Bug Summary

File:s/cmd/pk11mode/pk11mode.c
Warning:line 361, column 17
Potential leak of memory pointed to by 'configDir'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pk11mode.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/cmd/pk11mode -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/var/lib/jenkins/workspace/nss-scan-build/nss/cmd/pk11mode -resource-dir /usr/lib/llvm-18/lib/clang/18 -D HAVE_STRERROR -D LINUX -D linux -D XP_UNIX -D XP_UNIX -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D DEBUG -U NDEBUG -D _DEFAULT_SOURCE -D _BSD_SOURCE -D _POSIX_SOURCE -D SDB_MEASURE_USE_TEMP_DIR -D _REENTRANT -D NSS_DISABLE_SSE3 -D NSS_NO_INIT_SUPPORT -D USE_UTIL_DIRECTLY -D NO_NSPR_10_SUPPORT -D SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -I ../../../dist/Linux4.19_x86_64_gcc_glibc_PTH_64_DBG.OBJ/include -I ../../../dist/public/nss -I ../../../dist/private/nss -I ../../../dist/public/seccmd -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -std=c99 -ferror-limit 19 -fgnuc-version=4.2.1 -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-18-082241-28900-1 -x c pk11mode.c
1/*
2 * pk11mode.c - Test FIPS or NONFIPS Modes for the NSS PKCS11 api.
3 * The goal of this program is to test every function
4 * entry point of the PKCS11 api at least once.
5 * To test in FIPS mode: pk11mode
6 * To test in NONFIPS mode: pk11mode -n
7 * usage: pk11mode -h
8 *
9 * This Source Code Form is subject to the terms of the Mozilla Public
10 * License, v. 2.0. If a copy of the MPL was not distributed with this
11 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
12
13#include <assert.h>
14#include <stdio.h>
15#include <stdlib.h>
16#include <string.h>
17#include <stdarg.h>
18
19#if defined(XP_UNIX1) && defined(DO_FORK_CHECK)
20#include <unistd.h>
21#include <sys/wait.h>
22#else
23#ifndef NO_FORK_CHECK
24#define NO_FORK_CHECK
25#endif
26#endif
27
28#ifdef _WIN32
29#include <windows.h>
30#define LIB_NAME "softokn3.dll"
31#endif
32#include "prlink.h"
33#include "prprf.h"
34#include "plgetopt.h"
35#include "prenv.h"
36
37#include "pk11table.h"
38
39#define NUM_ELEM(array)(sizeof(array) / sizeof(array[0])) (sizeof(array) / sizeof(array[0]))
40
41#ifndef NULL_PTR0
42#define NULL_PTR0 0
43#endif
44
45/* Returns constant error string for "CRV".
46 * Returns "unknown error" if errNum is unknown.
47 */
48const char *
49PKM_CK_RVtoStr(CK_RV errNum)
50{
51 const char *err;
52
53 err = getName(errNum, ConstResult);
54
55 if (err)
56 return err;
57
58 return "unknown error";
59}
60
61#include "pkcs11p.h"
62
63typedef struct CK_C_INITIALIZE_ARGS_NSS {
64 CK_CREATEMUTEX CreateMutex;
65 CK_DESTROYMUTEX DestroyMutex;
66 CK_LOCKMUTEX LockMutex;
67 CK_UNLOCKMUTEX UnlockMutex;
68 CK_FLAGS flags;
69 /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
70 * a reserved field. NSS needs a way to pass instance-specific information
71 * to the library (like where to find its config files, etc). This
72 * information is usually provided by the installer and passed uninterpreted
73 * by NSS to the library, though NSS does know the specifics of the softoken
74 * version of this parameter. Most compliant PKCS#11 modules expect this
75 * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
76 * C_Initialize if Library parameters is supplied. */
77 CK_CHAR_PTR *LibraryParameters;
78 /* This field is only present if the LibraryParameters is not NULL. It must
79 * be NULL in all cases */
80 CK_VOID_PTR pReserved;
81} CK_C_INITIALIZE_ARGS_NSS;
82
83#include "pkcs11u.h"
84
85#define MAX_SIG_SZ128 128
86#define MAX_CIPHER_SZ128 128
87#define MAX_DATA_SZ64 64
88#define MAX_DIGEST_SZ64 64
89#define HMAC_MAX_LENGTH64 64
90#define FIPSMODE0 0
91#define NONFIPSMODE1 1
92#define HYBRIDMODE2 2
93#define NOMODE3 3
94int MODE = FIPSMODE0;
95
96CK_BBOOL true = CK_TRUE1;
97CK_BBOOL false = CK_FALSE0;
98static const CK_BYTE PLAINTEXT[] = { "Firefox Rules!" };
99static const CK_BYTE PLAINTEXT_PAD[] = { "Firefox and thunderbird rule the world!" };
100CK_ULONG NUMTESTS = 0;
101
102static const char *slotFlagName[] = {
103 "CKF_TOKEN_PRESENT",
104 "CKF_REMOVABLE_DEVICE",
105 "CKF_HW_SLOT",
106 "unknown token flag 0x00000008",
107 "unknown token flag 0x00000010",
108 "unknown token flag 0x00000020",
109 "unknown token flag 0x00000040",
110 "unknown token flag 0x00000080",
111 "unknown token flag 0x00000100",
112 "unknown token flag 0x00000200",
113 "unknown token flag 0x00000400",
114 "unknown token flag 0x00000800",
115 "unknown token flag 0x00001000",
116 "unknown token flag 0x00002000",
117 "unknown token flag 0x00004000",
118 "unknown token flag 0x00008000"
119 "unknown token flag 0x00010000",
120 "unknown token flag 0x00020000",
121 "unknown token flag 0x00040000",
122 "unknown token flag 0x00080000",
123 "unknown token flag 0x00100000",
124 "unknown token flag 0x00200000",
125 "unknown token flag 0x00400000",
126 "unknown token flag 0x00800000"
127 "unknown token flag 0x01000000",
128 "unknown token flag 0x02000000",
129 "unknown token flag 0x04000000",
130 "unknown token flag 0x08000000",
131 "unknown token flag 0x10000000",
132 "unknown token flag 0x20000000",
133 "unknown token flag 0x40000000",
134 "unknown token flag 0x80000000"
135};
136
137static const char *tokenFlagName[] = {
138 "CKF_PKM_RNG",
139 "CKF_WRITE_PROTECTED",
140 "CKF_LOGIN_REQUIRED",
141 "CKF_USER_PIN_INITIALIZED",
142 "unknown token flag 0x00000010",
143 "CKF_RESTORE_KEY_NOT_NEEDED",
144 "CKF_CLOCK_ON_TOKEN",
145 "unknown token flag 0x00000080",
146 "CKF_PROTECTED_AUTHENTICATION_PATH",
147 "CKF_DUAL_CRYPTO_OPERATIONS",
148 "CKF_TOKEN_INITIALIZED",
149 "CKF_SECONDARY_AUTHENTICATION",
150 "unknown token flag 0x00001000",
151 "unknown token flag 0x00002000",
152 "unknown token flag 0x00004000",
153 "unknown token flag 0x00008000",
154 "CKF_USER_PIN_COUNT_LOW",
155 "CKF_USER_PIN_FINAL_TRY",
156 "CKF_USER_PIN_LOCKED",
157 "CKF_USER_PIN_TO_BE_CHANGED",
158 "CKF_SO_PIN_COUNT_LOW",
159 "CKF_SO_PIN_FINAL_TRY",
160 "CKF_SO_PIN_LOCKED",
161 "CKF_SO_PIN_TO_BE_CHANGED",
162 "unknown token flag 0x01000000",
163 "unknown token flag 0x02000000",
164 "unknown token flag 0x04000000",
165 "unknown token flag 0x08000000",
166 "unknown token flag 0x10000000",
167 "unknown token flag 0x20000000",
168 "unknown token flag 0x40000000",
169 "unknown token flag 0x80000000"
170};
171
172static const unsigned char TLSClientRandom[] = {
173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
174 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
175 0x0d, 0x90, 0xbb, 0x5e, 0xc6, 0xe1, 0x3f, 0x71,
176 0x0a, 0xa2, 0x70, 0x5a, 0x4f, 0xbc, 0x3f, 0x0d
