File: | s/cmd/pk11mode/pk11mode.c |
Warning: | line 2952, column 5 Value stored to 'crv' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* |
2 | * pk11mode.c - Test FIPS or NONFIPS Modes for the NSS PKCS11 api. |
3 | * The goal of this program is to test every function |
4 | * entry point of the PKCS11 api at least once. |
5 | * To test in FIPS mode: pk11mode |
6 | * To test in NONFIPS mode: pk11mode -n |
7 | * usage: pk11mode -h |
8 | * |
9 | * This Source Code Form is subject to the terms of the Mozilla Public |
10 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
11 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
12 | |
13 | #include <assert.h> |
14 | #include <stdio.h> |
15 | #include <stdlib.h> |
16 | #include <string.h> |
17 | #include <stdarg.h> |
18 | |
19 | #if defined(XP_UNIX1) && defined(DO_FORK_CHECK) |
20 | #include <unistd.h> |
21 | #include <sys/wait.h> |
22 | #else |
23 | #ifndef NO_FORK_CHECK |
24 | #define NO_FORK_CHECK |
25 | #endif |
26 | #endif |
27 | |
28 | #ifdef _WIN32 |
29 | #include <windows.h> |
30 | #define LIB_NAME "softokn3.dll" |
31 | #endif |
32 | #include "prlink.h" |
33 | #include "prprf.h" |
34 | #include "plgetopt.h" |
35 | #include "prenv.h" |
36 | |
37 | #include "pk11table.h" |
38 | |
39 | #define NUM_ELEM(array)(sizeof(array) / sizeof(array[0])) (sizeof(array) / sizeof(array[0])) |
40 | |
41 | #ifndef NULL_PTR0 |
42 | #define NULL_PTR0 0 |
43 | #endif |
44 | |
45 | /* Returns constant error string for "CRV". |
46 | * Returns "unknown error" if errNum is unknown. |
47 | */ |
48 | const char * |
49 | PKM_CK_RVtoStr(CK_RV errNum) |
50 | { |
51 | const char *err; |
52 | |
53 | err = getName(errNum, ConstResult); |
54 | |
55 | if (err) |
56 | return err; |
57 | |
58 | return "unknown error"; |
59 | } |
60 | |
61 | #include "pkcs11p.h" |
62 | |
63 | typedef struct CK_C_INITIALIZE_ARGS_NSS { |
64 | CK_CREATEMUTEX CreateMutex; |
65 | CK_DESTROYMUTEX DestroyMutex; |
66 | CK_LOCKMUTEX LockMutex; |
67 | CK_UNLOCKMUTEX UnlockMutex; |
68 | CK_FLAGS flags; |
69 | /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but |
70 | * a reserved field. NSS needs a way to pass instance-specific information |
71 | * to the library (like where to find its config files, etc). This |
72 | * information is usually provided by the installer and passed uninterpreted |
73 | * by NSS to the library, though NSS does know the specifics of the softoken |
74 | * version of this parameter. Most compliant PKCS#11 modules expect this |
75 | * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from |
76 | * C_Initialize if Library parameters is supplied. */ |
77 | CK_CHAR_PTR *LibraryParameters; |
78 | /* This field is only present if the LibraryParameters is not NULL. It must |
79 | * be NULL in all cases */ |
80 | CK_VOID_PTR pReserved; |
81 | } CK_C_INITIALIZE_ARGS_NSS; |
82 | |
83 | #include "pkcs11u.h" |
84 | |
85 | #define MAX_SIG_SZ128 128 |
86 | #define MAX_CIPHER_SZ128 128 |
87 | #define MAX_DATA_SZ64 64 |
88 | #define MAX_DIGEST_SZ64 64 |
89 | #define HMAC_MAX_LENGTH64 64 |
90 | #define FIPSMODE0 0 |
91 | #define NONFIPSMODE1 1 |
92 | #define HYBRIDMODE2 2 |
93 | #define NOMODE3 3 |
94 | int MODE = FIPSMODE0; |
95 | |
96 | CK_BBOOL true = CK_TRUE1; |
97 | CK_BBOOL false = CK_FALSE0; |
98 | static const CK_BYTE PLAINTEXT[] = { "Firefox Rules!" }; |
99 | static const CK_BYTE PLAINTEXT_PAD[] = { "Firefox and thunderbird rule the world!" }; |
100 | CK_ULONG NUMTESTS = 0; |
101 | |
102 | static const char *slotFlagName[] = { |
103 | "CKF_TOKEN_PRESENT", |
104 | "CKF_REMOVABLE_DEVICE", |
105 | "CKF_HW_SLOT", |
106 | "unknown token flag 0x00000008", |
107 | "unknown token flag 0x00000010", |
108 | "unknown token flag 0x00000020", |
109 | "unknown token flag 0x00000040", |
110 | "unknown token flag 0x00000080", |
111 | "unknown token flag 0x00000100", |
112 | "unknown token flag 0x00000200", |
113 | "unknown token flag 0x00000400", |
114 | "unknown token flag 0x00000800", |
115 | "unknown token flag 0x00001000", |
116 | "unknown token flag 0x00002000", |
117 | "unknown token flag 0x00004000", |
118 | "unknown token flag 0x00008000" |
119 | "unknown token flag 0x00010000", |
120 | "unknown token flag 0x00020000", |
121 | "unknown token flag 0x00040000", |
122 | "unknown token flag 0x00080000", |
123 | "unknown token flag 0x00100000", |
124 | "unknown token flag 0x00200000", |
125 | "unknown token flag 0x00400000", |
126 | "unknown token flag 0x00800000" |
127 | "unknown token flag 0x01000000", |
128 | "unknown token flag 0x02000000", |
129 | "unknown token flag 0x04000000", |
130 | "unknown token flag 0x08000000", |
131 | "unknown token flag 0x10000000", |
132 | "unknown token flag 0x20000000", |
133 | "unknown token flag 0x40000000", |
134 | "unknown token flag 0x80000000" |
135 | }; |
136 | |
137 | static const char *tokenFlagName[] = { |
138 | "CKF_PKM_RNG", |
139 | "CKF_WRITE_PROTECTED", |
140 | "CKF_LOGIN_REQUIRED", |
141 | "CKF_USER_PIN_INITIALIZED", |
142 | "unknown token flag 0x00000010", |
143 | "CKF_RESTORE_KEY_NOT_NEEDED", |
144 | "CKF_CLOCK_ON_TOKEN", |
145 | "unknown token flag 0x00000080", |
146 | "CKF_PROTECTED_AUTHENTICATION_PATH", |
147 | "CKF_DUAL_CRYPTO_OPERATIONS", |
148 | "CKF_TOKEN_INITIALIZED", |
149 | "CKF_SECONDARY_AUTHENTICATION", |
150 | "unknown token flag 0x00001000", |
151 | "unknown token flag 0x00002000", |
152 | "unknown token flag 0x00004000", |
153 | "unknown token flag 0x00008000", |
154 | "CKF_USER_PIN_COUNT_LOW", |
155 | "CKF_USER_PIN_FINAL_TRY", |
156 | "CKF_USER_PIN_LOCKED", |
157 | "CKF_USER_PIN_TO_BE_CHANGED", |
158 | "CKF_SO_PIN_COUNT_LOW", |
159 | "CKF_SO_PIN_FINAL_TRY", |
160 | "CKF_SO_PIN_LOCKED", |
161 | "CKF_SO_PIN_TO_BE_CHANGED", |
162 | "unknown token flag 0x01000000", |
163 | "unknown token flag 0x02000000", |
164 | "unknown token flag 0x04000000", |
165 | "unknown token flag 0x08000000", |
166 | "unknown token flag 0x10000000", |
167 | "unknown token flag 0x20000000", |
168 | "unknown token flag 0x40000000", |
169 | "unknown token flag 0x80000000" |
170 | }; |
171 | |
172 | static const unsigned char TLSClientRandom[] = { |
173 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
174 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
175 | 0x0d, 0x90, 0xbb, 0x5e, 0xc6, 0xe1, 0x3f, 0x71, |
176 | 0x0a, 0xa2, 0x70, 0x5a, 0x4f, 0xbc, 0x3f, 0x0d |
177 | }; |
178 | static const unsigned char TLSServerRandom[] = { |
179 | 0x00, 0x00, 0x1d, 0x4a, 0x7a, 0x0a, 0xa5, 0x01, |
180 | 0x8e, 0x79, 0x72, 0xde, 0x9e, 0x2f, 0x8a, 0x0d, |
181 | 0xed, 0xb2, 0x5d, 0xf1, 0x14, 0xc2, 0xc6, 0x66, |
182 | 0x95, 0x86, 0xb0, 0x0d, 0x87, 0x2a, 0x2a, 0xc9 |
183 | }; |
184 | |
185 | typedef enum { |
186 | CORRECT, |
187 | BOGUS_CLIENT_RANDOM, |
188 | BOGUS_CLIENT_RANDOM_LEN, |
189 | BOGUS_SERVER_RANDOM, |
190 | BOGUS_SERVER_RANDOM_LEN |
191 | } enum_random_t; |
192 | |
193 | void |
194 | dumpToHash64(const unsigned char *buf, unsigned int bufLen) |
195 | { |
196 | unsigned int i; |
197 | for (i = 0; i < bufLen; i += 8) { |
198 | if (i % 32 == 0) |
199 | printf("\n"); |
200 | printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,", |
201 | buf[i], buf[i + 1], buf[i + 2], buf[i + 3], |
202 | buf[i + 4], buf[i + 5], buf[i + 6], buf[i + 7]); |
203 | } |
204 | printf("\n"); |
205 | } |
206 | |
207 | #ifdef _WIN32 |
208 | HMODULE hModule; |
209 | #else |
210 | PRLibrary *lib; |
211 | #endif |
212 | |
213 | /* |
214 | * All api that belongs to pk11mode.c layer start with the prefix PKM_ |
215 | */ |
216 | void PKM_LogIt(const char *fmt, ...); |
217 | void PKM_Error(const char *fmt, ...); |
218 | CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList, |
219 | CK_ULONG slotID); |
220 | CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID); |
221 | CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList, |
222 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
223 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
224 | CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, |
225 | CK_SLOT_ID *pSlotList, CK_ULONG slotID); |
226 | CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, |
227 | CK_ULONG slotID); |
228 | CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList, |
229 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
230 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
231 | CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, |
232 | CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
233 | CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, |
234 | CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
235 | CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, |
236 | CK_C_INITIALIZE_ARGS_NSS *initArgs); |
237 | CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, |
238 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
239 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
240 | CK_RV PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList, |
241 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
242 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
243 | CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList, |
244 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
245 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
246 | CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList, |
247 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
248 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
249 | CK_RV PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList, |
250 | CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj, |
251 | CK_ATTRIBUTE_PTR expected_attrs, |
252 | CK_ULONG expected_attrs_count); |
253 | CK_RV PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, |
254 | CK_SESSION_HANDLE hSession, CK_MECHANISM_TYPE mechType, |
255 | CK_FLAGS flags, CK_BBOOL check_sizes, |
256 | CK_ULONG minkeysize, CK_ULONG maxkeysize); |
257 | CK_RV PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList, |
258 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
259 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, |
260 | CK_MECHANISM_TYPE mechType, enum_random_t rnd); |
261 | CK_RV PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList, |
262 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
263 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, |
264 | CK_MECHANISM_TYPE mechType, |
265 | enum_random_t rnd); |
266 | CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList, |
267 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
268 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen); |
269 | CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList, |
270 | CK_SESSION_HANDLE hRwSession, |
271 | CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey, |
272 | CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey, |
273 | CK_MECHANISM *cryptMech, |
274 | const CK_BYTE *pData, CK_ULONG pDataLen); |
275 | CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList, |
276 | CK_SESSION_HANDLE hSession, |
277 | CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech, |
278 | CK_OBJECT_HANDLE hSecKeyDigest, |
279 | CK_MECHANISM *digestMech, |
280 | const CK_BYTE *pData, CK_ULONG pDataLen); |
281 | CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList, |
282 | CK_SESSION_HANDLE hRwSession, |
283 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, |
284 | CK_MECHANISM *signMech, const CK_BYTE *pData, |
285 | CK_ULONG dataLen); |
286 | CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList, |
287 | CK_SESSION_HANDLE hSession, |
288 | CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech, |
289 | const CK_BYTE *pData, CK_ULONG dataLen); |
290 | CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, |
291 | CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech, |
292 | const CK_BYTE *pData, CK_ULONG pDataLen); |
293 | CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList, |
294 | CK_SESSION_HANDLE hRwSession, |
295 | CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey, |
296 | const CK_BYTE *pData, CK_ULONG pDataLen); |
297 | CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList, |
298 | CK_SESSION_HANDLE hSession, |
299 | CK_OBJECT_HANDLE hPublicKey, |
300 | CK_OBJECT_HANDLE hPrivateKey, |
301 | CK_MECHANISM *wrapMechanism, |
302 | CK_OBJECT_HANDLE hSecretKey, |
303 | CK_ATTRIBUTE *sKeyTemplate, |
304 | CK_ULONG skeyTempSize); |
305 | CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList, |
306 | CK_SESSION_HANDLE hSession, |
307 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, |
308 | CK_MECHANISM *signMech, const CK_BYTE *pData, |
309 | CK_ULONG pDataLen); |
310 | CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList, |
311 | PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs); |
312 | |
313 | void PKM_Help(); |
314 | void PKM_CheckPath(char *string); |
315 | char *PKM_FilePasswd(char *pwFile); |
316 | static PRBool verbose = PR_FALSE0; |
317 | |
318 | int |
319 | main(int argc, char **argv) |
320 | { |
321 | CK_C_GetFunctionList pC_GetFunctionList; |
322 | CK_FUNCTION_LIST_PTR pFunctionList; |
323 | CK_RV crv = CKR_OK0x00000000UL; |
324 | CK_C_INITIALIZE_ARGS_NSS initArgs; |
325 | CK_C_INITIALIZE_ARGS_NSS initArgsRerun; /* rerun selftests */ |
326 | CK_SLOT_ID *pSlotList = NULL((void*)0); |
327 | CK_TOKEN_INFO tokenInfo; |
328 | CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */ |
329 | |
330 | CK_UTF8CHAR *pwd = NULL((void*)0); |
331 | CK_ULONG pwdLen = 0; |
332 | char *moduleSpec = NULL((void*)0); |
333 | char *moduleSpecRerun = NULL((void*)0); |
334 | char *configDir = NULL((void*)0); |
335 | char *dbPrefix = NULL((void*)0); |
336 | char *disableUnload = NULL((void*)0); |
337 | PRBool doForkTests = PR_TRUE1; |
338 | |
339 | PLOptStatus os; |
340 | PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:"); |
341 | while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) { |
342 | if (PL_OPT_BAD == os) |
343 | continue; |
344 | switch (opt->option) { |
345 | case 'F': /* disable fork tests */ |
346 | doForkTests = PR_FALSE0; |
347 | break; |
348 | case 'n': /* non fips mode */ |
349 | MODE = NONFIPSMODE1; |
350 | slotID = 1; |
351 | break; |
352 | case 'f': /* password file */ |
353 | pwd = (CK_UTF8CHAR *)PKM_FilePasswd((char *)opt->value); |
354 | if (!pwd) |
355 | PKM_Help(); |
356 | break; |
357 | case 'd': /* opt_CertDir */ |
358 | if (!opt->value) |
359 | PKM_Help(); |
360 | configDir = strdup(opt->value); |
361 | PKM_CheckPath(configDir); |
362 | break; |
363 | case 'p': /* opt_DBPrefix */ |
364 | if (!opt->value) |
365 | PKM_Help(); |
366 | dbPrefix = strdup(opt->value); |
367 | break; |
368 | case 'v': |
369 | verbose = PR_TRUE1; |
370 | break; |
371 | case 'h': /* help message */ |
372 | default: |
373 | PKM_Help(); |
374 | break; |
375 | } |
376 | } |
377 | PL_DestroyOptState(opt); |
378 | |
379 | if (!pwd) { |
380 | pwd = (CK_UTF8CHAR *)strdup("1Mozilla"); |
381 | } |
382 | pwdLen = strlen((const char *)pwd); |
383 | if (!configDir) { |
384 | configDir = strdup("."); |
385 | } |
386 | if (!dbPrefix) { |
387 | dbPrefix = strdup(""); |
388 | } |
389 | |
390 | if (doForkTests) { |
391 | /* first, try to fork without softoken loaded to make sure |
392 | * everything is OK */ |
393 | crv = PKM_ForkCheck(123, NULL((void*)0), PR_FALSE0, NULL((void*)0)); |
394 | if (crv != CKR_OK0x00000000UL) |
395 | goto cleanup; |
396 | } |
397 | |
398 | #ifdef _WIN32 |
399 | hModule = LoadLibrary(LIB_NAME); |
400 | if (hModule == NULL((void*)0)) { |
401 | PKM_Error("cannot load %s\n", LIB_NAME); |
402 | goto cleanup; |
403 | } |
404 | if (MODE == FIPSMODE0) { |
405 | /* FIPS mode == FC_GetFunctionList */ |
406 | pC_GetFunctionList = (CK_C_GetFunctionList) |
407 | GetProcAddress(hModule, "FC_GetFunctionList"); |
408 | } else { |
409 | /* NON FIPS mode == C_GetFunctionList */ |
410 | pC_GetFunctionList = (CK_C_GetFunctionList) |
411 | GetProcAddress(hModule, "C_GetFunctionList"); |
412 | } |
413 | if (pC_GetFunctionList == NULL((void*)0)) { |
414 | PKM_Error("cannot load %s\n", LIB_NAME); |
415 | goto cleanup; |
416 | } |
417 | #else |
418 | { |
419 | char *libname = NULL((void*)0); |
420 | /* Get the platform-dependent library name of the NSS cryptographic module */ |
421 | libname = PR_GetLibraryName(NULL((void*)0), "softokn3"); |
422 | assert(libname != NULL)((libname != ((void*)0)) ? (void) (0) : __assert_fail ("libname != NULL" , "pk11mode.c", 422, __extension__ __PRETTY_FUNCTION__)); |
423 | lib = PR_LoadLibrary(libname); |
424 | assert(lib != NULL)((lib != ((void*)0)) ? (void) (0) : __assert_fail ("lib != NULL" , "pk11mode.c", 424, __extension__ __PRETTY_FUNCTION__)); |
425 | PR_FreeLibraryName(libname); |
426 | } |
427 | if (MODE == FIPSMODE0) { |
428 | pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, |
429 | "FC_GetFunctionList"); |
430 | assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pC_GetFunctionList != NULL", "pk11mode.c", 430, __extension__ __PRETTY_FUNCTION__)); |
431 | slotID = 0; |
432 | } else { |
433 | pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, |
434 | "C_GetFunctionList"); |
435 | assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pC_GetFunctionList != NULL", "pk11mode.c", 435, __extension__ __PRETTY_FUNCTION__)); |
436 | slotID = 1; |
437 | } |
438 | #endif |
439 | |
440 | if (MODE == FIPSMODE0) { |
441 | printf("Loaded FC_GetFunctionList for FIPS MODE; slotID %d \n", |
442 | (int)slotID); |
443 | } else { |
444 | printf("loaded C_GetFunctionList for NON FIPS MODE; slotID %d \n", |
445 | (int)slotID); |
446 | } |
447 | |
448 | crv = (*pC_GetFunctionList)(&pFunctionList); |
449 | assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK" , "pk11mode.c", 449, __extension__ __PRETTY_FUNCTION__)); |
450 | |
451 | if (doForkTests) { |
452 | /* now, try to fork with softoken loaded, but not initialized */ |
453 | crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED0x00000190UL, pFunctionList, |
454 | PR_TRUE1, NULL((void*)0)); |
455 | if (crv != CKR_OK0x00000000UL) |
456 | goto cleanup; |
457 | } |
458 | |
459 | initArgs.CreateMutex = NULL((void*)0); |
460 | initArgs.DestroyMutex = NULL((void*)0); |
461 | initArgs.LockMutex = NULL((void*)0); |
462 | initArgs.UnlockMutex = NULL((void*)0); |
463 | initArgs.flags = CKF_OS_LOCKING_OK0x00000002UL; |
464 | moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' " |
465 | "keyPrefix='%s' secmod='secmod.db' flags= ", |
466 | configDir, dbPrefix, dbPrefix); |
467 | moduleSpecRerun = PR_smprintf("configdir='%s' certPrefix='%s' " |
468 | "keyPrefix='%s' secmod='secmod.db' flags=forcePOST ", |
469 | configDir, dbPrefix, dbPrefix); |
470 | initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec; |
471 | initArgs.pReserved = NULL((void*)0); |
472 | initArgsRerun = initArgs; |
473 | initArgsRerun.LibraryParameters = (CK_CHAR_PTR *)moduleSpecRerun; |
474 | |
475 | /*DebugBreak();*/ |
476 | /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */ |
477 | /* NSS cryptographic module library initialization for the FIPS */ |
478 | /* Approved mode when FC_Initialize is envoked will perfom */ |
479 | /* software integrity test, and power-up self-tests before */ |
480 | /* FC_Initialize returns */ |
481 | crv = pFunctionList->C_Initialize(&initArgs); |
482 | if (crv == CKR_OK0x00000000UL) { |
483 | PKM_LogIt("C_Initialize succeeded\n"); |
484 | } else { |
485 | PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv, |
486 | PKM_CK_RVtoStr(crv)); |
487 | goto cleanup; |
488 | } |
489 | |
490 | if (doForkTests) { |
491 | /* Disable core on fork for this test, since we are testing the |
492 | * pathological case, and if enabled, the child process would dump |
493 | * core in C_GetTokenInfo . |
494 | * We can still differentiate the correct from incorrect behavior |
495 | * by the PKCS#11 return code. |
496 | */ |
497 | /* try to fork with softoken both loaded and initialized */ |
498 | crv = PKM_ForkCheck(CKR_DEVICE_ERROR0x00000030UL, pFunctionList, PR_FALSE0, NULL((void*)0)); |
499 | if (crv != CKR_OK0x00000000UL) |
500 | goto cleanup; |
501 | } |
502 | |
503 | if (doForkTests) { |
504 | /* In this next test, we fork and try to re-initialize softoken in |
505 | * the child. This should now work because softoken has the ability |
506 | * to hard reset. |
507 | */ |
508 | /* try to fork with softoken both loaded and initialized */ |
509 | crv = PKM_ForkCheck(CKR_OK0x00000000UL, pFunctionList, PR_TRUE1, &initArgs); |
510 | if (crv != CKR_OK0x00000000UL) |
511 | goto cleanup; |
512 | } |
513 | |
514 | crv = PKM_ShowInfo(pFunctionList, slotID); |
515 | if (crv == CKR_OK0x00000000UL) { |
516 | PKM_LogIt("PKM_ShowInfo succeeded\n"); |
517 | } else { |
518 | PKM_Error("PKM_ShowInfo failed with 0x%08X, %-26s\n", crv, |
519 | PKM_CK_RVtoStr(crv)); |
520 | goto cleanup; |
521 | } |
522 | pSlotList = PKM_GetSlotList(pFunctionList, slotID); |
523 | if (pSlotList == NULL((void*)0)) { |
524 | PKM_Error("PKM_GetSlotList failed with \n"); |
525 | goto cleanup; |
526 | } |
527 | crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo); |
528 | if (crv == CKR_OK0x00000000UL) { |
529 | PKM_LogIt("C_GetTokenInfo succeeded\n\n"); |
530 | } else { |
531 | PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv, |
532 | PKM_CK_RVtoStr(crv)); |
533 | goto cleanup; |
534 | } |
535 | |
536 | if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED0x00000008UL)) { |
537 | PKM_LogIt("Initing PW for DB\n"); |
538 | crv = PKM_InitPWforDB(pFunctionList, pSlotList, slotID, |
539 | pwd, pwdLen); |
540 | if (crv == CKR_OK0x00000000UL) { |
541 | PKM_LogIt("PKM_InitPWforDB succeeded\n\n"); |
542 | } else { |
543 | PKM_Error("PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv, |
544 | PKM_CK_RVtoStr(crv)); |
545 | goto cleanup; |
546 | } |
547 | } else { |
548 | PKM_LogIt("using existing DB\n"); |
549 | } |
550 | |
551 | /* general mechanism by token */ |
552 | crv = PKM_Mechanism(pFunctionList, pSlotList, slotID); |
553 | if (crv == CKR_OK0x00000000UL) { |
554 | PKM_LogIt("PKM_Mechanism succeeded\n\n"); |
555 | } else { |
556 | PKM_Error("PKM_Mechanism failed with 0x%08X, %-26s\n", crv, |
557 | PKM_CK_RVtoStr(crv)); |
558 | goto cleanup; |
559 | } |
560 | /* RNG example without Login */ |
561 | crv = PKM_RNG(pFunctionList, pSlotList, slotID); |
562 | if (crv == CKR_OK0x00000000UL) { |
563 | PKM_LogIt("PKM_RNG succeeded\n\n"); |
564 | } else { |
565 | PKM_Error("PKM_RNG failed with 0x%08X, %-26s\n", crv, |
566 | PKM_CK_RVtoStr(crv)); |
567 | goto cleanup; |
568 | } |
569 | |
570 | crv = PKM_SessionLogin(pFunctionList, pSlotList, slotID, |
571 | pwd, pwdLen); |
572 | if (crv == CKR_OK0x00000000UL) { |
573 | PKM_LogIt("PKM_SessionLogin succeeded\n\n"); |
574 | } else { |
575 | PKM_Error("PKM_SessionLogin failed with 0x%08X, %-26s\n", crv, |
576 | PKM_CK_RVtoStr(crv)); |
577 | goto cleanup; |
578 | } |
579 | |
580 | /* |
581 | * PKM_KeyTest creates RSA,DSA public keys |
582 | * and AES, DES3 secret keys. |
583 | * then does digest, hmac, encrypt/decrypt, signing operations. |
584 | */ |
585 | crv = PKM_KeyTests(pFunctionList, pSlotList, slotID, |
586 | pwd, pwdLen); |
587 | if (crv == CKR_OK0x00000000UL) { |
588 | PKM_LogIt("PKM_KeyTests succeeded\n\n"); |
589 | } else { |
590 | PKM_Error("PKM_KeyTest failed with 0x%08X, %-26s\n", crv, |
591 | PKM_CK_RVtoStr(crv)); |
592 | goto cleanup; |
593 | } |
594 | |
595 | crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd, |
596 | pwdLen); |
597 | if (crv == CKR_OK0x00000000UL) { |
598 | PKM_LogIt("PKM_SecretKey succeeded\n\n"); |
599 | } else { |
600 | PKM_Error("PKM_SecretKey failed with 0x%08X, %-26s\n", crv, |
601 | PKM_CK_RVtoStr(crv)); |
602 | goto cleanup; |
603 | } |
604 | |
605 | crv = PKM_PublicKey(pFunctionList, pSlotList, slotID, |
606 | pwd, pwdLen); |
607 | if (crv == CKR_OK0x00000000UL) { |
608 | PKM_LogIt("PKM_PublicKey succeeded\n\n"); |
609 | } else { |
610 | PKM_Error("PKM_PublicKey failed with 0x%08X, %-26s\n", crv, |
611 | PKM_CK_RVtoStr(crv)); |
612 | goto cleanup; |
613 | } |
614 | crv = PKM_OperationalState(pFunctionList, pSlotList, slotID, |
615 | pwd, pwdLen); |
616 | if (crv == CKR_OK0x00000000UL) { |
617 | PKM_LogIt("PKM_OperationalState succeeded\n\n"); |
618 | } else { |
619 | PKM_Error("PKM_OperationalState failed with 0x%08X, %-26s\n", crv, |
620 | PKM_CK_RVtoStr(crv)); |
621 | goto cleanup; |
622 | } |
623 | crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID, |
624 | pwd, pwdLen); |
625 | if (crv == CKR_OK0x00000000UL) { |
626 | PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n"); |
627 | } else { |
628 | PKM_Error("PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv, |
629 | PKM_CK_RVtoStr(crv)); |
630 | goto cleanup; |
631 | } |
632 | crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID, |
633 | pwd, pwdLen); |
634 | if (crv == CKR_OK0x00000000UL) { |
635 | PKM_LogIt("PKM_LegacyFunctions succeeded\n\n"); |
636 | } else { |
637 | PKM_Error("PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv, |
638 | PKM_CK_RVtoStr(crv)); |
639 | goto cleanup; |
640 | } |
641 | crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID, |
642 | pwd, pwdLen, |
643 | CKM_TLS_KEY_AND_MAC_DERIVE0x00000376UL, CORRECT); |
644 | |
645 | if (crv == CKR_OK0x00000000UL) { |
646 | PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n"); |
647 | } else { |
648 | PKM_Error("PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv, |
649 | PKM_CK_RVtoStr(crv)); |
650 | goto cleanup; |
651 | } |
652 | crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID, |
653 | pwd, pwdLen, |
654 | CKM_TLS_MASTER_KEY_DERIVE0x00000375UL, |
655 | CORRECT); |
656 | if (crv == CKR_OK0x00000000UL) { |
657 | PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n"); |
