crv = pFunctionList->C_FindObjectsInit(h2, mask, 1); | |||
4079 | if (CKR_OK0x00000000UL != crv) { | |||
4080 | PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n", | |||
4081 | h2, crv, PKM_CK_RVtoStr(crv)); | |||
4082 | return crv; | |||
4083 | } | |||
4084 | ||||
4085 | (void)memset(&found, 0, sizeof(found)); | |||
4086 | nFound = 0; | |||
4087 | crv = pFunctionList->C_FindObjects(h2, found, 10, &nFound); | |||
4088 | if (CKR_OK0x00000000UL != crv) { | |||
4089 | PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n", | |||
4090 | h2, crv, PKM_CK_RVtoStr(crv)); | |||
4091 | return crv; | |||
4092 | } | |||
4093 | ||||
4094 | if (2 != nFound) { | |||
4095 | PKM_Error("Found %lu objects, not 2.\n", nFound); | |||
4096 | return crv; | |||
4097 | } | |||
4098 | ||||
4099 | PKM_LogIt(" Found 2 objects: %lu, %lu\n", | |||
4100 | found[0], found[1]); | |||
4101 | ||||
4102 | crv = pFunctionList->C_FindObjectsFinal(h2); | |||
4103 | if (CKR_OK0x00000000UL != crv) { | |||
4104 | PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv, | |||
4105 | PKM_CK_RVtoStr(crv)); | |||
4106 | return crv; | |||
4107 | } | |||
4108 | crv = pFunctionList->C_Logout(h); | |||
4109 | if (crv == CKR_OK0x00000000UL) { | |||
4110 | PKM_LogIt("C_Logout succeeded\n"); | |||
4111 | } else { | |||
4112 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
4113 | PKM_CK_RVtoStr(crv)); | |||
4114 | return crv; | |||
4115 | } | |||
4116 | crv = pFunctionList->C_CloseAllSessions(pSlotList[slotID]); | |||
4117 | if (CKR_OK0x00000000UL != crv) { | |||
4118 | PKM_Error("C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n", | |||
4119 | pSlotList[slotID], crv, PKM_CK_RVtoStr(crv)); | |||
4120 | return crv; | |||
4121 | } | |||
4122 | ||||
4123 | PKM_LogIt("\n"); | |||
4124 | return crv; | |||
4125 | } | |||
4126 | ||||
4127 | CK_RV | |||
4128 | PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList, | |||
4129 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
4130 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) | |||
4131 | { | |||
4132 | CK_SESSION_HANDLE hSession; | |||
4133 | CK_RV crv = CKR_OK0x00000000UL; | |||
4134 | CK_MECHANISM sAESKeyMech = { | |||
4135 | CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0 | |||
4136 | }; | |||
4137 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; | |||
4138 | CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL; | |||
4139 | CK_UTF8CHAR AESlabel[] = "An AES secret key object"; | |||
4140 | CK_ULONG AESvalueLen = 16; | |||
4141 | CK_ATTRIBUTE sAESKeyTemplate[9]; | |||
4142 | CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE0; | |||
4143 | CK_BYTE_PTR pstate = NULL((void*)0); | |||
4144 | CK_ULONG statelen, digestlen, plainlen, plainlen_1, plainlen_2, slen; | |||
4145 | ||||
4146 | static const CK_UTF8CHAR *plaintext = (CK_UTF8CHAR *)"Firefox rules."; | |||
4147 | static const CK_UTF8CHAR *plaintext_1 = (CK_UTF8CHAR *)"Thunderbird rules."; | |||
4148 | static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)"Firefox and Thunderbird."; | |||
4149 | ||||
4150 | char digest[MAX_DIGEST_SZ64], digest_1[MAX_DIGEST_SZ64]; | |||
4151 | char sign[MAX_SIG_SZ128]; | |||
4152 | CK_MECHANISM signmech; | |||
4153 | CK_MECHANISM digestmech; | |||
4154 | ||||
4155 | NUMTESTS++; /* increment NUMTESTS */ | |||
4156 | ||||
4157 | /* AES key template */ | |||
4158 | sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL; | |||
4159 | sAESKeyTemplate[0].pValue = &class; | |||
4160 | sAESKeyTemplate[0].ulValueLen = sizeof(class); | |||
4161 | sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; | |||
4162 | sAESKeyTemplate[1].pValue = &keyAESType; | |||
4163 | sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType); | |||
4164 | sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL; | |||
4165 | sAESKeyTemplate[2].pValue = AESlabel; | |||
4166 | sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1; | |||
4167 | sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; | |||
4168 | sAESKeyTemplate[3].pValue = &true; | |||
4169 | sAESKeyTemplate[3].ulValueLen = sizeof(true); | |||
4170 | sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL; | |||
4171 | sAESKeyTemplate[4].pValue = &true; | |||
4172 | sAESKeyTemplate[4].ulValueLen = sizeof(true); | |||
4173 | sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL; | |||
4174 | sAESKeyTemplate[5].pValue = &true; | |||
4175 | sAESKeyTemplate[5].ulValueLen = sizeof(true); | |||
4176 | sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL; | |||
4177 | sAESKeyTemplate[6].pValue = &true; | |||
4178 | sAESKeyTemplate[6].ulValueLen = sizeof(true); | |||
4179 | sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL; | |||
4180 | sAESKeyTemplate[7].pValue = &true; | |||
4181 | sAESKeyTemplate[7].ulValueLen = sizeof(true); | |||
4182 | sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; | |||
4183 | sAESKeyTemplate[8].pValue = &AESvalueLen; | |||
4184 | sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen); | |||
4185 | ||||
4186 | signmech.mechanism = CKM_SHA_1_HMAC0x00000221UL; | |||
4187 | signmech.pParameter = NULL((void*)0); | |||
4188 | signmech.ulParameterLen = 0; | |||
4189 | digestmech.mechanism = CKM_SHA2560x00000250UL; | |||
4190 | digestmech.pParameter = NULL((void*)0); | |||
4191 | digestmech.ulParameterLen = 0; | |||
4192 | ||||
4193 | plainlen = strlen((char *)plaintext); | |||
4194 | plainlen_1 = strlen((char *)plaintext_1); | |||
4195 | plainlen_2 = strlen((char *)plaintext_2); | |||
4196 | digestlen = MAX_DIGEST_SZ64; | |||
4197 | ||||
4198 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
4199 | NULL((void*)0), NULL((void*)0), &hSession); | |||
4200 | if (crv != CKR_OK0x00000000UL) { | |||
4201 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
4202 | PKM_CK_RVtoStr(crv)); | |||
4203 | return crv; | |||
4204 | } | |||
4205 | ||||
4206 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
4207 | if (crv == CKR_OK0x00000000UL) { | |||
4208 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
4209 | } else { | |||
4210 | PKM_Error("C_Login with correct password failed " | |||
4211 | "with 0x%08X, %-26s\n", | |||
4212 | crv, PKM_CK_RVtoStr(crv)); | |||
4213 | return crv; | |||
4214 | } | |||
4215 | ||||
4216 | PKM_LogIt("Generate an AES key ...\n"); | |||
4217 | /* generate an AES Secret Key */ | |||
4218 | crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech, | |||
4219 | sAESKeyTemplate, | |||
4220 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), | |||
4221 | &sKey); | |||
4222 | if (crv == CKR_OK0x00000000UL) { | |||