177};
178static const unsigned char TLSServerRandom[] = {
179 0x00, 0x00, 0x1d, 0x4a, 0x7a, 0x0a, 0xa5, 0x01,
180 0x8e, 0x79, 0x72, 0xde, 0x9e, 0x2f, 0x8a, 0x0d,
181 0xed, 0xb2, 0x5d, 0xf1, 0x14, 0xc2, 0xc6, 0x66,
182 0x95, 0x86, 0xb0, 0x0d, 0x87, 0x2a, 0x2a, 0xc9
183};
184
185typedef enum {
186 CORRECT,
187 BOGUS_CLIENT_RANDOM,
188 BOGUS_CLIENT_RANDOM_LEN,
189 BOGUS_SERVER_RANDOM,
190 BOGUS_SERVER_RANDOM_LEN
191} enum_random_t;
192
193void
194dumpToHash64(const unsigned char *buf, unsigned int bufLen)
195{
196 unsigned int i;
197 for (i = 0; i < bufLen; i += 8) {
198 if (i % 32 == 0)
199 printf("\n");
200 printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,",
201 buf[i], buf[i + 1], buf[i + 2], buf[i + 3],
202 buf[i + 4], buf[i + 5], buf[i + 6], buf[i + 7]);
203 }
204 printf("\n");
205}
206
207#ifdef _WIN32
208HMODULE hModule;
209#else
210PRLibrary *lib;
211#endif
212
213/*
214* All api that belongs to pk11mode.c layer start with the prefix PKM_
215*/
216void PKM_LogIt(const char *fmt, ...);
217void PKM_Error(const char *fmt, ...);
218CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
219 CK_ULONG slotID);
220CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID);
221CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
222 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
223 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
224CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
225 CK_SLOT_ID *pSlotList, CK_ULONG slotID);
226CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
227 CK_ULONG slotID);
228CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
229 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
230 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
231CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
232 CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
233CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
234 CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
235CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
236 CK_C_INITIALIZE_ARGS_NSS *initArgs);
237CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
238 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
239 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
240CK_RV PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
241 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
242 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
243CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
244 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
245 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
246CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
247 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
248 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
249CK_RV PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
250 CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
251 CK_ATTRIBUTE_PTR expected_attrs,
252 CK_ULONG expected_attrs_count);
253CK_RV PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList,
254 CK_SESSION_HANDLE hSession, CK_MECHANISM_TYPE mechType,
255 CK_FLAGS flags, CK_BBOOL check_sizes,
256 CK_ULONG minkeysize, CK_ULONG maxkeysize);
257CK_RV PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
258 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
259 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
260 CK_MECHANISM_TYPE mechType, enum_random_t rnd);
261CK_RV PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
262 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
263 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
264 CK_MECHANISM_TYPE mechType,
265 enum_random_t rnd);
266CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
267 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
268 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
269CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
270 CK_SESSION_HANDLE hRwSession,
271 CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
272 CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey,
273 CK_MECHANISM *cryptMech,
274 const CK_BYTE *pData, CK_ULONG pDataLen);
275CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
276 CK_SESSION_HANDLE hSession,
277 CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
278 CK_OBJECT_HANDLE hSecKeyDigest,
279 CK_MECHANISM *digestMech,
280 const CK_BYTE *pData, CK_ULONG pDataLen);
281CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
282 CK_SESSION_HANDLE hRwSession,
283 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
284 CK_MECHANISM *signMech, const CK_BYTE *pData,
285 CK_ULONG dataLen);
286CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
287 CK_SESSION_HANDLE hSession,
288 CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
289 const CK_BYTE *pData, CK_ULONG dataLen);
290CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
291 CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
292 const CK_BYTE *pData, CK_ULONG pDataLen);
293CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
294 CK_SESSION_HANDLE hRwSession,
295 CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
296 const CK_BYTE *pData, CK_ULONG pDataLen);
297CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
298 CK_SESSION_HANDLE hSession,
299 CK_OBJECT_HANDLE hPublicKey,
300 CK_OBJECT_HANDLE hPrivateKey,
301 CK_MECHANISM *wrapMechanism,
302 CK_OBJECT_HANDLE hSecretKey,
303 CK_ATTRIBUTE *sKeyTemplate,
304 CK_ULONG skeyTempSize);
305CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
306 CK_SESSION_HANDLE hSession,
307 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
308 CK_MECHANISM *signMech, const CK_BYTE *pData,
309 CK_ULONG pDataLen);
310CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
311 PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs);
312
313void PKM_Help();
314void PKM_CheckPath(char *string);
315char *PKM_FilePasswd(char *pwFile);
316static PRBool verbose = PR_FALSE0;
317
318int
319main(int argc, char **argv)
320{
321 CK_C_GetFunctionList pC_GetFunctionList;
322 CK_FUNCTION_LIST_PTR pFunctionList;
323 CK_RV crv = CKR_OK0x00000000UL;
324 CK_C_INITIALIZE_ARGS_NSS initArgs;
325 CK_C_INITIALIZE_ARGS_NSS initArgsRerun; /* rerun selftests */
326 CK_SLOT_ID *pSlotList = NULL((void*)0);
327 CK_TOKEN_INFO tokenInfo;
328 CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */
329
330 CK_UTF8CHAR *pwd = NULL((void*)0);
331 CK_ULONG pwdLen = 0;
332 char *moduleSpec = NULL((void*)0);
333 char *moduleSpecRerun = NULL((void*)0);
334 char *configDir = NULL((void*)0);
335 char *dbPrefix = NULL((void*)0);