658 | } else { |
659 | PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv, |
660 | PKM_CK_RVtoStr(crv)); |
661 | goto cleanup; |
662 | } |
663 | crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID, |
664 | pwd, pwdLen, |
665 | CKM_TLS_MASTER_KEY_DERIVE_DH0x00000377UL, |
666 | CORRECT); |
667 | if (crv == CKR_OK0x00000000UL) { |
668 | PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n"); |
669 | } else { |
670 | PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv, |
671 | PKM_CK_RVtoStr(crv)); |
672 | goto cleanup; |
673 | } |
674 | crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID, |
675 | pwd, pwdLen); |
676 | if (crv == CKR_OK0x00000000UL) { |
677 | PKM_LogIt("PKM_FindAllObjects succeeded\n\n"); |
678 | } else { |
679 | PKM_Error("PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv, |
680 | PKM_CK_RVtoStr(crv)); |
681 | goto cleanup; |
682 | } |
683 | crv = pFunctionList->C_Finalize(NULL((void*)0)); |
684 | if (crv == CKR_OK0x00000000UL) { |
685 | PKM_LogIt("C_Finalize succeeded\n"); |
686 | } else { |
687 | PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv, |
688 | PKM_CK_RVtoStr(crv)); |
689 | goto cleanup; |
690 | } |
691 | |
692 | if (doForkTests) { |
693 | /* try to fork with softoken still loaded, but de-initialized */ |
694 | crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED0x00000190UL, pFunctionList, |
695 | PR_TRUE1, NULL((void*)0)); |
696 | if (crv != CKR_OK0x00000000UL) |
697 | goto cleanup; |
698 | } |
699 | |
700 | free(pSlotList); |
701 | |
702 | /* demonstrate how an application can be in Hybrid mode */ |
703 | /* PKM_HybridMode shows how to switch between NONFIPS */ |
704 | /* mode to FIPS mode */ |
705 | |
706 | PKM_LogIt("Testing Hybrid mode \n"); |
707 | crv = PKM_HybridMode(pwd, pwdLen, &initArgs); |
708 | if (crv == CKR_OK0x00000000UL) { |
709 | PKM_LogIt("PKM_HybridMode succeeded\n"); |
710 | } else { |
711 | PKM_Error("PKM_HybridMode failed with 0x%08X, %-26s\n", crv, |
712 | PKM_CK_RVtoStr(crv)); |
713 | goto cleanup; |
714 | } |
715 | |
716 | if (doForkTests) { |
717 | /* testing one more C_Initialize / C_Finalize to exercise getpid() |
718 | * fork check code */ |
719 | crv = pFunctionList->C_Initialize(&initArgsRerun); |
720 | if (crv == CKR_OK0x00000000UL) { |
721 | PKM_LogIt("C_Initialize succeeded\n"); |
722 | } else { |
723 | PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv, |
724 | PKM_CK_RVtoStr(crv)); |
725 | goto cleanup; |
726 | } |
727 | crv = pFunctionList->C_Finalize(NULL((void*)0)); |
728 | if (crv == CKR_OK0x00000000UL) { |
729 | PKM_LogIt("C_Finalize succeeded\n"); |
730 | } else { |
731 | PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv, |
732 | PKM_CK_RVtoStr(crv)); |
733 | goto cleanup; |
734 | } |
735 | /* try to C_Initialize / C_Finalize in child. This should succeed */ |
736 | crv = PKM_ForkCheck(CKR_OK0x00000000UL, pFunctionList, PR_TRUE1, &initArgs); |
737 | } |
738 | |
739 | PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n"); |
740 | |
741 | cleanup: |
742 | |
743 | if (pwd) { |
744 | free(pwd); |
745 | } |
746 | if (configDir) { |
747 | free(configDir); |
748 | } |
749 | if (dbPrefix) { |
750 | free(dbPrefix); |
751 | } |
752 | if (moduleSpec) { |
753 | PR_smprintf_free(moduleSpec); |
754 | } |
755 | if (moduleSpecRerun) { |
756 | PR_smprintf_free(moduleSpecRerun); |
757 | } |
758 | |
759 | #ifdef _WIN32 |
760 | FreeLibrary(hModule); |
761 | #else |
762 | disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); |
763 | if (!disableUnload) { |
764 | PR_UnloadLibrary(lib); |
765 | } |
766 | #endif |
767 | if (CKR_OK0x00000000UL == crv && doForkTests && !disableUnload) { |
768 | /* try to fork with softoken both de-initialized and unloaded */ |
769 | crv = PKM_ForkCheck(123, NULL((void*)0), PR_TRUE1, NULL((void*)0)); |
770 | } |
771 | |
772 | printf("**** Total number of TESTS ran in %s is %d. ****\n", |
773 | ((MODE == FIPSMODE0) ? "FIPS MODE" : "NON FIPS MODE"), (int)NUMTESTS); |
774 | if (CKR_OK0x00000000UL == crv) { |
775 | printf("**** ALL TESTS PASSED ****\n"); |
776 | } |
777 | |
778 | return crv; |
779 | } |
780 | |
781 | /* |
782 | * PKM_KeyTests |
783 | * |
784 | * |
785 | */ |
786 | |
787 | CK_RV |
788 | PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList, |
789 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
790 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
791 | { |
792 | CK_SESSION_HANDLE hRwSession; |
793 | |
794 | CK_RV crv = CKR_OK0x00000000UL; |
795 | |
796 | /*** DSA Key ***/ |
797 | CK_MECHANISM dsaParamGenMech; |
798 | CK_ULONG primeBits = 1024; |
799 | CK_ATTRIBUTE dsaParamGenTemplate[1]; |
800 | CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE0; |
801 | CK_BYTE DSA_P[128]; |
802 | CK_BYTE DSA_Q[20]; |
803 | CK_BYTE DSA_G[128]; |
804 | CK_MECHANISM dsaKeyPairGenMech; |
805 | CK_ATTRIBUTE dsaPubKeyTemplate[5]; |
806 | CK_ATTRIBUTE dsaPrivKeyTemplate[5]; |
807 | CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE0; |
808 | CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE0; |
809 | |
810 | /**** RSA Key ***/ |
811 | CK_KEY_TYPE rsatype = CKK_RSA0x00000000UL; |
812 | CK_MECHANISM rsaKeyPairGenMech; |
813 | CK_BYTE subject[] = { "RSA Private Key" }; |
814 | CK_ULONG modulusBits = 1024; |
815 | CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 }; |
816 | CK_BYTE id[] = { "RSA123" }; |
817 | CK_ATTRIBUTE rsaPubKeyTemplate[9]; |
818 | CK_ATTRIBUTE rsaPrivKeyTemplate[11]; |
819 | CK_OBJECT_HANDLE hRSApubKey = CK_INVALID_HANDLE0; |
820 | CK_OBJECT_HANDLE hRSAprivKey = CK_INVALID_HANDLE0; |
821 | |
822 | /*** AES Key ***/ |
823 | CK_MECHANISM sAESKeyMech = { |
824 | CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0 |
825 | }; |
826 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; |
827 | CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL; |
828 | CK_UTF8CHAR AESlabel[] = "An AES secret key object"; |
829 | CK_ULONG AESvalueLen = 32; |
830 | CK_ATTRIBUTE sAESKeyTemplate[9]; |
831 | CK_OBJECT_HANDLE hAESSecKey; |
832 | |
833 | /*** DES3 Key ***/ |
834 | CK_KEY_TYPE keyDES3Type = CKK_DES30x00000015UL; |
835 | CK_UTF8CHAR DES3label[] = "An Triple DES secret key object"; |
836 | CK_ULONG DES3valueLen = 56; |
837 | CK_MECHANISM sDES3KeyGenMechanism = { |
838 | CKM_DES3_KEY_GEN0x00000131UL, NULL((void*)0), 0 |
839 | }; |
840 | CK_ATTRIBUTE sDES3KeyTemplate[9]; |
841 | CK_OBJECT_HANDLE hDES3SecKey; |
842 | |
843 | CK_MECHANISM dsaWithSha1Mech = { |
844 | CKM_DSA_SHA10x00000012UL, NULL((void*)0), 0 |
845 | }; |
846 | |
847 | CK_BYTE IV[16]; |
848 | CK_MECHANISM mech_DES3_CBC; |
849 | CK_MECHANISM mech_DES3_CBC_PAD; |
850 | CK_MECHANISM mech_AES_CBC_PAD; |
851 | CK_MECHANISM mech_AES_CBC; |
852 | struct mech_str { |
853 | CK_ULONG mechanism; |
854 | const char *mechanismStr; |
855 | }; |
856 | |
857 | typedef struct mech_str mech_str; |
858 | |
859 | mech_str digestMechs[] = { |
860 | { CKM_SHA_10x00000220UL, "CKM_SHA_1 " }, |
861 | { CKM_SHA2240x00000255UL, "CKM_SHA224" }, |
862 | { CKM_SHA2560x00000250UL, "CKM_SHA256" }, |
863 | { CKM_SHA3840x00000260UL, "CKM_SHA384" }, |
864 | { CKM_SHA5120x00000270UL, "CKM_SHA512" } |
865 | }; |
866 | mech_str hmacMechs[] = { |
867 | { CKM_SHA_1_HMAC0x00000221UL, "CKM_SHA_1_HMAC" }, |
868 | { CKM_SHA224_HMAC0x00000256UL, "CKM_SHA224_HMAC" }, |
869 | { CKM_SHA256_HMAC0x00000251UL, "CKM_SHA256_HMAC" }, |
870 | { CKM_SHA384_HMAC0x00000261UL, "CKM_SHA384_HMAC" }, |
871 | { CKM_SHA512_HMAC0x00000271UL, "CKM_SHA512_HMAC" } |
872 | }; |
873 | mech_str sigRSAMechs[] = { |
874 | { CKM_SHA1_RSA_PKCS0x00000006UL, "CKM_SHA1_RSA_PKCS" }, |
875 | { CKM_SHA224_RSA_PKCS0x00000046UL, "CKM_SHA224_RSA_PKCS" }, |
876 | { CKM_SHA256_RSA_PKCS0x00000040UL, "CKM_SHA256_RSA_PKCS" }, |
877 | { CKM_SHA384_RSA_PKCS0x00000041UL, "CKM_SHA384_RSA_PKCS" }, |
878 | { CKM_SHA512_RSA_PKCS0x00000042UL, "CKM_SHA512_RSA_PKCS" } |
879 | }; |
880 | |
881 | CK_ULONG digestMechsSZ = NUM_ELEM(digestMechs)(sizeof(digestMechs) / sizeof(digestMechs[0])); |
882 | CK_ULONG sigRSAMechsSZ = NUM_ELEM(sigRSAMechs)(sizeof(sigRSAMechs) / sizeof(sigRSAMechs[0])); |
883 | CK_ULONG hmacMechsSZ = NUM_ELEM(hmacMechs)(sizeof(hmacMechs) / sizeof(hmacMechs[0])); |
884 | CK_MECHANISM mech; |
885 | |
886 | unsigned int i; |
887 | |
888 | NUMTESTS++; /* increment NUMTESTS */ |
889 | |
890 | /* DSA key init */ |
891 | dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN0x00002000UL; |
892 | dsaParamGenMech.pParameter = NULL_PTR0; |
893 | dsaParamGenMech.ulParameterLen = 0; |
894 | dsaParamGenTemplate[0].type = CKA_PRIME_BITS0x00000133UL; |
895 | dsaParamGenTemplate[0].pValue = &primeBits; |
896 | dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits); |
897 | dsaPubKeyTemplate[0].type = CKA_PRIME0x00000130UL; |
898 | dsaPubKeyTemplate[0].pValue = DSA_P; |
899 | dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P); |
900 | dsaPubKeyTemplate[1].type = CKA_SUBPRIME0x00000131UL; |
901 | dsaPubKeyTemplate[1].pValue = DSA_Q; |
902 | dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q); |
903 | dsaPubKeyTemplate[2].type = CKA_BASE0x00000132UL; |
904 | dsaPubKeyTemplate[2].pValue = DSA_G; |
905 | dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G); |
906 | dsaPubKeyTemplate[3].type = CKA_TOKEN0x00000001UL; |
907 | dsaPubKeyTemplate[3].pValue = &true; |
908 | dsaPubKeyTemplate[3].ulValueLen = sizeof(true); |
909 | dsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL; |
910 | dsaPubKeyTemplate[4].pValue = &true; |
911 | dsaPubKeyTemplate[4].ulValueLen = sizeof(true); |
912 | dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN0x00000010UL; |
913 | dsaKeyPairGenMech.pParameter = NULL_PTR0; |
914 | dsaKeyPairGenMech.ulParameterLen = 0; |
915 | dsaPrivKeyTemplate[0].type = CKA_TOKEN0x00000001UL; |
916 | dsaPrivKeyTemplate[0].pValue = &true; |
917 | dsaPrivKeyTemplate[0].ulValueLen = sizeof(true); |
918 | dsaPrivKeyTemplate[1].type = CKA_PRIVATE0x00000002UL; |
919 | dsaPrivKeyTemplate[1].pValue = &true; |
920 | dsaPrivKeyTemplate[1].ulValueLen = sizeof(true); |
921 | dsaPrivKeyTemplate[2].type = CKA_SENSITIVE0x00000103UL; |
922 | dsaPrivKeyTemplate[2].pValue = &true; |
923 | dsaPrivKeyTemplate[2].ulValueLen = sizeof(true); |
924 | dsaPrivKeyTemplate[3].type = CKA_SIGN0x00000108UL, |
925 | dsaPrivKeyTemplate[3].pValue = &true; |
926 | dsaPrivKeyTemplate[3].ulValueLen = sizeof(true); |
927 | dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE0x00000162UL; |
928 | dsaPrivKeyTemplate[4].pValue = &true; |
929 | dsaPrivKeyTemplate[4].ulValueLen = sizeof(true); |
930 | |
931 | /* RSA key init */ |
932 | rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN0x00000000UL; |
933 | rsaKeyPairGenMech.pParameter = NULL_PTR0; |
934 | rsaKeyPairGenMech.ulParameterLen = 0; |
935 | |
936 | rsaPubKeyTemplate[0].type = CKA_KEY_TYPE0x00000100UL; |
937 | rsaPubKeyTemplate[0].pValue = &rsatype; |
938 | rsaPubKeyTemplate[0].ulValueLen = sizeof(rsatype); |
939 | rsaPubKeyTemplate[1].type = CKA_PRIVATE0x00000002UL; |
940 | rsaPubKeyTemplate[1].pValue = &true; |
941 | rsaPubKeyTemplate[1].ulValueLen = sizeof(true); |
942 | rsaPubKeyTemplate[2].type = CKA_ENCRYPT0x00000104UL; |
943 | rsaPubKeyTemplate[2].pValue = &true; |
944 | rsaPubKeyTemplate[2].ulValueLen = sizeof(true); |
945 | rsaPubKeyTemplate[3].type = CKA_DECRYPT0x00000105UL; |
946 | rsaPubKeyTemplate[3].pValue = &true; |
947 | rsaPubKeyTemplate[3].ulValueLen = sizeof(true); |
948 | rsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL; |
949 | rsaPubKeyTemplate[4].pValue = &true; |
950 | rsaPubKeyTemplate[4].ulValueLen = sizeof(true); |
951 | rsaPubKeyTemplate[5].type = CKA_SIGN0x00000108UL; |
952 | rsaPubKeyTemplate[5].pValue = &true; |
953 | rsaPubKeyTemplate[5].ulValueLen = sizeof(true); |
954 | rsaPubKeyTemplate[6].type = CKA_WRAP0x00000106UL; |
955 | rsaPubKeyTemplate[6].pValue = &true; |
956 | rsaPubKeyTemplate[6].ulValueLen = sizeof(true); |
957 | rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS0x00000121UL; |
958 | rsaPubKeyTemplate[7].pValue = &modulusBits; |
959 | rsaPubKeyTemplate[7].ulValueLen = sizeof(modulusBits); |
960 | rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT0x00000122UL; |
961 | rsaPubKeyTemplate[8].pValue = publicExponent; |
962 | rsaPubKeyTemplate[8].ulValueLen = sizeof(publicExponent); |
963 | |
964 | rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE0x00000100UL; |
965 | rsaPrivKeyTemplate[0].pValue = &rsatype; |
966 | rsaPrivKeyTemplate[0].ulValueLen = sizeof(rsatype); |
967 | rsaPrivKeyTemplate[1].type = CKA_TOKEN0x00000001UL; |
968 | rsaPrivKeyTemplate[1].pValue = &true; |
969 | rsaPrivKeyTemplate[1].ulValueLen = sizeof(true); |
970 | rsaPrivKeyTemplate[2].type = CKA_PRIVATE0x00000002UL; |
971 | rsaPrivKeyTemplate[2].pValue = &true; |
972 | rsaPrivKeyTemplate[2].ulValueLen = sizeof(true); |
973 | rsaPrivKeyTemplate[3].type = CKA_SUBJECT0x00000101UL; |
974 | rsaPrivKeyTemplate[3].pValue = subject; |
975 | rsaPrivKeyTemplate[3].ulValueLen = sizeof(subject); |
976 | rsaPrivKeyTemplate[4].type = CKA_ID0x00000102UL; |
977 | rsaPrivKeyTemplate[4].pValue = id; |
978 | rsaPrivKeyTemplate[4].ulValueLen = sizeof(id); |
979 | rsaPrivKeyTemplate[5].type = CKA_SENSITIVE0x00000103UL; |
980 | rsaPrivKeyTemplate[5].pValue = &true; |
981 | rsaPrivKeyTemplate[5].ulValueLen = sizeof(true); |
982 | rsaPrivKeyTemplate[6].type = CKA_ENCRYPT0x00000104UL; |
983 | rsaPrivKeyTemplate[6].pValue = &true; |
984 | rsaPrivKeyTemplate[6].ulValueLen = sizeof(true); |
985 | rsaPrivKeyTemplate[7].type = CKA_DECRYPT0x00000105UL; |
986 | rsaPrivKeyTemplate[7].pValue = &true; |
987 | rsaPrivKeyTemplate[7].ulValueLen = sizeof(true); |
988 | rsaPrivKeyTemplate[8].type = CKA_VERIFY0x0000010AUL; |
989 | rsaPrivKeyTemplate[8].pValue = &true; |
990 | rsaPrivKeyTemplate[8].ulValueLen = sizeof(true); |
991 | rsaPrivKeyTemplate[9].type = CKA_SIGN0x00000108UL; |
992 | rsaPrivKeyTemplate[9].pValue = &true; |
993 | rsaPrivKeyTemplate[9].ulValueLen = sizeof(true); |
994 | rsaPrivKeyTemplate[10].type = CKA_UNWRAP0x00000107UL; |
995 | rsaPrivKeyTemplate[10].pValue = &true; |
996 | rsaPrivKeyTemplate[10].ulValueLen = sizeof(true); |
997 | |
998 | /* AES key template */ |
999 | sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL; |
1000 | sAESKeyTemplate[0].pValue = &class; |
1001 | sAESKeyTemplate[0].ulValueLen = sizeof(class); |
1002 | sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; |
1003 | sAESKeyTemplate[1].pValue = &keyAESType; |
1004 | sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType); |
1005 | sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL; |
1006 | sAESKeyTemplate[2].pValue = AESlabel; |
1007 | sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1; |
1008 | sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; |
1009 | sAESKeyTemplate[3].pValue = &true; |
1010 | sAESKeyTemplate[3].ulValueLen = sizeof(true); |
1011 | sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL; |
1012 | sAESKeyTemplate[4].pValue = &true; |
1013 | sAESKeyTemplate[4].ulValueLen = sizeof(true); |
1014 | sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL; |
1015 | sAESKeyTemplate[5].pValue = &true; |
1016 | sAESKeyTemplate[5].ulValueLen = sizeof(true); |
1017 | sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL; |
1018 | sAESKeyTemplate[6].pValue = &true; |
1019 | sAESKeyTemplate[6].ulValueLen = sizeof(true); |
1020 | sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL; |
1021 | sAESKeyTemplate[7].pValue = &true; |
1022 | sAESKeyTemplate[7].ulValueLen = sizeof(true); |
1023 | sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; |
1024 | sAESKeyTemplate[8].pValue = &AESvalueLen; |
1025 | sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen); |
1026 | |
1027 | /* DES3 key template */ |
1028 | sDES3KeyTemplate[0].type = CKA_CLASS0x00000000UL; |
1029 | sDES3KeyTemplate[0].pValue = &class; |
1030 | sDES3KeyTemplate[0].ulValueLen = sizeof(class); |
1031 | sDES3KeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; |
1032 | sDES3KeyTemplate[1].pValue = &keyDES3Type; |
1033 | sDES3KeyTemplate[1].ulValueLen = sizeof(keyDES3Type); |
1034 | sDES3KeyTemplate[2].type = CKA_LABEL0x00000003UL; |
1035 | sDES3KeyTemplate[2].pValue = DES3label; |
1036 | sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label) - 1; |
1037 | sDES3KeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; |
1038 | sDES3KeyTemplate[3].pValue = &true; |
1039 | sDES3KeyTemplate[3].ulValueLen = sizeof(true); |
1040 | sDES3KeyTemplate[4].type = CKA_DECRYPT0x00000105UL; |
1041 | sDES3KeyTemplate[4].pValue = &true; |
1042 | sDES3KeyTemplate[4].ulValueLen = sizeof(true); |
1043 | sDES3KeyTemplate[5].type = CKA_UNWRAP0x00000107UL; |
1044 | sDES3KeyTemplate[5].pValue = &true; |
1045 | sDES3KeyTemplate[5].ulValueLen = sizeof(true); |
1046 | sDES3KeyTemplate[6].type = CKA_SIGN0x00000108UL, |
1047 | sDES3KeyTemplate[6].pValue = &true; |
1048 | sDES3KeyTemplate[6].ulValueLen = sizeof(true); |
1049 | sDES3KeyTemplate[7].type = CKA_VERIFY0x0000010AUL; |
1050 | sDES3KeyTemplate[7].pValue = &true; |
1051 | sDES3KeyTemplate[7].ulValueLen = sizeof(true); |
1052 | sDES3KeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; |
1053 | sDES3KeyTemplate[8].pValue = &DES3valueLen; |
1054 | sDES3KeyTemplate[8].ulValueLen = sizeof(DES3valueLen); |
1055 | |
1056 | /* mech init */ |
1057 | memset(IV, 0x01, sizeof(IV)); |
1058 | mech_DES3_CBC.mechanism = CKM_DES3_CBC0x00000133UL; |
1059 | mech_DES3_CBC.pParameter = IV; |
1060 | mech_DES3_CBC.ulParameterLen = sizeof(IV); |
1061 | mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD0x00000136UL; |
1062 | mech_DES3_CBC_PAD.pParameter = IV; |
1063 | mech_DES3_CBC_PAD.ulParameterLen = sizeof(IV); |
1064 | mech_AES_CBC.mechanism = CKM_AES_CBC0x00001082UL; |
1065 | mech_AES_CBC.pParameter = IV; |
1066 | mech_AES_CBC.ulParameterLen = sizeof(IV); |
1067 | mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD0x00001085UL; |
1068 | mech_AES_CBC_PAD.pParameter = IV; |
1069 | mech_AES_CBC_PAD.ulParameterLen = sizeof(IV); |
1070 | |
1071 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], |
1072 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, |
1073 | NULL((void*)0), NULL((void*)0), &hRwSession); |
1074 | if (crv == CKR_OK0x00000000UL) { |
1075 | PKM_LogIt("Opening a read/write session succeeded\n"); |
1076 | } else { |
1077 | PKM_Error("Opening a read/write session failed " |
1078 | "with 0x%08X, %-26s\n", |
1079 | crv, PKM_CK_RVtoStr(crv)); |
1080 | return crv; |
1081 | } |
1082 | |
1083 | if (MODE == FIPSMODE0) { |
1084 | crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech, |
1085 | sAESKeyTemplate, |
1086 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), |
1087 | &hAESSecKey); |
1088 | if (crv == CKR_OK0x00000000UL) { |
1089 | PKM_Error("C_GenerateKey succeeded when not logged in.\n"); |
1090 | return CKR_GENERAL_ERROR0x00000005UL; |
1091 | } else { |
1092 | PKM_LogIt("C_GenerateKey returned as EXPECTED with 0x%08X, %-26s\n" |
1093 | "since not logged in\n", |
1094 | crv, PKM_CK_RVtoStr(crv)); |
1095 | } |
1096 | crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech, |
1097 | rsaPubKeyTemplate, |
1098 | NUM_ELEM(rsaPubKeyTemplate)(sizeof(rsaPubKeyTemplate) / sizeof(rsaPubKeyTemplate[0])), |
1099 | rsaPrivKeyTemplate, |
1100 | NUM_ELEM(rsaPrivKeyTemplate)(sizeof(rsaPrivKeyTemplate) / sizeof(rsaPrivKeyTemplate[0])), |
1101 | &hRSApubKey, &hRSAprivKey); |
1102 | if (crv == CKR_OK0x00000000UL) { |
1103 | PKM_Error("C_GenerateKeyPair succeeded when not logged in.\n"); |
1104 | return CKR_GENERAL_ERROR0x00000005UL; |
1105 | } else { |
1106 | PKM_LogIt("C_GenerateKeyPair returned as EXPECTED with 0x%08X, " |
1107 | "%-26s\n since not logged in\n", |
1108 | crv, |
1109 | PKM_CK_RVtoStr(crv)); |
1110 | } |
1111 | } |
1112 | |
1113 | crv = pFunctionList->C_Login(hRwSession, CKU_USER1, pwd, pwdLen); |
1114 | if (crv == CKR_OK0x00000000UL) { |
1115 | PKM_LogIt("C_Login with correct password succeeded\n"); |
1116 | } else { |
1117 | PKM_Error("C_Login with correct password failed " |
1118 | "with 0x%08X, %-26s\n", |
1119 | crv, PKM_CK_RVtoStr(crv)); |
1120 | return crv; |
1121 | } |
1122 | |
1123 | PKM_LogIt("Generate an AES key ... \n"); |
1124 | /* generate an AES Secret Key */ |
1125 | crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech, |
1126 | sAESKeyTemplate, |
1127 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), |
1128 | &hAESSecKey); |
1129 | if (crv == CKR_OK0x00000000UL) { |
1130 | PKM_LogIt("C_GenerateKey AES succeeded\n"); |
1131 | } else { |
1132 | PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n", |
1133 | crv, PKM_CK_RVtoStr(crv)); |
1134 | return crv; |
1135 | } |
1136 | |
1137 | PKM_LogIt("Generate an 3DES key ...\n"); |
1138 | /* generate an 3DES Secret Key */ |
1139 | crv = pFunctionList->C_GenerateKey(hRwSession, &sDES3KeyGenMechanism, |
1140 | sDES3KeyTemplate, |
1141 | NUM_ELEM(sDES3KeyTemplate)(sizeof(sDES3KeyTemplate) / sizeof(sDES3KeyTemplate[0])), |
1142 | &hDES3SecKey); |
1143 | if (crv == CKR_OK0x00000000UL) { |
1144 | PKM_LogIt("C_GenerateKey DES3 succeeded\n"); |
1145 | } else { |
1146 | PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv, |
1147 | PKM_CK_RVtoStr(crv)); |
1148 | return crv; |
1149 | } |
1150 | |
1151 | PKM_LogIt("Generate DSA PQG domain parameters ... \n"); |
1152 | /* Generate DSA domain parameters PQG */ |
1153 | crv = pFunctionList->C_GenerateKey(hRwSession, &dsaParamGenMech, |
1154 | dsaParamGenTemplate, |
1155 | 1, |
1156 | &hDsaParams); |
1157 | if (crv == CKR_OK0x00000000UL) { |
1158 | PKM_LogIt("DSA domain parameter generation succeeded\n"); |
1159 | } else { |
1160 | PKM_Error("DSA domain parameter generation failed " |
1161 | "with 0x%08X, %-26s\n", |
1162 | crv, PKM_CK_RVtoStr(crv)); |
1163 | return crv; |
1164 | } |
1165 | crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams, |
1166 | dsaPubKeyTemplate, 3); |
1167 | if (crv == CKR_OK0x00000000UL) { |
1168 | PKM_LogIt("Getting DSA domain parameters succeeded\n"); |
1169 | } else { |
1170 | PKM_Error("Getting DSA domain parameters failed " |
1171 | "with 0x%08X, %-26s\n", |
1172 | crv, PKM_CK_RVtoStr(crv)); |
1173 | return crv; |
1174 | } |
1175 | crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams); |
1176 | if (crv == CKR_OK0x00000000UL) { |
1177 | PKM_LogIt("Destroying DSA domain parameters succeeded\n"); |
1178 | } else { |
1179 | PKM_Error("Destroying DSA domain parameters failed " |
1180 | "with 0x%08X, %-26s\n", |
1181 | crv, PKM_CK_RVtoStr(crv)); |
1182 | return crv; |
1183 | } |
1184 | |
1185 | PKM_LogIt("Generate a DSA key pair ... \n"); |
1186 | /* Generate a persistent DSA key pair */ |
1187 | crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech, |
1188 | dsaPubKeyTemplate, |
1189 | NUM_ELEM(dsaPubKeyTemplate)(sizeof(dsaPubKeyTemplate) / sizeof(dsaPubKeyTemplate[0])), |
1190 | dsaPrivKeyTemplate, |
1191 | NUM_ELEM(dsaPrivKeyTemplate)(sizeof(dsaPrivKeyTemplate) / sizeof(dsaPrivKeyTemplate[0])), |
1192 | &hDSApubKey, &hDSAprivKey); |
1193 | if (crv == CKR_OK0x00000000UL) { |
1194 | PKM_LogIt("DSA key pair generation succeeded\n"); |
1195 | } else { |
1196 | PKM_Error("DSA key pair generation failed " |
1197 | "with 0x%08X, %-26s\n", |
1198 | crv, PKM_CK_RVtoStr(crv)); |
1199 | return crv; |
1200 | } |
1201 | |
1202 | PKM_LogIt("Generate a RSA key pair ... \n"); |
1203 | /*** GEN RSA Key ***/ |
1204 | crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech, |
1205 | rsaPubKeyTemplate, |
1206 | NUM_ELEM(rsaPubKeyTemplate)(sizeof(rsaPubKeyTemplate) / sizeof(rsaPubKeyTemplate[0])), |
1207 | rsaPrivKeyTemplate, |
1208 | NUM_ELEM(rsaPrivKeyTemplate)(sizeof(rsaPrivKeyTemplate) / sizeof(rsaPrivKeyTemplate[0])), |
1209 | &hRSApubKey, &hRSAprivKey); |
1210 | if (crv == CKR_OK0x00000000UL) { |
1211 | PKM_LogIt("C_GenerateKeyPair created an RSA key pair. \n"); |
1212 | } else { |
1213 | PKM_Error("C_GenerateKeyPair failed to create an RSA key pair.\n" |
1214 | "with 0x%08X, %-26s\n", |
1215 | crv, PKM_CK_RVtoStr(crv)); |
1216 | return crv; |
1217 | } |
1218 | |
1219 | PKM_LogIt("**** Generation of keys completed ***** \n"); |
1220 | |
1221 | mech.mechanism = CKM_RSA_PKCS0x00000001UL; |
1222 | mech.pParameter = NULL((void*)0); |
1223 | mech.ulParameterLen = 0; |
1224 | |
1225 | crv = PKM_wrapUnwrap(pFunctionList, |
1226 | hRwSession, |
1227 | hRSApubKey, hRSAprivKey, |
1228 | &mech, |
1229 | hAESSecKey, |
1230 | sAESKeyTemplate, |
1231 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0]))); |
1232 | |
1233 | if (crv == CKR_OK0x00000000UL) { |
1234 | PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap AES key " |
1235 | "succeeded\n\n"); |
1236 | } else { |
1237 | PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap AES key failed " |
1238 | "with 0x%08X, %-26s\n", |
1239 | crv, |
1240 | PKM_CK_RVtoStr(crv)); |
1241 | return crv; |
1242 | } |
1243 | |
1244 | crv = PKM_wrapUnwrap(pFunctionList, |
1245 | hRwSession, |
1246 | hRSApubKey, hRSAprivKey, |
1247 | &mech, |
1248 | hDES3SecKey, |
1249 | sDES3KeyTemplate, |
1250 | NUM_ELEM(sDES3KeyTemplate)(sizeof(sDES3KeyTemplate) / sizeof(sDES3KeyTemplate[0]))); |
1251 | |
1252 | if (crv == CKR_OK0x00000000UL) { |
1253 | PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap DES3 key " |
1254 | "succeeded\n\n"); |
1255 | } else { |
1256 | PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap DES3 key " |
1257 | "failed with 0x%08X, %-26s\n", |
1258 | crv, |
1259 | PKM_CK_RVtoStr(crv)); |
1260 | return crv; |
1261 | } |
1262 | |
1263 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, |
1264 | hAESSecKey, &mech_AES_CBC_PAD, |
1265 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); |
1266 | if (crv == CKR_OK0x00000000UL) { |