4223 | PKM_LogIt("C_GenerateKey AES succeeded\n"); | |||
4224 | } else { | |||
4225 | PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n", | |||
4226 | crv, PKM_CK_RVtoStr(crv)); | |||
4227 | return crv; | |||
4228 | } | |||
4229 | ||||
4230 | crv = pFunctionList->C_SignInit(hSession, &signmech, sKey); | |||
4231 | if (crv != CKR_OK0x00000000UL) { | |||
4232 | PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv, | |||
4233 | PKM_CK_RVtoStr(crv)); | |||
4234 | return crv; | |||
4235 | } | |||
4236 | ||||
4237 | slen = sizeof(sign); | |||
4238 | crv = pFunctionList->C_Sign(hSession, (CK_BYTE_PTR)plaintext, plainlen, | |||
4239 | (CK_BYTE_PTR)sign, &slen); | |||
4240 | if (crv != CKR_OK0x00000000UL) { | |||
4241 | PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv, | |||
4242 | PKM_CK_RVtoStr(crv)); | |||
4243 | return crv; | |||
4244 | } | |||
4245 | ||||
4246 | crv = pFunctionList->C_DestroyObject(hSession, sKey); | |||
4247 | if (crv != CKR_OK0x00000000UL) { | |||
4248 | PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv, | |||
4249 | PKM_CK_RVtoStr(crv)); | |||
4250 | return crv; | |||
4251 | } | |||
4252 | ||||
4253 | digestlen = MAX_DIGEST_SZ64; | |||
4254 | crv = pFunctionList->C_DigestInit(hSession, &digestmech); | |||
4255 | if (crv != CKR_OK0x00000000UL) { | |||
4256 | PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv, | |||
4257 | PKM_CK_RVtoStr(crv)); | |||
4258 | return crv; | |||
4259 | } | |||
4260 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext, | |||
4261 | plainlen); | |||
4262 | if (crv != CKR_OK0x00000000UL) { | |||
4263 | PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv, | |||
4264 | PKM_CK_RVtoStr(crv)); | |||
4265 | return crv; | |||
4266 | } | |||
4267 | ||||
4268 | crv = pFunctionList->C_GetOperationState(hSession, NULL((void*)0), &statelen); | |||
4269 | if (crv != CKR_OK0x00000000UL) { | |||
4270 | PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv, | |||
4271 | PKM_CK_RVtoStr(crv)); | |||
4272 | return crv; | |||
4273 | } | |||
4274 | ||||
4275 | pstate = (CK_BYTE_PTR)malloc(statelen * sizeof(CK_BYTE_PTR)); | |||
4276 | crv = pFunctionList->C_GetOperationState(hSession, pstate, &statelen); | |||
4277 | if (crv != CKR_OK0x00000000UL) { | |||
4278 | PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv, | |||
4279 | PKM_CK_RVtoStr(crv)); | |||
4280 | return crv; | |||
4281 | } | |||
4282 | ||||
4283 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_1, | |||
4284 | plainlen_1); | |||
4285 | if (crv != CKR_OK0x00000000UL) { | |||
4286 | PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv, | |||
4287 | PKM_CK_RVtoStr(crv)); | |||
4288 | return crv; | |||
4289 | } | |||
4290 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_2, | |||
4291 | plainlen_2); | |||
4292 | if (crv != CKR_OK0x00000000UL) { | |||
4293 | PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv, | |||
4294 | PKM_CK_RVtoStr(crv)); | |||
4295 | return crv; | |||
4296 | } | |||
4297 | ||||
4298 | /* | |||
4299 | * This will override/negate the above 2 digest_update | |||
4300 | * operations | |||
4301 | */ | |||
4302 | crv = pFunctionList->C_SetOperationState(hSession, pstate, statelen, | |||
4303 | 0, 0); | |||
4304 | if (crv != CKR_OK0x00000000UL) { | |||
4305 | PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv, | |||
4306 | PKM_CK_RVtoStr(crv)); | |||
4307 | return crv; | |||
4308 | } | |||
4309 | crv = pFunctionList->C_DigestFinal(hSession, (CK_BYTE_PTR)digest, | |||
4310 | &digestlen); | |||
4311 | if (crv != CKR_OK0x00000000UL) { | |||
4312 | PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv, | |||
4313 | PKM_CK_RVtoStr(crv)); | |||
4314 | return crv; | |||
4315 | } | |||
4316 | digestlen = MAX_DIGEST_SZ64; | |||
4317 | crv = pFunctionList->C_DigestInit(hSession, &digestmech); | |||
4318 | if (crv != CKR_OK0x00000000UL) { | |||
4319 | PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv, | |||
4320 | PKM_CK_RVtoStr(crv)); | |||
4321 | return crv; | |||
4322 | } | |||
4323 | crv = pFunctionList->C_Digest(hSession, (CK_BYTE_PTR)plaintext, plainlen, | |||
4324 | (CK_BYTE_PTR)digest_1, &digestlen); | |||
4325 | if (crv != CKR_OK0x00000000UL) { | |||
4326 | PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv, | |||
4327 | PKM_CK_RVtoStr(crv)); | |||
4328 | return crv; | |||
4329 | } | |||
4330 | if (memcmp(digest, digest_1, digestlen) == 0) { | |||
4331 | PKM_LogIt("Digest and digest_1 are equal!\n"); | |||
4332 | } else { | |||
4333 | PKM_Error("Digest and digest_1 are not equal!\n"); | |||
4334 | } | |||
4335 | crv = pFunctionList->C_Logout(hSession); | |||
4336 | if (crv == CKR_OK0x00000000UL) { | |||
4337 | PKM_LogIt("C_Logout succeeded\n"); | |||
4338 | } else { | |||
4339 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
4340 | PKM_CK_RVtoStr(crv)); | |||
4341 | return crv; | |||
4342 | } | |||
4343 | crv = pFunctionList->C_CloseSession(hSession); | |||
4344 | if (CKR_OK0x00000000UL != crv) { | |||
4345 | PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n", | |||
4346 | hSession, crv, PKM_CK_RVtoStr(crv)); | |||
4347 | return crv; | |||
4348 | } | |||
4349 | ||||
4350 | return crv; | |||
4351 | } | |||
4352 | ||||
4353 | /* | |||
4354 | * Recover Functions | |||
4355 | */ | |||
4356 | CK_RV | |||
4357 | PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList, | |||
4358 | CK_SESSION_HANDLE hSession, | |||
4359 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, | |||
4360 | CK_MECHANISM *signMech, const CK_BYTE *pData, | |||
4361 | CK_ULONG pDataLen) | |||
4362 | { | |||
4363 | CK_RV crv = CKR_OK0x00000000UL; | |||
4364 | CK_BYTE sig[MAX_SIG_SZ128]; | |||
4365 | CK_ULONG sigLen = MAX_SIG_SZ128; | |||
4366 | CK_BYTE recover[MAX_SIG_SZ128]; | |||
4367 | CK_ULONG recoverLen = MAX_SIG_SZ128; | |||
4368 | ||||
4369 | NUMTESTS++; /* increment NUMTESTS */ | |||
4370 | ||||
4371 | /* initializes a signature operation, | |||
4372 | * where the data can be recovered from the signature | |||
4373 | */ | |||
4374 | crv = pFunctionList->C_SignRecoverInit(hSession, signMech, | |||
4375 | hPrivKey); | |||
4376 | if (crv == CKR_OK0x00000000UL) { | |||
4377 | PKM_LogIt("C_SignRecoverInit succeeded. \n"); | |||
4378 | } else { | |||
4379 | PKM_Error("C_SignRecoverInit failed.\n" | |||
4380 | "with 0x%08X, %-26s\n", | |||
4381 | crv, PKM_CK_RVtoStr(crv)); | |||
4382 | return crv; | |||
4383 | } | |||
4384 | ||||
4385 | /* signs single-part data, | |||
4386 | * where the data can be recovered from the signature | |||
4387 | */ | |||