336 char *disableUnload = NULL((void*)0);
337 PRBool doForkTests = PR_TRUE1;
338
339 PLOptStatus os;
340 PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:");
341 while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) {
1
Assuming the condition is true
2
Loop condition is true. Entering loop body
9
 Execution continues on line 341
10
Assuming the condition is true
11
Loop condition is true. Entering loop body
342 if (PL_OPT_BAD == os)
3
Assuming 'os' is not equal to PL_OPT_BAD
4
Taking false branch
12
Assuming 'os' is not equal to PL_OPT_BAD
13
Taking false branch
343 continue;
344 switch (opt->option) {
5
Control jumps to 'case 100:' at line 357
14
Control jumps to 'case 100:' at line 357
345 case 'F': /* disable fork tests */
346 doForkTests = PR_FALSE0;
347 break;
348 case 'n': /* non fips mode */
349 MODE = NONFIPSMODE1;
350 slotID = 1;
351 break;
352 case 'f': /* password file */
353 pwd = (CK_UTF8CHAR *)PKM_FilePasswd((char *)opt->value);
354 if (!pwd)
355 PKM_Help();
356 break;
357 case 'd': /* opt_CertDir */
358 if (!opt->value)
6
Assuming field 'value' is non-null
7
Taking false branch
15
Assuming field 'value' is non-null
16
Taking false branch
359 PKM_Help();
360 configDir = strdup(opt->value);
8
Memory is allocated
361 PKM_CheckPath(configDir);
17
Potential leak of memory pointed to by 'configDir'
362 break;
363 case 'p': /* opt_DBPrefix */
364 if (!opt->value)
365 PKM_Help();
366 dbPrefix = strdup(opt->value);
367 break;
368 case 'v':
369 verbose = PR_TRUE1;
370 break;
371 case 'h': /* help message */
372 default:
373 PKM_Help();
374 break;
375 }
376 }
377 PL_DestroyOptState(opt);
378
379 if (!pwd) {
380 pwd = (CK_UTF8CHAR *)strdup("1Mozilla");
381 }
382 pwdLen = strlen((const char *)pwd);
383 if (!configDir) {
384 configDir = strdup(".");
385 }
386 if (!dbPrefix) {
387 dbPrefix = strdup("");
388 }
389
390 if (doForkTests) {
391 /* first, try to fork without softoken loaded to make sure
392 * everything is OK */
393 crv = PKM_ForkCheck(123, NULL((void*)0), PR_FALSE0, NULL((void*)0));
394 if (crv != CKR_OK0x00000000UL)
395 goto cleanup;
396 }
397
398#ifdef _WIN32
399 hModule = LoadLibrary(LIB_NAME);
400 if (hModule == NULL((void*)0)) {
401 PKM_Error("cannot load %s\n", LIB_NAME);
402 goto cleanup;
403 }
404 if (MODE == FIPSMODE0) {
405 /* FIPS mode == FC_GetFunctionList */
406 pC_GetFunctionList = (CK_C_GetFunctionList)
407 GetProcAddress(hModule, "FC_GetFunctionList");
408 } else {
409 /* NON FIPS mode == C_GetFunctionList */
410 pC_GetFunctionList = (CK_C_GetFunctionList)
411 GetProcAddress(hModule, "C_GetFunctionList");
412 }
413 if (pC_GetFunctionList == NULL((void*)0)) {
414 PKM_Error("cannot load %s\n", LIB_NAME);
415 goto cleanup;
416 }
417#else
418 {
419 char *libname = NULL((void*)0);
420 /* Get the platform-dependent library name of the NSS cryptographic module */
421 libname = PR_GetLibraryName(NULL((void*)0), "softokn3");
422 assert(libname != NULL)((libname != ((void*)0)) ? (void) (0) : __assert_fail ("libname != NULL"
, "pk11mode.c", 422, __extension__ __PRETTY_FUNCTION__));
423 lib = PR_LoadLibrary(libname);
424 assert(lib != NULL)((lib != ((void*)0)) ? (void) (0) : __assert_fail ("lib != NULL"
, "pk11mode.c", 424, __extension__ __PRETTY_FUNCTION__));
425 PR_FreeLibraryName(libname);
426 }
427 if (MODE == FIPSMODE0) {
428 pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
429 "FC_GetFunctionList");
430 assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail
("pC_GetFunctionList != NULL", "pk11mode.c", 430, __extension__
__PRETTY_FUNCTION__));
431 slotID = 0;
432 } else {
433 pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
434 "C_GetFunctionList");
435 assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail
("pC_GetFunctionList != NULL", "pk11mode.c", 435, __extension__
__PRETTY_FUNCTION__));
436 slotID = 1;
437 }
438#endif
439
440 if (MODE == FIPSMODE0) {
441 printf("Loaded FC_GetFunctionList for FIPS MODE; slotID %d \n",
442 (int)slotID);
443 } else {
444 printf("loaded C_GetFunctionList for NON FIPS MODE; slotID %d \n",
445 (int)slotID);
446 }
447
448 crv = (*pC_GetFunctionList)(&pFunctionList);
449 assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK"
, "pk11mode.c", 449, __extension__ __PRETTY_FUNCTION__));
450
451 if (doForkTests) {
452 /* now, try to fork with softoken loaded, but not initialized */
453 crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED0x00000190UL, pFunctionList,
454 PR_TRUE1, NULL((void*)0));
455 if (crv != CKR_OK0x00000000UL)
456 goto cleanup;
457 }
458
459 initArgs.CreateMutex = NULL((void*)0);
460 initArgs.DestroyMutex = NULL((void*)0);
461 initArgs.LockMutex = NULL((void*)0);
462 initArgs.UnlockMutex = NULL((void*)0);
463 initArgs.flags = CKF_OS_LOCKING_OK0x00000002UL;
464 moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
465 "keyPrefix='%s' secmod='secmod.db' flags= ",
466 configDir, dbPrefix, dbPrefix);
467 moduleSpecRerun = PR_smprintf("configdir='%s' certPrefix='%s' "
468 "keyPrefix='%s' secmod='secmod.db' flags=forcePOST ",
469 configDir, dbPrefix, dbPrefix);
470 initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
471 initArgs.pReserved = NULL((void*)0);
472 initArgsRerun = initArgs;
473 initArgsRerun.LibraryParameters = (CK_CHAR_PTR *)moduleSpecRerun;
474
475 /*DebugBreak();*/
476 /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */
477 /* NSS cryptographic module library initialization for the FIPS */
478 /* Approved mode when FC_Initialize is envoked will perfom */
479 /* software integrity test, and power-up self-tests before */
480 /* FC_Initialize returns */
481 crv = pFunctionList->C_Initialize(&initArgs);
482 if (crv == CKR_OK0x00000000UL) {
483 PKM_LogIt("C_Initialize succeeded\n");
484 } else {
485 PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
486 PKM_CK_RVtoStr(crv));
487 goto cleanup;
488 }
489
490 if (doForkTests) {
491 /* Disable core on fork for this test, since we are testing the
492 * pathological case, and if enabled, the child process would dump
493 * core in C_GetTokenInfo .
494 * We can still differentiate the correct from incorrect behavior
495 * by the PKCS#11 return code.
496 */
497 /* try to fork with softoken both loaded and initialized */
498 crv = PKM_ForkCheck(CKR_DEVICE_ERROR0x00000030UL, pFunctionList, PR_FALSE0, NULL((void*)0));
499 if (crv != CKR_OK0x00000000UL)
500 goto cleanup;
501 }
502
503 if (doForkTests) {
504 /* In this next test, we fork and try to re-initialize softoken in
505 * the child. This should now work because softoken has the ability
506 * to hard reset.