1267 | PKM_LogIt("PKM_SecKeyCrypt succeeded \n\n"); |
1268 | } else { |
1269 | PKM_Error("PKM_SecKeyCrypt failed " |
1270 | "with 0x%08X, %-26s\n", |
1271 | crv, PKM_CK_RVtoStr(crv)); |
1272 | return crv; |
1273 | } |
1274 | |
1275 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, |
1276 | hAESSecKey, &mech_AES_CBC, |
1277 | PLAINTEXT, sizeof(PLAINTEXT)); |
1278 | if (crv == CKR_OK0x00000000UL) { |
1279 | PKM_LogIt("PKM_SecKeyCrypt AES succeeded \n\n"); |
1280 | } else { |
1281 | PKM_Error("PKM_SecKeyCrypt failed " |
1282 | "with 0x%08X, %-26s\n", |
1283 | crv, PKM_CK_RVtoStr(crv)); |
1284 | return crv; |
1285 | } |
1286 | |
1287 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, |
1288 | hDES3SecKey, &mech_DES3_CBC, |
1289 | PLAINTEXT, sizeof(PLAINTEXT)); |
1290 | if (crv == CKR_OK0x00000000UL) { |
1291 | PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n"); |
1292 | } else { |
1293 | PKM_Error("PKM_SecKeyCrypt DES3 failed " |
1294 | "with 0x%08X, %-26s\n", |
1295 | crv, PKM_CK_RVtoStr(crv)); |
1296 | return crv; |
1297 | } |
1298 | |
1299 | crv = PKM_SecKeyCrypt(pFunctionList, hRwSession, |
1300 | hDES3SecKey, &mech_DES3_CBC_PAD, |
1301 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); |
1302 | if (crv == CKR_OK0x00000000UL) { |
1303 | PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n\n"); |
1304 | } else { |
1305 | PKM_Error("PKM_SecKeyCrypt DES3 failed " |
1306 | "with 0x%08X, %-26s\n", |
1307 | crv, PKM_CK_RVtoStr(crv)); |
1308 | return crv; |
1309 | } |
1310 | |
1311 | mech.mechanism = CKM_RSA_PKCS0x00000001UL; |
1312 | crv = PKM_RecoverFunctions(pFunctionList, hRwSession, |
1313 | hRSApubKey, hRSAprivKey, |
1314 | &mech, |
1315 | PLAINTEXT, sizeof(PLAINTEXT)); |
1316 | if (crv == CKR_OK0x00000000UL) { |
1317 | PKM_LogIt("PKM_RecoverFunctions for CKM_RSA_PKCS succeeded\n\n"); |
1318 | } else { |
1319 | PKM_Error("PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv, |
1320 | PKM_CK_RVtoStr(crv)); |
1321 | return crv; |
1322 | } |
1323 | |
1324 | mech.pParameter = NULL((void*)0); |
1325 | mech.ulParameterLen = 0; |
1326 | |
1327 | for (i = 0; i < sigRSAMechsSZ; i++) { |
1328 | |
1329 | mech.mechanism = sigRSAMechs[i].mechanism; |
1330 | |
1331 | crv = PKM_PubKeySign(pFunctionList, hRwSession, |
1332 | hRSApubKey, hRSAprivKey, |
1333 | &mech, |
1334 | PLAINTEXT, sizeof(PLAINTEXT)); |
1335 | if (crv == CKR_OK0x00000000UL) { |
1336 | PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n", |
1337 | sigRSAMechs[i].mechanismStr); |
1338 | } else { |
1339 | PKM_Error("PKM_PubKeySign failed for %-10s " |
1340 | "with 0x%08X, %-26s\n", |
1341 | sigRSAMechs[i].mechanismStr, crv, |
1342 | PKM_CK_RVtoStr(crv)); |
1343 | return crv; |
1344 | } |
1345 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1346 | hRSApubKey, hRSAprivKey, |
1347 | &mech, |
1348 | hAESSecKey, &mech_AES_CBC, |
1349 | PLAINTEXT, sizeof(PLAINTEXT)); |
1350 | if (crv == CKR_OK0x00000000UL) { |
1351 | PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded " |
1352 | "for %-10s\n\n", |
1353 | sigRSAMechs[i].mechanismStr); |
1354 | } else { |
1355 | PKM_Error("PKM_DualFuncSign with AES secret key failed " |
1356 | "for %-10s " |
1357 | "with 0x%08X, %-26s\n", |
1358 | sigRSAMechs[i].mechanismStr, crv, |
1359 | PKM_CK_RVtoStr(crv)); |
1360 | return crv; |
1361 | } |
1362 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1363 | hRSApubKey, hRSAprivKey, |
1364 | &mech, |
1365 | hDES3SecKey, &mech_DES3_CBC, |
1366 | PLAINTEXT, sizeof(PLAINTEXT)); |
1367 | if (crv == CKR_OK0x00000000UL) { |
1368 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded " |
1369 | "for %-10s\n\n", |
1370 | sigRSAMechs[i].mechanismStr); |
1371 | } else { |
1372 | PKM_Error("PKM_DualFuncSign with DES3 secret key failed " |
1373 | "for %-10s " |
1374 | "with 0x%08X, %-26s\n", |
1375 | sigRSAMechs[i].mechanismStr, crv, |
1376 | PKM_CK_RVtoStr(crv)); |
1377 | return crv; |
1378 | } |
1379 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1380 | hRSApubKey, hRSAprivKey, |
1381 | &mech, |
1382 | hAESSecKey, &mech_AES_CBC_PAD, |
1383 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); |
1384 | if (crv == CKR_OK0x00000000UL) { |
1385 | PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD " |
1386 | "succeeded for %-10s\n\n", |
1387 | sigRSAMechs[i].mechanismStr); |
1388 | } else { |
1389 | PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD " |
1390 | "failed for %-10s " |
1391 | "with 0x%08X, %-26s\n", |
1392 | sigRSAMechs[i].mechanismStr, crv, |
1393 | PKM_CK_RVtoStr(crv)); |
1394 | return crv; |
1395 | } |
1396 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1397 | hRSApubKey, hRSAprivKey, |
1398 | &mech, |
1399 | hDES3SecKey, &mech_DES3_CBC_PAD, |
1400 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); |
1401 | if (crv == CKR_OK0x00000000UL) { |
1402 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD " |
1403 | "succeeded for %-10s\n\n", |
1404 | sigRSAMechs[i].mechanismStr); |
1405 | } else { |
1406 | PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD " |
1407 | "failed for %-10s " |
1408 | "with 0x%08X, %-26s\n", |
1409 | sigRSAMechs[i].mechanismStr, crv, |
1410 | PKM_CK_RVtoStr(crv)); |
1411 | return crv; |
1412 | } |
1413 | |
1414 | } /* end of RSA for loop */ |
1415 | |
1416 | crv = PKM_PubKeySign(pFunctionList, hRwSession, |
1417 | hDSApubKey, hDSAprivKey, |
1418 | &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT)); |
1419 | if (crv == CKR_OK0x00000000UL) { |
1420 | PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n"); |
1421 | } else { |
1422 | PKM_Error("PKM_PubKeySign failed " |
1423 | "with 0x%08X, %-26s\n", |
1424 | crv, PKM_CK_RVtoStr(crv)); |
1425 | return crv; |
1426 | } |
1427 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1428 | hDSApubKey, hDSAprivKey, |
1429 | &dsaWithSha1Mech, |
1430 | hAESSecKey, &mech_AES_CBC, |
1431 | PLAINTEXT, sizeof(PLAINTEXT)); |
1432 | if (crv == CKR_OK0x00000000UL) { |
1433 | PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded " |
1434 | "for DSAWithSHA1\n\n"); |
1435 | } else { |
1436 | PKM_Error("PKM_DualFuncSign with AES secret key failed " |
1437 | "for DSAWithSHA1 with 0x%08X, %-26s\n", |
1438 | crv, PKM_CK_RVtoStr(crv)); |
1439 | return crv; |
1440 | } |
1441 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1442 | hDSApubKey, hDSAprivKey, |
1443 | &dsaWithSha1Mech, |
1444 | hDES3SecKey, &mech_DES3_CBC, |
1445 | PLAINTEXT, sizeof(PLAINTEXT)); |
1446 | if (crv == CKR_OK0x00000000UL) { |
1447 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded " |
1448 | "for DSAWithSHA1\n\n"); |
1449 | } else { |
1450 | PKM_Error("PKM_DualFuncSign with DES3 secret key failed " |
1451 | "for DSAWithSHA1 with 0x%08X, %-26s\n", |
1452 | crv, PKM_CK_RVtoStr(crv)); |
1453 | return crv; |
1454 | } |
1455 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1456 | hDSApubKey, hDSAprivKey, |
1457 | &dsaWithSha1Mech, |
1458 | hAESSecKey, &mech_AES_CBC_PAD, |
1459 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); |
1460 | if (crv == CKR_OK0x00000000UL) { |
1461 | PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded " |
1462 | "for DSAWithSHA1\n\n"); |
1463 | } else { |
1464 | PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD failed " |
1465 | "for DSAWithSHA1 with 0x%08X, %-26s\n", |
1466 | crv, PKM_CK_RVtoStr(crv)); |
1467 | return crv; |
1468 | } |
1469 | crv = PKM_DualFuncSign(pFunctionList, hRwSession, |
1470 | hDSApubKey, hDSAprivKey, |
1471 | &dsaWithSha1Mech, |
1472 | hDES3SecKey, &mech_DES3_CBC_PAD, |
1473 | PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD)); |
1474 | if (crv == CKR_OK0x00000000UL) { |
1475 | PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded " |
1476 | "for DSAWithSHA1\n\n"); |
1477 | } else { |
1478 | PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD failed " |
1479 | "for DSAWithSHA1 with 0x%08X, %-26s\n", |
1480 | crv, PKM_CK_RVtoStr(crv)); |
1481 | return crv; |
1482 | } |
1483 | |
1484 | for (i = 0; i < digestMechsSZ; i++) { |
1485 | mech.mechanism = digestMechs[i].mechanism; |
1486 | crv = PKM_Digest(pFunctionList, hRwSession, |
1487 | &mech, hAESSecKey, |
1488 | PLAINTEXT, sizeof(PLAINTEXT)); |
1489 | if (crv == CKR_OK0x00000000UL) { |
1490 | PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n", |
1491 | digestMechs[i].mechanismStr); |
1492 | } else { |
1493 | PKM_Error("PKM_Digest with AES secret key failed for " |
1494 | "%-10s with 0x%08X, %-26s\n", |
1495 | digestMechs[i].mechanismStr, crv, |
1496 | PKM_CK_RVtoStr(crv)); |
1497 | return crv; |
1498 | } |
1499 | crv = PKM_DualFuncDigest(pFunctionList, hRwSession, |
1500 | hAESSecKey, &mech_AES_CBC, |
1501 | 0, &mech, |
1502 | PLAINTEXT, sizeof(PLAINTEXT)); |
1503 | if (crv == CKR_OK0x00000000UL) { |
1504 | PKM_LogIt("PKM_DualFuncDigest with AES secret key succeeded\n\n"); |
1505 | } else { |
1506 | PKM_Error("PKM_DualFuncDigest with AES secret key " |
1507 | "failed with 0x%08X, %-26s\n", |
1508 | crv, |
1509 | PKM_CK_RVtoStr(crv)); |
1510 | } |
1511 | |
1512 | crv = PKM_Digest(pFunctionList, hRwSession, |
1513 | &mech, hDES3SecKey, |
1514 | PLAINTEXT, sizeof(PLAINTEXT)); |
1515 | if (crv == CKR_OK0x00000000UL) { |
1516 | PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n", |
1517 | digestMechs[i].mechanismStr); |
1518 | } else { |
1519 | PKM_Error("PKM_Digest with DES3 secret key failed for " |
1520 | "%-10s with 0x%08X, %-26s\n", |
1521 | digestMechs[i].mechanismStr, crv, |
1522 | PKM_CK_RVtoStr(crv)); |
1523 | return crv; |
1524 | } |
1525 | crv = PKM_DualFuncDigest(pFunctionList, hRwSession, |
1526 | hDES3SecKey, &mech_DES3_CBC, |
1527 | 0, &mech, |
1528 | PLAINTEXT, sizeof(PLAINTEXT)); |
1529 | if (crv == CKR_OK0x00000000UL) { |
1530 | PKM_LogIt("PKM_DualFuncDigest DES3 secret key succeeded\n\n"); |
1531 | } else { |
1532 | PKM_Error("PKM_DualFuncDigest DES3 secret key " |
1533 | "failed with 0x%08X, %-26s\n", |
1534 | crv, |
1535 | PKM_CK_RVtoStr(crv)); |
1536 | } |
1537 | |
1538 | crv = PKM_Digest(pFunctionList, hRwSession, |
1539 | &mech, 0, |
1540 | PLAINTEXT, sizeof(PLAINTEXT)); |
1541 | if (crv == CKR_OK0x00000000UL) { |
1542 | PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n", |
1543 | digestMechs[i].mechanismStr); |
1544 | } else { |
1545 | PKM_Error("PKM_Digest with no secret key failed for %-10s " |
1546 | "with 0x%08X, %-26s\n", |
1547 | digestMechs[i].mechanismStr, crv, |
1548 | PKM_CK_RVtoStr(crv)); |
1549 | return crv; |
1550 | } |
1551 | } /* end of digest loop */ |
1552 | |
1553 | for (i = 0; i < hmacMechsSZ; i++) { |
1554 | mech.mechanism = hmacMechs[i].mechanism; |
1555 | crv = PKM_Hmac(pFunctionList, hRwSession, |
1556 | hAESSecKey, &mech, |
1557 | PLAINTEXT, sizeof(PLAINTEXT)); |
1558 | if (crv == CKR_OK0x00000000UL) { |
1559 | PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n", |
1560 | hmacMechs[i].mechanismStr); |
1561 | } else { |
1562 | PKM_Error("PKM_Hmac with AES secret key failed for %-10s " |
1563 | "with 0x%08X, %-26s\n", |
1564 | hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv)); |
1565 | return crv; |
1566 | } |
1567 | if ((MODE == FIPSMODE0) && (mech.mechanism == CKM_SHA512_HMAC0x00000271UL)) |
1568 | break; |
1569 | crv = PKM_Hmac(pFunctionList, hRwSession, |
1570 | hDES3SecKey, &mech, |
1571 | PLAINTEXT, sizeof(PLAINTEXT)); |
1572 | if (crv == CKR_OK0x00000000UL) { |
1573 | PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n", |
1574 | hmacMechs[i].mechanismStr); |
1575 | } else { |
1576 | PKM_Error("PKM_Hmac with DES3 secret key failed for %-10s " |
1577 | "with 0x%08X, %-26s\n", |
1578 | hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv)); |
1579 | return crv; |
1580 | } |
1581 | |
1582 | } /* end of hmac loop */ |
1583 | |
1584 | crv = pFunctionList->C_Logout(hRwSession); |
1585 | if (crv == CKR_OK0x00000000UL) { |
1586 | PKM_LogIt("C_Logout succeeded\n"); |
1587 | } else { |
1588 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
1589 | PKM_CK_RVtoStr(crv)); |
1590 | return crv; |
1591 | } |
1592 | |
1593 | crv = pFunctionList->C_CloseSession(hRwSession); |
1594 | if (crv != CKR_OK0x00000000UL) { |
1595 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
1596 | PKM_CK_RVtoStr(crv)); |
1597 | return crv; |
1598 | } |
1599 | |
1600 | return crv; |
1601 | } |
1602 | |
1603 | void |
1604 | PKM_LogIt(const char *fmt, ...) |
1605 | { |
1606 | va_list args; |
1607 | |
1608 | if (verbose) { |
1609 | va_start(args, fmt)__builtin_va_start(args, fmt); |
1610 | if (MODE == FIPSMODE0) { |
1611 | printf("FIPS MODE: "); |
1612 | } else if (MODE == NONFIPSMODE1) { |
1613 | printf("NON FIPS MODE: "); |
1614 | } else if (MODE == HYBRIDMODE2) { |
1615 | printf("Hybrid MODE: "); |
1616 | } |
1617 | vprintf(fmt, args); |
1618 | va_end(args)__builtin_va_end(args); |
1619 | } |
1620 | } |
1621 | |
1622 | void |
1623 | PKM_Error(const char *fmt, ...) |
1624 | { |
1625 | va_list args; |
1626 | va_start(args, fmt)__builtin_va_start(args, fmt); |
1627 | |
1628 | if (MODE == FIPSMODE0) { |
1629 | fprintf(stderrstderr, "\nFIPS MODE PKM_Error: "); |
1630 | } else if (MODE == NONFIPSMODE1) { |
1631 | fprintf(stderrstderr, "NON FIPS MODE PKM_Error: "); |
1632 | } else if (MODE == HYBRIDMODE2) { |
1633 | fprintf(stderrstderr, "Hybrid MODE PKM_Error: "); |
1634 | } else |
1635 | fprintf(stderrstderr, "NOMODE PKM_Error: "); |
1636 | vfprintf(stderrstderr, fmt, args); |
1637 | va_end(args)__builtin_va_end(args); |
1638 | } |
1639 | CK_SLOT_ID * |
1640 | PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList, |
1641 | CK_ULONG slotID) |
1642 | { |
1643 | CK_RV crv = CKR_OK0x00000000UL; |
1644 | CK_SLOT_ID *pSlotList = NULL((void*)0); |
1645 | CK_ULONG slotCount; |
1646 | |
1647 | NUMTESTS++; /* increment NUMTESTS */ |
1648 | |
1649 | /* Get slot list */ |
1650 | crv = pFunctionList->C_GetSlotList(CK_FALSE0 /* all slots */, |
1651 | NULL((void*)0), &slotCount); |
1652 | if (crv != CKR_OK0x00000000UL) { |
1653 | PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv, |
1654 | PKM_CK_RVtoStr(crv)); |
1655 | return NULL((void*)0); |
1656 | } |
1657 | PKM_LogIt("C_GetSlotList reported there are %lu slots\n", slotCount); |
1658 | pSlotList = (CK_SLOT_ID *)malloc(slotCount * sizeof(CK_SLOT_ID)); |
1659 | if (!pSlotList) { |
1660 | PKM_Error("failed to allocate slot list\n"); |
1661 | return NULL((void*)0); |
1662 | } |
1663 | crv = pFunctionList->C_GetSlotList(CK_FALSE0 /* all slots */, |
1664 | pSlotList, &slotCount); |
1665 | if (crv != CKR_OK0x00000000UL) { |
1666 | PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv, |
1667 | PKM_CK_RVtoStr(crv)); |
1668 | if (pSlotList) |
1669 | free(pSlotList); |
1670 | return NULL((void*)0); |
1671 | } |
1672 | return pSlotList; |
1673 | } |
1674 | |
1675 | CK_RV |
1676 | PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList, |
1677 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
1678 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
1679 | { |
1680 | CK_RV crv = CKR_OK0x00000000UL; |
1681 | CK_SESSION_HANDLE hSession; |
1682 | static const CK_UTF8CHAR testPin[] = { "0Mozilla" }; |
1683 | static const CK_UTF8CHAR weakPin[] = { "mozilla" }; |
1684 | |
1685 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], |
1686 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, |
1687 | NULL((void*)0), NULL((void*)0), &hSession); |
1688 | if (crv != CKR_OK0x00000000UL) { |
1689 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
1690 | PKM_CK_RVtoStr(crv)); |
1691 | return crv; |
1692 | } |
1693 | PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER1); |
1694 | |
1695 | crv = pFunctionList->C_Login(hSession, CKU_SO0, NULL((void*)0), 0); |
1696 | if (crv != CKR_OK0x00000000UL) { |
1697 | PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv, |
1698 | PKM_CK_RVtoStr(crv)); |
1699 | return crv; |
1700 | } |
1701 | if (MODE == FIPSMODE0) { |
1702 | crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)weakPin, |
1703 | strlen((char *)weakPin)); |
1704 | if (crv == CKR_OK0x00000000UL) { |
1705 | PKM_Error("C_InitPIN with a weak password succeeded\n"); |
1706 | return crv; |
1707 | } else { |
1708 | PKM_LogIt("C_InitPIN with a weak password failed with " |
1709 | "0x%08X, %-26s\n", |
1710 | crv, PKM_CK_RVtoStr(crv)); |
1711 | } |
1712 | } |
1713 | crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)testPin, |
1714 | strlen((char *)testPin)); |
1715 | if (crv == CKR_OK0x00000000UL) { |
1716 | PKM_LogIt("C_InitPIN succeeded\n"); |
1717 | } else { |
1718 | PKM_Error("C_InitPIN failed with 0x%08X, %-26s\n", crv, |
1719 | PKM_CK_RVtoStr(crv)); |
1720 | return crv; |
1721 | } |
1722 | crv = pFunctionList->C_Logout(hSession); |
1723 | if (crv != CKR_OK0x00000000UL) { |
1724 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
1725 | PKM_CK_RVtoStr(crv)); |
1726 | return crv; |
1727 | } |
1728 | crv = pFunctionList->C_CloseSession(hSession); |
1729 | if (crv != CKR_OK0x00000000UL) { |
1730 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
1731 | PKM_CK_RVtoStr(crv)); |
1732 | return crv; |
1733 | } |
1734 | |
1735 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], |
1736 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, |
1737 | NULL((void*)0), NULL((void*)0), &hSession); |
1738 | if (crv != CKR_OK0x00000000UL) { |
1739 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
1740 | PKM_CK_RVtoStr(crv)); |
1741 | return crv; |
1742 | } |
1743 | |
1744 | PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER1); |
1745 | |
1746 | crv = pFunctionList->C_Login(hSession, CKU_USER1, (CK_UTF8CHAR *)testPin, |
1747 | strlen((const char *)testPin)); |
1748 | if (crv != CKR_OK0x00000000UL) { |
1749 | PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv, |
1750 | PKM_CK_RVtoStr(crv)); |
1751 | return crv; |
1752 | } |
1753 | if (MODE == FIPSMODE0) { |
1754 | crv = pFunctionList->C_SetPIN( |
1755 | hSession, (CK_UTF8CHAR *)testPin, |
1756 | strlen((const char *)testPin), |
1757 | (CK_UTF8CHAR *)weakPin, |
1758 | strlen((const char *)weakPin)); |
1759 | if (crv == CKR_OK0x00000000UL) { |
1760 | PKM_Error("C_SetPIN with a weak password succeeded\n"); |
1761 | return crv; |
1762 | } else { |
1763 | PKM_LogIt("C_SetPIN with a weak password returned with " |
1764 | "0x%08X, %-26s\n", |
1765 | crv, PKM_CK_RVtoStr(crv)); |
1766 | } |
1767 | } |
1768 | crv = pFunctionList->C_SetPIN( |
1769 | hSession, (CK_UTF8CHAR *)testPin, |
1770 | strlen((const char *)testPin), |
1771 | pwd, pwdLen); |
1772 | if (crv != CKR_OK0x00000000UL) { |
1773 | PKM_Error("C_CSetPin failed with 0x%08X, %-26s\n", crv, |
1774 | PKM_CK_RVtoStr(crv)); |
1775 | return crv; |
1776 | } |
1777 | crv = pFunctionList->C_Logout(hSession); |
1778 | if (crv != CKR_OK0x00000000UL) { |
1779 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
1780 | PKM_CK_RVtoStr(crv)); |
1781 | return crv; |
1782 | } |
1783 | crv = pFunctionList->C_CloseSession(hSession); |
1784 | if (crv != CKR_OK0x00000000UL) { |
1785 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
1786 | PKM_CK_RVtoStr(crv)); |
1787 | return crv; |
1788 | } |
1789 | return crv; |
1790 | } |
1791 | |
1792 | CK_RV |
1793 | PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) |
1794 | { |
1795 | CK_RV crv = CKR_OK0x00000000UL; |
1796 | CK_INFO info; |
1797 | CK_SLOT_ID *pSlotList = NULL((void*)0); |
1798 | unsigned i; |
1799 | |
1800 | CK_SLOT_INFO slotInfo; |
1801 | CK_TOKEN_INFO tokenInfo; |
1802 | CK_FLAGS bitflag; |
1803 | |
1804 | NUMTESTS++; /* increment NUMTESTS */ |
1805 | |
1806 | crv = pFunctionList->C_GetInfo(&info); |
1807 | if (crv == CKR_OK0x00000000UL) { |
1808 | PKM_LogIt("C_GetInfo succeeded\n"); |
1809 | } else { |
1810 | PKM_Error("C_GetInfo failed with 0x%08X, %-26s\n", crv, |
1811 | PKM_CK_RVtoStr(crv)); |
1812 | return crv; |
1813 | } |
1814 | PKM_LogIt("General information about the PKCS #11 library:\n"); |
1815 | PKM_LogIt(" PKCS #11 version: %d.%d\n", |
1816 | (int)info.cryptokiVersion.major, |
1817 | (int)info.cryptokiVersion.minor); |
1818 | PKM_LogIt(" manufacturer ID: %.32s\n", info.manufacturerID); |
1819 | PKM_LogIt(" flags: 0x%08lX\n", info.flags); |
1820 | PKM_LogIt(" library description: %.32s\n", info.libraryDescription); |
1821 | PKM_LogIt(" library version: %d.%d\n", |
1822 | (int)info.libraryVersion.major, (int)info.libraryVersion.minor); |
1823 | PKM_LogIt("\n"); |
1824 | |
1825 | /* Get slot list */ |
1826 | pSlotList = PKM_GetSlotList(pFunctionList, slotID); |
1827 | if (pSlotList == NULL((void*)0)) { |
1828 | PKM_Error("PKM_GetSlotList failed with \n"); |
1829 | return crv; |
1830 | } |
1831 | crv = pFunctionList->C_GetSlotInfo(pSlotList[slotID], &slotInfo); |
1832 | if (crv == CKR_OK0x00000000UL) { |
1833 | PKM_LogIt("C_GetSlotInfo succeeded\n"); |
1834 | } else { |
1835 | PKM_Error("C_GetSlotInfo failed with 0x%08X, %-26s\n", crv, |
1836 | PKM_CK_RVtoStr(crv)); |
1837 | return crv; |
1838 | } |
1839 | PKM_LogIt("Information about slot %lu:\n", pSlotList[slotID]); |
1840 | PKM_LogIt(" slot description: %.64s\n", slotInfo.slotDescription); |
1841 | PKM_LogIt(" slot manufacturer ID: %.32s\n", slotInfo.manufacturerID); |
1842 | PKM_LogIt(" flags: 0x%08lX\n", slotInfo.flags); |
1843 | bitflag = 1; |
1844 | for (i = 0; i < sizeof(slotFlagName) / sizeof(slotFlagName[0]); i++) { |
1845 | if (slotInfo.flags & bitflag) { |
1846 | PKM_LogIt(" %s\n", slotFlagName[i]); |
1847 | } |
1848 | bitflag <<= 1; |
1849 | } |
1850 | PKM_LogIt(" slot's hardware version number: %d.%d\n", |
1851 | (int)slotInfo.hardwareVersion.major, |
1852 | (int)slotInfo.hardwareVersion.minor); |
1853 | PKM_LogIt(" slot's firmware version number: %d.%d\n", |
1854 | (int)slotInfo.firmwareVersion.major, |
1855 | (int)slotInfo.firmwareVersion.minor); |
1856 | PKM_LogIt("\n"); |
1857 | |
1858 | crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo); |
1859 | if (crv == CKR_OK0x00000000UL) { |
1860 | PKM_LogIt("C_GetTokenInfo succeeded\n"); |
1861 | } else { |
1862 | PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv, |
1863 | PKM_CK_RVtoStr(crv)); |
1864 | return crv; |
1865 | } |
1866 | PKM_LogIt("Information about the token in slot %lu:\n", |
1867 | pSlotList[slotID]); |
1868 | PKM_LogIt(" label: %.32s\n", tokenInfo.label); |
1869 | PKM_LogIt(" device manufacturer ID: %.32s\n", |
1870 | tokenInfo.manufacturerID); |
1871 | PKM_LogIt(" device model: %.16s\n", tokenInfo.model); |
1872 | PKM_LogIt(" device serial number: %.16s\n", tokenInfo.serialNumber); |
1873 | PKM_LogIt(" flags: 0x%08lX\n", tokenInfo.flags); |
1874 | bitflag = 1; |
1875 | for (i = 0; i < sizeof(tokenFlagName) / sizeof(tokenFlagName[0]); i++) { |
1876 | if (tokenInfo.flags & bitflag) { |
1877 | PKM_LogIt(" %s\n", tokenFlagName[i]); |
1878 | } |
1879 | bitflag <<= 1; |
1880 | } |
1881 | PKM_LogIt(" maximum session count: %lu\n", |
1882 | tokenInfo.ulMaxSessionCount); |
1883 | PKM_LogIt(" session count: %lu\n", tokenInfo.ulSessionCount); |
1884 | PKM_LogIt(" maximum read/write session count: %lu\n", |
1885 | tokenInfo.ulMaxRwSessionCount); |
1886 | PKM_LogIt(" read/write session count: %lu\n", |
1887 | tokenInfo.ulRwSessionCount); |
1888 | PKM_LogIt(" maximum PIN length: %lu\n", tokenInfo.ulMaxPinLen); |
1889 | PKM_LogIt(" minimum PIN length: %lu\n", tokenInfo.ulMinPinLen); |
1890 | PKM_LogIt(" total public memory: %lu\n", |
1891 | tokenInfo.ulTotalPublicMemory); |
1892 | PKM_LogIt(" free public memory: %lu\n", |
1893 | tokenInfo.ulFreePublicMemory); |
1894 | PKM_LogIt(" total private memory: %lu\n", |
1895 | tokenInfo.ulTotalPrivateMemory); |
1896 | PKM_LogIt(" free private memory: %lu\n", |
1897 | tokenInfo.ulFreePrivateMemory); |
1898 | PKM_LogIt(" hardware version number: %d.%d\n", |
1899 | (int)tokenInfo.hardwareVersion.major, |
1900 | (int)tokenInfo.hardwareVersion.minor); |
1901 | PKM_LogIt(" firmware version number: %d.%d\n", |
1902 | (int)tokenInfo.firmwareVersion.major, |
1903 | (int)tokenInfo.firmwareVersion.minor); |
1904 | if (tokenInfo.flags & CKF_CLOCK_ON_TOKEN0x00000040UL) { |
1905 | PKM_LogIt(" current time: %.16s\n", tokenInfo.utcTime); |
1906 | } |
1907 | PKM_LogIt("PKM_ShowInfo done \n\n"); |
1908 | free(pSlotList); |
1909 | return crv; |
1910 | } |
1911 | |
1912 | /* PKM_HybridMode */ |
1913 | /* The NSS cryptographic module has two modes of operation: FIPS Approved */ |
1914 | /* mode and NONFIPS Approved mode. The two modes of operation are */ |
1915 | /* independent of each other -- they have their own copies of data */ |
1916 | /* structures and they are even allowed to be active at the same time. */ |
1917 | /* The module is FIPS 140-2 compliant only when the NONFIPS mode */ |
1918 | /* is inactive. */ |
1919 | /* PKM_HybridMode demostrates how an application can switch between the */ |
1920 | /* two modes: FIPS Approved mode and NONFIPS mode. */ |
1921 | CK_RV |
1922 | PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, |
1923 | CK_C_INITIALIZE_ARGS_NSS *initArgs) |
1924 | { |
1925 | |
1926 | CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */ |
1927 | CK_FUNCTION_LIST_PTR pC_FunctionList; |
1928 | CK_SLOT_ID *pC_SlotList = NULL((void*)0); |
1929 | CK_ULONG slotID_C = 1; |
1930 | CK_C_GetFunctionList pFC_GetFunctionList; /* FIPSMode */ |
1931 | CK_FUNCTION_LIST_PTR pFC_FunctionList; |
1932 | CK_SLOT_ID *pFC_SlotList = NULL((void*)0); |
1933 | CK_ULONG slotID_FC = 0; |
1934 | CK_RV crv = CKR_OK0x00000000UL; |
1935 | CK_SESSION_HANDLE hSession; |
1936 | int origMode = MODE; /* remember the orginal MODE value */ |
1937 | |
1938 | NUMTESTS++; /* increment NUMTESTS */ |
1939 | MODE = NONFIPSMODE1; |
1940 | #ifdef _WIN32 |
1941 | /* NON FIPS mode == C_GetFunctionList */ |
1942 | pC_GetFunctionList = (CK_C_GetFunctionList) |
1943 | GetProcAddress(hModule, "C_GetFunctionList"); |