4388 | crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE *)pData, | |||
4389 | pDataLen, | |||
4390 | (CK_BYTE *)sig, &sigLen); | |||
4391 | if (crv == CKR_OK0x00000000UL) { | |||
4392 | PKM_LogIt("C_SignRecover succeeded. \n"); | |||
4393 | } else { | |||
4394 | PKM_Error("C_SignRecoverInit failed to create an RSA key pair.\n" | |||
4395 | "with 0x%08X, %-26s\n", | |||
4396 | crv, PKM_CK_RVtoStr(crv)); | |||
4397 | return crv; | |||
4398 | } | |||
4399 | ||||
4400 | /* | |||
4401 | * initializes a verification operation | |||
4402 | *where the data is recovered from the signature | |||
4403 | */ | |||
4404 | crv = pFunctionList->C_VerifyRecoverInit(hSession, signMech, | |||
4405 | hPubKey); | |||
4406 | if (crv == CKR_OK0x00000000UL) { | |||
4407 | PKM_LogIt("C_VerifyRecoverInit succeeded. \n"); | |||
4408 | } else { | |||
4409 | PKM_Error("C_VerifyRecoverInit failed.\n" | |||
4410 | "with 0x%08X, %-26s\n", | |||
4411 | crv, PKM_CK_RVtoStr(crv)); | |||
4412 | return crv; | |||
4413 | } | |||
4414 | ||||
4415 | /* | |||
4416 | * verifies a signature on single-part data, | |||
4417 | * where the data is recovered from the signature | |||
4418 | */ | |||
4419 | crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE *)sig, | |||
4420 | sigLen, | |||
4421 | (CK_BYTE *)recover, &recoverLen); | |||
4422 | if (crv == CKR_OK0x00000000UL) { | |||
4423 | PKM_LogIt("C_VerifyRecover succeeded. \n"); | |||
4424 | } else { | |||
4425 | PKM_Error("C_VerifyRecover failed.\n" | |||
4426 | "with 0x%08X, %-26s\n", | |||
4427 | crv, PKM_CK_RVtoStr(crv)); | |||
4428 | return crv; | |||
4429 | } | |||
4430 | ||||
4431 | if ((recoverLen == pDataLen) && | |||
4432 | (memcmp(recover, pData, pDataLen) == 0)) { | |||
4433 | PKM_LogIt("VerifyRecover test case passed\n"); | |||
4434 | } else { | |||
4435 | PKM_Error("VerifyRecover test case failed\n"); | |||
4436 | } | |||
4437 | ||||
4438 | return crv; | |||
4439 | } | |||
4440 | /* | |||
4441 | * wrapUnwrap | |||
4442 | * wrap the secretkey with the public key. | |||
4443 | * unwrap the secretkey with the private key. | |||
4444 | */ | |||
4445 | CK_RV | |||
4446 | PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList, | |||
4447 | CK_SESSION_HANDLE hSession, | |||
4448 | CK_OBJECT_HANDLE hPublicKey, | |||
4449 | CK_OBJECT_HANDLE hPrivateKey, | |||
4450 | CK_MECHANISM *wrapMechanism, | |||
4451 | CK_OBJECT_HANDLE hSecretKey, | |||
4452 | CK_ATTRIBUTE *sKeyTemplate, | |||
4453 | CK_ULONG skeyTempSize) | |||
4454 | { | |||
4455 | CK_RV crv = CKR_OK0x00000000UL; | |||
4456 | CK_OBJECT_HANDLE hSecretKeyUnwrapped = CK_INVALID_HANDLE0; | |||
4457 | CK_BYTE wrappedKey[128]; | |||
4458 | CK_ULONG ulWrappedKeyLen = 0; | |||
4459 | ||||
4460 | NUMTESTS++; /* increment NUMTESTS */ | |||
4461 | ||||
4462 | ulWrappedKeyLen = sizeof(wrappedKey); | |||
4463 | crv = pFunctionList->C_WrapKey( | |||
4464 | hSession, wrapMechanism, | |||
4465 | hPublicKey, hSecretKey, | |||
4466 | wrappedKey, &ulWrappedKeyLen); | |||
4467 | if (crv == CKR_OK0x00000000UL) { | |||
4468 | PKM_LogIt("C_WrapKey succeeded\n"); | |||
4469 | } else { | |||
4470 | PKM_Error("C_WrapKey failed with 0x%08X, %-26s\n", crv, | |||
4471 | PKM_CK_RVtoStr(crv)); | |||
4472 | return crv; | |||
4473 | } | |||
4474 | crv = pFunctionList->C_UnwrapKey( | |||
4475 | hSession, wrapMechanism, hPrivateKey, | |||
4476 | wrappedKey, ulWrappedKeyLen, sKeyTemplate, | |||
4477 | skeyTempSize, | |||
4478 | &hSecretKeyUnwrapped); | |||
4479 | if ((crv == CKR_OK0x00000000UL) && (hSecretKeyUnwrapped != CK_INVALID_HANDLE0)) { | |||
4480 | PKM_LogIt("C_UnwrapKey succeeded\n"); | |||
4481 | } else { | |||
4482 | PKM_Error("C_UnwrapKey failed with 0x%08X, %-26s\n", crv, | |||
4483 | PKM_CK_RVtoStr(crv)); | |||
4484 | return crv; | |||
4485 | } | |||
4486 | ||||
4487 | return crv; | |||
4488 | } | |||
4489 | ||||
4490 | /* | |||
4491 | * Tests if the object's attributes match the expected_attrs | |||
4492 | */ | |||
4493 | CK_RV | |||
4494 | PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList, | |||
4495 | CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj, | |||
4496 | CK_ATTRIBUTE_PTR expected_attrs, | |||
4497 | CK_ULONG expected_attrs_count) | |||
4498 | { | |||
4499 | CK_RV crv; | |||
4500 | CK_ATTRIBUTE_PTR tmp_attrs; | |||
4501 | unsigned int i; | |||
4502 | ||||
4503 | NUMTESTS++; /* increment NUMTESTS */ | |||
4504 | ||||
4505 | /* First duplicate the themplate */ | |||
4506 | tmp_attrs = malloc(expected_attrs_count * sizeof(CK_ATTRIBUTE)); | |||
4507 | ||||
4508 | if (tmp_attrs == NULL((void*)0)) { | |||
4509 | PKM_Error("Internal test memory failure\n"); | |||
4510 | return (CKR_HOST_MEMORY0x00000002UL); | |||
4511 | } | |||
4512 | ||||
4513 | for (i = 0; i < expected_attrs_count; i++) { | |||
4514 | tmp_attrs[i].type = expected_attrs[i].type; | |||
4515 | tmp_attrs[i].ulValueLen = expected_attrs[i].ulValueLen; | |||
4516 | ||||
4517 | /* Don't give away the expected one. just zeros */ | |||
4518 | tmp_attrs[i].pValue = calloc(expected_attrs[i].ulValueLen, 1); | |||
4519 | ||||
4520 | if (tmp_attrs[i].pValue == NULL((void*)0)) { | |||
4521 | unsigned int j; | |||
4522 | for (j = 0; j < i; j++) | |||
4523 | free(tmp_attrs[j].pValue); | |||
4524 | ||||
4525 | free(tmp_attrs); | |||
4526 | printf("Internal test memory failure\n"); | |||
4527 | return (CKR_HOST_MEMORY0x00000002UL); | |||
4528 | } | |||
4529 | } | |||
4530 | ||||
4531 | /* then get the attributes from the object */ | |||
4532 | crv = pFunctionList->C_GetAttributeValue(hSession, obj, tmp_attrs, | |||
4533 | expected_attrs_count); | |||
4534 | if (crv != CKR_OK0x00000000UL) { | |||
4535 | PKM_Error("C_GetAttributeValue failed with 0x%08X, %-26s\n", crv, | |||
4536 | PKM_CK_RVtoStr(crv)); | |||
4537 | crv = CKR_FUNCTION_FAILED0x00000006UL; | |||
4538 | goto out; | |||
4539 | } | |||
4540 | ||||
4541 | /* Finally compare with the expected ones */ | |||
4542 | for (i = 0; i < expected_attrs_count; i++) { | |||
4543 | ||||
4544 | if (memcmp(tmp_attrs[i].pValue, expected_attrs[i].pValue, | |||
4545 | expected_attrs[i].ulValueLen) != 0) { | |||
4546 | PKM_LogIt("comparing attribute type 0x%x with expected 0x%x\n", | |||
4547 | tmp_attrs[i].type, expected_attrs[i].type); | |||
4548 | PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n", | |||
4549 | tmp_attrs[i].pValue, expected_attrs[i].pValue); | |||
4550 | /* don't report error at this time */ | |||
4551 | } | |||
4552 | } | |||
4553 | ||||
4554 | out: | |||
4555 | for (i = 0; i < expected_attrs_count; i++) | |||
4556 | free(tmp_attrs[i].pValue); | |||
4557 | free(tmp_attrs); | |||