507 */
508 /* try to fork with softoken both loaded and initialized */
509 crv = PKM_ForkCheck(CKR_OK0x00000000UL, pFunctionList, PR_TRUE1, &initArgs);
510 if (crv != CKR_OK0x00000000UL)
511 goto cleanup;
512 }
513
514 crv = PKM_ShowInfo(pFunctionList, slotID);
515 if (crv == CKR_OK0x00000000UL) {
516 PKM_LogIt("PKM_ShowInfo succeeded\n");
517 } else {
518 PKM_Error("PKM_ShowInfo failed with 0x%08X, %-26s\n", crv,
519 PKM_CK_RVtoStr(crv));
520 goto cleanup;
521 }
522 pSlotList = PKM_GetSlotList(pFunctionList, slotID);
523 if (pSlotList == NULL((void*)0)) {
524 PKM_Error("PKM_GetSlotList failed with \n");
525 goto cleanup;
526 }
527 crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
528 if (crv == CKR_OK0x00000000UL) {
529 PKM_LogIt("C_GetTokenInfo succeeded\n\n");
530 } else {
531 PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
532 PKM_CK_RVtoStr(crv));
533 goto cleanup;
534 }
535
536 if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED0x00000008UL)) {
537 PKM_LogIt("Initing PW for DB\n");
538 crv = PKM_InitPWforDB(pFunctionList, pSlotList, slotID,
539 pwd, pwdLen);
540 if (crv == CKR_OK0x00000000UL) {
541 PKM_LogIt("PKM_InitPWforDB succeeded\n\n");
542 } else {
543 PKM_Error("PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv,
544 PKM_CK_RVtoStr(crv));
545 goto cleanup;
546 }
547 } else {
548 PKM_LogIt("using existing DB\n");
549 }
550
551 /* general mechanism by token */
552 crv = PKM_Mechanism(pFunctionList, pSlotList, slotID);
553 if (crv == CKR_OK0x00000000UL) {
554 PKM_LogIt("PKM_Mechanism succeeded\n\n");
555 } else {
556 PKM_Error("PKM_Mechanism failed with 0x%08X, %-26s\n", crv,
557 PKM_CK_RVtoStr(crv));
558 goto cleanup;
559 }
560 /* RNG example without Login */
561 crv = PKM_RNG(pFunctionList, pSlotList, slotID);
562 if (crv == CKR_OK0x00000000UL) {
563 PKM_LogIt("PKM_RNG succeeded\n\n");
564 } else {
565 PKM_Error("PKM_RNG failed with 0x%08X, %-26s\n", crv,
566 PKM_CK_RVtoStr(crv));
567 goto cleanup;
568 }
569
570 crv = PKM_SessionLogin(pFunctionList, pSlotList, slotID,
571 pwd, pwdLen);
572 if (crv == CKR_OK0x00000000UL) {
573 PKM_LogIt("PKM_SessionLogin succeeded\n\n");
574 } else {
575 PKM_Error("PKM_SessionLogin failed with 0x%08X, %-26s\n", crv,
576 PKM_CK_RVtoStr(crv));
577 goto cleanup;
578 }
579
580 /*
581 * PKM_KeyTest creates RSA,DSA public keys
582 * and AES, DES3 secret keys.
583 * then does digest, hmac, encrypt/decrypt, signing operations.
584 */
585 crv = PKM_KeyTests(pFunctionList, pSlotList, slotID,
586 pwd, pwdLen);
587 if (crv == CKR_OK0x00000000UL) {
588 PKM_LogIt("PKM_KeyTests succeeded\n\n");
589 } else {
590 PKM_Error("PKM_KeyTest failed with 0x%08X, %-26s\n", crv,
591 PKM_CK_RVtoStr(crv));
592 goto cleanup;
593 }
594
595 crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd,
596 pwdLen);
597 if (crv == CKR_OK0x00000000UL) {
598 PKM_LogIt("PKM_SecretKey succeeded\n\n");
599 } else {
600 PKM_Error("PKM_SecretKey failed with 0x%08X, %-26s\n", crv,
601 PKM_CK_RVtoStr(crv));
602 goto cleanup;
603 }
604
605 crv = PKM_PublicKey(pFunctionList, pSlotList, slotID,
606 pwd, pwdLen);
607 if (crv == CKR_OK0x00000000UL) {
608 PKM_LogIt("PKM_PublicKey succeeded\n\n");
609 } else {
610 PKM_Error("PKM_PublicKey failed with 0x%08X, %-26s\n", crv,
611 PKM_CK_RVtoStr(crv));
612 goto cleanup;
613 }
614 crv = PKM_OperationalState(pFunctionList, pSlotList, slotID,
615 pwd, pwdLen);
616 if (crv == CKR_OK0x00000000UL) {
617 PKM_LogIt("PKM_OperationalState succeeded\n\n");
618 } else {
619 PKM_Error("PKM_OperationalState failed with 0x%08X, %-26s\n", crv,
620 PKM_CK_RVtoStr(crv));
621 goto cleanup;
622 }
623 crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID,
624 pwd, pwdLen);
625 if (crv == CKR_OK0x00000000UL) {
626 PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n");
627 } else {
628 PKM_Error("PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv,
629 PKM_CK_RVtoStr(crv));
630 goto cleanup;
631 }
632 crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID,
633 pwd, pwdLen);
634 if (crv == CKR_OK0x00000000UL) {
635 PKM_LogIt("PKM_LegacyFunctions succeeded\n\n");
636 } else {
637 PKM_Error("PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv,
638 PKM_CK_RVtoStr(crv));
639 goto cleanup;
640 }
641 crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID,
642 pwd, pwdLen,
643 CKM_TLS_KEY_AND_MAC_DERIVE0x00000376UL, CORRECT);
644
645 if (crv == CKR_OK0x00000000UL) {
646 PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n");
647 } else {
648 PKM_Error("PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv,
649 PKM_CK_RVtoStr(crv));
650 goto cleanup;
651 }
652 crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
653 pwd, pwdLen,
654 CKM_TLS_MASTER_KEY_DERIVE0x00000375UL,
655 CORRECT);
656 if (crv == CKR_OK0x00000000UL) {
657 PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
658 } else {
659 PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
660 PKM_CK_RVtoStr(crv));
661 goto cleanup;
662 }
663 crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
664 pwd, pwdLen,
665 CKM_TLS_MASTER_KEY_DERIVE_DH0x00000377UL,
666 CORRECT);
667 if (crv == CKR_OK0x00000000UL) {
668 PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
669 } else {
670 PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
671 PKM_CK_RVtoStr(crv));
672 goto cleanup;
673 }
674 crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID,
675 pwd, pwdLen);
676 if (crv == CKR_OK0x00000000UL) {
677 PKM_LogIt("PKM_FindAllObjects succeeded\n\n");
678 } else {
679 PKM_Error("PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv,
680 PKM_CK_RVtoStr(crv));
681 goto cleanup;
682 }
683 crv = pFunctionList->C_Finalize(NULL((void*)0));
684 if (crv == CKR_OK0x00000000UL) {
685 PKM_LogIt("C_Finalize succeeded\n");
686 } else {