1944 | if (pC_GetFunctionList == NULL((void*)0)) { |
1945 | PKM_Error("cannot load %s\n", LIB_NAME); |
1946 | return crv; |
1947 | } |
1948 | #else |
1949 | pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, |
1950 | "C_GetFunctionList"); |
1951 | assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pC_GetFunctionList != NULL", "pk11mode.c", 1951, __extension__ __PRETTY_FUNCTION__)); |
1952 | #endif |
1953 | PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n", |
1954 | slotID_C); |
1955 | crv = (*pC_GetFunctionList)(&pC_FunctionList); |
1956 | assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK" , "pk11mode.c", 1956, __extension__ __PRETTY_FUNCTION__)); |
1957 | |
1958 | /* invoke C_Initialize as pC_FunctionList->C_Initialize */ |
1959 | crv = pC_FunctionList->C_Initialize(initArgs); |
1960 | if (crv == CKR_OK0x00000000UL) { |
1961 | PKM_LogIt("C_Initialize succeeded\n"); |
1962 | } else { |
1963 | PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv, |
1964 | PKM_CK_RVtoStr(crv)); |
1965 | return crv; |
1966 | } |
1967 | |
1968 | pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C); |
1969 | if (pC_SlotList == NULL((void*)0)) { |
1970 | PKM_Error("PKM_GetSlotList failed with \n"); |
1971 | return crv; |
1972 | } |
1973 | crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C], |
1974 | CKF_SERIAL_SESSION0x00000004UL, |
1975 | NULL((void*)0), NULL((void*)0), &hSession); |
1976 | if (crv == CKR_OK0x00000000UL) { |
1977 | PKM_LogIt("NONFIPS C_OpenSession succeeded\n"); |
1978 | } else { |
1979 | PKM_Error("C_OpenSession failed for NONFIPS token " |
1980 | "with 0x%08X, %-26s\n", |
1981 | crv, PKM_CK_RVtoStr(crv)); |
1982 | return crv; |
1983 | } |
1984 | |
1985 | crv = pC_FunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
1986 | if (crv == CKR_OK0x00000000UL) { |
1987 | PKM_LogIt("able to login in NONFIPS token\n"); |
1988 | } else { |
1989 | PKM_Error("Unable to login in to NONFIPS token " |
1990 | "with 0x%08X, %-26s\n", |
1991 | crv, PKM_CK_RVtoStr(crv)); |
1992 | return crv; |
1993 | } |
1994 | |
1995 | crv = pC_FunctionList->C_Logout(hSession); |
1996 | if (crv == CKR_OK0x00000000UL) { |
1997 | PKM_LogIt("C_Logout succeeded\n"); |
1998 | } else { |
1999 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
2000 | PKM_CK_RVtoStr(crv)); |
2001 | return crv; |
2002 | } |
2003 | |
2004 | PKM_ShowInfo(pC_FunctionList, slotID_C); |
2005 | MODE = HYBRIDMODE2; |
2006 | |
2007 | /* Now load the FIPS token */ |
2008 | /* FIPS mode == FC_GetFunctionList */ |
2009 | pFC_GetFunctionList = NULL((void*)0); |
2010 | #ifdef _WIN32 |
2011 | pFC_GetFunctionList = (CK_C_GetFunctionList) |
2012 | GetProcAddress(hModule, "FC_GetFunctionList"); |
2013 | #else |
2014 | pFC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib, |
2015 | "FC_GetFunctionList"); |
2016 | assert(pFC_GetFunctionList != NULL)((pFC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail ("pFC_GetFunctionList != NULL", "pk11mode.c", 2016, __extension__ __PRETTY_FUNCTION__)); |
2017 | #endif |
2018 | |
2019 | PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n", |
2020 | slotID_FC); |
2021 | PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n"); |
2022 | if (pFC_GetFunctionList == NULL((void*)0)) { |
2023 | PKM_Error("unable to load pFC_GetFunctionList\n"); |
2024 | return crv; |
2025 | } |
2026 | |
2027 | crv = (*pFC_GetFunctionList)(&pFC_FunctionList); |
2028 | assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK" , "pk11mode.c", 2028, __extension__ __PRETTY_FUNCTION__)); |
2029 | |
2030 | /* invoke FC_Initialize as pFunctionList->C_Initialize */ |
2031 | crv = pFC_FunctionList->C_Initialize(initArgs); |
2032 | if (crv == CKR_OK0x00000000UL) { |
2033 | PKM_LogIt("FC_Initialize succeeded\n"); |
2034 | } else { |
2035 | PKM_Error("FC_Initialize failed with 0x%08X, %-26s\n", crv, |
2036 | PKM_CK_RVtoStr(crv)); |
2037 | return crv; |
2038 | } |
2039 | PKM_ShowInfo(pFC_FunctionList, slotID_FC); |
2040 | |
2041 | pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC); |
2042 | if (pFC_SlotList == NULL((void*)0)) { |
2043 | PKM_Error("PKM_GetSlotList failed with \n"); |
2044 | return crv; |
2045 | } |
2046 | |
2047 | crv = pC_FunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
2048 | if (crv != CKR_OK0x00000000UL) { |
2049 | PKM_LogIt("NONFIPS token cannot log in when FIPS token is loaded\n"); |
2050 | } else { |
2051 | PKM_Error("Able to login in to NONFIPS token\n"); |
2052 | return crv; |
2053 | } |
2054 | crv = pC_FunctionList->C_CloseSession(hSession); |
2055 | if (crv == CKR_OK0x00000000UL) { |
2056 | PKM_LogIt("NONFIPS pC_CloseSession succeeded\n"); |
2057 | } else { |
2058 | PKM_Error("pC_CloseSession failed for NONFIPS token " |
2059 | "with 0x%08X, %-26s\n", |
2060 | crv, PKM_CK_RVtoStr(crv)); |
2061 | return crv; |
2062 | } |
2063 | |
2064 | PKM_LogIt("The module is FIPS 140-2 compliant\n" |
2065 | "only when the NONFIPS Approved mode is inactive by \n" |
2066 | "calling C_Finalize on the NONFIPS token.\n"); |
2067 | |
2068 | /* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */ |
2069 | crv = pC_FunctionList->C_Finalize(NULL((void*)0)); |
2070 | if (crv == CKR_OK0x00000000UL) { |
2071 | PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n"); |
2072 | MODE = FIPSMODE0; |
2073 | } else { |
2074 | PKM_Error("C_Finalize of NONFIPS Token failed with " |
2075 | "0x%08X, %-26s\n", |
2076 | crv, |
2077 | PKM_CK_RVtoStr(crv)); |
2078 | return crv; |
2079 | } |
2080 | |
2081 | PKM_LogIt("*** In FIPS mode! ***\n"); |
2082 | |
2083 | /* could do some operations in FIPS MODE */ |
2084 | |
2085 | crv = pFC_FunctionList->C_Finalize(NULL((void*)0)); |
2086 | if (crv == CKR_OK0x00000000UL) { |
2087 | PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n"); |
2088 | MODE = NOMODE3; |
2089 | } else { |
2090 | PKM_Error("FC_Finalize failed with 0x%08X, %-26s\n", crv, |
2091 | PKM_CK_RVtoStr(crv)); |
2092 | return crv; |
2093 | } |
2094 | |
2095 | if (pC_SlotList) |
2096 | free(pC_SlotList); |
2097 | if (pFC_SlotList) |
2098 | free(pFC_SlotList); |
2099 | |
2100 | MODE = origMode; /* set the mode back to the orginal Mode value */ |
2101 | PKM_LogIt("PKM_HybridMode test Completed\n\n"); |
2102 | return crv; |
2103 | } |
2104 | |
2105 | CK_RV |
2106 | PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, |
2107 | CK_SLOT_ID *pSlotList, CK_ULONG slotID) |
2108 | { |
2109 | |
2110 | CK_RV crv = CKR_OK0x00000000UL; |
2111 | CK_MECHANISM_TYPE *pMechanismList; |
2112 | CK_ULONG mechanismCount; |
2113 | CK_ULONG i; |
2114 | const char *mechName = NULL((void*)0); |
2115 | |
2116 | NUMTESTS++; /* increment NUMTESTS */ |
2117 | |
2118 | /* Get the mechanism list */ |
2119 | crv = pFunctionList->C_GetMechanismList(pSlotList[slotID], |
2120 | NULL((void*)0), &mechanismCount); |
2121 | if (crv != CKR_OK0x00000000UL) { |
2122 | PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv, |
2123 | PKM_CK_RVtoStr(crv)); |
2124 | return crv; |
2125 | } |
2126 | PKM_LogIt("C_GetMechanismList reported there are %lu mechanisms\n", |
2127 | mechanismCount); |
2128 | pMechanismList = (CK_MECHANISM_TYPE *) |
2129 | malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE)); |
2130 | if (!pMechanismList) { |
2131 | PKM_Error("failed to allocate mechanism list\n"); |
2132 | return crv; |
2133 | } |
2134 | crv = pFunctionList->C_GetMechanismList(pSlotList[slotID], |
2135 | pMechanismList, &mechanismCount); |
2136 | if (crv != CKR_OK0x00000000UL) { |
2137 | PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv, |
2138 | PKM_CK_RVtoStr(crv)); |
2139 | return crv; |
2140 | } |
2141 | PKM_LogIt("C_GetMechanismList returned the mechanism types:\n"); |
2142 | if (verbose) { |
2143 | for (i = 0; i < mechanismCount; i++) { |
2144 | mechName = getName(pMechanismList[(i)], ConstMechanism); |
2145 | |
2146 | /* output two mechanism name on each line */ |
2147 | /* currently the longest known mechansim name length is 37 */ |
2148 | if (mechName) { |
2149 | printf("%-40s", mechName); |
2150 | } else { |
2151 | printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]); |
2152 | } |
2153 | if ((i % 2) == 1) |
2154 | printf("\n"); |
2155 | } |
2156 | printf("\n\n"); |
2157 | } |
2158 | |
2159 | for (i = 0; i < mechanismCount; i++) { |
2160 | CK_MECHANISM_INFO minfo; |
2161 | |
2162 | memset(&minfo, 0, sizeof(CK_MECHANISM_INFO)); |
2163 | crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotID], |
2164 | pMechanismList[i], &minfo); |
2165 | if (CKR_OK0x00000000UL != crv) { |
2166 | PKM_Error("C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n", |
2167 | pSlotList[slotID], pMechanismList[i], crv, |
2168 | PKM_CK_RVtoStr(crv)); |
2169 | return crv; |
2170 | } |
2171 | |
2172 | mechName = getName(pMechanismList[i], ConstMechanism); |
2173 | if (!mechName) |
2174 | mechName = "Unknown mechanism"; |
2175 | PKM_LogIt(" [%lu]: CK_MECHANISM_TYPE = %s 0x%08lX\n", (i + 1), |
2176 | mechName, |
2177 | pMechanismList[i]); |
2178 | PKM_LogIt(" ulMinKeySize = %lu\n", minfo.ulMinKeySize); |
2179 | PKM_LogIt(" ulMaxKeySize = %lu\n", minfo.ulMaxKeySize); |
2180 | PKM_LogIt(" flags = 0x%08x\n", minfo.flags); |
2181 | PKM_LogIt(" -> HW = %s\n", minfo.flags & CKF_HW0x00000001UL ? "TRUE" : "FALSE"); |
2182 | PKM_LogIt(" -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT0x00000100UL ? "TRUE" : "FALSE"); |
2183 | PKM_LogIt(" -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT0x00000200UL ? "TRUE" : "FALSE"); |
2184 | PKM_LogIt(" -> DIGEST = %s\n", minfo.flags & CKF_DIGEST0x00000400UL ? "TRUE" : "FALSE"); |
2185 | PKM_LogIt(" -> SIGN = %s\n", minfo.flags & CKF_SIGN0x00000800UL ? "TRUE" : "FALSE"); |
2186 | PKM_LogIt(" -> SIGN_RECOVER = %s\n", minfo.flags & CKF_SIGN_RECOVER0x00001000UL ? "TRUE" : "FALSE"); |
2187 | PKM_LogIt(" -> VERIFY = %s\n", minfo.flags & CKF_VERIFY0x00002000 ? "TRUE" : "FALSE"); |
2188 | PKM_LogIt(" -> VERIFY_RECOVER = %s\n", |
2189 | minfo.flags & CKF_VERIFY_RECOVER0x00004000UL ? "TRUE" : "FALSE"); |
2190 | PKM_LogIt(" -> GENERATE = %s\n", minfo.flags & CKF_GENERATE0x00008000UL ? "TRUE" : "FALSE"); |
2191 | PKM_LogIt(" -> GENERATE_KEY_PAIR = %s\n", |
2192 | minfo.flags & CKF_GENERATE_KEY_PAIR0x00010000UL ? "TRUE" : "FALSE"); |
2193 | PKM_LogIt(" -> WRAP = %s\n", minfo.flags & CKF_WRAP0x00020000UL ? "TRUE" : "FALSE"); |
2194 | PKM_LogIt(" -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP0x00040000UL ? "TRUE" : "FALSE"); |
2195 | PKM_LogIt(" -> DERIVE = %s\n", minfo.flags & CKF_DERIVE0x00080000UL ? "TRUE" : "FALSE"); |
2196 | PKM_LogIt(" -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION0x80000000UL ? "TRUE" : "FALSE"); |
2197 | |
2198 | PKM_LogIt("\n"); |
2199 | } |
2200 | |
2201 | return crv; |
2202 | } |
2203 | |
2204 | CK_RV |
2205 | PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList, |
2206 | CK_ULONG slotID) |
2207 | { |
2208 | CK_SESSION_HANDLE hSession; |
2209 | CK_RV crv = CKR_OK0x00000000UL; |
2210 | CK_BYTE randomData[16]; |
2211 | CK_BYTE seed[] = { 0x01, 0x03, 0x35, 0x55, 0xFF }; |
2212 | |
2213 | NUMTESTS++; /* increment NUMTESTS */ |
2214 | |
2215 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
2216 | NULL((void*)0), NULL((void*)0), &hSession); |
2217 | if (crv != CKR_OK0x00000000UL) { |
2218 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
2219 | PKM_CK_RVtoStr(crv)); |
2220 | return crv; |
2221 | } |
2222 | |
2223 | crv = pFunctionList->C_GenerateRandom(hSession, |
2224 | randomData, sizeof randomData); |
2225 | if (crv == CKR_OK0x00000000UL) { |
2226 | PKM_LogIt("C_GenerateRandom without login succeeded\n"); |
2227 | } else { |
2228 | PKM_Error("C_GenerateRandom without login failed " |
2229 | "with 0x%08X, %-26s\n", |
2230 | crv, PKM_CK_RVtoStr(crv)); |
2231 | return crv; |
2232 | } |
2233 | crv = pFunctionList->C_SeedRandom(hSession, seed, sizeof(seed)); |
2234 | if (crv == CKR_OK0x00000000UL) { |
2235 | PKM_LogIt("C_SeedRandom without login succeeded\n"); |
2236 | } else { |
2237 | PKM_Error("C_SeedRandom without login failed " |
2238 | "with 0x%08X, %-26s\n", |
2239 | crv, PKM_CK_RVtoStr(crv)); |
2240 | return crv; |
2241 | } |
2242 | crv = pFunctionList->C_GenerateRandom(hSession, |
2243 | randomData, sizeof randomData); |
2244 | if (crv == CKR_OK0x00000000UL) { |
2245 | PKM_LogIt("C_GenerateRandom without login succeeded\n"); |
2246 | } else { |
2247 | PKM_Error("C_GenerateRandom without login failed " |
2248 | "with 0x%08X, %-26s\n", |
2249 | crv, PKM_CK_RVtoStr(crv)); |
2250 | return crv; |
2251 | } |
2252 | crv = pFunctionList->C_CloseSession(hSession); |
2253 | if (crv != CKR_OK0x00000000UL) { |
2254 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
2255 | PKM_CK_RVtoStr(crv)); |
2256 | return crv; |
2257 | } |
2258 | |
2259 | return crv; |
2260 | } |
2261 | |
2262 | CK_RV |
2263 | PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList, |
2264 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
2265 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
2266 | { |
2267 | CK_SESSION_HANDLE hSession; |
2268 | CK_RV crv = CKR_OK0x00000000UL; |
2269 | |
2270 | NUMTESTS++; /* increment NUMTESTS */ |
2271 | |
2272 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
2273 | NULL((void*)0), NULL((void*)0), &hSession); |
2274 | if (crv != CKR_OK0x00000000UL) { |
2275 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
2276 | PKM_CK_RVtoStr(crv)); |
2277 | return crv; |
2278 | } |
2279 | |
2280 | crv = pFunctionList->C_Login(hSession, CKU_USER1, (unsigned char *)"netscape", 8); |
2281 | if (crv == CKR_OK0x00000000UL) { |
2282 | PKM_Error("C_Login with wrong password succeeded\n"); |
2283 | return CKR_FUNCTION_FAILED0x00000006UL; |
2284 | } else { |
2285 | PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, " |
2286 | "%-26s.\n ", |
2287 | crv, PKM_CK_RVtoStr(crv)); |
2288 | } |
2289 | crv = pFunctionList->C_Login(hSession, CKU_USER1, (unsigned char *)"red hat", 7); |
2290 | if (crv == CKR_OK0x00000000UL) { |
2291 | PKM_Error("C_Login with wrong password succeeded\n"); |
2292 | return CKR_FUNCTION_FAILED0x00000006UL; |
2293 | } else { |
2294 | PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, " |
2295 | "%-26s.\n ", |
2296 | crv, PKM_CK_RVtoStr(crv)); |
2297 | } |
2298 | crv = pFunctionList->C_Login(hSession, CKU_USER1, |
2299 | (unsigned char *)"sun", 3); |
2300 | if (crv == CKR_OK0x00000000UL) { |
2301 | PKM_Error("C_Login with wrong password succeeded\n"); |
2302 | return CKR_FUNCTION_FAILED0x00000006UL; |
2303 | } else { |
2304 | PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, " |
2305 | "%-26s.\n ", |
2306 | crv, PKM_CK_RVtoStr(crv)); |
2307 | } |
2308 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
2309 | if (crv == CKR_OK0x00000000UL) { |
2310 | PKM_LogIt("C_Login with correct password succeeded\n"); |
2311 | } else { |
2312 | PKM_Error("C_Login with correct password failed " |
2313 | "with 0x%08X, %-26s\n", |
2314 | crv, PKM_CK_RVtoStr(crv)); |
2315 | return crv; |
2316 | } |
2317 | |
2318 | crv = pFunctionList->C_Logout(hSession); |
2319 | if (crv == CKR_OK0x00000000UL) { |
2320 | PKM_LogIt("C_Logout succeeded\n"); |
2321 | } else { |
2322 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
2323 | PKM_CK_RVtoStr(crv)); |
2324 | return crv; |
2325 | } |
2326 | |
2327 | crv = pFunctionList->C_CloseSession(hSession); |
2328 | if (crv != CKR_OK0x00000000UL) { |
2329 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
2330 | PKM_CK_RVtoStr(crv)); |
2331 | return crv; |
2332 | } |
2333 | |
2334 | return crv; |
2335 | } |
2336 | |
2337 | /* |
2338 | * PKM_LegacyFunctions |
2339 | * |
2340 | * Legacyfunctions exist only for backwards compatibility. |
2341 | * C_GetFunctionStatus and C_CancelFunction functions were |
2342 | * meant for managing parallel execution of cryptographic functions. |
2343 | * |
2344 | * C_GetFunctionStatus is a legacy function which should simply return |
2345 | * the value CKR_FUNCTION_NOT_PARALLEL. |
2346 | * |
2347 | * C_CancelFunction is a legacy function which should simply return the |
2348 | * value CKR_FUNCTION_NOT_PARALLEL. |
2349 | * |
2350 | */ |
2351 | CK_RV |
2352 | PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList, |
2353 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
2354 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
2355 | { |
2356 | CK_SESSION_HANDLE hSession; |
2357 | CK_RV crv = CKR_OK0x00000000UL; |
2358 | NUMTESTS++; /* increment NUMTESTS */ |
2359 | |
2360 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
2361 | NULL((void*)0), NULL((void*)0), &hSession); |
2362 | if (crv != CKR_OK0x00000000UL) { |
2363 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
2364 | PKM_CK_RVtoStr(crv)); |
2365 | return crv; |
2366 | } |
2367 | |
2368 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
2369 | if (crv == CKR_OK0x00000000UL) { |
2370 | PKM_LogIt("C_Login with correct password succeeded\n"); |
2371 | } else { |
2372 | PKM_Error("C_Login with correct password failed " |
2373 | "with 0x%08X, %-26s\n", |
2374 | crv, PKM_CK_RVtoStr(crv)); |
2375 | return crv; |
2376 | } |
2377 | |
2378 | crv = pFunctionList->C_GetFunctionStatus(hSession); |
2379 | if (crv == CKR_FUNCTION_NOT_PARALLEL0x00000051UL) { |
2380 | PKM_LogIt("C_GetFunctionStatus correctly" |
2381 | "returned CKR_FUNCTION_NOT_PARALLEL \n"); |
2382 | } else { |
2383 | PKM_Error("C_GetFunctionStatus failed " |
2384 | "with 0x%08X, %-26s\n", |
2385 | crv, PKM_CK_RVtoStr(crv)); |
2386 | return crv; |
2387 | } |
2388 | |
2389 | crv = pFunctionList->C_CancelFunction(hSession); |
2390 | if (crv == CKR_FUNCTION_NOT_PARALLEL0x00000051UL) { |
2391 | PKM_LogIt("C_CancelFunction correctly " |
2392 | "returned CKR_FUNCTION_NOT_PARALLEL \n"); |
2393 | } else { |
2394 | PKM_Error("C_CancelFunction failed " |
2395 | "with 0x%08X, %-26s\n", |
2396 | crv, PKM_CK_RVtoStr(crv)); |
2397 | return crv; |
2398 | } |
2399 | |
2400 | crv = pFunctionList->C_Logout(hSession); |
2401 | if (crv == CKR_OK0x00000000UL) { |
2402 | PKM_LogIt("C_Logout succeeded\n"); |
2403 | } else { |
2404 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
2405 | PKM_CK_RVtoStr(crv)); |
2406 | return crv; |
2407 | } |
2408 | |
2409 | crv = pFunctionList->C_CloseSession(hSession); |
2410 | if (crv != CKR_OK0x00000000UL) { |
2411 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
2412 | PKM_CK_RVtoStr(crv)); |
2413 | return crv; |
2414 | } |
2415 | |
2416 | return crv; |
2417 | } |
2418 | |
2419 | /* |
2420 | * PKM_DualFuncDigest - demostrates the Dual-function |
2421 | * cryptograpic functions: |
2422 | * |
2423 | * C_DigestEncryptUpdate - multi-part Digest and Encrypt |
2424 | * C_DecryptDigestUpdate - multi-part Decrypt and Digest |
2425 | * |
2426 | * |
2427 | */ |
2428 | |
2429 | CK_RV |
2430 | PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList, |
2431 | CK_SESSION_HANDLE hSession, |
2432 | CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech, |
2433 | CK_OBJECT_HANDLE hSecKeyDigest, |
2434 | CK_MECHANISM *digestMech, |
2435 | const CK_BYTE *pData, CK_ULONG pDataLen) |
2436 | { |
2437 | CK_RV crv = CKR_OK0x00000000UL; |
2438 | CK_BYTE eDigest[MAX_DIGEST_SZ64]; |
2439 | CK_BYTE dDigest[MAX_DIGEST_SZ64]; |
2440 | CK_ULONG ulDigestLen; |
2441 | CK_BYTE ciphertext[MAX_CIPHER_SZ128]; |
2442 | CK_ULONG ciphertextLen, lastLen; |
2443 | CK_BYTE plaintext[MAX_DATA_SZ64]; |
2444 | CK_ULONG plaintextLen; |
2445 | unsigned int i; |
2446 | |
2447 | memset(eDigest, 0, sizeof(eDigest)); |
2448 | memset(dDigest, 0, sizeof(dDigest)); |
2449 | memset(ciphertext, 0, sizeof(ciphertext)); |
2450 | memset(plaintext, 0, sizeof(plaintext)); |
2451 | |
2452 | NUMTESTS++; /* increment NUMTESTS */ |
2453 | |
2454 | /* |
2455 | * First init the Digest and Ecrypt operations |
2456 | */ |
2457 | crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSecKey); |
2458 | if (crv != CKR_OK0x00000000UL) { |
2459 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, |
2460 | PKM_CK_RVtoStr(crv)); |
2461 | return crv; |
2462 | } |
2463 | crv = pFunctionList->C_DigestInit(hSession, digestMech); |
2464 | if (crv != CKR_OK0x00000000UL) { |
2465 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, |
2466 | PKM_CK_RVtoStr(crv)); |
2467 | return crv; |
2468 | } |
2469 | |
2470 | ciphertextLen = sizeof(ciphertext); |
2471 | crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE *)pData, |
2472 | pDataLen, |
2473 | ciphertext, &ciphertextLen); |
2474 | if (crv != CKR_OK0x00000000UL) { |
2475 | PKM_Error("C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv, |
2476 | PKM_CK_RVtoStr(crv)); |
2477 | return crv; |
2478 | } |
2479 | |
2480 | ulDigestLen = sizeof(eDigest); |
2481 | crv = pFunctionList->C_DigestFinal(hSession, eDigest, &ulDigestLen); |
2482 | if (crv != CKR_OK0x00000000UL) { |
2483 | PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv, |
2484 | PKM_CK_RVtoStr(crv)); |
2485 | return crv; |
2486 | } |
2487 | |
2488 | /* get the last piece of ciphertext (length should be 0 */ |
2489 | lastLen = sizeof(ciphertext) - ciphertextLen; |
2490 | crv = pFunctionList->C_EncryptFinal(hSession, |
2491 | (CK_BYTE *)&ciphertext[ciphertextLen], |
2492 | &lastLen); |
2493 | if (crv != CKR_OK0x00000000UL) { |
2494 | PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv, |
2495 | PKM_CK_RVtoStr(crv)); |
2496 | return crv; |
2497 | } |
2498 | ciphertextLen = ciphertextLen + lastLen; |
2499 | if (verbose) { |
2500 | printf("ciphertext = "); |
2501 | for (i = 0; i < ciphertextLen; i++) { |
2502 | printf("%02x", (unsigned)ciphertext[i]); |
2503 | } |
2504 | printf("\n"); |
2505 | printf("eDigest = "); |
2506 | for (i = 0; i < ulDigestLen; i++) { |
2507 | printf("%02x", (unsigned)eDigest[i]); |
2508 | } |
2509 | printf("\n"); |
2510 | } |
2511 | |
2512 | /* Decrypt the text */ |
2513 | crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSecKey); |
2514 | if (crv != CKR_OK0x00000000UL) { |
2515 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2516 | PKM_CK_RVtoStr(crv)); |
2517 | return crv; |
2518 | } |
2519 | crv = pFunctionList->C_DigestInit(hSession, digestMech); |
2520 | if (crv != CKR_OK0x00000000UL) { |
2521 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2522 | PKM_CK_RVtoStr(crv)); |
2523 | return crv; |
2524 | } |
2525 | |
2526 | plaintextLen = sizeof(plaintext); |
2527 | crv = pFunctionList->C_DecryptDigestUpdate(hSession, ciphertext, |
2528 | ciphertextLen, |
2529 | plaintext, |
2530 | &plaintextLen); |
2531 | if (crv != CKR_OK0x00000000UL) { |
2532 | PKM_Error("C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv, |
2533 | PKM_CK_RVtoStr(crv)); |
2534 | return crv; |
2535 | } |
2536 | lastLen = sizeof(plaintext) - plaintextLen; |
2537 | |
2538 | crv = pFunctionList->C_DecryptFinal(hSession, |
2539 | (CK_BYTE *)&plaintext[plaintextLen], |
2540 | &lastLen); |
2541 | if (crv != CKR_OK0x00000000UL) { |
2542 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, |
2543 | PKM_CK_RVtoStr(crv)); |
2544 | return crv; |
2545 | } |
2546 | plaintextLen = plaintextLen + lastLen; |
2547 | |
2548 | ulDigestLen = sizeof(dDigest); |
2549 | crv = pFunctionList->C_DigestFinal(hSession, dDigest, &ulDigestLen); |
2550 | if (crv != CKR_OK0x00000000UL) { |
2551 | PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv, |
2552 | PKM_CK_RVtoStr(crv)); |
2553 | return crv; |
2554 | } |
2555 | |
2556 | if (plaintextLen != pDataLen) { |
2557 | PKM_Error("plaintextLen is %lu\n", plaintextLen); |
2558 | return crv; |
2559 | } |
2560 | |
2561 | if (verbose) { |
2562 | printf("plaintext = "); |
2563 | for (i = 0; i < plaintextLen; i++) { |
2564 | printf("%02x", (unsigned)plaintext[i]); |
2565 | } |
2566 | printf("\n"); |
2567 | printf("dDigest = "); |
2568 | for (i = 0; i < ulDigestLen; i++) { |
2569 | printf("%02x", (unsigned)dDigest[i]); |
2570 | } |
2571 | printf("\n"); |
2572 | } |
2573 | |
2574 | if (memcmp(eDigest, dDigest, ulDigestLen) == 0) { |
2575 | PKM_LogIt("Encrypted Digest equals Decrypted Digest\n"); |
2576 | } else { |
2577 | PKM_Error("Digests don't match\n"); |
2578 | } |
2579 | |
2580 | if ((plaintextLen == pDataLen) && |
2581 | (memcmp(plaintext, pData, pDataLen)) == 0) { |
2582 | PKM_LogIt("DualFuncDigest decrypt test case passed\n"); |
2583 | } else { |
2584 | PKM_Error("DualFuncDigest derypt test case failed\n"); |
2585 | } |
2586 | |
2587 | return crv; |
2588 | } |
2589 | |
2590 | /* |
2591 | * PKM_SecKeyCrypt - Symmetric key encrypt/decyprt |
2592 | * |
2593 | */ |
2594 | |
2595 | CK_RV |
2596 | PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList, |
2597 | CK_SESSION_HANDLE hSession, |
2598 | CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech, |
2599 | const CK_BYTE *pData, CK_ULONG dataLen) |
2600 | { |
2601 | CK_RV crv = CKR_OK0x00000000UL; |
2602 | |
2603 | CK_BYTE cipher1[MAX_CIPHER_SZ128]; |
2604 | CK_BYTE cipher2[MAX_CIPHER_SZ128]; |
2605 | CK_BYTE data1[MAX_DATA_SZ64]; |
2606 | CK_BYTE data2[MAX_DATA_SZ64]; |
2607 | CK_ULONG cipher1Len = 0, cipher2Len = 0, lastLen = 0; |
2608 | CK_ULONG data1Len = 0, data2Len = 0; |
2609 | |
2610 | NUMTESTS++; /* increment NUMTESTS */ |
2611 | |
2612 | memset(cipher1, 0, sizeof(cipher1)); |
2613 | memset(cipher2, 0, sizeof(cipher2)); |
2614 | memset(data1, 0, sizeof(data1)); |
2615 | memset(data2, 0, sizeof(data2)); |
2616 | |
2617 | /* C_Encrypt */ |
2618 | crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey); |
2619 | if (crv != CKR_OK0x00000000UL) { |
2620 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, |
2621 | PKM_CK_RVtoStr(crv)); |
2622 | return crv; |
2623 | } |
2624 | cipher1Len = sizeof(cipher1); |
2625 | crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)pData, dataLen, |
2626 | cipher1, &cipher1Len); |
2627 | if (crv != CKR_OK0x00000000UL) { |