4558 | return (crv); | |||
4559 | } | |||
4560 | ||||
4561 | /* | |||
4562 | * Check the validity of a mech | |||
4563 | */ | |||
4564 | CK_RV | |||
4565 | PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, | |||
4566 | CK_MECHANISM_TYPE mechType, CK_FLAGS flags, | |||
4567 | CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize) | |||
4568 | { | |||
4569 | CK_SESSION_INFO sess_info; | |||
4570 | CK_MECHANISM_INFO mech_info; | |||
4571 | CK_RV crv; | |||
4572 | ||||
4573 | NUMTESTS++; /* increment NUMTESTS */ | |||
4574 | ||||
4575 | if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info)) != | |||
4576 | CKR_OK0x00000000UL) { | |||
4577 | PKM_Error("C_GetSessionInfo failed with 0x%08X, %-26s\n", crv, | |||
4578 | PKM_CK_RVtoStr(crv)); | |||
4579 | return (CKR_FUNCTION_FAILED0x00000006UL); | |||
4580 | } | |||
4581 | ||||
4582 | crv = pFunctionList->C_GetMechanismInfo(0, mechType, | |||
4583 | &mech_info); | |||
4584 | ||||
4585 | crv = pFunctionList->C_GetMechanismInfo(sess_info.slotID, mechType, | |||
4586 | &mech_info); | |||
4587 | ||||
4588 | if (crv != CKR_OK0x00000000UL) { | |||
4589 | PKM_Error("C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv, | |||
4590 | PKM_CK_RVtoStr(crv)); | |||
4591 | return (CKR_FUNCTION_FAILED0x00000006UL); | |||
4592 | } | |||
4593 | ||||
4594 | if ((mech_info.flags & flags) == 0) { | |||
4595 | PKM_Error("0x%x flag missing from mech\n", flags); | |||
4596 | return (CKR_MECHANISM_INVALID0x00000070UL); | |||
4597 | } | |||
4598 | if (!check_sizes) | |||
4599 | return (CKR_OK0x00000000UL); | |||
4600 | ||||
4601 | if (mech_info.ulMinKeySize != minkeysize) { | |||
4602 | PKM_Error("Bad MinKeySize %d expected %d\n", mech_info.ulMinKeySize, | |||
4603 | minkeysize); | |||
4604 | return (CKR_MECHANISM_INVALID0x00000070UL); | |||
4605 | } | |||
4606 | if (mech_info.ulMaxKeySize != maxkeysize) { | |||
4607 | PKM_Error("Bad MaxKeySize %d expected %d\n", mech_info.ulMaxKeySize, | |||
4608 | maxkeysize); | |||
4609 | return (CKR_MECHANISM_INVALID0x00000070UL); | |||
4610 | } | |||
4611 | return (CKR_OK0x00000000UL); | |||
4612 | } | |||
4613 | ||||
4614 | /* | |||
4615 | * Can be called with a non-null premaster_key_len for the | |||
4616 | * *_DH mechanisms. In that case, no checking for the matching of | |||
4617 | * the expected results is done. | |||
4618 | * The rnd argument tells which correct/bogus randomInfo to use. | |||
4619 | */ | |||
4620 | CK_RV | |||
4621 | PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList, | |||
4622 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
4623 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, | |||
4624 | CK_MECHANISM_TYPE mechType, | |||
4625 | enum_random_t rnd) | |||
4626 | { | |||
4627 | CK_SESSION_HANDLE hSession; | |||
4628 | CK_RV crv; | |||
4629 | CK_MECHANISM mk_mech; | |||
4630 | CK_VERSION version; | |||
4631 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; | |||
4632 | CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL; | |||
4633 | CK_BBOOL derive_bool = true; | |||
4634 | CK_ATTRIBUTE attrs[4]; | |||
4635 | CK_ULONG attrs_count = 4; | |||
4636 | CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE0; | |||
4637 | CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE0; | |||
4638 | CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params; | |||
4639 | CK_MECHANISM skmd_mech; | |||
4640 | ||||
4641 | CK_BBOOL isDH = false; | |||
4642 | ||||
4643 | NUMTESTS++; /* increment NUMTESTS */ | |||
4644 | ||||
4645 | attrs[0].type = CKA_CLASS0x00000000UL; | |||
4646 | attrs[0].pValue = &class; | |||
4647 | attrs[0].ulValueLen = sizeof(class); | |||
4648 | attrs[1].type = CKA_KEY_TYPE0x00000100UL; | |||
4649 | attrs[1].pValue = &type; | |||
4650 | attrs[1].ulValueLen = sizeof(type); | |||
4651 | attrs[2].type = CKA_DERIVE0x0000010CUL; | |||
4652 | attrs[2].pValue = &derive_bool; | |||
4653 | attrs[2].ulValueLen = sizeof(derive_bool); | |||
4654 | attrs[3].type = CKA_VALUE0x00000011UL; | |||
4655 | attrs[3].pValue = NULL((void*)0); | |||
4656 | attrs[3].ulValueLen = 0; | |||
4657 | ||||
4658 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
4659 | NULL((void*)0), NULL((void*)0), &hSession); | |||
4660 | if (crv != CKR_OK0x00000000UL) { | |||
4661 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
4662 | PKM_CK_RVtoStr(crv)); | |||
4663 | return crv; | |||
4664 | } | |||
4665 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
4666 | if (crv == CKR_OK0x00000000UL) { | |||
4667 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
4668 | } else { | |||
4669 | PKM_Error("C_Login with correct password failed " | |||
4670 | "with 0x%08X, %-26s\n", | |||
4671 | crv, PKM_CK_RVtoStr(crv)); | |||
4672 | return crv; | |||
4673 | } | |||
4674 | ||||
4675 | /* Before all, check if the mechanism is supported correctly */ | |||
4676 | if (MODE == FIPSMODE0) { | |||
4677 | crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE0x00080000UL, false, | |||
4678 | 0, 0); | |||
4679 | if (crv != CKR_OK0x00000000UL) { | |||
4680 | PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv, | |||
4681 | PKM_CK_RVtoStr(crv)); | |||
4682 | return (crv); | |||
4683 | } | |||
4684 | } | |||
4685 | ||||
4686 | mk_mech.mechanism = mechType; | |||
4687 | mk_mech.pParameter = &mkd_params; | |||
4688 | mk_mech.ulParameterLen = sizeof(mkd_params); | |||
4689 | ||||
4690 | switch (mechType) { | |||
4691 | case CKM_TLS_MASTER_KEY_DERIVE_DH0x00000377UL: | |||
4692 | isDH = true; | |||
4693 | /* FALLTHRU */ | |||
4694 | case CKM_TLS_MASTER_KEY_DERIVE0x00000375UL: | |||
4695 | attrs[3].pValue = NULL((void*)0); | |||
4696 | attrs[3].ulValueLen = 0; | |||
4697 | ||||
4698 | mkd_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom; | |||
4699 | mkd_params.RandomInfo.ulClientRandomLen = | |||
4700 | sizeof(TLSClientRandom); | |||
4701 | mkd_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom; | |||
4702 | mkd_params.RandomInfo.ulServerRandomLen = | |||
4703 | sizeof(TLSServerRandom); | |||
4704 | break; | |||
4705 | } | |||
4706 | mkd_params.pVersion = (!isDH) ? &version : NULL((void*)0); | |||
4707 | ||||
4708 | /* First create the pre-master secret key */ | |||
4709 | ||||
4710 | skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL; | |||
4711 | skmd_mech.pParameter = &mkd_params; | |||
4712 | skmd_mech.ulParameterLen = sizeof(mkd_params); | |||
4713 | ||||
4714 | crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech, | |||
4715 | attrs, | |||
4716 | attrs_count, | |||
4717 | &pmk_obj); | |||
4718 | if (crv == CKR_OK0x00000000UL) { | |||