687 PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv,
688 PKM_CK_RVtoStr(crv));
689 goto cleanup;
690 }
691
692 if (doForkTests) {
693 /* try to fork with softoken still loaded, but de-initialized */
694 crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED0x00000190UL, pFunctionList,
695 PR_TRUE1, NULL((void*)0));
696 if (crv != CKR_OK0x00000000UL)
697 goto cleanup;
698 }
699
700 free(pSlotList);
701
702 /* demonstrate how an application can be in Hybrid mode */
703 /* PKM_HybridMode shows how to switch between NONFIPS */
704 /* mode to FIPS mode */
705
706 PKM_LogIt("Testing Hybrid mode \n");
707 crv = PKM_HybridMode(pwd, pwdLen, &initArgs);
708 if (crv == CKR_OK0x00000000UL) {
709 PKM_LogIt("PKM_HybridMode succeeded\n");
710 } else {
711 PKM_Error("PKM_HybridMode failed with 0x%08X, %-26s\n", crv,
712 PKM_CK_RVtoStr(crv));
713 goto cleanup;
714 }
715
716 if (doForkTests) {
717 /* testing one more C_Initialize / C_Finalize to exercise getpid()
718 * fork check code */
719 crv = pFunctionList->C_Initialize(&initArgsRerun);
720 if (crv == CKR_OK0x00000000UL) {
721 PKM_LogIt("C_Initialize succeeded\n");
722 } else {
723 PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
724 PKM_CK_RVtoStr(crv));
725 goto cleanup;
726 }
727 crv = pFunctionList->C_Finalize(NULL((void*)0));
728 if (crv == CKR_OK0x00000000UL) {
729 PKM_LogIt("C_Finalize succeeded\n");
730 } else {
731 PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv,
732 PKM_CK_RVtoStr(crv));
733 goto cleanup;
734 }
735 /* try to C_Initialize / C_Finalize in child. This should succeed */
736 crv = PKM_ForkCheck(CKR_OK0x00000000UL, pFunctionList, PR_TRUE1, &initArgs);
737 }
738
739 PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n");
740
741cleanup:
742
743 if (pwd) {
744 free(pwd);
745 }
746 if (configDir) {
747 free(configDir);
748 }
749 if (dbPrefix) {
750 free(dbPrefix);
751 }
752 if (moduleSpec) {
753 PR_smprintf_free(moduleSpec);
754 }
755 if (moduleSpecRerun) {
756 PR_smprintf_free(moduleSpecRerun);
757 }
758
759#ifdef _WIN32
760 FreeLibrary(hModule);
761#else
762 disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
763 if (!disableUnload) {
764 PR_UnloadLibrary(lib);
765 }
766#endif
767 if (CKR_OK0x00000000UL == crv && doForkTests && !disableUnload) {
768 /* try to fork with softoken both de-initialized and unloaded */
769 crv = PKM_ForkCheck(123, NULL((void*)0), PR_TRUE1, NULL((void*)0));
770 }
771
772 printf("**** Total number of TESTS ran in %s is %d. ****\n",
773 ((MODE == FIPSMODE0) ? "FIPS MODE" : "NON FIPS MODE"), (int)NUMTESTS);
774 if (CKR_OK0x00000000UL == crv) {
775 printf("**** ALL TESTS PASSED ****\n");
776 }
777
778 return crv;
779}
780
781/*
782* PKM_KeyTests
783*
784*
785*/
786
787CK_RV
788PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
789 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
790 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
791{
792 CK_SESSION_HANDLE hRwSession;
793
794 CK_RV crv = CKR_OK0x00000000UL;
795
796 /*** DSA Key ***/
797 CK_MECHANISM dsaParamGenMech;
798 CK_ULONG primeBits = 1024;
799 CK_ATTRIBUTE dsaParamGenTemplate[1];
800 CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE0;
801 CK_BYTE DSA_P[128];
802 CK_BYTE DSA_Q[20];
803 CK_BYTE DSA_G[128];
804 CK_MECHANISM dsaKeyPairGenMech;
805 CK_ATTRIBUTE dsaPubKeyTemplate[5];
806 CK_ATTRIBUTE dsaPrivKeyTemplate[5];
807 CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE0;
808 CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE0;
809
810 /**** RSA Key ***/
811 CK_KEY_TYPE rsatype = CKK_RSA0x00000000UL;
812 CK_MECHANISM rsaKeyPairGenMech;
813 CK_BYTE subject[] = { "RSA Private Key" };
814 CK_ULONG modulusBits = 1024;
815 CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 };
816 CK_BYTE id[] = { "RSA123" };
817 CK_ATTRIBUTE rsaPubKeyTemplate[9];
818 CK_ATTRIBUTE rsaPrivKeyTemplate[11];
819 CK_OBJECT_HANDLE hRSApubKey = CK_INVALID_HANDLE0;
820 CK_OBJECT_HANDLE hRSAprivKey = CK_INVALID_HANDLE0;
821
822 /*** AES Key ***/
823 CK_MECHANISM sAESKeyMech = {
824 CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0
825 };
826 CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL;
827 CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL;
828 CK_UTF8CHAR AESlabel[] = "An AES secret key object";
829 CK_ULONG AESvalueLen = 32;
830 CK_ATTRIBUTE sAESKeyTemplate[9];
831 CK_OBJECT_HANDLE hAESSecKey;
832
833 /*** DES3 Key ***/
834 CK_KEY_TYPE keyDES3Type = CKK_DES30x00000015UL;
835 CK_UTF8CHAR DES3label[] = "An Triple DES secret key object";
836 CK_ULONG DES3valueLen = 56;
837 CK_MECHANISM sDES3KeyGenMechanism = {
838 CKM_DES3_KEY_GEN0x00000131UL, NULL((void*)0), 0
839 };
840 CK_ATTRIBUTE sDES3KeyTemplate[9];
841 CK_OBJECT_HANDLE hDES3SecKey;
842
843 CK_MECHANISM dsaWithSha1Mech = {
844 CKM_DSA_SHA10x00000012UL, NULL((void*)0), 0
845 };
846
847 CK_BYTE IV[16];
848 CK_MECHANISM mech_DES3_CBC;
849 CK_MECHANISM mech_DES3_CBC_PAD;
850 CK_MECHANISM mech_AES_CBC_PAD;
851 CK_MECHANISM mech_AES_CBC;
852 struct mech_str {
853 CK_ULONG mechanism;
854 const char *mechanismStr;
855 };
856
857 typedef struct mech_str mech_str;
858
859 mech_str digestMechs[] = {
860 { CKM_SHA_10x00000220UL, "CKM_SHA_1 " },
861 { CKM_SHA2240x00000255UL, "CKM_SHA224" },
862 { CKM_SHA2560x00000250UL, "CKM_SHA256" },
863 { CKM_SHA3840x00000260UL, "CKM_SHA384" },
864 { CKM_SHA5120x00000270UL, "CKM_SHA512" }
865 };
866 mech_str hmacMechs[] = {
867 { CKM_SHA_1_HMAC0x00000221UL, "CKM_SHA_1_HMAC" },
868 { CKM_SHA224_HMAC0x00000256UL, "CKM_SHA224_HMAC" },
869 { CKM_SHA256_HMAC0x00000251UL, "CKM_SHA256_HMAC" },
870 { CKM_SHA384_HMAC0x00000261UL, "CKM_SHA384_HMAC" },
871 { CKM_SHA512_HMAC0x00000271UL, "CKM_SHA512_HMAC" }
872 };
873 mech_str sigRSAMechs[] = {
874 { CKM_SHA1_RSA_PKCS0x00000006UL, "CKM_SHA1_RSA_PKCS" },