2628 | PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv, |
2629 | PKM_CK_RVtoStr(crv)); |
2630 | return crv; |
2631 | } |
2632 | |
2633 | /* C_EncryptUpdate */ |
2634 | crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey); |
2635 | if (crv != CKR_OK0x00000000UL) { |
2636 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, |
2637 | PKM_CK_RVtoStr(crv)); |
2638 | return crv; |
2639 | } |
2640 | cipher2Len = sizeof(cipher2); |
2641 | crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)pData, |
2642 | dataLen, |
2643 | cipher2, &cipher2Len); |
2644 | if (crv != CKR_OK0x00000000UL) { |
2645 | PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv, |
2646 | PKM_CK_RVtoStr(crv)); |
2647 | return crv; |
2648 | } |
2649 | lastLen = sizeof(cipher2) - cipher2Len; |
2650 | |
2651 | crv = pFunctionList->C_EncryptFinal(hSession, |
2652 | (CK_BYTE *)&cipher2[cipher2Len], |
2653 | &lastLen); |
2654 | cipher2Len = cipher2Len + lastLen; |
2655 | |
2656 | if ((cipher1Len == cipher2Len) && |
2657 | (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0)) { |
2658 | PKM_LogIt("encrypt test case passed\n"); |
2659 | } else { |
2660 | PKM_Error("encrypt test case failed\n"); |
2661 | return CKR_GENERAL_ERROR0x00000005UL; |
2662 | } |
2663 | |
2664 | /* C_Decrypt */ |
2665 | crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey); |
2666 | if (crv != CKR_OK0x00000000UL) { |
2667 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2668 | PKM_CK_RVtoStr(crv)); |
2669 | return crv; |
2670 | } |
2671 | data1Len = sizeof(data1); |
2672 | crv = pFunctionList->C_Decrypt(hSession, cipher1, cipher1Len, |
2673 | data1, &data1Len); |
2674 | if (crv != CKR_OK0x00000000UL) { |
2675 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2676 | PKM_CK_RVtoStr(crv)); |
2677 | return crv; |
2678 | } |
2679 | /* now use C_DecryptUpdate the text */ |
2680 | crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey); |
2681 | if (crv != CKR_OK0x00000000UL) { |
2682 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2683 | PKM_CK_RVtoStr(crv)); |
2684 | return crv; |
2685 | } |
2686 | data2Len = sizeof(data2); |
2687 | crv = pFunctionList->C_DecryptUpdate(hSession, cipher2, |
2688 | cipher2Len, |
2689 | data2, &data2Len); |
2690 | if (crv != CKR_OK0x00000000UL) { |
2691 | PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv, |
2692 | PKM_CK_RVtoStr(crv)); |
2693 | return crv; |
2694 | } |
2695 | lastLen = sizeof(data2) - data2Len; |
2696 | crv = pFunctionList->C_DecryptFinal(hSession, |
2697 | (CK_BYTE *)&data2[data2Len], |
2698 | &lastLen); |
2699 | if (crv != CKR_OK0x00000000UL) { |
2700 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, |
2701 | PKM_CK_RVtoStr(crv)); |
2702 | return crv; |
2703 | } |
2704 | data2Len = data2Len + lastLen; |
2705 | |
2706 | /* Comparison of Decrypt data */ |
2707 | |
2708 | if ((data1Len == data2Len) && (dataLen == data1Len) && |
2709 | (memcmp(data1, pData, dataLen) == 0) && |
2710 | (memcmp(data2, pData, dataLen) == 0)) { |
2711 | PKM_LogIt("decrypt test case passed\n"); |
2712 | } else { |
2713 | PKM_Error("derypt test case failed\n"); |
2714 | } |
2715 | |
2716 | return crv; |
2717 | } |
2718 | |
2719 | CK_RV |
2720 | PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, |
2721 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
2722 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
2723 | { |
2724 | CK_SESSION_HANDLE hSession; |
2725 | CK_RV crv = CKR_OK0x00000000UL; |
2726 | CK_MECHANISM sAESKeyMech = { |
2727 | CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0 |
2728 | }; |
2729 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; |
2730 | CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL; |
2731 | CK_UTF8CHAR AESlabel[] = "An AES secret key object"; |
2732 | CK_ULONG AESvalueLen = 16; |
2733 | CK_ATTRIBUTE sAESKeyTemplate[9]; |
2734 | CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE0; |
2735 | |
2736 | CK_BYTE KEY[16]; |
2737 | CK_BYTE IV[16]; |
2738 | static const CK_BYTE CIPHERTEXT[] = { |
2739 | 0x7e, 0x6a, 0x3f, 0x3b, 0x39, 0x3c, 0xf2, 0x4b, |
2740 | 0xce, 0xcc, 0x23, 0x6d, 0x80, 0xfd, 0xe0, 0xff |
2741 | }; |
2742 | CK_BYTE ciphertext[64]; |
2743 | CK_BYTE ciphertext2[64]; |
2744 | CK_ULONG ciphertextLen, ciphertext2Len, lastLen; |
2745 | CK_BYTE plaintext[32]; |
2746 | CK_BYTE plaintext2[32]; |
2747 | CK_ULONG plaintextLen, plaintext2Len; |
2748 | CK_BYTE wrappedKey[16]; |
2749 | CK_ULONG wrappedKeyLen; |
2750 | CK_MECHANISM aesEcbMech = { |
2751 | CKM_AES_ECB0x00001081UL, NULL((void*)0), 0 |
2752 | }; |
2753 | CK_OBJECT_HANDLE hTestKey; |
2754 | CK_MECHANISM mech_AES_CBC; |
2755 | |
2756 | NUMTESTS++; /* increment NUMTESTS */ |
2757 | |
2758 | memset(ciphertext, 0, sizeof(ciphertext)); |
2759 | memset(ciphertext2, 0, sizeof(ciphertext2)); |
2760 | memset(IV, 0x00, sizeof(IV)); |
2761 | memset(KEY, 0x00, sizeof(KEY)); |
2762 | |
2763 | mech_AES_CBC.mechanism = CKM_AES_CBC0x00001082UL; |
2764 | mech_AES_CBC.pParameter = IV; |
2765 | mech_AES_CBC.ulParameterLen = sizeof(IV); |
2766 | |
2767 | /* AES key template */ |
2768 | sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL; |
2769 | sAESKeyTemplate[0].pValue = &class; |
2770 | sAESKeyTemplate[0].ulValueLen = sizeof(class); |
2771 | sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; |
2772 | sAESKeyTemplate[1].pValue = &keyAESType; |
2773 | sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType); |
2774 | sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL; |
2775 | sAESKeyTemplate[2].pValue = AESlabel; |
2776 | sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1; |
2777 | sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; |
2778 | sAESKeyTemplate[3].pValue = &true; |
2779 | sAESKeyTemplate[3].ulValueLen = sizeof(true); |
2780 | sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL; |
2781 | sAESKeyTemplate[4].pValue = &true; |
2782 | sAESKeyTemplate[4].ulValueLen = sizeof(true); |
2783 | sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL; |
2784 | sAESKeyTemplate[5].pValue = &true; |
2785 | sAESKeyTemplate[5].ulValueLen = sizeof(true); |
2786 | sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL; |
2787 | sAESKeyTemplate[6].pValue = &true; |
2788 | sAESKeyTemplate[6].ulValueLen = sizeof(true); |
2789 | sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL; |
2790 | sAESKeyTemplate[7].pValue = &true; |
2791 | sAESKeyTemplate[7].ulValueLen = sizeof(true); |
2792 | sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; |
2793 | sAESKeyTemplate[8].pValue = &AESvalueLen; |
2794 | sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen); |
2795 | |
2796 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
2797 | NULL((void*)0), NULL((void*)0), &hSession); |
2798 | if (crv != CKR_OK0x00000000UL) { |
2799 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
2800 | PKM_CK_RVtoStr(crv)); |
2801 | return crv; |
2802 | } |
2803 | |
2804 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
2805 | if (crv == CKR_OK0x00000000UL) { |
2806 | PKM_LogIt("C_Login with correct password succeeded\n"); |
2807 | } else { |
2808 | PKM_Error("C_Login with correct password failed " |
2809 | "with 0x%08X, %-26s\n", |
2810 | crv, PKM_CK_RVtoStr(crv)); |
2811 | return crv; |
2812 | } |
2813 | |
2814 | PKM_LogIt("Generate an AES key ... \n"); |
2815 | /* generate an AES Secret Key */ |
2816 | crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech, |
2817 | sAESKeyTemplate, |
2818 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), |
2819 | &hKey); |
2820 | if (crv == CKR_OK0x00000000UL) { |
2821 | PKM_LogIt("C_GenerateKey AES succeeded\n"); |
2822 | } else { |
2823 | PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n", |
2824 | crv, PKM_CK_RVtoStr(crv)); |
2825 | return crv; |
2826 | } |
2827 | |
2828 | crv = pFunctionList->C_EncryptInit(hSession, &aesEcbMech, hKey); |
2829 | if (crv != CKR_OK0x00000000UL) { |
2830 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, |
2831 | PKM_CK_RVtoStr(crv)); |
2832 | return crv; |
2833 | } |
2834 | wrappedKeyLen = sizeof(wrappedKey); |
2835 | crv = pFunctionList->C_Encrypt(hSession, KEY, sizeof(KEY), |
2836 | wrappedKey, &wrappedKeyLen); |
2837 | if (crv != CKR_OK0x00000000UL) { |
2838 | PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv, |
2839 | PKM_CK_RVtoStr(crv)); |
2840 | return crv; |
2841 | } |
2842 | if (wrappedKeyLen != sizeof(wrappedKey)) { |
2843 | PKM_Error("wrappedKeyLen is %lu\n", wrappedKeyLen); |
2844 | return crv; |
2845 | } |
2846 | /* Import an encrypted key */ |
2847 | crv = pFunctionList->C_UnwrapKey(hSession, &aesEcbMech, hKey, |
2848 | wrappedKey, wrappedKeyLen, |
2849 | sAESKeyTemplate, |
2850 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), |
2851 | &hTestKey); |
2852 | if (crv != CKR_OK0x00000000UL) { |
2853 | PKM_Error("C_UnwraPKey failed with 0x%08X, %-26s\n", crv, |
2854 | PKM_CK_RVtoStr(crv)); |
2855 | return crv; |
2856 | } |
2857 | /* AES Encrypt the text */ |
2858 | crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey); |
2859 | if (crv != CKR_OK0x00000000UL) { |
2860 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, |
2861 | PKM_CK_RVtoStr(crv)); |
2862 | return crv; |
2863 | } |
2864 | ciphertextLen = sizeof(ciphertext); |
2865 | crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)PLAINTEXT, |
2866 | sizeof(PLAINTEXT), |
2867 | ciphertext, &ciphertextLen); |
2868 | if (crv != CKR_OK0x00000000UL) { |
2869 | PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv, |
2870 | PKM_CK_RVtoStr(crv)); |
2871 | return crv; |
2872 | } |
2873 | |
2874 | if ((ciphertextLen == sizeof(CIPHERTEXT)) && |
2875 | (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) { |
2876 | PKM_LogIt("AES CBCVarKey128 encrypt test case 1 passed\n"); |
2877 | } else { |
2878 | PKM_Error("AES CBCVarKey128 encrypt test case 1 failed\n"); |
2879 | return crv; |
2880 | } |
2881 | |
2882 | /* now use EncryptUpdate the text */ |
2883 | crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey); |
2884 | if (crv != CKR_OK0x00000000UL) { |
2885 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, |
2886 | PKM_CK_RVtoStr(crv)); |
2887 | return crv; |
2888 | } |
2889 | ciphertext2Len = sizeof(ciphertext2); |
2890 | crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)PLAINTEXT, |
2891 | sizeof(PLAINTEXT), |
2892 | ciphertext2, &ciphertext2Len); |
2893 | if (crv != CKR_OK0x00000000UL) { |
2894 | PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv, |
2895 | PKM_CK_RVtoStr(crv)); |
2896 | return crv; |
2897 | } |
2898 | lastLen = sizeof(ciphertext2) - ciphertext2Len; |
2899 | |
2900 | crv = pFunctionList->C_EncryptFinal(hSession, |
2901 | (CK_BYTE *)&ciphertext2[ciphertext2Len], |
2902 | &lastLen); |
2903 | ciphertext2Len = ciphertext2Len + lastLen; |
2904 | |
2905 | if ((ciphertextLen == ciphertext2Len) && |
2906 | (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) && |
2907 | (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) { |
2908 | PKM_LogIt("AES CBCVarKey128 encrypt test case 2 passed\n"); |
2909 | } else { |
2910 | PKM_Error("AES CBCVarKey128 encrypt test case 2 failed\n"); |
2911 | return CKR_GENERAL_ERROR0x00000005UL; |
2912 | } |
2913 | |
2914 | /* AES CBC Decrypt the text */ |
2915 | crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey); |
2916 | if (crv != CKR_OK0x00000000UL) { |
2917 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2918 | PKM_CK_RVtoStr(crv)); |
2919 | return crv; |
2920 | } |
2921 | plaintextLen = sizeof(plaintext); |
2922 | crv = pFunctionList->C_Decrypt(hSession, ciphertext, ciphertextLen, |
2923 | plaintext, &plaintextLen); |
2924 | if (crv != CKR_OK0x00000000UL) { |
2925 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2926 | PKM_CK_RVtoStr(crv)); |
2927 | return crv; |
2928 | } |
2929 | if ((plaintextLen == sizeof(PLAINTEXT)) && |
2930 | (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) { |
2931 | PKM_LogIt("AES CBCVarKey128 decrypt test case 1 passed\n"); |
2932 | } else { |
2933 | PKM_Error("AES CBCVarKey128 derypt test case 1 failed\n"); |
2934 | } |
2935 | /* now use DecryptUpdate the text */ |
2936 | crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey); |
2937 | if (crv != CKR_OK0x00000000UL) { |
2938 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
2939 | PKM_CK_RVtoStr(crv)); |
2940 | return crv; |
2941 | } |
2942 | plaintext2Len = sizeof(plaintext2); |
2943 | crv = pFunctionList->C_DecryptUpdate(hSession, ciphertext2, |
2944 | ciphertext2Len, |
2945 | plaintext2, &plaintext2Len); |
2946 | if (crv != CKR_OK0x00000000UL) { |
2947 | PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv, |
2948 | PKM_CK_RVtoStr(crv)); |
2949 | return crv; |
2950 | } |
2951 | lastLen = sizeof(plaintext2) - plaintext2Len; |
2952 | crv = pFunctionList->C_DecryptFinal(hSession, |
Value stored to 'crv' is never read | |
2953 | (CK_BYTE *)&plaintext2[plaintext2Len], |
2954 | &lastLen); |
2955 | plaintext2Len = plaintext2Len + lastLen; |
2956 | |
2957 | if ((plaintextLen == plaintext2Len) && |
2958 | (memcmp(plaintext, plaintext2, plaintext2Len) == 0) && |
2959 | (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) { |
2960 | PKM_LogIt("AES CBCVarKey128 decrypt test case 2 passed\n"); |
2961 | } else { |
2962 | PKM_Error("AES CBCVarKey128 decrypt test case 2 failed\n"); |
2963 | return CKR_GENERAL_ERROR0x00000005UL; |
2964 | } |
2965 | |
2966 | crv = pFunctionList->C_Logout(hSession); |
2967 | if (crv == CKR_OK0x00000000UL) { |
2968 | PKM_LogIt("C_Logout succeeded\n"); |
2969 | } else { |
2970 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
2971 | PKM_CK_RVtoStr(crv)); |
2972 | return crv; |
2973 | } |
2974 | crv = pFunctionList->C_CloseSession(hSession); |
2975 | if (crv != CKR_OK0x00000000UL) { |
2976 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
2977 | PKM_CK_RVtoStr(crv)); |
2978 | return crv; |
2979 | } |
2980 | |
2981 | return crv; |
2982 | } |
2983 | |
2984 | CK_RV |
2985 | PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList, |
2986 | CK_SESSION_HANDLE hRwSession, |
2987 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, |
2988 | CK_MECHANISM *signMech, const CK_BYTE *pData, |
2989 | CK_ULONG pDataLen) |
2990 | { |
2991 | CK_RV crv = CKR_OK0x00000000UL; |
2992 | CK_BYTE sig[MAX_SIG_SZ128]; |
2993 | CK_ULONG sigLen = 0; |
2994 | |
2995 | NUMTESTS++; /* increment NUMTESTS */ |
2996 | memset(sig, 0, sizeof(sig)); |
2997 | |
2998 | /* C_Sign */ |
2999 | crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey); |
3000 | if (crv != CKR_OK0x00000000UL) { |
3001 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, |
3002 | PKM_CK_RVtoStr(crv)); |
3003 | return crv; |
3004 | } |
3005 | sigLen = sizeof(sig); |
3006 | crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)pData, pDataLen, |
3007 | sig, &sigLen); |
3008 | if (crv != CKR_OK0x00000000UL) { |
3009 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, |
3010 | PKM_CK_RVtoStr(crv)); |
3011 | return crv; |
3012 | } |
3013 | |
3014 | /* C_Verify the signature */ |
3015 | crv = pFunctionList->C_VerifyInit(hRwSession, signMech, hPubKey); |
3016 | if (crv != CKR_OK0x00000000UL) { |
3017 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
3018 | PKM_CK_RVtoStr(crv)); |
3019 | return crv; |
3020 | } |
3021 | crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE *)pData, pDataLen, |
3022 | sig, sigLen); |
3023 | if (crv == CKR_OK0x00000000UL) { |
3024 | PKM_LogIt("C_Verify succeeded\n"); |
3025 | } else { |
3026 | PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv, |
3027 | PKM_CK_RVtoStr(crv)); |
3028 | return crv; |
3029 | } |
3030 | |
3031 | /* Check that the mechanism is Multi-part */ |
3032 | if (signMech->mechanism == CKM_DSA0x00000011UL || |
3033 | signMech->mechanism == CKM_RSA_PKCS0x00000001UL) { |
3034 | return crv; |
3035 | } |
3036 | |
3037 | memset(sig, 0, sizeof(sig)); |
3038 | /* SignUpdate */ |
3039 | crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey); |
3040 | if (crv != CKR_OK0x00000000UL) { |
3041 | PKM_Error("C_SignInit failed with 0x%08lX %-26s\n", crv, |
3042 | PKM_CK_RVtoStr(crv)); |
3043 | return crv; |
3044 | } |
3045 | crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE *)pData, pDataLen); |
3046 | if (crv != CKR_OK0x00000000UL) { |
3047 | PKM_Error("C_Sign failed with 0x%08lX %-26s\n", crv, |
3048 | PKM_CK_RVtoStr(crv)); |
3049 | return crv; |
3050 | } |
3051 | |
3052 | sigLen = sizeof(sig); |
3053 | crv = pFunctionList->C_SignFinal(hRwSession, sig, &sigLen); |
3054 | if (crv != CKR_OK0x00000000UL) { |
3055 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, |
3056 | PKM_CK_RVtoStr(crv)); |
3057 | return crv; |
3058 | } |
3059 | |
3060 | /* C_VerifyUpdate the signature */ |
3061 | crv = pFunctionList->C_VerifyInit(hRwSession, signMech, |
3062 | hPubKey); |
3063 | if (crv != CKR_OK0x00000000UL) { |
3064 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
3065 | PKM_CK_RVtoStr(crv)); |
3066 | return crv; |
3067 | } |
3068 | crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE *)pData, |
3069 | pDataLen); |
3070 | if (crv != CKR_OK0x00000000UL) { |
3071 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, |
3072 | PKM_CK_RVtoStr(crv)); |
3073 | return crv; |
3074 | } |
3075 | crv = pFunctionList->C_VerifyFinal(hRwSession, sig, sigLen); |
3076 | if (crv == CKR_OK0x00000000UL) { |
3077 | PKM_LogIt("C_VerifyFinal succeeded\n"); |
3078 | } else { |
3079 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, |
3080 | PKM_CK_RVtoStr(crv)); |
3081 | return crv; |
3082 | } |
3083 | return crv; |
3084 | } |
3085 | |
3086 | CK_RV |
3087 | PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, |
3088 | CK_SLOT_ID *pSlotList, |
3089 | CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, |
3090 | CK_ULONG pwdLen) |
3091 | { |
3092 | CK_SESSION_HANDLE hSession; |
3093 | CK_RV crv = CKR_OK0x00000000UL; |
3094 | |
3095 | /*** DSA Key ***/ |
3096 | CK_MECHANISM dsaParamGenMech; |
3097 | CK_ULONG primeBits = 1024; |
3098 | CK_ATTRIBUTE dsaParamGenTemplate[1]; |
3099 | CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE0; |
3100 | CK_BYTE DSA_P[128]; |
3101 | CK_BYTE DSA_Q[20]; |
3102 | CK_BYTE DSA_G[128]; |
3103 | CK_MECHANISM dsaKeyPairGenMech; |
3104 | CK_ATTRIBUTE dsaPubKeyTemplate[5]; |
3105 | CK_ATTRIBUTE dsaPrivKeyTemplate[5]; |
3106 | CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE0; |
3107 | CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE0; |
3108 | |
3109 | /* From SHA1ShortMsg.req, Len = 136 */ |
3110 | CK_BYTE MSG[] = { |
3111 | 0xba, 0x33, 0x95, 0xfb, |
3112 | 0x5a, 0xfa, 0x8e, 0x6a, |
3113 | 0x43, 0xdf, 0x41, 0x6b, |
3114 | 0x32, 0x7b, 0x74, 0xfa, |
3115 | 0x44 |
3116 | }; |
3117 | CK_BYTE MD[] = { |
3118 | 0xf7, 0x5d, 0x92, 0xa4, |
3119 | 0xbb, 0x4d, 0xec, 0xc3, |
3120 | 0x7c, 0x5c, 0x72, 0xfa, |
3121 | 0x04, 0x75, 0x71, 0x0a, |
3122 | 0x06, 0x75, 0x8c, 0x1d |
3123 | }; |
3124 | |
3125 | CK_BYTE sha1Digest[20]; |
3126 | CK_ULONG sha1DigestLen; |
3127 | CK_BYTE dsaSig[40]; |
3128 | CK_ULONG dsaSigLen; |
3129 | CK_MECHANISM sha1Mech = { |
3130 | CKM_SHA_10x00000220UL, NULL((void*)0), 0 |
3131 | }; |
3132 | CK_MECHANISM dsaMech = { |
3133 | CKM_DSA0x00000011UL, NULL((void*)0), 0 |
3134 | }; |
3135 | CK_MECHANISM dsaWithSha1Mech = { |
3136 | CKM_DSA_SHA10x00000012UL, NULL((void*)0), 0 |
3137 | }; |
3138 | |
3139 | NUMTESTS++; /* increment NUMTESTS */ |
3140 | |
3141 | /* DSA key init */ |
3142 | dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN0x00002000UL; |
3143 | dsaParamGenMech.pParameter = NULL_PTR0; |
3144 | dsaParamGenMech.ulParameterLen = 0; |
3145 | dsaParamGenTemplate[0].type = CKA_PRIME_BITS0x00000133UL; |
3146 | dsaParamGenTemplate[0].pValue = &primeBits; |
3147 | dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits); |
3148 | dsaPubKeyTemplate[0].type = CKA_PRIME0x00000130UL; |
3149 | dsaPubKeyTemplate[0].pValue = DSA_P; |
3150 | dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P); |
3151 | dsaPubKeyTemplate[1].type = CKA_SUBPRIME0x00000131UL; |
3152 | dsaPubKeyTemplate[1].pValue = DSA_Q; |
3153 | dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q); |
3154 | dsaPubKeyTemplate[2].type = CKA_BASE0x00000132UL; |
3155 | dsaPubKeyTemplate[2].pValue = DSA_G; |
3156 | dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G); |
3157 | dsaPubKeyTemplate[3].type = CKA_TOKEN0x00000001UL; |
3158 | dsaPubKeyTemplate[3].pValue = &true; |
3159 | dsaPubKeyTemplate[3].ulValueLen = sizeof(true); |
3160 | dsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL; |
3161 | dsaPubKeyTemplate[4].pValue = &true; |
3162 | dsaPubKeyTemplate[4].ulValueLen = sizeof(true); |
3163 | dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN0x00000010UL; |
3164 | dsaKeyPairGenMech.pParameter = NULL_PTR0; |
3165 | dsaKeyPairGenMech.ulParameterLen = 0; |
3166 | dsaPrivKeyTemplate[0].type = CKA_TOKEN0x00000001UL; |
3167 | dsaPrivKeyTemplate[0].pValue = &true; |
3168 | dsaPrivKeyTemplate[0].ulValueLen = sizeof(true); |
3169 | dsaPrivKeyTemplate[1].type = CKA_PRIVATE0x00000002UL; |
3170 | dsaPrivKeyTemplate[1].pValue = &true; |
3171 | dsaPrivKeyTemplate[1].ulValueLen = sizeof(true); |
3172 | dsaPrivKeyTemplate[2].type = CKA_SENSITIVE0x00000103UL; |
3173 | dsaPrivKeyTemplate[2].pValue = &true; |
3174 | dsaPrivKeyTemplate[2].ulValueLen = sizeof(true); |
3175 | dsaPrivKeyTemplate[3].type = CKA_SIGN0x00000108UL, |
3176 | dsaPrivKeyTemplate[3].pValue = &true; |
3177 | dsaPrivKeyTemplate[3].ulValueLen = sizeof(true); |
3178 | dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE0x00000162UL; |
3179 | dsaPrivKeyTemplate[4].pValue = &true; |
3180 | dsaPrivKeyTemplate[4].ulValueLen = sizeof(true); |
3181 | |
3182 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], |
3183 | CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL, |
3184 | NULL((void*)0), NULL((void*)0), &hSession); |
3185 | if (crv != CKR_OK0x00000000UL) { |
3186 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
3187 | PKM_CK_RVtoStr(crv)); |
3188 | return crv; |
3189 | } |
3190 | |
3191 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
3192 | if (crv == CKR_OK0x00000000UL) { |
3193 | PKM_LogIt("C_Login with correct password succeeded\n"); |
3194 | } else { |
3195 | PKM_Error("C_Login with correct password failed " |
3196 | "with 0x%08X, %-26s\n", |
3197 | crv, PKM_CK_RVtoStr(crv)); |
3198 | return crv; |
3199 | } |
3200 | |
3201 | PKM_LogIt("Generate DSA PQG domain parameters ... \n"); |
3202 | /* Generate DSA domain parameters PQG */ |
3203 | crv = pFunctionList->C_GenerateKey(hSession, &dsaParamGenMech, |
3204 | dsaParamGenTemplate, |
3205 | 1, |
3206 | &hDsaParams); |
3207 | if (crv == CKR_OK0x00000000UL) { |
3208 | PKM_LogIt("DSA domain parameter generation succeeded\n"); |
3209 | } else { |
3210 | PKM_Error("DSA domain parameter generation failed " |
3211 | "with 0x%08X, %-26s\n", |
3212 | crv, PKM_CK_RVtoStr(crv)); |
3213 | return crv; |
3214 | } |
3215 | crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams, |
3216 | dsaPubKeyTemplate, 3); |
3217 | if (crv == CKR_OK0x00000000UL) { |
3218 | PKM_LogIt("Getting DSA domain parameters succeeded\n"); |
3219 | } else { |
3220 | PKM_Error("Getting DSA domain parameters failed " |
3221 | "with 0x%08X, %-26s\n", |
3222 | crv, PKM_CK_RVtoStr(crv)); |
3223 | return crv; |
3224 | } |
3225 | crv = pFunctionList->C_DestroyObject(hSession, hDsaParams); |
3226 | if (crv == CKR_OK0x00000000UL) { |
3227 | PKM_LogIt("Destroying DSA domain parameters succeeded\n"); |
3228 | } else { |
3229 | PKM_Error("Destroying DSA domain parameters failed " |
3230 | "with 0x%08X, %-26s\n", |
3231 | crv, PKM_CK_RVtoStr(crv)); |
3232 | return crv; |
3233 | } |
3234 | |
3235 | PKM_LogIt("Generate a DSA key pair ... \n"); |
3236 | /* Generate a persistent DSA key pair */ |
3237 | crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech, |
3238 | dsaPubKeyTemplate, |
3239 | NUM_ELEM(dsaPubKeyTemplate)(sizeof(dsaPubKeyTemplate) / sizeof(dsaPubKeyTemplate[0])), |
3240 | dsaPrivKeyTemplate, |
3241 | NUM_ELEM(dsaPrivKeyTemplate)(sizeof(dsaPrivKeyTemplate) / sizeof(dsaPrivKeyTemplate[0])), |
3242 | &hDSApubKey, &hDSAprivKey); |
3243 | if (crv == CKR_OK0x00000000UL) { |
3244 | PKM_LogIt("DSA key pair generation succeeded\n"); |
3245 | } else { |
3246 | PKM_Error("DSA key pair generation failed " |
3247 | "with 0x%08X, %-26s\n", |
3248 | crv, PKM_CK_RVtoStr(crv)); |
3249 | return crv; |
3250 | } |
3251 | |
3252 | /* Compute SHA-1 digest */ |
3253 | crv = pFunctionList->C_DigestInit(hSession, &sha1Mech); |
3254 | if (crv != CKR_OK0x00000000UL) { |
3255 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, |
3256 | PKM_CK_RVtoStr(crv)); |
3257 | return crv; |
3258 | } |
3259 | sha1DigestLen = sizeof(sha1Digest); |
3260 | crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG), |
3261 | sha1Digest, &sha1DigestLen); |
3262 | if (crv != CKR_OK0x00000000UL) { |
3263 | PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv, |
3264 | PKM_CK_RVtoStr(crv)); |
3265 | return crv; |
3266 | } |
3267 | if (sha1DigestLen != sizeof(sha1Digest)) { |
3268 | PKM_Error("sha1DigestLen is %lu\n", sha1DigestLen); |
3269 | return crv; |
3270 | } |
3271 | |
3272 | if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) { |
3273 | PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n"); |
3274 | } else { |
3275 | PKM_Error("SHA-1 SHA1ShortMsg test case Len = 136 failed\n"); |
3276 | } |
3277 | |
3278 | crv = PKM_PubKeySign(pFunctionList, hSession, |
3279 | hDSApubKey, hDSAprivKey, |
3280 | &dsaMech, sha1Digest, sizeof(sha1Digest)); |
3281 | if (crv == CKR_OK0x00000000UL) { |
3282 | PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n"); |
3283 | } else { |
3284 | PKM_Error("PKM_PubKeySign failed " |