4719 | PKM_LogIt("C_GenerateKey succeeded\n"); | |||
4720 | } else { | |||
4721 | PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv, | |||
4722 | PKM_CK_RVtoStr(crv)); | |||
4723 | return crv; | |||
4724 | } | |||
4725 | /* Test the bad cases */ | |||
4726 | switch (rnd) { | |||
4727 | case CORRECT: | |||
4728 | goto correct; | |||
4729 | ||||
4730 | case BOGUS_CLIENT_RANDOM: | |||
4731 | mkd_params.RandomInfo.pClientRandom = NULL((void*)0); | |||
4732 | break; | |||
4733 | ||||
4734 | case BOGUS_CLIENT_RANDOM_LEN: | |||
4735 | mkd_params.RandomInfo.ulClientRandomLen = 0; | |||
4736 | break; | |||
4737 | ||||
4738 | case BOGUS_SERVER_RANDOM: | |||
4739 | mkd_params.RandomInfo.pServerRandom = NULL((void*)0); | |||
4740 | break; | |||
4741 | ||||
4742 | case BOGUS_SERVER_RANDOM_LEN: | |||
4743 | mkd_params.RandomInfo.ulServerRandomLen = 0; | |||
4744 | break; | |||
4745 | } | |||
4746 | crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL((void*)0), 0, | |||
4747 | &mk_obj); | |||
4748 | if (crv != CKR_MECHANISM_PARAM_INVALID0x00000071UL) { | |||
4749 | PKM_LogIt("C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv, | |||
4750 | PKM_CK_RVtoStr(crv)); | |||
4751 | } else { | |||
4752 | PKM_Error("C_DeriveKey did not fail with bad data \n"); | |||
4753 | } | |||
4754 | goto out; | |||
4755 | ||||
4756 | correct: | |||
4757 | /* Now derive the master secret key */ | |||
4758 | crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL((void*)0), 0, | |||
4759 | &mk_obj); | |||
4760 | if (crv == CKR_OK0x00000000UL) { | |||
4761 | PKM_LogIt("C_DeriveKey succeeded\n"); | |||
4762 | } else { | |||
4763 | PKM_Error("C_DeriveKey failed with 0x%08X, %-26s\n", crv, | |||
4764 | PKM_CK_RVtoStr(crv)); | |||
4765 | return crv; | |||
4766 | } | |||
4767 | ||||
4768 | out: | |||
4769 | if (pmk_obj != CK_INVALID_HANDLE0) | |||
4770 | (void)pFunctionList->C_DestroyObject(hSession, pmk_obj); | |||
4771 | if (mk_obj != CK_INVALID_HANDLE0) | |||
4772 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); | |||
4773 | crv = pFunctionList->C_Logout(hSession); | |||
4774 | ||||
4775 | if (crv == CKR_OK0x00000000UL) { | |||
4776 | PKM_LogIt("C_Logout succeeded\n"); | |||
4777 | } else { | |||
4778 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
4779 | PKM_CK_RVtoStr(crv)); | |||
4780 | return crv; | |||
4781 | } | |||
4782 | ||||
4783 | crv = pFunctionList->C_CloseSession(hSession); | |||
4784 | if (crv != CKR_OK0x00000000UL) { | |||
4785 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
4786 | PKM_CK_RVtoStr(crv)); | |||
4787 | return crv; | |||
4788 | } | |||
4789 | return (crv); | |||
4790 | } | |||
4791 | ||||
4792 | CK_RV | |||
4793 | PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList, | |||
4794 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, | |||
4795 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, | |||
4796 | CK_MECHANISM_TYPE mechType, enum_random_t rnd) | |||
4797 | { | |||
4798 | CK_SESSION_HANDLE hSession; | |||
4799 | CK_RV crv; | |||
4800 | CK_MECHANISM kmd_mech; | |||
4801 | CK_MECHANISM skmd_mech; | |||
4802 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; | |||
4803 | CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL; | |||
4804 | CK_BBOOL derive_bool = true; | |||
4805 | CK_BBOOL sign_bool = true, verify_bool = true; | |||
4806 | CK_BBOOL encrypt_bool = true, decrypt_bool = true; | |||
4807 | CK_ULONG value_len; | |||
4808 | ||||
4809 | /* | |||
4810 | * We arrange this template so that: | |||
4811 | * . Attributes 0-6 are good for a MAC key comparison template. | |||
4812 | * . Attributes 2-5 are good for the master key creation template. | |||
4813 | * . Attributes 3-8 are good for a cipher key comparison template. | |||
4814 | */ | |||
4815 | CK_ATTRIBUTE attrs[9]; | |||
4816 | ||||
4817 | CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE0; | |||
4818 | CK_SSL3_KEY_MAT_PARAMS km_params; | |||
4819 | CK_SSL3_KEY_MAT_OUT kmo; | |||
4820 | CK_BYTE IVClient[8]; | |||
4821 | CK_BYTE IVServer[8]; | |||
4822 | ||||
4823 | NUMTESTS++; /* increment NUMTESTS */ | |||
4824 | ||||
4825 | attrs[0].type = CKA_SIGN0x00000108UL; | |||
4826 | attrs[0].pValue = &sign_bool; | |||
4827 | attrs[0].ulValueLen = sizeof(sign_bool); | |||
4828 | attrs[1].type = CKA_VERIFY0x0000010AUL; | |||
4829 | attrs[1].pValue = &verify_bool; | |||
4830 | attrs[1].ulValueLen = sizeof(verify_bool); | |||
4831 | attrs[2].type = CKA_KEY_TYPE0x00000100UL; | |||
4832 | attrs[2].pValue = &type; | |||
4833 | attrs[2].ulValueLen = sizeof(type); | |||
4834 | attrs[3].type = CKA_CLASS0x00000000UL; | |||
4835 | attrs[3].pValue = &class; | |||
4836 | attrs[3].ulValueLen = sizeof(class); | |||
4837 | attrs[4].type = CKA_DERIVE0x0000010CUL; | |||
4838 | attrs[4].pValue = &derive_bool; | |||
4839 | attrs[4].ulValueLen = sizeof(derive_bool); | |||
4840 | attrs[5].type = CKA_VALUE0x00000011UL; | |||
4841 | attrs[5].pValue = NULL((void*)0); | |||
4842 | attrs[5].ulValueLen = 0; | |||
4843 | attrs[6].type = CKA_VALUE_LEN0x00000161UL; | |||
4844 | attrs[6].pValue = &value_len; | |||
4845 | attrs[6].ulValueLen = sizeof(value_len); | |||
4846 | attrs[7].type = CKA_ENCRYPT0x00000104UL; | |||
4847 | attrs[7].pValue = &encrypt_bool; | |||
4848 | attrs[7].ulValueLen = sizeof(encrypt_bool); | |||
4849 | attrs[8].type = CKA_DECRYPT0x00000105UL; | |||
4850 | attrs[8].pValue = &decrypt_bool; | |||
4851 | attrs[8].ulValueLen = sizeof(decrypt_bool); | |||
4852 | ||||
4853 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, | |||
4854 | NULL((void*)0), NULL((void*)0), &hSession); | |||
4855 | if (crv != CKR_OK0x00000000UL) { | |||
4856 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, | |||
4857 | PKM_CK_RVtoStr(crv)); | |||
4858 | return crv; | |||
4859 | } | |||
4860 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); | |||
4861 | if (crv == CKR_OK0x00000000UL) { | |||
4862 | PKM_LogIt("C_Login with correct password succeeded\n"); | |||
4863 | } else { | |||
4864 | PKM_Error("C_Login with correct password failed " | |||
4865 | "with 0x%08X, %-26s\n", | |||
4866 | crv, PKM_CK_RVtoStr(crv)); | |||
4867 | return crv; | |||
4868 | } | |||
4869 | ||||
4870 | /* Before all, check if the mechanism is supported correctly */ | |||
4871 | if (MODE == FIPSMODE0) { | |||
4872 | crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE0x00080000UL, | |||
4873 | CK_TRUE1, 48, 48); | |||
4874 | ||||
4875 | if (crv != CKR_OK0x00000000UL) { | |||
4876 | PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv, | |||
4877 | PKM_CK_RVtoStr(crv)); | |||