875 { CKM_SHA224_RSA_PKCS0x00000046UL, "CKM_SHA224_RSA_PKCS" },
876 { CKM_SHA256_RSA_PKCS0x00000040UL, "CKM_SHA256_RSA_PKCS" },
877 { CKM_SHA384_RSA_PKCS0x00000041UL, "CKM_SHA384_RSA_PKCS" },
878 { CKM_SHA512_RSA_PKCS0x00000042UL, "CKM_SHA512_RSA_PKCS" }
879 };
880
881 CK_ULONG digestMechsSZ = NUM_ELEM(digestMechs)(sizeof(digestMechs) / sizeof(digestMechs[0]));
882 CK_ULONG sigRSAMechsSZ = NUM_ELEM(sigRSAMechs)(sizeof(sigRSAMechs) / sizeof(sigRSAMechs[0]));
883 CK_ULONG hmacMechsSZ = NUM_ELEM(hmacMechs)(sizeof(hmacMechs) / sizeof(hmacMechs[0]));
884 CK_MECHANISM mech;
885
886 unsigned int i;
887
888 NUMTESTS++; /* increment NUMTESTS */
889
890 /* DSA key init */
891 dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN0x00002000UL;
892 dsaParamGenMech.pParameter = NULL_PTR0;
893 dsaParamGenMech.ulParameterLen = 0;
894 dsaParamGenTemplate[0].type = CKA_PRIME_BITS0x00000133UL;
895 dsaParamGenTemplate[0].pValue = &primeBits;
896 dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
897 dsaPubKeyTemplate[0].type = CKA_PRIME0x00000130UL;
898 dsaPubKeyTemplate[0].pValue = DSA_P;
899 dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
900 dsaPubKeyTemplate[1].type = CKA_SUBPRIME0x00000131UL;
901 dsaPubKeyTemplate[1].pValue = DSA_Q;
902 dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
903 dsaPubKeyTemplate[2].type = CKA_BASE0x00000132UL;
904 dsaPubKeyTemplate[2].pValue = DSA_G;
905 dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
906 dsaPubKeyTemplate[3].type = CKA_TOKEN0x00000001UL;
907 dsaPubKeyTemplate[3].pValue = &true;
908 dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
909 dsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL;
910 dsaPubKeyTemplate[4].pValue = &true;
911 dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
912 dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN0x00000010UL;
913 dsaKeyPairGenMech.pParameter = NULL_PTR0;
914 dsaKeyPairGenMech.ulParameterLen = 0;
915 dsaPrivKeyTemplate[0].type = CKA_TOKEN0x00000001UL;
916 dsaPrivKeyTemplate[0].pValue = &true;
917 dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
918 dsaPrivKeyTemplate[1].type = CKA_PRIVATE0x00000002UL;
919 dsaPrivKeyTemplate[1].pValue = &true;
920 dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
921 dsaPrivKeyTemplate[2].type = CKA_SENSITIVE0x00000103UL;
922 dsaPrivKeyTemplate[2].pValue = &true;
923 dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
924 dsaPrivKeyTemplate[3].type = CKA_SIGN0x00000108UL,
925 dsaPrivKeyTemplate[3].pValue = &true;
926 dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
927 dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE0x00000162UL;
928 dsaPrivKeyTemplate[4].pValue = &true;
929 dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
930
931 /* RSA key init */
932 rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN0x00000000UL;
933 rsaKeyPairGenMech.pParameter = NULL_PTR0;
934 rsaKeyPairGenMech.ulParameterLen = 0;
935
936 rsaPubKeyTemplate[0].type = CKA_KEY_TYPE0x00000100UL;
937 rsaPubKeyTemplate[0].pValue = &rsatype;
938 rsaPubKeyTemplate[0].ulValueLen = sizeof(rsatype);
939 rsaPubKeyTemplate[1].type = CKA_PRIVATE0x00000002UL;
940 rsaPubKeyTemplate[1].pValue = &true;
941 rsaPubKeyTemplate[1].ulValueLen = sizeof(true);
942 rsaPubKeyTemplate[2].type = CKA_ENCRYPT0x00000104UL;
943 rsaPubKeyTemplate[2].pValue = &true;
944 rsaPubKeyTemplate[2].ulValueLen = sizeof(true);
945 rsaPubKeyTemplate[3].type = CKA_DECRYPT0x00000105UL;
946 rsaPubKeyTemplate[3].pValue = &true;
947 rsaPubKeyTemplate[3].ulValueLen = sizeof(true);
948 rsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL;
949 rsaPubKeyTemplate[4].pValue = &true;
950 rsaPubKeyTemplate[4].ulValueLen = sizeof(true);
951 rsaPubKeyTemplate[5].type = CKA_SIGN0x00000108UL;
952 rsaPubKeyTemplate[5].pValue = &true;
953 rsaPubKeyTemplate[5].ulValueLen = sizeof(true);
954 rsaPubKeyTemplate[6].type = CKA_WRAP0x00000106UL;
955 rsaPubKeyTemplate[6].pValue = &true;
956 rsaPubKeyTemplate[6].ulValueLen = sizeof(true);
957 rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS0x00000121UL;
958 rsaPubKeyTemplate[7].pValue = &modulusBits;
959 rsaPubKeyTemplate[7].ulValueLen = sizeof(modulusBits);
960 rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT0x00000122UL;
961 rsaPubKeyTemplate[8].pValue = publicExponent;
962 rsaPubKeyTemplate[8].ulValueLen = sizeof(publicExponent);
963
964 rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE0x00000100UL;
965 rsaPrivKeyTemplate[0].pValue = &rsatype;
966 rsaPrivKeyTemplate[0].ulValueLen = sizeof(rsatype);
967 rsaPrivKeyTemplate[1].type = CKA_TOKEN0x00000001UL;
968 rsaPrivKeyTemplate[1].pValue = &true;
969 rsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
970 rsaPrivKeyTemplate[2].type = CKA_PRIVATE0x00000002UL;
971 rsaPrivKeyTemplate[2].pValue = &true;
972 rsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
973 rsaPrivKeyTemplate[3].type = CKA_SUBJECT0x00000101UL;
974 rsaPrivKeyTemplate[3].pValue = subject;
975 rsaPrivKeyTemplate[3].ulValueLen = sizeof(subject);
976 rsaPrivKeyTemplate[4].type = CKA_ID0x00000102UL;
977 rsaPrivKeyTemplate[4].pValue = id;
978 rsaPrivKeyTemplate[4].ulValueLen = sizeof(id);
979 rsaPrivKeyTemplate[5].type = CKA_SENSITIVE0x00000103UL;
980 rsaPrivKeyTemplate[5].pValue = &true;
981 rsaPrivKeyTemplate[5].ulValueLen = sizeof(true);
982 rsaPrivKeyTemplate[6].type = CKA_ENCRYPT0x00000104UL;
983 rsaPrivKeyTemplate[6].pValue = &true;
984 rsaPrivKeyTemplate[6].ulValueLen = sizeof(true);
985 rsaPrivKeyTemplate[7].type = CKA_DECRYPT0x00000105UL;
986 rsaPrivKeyTemplate[7].pValue = &true;
987 rsaPrivKeyTemplate[7].ulValueLen = sizeof(true);
988 rsaPrivKeyTemplate[8].type = CKA_VERIFY0x0000010AUL;
989 rsaPrivKeyTemplate[8].pValue = &true;