3285 | "with 0x%08X, %-26s\n", |
3286 | crv, PKM_CK_RVtoStr(crv)); |
3287 | return crv; |
3288 | } |
3289 | crv = PKM_PubKeySign(pFunctionList, hSession, |
3290 | hDSApubKey, hDSAprivKey, |
3291 | &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT)); |
3292 | if (crv == CKR_OK0x00000000UL) { |
3293 | PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n"); |
3294 | } else { |
3295 | PKM_Error("PKM_PubKeySign failed " |
3296 | "with 0x%08X, %-26s\n", |
3297 | crv, PKM_CK_RVtoStr(crv)); |
3298 | return crv; |
3299 | } |
3300 | |
3301 | /* Sign with DSA */ |
3302 | crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey); |
3303 | if (crv != CKR_OK0x00000000UL) { |
3304 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, |
3305 | PKM_CK_RVtoStr(crv)); |
3306 | return crv; |
3307 | } |
3308 | dsaSigLen = sizeof(dsaSig); |
3309 | crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen, |
3310 | dsaSig, &dsaSigLen); |
3311 | if (crv != CKR_OK0x00000000UL) { |
3312 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, |
3313 | PKM_CK_RVtoStr(crv)); |
3314 | return crv; |
3315 | } |
3316 | |
3317 | /* Verify the DSA signature */ |
3318 | crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey); |
3319 | if (crv != CKR_OK0x00000000UL) { |
3320 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
3321 | PKM_CK_RVtoStr(crv)); |
3322 | return crv; |
3323 | } |
3324 | crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen, |
3325 | dsaSig, dsaSigLen); |
3326 | if (crv == CKR_OK0x00000000UL) { |
3327 | PKM_LogIt("C_Verify succeeded\n"); |
3328 | } else { |
3329 | PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv, |
3330 | PKM_CK_RVtoStr(crv)); |
3331 | return crv; |
3332 | } |
3333 | |
3334 | /* Verify the signature in a different way */ |
3335 | crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech, |
3336 | hDSApubKey); |
3337 | if (crv != CKR_OK0x00000000UL) { |
3338 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
3339 | PKM_CK_RVtoStr(crv)); |
3340 | return crv; |
3341 | } |
3342 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1); |
3343 | if (crv != CKR_OK0x00000000UL) { |
3344 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, |
3345 | PKM_CK_RVtoStr(crv)); |
3346 | return crv; |
3347 | } |
3348 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1); |
3349 | if (crv != CKR_OK0x00000000UL) { |
3350 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, |
3351 | PKM_CK_RVtoStr(crv)); |
3352 | return crv; |
3353 | } |
3354 | crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen); |
3355 | if (crv == CKR_OK0x00000000UL) { |
3356 | PKM_LogIt("C_VerifyFinal succeeded\n"); |
3357 | } else { |
3358 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, |
3359 | PKM_CK_RVtoStr(crv)); |
3360 | return crv; |
3361 | } |
3362 | |
3363 | /* Verify the signature in a different way */ |
3364 | crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech, |
3365 | hDSApubKey); |
3366 | if (crv != CKR_OK0x00000000UL) { |
3367 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", |
3368 | crv, PKM_CK_RVtoStr(crv)); |
3369 | return crv; |
3370 | } |
3371 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1); |
3372 | if (crv != CKR_OK0x00000000UL) { |
3373 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", |
3374 | crv, PKM_CK_RVtoStr(crv)); |
3375 | return crv; |
3376 | } |
3377 | crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1); |
3378 | if (crv != CKR_OK0x00000000UL) { |
3379 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", |
3380 | crv, PKM_CK_RVtoStr(crv)); |
3381 | return crv; |
3382 | } |
3383 | crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen); |
3384 | if (crv == CKR_OK0x00000000UL) { |
3385 | PKM_LogIt("C_VerifyFinal of multi update succeeded.\n"); |
3386 | } else { |
3387 | PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n", |
3388 | crv, PKM_CK_RVtoStr(crv)); |
3389 | return crv; |
3390 | } |
3391 | /* Now modify the data */ |
3392 | MSG[0] += 1; |
3393 | /* Compute SHA-1 digest */ |
3394 | crv = pFunctionList->C_DigestInit(hSession, &sha1Mech); |
3395 | if (crv != CKR_OK0x00000000UL) { |
3396 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, |
3397 | PKM_CK_RVtoStr(crv)); |
3398 | return crv; |
3399 | } |
3400 | sha1DigestLen = sizeof(sha1Digest); |
3401 | crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG), |
3402 | sha1Digest, &sha1DigestLen); |
3403 | if (crv != CKR_OK0x00000000UL) { |
3404 | PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv, |
3405 | PKM_CK_RVtoStr(crv)); |
3406 | return crv; |
3407 | } |
3408 | crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey); |
3409 | if (crv != CKR_OK0x00000000UL) { |
3410 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
3411 | PKM_CK_RVtoStr(crv)); |
3412 | return crv; |
3413 | } |
3414 | crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen, |
3415 | dsaSig, dsaSigLen); |
3416 | if (crv != CKR_SIGNATURE_INVALID0x000000C0UL) { |
3417 | PKM_Error("C_Verify of modified data succeeded\n"); |
3418 | return crv; |
3419 | } else { |
3420 | PKM_LogIt("C_Verify of modified data returned as EXPECTED " |
3421 | " with 0x%08X, %-26s\n", |
3422 | crv, PKM_CK_RVtoStr(crv)); |
3423 | } |
3424 | |
3425 | crv = pFunctionList->C_Logout(hSession); |
3426 | if (crv == CKR_OK0x00000000UL) { |
3427 | PKM_LogIt("C_Logout succeeded\n"); |
3428 | } else { |
3429 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
3430 | PKM_CK_RVtoStr(crv)); |
3431 | return crv; |
3432 | } |
3433 | |
3434 | crv = pFunctionList->C_CloseSession(hSession); |
3435 | if (crv != CKR_OK0x00000000UL) { |
3436 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
3437 | PKM_CK_RVtoStr(crv)); |
3438 | return crv; |
3439 | } |
3440 | |
3441 | return crv; |
3442 | } |
3443 | |
3444 | CK_RV |
3445 | PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, |
3446 | CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech, |
3447 | const CK_BYTE *pData, CK_ULONG pDataLen) |
3448 | { |
3449 | |
3450 | CK_RV crv = CKR_OK0x00000000UL; |
3451 | |
3452 | CK_BYTE hmac1[HMAC_MAX_LENGTH64]; |
3453 | CK_ULONG hmac1Len = 0; |
3454 | CK_BYTE hmac2[HMAC_MAX_LENGTH64]; |
3455 | CK_ULONG hmac2Len = 0; |
3456 | |
3457 | memset(hmac1, 0, sizeof(hmac1)); |
3458 | memset(hmac2, 0, sizeof(hmac2)); |
3459 | |
3460 | NUMTESTS++; /* increment NUMTESTS */ |
3461 | |
3462 | crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey); |
3463 | if (crv == CKR_OK0x00000000UL) { |
3464 | PKM_LogIt("C_SignInit succeeded\n"); |
3465 | } else { |
3466 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, |
3467 | PKM_CK_RVtoStr(crv)); |
3468 | return crv; |
3469 | } |
3470 | |
3471 | hmac1Len = sizeof(hmac1); |
3472 | crv = pFunctionList->C_Sign(hSession, (CK_BYTE *)pData, |
3473 | pDataLen, |
3474 | (CK_BYTE *)hmac1, &hmac1Len); |
3475 | if (crv == CKR_OK0x00000000UL) { |
3476 | PKM_LogIt("C_Sign succeeded\n"); |
3477 | } else { |
3478 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, |
3479 | PKM_CK_RVtoStr(crv)); |
3480 | return crv; |
3481 | } |
3482 | |
3483 | crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey); |
3484 | if (crv == CKR_OK0x00000000UL) { |
3485 | PKM_LogIt("C_SignInit succeeded\n"); |
3486 | } else { |
3487 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, |
3488 | PKM_CK_RVtoStr(crv)); |
3489 | return crv; |
3490 | } |
3491 | |
3492 | crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE *)pData, |
3493 | pDataLen); |
3494 | if (crv == CKR_OK0x00000000UL) { |
3495 | PKM_LogIt("C_SignUpdate succeeded\n"); |
3496 | } else { |
3497 | PKM_Error("C_SignUpdate failed with 0x%08X, %-26s\n", crv, |
3498 | PKM_CK_RVtoStr(crv)); |
3499 | return crv; |
3500 | } |
3501 | |
3502 | hmac2Len = sizeof(hmac2); |
3503 | crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE *)hmac2, &hmac2Len); |
3504 | if (crv == CKR_OK0x00000000UL) { |
3505 | PKM_LogIt("C_SignFinal succeeded\n"); |
3506 | } else { |
3507 | PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv, |
3508 | PKM_CK_RVtoStr(crv)); |
3509 | return crv; |
3510 | } |
3511 | |
3512 | if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0)) { |
3513 | PKM_LogIt("hmacs are equal!\n"); |
3514 | } else { |
3515 | PKM_Error("hmacs are not equal!\n"); |
3516 | } |
3517 | crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey); |
3518 | if (crv != CKR_OK0x00000000UL) { |
3519 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
3520 | PKM_CK_RVtoStr(crv)); |
3521 | return crv; |
3522 | } |
3523 | crv = pFunctionList->C_Verify(hSession, (CK_BYTE *)pData, |
3524 | pDataLen, |
3525 | (CK_BYTE *)hmac2, hmac2Len); |
3526 | if (crv == CKR_OK0x00000000UL) { |
3527 | PKM_LogIt("C_Verify of hmac succeeded\n"); |
3528 | } else { |
3529 | PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv, |
3530 | PKM_CK_RVtoStr(crv)); |
3531 | return crv; |
3532 | } |
3533 | crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey); |
3534 | if (crv != CKR_OK0x00000000UL) { |
3535 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
3536 | PKM_CK_RVtoStr(crv)); |
3537 | return crv; |
3538 | } |
3539 | crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE *)pData, |
3540 | pDataLen); |
3541 | if (crv == CKR_OK0x00000000UL) { |
3542 | PKM_LogIt("C_VerifyUpdate of hmac succeeded\n"); |
3543 | } else { |
3544 | PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv, |
3545 | PKM_CK_RVtoStr(crv)); |
3546 | return crv; |
3547 | } |
3548 | crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE *)hmac1, |
3549 | hmac1Len); |
3550 | if (crv == CKR_OK0x00000000UL) { |
3551 | PKM_LogIt("C_VerifyFinal of hmac succeeded\n"); |
3552 | } else { |
3553 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, |
3554 | PKM_CK_RVtoStr(crv)); |
3555 | return crv; |
3556 | } |
3557 | return crv; |
3558 | } |
3559 | |
3560 | CK_RV |
3561 | PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, |
3562 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
3563 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
3564 | { |
3565 | CK_RV crv = CKR_OK0x00000000UL; |
3566 | |
3567 | CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0; |
3568 | CK_SESSION_INFO sinfo; |
3569 | CK_ATTRIBUTE_PTR pTemplate; |
3570 | CK_ULONG tnObjects = 0; |
3571 | int curMode; |
3572 | unsigned int i; |
3573 | unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); |
3574 | |
3575 | NUMTESTS++; /* increment NUMTESTS */ |
3576 | |
3577 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
3578 | NULL((void*)0), NULL((void*)0), &h); |
3579 | if (CKR_OK0x00000000UL != crv) { |
3580 | PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )" |
3581 | "returned 0x%08X, %-26s\n", |
3582 | pSlotList[slotID], crv, |
3583 | PKM_CK_RVtoStr(crv)); |
3584 | return crv; |
3585 | } |
3586 | |
3587 | PKM_LogIt(" Opened a session: handle = 0x%08x\n", h); |
3588 | |
3589 | (void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO)); |
3590 | crv = pFunctionList->C_GetSessionInfo(h, &sinfo); |
3591 | if (CKR_OK0x00000000UL != crv) { |
3592 | PKM_LogIt("C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv, |
3593 | PKM_CK_RVtoStr(crv)); |
3594 | return crv; |
3595 | } |
3596 | |
3597 | PKM_LogIt(" SESSION INFO:\n"); |
3598 | PKM_LogIt(" slotID = %lu\n", sinfo.slotID); |
3599 | PKM_LogIt(" state = %lu\n", sinfo.state); |
3600 | PKM_LogIt(" flags = 0x%08x\n", sinfo.flags); |
3601 | #ifdef CKF_EXCLUSIVE_SESSION |
3602 | PKM_LogIt(" -> EXCLUSIVE SESSION = %s\n", sinfo.flags & CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE"); |
3603 | #endif /* CKF_EXCLUSIVE_SESSION */ |
3604 | PKM_LogIt(" -> RW SESSION = %s\n", sinfo.flags & CKF_RW_SESSION0x00000002UL ? "TRUE" : "FALSE"); |
3605 | PKM_LogIt(" -> SERIAL SESSION = %s\n", sinfo.flags & CKF_SERIAL_SESSION0x00000004UL ? "TRUE" : "FALSE"); |
3606 | #ifdef CKF_INSERTION_CALLBACK |
3607 | PKM_LogIt(" -> INSERTION CALLBACK = %s\n", sinfo.flags & CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE"); |
3608 | #endif /* CKF_INSERTION_CALLBACK */ |
3609 | PKM_LogIt(" ulDeviceError = %lu\n", sinfo.ulDeviceError); |
3610 | PKM_LogIt("\n"); |
3611 | |
3612 | crv = pFunctionList->C_FindObjectsInit(h, NULL((void*)0), 0); |
3613 | if (CKR_OK0x00000000UL != crv) { |
3614 | PKM_LogIt("C_FindObjectsInit(%lu, NULL, 0) returned " |
3615 | "0x%08X, %-26s\n", |
3616 | h, crv, PKM_CK_RVtoStr(crv)); |
3617 | return crv; |
3618 | } |
3619 | |
3620 | pTemplate = (CK_ATTRIBUTE_PTR)calloc(number_of_all_known_attribute_types, |
3621 | sizeof(CK_ATTRIBUTE)); |
3622 | if ((CK_ATTRIBUTE_PTR)NULL((void*)0) == pTemplate) { |
3623 | PKM_Error("[pTemplate memory allocation of %lu bytes failed]\n", |
3624 | number_of_all_known_attribute_types * |
3625 | sizeof(CK_ATTRIBUTE)); |
3626 | return crv; |
3627 | } |
3628 | |
3629 | PKM_LogIt(" All objects:\n"); |
3630 | /* Printing table set to NOMODE */ |
3631 | curMode = MODE; |
3632 | MODE = NOMODE3; |
3633 | |
3634 | while (1) { |
3635 | CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0; |
3636 | CK_ULONG nObjects = 0; |
3637 | CK_ULONG k; |
3638 | CK_ULONG nAttributes = 0; |
3639 | CK_ATTRIBUTE_PTR pT2; |
3640 | CK_ULONG l; |
3641 | const char *attName = NULL((void*)0); |
3642 | |
3643 | crv = pFunctionList->C_FindObjects(h, &o, 1, &nObjects); |
3644 | if (CKR_OK0x00000000UL != crv) { |
3645 | PKM_Error("C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n", |
3646 | h, crv, PKM_CK_RVtoStr(crv)); |
3647 | return crv; |
3648 | } |
3649 | |
3650 | if (0 == nObjects) { |
3651 | PKM_LogIt("\n"); |
3652 | break; |
3653 | } |
3654 | |
3655 | tnObjects++; |
3656 | |
3657 | PKM_LogIt(" OBJECT HANDLE %lu:\n", o); |
3658 | |
3659 | k = 0; |
3660 | for (i = 0; i < constCount; i++) { |
3661 | if (consts[i].type == ConstAttribute) { |
3662 | pTemplate[k].type = consts[i].value; |
3663 | pTemplate[k].pValue = (CK_VOID_PTR)NULL((void*)0); |
3664 | pTemplate[k].ulValueLen = 0; |
3665 | k++; |
3666 | } |
3667 | assert(k <= number_of_all_known_attribute_types)((k <= number_of_all_known_attribute_types) ? (void) (0) : __assert_fail ("k <= number_of_all_known_attribute_types" , "pk11mode.c", 3667, __extension__ __PRETTY_FUNCTION__)); |
3668 | } |
3669 | |
3670 | crv = pFunctionList->C_GetAttributeValue(h, o, pTemplate, |
3671 | number_of_all_known_attribute_types); |
3672 | switch (crv) { |
3673 | case CKR_OK0x00000000UL: |
3674 | case CKR_ATTRIBUTE_SENSITIVE0x00000011UL: |
3675 | case CKR_ATTRIBUTE_TYPE_INVALID0x00000012UL: |
3676 | case CKR_BUFFER_TOO_SMALL0x00000150UL: |
3677 | break; |
3678 | default: |
3679 | PKM_Error("C_GetAtributeValue(%lu, %lu, {all attribute types}," |
3680 | "%lu) returned 0x%08X, %-26s\n", |
3681 | h, o, number_of_all_known_attribute_types, crv, |
3682 | PKM_CK_RVtoStr(crv)); |
3683 | return crv; |
3684 | } |
3685 | |
3686 | for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; k++) { |
3687 | if (-1 != (CK_LONG)pTemplate[k].ulValueLen) { |
3688 | nAttributes++; |
3689 | } |
3690 | } |
3691 | |
3692 | PKM_LogIt(" %lu attributes:\n", nAttributes); |
3693 | for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; |
3694 | k++) { |
3695 | if (-1 != (CK_LONG)pTemplate[k].ulValueLen) { |
3696 | attName = getNameFromAttribute(pTemplate[k].type); |
3697 | if (!attName) { |
3698 | PKM_Error("Unable to find attribute name update pk11table.c\n"); |
3699 | } |
3700 | PKM_LogIt(" %s 0x%08x (len = %lu)\n", |
3701 | attName, |
3702 | pTemplate[k].type, |
3703 | pTemplate[k].ulValueLen); |
3704 | } |
3705 | } |
3706 | PKM_LogIt("\n"); |
3707 | |
3708 | pT2 = (CK_ATTRIBUTE_PTR)calloc(nAttributes, sizeof(CK_ATTRIBUTE)); |
3709 | if ((CK_ATTRIBUTE_PTR)NULL((void*)0) == pT2) { |
3710 | PKM_Error("[pT2 memory allocation of %lu bytes failed]\n", |
3711 | nAttributes * sizeof(CK_ATTRIBUTE)); |
3712 | return crv; |
3713 | } |
3714 | |
3715 | /* allocate memory for the attribute values */ |
3716 | for (l = 0, k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; |
3717 | k++) { |
3718 | if (-1 != (CK_LONG)pTemplate[k].ulValueLen) { |
3719 | pT2[l].type = pTemplate[k].type; |
3720 | pT2[l].ulValueLen = pTemplate[k].ulValueLen; |
3721 | if (pT2[l].ulValueLen > 0) { |
3722 | pT2[l].pValue = (CK_VOID_PTR)malloc(pT2[l].ulValueLen); |
3723 | if ((CK_VOID_PTR)NULL((void*)0) == pT2[l].pValue) { |
3724 | PKM_Error("pValue memory allocation of %lu bytes failed]\n", |
3725 | pT2[l].ulValueLen); |
3726 | return crv; |
3727 | } |
3728 | } else |
3729 | pT2[l].pValue = (CK_VOID_PTR)NULL((void*)0); |
3730 | l++; |
3731 | } |
3732 | } |
3733 | |
3734 | assert(l == nAttributes)((l == nAttributes) ? (void) (0) : __assert_fail ("l == nAttributes" , "pk11mode.c", 3734, __extension__ __PRETTY_FUNCTION__)); |
3735 | |
3736 | crv = pFunctionList->C_GetAttributeValue(h, o, pT2, nAttributes); |
3737 | switch (crv) { |
3738 | case CKR_OK0x00000000UL: |
3739 | case CKR_ATTRIBUTE_SENSITIVE0x00000011UL: |
3740 | case CKR_ATTRIBUTE_TYPE_INVALID0x00000012UL: |
3741 | case CKR_BUFFER_TOO_SMALL0x00000150UL: |
3742 | break; |
3743 | default: |
3744 | PKM_Error("C_GetAtributeValue(%lu, %lu, {existent attribute" |
3745 | " types}, %lu) returned 0x%08X, %-26s\n", |
3746 | h, o, nAttributes, crv, PKM_CK_RVtoStr(crv)); |
3747 | return crv; |
3748 | } |
3749 | |
3750 | for (l = 0; l < nAttributes; l++) { |
3751 | attName = getNameFromAttribute(pT2[l].type); |
3752 | if (!attName) |
3753 | attName = "unknown attribute"; |
3754 | PKM_LogIt(" type = %s len = %ld", |
3755 | attName, (CK_LONG)pT2[l].ulValueLen); |
3756 | |
3757 | if (-1 == (CK_LONG)pT2[l].ulValueLen) { |
3758 | ; |
3759 | } else { |
3760 | CK_ULONG m; |
3761 | |
3762 | if (pT2[l].ulValueLen <= 8) { |
3763 | PKM_LogIt(", value = "); |
3764 | } else { |
3765 | PKM_LogIt(", value = \n "); |
3766 | } |
3767 | |
3768 | for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) { |
3769 | PKM_LogIt("%02x", (CK_ULONG)(0xff & |
3770 | ((CK_CHAR_PTR)pT2[l].pValue)[m])); |
3771 | } |
3772 | |
3773 | PKM_LogIt(" "); |
3774 | |
3775 | for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) { |
3776 | CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m]; |
3777 | if ((c < 0x20) || (c >= 0x7f)) { |
3778 | c = '.'; |
3779 | } |
3780 | PKM_LogIt("%c", c); |
3781 | } |
3782 | } |
3783 | |
3784 | PKM_LogIt("\n"); |
3785 | } |
3786 | |
3787 | PKM_LogIt("\n"); |
3788 | |
3789 | for (l = 0; l < nAttributes; l++) { |
3790 | if (pT2[l].pValue) { |
3791 | free(pT2[l].pValue); |
3792 | } |
3793 | } |
3794 | free(pT2); |
3795 | } /* while(1) */ |
3796 | |
3797 | MODE = curMode; /* reset the logging MODE */ |
3798 | |
3799 | crv = pFunctionList->C_FindObjectsFinal(h); |
3800 | if (CKR_OK0x00000000UL != crv) { |
3801 | PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv, |
3802 | PKM_CK_RVtoStr(crv)); |
3803 | return crv; |
3804 | } |
3805 | |
3806 | PKM_LogIt(" (%lu objects total)\n", tnObjects); |
3807 | |
3808 | crv = pFunctionList->C_CloseSession(h); |
3809 | if (CKR_OK0x00000000UL != crv) { |
3810 | PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv, |
3811 | PKM_CK_RVtoStr(crv)); |
3812 | return crv; |
3813 | } |
3814 | |
3815 | return crv; |
3816 | } |
3817 | /* session to create, find, and delete a couple session objects */ |
3818 | CK_RV |
3819 | PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList, |
3820 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
3821 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
3822 | { |
3823 | |
3824 | CK_RV crv = CKR_OK0x00000000UL; |
3825 | |
3826 | CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0; |
3827 | CK_SESSION_HANDLE h2 = (CK_SESSION_HANDLE)0; |
3828 | CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1]; |
3829 | CK_OBJECT_CLASS cko_data = CKO_DATA0x00000000UL; |
3830 | char *key = "TEST PROGRAM"; |
3831 | CK_ULONG key_len = 0; |
3832 | CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0; |
3833 | CK_OBJECT_HANDLE hTwoIn = (CK_OBJECT_HANDLE)0; |
3834 | CK_OBJECT_HANDLE hThreeIn = (CK_OBJECT_HANDLE)0; |
3835 | CK_OBJECT_HANDLE hDeltaIn = (CK_OBJECT_HANDLE)0; |
3836 | CK_OBJECT_HANDLE found[10]; |
3837 | CK_ULONG nFound; |
3838 | CK_ULONG hDeltaLen, hThreeLen = 0; |
3839 | |
3840 | CK_TOKEN_INFO tinfo; |
3841 | |
3842 | NUMTESTS++; /* increment NUMTESTS */ |
3843 | key_len = sizeof(key); |
3844 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], |
3845 | CKF_SERIAL_SESSION0x00000004UL, NULL((void*)0), NULL((void*)0), &h); |
3846 | if (CKR_OK0x00000000UL != crv) { |
3847 | PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )" |
3848 | "returned 0x%08X, %-26s\n", |
3849 | pSlotList[slotID], crv, |
3850 | PKM_CK_RVtoStr(crv)); |
3851 | return crv; |
3852 | } |
3853 | crv = pFunctionList->C_Login(h, CKU_USER1, pwd, pwdLen); |
3854 | if (crv == CKR_OK0x00000000UL) { |
3855 | PKM_LogIt("C_Login with correct password succeeded\n"); |
3856 | } else { |
3857 | PKM_Error("C_Login with correct password failed " |
3858 | "with 0x%08X, %-26s\n", |
3859 | crv, PKM_CK_RVtoStr(crv)); |
3860 | return crv; |
3861 | } |
3862 | |
3863 | (void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO)); |
3864 | crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tinfo); |
3865 | if (CKR_OK0x00000000UL != crv) { |
3866 | PKM_Error("C_GetTokenInfo(%lu, ) returned 0x%08X, %-26s\n", |
3867 | pSlotList[slotID], crv, PKM_CK_RVtoStr(crv)); |
3868 | return crv; |
3869 | } |
3870 | |
3871 | PKM_LogIt(" Opened a session: handle = 0x%08x\n", h); |
3872 | |
3873 | one[0].type = CKA_CLASS0x00000000UL; |
3874 | one[0].pValue = &cko_data; |
3875 | one[0].ulValueLen = sizeof(CK_OBJECT_CLASS); |
3876 | one[1].type = CKA_TOKEN0x00000001UL; |
3877 | one[1].pValue = &false; |
3878 | one[1].ulValueLen = sizeof(CK_BBOOL); |
3879 | one[2].type = CKA_PRIVATE0x00000002UL; |
3880 | one[2].pValue = &false; |
3881 | one[2].ulValueLen = sizeof(CK_BBOOL); |
3882 | one[3].type = CKA_MODIFIABLE0x00000170UL; |
3883 | one[3].pValue = &true; |
3884 | one[3].ulValueLen = sizeof(CK_BBOOL); |
3885 | one[4].type = CKA_LABEL0x00000003UL; |
3886 | one[4].pValue = "Test data object one"; |
3887 | one[4].ulValueLen = strlen(one[4].pValue); |
3888 | one[5].type = CKA_APPLICATION0x00000010UL; |
3889 | one[5].pValue = key; |
3890 | one[5].ulValueLen = key_len; |
3891 | one[6].type = CKA_VALUE0x00000011UL; |
3892 | one[6].pValue = "Object one"; |
3893 | one[6].ulValueLen = strlen(one[6].pValue); |
3894 | |
3895 | two[0].type = CKA_CLASS0x00000000UL; |
3896 | two[0].pValue = &cko_data; |
3897 | two[0].ulValueLen = sizeof(CK_OBJECT_CLASS); |
3898 | two[1].type = CKA_TOKEN0x00000001UL; |
3899 | two[1].pValue = &false; |
3900 | two[1].ulValueLen = sizeof(CK_BBOOL); |
3901 | two[2].type = CKA_PRIVATE0x00000002UL; |
3902 | two[2].pValue = &false; |
3903 | two[2].ulValueLen = sizeof(CK_BBOOL); |
3904 | two[3].type = CKA_MODIFIABLE0x00000170UL; |
3905 | two[3].pValue = &true; |
3906 | two[3].ulValueLen = sizeof(CK_BBOOL); |
3907 | two[4].type = CKA_LABEL0x00000003UL; |
3908 | two[4].pValue = "Test data object two"; |
3909 | two[4].ulValueLen = strlen(two[4].pValue); |
3910 | two[5].type = CKA_APPLICATION0x00000010UL; |
3911 | two[5].pValue = key; |
3912 | two[5].ulValueLen = key_len; |
3913 | two[6].type = CKA_VALUE0x00000011UL; |
3914 | two[6].pValue = "Object two"; |
3915 | two[6].ulValueLen = strlen(two[6].pValue); |
3916 | |
3917 | three[0].type = CKA_CLASS0x00000000UL; |
3918 | three[0].pValue = &cko_data; |
3919 | three[0].ulValueLen = sizeof(CK_OBJECT_CLASS); |
3920 | three[1].type = CKA_TOKEN0x00000001UL; |
3921 | three[1].pValue = &false; |
3922 | three[1].ulValueLen = sizeof(CK_BBOOL); |
3923 | three[2].type = CKA_PRIVATE0x00000002UL; |
3924 | three[2].pValue = &false; |
3925 | three[2].ulValueLen = sizeof(CK_BBOOL); |
3926 | three[3].type = CKA_MODIFIABLE0x00000170UL; |
3927 | three[3].pValue = &true; |
3928 | three[3].ulValueLen = sizeof(CK_BBOOL); |
3929 | three[4].type = CKA_LABEL0x00000003UL; |
3930 | three[4].pValue = "Test data object three"; |
3931 | three[4].ulValueLen = strlen(three[4].pValue); |
3932 | three[5].type = CKA_APPLICATION0x00000010UL; |
3933 | three[5].pValue = key; |
3934 | three[5].ulValueLen = key_len; |
3935 | three[6].type = CKA_VALUE0x00000011UL; |
3936 | three[6].pValue = "Object three"; |
3937 | three[6].ulValueLen = strlen(three[6].pValue); |
3938 | |
3939 | crv = pFunctionList->C_CreateObject(h, one, 7, &hOneIn); |
3940 | if (CKR_OK0x00000000UL != crv) { |
3941 | PKM_Error("C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n", |
3942 | h, crv, PKM_CK_RVtoStr(crv)); |
3943 | return crv; |
3944 | } |
3945 | |
3946 | PKM_LogIt(" Created object one: handle = %lu\n", hOneIn); |
3947 | |
3948 | crv = pFunctionList->C_CreateObject(h, two, 7, &hTwoIn); |
3949 | if (CKR_OK0x00000000UL != crv) { |
3950 | PKM_Error("C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n", |
3951 | h, crv, PKM_CK_RVtoStr(crv)); |
3952 | return crv; |
3953 | } |
3954 | |
3955 | PKM_LogIt(" Created object two: handle = %lu\n", hTwoIn); |
3956 | |
3957 | crv = pFunctionList->C_CreateObject(h, three, 7, &hThreeIn); |
3958 | if (CKR_OK0x00000000UL != crv) { |
3959 | PKM_Error("C_CreateObject(%lu, three, 7, ) returned 0x%08x\n", |
3960 | h, crv, PKM_CK_RVtoStr(crv)); |
3961 | return crv; |
3962 | } |
3963 | crv = pFunctionList->C_GetObjectSize(h, hThreeIn, &hThreeLen); |
3964 | if (crv == CKR_OK0x00000000UL) { |
3965 | PKM_LogIt("C_GetObjectSize succeeded\n"); |
3966 | } else { |
3967 | PKM_Error("C_GetObjectSize failed " |
3968 | "with 0x%08X, %-26s\n", |
3969 | crv, PKM_CK_RVtoStr(crv)); |
3970 | return crv; |
3971 | } |
3972 | |
3973 | PKM_LogIt(" Created object three: handle = %lu\n", hThreeIn); |
3974 | |
3975 | delta[0].type = CKA_VALUE0x00000011UL; |