4878 | return (crv); | |||
4879 | } | |||
4880 | } | |||
4881 | kmd_mech.mechanism = mechType; | |||
4882 | kmd_mech.pParameter = &km_params; | |||
4883 | kmd_mech.ulParameterLen = sizeof(km_params); | |||
4884 | ||||
4885 | km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */ | |||
4886 | km_params.ulKeySizeInBits = 192; /* 3DES key size */ | |||
4887 | km_params.ulIVSizeInBits = 64; /* 3DES block size */ | |||
4888 | km_params.pReturnedKeyMaterial = &kmo; | |||
4889 | km_params.bIsExport = false; | |||
4890 | kmo.hClientMacSecret = CK_INVALID_HANDLE0; | |||
4891 | kmo.hServerMacSecret = CK_INVALID_HANDLE0; | |||
4892 | kmo.hClientKey = CK_INVALID_HANDLE0; | |||
4893 | kmo.hServerKey = CK_INVALID_HANDLE0; | |||
4894 | kmo.pIVClient = IVClient; | |||
4895 | kmo.pIVServer = IVServer; | |||
4896 | ||||
4897 | skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL; | |||
4898 | skmd_mech.pParameter = &km_params; | |||
4899 | skmd_mech.ulParameterLen = sizeof(km_params); | |||
4900 | ||||
4901 | crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech, | |||
4902 | &attrs[2], | |||
4903 | 4, | |||
4904 | &mk_obj); | |||
4905 | if (crv == CKR_OK0x00000000UL) { | |||
4906 | PKM_LogIt("C_GenerateKey succeeded\n"); | |||
4907 | } else { | |||
4908 | PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv, | |||
4909 | PKM_CK_RVtoStr(crv)); | |||
4910 | return crv; | |||
4911 | } | |||
4912 | ||||
4913 | attrs[5].pValue = NULL((void*)0); | |||
4914 | attrs[5].ulValueLen = 0; | |||
4915 | ||||
4916 | km_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom; | |||
4917 | km_params.RandomInfo.ulClientRandomLen = | |||
4918 | sizeof(TLSClientRandom); | |||
4919 | km_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom; | |||
4920 | km_params.RandomInfo.ulServerRandomLen = | |||
4921 | sizeof(TLSServerRandom); | |||
4922 | ||||
4923 | /* Test the bad cases */ | |||
4924 | switch (rnd) { | |||
4925 | case CORRECT: | |||
4926 | goto correct; | |||
4927 | ||||
4928 | case BOGUS_CLIENT_RANDOM: | |||
4929 | km_params.RandomInfo.pClientRandom = NULL((void*)0); | |||
4930 | break; | |||
4931 | ||||
4932 | case BOGUS_CLIENT_RANDOM_LEN: | |||
4933 | km_params.RandomInfo.ulClientRandomLen = 0; | |||
4934 | break; | |||
4935 | ||||
4936 | case BOGUS_SERVER_RANDOM: | |||
4937 | km_params.RandomInfo.pServerRandom = NULL((void*)0); | |||
4938 | break; | |||
4939 | ||||
4940 | case BOGUS_SERVER_RANDOM_LEN: | |||
4941 | km_params.RandomInfo.ulServerRandomLen = 0; | |||
4942 | break; | |||
4943 | } | |||
4944 | crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL((void*)0), 0, | |||
4945 | NULL((void*)0)); | |||
4946 | if (crv != CKR_MECHANISM_PARAM_INVALID0x00000071UL) { | |||
4947 | PKM_Error("key materials derivation returned unexpected " | |||
4948 | "error 0x%08X, %-26s\n", | |||
4949 | crv, PKM_CK_RVtoStr(crv)); | |||
4950 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); | |||
4951 | return (CKR_FUNCTION_FAILED0x00000006UL); | |||
4952 | } | |||
4953 | return (CKR_OK0x00000000UL); | |||
4954 | ||||
4955 | correct: | |||
4956 | /* | |||
4957 | * Then use the master key and the client 'n server random data to | |||
4958 | * derive the key materials | |||
4959 | */ | |||
4960 | crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL((void*)0), 0, | |||
4961 | NULL((void*)0)); | |||
4962 | if (crv != CKR_OK0x00000000UL) { | |||
4963 | PKM_Error("Cannot derive the key materials, crv 0x%08X, %-26s\n", | |||
4964 | crv, PKM_CK_RVtoStr(crv)); | |||
4965 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); | |||
4966 | return (crv); | |||
4967 | } | |||
4968 | ||||
4969 | if (mk_obj != CK_INVALID_HANDLE0) | |||
4970 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); | |||
4971 | if (kmo.hClientMacSecret != CK_INVALID_HANDLE0) | |||
4972 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret); | |||
4973 | if (kmo.hServerMacSecret != CK_INVALID_HANDLE0) | |||
4974 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret); | |||
4975 | if (kmo.hClientKey != CK_INVALID_HANDLE0) | |||
4976 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientKey); | |||
4977 | if (kmo.hServerKey != CK_INVALID_HANDLE0) | |||
4978 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerKey); | |||
4979 | ||||
4980 | crv = pFunctionList->C_Logout(hSession); | |||
4981 | if (crv == CKR_OK0x00000000UL) { | |||
4982 | PKM_LogIt("C_Logout succeeded\n"); | |||
4983 | } else { | |||
4984 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, | |||
4985 | PKM_CK_RVtoStr(crv)); | |||
4986 | return crv; | |||
4987 | } | |||
4988 | crv = pFunctionList->C_CloseSession(hSession); | |||
4989 | if (crv != CKR_OK0x00000000UL) { | |||
4990 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, | |||
4991 | PKM_CK_RVtoStr(crv)); | |||
4992 | return crv; | |||
4993 | } | |||
4994 | ||||
4995 | return (crv); | |||
4996 | } | |||
4997 | ||||
4998 | CK_RV | |||
4999 | PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList, | |||
5000 | CK_SESSION_HANDLE hRwSession, | |||
5001 | CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey, | |||
5002 | CK_MECHANISM *sigMech, | |||
5003 | CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech, | |||
5004 | const CK_BYTE *pData, CK_ULONG pDataLen) | |||
5005 | { | |||
5006 | ||||
5007 | CK_RV crv = CKR_OK0x00000000UL; | |||
5008 | CK_BYTE encryptedData[MAX_CIPHER_SZ128]; | |||
5009 | CK_ULONG ulEncryptedDataLen = 0; | |||
5010 | CK_ULONG ulLastUpdateSize = 0; | |||
5011 | CK_BYTE sig[MAX_SIG_SZ128]; | |||
5012 | CK_ULONG ulSigLen = 0; | |||
5013 | CK_BYTE data[MAX_DATA_SZ64]; | |||
5014 | CK_ULONG ulDataLen = 0; | |||
5015 | ||||
5016 | memset(encryptedData, 0, sizeof(encryptedData)); | |||
5017 | memset(sig, 0, sizeof(sig)); | |||
5018 | memset(data, 0, sizeof(data)); | |||
5019 | ||||
5020 | NUMTESTS++; /* increment NUMTESTS */ | |||
5021 | ||||
5022 | /* Check that the mechanism is Multi-part */ | |||
5023 | if (sigMech->mechanism == CKM_DSA0x00000011UL || sigMech->mechanism == CKM_RSA_PKCS0x00000001UL) { | |||
5024 | PKM_Error("PKM_DualFuncSign must be called with a Multi-part " | |||
5025 | "operation mechanism\n"); | |||
5026 | return CKR_DEVICE_ERROR0x00000030UL; | |||
5027 | } | |||
5028 | ||||
5029 | /* Sign and Encrypt */ | |||
5030 | if (privateKey == 0 && publicKey == 0) { | |||
5031 | crv = pFunctionList->C_SignInit(hRwSession, sigMech, secretKey); | |||
5032 | if (crv != CKR_OK0x00000000UL) { | |||
5033 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, | |||
5034 | PKM_CK_RVtoStr(crv)); | |||
5035 | return crv; | |||