990 rsaPrivKeyTemplate[8].ulValueLen = sizeof(true);
991 rsaPrivKeyTemplate[9].type = CKA_SIGN0x00000108UL;
992 rsaPrivKeyTemplate[9].pValue = &true;
993 rsaPrivKeyTemplate[9].ulValueLen = sizeof(true);
994 rsaPrivKeyTemplate[10].type = CKA_UNWRAP0x00000107UL;
995 rsaPrivKeyTemplate[10].pValue = &true;
996 rsaPrivKeyTemplate[10].ulValueLen = sizeof(true);
997
998 /* AES key template */
999 sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL;
1000 sAESKeyTemplate[0].pValue = &class;
1001 sAESKeyTemplate[0].ulValueLen = sizeof(class);
1002 sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL;
1003 sAESKeyTemplate[1].pValue = &keyAESType;
1004 sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
1005 sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL;
1006 sAESKeyTemplate[2].pValue = AESlabel;
1007 sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
1008 sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL;
1009 sAESKeyTemplate[3].pValue = &true;
1010 sAESKeyTemplate[3].ulValueLen = sizeof(true);
1011 sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL;
1012 sAESKeyTemplate[4].pValue = &true;
1013 sAESKeyTemplate[4].ulValueLen = sizeof(true);
1014 sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL;
1015 sAESKeyTemplate[5].pValue = &true;
1016 sAESKeyTemplate[5].ulValueLen = sizeof(true);
1017 sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL;
1018 sAESKeyTemplate[6].pValue = &true;
1019 sAESKeyTemplate[6].ulValueLen = sizeof(true);
1020 sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL;
1021 sAESKeyTemplate[7].pValue = &true;
1022 sAESKeyTemplate[7].ulValueLen = sizeof(true);
1023 sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL;
1024 sAESKeyTemplate[8].pValue = &AESvalueLen;
1025 sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
1026
1027 /* DES3 key template */
1028 sDES3KeyTemplate[0].type = CKA_CLASS0x00000000UL;
1029 sDES3KeyTemplate[0].pValue = &class;
1030 sDES3KeyTemplate[0].ulValueLen = sizeof(class);
1031 sDES3KeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL;
1032 sDES3KeyTemplate[1].pValue = &keyDES3Type;
1033 sDES3KeyTemplate[1].ulValueLen = sizeof(keyDES3Type);
1034 sDES3KeyTemplate[2].type = CKA_LABEL0x00000003UL;
1035 sDES3KeyTemplate[2].pValue = DES3label;
1036 sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label) - 1;
1037 sDES3KeyTemplate[3].type = CKA_ENCRYPT0x00000104UL;
1038 sDES3KeyTemplate[3].pValue = &true;
1039 sDES3KeyTemplate[3].ulValueLen = sizeof(true);
1040 sDES3KeyTemplate[4].type = CKA_DECRYPT0x00000105UL;
1041 sDES3KeyTemplate[4].pValue = &true;
1042 sDES3KeyTemplate[4].ulValueLen = sizeof(true);
1043 sDES3KeyTemplate[5].type = CKA_UNWRAP0x00000107UL;
1044 sDES3KeyTemplate[5].pValue = &true;
1045 sDES3KeyTemplate[5].ulValueLen = sizeof(true);
1046 sDES3KeyTemplate[6].type = CKA_SIGN0x00000108UL,
1047 sDES3KeyTemplate[6].pValue = &true;
1048 sDES3KeyTemplate[6].ulValueLen = sizeof(true);
1049 sDES3KeyTemplate[7].type = CKA_VERIFY0x0000010AUL;
1050 sDES3KeyTemplate[7].pValue = &true;
1051 sDES3KeyTemplate[7].ulValueLen = sizeof(true);
1052 sDES3KeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL;
1053 sDES3KeyTemplate[8].pValue = &DES3valueLen;
1054 sDES3KeyTemplate[8].ulValueLen = sizeof(DES3valueLen);
1055
1056 /* mech init */
1057 memset(IV, 0x01, sizeof(IV));
1058 mech_DES3_CBC.mechanism = CKM_DES3_CBC0x00000133UL;
1059 mech_DES3_CBC.pParameter = IV;
1060 mech_DES3_CBC.ulParameterLen = sizeof(IV);
1061 mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD0x00000136UL;
1062 mech_DES3_CBC_PAD.pParameter = IV;
1063 mech_DES3_CBC_PAD.ulParameterLen = sizeof(IV);
1064 mech_AES_CBC.mechanism = CKM_AES_CBC0x00001082UL;
1065 mech_AES_CBC.pParameter = IV;
1066 mech_AES_CBC.ulParameterLen = sizeof(IV);
1067 mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD0x00001085UL;
1068 mech_AES_CBC_PAD.pParameter = IV;
1069 mech_AES_CBC_PAD.ulParameterLen = sizeof(IV);
1070
1071 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1072 CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL,
1073 NULL((void*)0), NULL((void*)0), &hRwSession);
1074 if (crv == CKR_OK0x00000000UL) {
1075 PKM_LogIt("Opening a read/write session succeeded\n");
1076 } else {
1077 PKM_Error("Opening a read/write session failed "
1078 "with 0x%08X, %-26s\n",
1079 crv, PKM_CK_RVtoStr(crv));
1080 return crv;
1081 }
1082
1083 if (MODE == FIPSMODE0) {
1084 crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
1085 sAESKeyTemplate,
1086 NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])),
1087 &hAESSecKey);
1088 if (crv == CKR_OK0x00000000UL) {
1089 PKM_Error("C_GenerateKey succeeded when not logged in.\n");
1090 return CKR_GENERAL_ERROR0x00000005UL;
1091 } else {
1092 PKM_LogIt("C_GenerateKey returned as EXPECTED with 0x%08X, %-26s\n"
1093 "since not logged in\n",
1094 crv, PKM_CK_RVtoStr(crv));
1095 }
1096 crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
1097 rsaPubKeyTemplate,
1098 NUM_ELEM(rsaPubKeyTemplate)(sizeof(rsaPubKeyTemplate) / sizeof(rsaPubKeyTemplate[0])),
1099 rsaPrivKeyTemplate,
1100 NUM_ELEM(rsaPrivKeyTemplate)(sizeof(rsaPrivKeyTemplate) / sizeof(rsaPrivKeyTemplate[0])),
1101 &hRSApubKey, &hRSAprivKey);
1102 if (crv == CKR_OK0x00000000UL) {
1103 PKM_Error("C_GenerateKeyPair succeeded when not logged in.\n");
1104 return CKR_GENERAL_ERROR0x00000005UL;
1105 } else {
1106 PKM_LogIt("C_GenerateKeyPair returned as EXPECTED with 0x%08X, "
1107 "%-26s\n since not logged in\n",
1108 crv,
1109 PKM_CK_RVtoStr(crv));
1110 }
1111 }
1112
1113 crv = pFunctionList->C_Login(hRwSession, CKU_USER1, pwd, pwdLen);
1114 if (crv == CKR_OK0x00000000UL) {
1115 PKM_LogIt("C_Login with correct password succeeded\n");
1116 } else {
1117 PKM_Error("C_Login with correct password failed "