3976 | delta[0].pValue = "Copied object"; |
3977 | delta[0].ulValueLen = strlen(delta[0].pValue); |
3978 | |
3979 | crv = pFunctionList->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn); |
3980 | if (CKR_OK0x00000000UL != crv) { |
3981 | PKM_Error("C_CopyObject(%lu, %lu, delta, 1, ) returned " |
3982 | "0x%08X, %-26s\n", |
3983 | h, hThreeIn, crv, PKM_CK_RVtoStr(crv)); |
3984 | return crv; |
3985 | } |
3986 | crv = pFunctionList->C_GetObjectSize(h, hDeltaIn, &hDeltaLen); |
3987 | if (crv == CKR_OK0x00000000UL) { |
3988 | PKM_LogIt("C_GetObjectSize succeeded\n"); |
3989 | } else { |
3990 | PKM_Error("C_GetObjectSize failed " |
3991 | "with 0x%08X, %-26s\n", |
3992 | crv, PKM_CK_RVtoStr(crv)); |
3993 | return crv; |
3994 | } |
3995 | |
3996 | if (hThreeLen == hDeltaLen) { |
3997 | PKM_LogIt("Copied object size same as orginal\n"); |
3998 | } else { |
3999 | PKM_Error("Copied object different from original\n"); |
4000 | return CKR_DEVICE_ERROR0x00000030UL; |
4001 | } |
4002 | |
4003 | PKM_LogIt(" Copied object three: new handle = %lu\n", hDeltaIn); |
4004 | |
4005 | mask[0].type = CKA_APPLICATION0x00000010UL; |
4006 | mask[0].pValue = key; |
4007 | mask[0].ulValueLen = key_len; |
4008 | |
4009 | crv = pFunctionList->C_FindObjectsInit(h, mask, 1); |
4010 | if (CKR_OK0x00000000UL != crv) { |
4011 | PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n", |
4012 | h, crv, PKM_CK_RVtoStr(crv)); |
4013 | return crv; |
4014 | } |
4015 | |
4016 | (void)memset(&found, 0, sizeof(found)); |
4017 | nFound = 0; |
4018 | crv = pFunctionList->C_FindObjects(h, found, 10, &nFound); |
4019 | if (CKR_OK0x00000000UL != crv) { |
4020 | PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n", |
4021 | h, crv, PKM_CK_RVtoStr(crv)); |
4022 | return crv; |
4023 | } |
4024 | |
4025 | if (4 != nFound) { |
4026 | PKM_Error("Found %lu objects, not 4.\n", nFound); |
4027 | return crv; |
4028 | } |
4029 | |
4030 | PKM_LogIt(" Found 4 objects: %lu, %lu, %lu, %lu\n", |
4031 | found[0], found[1], found[2], found[3]); |
4032 | |
4033 | crv = pFunctionList->C_FindObjectsFinal(h); |
4034 | if (CKR_OK0x00000000UL != crv) { |
4035 | PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", |
4036 | h, crv, PKM_CK_RVtoStr(crv)); |
4037 | return crv; |
4038 | } |
4039 | |
4040 | crv = pFunctionList->C_DestroyObject(h, hThreeIn); |
4041 | if (CKR_OK0x00000000UL != crv) { |
4042 | PKM_Error("C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h, |
4043 | hThreeIn, crv, PKM_CK_RVtoStr(crv)); |
4044 | return crv; |
4045 | } |
4046 | |
4047 | PKM_LogIt(" Destroyed object three (handle = %lu)\n", hThreeIn); |
4048 | |
4049 | delta[0].type = CKA_APPLICATION0x00000010UL; |
4050 | delta[0].pValue = "Changed application"; |
4051 | delta[0].ulValueLen = strlen(delta[0].pValue); |
4052 | |
4053 | crv = pFunctionList->C_SetAttributeValue(h, hTwoIn, delta, 1); |
4054 | if (CKR_OK0x00000000UL != crv) { |
4055 | PKM_Error("C_SetAttributeValue(%lu, %lu, delta, 1) returned " |
4056 | "0x%08X, %-26s\n", |
4057 | h, hTwoIn, crv, PKM_CK_RVtoStr(crv)); |
4058 | return crv; |
4059 | } |
4060 | |
4061 | PKM_LogIt(" Changed object two (handle = %lu).\n", hTwoIn); |
4062 | |
4063 | /* Can another session find these session objects? */ |
4064 | |
4065 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
4066 | NULL((void*)0), NULL((void*)0), &h2); |
4067 | if (CKR_OK0x00000000UL != crv) { |
4068 | PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )" |
4069 | " returned 0x%08X, %-26s\n", |
4070 | pSlotList[slotID], crv, |
4071 | PKM_CK_RVtoStr(crv)); |
4072 | return crv; |
4073 | } |
4074 | PKM_LogIt(" Opened a second session: handle = 0x%08x\n", h2); |
4075 | |
4076 | /* mask is still the same */ |
4077 | |
4078 | crv = pFunctionList->C_FindObjectsInit(h2, mask, 1); |
4079 | if (CKR_OK0x00000000UL != crv) { |
4080 | PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n", |
4081 | h2, crv, PKM_CK_RVtoStr(crv)); |
4082 | return crv; |
4083 | } |
4084 | |
4085 | (void)memset(&found, 0, sizeof(found)); |
4086 | nFound = 0; |
4087 | crv = pFunctionList->C_FindObjects(h2, found, 10, &nFound); |
4088 | if (CKR_OK0x00000000UL != crv) { |
4089 | PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n", |
4090 | h2, crv, PKM_CK_RVtoStr(crv)); |
4091 | return crv; |
4092 | } |
4093 | |
4094 | if (2 != nFound) { |
4095 | PKM_Error("Found %lu objects, not 2.\n", nFound); |
4096 | return crv; |
4097 | } |
4098 | |
4099 | PKM_LogIt(" Found 2 objects: %lu, %lu\n", |
4100 | found[0], found[1]); |
4101 | |
4102 | crv = pFunctionList->C_FindObjectsFinal(h2); |
4103 | if (CKR_OK0x00000000UL != crv) { |
4104 | PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv, |
4105 | PKM_CK_RVtoStr(crv)); |
4106 | return crv; |
4107 | } |
4108 | crv = pFunctionList->C_Logout(h); |
4109 | if (crv == CKR_OK0x00000000UL) { |
4110 | PKM_LogIt("C_Logout succeeded\n"); |
4111 | } else { |
4112 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
4113 | PKM_CK_RVtoStr(crv)); |
4114 | return crv; |
4115 | } |
4116 | crv = pFunctionList->C_CloseAllSessions(pSlotList[slotID]); |
4117 | if (CKR_OK0x00000000UL != crv) { |
4118 | PKM_Error("C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n", |
4119 | pSlotList[slotID], crv, PKM_CK_RVtoStr(crv)); |
4120 | return crv; |
4121 | } |
4122 | |
4123 | PKM_LogIt("\n"); |
4124 | return crv; |
4125 | } |
4126 | |
4127 | CK_RV |
4128 | PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList, |
4129 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
4130 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) |
4131 | { |
4132 | CK_SESSION_HANDLE hSession; |
4133 | CK_RV crv = CKR_OK0x00000000UL; |
4134 | CK_MECHANISM sAESKeyMech = { |
4135 | CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0 |
4136 | }; |
4137 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; |
4138 | CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL; |
4139 | CK_UTF8CHAR AESlabel[] = "An AES secret key object"; |
4140 | CK_ULONG AESvalueLen = 16; |
4141 | CK_ATTRIBUTE sAESKeyTemplate[9]; |
4142 | CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE0; |
4143 | CK_BYTE_PTR pstate = NULL((void*)0); |
4144 | CK_ULONG statelen, digestlen, plainlen, plainlen_1, plainlen_2, slen; |
4145 | |
4146 | static const CK_UTF8CHAR *plaintext = (CK_UTF8CHAR *)"Firefox rules."; |
4147 | static const CK_UTF8CHAR *plaintext_1 = (CK_UTF8CHAR *)"Thunderbird rules."; |
4148 | static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)"Firefox and Thunderbird."; |
4149 | |
4150 | char digest[MAX_DIGEST_SZ64], digest_1[MAX_DIGEST_SZ64]; |
4151 | char sign[MAX_SIG_SZ128]; |
4152 | CK_MECHANISM signmech; |
4153 | CK_MECHANISM digestmech; |
4154 | |
4155 | NUMTESTS++; /* increment NUMTESTS */ |
4156 | |
4157 | /* AES key template */ |
4158 | sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL; |
4159 | sAESKeyTemplate[0].pValue = &class; |
4160 | sAESKeyTemplate[0].ulValueLen = sizeof(class); |
4161 | sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL; |
4162 | sAESKeyTemplate[1].pValue = &keyAESType; |
4163 | sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType); |
4164 | sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL; |
4165 | sAESKeyTemplate[2].pValue = AESlabel; |
4166 | sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1; |
4167 | sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL; |
4168 | sAESKeyTemplate[3].pValue = &true; |
4169 | sAESKeyTemplate[3].ulValueLen = sizeof(true); |
4170 | sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL; |
4171 | sAESKeyTemplate[4].pValue = &true; |
4172 | sAESKeyTemplate[4].ulValueLen = sizeof(true); |
4173 | sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL; |
4174 | sAESKeyTemplate[5].pValue = &true; |
4175 | sAESKeyTemplate[5].ulValueLen = sizeof(true); |
4176 | sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL; |
4177 | sAESKeyTemplate[6].pValue = &true; |
4178 | sAESKeyTemplate[6].ulValueLen = sizeof(true); |
4179 | sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL; |
4180 | sAESKeyTemplate[7].pValue = &true; |
4181 | sAESKeyTemplate[7].ulValueLen = sizeof(true); |
4182 | sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL; |
4183 | sAESKeyTemplate[8].pValue = &AESvalueLen; |
4184 | sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen); |
4185 | |
4186 | signmech.mechanism = CKM_SHA_1_HMAC0x00000221UL; |
4187 | signmech.pParameter = NULL((void*)0); |
4188 | signmech.ulParameterLen = 0; |
4189 | digestmech.mechanism = CKM_SHA2560x00000250UL; |
4190 | digestmech.pParameter = NULL((void*)0); |
4191 | digestmech.ulParameterLen = 0; |
4192 | |
4193 | plainlen = strlen((char *)plaintext); |
4194 | plainlen_1 = strlen((char *)plaintext_1); |
4195 | plainlen_2 = strlen((char *)plaintext_2); |
4196 | digestlen = MAX_DIGEST_SZ64; |
4197 | |
4198 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
4199 | NULL((void*)0), NULL((void*)0), &hSession); |
4200 | if (crv != CKR_OK0x00000000UL) { |
4201 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
4202 | PKM_CK_RVtoStr(crv)); |
4203 | return crv; |
4204 | } |
4205 | |
4206 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
4207 | if (crv == CKR_OK0x00000000UL) { |
4208 | PKM_LogIt("C_Login with correct password succeeded\n"); |
4209 | } else { |
4210 | PKM_Error("C_Login with correct password failed " |
4211 | "with 0x%08X, %-26s\n", |
4212 | crv, PKM_CK_RVtoStr(crv)); |
4213 | return crv; |
4214 | } |
4215 | |
4216 | PKM_LogIt("Generate an AES key ...\n"); |
4217 | /* generate an AES Secret Key */ |
4218 | crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech, |
4219 | sAESKeyTemplate, |
4220 | NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])), |
4221 | &sKey); |
4222 | if (crv == CKR_OK0x00000000UL) { |
4223 | PKM_LogIt("C_GenerateKey AES succeeded\n"); |
4224 | } else { |
4225 | PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n", |
4226 | crv, PKM_CK_RVtoStr(crv)); |
4227 | return crv; |
4228 | } |
4229 | |
4230 | crv = pFunctionList->C_SignInit(hSession, &signmech, sKey); |
4231 | if (crv != CKR_OK0x00000000UL) { |
4232 | PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv, |
4233 | PKM_CK_RVtoStr(crv)); |
4234 | return crv; |
4235 | } |
4236 | |
4237 | slen = sizeof(sign); |
4238 | crv = pFunctionList->C_Sign(hSession, (CK_BYTE_PTR)plaintext, plainlen, |
4239 | (CK_BYTE_PTR)sign, &slen); |
4240 | if (crv != CKR_OK0x00000000UL) { |
4241 | PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv, |
4242 | PKM_CK_RVtoStr(crv)); |
4243 | return crv; |
4244 | } |
4245 | |
4246 | crv = pFunctionList->C_DestroyObject(hSession, sKey); |
4247 | if (crv != CKR_OK0x00000000UL) { |
4248 | PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv, |
4249 | PKM_CK_RVtoStr(crv)); |
4250 | return crv; |
4251 | } |
4252 | |
4253 | digestlen = MAX_DIGEST_SZ64; |
4254 | crv = pFunctionList->C_DigestInit(hSession, &digestmech); |
4255 | if (crv != CKR_OK0x00000000UL) { |
4256 | PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv, |
4257 | PKM_CK_RVtoStr(crv)); |
4258 | return crv; |
4259 | } |
4260 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext, |
4261 | plainlen); |
4262 | if (crv != CKR_OK0x00000000UL) { |
4263 | PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv, |
4264 | PKM_CK_RVtoStr(crv)); |
4265 | return crv; |
4266 | } |
4267 | |
4268 | crv = pFunctionList->C_GetOperationState(hSession, NULL((void*)0), &statelen); |
4269 | if (crv != CKR_OK0x00000000UL) { |
4270 | PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv, |
4271 | PKM_CK_RVtoStr(crv)); |
4272 | return crv; |
4273 | } |
4274 | |
4275 | pstate = (CK_BYTE_PTR)malloc(statelen * sizeof(CK_BYTE_PTR)); |
4276 | crv = pFunctionList->C_GetOperationState(hSession, pstate, &statelen); |
4277 | if (crv != CKR_OK0x00000000UL) { |
4278 | PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv, |
4279 | PKM_CK_RVtoStr(crv)); |
4280 | return crv; |
4281 | } |
4282 | |
4283 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_1, |
4284 | plainlen_1); |
4285 | if (crv != CKR_OK0x00000000UL) { |
4286 | PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv, |
4287 | PKM_CK_RVtoStr(crv)); |
4288 | return crv; |
4289 | } |
4290 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_2, |
4291 | plainlen_2); |
4292 | if (crv != CKR_OK0x00000000UL) { |
4293 | PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv, |
4294 | PKM_CK_RVtoStr(crv)); |
4295 | return crv; |
4296 | } |
4297 | |
4298 | /* |
4299 | * This will override/negate the above 2 digest_update |
4300 | * operations |
4301 | */ |
4302 | crv = pFunctionList->C_SetOperationState(hSession, pstate, statelen, |
4303 | 0, 0); |
4304 | if (crv != CKR_OK0x00000000UL) { |
4305 | PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv, |
4306 | PKM_CK_RVtoStr(crv)); |
4307 | return crv; |
4308 | } |
4309 | crv = pFunctionList->C_DigestFinal(hSession, (CK_BYTE_PTR)digest, |
4310 | &digestlen); |
4311 | if (crv != CKR_OK0x00000000UL) { |
4312 | PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv, |
4313 | PKM_CK_RVtoStr(crv)); |
4314 | return crv; |
4315 | } |
4316 | digestlen = MAX_DIGEST_SZ64; |
4317 | crv = pFunctionList->C_DigestInit(hSession, &digestmech); |
4318 | if (crv != CKR_OK0x00000000UL) { |
4319 | PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv, |
4320 | PKM_CK_RVtoStr(crv)); |
4321 | return crv; |
4322 | } |
4323 | crv = pFunctionList->C_Digest(hSession, (CK_BYTE_PTR)plaintext, plainlen, |
4324 | (CK_BYTE_PTR)digest_1, &digestlen); |
4325 | if (crv != CKR_OK0x00000000UL) { |
4326 | PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv, |
4327 | PKM_CK_RVtoStr(crv)); |
4328 | return crv; |
4329 | } |
4330 | if (memcmp(digest, digest_1, digestlen) == 0) { |
4331 | PKM_LogIt("Digest and digest_1 are equal!\n"); |
4332 | } else { |
4333 | PKM_Error("Digest and digest_1 are not equal!\n"); |
4334 | } |
4335 | crv = pFunctionList->C_Logout(hSession); |
4336 | if (crv == CKR_OK0x00000000UL) { |
4337 | PKM_LogIt("C_Logout succeeded\n"); |
4338 | } else { |
4339 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
4340 | PKM_CK_RVtoStr(crv)); |
4341 | return crv; |
4342 | } |
4343 | crv = pFunctionList->C_CloseSession(hSession); |
4344 | if (CKR_OK0x00000000UL != crv) { |
4345 | PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n", |
4346 | hSession, crv, PKM_CK_RVtoStr(crv)); |
4347 | return crv; |
4348 | } |
4349 | |
4350 | return crv; |
4351 | } |
4352 | |
4353 | /* |
4354 | * Recover Functions |
4355 | */ |
4356 | CK_RV |
4357 | PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList, |
4358 | CK_SESSION_HANDLE hSession, |
4359 | CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey, |
4360 | CK_MECHANISM *signMech, const CK_BYTE *pData, |
4361 | CK_ULONG pDataLen) |
4362 | { |
4363 | CK_RV crv = CKR_OK0x00000000UL; |
4364 | CK_BYTE sig[MAX_SIG_SZ128]; |
4365 | CK_ULONG sigLen = MAX_SIG_SZ128; |
4366 | CK_BYTE recover[MAX_SIG_SZ128]; |
4367 | CK_ULONG recoverLen = MAX_SIG_SZ128; |
4368 | |
4369 | NUMTESTS++; /* increment NUMTESTS */ |
4370 | |
4371 | /* initializes a signature operation, |
4372 | * where the data can be recovered from the signature |
4373 | */ |
4374 | crv = pFunctionList->C_SignRecoverInit(hSession, signMech, |
4375 | hPrivKey); |
4376 | if (crv == CKR_OK0x00000000UL) { |
4377 | PKM_LogIt("C_SignRecoverInit succeeded. \n"); |
4378 | } else { |
4379 | PKM_Error("C_SignRecoverInit failed.\n" |
4380 | "with 0x%08X, %-26s\n", |
4381 | crv, PKM_CK_RVtoStr(crv)); |
4382 | return crv; |
4383 | } |
4384 | |
4385 | /* signs single-part data, |
4386 | * where the data can be recovered from the signature |
4387 | */ |
4388 | crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE *)pData, |
4389 | pDataLen, |
4390 | (CK_BYTE *)sig, &sigLen); |
4391 | if (crv == CKR_OK0x00000000UL) { |
4392 | PKM_LogIt("C_SignRecover succeeded. \n"); |
4393 | } else { |
4394 | PKM_Error("C_SignRecoverInit failed to create an RSA key pair.\n" |
4395 | "with 0x%08X, %-26s\n", |
4396 | crv, PKM_CK_RVtoStr(crv)); |
4397 | return crv; |
4398 | } |
4399 | |
4400 | /* |
4401 | * initializes a verification operation |
4402 | *where the data is recovered from the signature |
4403 | */ |
4404 | crv = pFunctionList->C_VerifyRecoverInit(hSession, signMech, |
4405 | hPubKey); |
4406 | if (crv == CKR_OK0x00000000UL) { |
4407 | PKM_LogIt("C_VerifyRecoverInit succeeded. \n"); |
4408 | } else { |
4409 | PKM_Error("C_VerifyRecoverInit failed.\n" |
4410 | "with 0x%08X, %-26s\n", |
4411 | crv, PKM_CK_RVtoStr(crv)); |
4412 | return crv; |
4413 | } |
4414 | |
4415 | /* |
4416 | * verifies a signature on single-part data, |
4417 | * where the data is recovered from the signature |
4418 | */ |
4419 | crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE *)sig, |
4420 | sigLen, |
4421 | (CK_BYTE *)recover, &recoverLen); |
4422 | if (crv == CKR_OK0x00000000UL) { |
4423 | PKM_LogIt("C_VerifyRecover succeeded. \n"); |
4424 | } else { |
4425 | PKM_Error("C_VerifyRecover failed.\n" |
4426 | "with 0x%08X, %-26s\n", |
4427 | crv, PKM_CK_RVtoStr(crv)); |
4428 | return crv; |
4429 | } |
4430 | |
4431 | if ((recoverLen == pDataLen) && |
4432 | (memcmp(recover, pData, pDataLen) == 0)) { |
4433 | PKM_LogIt("VerifyRecover test case passed\n"); |
4434 | } else { |
4435 | PKM_Error("VerifyRecover test case failed\n"); |
4436 | } |
4437 | |
4438 | return crv; |
4439 | } |
4440 | /* |
4441 | * wrapUnwrap |
4442 | * wrap the secretkey with the public key. |
4443 | * unwrap the secretkey with the private key. |
4444 | */ |
4445 | CK_RV |
4446 | PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList, |
4447 | CK_SESSION_HANDLE hSession, |
4448 | CK_OBJECT_HANDLE hPublicKey, |
4449 | CK_OBJECT_HANDLE hPrivateKey, |
4450 | CK_MECHANISM *wrapMechanism, |
4451 | CK_OBJECT_HANDLE hSecretKey, |
4452 | CK_ATTRIBUTE *sKeyTemplate, |
4453 | CK_ULONG skeyTempSize) |
4454 | { |
4455 | CK_RV crv = CKR_OK0x00000000UL; |
4456 | CK_OBJECT_HANDLE hSecretKeyUnwrapped = CK_INVALID_HANDLE0; |
4457 | CK_BYTE wrappedKey[128]; |
4458 | CK_ULONG ulWrappedKeyLen = 0; |
4459 | |
4460 | NUMTESTS++; /* increment NUMTESTS */ |
4461 | |
4462 | ulWrappedKeyLen = sizeof(wrappedKey); |
4463 | crv = pFunctionList->C_WrapKey( |
4464 | hSession, wrapMechanism, |
4465 | hPublicKey, hSecretKey, |
4466 | wrappedKey, &ulWrappedKeyLen); |
4467 | if (crv == CKR_OK0x00000000UL) { |
4468 | PKM_LogIt("C_WrapKey succeeded\n"); |
4469 | } else { |
4470 | PKM_Error("C_WrapKey failed with 0x%08X, %-26s\n", crv, |
4471 | PKM_CK_RVtoStr(crv)); |
4472 | return crv; |
4473 | } |
4474 | crv = pFunctionList->C_UnwrapKey( |
4475 | hSession, wrapMechanism, hPrivateKey, |
4476 | wrappedKey, ulWrappedKeyLen, sKeyTemplate, |
4477 | skeyTempSize, |
4478 | &hSecretKeyUnwrapped); |
4479 | if ((crv == CKR_OK0x00000000UL) && (hSecretKeyUnwrapped != CK_INVALID_HANDLE0)) { |
4480 | PKM_LogIt("C_UnwrapKey succeeded\n"); |
4481 | } else { |
4482 | PKM_Error("C_UnwrapKey failed with 0x%08X, %-26s\n", crv, |
4483 | PKM_CK_RVtoStr(crv)); |
4484 | return crv; |
4485 | } |
4486 | |
4487 | return crv; |
4488 | } |
4489 | |
4490 | /* |
4491 | * Tests if the object's attributes match the expected_attrs |
4492 | */ |
4493 | CK_RV |
4494 | PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList, |
4495 | CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj, |
4496 | CK_ATTRIBUTE_PTR expected_attrs, |
4497 | CK_ULONG expected_attrs_count) |
4498 | { |
4499 | CK_RV crv; |
4500 | CK_ATTRIBUTE_PTR tmp_attrs; |
4501 | unsigned int i; |
4502 | |
4503 | NUMTESTS++; /* increment NUMTESTS */ |
4504 | |
4505 | /* First duplicate the themplate */ |
4506 | tmp_attrs = malloc(expected_attrs_count * sizeof(CK_ATTRIBUTE)); |
4507 | |
4508 | if (tmp_attrs == NULL((void*)0)) { |
4509 | PKM_Error("Internal test memory failure\n"); |
4510 | return (CKR_HOST_MEMORY0x00000002UL); |
4511 | } |
4512 | |
4513 | for (i = 0; i < expected_attrs_count; i++) { |
4514 | tmp_attrs[i].type = expected_attrs[i].type; |
4515 | tmp_attrs[i].ulValueLen = expected_attrs[i].ulValueLen; |
4516 | |
4517 | /* Don't give away the expected one. just zeros */ |
4518 | tmp_attrs[i].pValue = calloc(expected_attrs[i].ulValueLen, 1); |
4519 | |
4520 | if (tmp_attrs[i].pValue == NULL((void*)0)) { |
4521 | unsigned int j; |
4522 | for (j = 0; j < i; j++) |
4523 | free(tmp_attrs[j].pValue); |
4524 | |
4525 | free(tmp_attrs); |
4526 | printf("Internal test memory failure\n"); |
4527 | return (CKR_HOST_MEMORY0x00000002UL); |
4528 | } |
4529 | } |
4530 | |
4531 | /* then get the attributes from the object */ |
4532 | crv = pFunctionList->C_GetAttributeValue(hSession, obj, tmp_attrs, |
4533 | expected_attrs_count); |
4534 | if (crv != CKR_OK0x00000000UL) { |
4535 | PKM_Error("C_GetAttributeValue failed with 0x%08X, %-26s\n", crv, |
4536 | PKM_CK_RVtoStr(crv)); |
4537 | crv = CKR_FUNCTION_FAILED0x00000006UL; |
4538 | goto out; |
4539 | } |
4540 | |
4541 | /* Finally compare with the expected ones */ |
4542 | for (i = 0; i < expected_attrs_count; i++) { |
4543 | |
4544 | if (memcmp(tmp_attrs[i].pValue, expected_attrs[i].pValue, |
4545 | expected_attrs[i].ulValueLen) != 0) { |
4546 | PKM_LogIt("comparing attribute type 0x%x with expected 0x%x\n", |
4547 | tmp_attrs[i].type, expected_attrs[i].type); |
4548 | PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n", |
4549 | tmp_attrs[i].pValue, expected_attrs[i].pValue); |
4550 | /* don't report error at this time */ |
4551 | } |
4552 | } |
4553 | |
4554 | out: |
4555 | for (i = 0; i < expected_attrs_count; i++) |
4556 | free(tmp_attrs[i].pValue); |
4557 | free(tmp_attrs); |
4558 | return (crv); |
4559 | } |
4560 | |
4561 | /* |
4562 | * Check the validity of a mech |
4563 | */ |
4564 | CK_RV |
4565 | PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession, |
4566 | CK_MECHANISM_TYPE mechType, CK_FLAGS flags, |
4567 | CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize) |
4568 | { |
4569 | CK_SESSION_INFO sess_info; |
4570 | CK_MECHANISM_INFO mech_info; |
4571 | CK_RV crv; |
4572 | |
4573 | NUMTESTS++; /* increment NUMTESTS */ |
4574 | |
4575 | if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info)) != |
4576 | CKR_OK0x00000000UL) { |
4577 | PKM_Error("C_GetSessionInfo failed with 0x%08X, %-26s\n", crv, |
4578 | PKM_CK_RVtoStr(crv)); |
4579 | return (CKR_FUNCTION_FAILED0x00000006UL); |
4580 | } |
4581 | |
4582 | crv = pFunctionList->C_GetMechanismInfo(0, mechType, |
4583 | &mech_info); |
4584 | |
4585 | crv = pFunctionList->C_GetMechanismInfo(sess_info.slotID, mechType, |
4586 | &mech_info); |
4587 | |
4588 | if (crv != CKR_OK0x00000000UL) { |
4589 | PKM_Error("C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv, |
4590 | PKM_CK_RVtoStr(crv)); |
4591 | return (CKR_FUNCTION_FAILED0x00000006UL); |
4592 | } |
4593 | |
4594 | if ((mech_info.flags & flags) == 0) { |
4595 | PKM_Error("0x%x flag missing from mech\n", flags); |
4596 | return (CKR_MECHANISM_INVALID0x00000070UL); |
4597 | } |
4598 | if (!check_sizes) |
4599 | return (CKR_OK0x00000000UL); |
4600 | |
4601 | if (mech_info.ulMinKeySize != minkeysize) { |
4602 | PKM_Error("Bad MinKeySize %d expected %d\n", mech_info.ulMinKeySize, |
4603 | minkeysize); |
4604 | return (CKR_MECHANISM_INVALID0x00000070UL); |
4605 | } |
4606 | if (mech_info.ulMaxKeySize != maxkeysize) { |
4607 | PKM_Error("Bad MaxKeySize %d expected %d\n", mech_info.ulMaxKeySize, |
4608 | maxkeysize); |
4609 | return (CKR_MECHANISM_INVALID0x00000070UL); |
4610 | } |
4611 | return (CKR_OK0x00000000UL); |
4612 | } |
4613 | |
4614 | /* |
4615 | * Can be called with a non-null premaster_key_len for the |
4616 | * *_DH mechanisms. In that case, no checking for the matching of |
4617 | * the expected results is done. |
4618 | * The rnd argument tells which correct/bogus randomInfo to use. |
4619 | */ |
4620 | CK_RV |
4621 | PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList, |
4622 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
4623 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, |
4624 | CK_MECHANISM_TYPE mechType, |
4625 | enum_random_t rnd) |
4626 | { |
4627 | CK_SESSION_HANDLE hSession; |
4628 | CK_RV crv; |
4629 | CK_MECHANISM mk_mech; |
4630 | CK_VERSION version; |
4631 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; |
4632 | CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL; |
4633 | CK_BBOOL derive_bool = true; |
4634 | CK_ATTRIBUTE attrs[4]; |
4635 | CK_ULONG attrs_count = 4; |
4636 | CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE0; |
4637 | CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE0; |
4638 | CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params; |
4639 | CK_MECHANISM skmd_mech; |
4640 | |
4641 | CK_BBOOL isDH = false; |
4642 | |
4643 | NUMTESTS++; /* increment NUMTESTS */ |
4644 | |
4645 | attrs[0].type = CKA_CLASS0x00000000UL; |
4646 | attrs[0].pValue = &class; |
4647 | attrs[0].ulValueLen = sizeof(class); |
4648 | attrs[1].type = CKA_KEY_TYPE0x00000100UL; |
4649 | attrs[1].pValue = &type; |
4650 | attrs[1].ulValueLen = sizeof(type); |
4651 | attrs[2].type = CKA_DERIVE0x0000010CUL; |
4652 | attrs[2].pValue = &derive_bool; |
4653 | attrs[2].ulValueLen = sizeof(derive_bool); |
4654 | attrs[3].type = CKA_VALUE0x00000011UL; |
4655 | attrs[3].pValue = NULL((void*)0); |
4656 | attrs[3].ulValueLen = 0; |
4657 | |
4658 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
4659 | NULL((void*)0), NULL((void*)0), &hSession); |
4660 | if (crv != CKR_OK0x00000000UL) { |
4661 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
4662 | PKM_CK_RVtoStr(crv)); |
4663 | return crv; |
4664 | } |
4665 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
4666 | if (crv == CKR_OK0x00000000UL) { |