5036 | } | |||
5037 | } else { | |||
5038 | crv = pFunctionList->C_SignInit(hRwSession, sigMech, privateKey); | |||
5039 | if (crv != CKR_OK0x00000000UL) { | |||
5040 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, | |||
5041 | PKM_CK_RVtoStr(crv)); | |||
5042 | return crv; | |||
5043 | } | |||
5044 | } | |||
5045 | crv = pFunctionList->C_EncryptInit(hRwSession, cryptMech, secretKey); | |||
5046 | if (crv != CKR_OK0x00000000UL) { | |||
5047 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, | |||
5048 | PKM_CK_RVtoStr(crv)); | |||
5049 | return crv; | |||
5050 | } | |||
5051 | ||||
5052 | ulEncryptedDataLen = sizeof(encryptedData); | |||
5053 | crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE *)pData, | |||
5054 | pDataLen, | |||
5055 | encryptedData, | |||
5056 | &ulEncryptedDataLen); | |||
5057 | if (crv != CKR_OK0x00000000UL) { | |||
5058 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, | |||
5059 | PKM_CK_RVtoStr(crv)); | |||
5060 | return crv; | |||
5061 | } | |||
5062 | ||||
5063 | ulLastUpdateSize = sizeof(encryptedData) - ulEncryptedDataLen; | |||
5064 | crv = pFunctionList->C_EncryptFinal(hRwSession, | |||
5065 | (CK_BYTE *)&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize); | |||
5066 | if (crv != CKR_OK0x00000000UL) { | |||
5067 | PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv, | |||
5068 | PKM_CK_RVtoStr(crv)); | |||
5069 | return crv; | |||
5070 | } | |||
5071 | ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize; | |||
5072 | ulSigLen = sizeof(sig); | |||
5073 | crv = pFunctionList->C_SignFinal(hRwSession, sig, &ulSigLen); | |||
5074 | if (crv != CKR_OK0x00000000UL) { | |||
5075 | PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv, | |||
5076 | PKM_CK_RVtoStr(crv)); | |||
5077 | return crv; | |||
5078 | } | |||
5079 | ||||
5080 | /* Decrypt and Verify */ | |||
5081 | ||||
5082 | crv = pFunctionList->C_DecryptInit(hRwSession, cryptMech, secretKey); | |||
5083 | if (crv != CKR_OK0x00000000UL) { | |||
5084 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, | |||
5085 | PKM_CK_RVtoStr(crv)); | |||
5086 | return crv; | |||
5087 | } | |||
5088 | crv = pFunctionList->C_VerifyInit(hRwSession, sigMech, | |||
5089 | publicKey); | |||
5090 | if (crv != CKR_OK0x00000000UL) { | |||
5091 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, | |||
5092 | PKM_CK_RVtoStr(crv)); | |||
5093 | return crv; | |||
5094 | } | |||
5095 | ||||
5096 | ulDataLen = sizeof(data); | |||
5097 | crv = pFunctionList->C_DecryptVerifyUpdate(hRwSession, | |||
5098 | encryptedData, | |||
5099 | ulEncryptedDataLen, | |||
5100 | data, &ulDataLen); | |||
5101 | if (crv != CKR_OK0x00000000UL) { | |||
5102 | PKM_Error("C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv, | |||
5103 | PKM_CK_RVtoStr(crv)); | |||
5104 | return crv; | |||
5105 | } | |||
5106 | ulLastUpdateSize = sizeof(data) - ulDataLen; | |||
5107 | /* Get last little piece of plaintext. Should have length 0 */ | |||
5108 | crv = pFunctionList->C_DecryptFinal(hRwSession, &data[ulDataLen], | |||
5109 | &ulLastUpdateSize); | |||
5110 | if (crv != CKR_OK0x00000000UL) { | |||
5111 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, | |||
5112 | PKM_CK_RVtoStr(crv)); | |||
5113 | return crv; | |||
5114 | } | |||
5115 | ||||
5116 | if (ulLastUpdateSize != 0) { | |||
5117 | crv = pFunctionList->C_VerifyUpdate(hRwSession, &data[ulDataLen], | |||
5118 | ulLastUpdateSize); | |||
5119 | if (crv != CKR_OK0x00000000UL) { | |||
5120 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, | |||
5121 | PKM_CK_RVtoStr(crv)); | |||
5122 | return crv; | |||
5123 | } | |||
5124 | } | |||
5125 | ulDataLen = ulDataLen + ulLastUpdateSize; | |||
5126 | ||||
5127 | /* input for the verify operation is the decrypted data */ | |||
5128 | crv = pFunctionList->C_VerifyFinal(hRwSession, sig, ulSigLen); | |||
5129 | if (crv == CKR_OK0x00000000UL) { | |||
5130 | PKM_LogIt("C_VerifyFinal succeeded\n"); | |||
5131 | } else { | |||
5132 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, | |||
5133 | PKM_CK_RVtoStr(crv)); | |||
5134 | return crv; | |||
5135 | } | |||
5136 | ||||
5137 | /* Comparison of Decrypted data with inputed data */ | |||
5138 | if ((ulDataLen == pDataLen) && | |||
5139 | (memcmp(data, pData, pDataLen) == 0)) { | |||
5140 | PKM_LogIt("PKM_DualFuncSign decrypt test case passed\n"); | |||
5141 | } else { | |||
5142 | PKM_Error("PKM_DualFuncSign derypt test case failed\n"); | |||
5143 | } | |||
5144 | ||||
5145 | return crv; | |||
5146 | } | |||
5147 | ||||
5148 | CK_RV | |||
5149 | PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList, | |||
5150 | CK_SESSION_HANDLE hSession, | |||
5151 | CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey, | |||
5152 | const CK_BYTE *pData, CK_ULONG pDataLen) | |||
5153 | { | |||
5154 | CK_RV crv = CKR_OK0x00000000UL; | |||
5155 | CK_BYTE digest1[MAX_DIGEST_SZ64]; | |||
5156 | CK_ULONG digest1Len = 0; | |||
5157 | CK_BYTE digest2[MAX_DIGEST_SZ64]; | |||
5158 | CK_ULONG digest2Len = 0; | |||
5159 | ||||
5160 | /* Tested with CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512 */ | |||
5161 | ||||
5162 | memset(digest1, 0, sizeof(digest1)); | |||
5163 | memset(digest2, 0, sizeof(digest2)); | |||
5164 | ||||
5165 | NUMTESTS++; /* increment NUMTESTS */ | |||
5166 | ||||
5167 | crv = pFunctionList->C_DigestInit(hSession, digestMech); | |||
5168 | if (crv != CKR_OK0x00000000UL) { | |||
5169 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, | |||
5170 | PKM_CK_RVtoStr(crv)); | |||
5171 | return crv; | |||
5172 | } | |||
5173 | digest1Len = sizeof(digest1); | |||
5174 | crv = pFunctionList->C_Digest(hSession, (CK_BYTE *)pData, pDataLen, | |||
5175 | digest1, &digest1Len); | |||
5176 | if (crv != CKR_OK0x00000000UL) { | |||
5177 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, | |||
5178 | PKM_CK_RVtoStr(crv)); | |||
5179 | return crv; | |||
5180 | } | |||
5181 | ||||
5182 | crv = pFunctionList->C_DigestInit(hSession, digestMech); | |||
5183 | if (crv != CKR_OK0x00000000UL) { | |||
5184 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, | |||
5185 | PKM_CK_RVtoStr(crv)); | |||
5186 | return crv; | |||
5187 | } | |||
5188 | ||||
5189 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE *)pData, pDataLen); | |||
5190 | if (crv != CKR_OK0x00000000UL) { | |||
5191 | PKM_Error("C_DigestUpdate failed with 0x%08X, %-26s\n", crv, | |||
5192 | PKM_CK_RVtoStr(crv)); | |||
5193 | return crv; | |||
5194 | } | |||
5195 | ||||
5196 | /* C_DigestKey continues a multiple-part message-digesting operation by*/ | |||