4667 | PKM_LogIt("C_Login with correct password succeeded\n"); |
4668 | } else { |
4669 | PKM_Error("C_Login with correct password failed " |
4670 | "with 0x%08X, %-26s\n", |
4671 | crv, PKM_CK_RVtoStr(crv)); |
4672 | return crv; |
4673 | } |
4674 | |
4675 | /* Before all, check if the mechanism is supported correctly */ |
4676 | if (MODE == FIPSMODE0) { |
4677 | crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE0x00080000UL, false, |
4678 | 0, 0); |
4679 | if (crv != CKR_OK0x00000000UL) { |
4680 | PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv, |
4681 | PKM_CK_RVtoStr(crv)); |
4682 | return (crv); |
4683 | } |
4684 | } |
4685 | |
4686 | mk_mech.mechanism = mechType; |
4687 | mk_mech.pParameter = &mkd_params; |
4688 | mk_mech.ulParameterLen = sizeof(mkd_params); |
4689 | |
4690 | switch (mechType) { |
4691 | case CKM_TLS_MASTER_KEY_DERIVE_DH0x00000377UL: |
4692 | isDH = true; |
4693 | /* FALLTHRU */ |
4694 | case CKM_TLS_MASTER_KEY_DERIVE0x00000375UL: |
4695 | attrs[3].pValue = NULL((void*)0); |
4696 | attrs[3].ulValueLen = 0; |
4697 | |
4698 | mkd_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom; |
4699 | mkd_params.RandomInfo.ulClientRandomLen = |
4700 | sizeof(TLSClientRandom); |
4701 | mkd_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom; |
4702 | mkd_params.RandomInfo.ulServerRandomLen = |
4703 | sizeof(TLSServerRandom); |
4704 | break; |
4705 | } |
4706 | mkd_params.pVersion = (!isDH) ? &version : NULL((void*)0); |
4707 | |
4708 | /* First create the pre-master secret key */ |
4709 | |
4710 | skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL; |
4711 | skmd_mech.pParameter = &mkd_params; |
4712 | skmd_mech.ulParameterLen = sizeof(mkd_params); |
4713 | |
4714 | crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech, |
4715 | attrs, |
4716 | attrs_count, |
4717 | &pmk_obj); |
4718 | if (crv == CKR_OK0x00000000UL) { |
4719 | PKM_LogIt("C_GenerateKey succeeded\n"); |
4720 | } else { |
4721 | PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv, |
4722 | PKM_CK_RVtoStr(crv)); |
4723 | return crv; |
4724 | } |
4725 | /* Test the bad cases */ |
4726 | switch (rnd) { |
4727 | case CORRECT: |
4728 | goto correct; |
4729 | |
4730 | case BOGUS_CLIENT_RANDOM: |
4731 | mkd_params.RandomInfo.pClientRandom = NULL((void*)0); |
4732 | break; |
4733 | |
4734 | case BOGUS_CLIENT_RANDOM_LEN: |
4735 | mkd_params.RandomInfo.ulClientRandomLen = 0; |
4736 | break; |
4737 | |
4738 | case BOGUS_SERVER_RANDOM: |
4739 | mkd_params.RandomInfo.pServerRandom = NULL((void*)0); |
4740 | break; |
4741 | |
4742 | case BOGUS_SERVER_RANDOM_LEN: |
4743 | mkd_params.RandomInfo.ulServerRandomLen = 0; |
4744 | break; |
4745 | } |
4746 | crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL((void*)0), 0, |
4747 | &mk_obj); |
4748 | if (crv != CKR_MECHANISM_PARAM_INVALID0x00000071UL) { |
4749 | PKM_LogIt("C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv, |
4750 | PKM_CK_RVtoStr(crv)); |
4751 | } else { |
4752 | PKM_Error("C_DeriveKey did not fail with bad data \n"); |
4753 | } |
4754 | goto out; |
4755 | |
4756 | correct: |
4757 | /* Now derive the master secret key */ |
4758 | crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL((void*)0), 0, |
4759 | &mk_obj); |
4760 | if (crv == CKR_OK0x00000000UL) { |
4761 | PKM_LogIt("C_DeriveKey succeeded\n"); |
4762 | } else { |
4763 | PKM_Error("C_DeriveKey failed with 0x%08X, %-26s\n", crv, |
4764 | PKM_CK_RVtoStr(crv)); |
4765 | return crv; |
4766 | } |
4767 | |
4768 | out: |
4769 | if (pmk_obj != CK_INVALID_HANDLE0) |
4770 | (void)pFunctionList->C_DestroyObject(hSession, pmk_obj); |
4771 | if (mk_obj != CK_INVALID_HANDLE0) |
4772 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); |
4773 | crv = pFunctionList->C_Logout(hSession); |
4774 | |
4775 | if (crv == CKR_OK0x00000000UL) { |
4776 | PKM_LogIt("C_Logout succeeded\n"); |
4777 | } else { |
4778 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
4779 | PKM_CK_RVtoStr(crv)); |
4780 | return crv; |
4781 | } |
4782 | |
4783 | crv = pFunctionList->C_CloseSession(hSession); |
4784 | if (crv != CKR_OK0x00000000UL) { |
4785 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
4786 | PKM_CK_RVtoStr(crv)); |
4787 | return crv; |
4788 | } |
4789 | return (crv); |
4790 | } |
4791 | |
4792 | CK_RV |
4793 | PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList, |
4794 | CK_SLOT_ID *pSlotList, CK_ULONG slotID, |
4795 | CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen, |
4796 | CK_MECHANISM_TYPE mechType, enum_random_t rnd) |
4797 | { |
4798 | CK_SESSION_HANDLE hSession; |
4799 | CK_RV crv; |
4800 | CK_MECHANISM kmd_mech; |
4801 | CK_MECHANISM skmd_mech; |
4802 | CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL; |
4803 | CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL; |
4804 | CK_BBOOL derive_bool = true; |
4805 | CK_BBOOL sign_bool = true, verify_bool = true; |
4806 | CK_BBOOL encrypt_bool = true, decrypt_bool = true; |
4807 | CK_ULONG value_len; |
4808 | |
4809 | /* |
4810 | * We arrange this template so that: |
4811 | * . Attributes 0-6 are good for a MAC key comparison template. |
4812 | * . Attributes 2-5 are good for the master key creation template. |
4813 | * . Attributes 3-8 are good for a cipher key comparison template. |
4814 | */ |
4815 | CK_ATTRIBUTE attrs[9]; |
4816 | |
4817 | CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE0; |
4818 | CK_SSL3_KEY_MAT_PARAMS km_params; |
4819 | CK_SSL3_KEY_MAT_OUT kmo; |
4820 | CK_BYTE IVClient[8]; |
4821 | CK_BYTE IVServer[8]; |
4822 | |
4823 | NUMTESTS++; /* increment NUMTESTS */ |
4824 | |
4825 | attrs[0].type = CKA_SIGN0x00000108UL; |
4826 | attrs[0].pValue = &sign_bool; |
4827 | attrs[0].ulValueLen = sizeof(sign_bool); |
4828 | attrs[1].type = CKA_VERIFY0x0000010AUL; |
4829 | attrs[1].pValue = &verify_bool; |
4830 | attrs[1].ulValueLen = sizeof(verify_bool); |
4831 | attrs[2].type = CKA_KEY_TYPE0x00000100UL; |
4832 | attrs[2].pValue = &type; |
4833 | attrs[2].ulValueLen = sizeof(type); |
4834 | attrs[3].type = CKA_CLASS0x00000000UL; |
4835 | attrs[3].pValue = &class; |
4836 | attrs[3].ulValueLen = sizeof(class); |
4837 | attrs[4].type = CKA_DERIVE0x0000010CUL; |
4838 | attrs[4].pValue = &derive_bool; |
4839 | attrs[4].ulValueLen = sizeof(derive_bool); |
4840 | attrs[5].type = CKA_VALUE0x00000011UL; |
4841 | attrs[5].pValue = NULL((void*)0); |
4842 | attrs[5].ulValueLen = 0; |
4843 | attrs[6].type = CKA_VALUE_LEN0x00000161UL; |
4844 | attrs[6].pValue = &value_len; |
4845 | attrs[6].ulValueLen = sizeof(value_len); |
4846 | attrs[7].type = CKA_ENCRYPT0x00000104UL; |
4847 | attrs[7].pValue = &encrypt_bool; |
4848 | attrs[7].ulValueLen = sizeof(encrypt_bool); |
4849 | attrs[8].type = CKA_DECRYPT0x00000105UL; |
4850 | attrs[8].pValue = &decrypt_bool; |
4851 | attrs[8].ulValueLen = sizeof(decrypt_bool); |
4852 | |
4853 | crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL, |
4854 | NULL((void*)0), NULL((void*)0), &hSession); |
4855 | if (crv != CKR_OK0x00000000UL) { |
4856 | PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv, |
4857 | PKM_CK_RVtoStr(crv)); |
4858 | return crv; |
4859 | } |
4860 | crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen); |
4861 | if (crv == CKR_OK0x00000000UL) { |
4862 | PKM_LogIt("C_Login with correct password succeeded\n"); |
4863 | } else { |
4864 | PKM_Error("C_Login with correct password failed " |
4865 | "with 0x%08X, %-26s\n", |
4866 | crv, PKM_CK_RVtoStr(crv)); |
4867 | return crv; |
4868 | } |
4869 | |
4870 | /* Before all, check if the mechanism is supported correctly */ |
4871 | if (MODE == FIPSMODE0) { |
4872 | crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE0x00080000UL, |
4873 | CK_TRUE1, 48, 48); |
4874 | |
4875 | if (crv != CKR_OK0x00000000UL) { |
4876 | PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv, |
4877 | PKM_CK_RVtoStr(crv)); |
4878 | return (crv); |
4879 | } |
4880 | } |
4881 | kmd_mech.mechanism = mechType; |
4882 | kmd_mech.pParameter = &km_params; |
4883 | kmd_mech.ulParameterLen = sizeof(km_params); |
4884 | |
4885 | km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */ |
4886 | km_params.ulKeySizeInBits = 192; /* 3DES key size */ |
4887 | km_params.ulIVSizeInBits = 64; /* 3DES block size */ |
4888 | km_params.pReturnedKeyMaterial = &kmo; |
4889 | km_params.bIsExport = false; |
4890 | kmo.hClientMacSecret = CK_INVALID_HANDLE0; |
4891 | kmo.hServerMacSecret = CK_INVALID_HANDLE0; |
4892 | kmo.hClientKey = CK_INVALID_HANDLE0; |
4893 | kmo.hServerKey = CK_INVALID_HANDLE0; |
4894 | kmo.pIVClient = IVClient; |
4895 | kmo.pIVServer = IVServer; |
4896 | |
4897 | skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL; |
4898 | skmd_mech.pParameter = &km_params; |
4899 | skmd_mech.ulParameterLen = sizeof(km_params); |
4900 | |
4901 | crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech, |
4902 | &attrs[2], |
4903 | 4, |
4904 | &mk_obj); |
4905 | if (crv == CKR_OK0x00000000UL) { |
4906 | PKM_LogIt("C_GenerateKey succeeded\n"); |
4907 | } else { |
4908 | PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv, |
4909 | PKM_CK_RVtoStr(crv)); |
4910 | return crv; |
4911 | } |
4912 | |
4913 | attrs[5].pValue = NULL((void*)0); |
4914 | attrs[5].ulValueLen = 0; |
4915 | |
4916 | km_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom; |
4917 | km_params.RandomInfo.ulClientRandomLen = |
4918 | sizeof(TLSClientRandom); |
4919 | km_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom; |
4920 | km_params.RandomInfo.ulServerRandomLen = |
4921 | sizeof(TLSServerRandom); |
4922 | |
4923 | /* Test the bad cases */ |
4924 | switch (rnd) { |
4925 | case CORRECT: |
4926 | goto correct; |
4927 | |
4928 | case BOGUS_CLIENT_RANDOM: |
4929 | km_params.RandomInfo.pClientRandom = NULL((void*)0); |
4930 | break; |
4931 | |
4932 | case BOGUS_CLIENT_RANDOM_LEN: |
4933 | km_params.RandomInfo.ulClientRandomLen = 0; |
4934 | break; |
4935 | |
4936 | case BOGUS_SERVER_RANDOM: |
4937 | km_params.RandomInfo.pServerRandom = NULL((void*)0); |
4938 | break; |
4939 | |
4940 | case BOGUS_SERVER_RANDOM_LEN: |
4941 | km_params.RandomInfo.ulServerRandomLen = 0; |
4942 | break; |
4943 | } |
4944 | crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL((void*)0), 0, |
4945 | NULL((void*)0)); |
4946 | if (crv != CKR_MECHANISM_PARAM_INVALID0x00000071UL) { |
4947 | PKM_Error("key materials derivation returned unexpected " |
4948 | "error 0x%08X, %-26s\n", |
4949 | crv, PKM_CK_RVtoStr(crv)); |
4950 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); |
4951 | return (CKR_FUNCTION_FAILED0x00000006UL); |
4952 | } |
4953 | return (CKR_OK0x00000000UL); |
4954 | |
4955 | correct: |
4956 | /* |
4957 | * Then use the master key and the client 'n server random data to |
4958 | * derive the key materials |
4959 | */ |
4960 | crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL((void*)0), 0, |
4961 | NULL((void*)0)); |
4962 | if (crv != CKR_OK0x00000000UL) { |
4963 | PKM_Error("Cannot derive the key materials, crv 0x%08X, %-26s\n", |
4964 | crv, PKM_CK_RVtoStr(crv)); |
4965 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); |
4966 | return (crv); |
4967 | } |
4968 | |
4969 | if (mk_obj != CK_INVALID_HANDLE0) |
4970 | (void)pFunctionList->C_DestroyObject(hSession, mk_obj); |
4971 | if (kmo.hClientMacSecret != CK_INVALID_HANDLE0) |
4972 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret); |
4973 | if (kmo.hServerMacSecret != CK_INVALID_HANDLE0) |
4974 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret); |
4975 | if (kmo.hClientKey != CK_INVALID_HANDLE0) |
4976 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientKey); |
4977 | if (kmo.hServerKey != CK_INVALID_HANDLE0) |
4978 | (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerKey); |
4979 | |
4980 | crv = pFunctionList->C_Logout(hSession); |
4981 | if (crv == CKR_OK0x00000000UL) { |
4982 | PKM_LogIt("C_Logout succeeded\n"); |
4983 | } else { |
4984 | PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv, |
4985 | PKM_CK_RVtoStr(crv)); |
4986 | return crv; |
4987 | } |
4988 | crv = pFunctionList->C_CloseSession(hSession); |
4989 | if (crv != CKR_OK0x00000000UL) { |
4990 | PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv, |
4991 | PKM_CK_RVtoStr(crv)); |
4992 | return crv; |
4993 | } |
4994 | |
4995 | return (crv); |
4996 | } |
4997 | |
4998 | CK_RV |
4999 | PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList, |
5000 | CK_SESSION_HANDLE hRwSession, |
5001 | CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey, |
5002 | CK_MECHANISM *sigMech, |
5003 | CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech, |
5004 | const CK_BYTE *pData, CK_ULONG pDataLen) |
5005 | { |
5006 | |
5007 | CK_RV crv = CKR_OK0x00000000UL; |
5008 | CK_BYTE encryptedData[MAX_CIPHER_SZ128]; |
5009 | CK_ULONG ulEncryptedDataLen = 0; |
5010 | CK_ULONG ulLastUpdateSize = 0; |
5011 | CK_BYTE sig[MAX_SIG_SZ128]; |
5012 | CK_ULONG ulSigLen = 0; |
5013 | CK_BYTE data[MAX_DATA_SZ64]; |
5014 | CK_ULONG ulDataLen = 0; |
5015 | |
5016 | memset(encryptedData, 0, sizeof(encryptedData)); |
5017 | memset(sig, 0, sizeof(sig)); |
5018 | memset(data, 0, sizeof(data)); |
5019 | |
5020 | NUMTESTS++; /* increment NUMTESTS */ |
5021 | |
5022 | /* Check that the mechanism is Multi-part */ |
5023 | if (sigMech->mechanism == CKM_DSA0x00000011UL || sigMech->mechanism == CKM_RSA_PKCS0x00000001UL) { |
5024 | PKM_Error("PKM_DualFuncSign must be called with a Multi-part " |
5025 | "operation mechanism\n"); |
5026 | return CKR_DEVICE_ERROR0x00000030UL; |
5027 | } |
5028 | |
5029 | /* Sign and Encrypt */ |
5030 | if (privateKey == 0 && publicKey == 0) { |
5031 | crv = pFunctionList->C_SignInit(hRwSession, sigMech, secretKey); |
5032 | if (crv != CKR_OK0x00000000UL) { |
5033 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, |
5034 | PKM_CK_RVtoStr(crv)); |
5035 | return crv; |
5036 | } |
5037 | } else { |
5038 | crv = pFunctionList->C_SignInit(hRwSession, sigMech, privateKey); |
5039 | if (crv != CKR_OK0x00000000UL) { |
5040 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, |
5041 | PKM_CK_RVtoStr(crv)); |
5042 | return crv; |
5043 | } |
5044 | } |
5045 | crv = pFunctionList->C_EncryptInit(hRwSession, cryptMech, secretKey); |
5046 | if (crv != CKR_OK0x00000000UL) { |
5047 | PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv, |
5048 | PKM_CK_RVtoStr(crv)); |
5049 | return crv; |
5050 | } |
5051 | |
5052 | ulEncryptedDataLen = sizeof(encryptedData); |
5053 | crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE *)pData, |
5054 | pDataLen, |
5055 | encryptedData, |
5056 | &ulEncryptedDataLen); |
5057 | if (crv != CKR_OK0x00000000UL) { |
5058 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, |
5059 | PKM_CK_RVtoStr(crv)); |
5060 | return crv; |
5061 | } |
5062 | |
5063 | ulLastUpdateSize = sizeof(encryptedData) - ulEncryptedDataLen; |
5064 | crv = pFunctionList->C_EncryptFinal(hRwSession, |
5065 | (CK_BYTE *)&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize); |
5066 | if (crv != CKR_OK0x00000000UL) { |
5067 | PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv, |
5068 | PKM_CK_RVtoStr(crv)); |
5069 | return crv; |
5070 | } |
5071 | ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize; |
5072 | ulSigLen = sizeof(sig); |
5073 | crv = pFunctionList->C_SignFinal(hRwSession, sig, &ulSigLen); |
5074 | if (crv != CKR_OK0x00000000UL) { |
5075 | PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv, |
5076 | PKM_CK_RVtoStr(crv)); |
5077 | return crv; |
5078 | } |
5079 | |
5080 | /* Decrypt and Verify */ |
5081 | |
5082 | crv = pFunctionList->C_DecryptInit(hRwSession, cryptMech, secretKey); |
5083 | if (crv != CKR_OK0x00000000UL) { |
5084 | PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv, |
5085 | PKM_CK_RVtoStr(crv)); |
5086 | return crv; |
5087 | } |
5088 | crv = pFunctionList->C_VerifyInit(hRwSession, sigMech, |
5089 | publicKey); |
5090 | if (crv != CKR_OK0x00000000UL) { |
5091 | PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv, |
5092 | PKM_CK_RVtoStr(crv)); |
5093 | return crv; |
5094 | } |
5095 | |
5096 | ulDataLen = sizeof(data); |
5097 | crv = pFunctionList->C_DecryptVerifyUpdate(hRwSession, |
5098 | encryptedData, |
5099 | ulEncryptedDataLen, |
5100 | data, &ulDataLen); |
5101 | if (crv != CKR_OK0x00000000UL) { |
5102 | PKM_Error("C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv, |
5103 | PKM_CK_RVtoStr(crv)); |
5104 | return crv; |
5105 | } |
5106 | ulLastUpdateSize = sizeof(data) - ulDataLen; |
5107 | /* Get last little piece of plaintext. Should have length 0 */ |
5108 | crv = pFunctionList->C_DecryptFinal(hRwSession, &data[ulDataLen], |
5109 | &ulLastUpdateSize); |
5110 | if (crv != CKR_OK0x00000000UL) { |
5111 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, |
5112 | PKM_CK_RVtoStr(crv)); |
5113 | return crv; |
5114 | } |
5115 | |
5116 | if (ulLastUpdateSize != 0) { |
5117 | crv = pFunctionList->C_VerifyUpdate(hRwSession, &data[ulDataLen], |
5118 | ulLastUpdateSize); |
5119 | if (crv != CKR_OK0x00000000UL) { |
5120 | PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv, |
5121 | PKM_CK_RVtoStr(crv)); |
5122 | return crv; |
5123 | } |
5124 | } |
5125 | ulDataLen = ulDataLen + ulLastUpdateSize; |
5126 | |
5127 | /* input for the verify operation is the decrypted data */ |
5128 | crv = pFunctionList->C_VerifyFinal(hRwSession, sig, ulSigLen); |
5129 | if (crv == CKR_OK0x00000000UL) { |
5130 | PKM_LogIt("C_VerifyFinal succeeded\n"); |
5131 | } else { |
5132 | PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv, |
5133 | PKM_CK_RVtoStr(crv)); |
5134 | return crv; |
5135 | } |
5136 | |
5137 | /* Comparison of Decrypted data with inputed data */ |
5138 | if ((ulDataLen == pDataLen) && |
5139 | (memcmp(data, pData, pDataLen) == 0)) { |
5140 | PKM_LogIt("PKM_DualFuncSign decrypt test case passed\n"); |
5141 | } else { |
5142 | PKM_Error("PKM_DualFuncSign derypt test case failed\n"); |
5143 | } |
5144 | |
5145 | return crv; |
5146 | } |
5147 | |
5148 | CK_RV |
5149 | PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList, |
5150 | CK_SESSION_HANDLE hSession, |
5151 | CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey, |
5152 | const CK_BYTE *pData, CK_ULONG pDataLen) |
5153 | { |
5154 | CK_RV crv = CKR_OK0x00000000UL; |
5155 | CK_BYTE digest1[MAX_DIGEST_SZ64]; |
5156 | CK_ULONG digest1Len = 0; |
5157 | CK_BYTE digest2[MAX_DIGEST_SZ64]; |
5158 | CK_ULONG digest2Len = 0; |
5159 | |
5160 | /* Tested with CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512 */ |
5161 | |
5162 | memset(digest1, 0, sizeof(digest1)); |
5163 | memset(digest2, 0, sizeof(digest2)); |
5164 | |
5165 | NUMTESTS++; /* increment NUMTESTS */ |
5166 | |
5167 | crv = pFunctionList->C_DigestInit(hSession, digestMech); |
5168 | if (crv != CKR_OK0x00000000UL) { |
5169 | PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv, |
5170 | PKM_CK_RVtoStr(crv)); |
5171 | return crv; |
5172 | } |
5173 | digest1Len = sizeof(digest1); |
5174 | crv = pFunctionList->C_Digest(hSession, (CK_BYTE *)pData, pDataLen, |
5175 | digest1, &digest1Len); |
5176 | if (crv != CKR_OK0x00000000UL) { |
5177 | PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv, |
5178 | PKM_CK_RVtoStr(crv)); |
5179 | return crv; |
5180 | } |
5181 | |
5182 | crv = pFunctionList->C_DigestInit(hSession, digestMech); |
5183 | if (crv != CKR_OK0x00000000UL) { |
5184 | PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv, |
5185 | PKM_CK_RVtoStr(crv)); |
5186 | return crv; |
5187 | } |
5188 | |
5189 | crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE *)pData, pDataLen); |
5190 | if (crv != CKR_OK0x00000000UL) { |
5191 | PKM_Error("C_DigestUpdate failed with 0x%08X, %-26s\n", crv, |
5192 | PKM_CK_RVtoStr(crv)); |
5193 | return crv; |
5194 | } |
5195 | |
5196 | /* C_DigestKey continues a multiple-part message-digesting operation by*/ |
5197 | /* digesting the value of a secret key. (only used with C_DigestUpdate)*/ |
5198 | if (hSecretKey != 0) { |
5199 | crv = pFunctionList->C_DigestKey(hSession, hSecretKey); |
5200 | if (crv != CKR_OK0x00000000UL) { |
5201 | PKM_Error("C_DigestKey failed with 0x%08X, %-26s\n", crv, |
5202 | PKM_CK_RVtoStr(crv)); |
5203 | return crv; |
5204 | } |
5205 | } |
5206 | |
5207 | digest2Len = sizeof(digest2); |
5208 | crv = pFunctionList->C_DigestFinal(hSession, digest2, &digest2Len); |
5209 | if (crv != CKR_OK0x00000000UL) { |
5210 | PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv, |
5211 | PKM_CK_RVtoStr(crv)); |
5212 | return crv; |
5213 | } |
5214 | |
5215 | if (hSecretKey == 0) { |
5216 | /* did not digest a secret key so digests should equal */ |
5217 | if ((digest1Len == digest2Len) && |
5218 | (memcmp(digest1, digest2, digest1Len) == 0)) { |
5219 | PKM_LogIt("Single and Multiple-part message digest " |
5220 | "operations successful\n"); |
5221 | } else { |
5222 | PKM_Error("Single and Multiple-part message digest " |
5223 | "operations failed\n"); |
5224 | } |
5225 | } else { |
5226 | if (digest1Len == digest2Len) { |
5227 | PKM_LogIt("PKM_Digest Single and Multiple-part message digest " |
5228 | "operations successful\n"); |
5229 | } else { |
5230 | PKM_Error("PKM_Digest Single and Multiple-part message digest " |
5231 | "operations failed\n"); |
5232 | } |
5233 | } |
5234 | |
5235 | return crv; |
5236 | } |
5237 | |
5238 | char * |
5239 | PKM_FilePasswd(char *pwFile) |
5240 | { |
5241 | unsigned char phrase[500]; |
5242 | PRFileDesc *fd; |
5243 | PRInt32 nb; |
5244 | int i; |
5245 | |
5246 | if (!pwFile) |
5247 | return 0; |
5248 | |
5249 | fd = PR_Open(pwFile, PR_RDONLY0x01, 0); |
5250 | if (!fd) { |
5251 | fprintf(stderrstderr, "No password file \"%s\" exists.\n", pwFile); |
5252 | return NULL((void*)0); |
5253 | } |
5254 | |
5255 | nb = PR_Read(fd, phrase, sizeof(phrase)); |
5256 | |
5257 | PR_Close(fd); |
5258 | /* handle the Windows EOL case */ |
5259 | i = 0; |
5260 | while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) |
5261 | i++; |
5262 | phrase[i] = '\0'; |
5263 | if (nb == 0) { |
5264 | fprintf(stderrstderr, "password file contains no data\n"); |
5265 | return NULL((void*)0); |
5266 | } |
5267 | return (char *)strdup((char *)phrase); |
5268 | } |
5269 | |
5270 | void |
5271 | PKM_Help() |
5272 | { |
5273 | PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError); |
5274 | PR_fprintf(debug_out, "pk11mode test program usage:\n"); |
5275 | PR_fprintf(debug_out, "\t-f <file> Password File : echo pw > file \n"); |
5276 | PR_fprintf(debug_out, "\t-F Disable Unix fork tests\n"); |
5277 | PR_fprintf(debug_out, "\t-n Non Fips Mode \n"); |
5278 | PR_fprintf(debug_out, "\t-d <path> Database path location\n"); |
5279 | PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix\n"); |
5280 | PR_fprintf(debug_out, "\t-v verbose\n"); |
5281 | PR_fprintf(debug_out, "\t-h this help message\n"); |
5282 | exit(1); |
5283 | } |
5284 | |
5285 | void |
5286 | PKM_CheckPath(char *string) |
5287 | { |
5288 | char *src; |
5289 | char *dest; |
5290 | |
5291 | /* |
5292 | * windows support convert any back slashes to |
5293 | * forward slashes. |
5294 | */ |
5295 | for (src = string, dest = string; *src; src++, dest++) { |
5296 | if (*src == '\\') { |
5297 | *dest = '/'; |
5298 | } |
5299 | } |
5300 | dest--; |
5301 | /* if the last char is a / set it to 0 */ |
5302 | if (*dest == '/') |
5303 | *dest = 0; |
5304 | } |
5305 | |
5306 | CK_RV |
5307 | PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList, |
5308 | PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs) |
5309 | { |
5310 | CK_RV crv = CKR_OK0x00000000UL; |
5311 | #ifndef NO_FORK_CHECK |
5312 | int rc = -1; |
5313 | pid_t child, ret; |
5314 | NUMTESTS++; /* increment NUMTESTS */ |
5315 | if (forkAssert) { |
5316 | putenv("NSS_STRICT_NOFORK=1"); |
5317 | } else { |
5318 | putenv("NSS_STRICT_NOFORK=0"); |
5319 | } |
5320 | child = fork(); |
5321 | switch (child) { |
5322 | case -1: |
5323 | PKM_Error("Fork failed.\n"); |
5324 | crv = CKR_DEVICE_ERROR0x00000030UL; |
5325 | break; |
5326 | case 0: |
5327 | if (fList) { |
5328 | if (!initArgs) { |
5329 | /* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo |
5330 | * in the child. This call should always fail. |
5331 | * If softoken is uninitialized, |
5332 | * it fails with CKR_CRYPTOKI_NOT_INITIALIZED. |
5333 | * If it was initialized in the parent, the fork check should |
5334 | * kick in, and make it return CKR_DEVICE_ERROR. |
5335 | */ |
5336 | CK_RV child_crv = fList->C_GetTokenInfo(0, NULL((void*)0)); |
5337 | exit(child_crv & 255); |
5338 | } else { |
5339 | /* If softoken is loaded, make a PKCS#11 call to C_Initialize |
5340 | * in the child. This call should always fail. |
5341 | * If softoken is uninitialized, this should succeed. |
5342 | * If it was initialized in the parent, the fork check should |
5343 | * kick in, and make it return CKR_DEVICE_ERROR. |
5344 | */ |
5345 | CK_RV child_crv = fList->C_Initialize(initArgs); |
5346 | if (CKR_OK0x00000000UL == child_crv) { |
5347 | child_crv = fList->C_Finalize(NULL((void*)0)); |
5348 | } |
5349 | exit(child_crv & 255); |
5350 | } |
5351 | } |
5352 | exit(expected & 255); |
5353 | default: |
5354 | PKM_LogIt("Fork succeeded.\n"); |
5355 | ret = wait(&rc); |
5356 | if (ret != child || (!WIFEXITED(rc)(((rc) & 0x7f) == 0)) || |
5357 | ((expected & 255) != (WEXITSTATUS(rc)(((rc) & 0xff00) >> 8) & 255))) { |
5358 | int retStatus = -1; |
5359 | if (WIFEXITED(rc)(((rc) & 0x7f) == 0)) { |
5360 | retStatus = WEXITSTATUS(rc)(((rc) & 0xff00) >> 8); |
5361 | } |
5362 | PKM_Error("Child misbehaved.\n"); |
5363 | printf("Child return status : %d.\n", retStatus & 255); |
5364 | crv = CKR_DEVICE_ERROR0x00000030UL; |
5365 | } |
5366 | break; |
5367 | } |
5368 | #endif |
5369 | return crv; |
5370 | } |