5197 | /* digesting the value of a secret key. (only used with C_DigestUpdate)*/ | |||
5198 | if (hSecretKey != 0) { | |||
5199 | crv = pFunctionList->C_DigestKey(hSession, hSecretKey); | |||
5200 | if (crv != CKR_OK0x00000000UL) { | |||
5201 | PKM_Error("C_DigestKey failed with 0x%08X, %-26s\n", crv, | |||
5202 | PKM_CK_RVtoStr(crv)); | |||
5203 | return crv; | |||
5204 | } | |||
5205 | } | |||
5206 | ||||
5207 | digest2Len = sizeof(digest2); | |||
5208 | crv = pFunctionList->C_DigestFinal(hSession, digest2, &digest2Len); | |||
5209 | if (crv != CKR_OK0x00000000UL) { | |||
5210 | PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv, | |||
5211 | PKM_CK_RVtoStr(crv)); | |||
5212 | return crv; | |||
5213 | } | |||
5214 | ||||
5215 | if (hSecretKey == 0) { | |||
5216 | /* did not digest a secret key so digests should equal */ | |||
5217 | if ((digest1Len == digest2Len) && | |||
5218 | (memcmp(digest1, digest2, digest1Len) == 0)) { | |||
5219 | PKM_LogIt("Single and Multiple-part message digest " | |||
5220 | "operations successful\n"); | |||
5221 | } else { | |||
5222 | PKM_Error("Single and Multiple-part message digest " | |||
5223 | "operations failed\n"); | |||
5224 | } | |||
5225 | } else { | |||
5226 | if (digest1Len == digest2Len) { | |||
5227 | PKM_LogIt("PKM_Digest Single and Multiple-part message digest " | |||
5228 | "operations successful\n"); | |||
5229 | } else { | |||
5230 | PKM_Error("PKM_Digest Single and Multiple-part message digest " | |||
5231 | "operations failed\n"); | |||
5232 | } | |||
5233 | } | |||
5234 | ||||
5235 | return crv; | |||
5236 | } | |||
5237 | ||||
5238 | char * | |||
5239 | PKM_FilePasswd(char *pwFile) | |||
5240 | { | |||
5241 | unsigned char phrase[500]; | |||
5242 | PRFileDesc *fd; | |||
5243 | PRInt32 nb; | |||
5244 | int i; | |||
5245 | ||||
5246 | if (!pwFile) | |||
5247 | return 0; | |||
5248 | ||||
5249 | fd = PR_Open(pwFile, PR_RDONLY0x01, 0); | |||
5250 | if (!fd) { | |||
5251 | fprintf(stderrstderr, "No password file \"%s\" exists.\n", pwFile); | |||
5252 | return NULL((void*)0); | |||
5253 | } | |||
5254 | ||||
5255 | nb = PR_Read(fd, phrase, sizeof(phrase)); | |||
5256 | ||||
5257 | PR_Close(fd); | |||
5258 | /* handle the Windows EOL case */ | |||
5259 | i = 0; | |||
5260 | while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) | |||
5261 | i++; | |||
5262 | phrase[i] = '\0'; | |||
5263 | if (nb == 0) { | |||
5264 | fprintf(stderrstderr, "password file contains no data\n"); | |||
5265 | return NULL((void*)0); | |||
5266 | } | |||
5267 | return (char *)strdup((char *)phrase); | |||
5268 | } | |||
5269 | ||||
5270 | void | |||
5271 | PKM_Help() | |||
5272 | { | |||
5273 | PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError); | |||
5274 | PR_fprintf(debug_out, "pk11mode test program usage:\n"); | |||
5275 | PR_fprintf(debug_out, "\t-f <file> Password File : echo pw > file \n"); | |||
5276 | PR_fprintf(debug_out, "\t-F Disable Unix fork tests\n"); | |||
5277 | PR_fprintf(debug_out, "\t-n Non Fips Mode \n"); | |||
5278 | PR_fprintf(debug_out, "\t-d <path> Database path location\n"); | |||
5279 | PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix\n"); | |||
5280 | PR_fprintf(debug_out, "\t-v verbose\n"); | |||
5281 | PR_fprintf(debug_out, "\t-h this help message\n"); | |||
5282 | exit(1); | |||
5283 | } | |||
5284 | ||||
5285 | void | |||
5286 | PKM_CheckPath(char *string) | |||
5287 | { | |||
5288 | char *src; | |||
5289 | char *dest; | |||
5290 | ||||
5291 | /* | |||
5292 | * windows support convert any back slashes to | |||
5293 | * forward slashes. | |||
5294 | */ | |||
5295 | for (src = string, dest = string; *src; src++, dest++) { | |||
5296 | if (*src == '\\') { | |||
5297 | *dest = '/'; | |||
5298 | } | |||
5299 | } | |||
5300 | dest--; | |||
5301 | /* if the last char is a / set it to 0 */ | |||
5302 | if (*dest == '/') | |||
5303 | *dest = 0; | |||
5304 | } | |||
5305 | ||||
5306 | CK_RV | |||
5307 | PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList, | |||
5308 | PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs) | |||
5309 | { | |||
5310 | CK_RV crv = CKR_OK0x00000000UL; | |||
5311 | #ifndef NO_FORK_CHECK | |||
5312 | int rc = -1; | |||
5313 | pid_t child, ret; | |||
5314 | NUMTESTS++; /* increment NUMTESTS */ | |||
5315 | if (forkAssert) { | |||
5316 | putenv("NSS_STRICT_NOFORK=1"); | |||
5317 | } else { | |||
5318 | putenv("NSS_STRICT_NOFORK=0"); | |||
5319 | } | |||
5320 | child = fork(); | |||
5321 | switch (child) { | |||
5322 | case -1: | |||
5323 | PKM_Error("Fork failed.\n"); | |||
5324 | crv = CKR_DEVICE_ERROR0x00000030UL; | |||
5325 | break; | |||
5326 | case 0: | |||
5327 | if (fList) { | |||
5328 | if (!initArgs) { | |||
5329 | /* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo | |||
5330 | * in the child. This call should always fail. | |||
5331 | * If softoken is uninitialized, | |||
5332 | * it fails with CKR_CRYPTOKI_NOT_INITIALIZED. | |||
5333 | * If it was initialized in the parent, the fork check should | |||
5334 | * kick in, and make it return CKR_DEVICE_ERROR. | |||
5335 | */ | |||
5336 | CK_RV child_crv = fList->C_GetTokenInfo(0, NULL((void*)0)); | |||
5337 | exit(child_crv & 255); | |||
5338 | } else { | |||
5339 | /* If softoken is loaded, make a PKCS#11 call to C_Initialize | |||
5340 | * in the child. This call should always fail. | |||
5341 | * If softoken is uninitialized, this should succeed. | |||
5342 | * If it was initialized in the parent, the fork check should | |||
5343 | * kick in, and make it return CKR_DEVICE_ERROR. | |||
5344 | */ | |||
5345 | CK_RV child_crv = fList->C_Initialize(initArgs); | |||
5346 | if (CKR_OK0x00000000UL == child_crv) { | |||
5347 | child_crv = fList->C_Finalize(NULL((void*)0)); | |||
5348 | } | |||
5349 | exit(child_crv & 255); | |||
5350 | } | |||
5351 | } | |||
5352 | exit(expected & 255); | |||
5353 | default: | |||
5354 | PKM_LogIt("Fork succeeded.\n"); | |||
5355 | ret = wait(&rc); | |||
5356 | if (ret != child || (!WIFEXITED(rc)(((rc) & 0x7f) == 0)) || | |||
5357 | ((expected & 255) != (WEXITSTATUS(rc)(((rc) & 0xff00) >> 8) & 255))) { | |||
5358 | int retStatus = -1; | |||
5359 | if (WIFEXITED(rc)(((rc) & 0x7f) == 0)) { | |||
5360 | retStatus = WEXITSTATUS(rc)(((rc) & 0xff00) >> 8); | |||
5361 | } | |||
5362 | PKM_Error("Child misbehaved.\n"); | |||
5363 | printf("Child return status : %d.\n", retStatus & 255); | |||
5364 | crv = CKR_DEVICE_ERROR0x00000030UL; | |||
5365 | } | |||
5366 | break; | |||
5367 | } | |||
5368 | #endif | |||
5369 | return crv; | |||
5370 | } |