1118 "with 0x%08X, %-26s\n",
1119 crv, PKM_CK_RVtoStr(crv));
1120 return crv;
1121 }
1122
1123 PKM_LogIt("Generate an AES key ... \n");
1124 /* generate an AES Secret Key */
1125 crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
1126 sAESKeyTemplate,
1127 NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])),
1128 &hAESSecKey);
1129 if (crv == CKR_OK0x00000000UL) {
1130 PKM_LogIt("C_GenerateKey AES succeeded\n");
1131 } else {
1132 PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
1133 crv, PKM_CK_RVtoStr(crv));
1134 return crv;
1135 }
1136
1137 PKM_LogIt("Generate an 3DES key ...\n");
1138 /* generate an 3DES Secret Key */
1139 crv = pFunctionList->C_GenerateKey(hRwSession, &sDES3KeyGenMechanism,
1140 sDES3KeyTemplate,
1141 NUM_ELEM(sDES3KeyTemplate)(sizeof(sDES3KeyTemplate) / sizeof(sDES3KeyTemplate[0])),
1142 &hDES3SecKey);
1143 if (crv == CKR_OK0x00000000UL) {
1144 PKM_LogIt("C_GenerateKey DES3 succeeded\n");
1145 } else {
1146 PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
1147 PKM_CK_RVtoStr(crv));
1148 return crv;
1149 }
1150
1151 PKM_LogIt("Generate DSA PQG domain parameters ... \n");
1152 /* Generate DSA domain parameters PQG */
1153 crv = pFunctionList->C_GenerateKey(hRwSession, &dsaParamGenMech,
1154 dsaParamGenTemplate,
1155 1,
1156 &hDsaParams);
1157 if (crv == CKR_OK0x00000000UL) {
1158 PKM_LogIt("DSA domain parameter generation succeeded\n");
1159 } else {
1160 PKM_Error("DSA domain parameter generation failed "
1161 "with 0x%08X, %-26s\n",
1162 crv, PKM_CK_RVtoStr(crv));
1163 return crv;
1164 }
1165 crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams,
1166 dsaPubKeyTemplate, 3);
1167 if (crv == CKR_OK0x00000000UL) {
1168 PKM_LogIt("Getting DSA domain parameters succeeded\n");
1169 } else {
1170 PKM_Error("Getting DSA domain parameters failed "
1171 "with 0x%08X, %-26s\n",
1172 crv, PKM_CK_RVtoStr(crv));
1173 return crv;
1174 }
1175 crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams);
1176 if (crv == CKR_OK0x00000000UL) {
1177 PKM_LogIt("Destroying DSA domain parameters succeeded\n");
1178 } else {
1179 PKM_Error("Destroying DSA domain parameters failed "
1180 "with 0x%08X, %-26s\n",
1181 crv, PKM_CK_RVtoStr(crv));
1182 return crv;
1183 }
1184
1185 PKM_LogIt("Generate a DSA key pair ... \n");
1186 /* Generate a persistent DSA key pair */
1187 crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
1188 dsaPubKeyTemplate,
1189 NUM_ELEM(dsaPubKeyTemplate)(sizeof(dsaPubKeyTemplate) / sizeof(dsaPubKeyTemplate[0])),
1190 dsaPrivKeyTemplate,
1191 NUM_ELEM(dsaPrivKeyTemplate)(sizeof(dsaPrivKeyTemplate) / sizeof(dsaPrivKeyTemplate[0])),
1192 &hDSApubKey, &hDSAprivKey);
1193 if (crv == CKR_OK0x00000000UL) {
1194 PKM_LogIt("DSA key pair generation succeeded\n");
1195 } else {
1196 PKM_Error("DSA key pair generation failed "
1197 "with 0x%08X, %-26s\n",
1198 crv, PKM_CK_RVtoStr(crv));
1199 return crv;
1200 }
1201
1202 PKM_LogIt("Generate a RSA key pair ... \n");
1203 /*** GEN RSA Key ***/
1204 crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
1205 rsaPubKeyTemplate,
1206 NUM_ELEM(rsaPubKeyTemplate)(sizeof(rsaPubKeyTemplate) / sizeof(rsaPubKeyTemplate[0])),
1207 rsaPrivKeyTemplate,
1208 NUM_ELEM(rsaPrivKeyTemplate)(sizeof(rsaPrivKeyTemplate) / sizeof(rsaPrivKeyTemplate[0])),
1209 &hRSApubKey, &hRSAprivKey);
1210 if (crv == CKR_OK0x00000000UL) {
1211 PKM_LogIt("C_GenerateKeyPair created an RSA key pair. \n");
1212 } else {
1213 PKM_Error("C_GenerateKeyPair failed to create an RSA key pair.\n"
1214 "with 0x%08X, %-26s\n",
1215 crv, PKM_CK_RVtoStr(crv));
1216 return crv;
1217 }
1218
1219 PKM_LogIt("**** Generation of keys completed ***** \n");
1220
1221 mech.mechanism = CKM_RSA_PKCS0x00000001UL;
1222 mech.pParameter = NULL((void*)0);
1223 mech.ulParameterLen = 0;
1224
1225 crv = PKM_wrapUnwrap(pFunctionList,
1226 hRwSession,
1227 hRSApubKey, hRSAprivKey,
1228 &mech,
1229 hAESSecKey,
1230 sAESKeyTemplate,
1231 NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])));
1232
1233 if (crv == CKR_OK0x00000000UL) {
1234 PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap AES key "
1235 "succeeded\n\n");
1236 } else {
1237 PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap AES key failed "
1238 "with 0x%08X, %-26s\n",
1239 crv,
1240 PKM_CK_RVtoStr(crv));
1241 return crv;
1242 }
1243
1244 crv = PKM_wrapUnwrap(pFunctionList,
1245 hRwSession,
1246 hRSApubKey, hRSAprivKey,
1247 &mech,
1248 hDES3SecKey,
1249 sDES3KeyTemplate,
1250 NUM_ELEM(sDES3KeyTemplate)(sizeof(sDES3KeyTemplate) / sizeof(sDES3KeyTemplate[0])));
1251
1252 if (crv == CKR_OK0x00000000UL) {
1253 PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
1254 "succeeded\n\n");
1255 } else {
1256 PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
1257 "failed with 0x%08X, %-26s\n",
1258 crv,
1259 PKM_CK_RVtoStr(crv));
1260 return crv;
1261 }
1262
1263 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1264 hAESSecKey, &mech_AES_CBC_PAD,
1265 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1266 if (crv == CKR_OK0x00000000UL) {
1267 PKM_LogIt("PKM_SecKeyCrypt succeeded \n\n");
1268 } else {
1269 PKM_Error("PKM_SecKeyCrypt failed "
1270 "with 0x%08X, %-26s\n",
1271 crv, PKM_CK_RVtoStr(crv));
1272 return crv;
1273 }
1274
1275 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1276 hAESSecKey, &mech_AES_CBC,
1277 PLAINTEXT, sizeof(PLAINTEXT));
1278 if (crv == CKR_OK0x00000000UL) {
1279 PKM_LogIt("PKM_SecKeyCrypt AES succeeded \n\n");
1280 } else {
1281 PKM_Error("PKM_SecKeyCrypt failed "
1282 "with 0x%08X, %-26s\n",
1283 crv, PKM_CK_RVtoStr(crv));
1284 return crv;
1285 }
1286
1287 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1288 hDES3SecKey, &mech_DES3_CBC,
1289 PLAINTEXT, sizeof(PLAINTEXT));
1290 if (crv == CKR_OK0x00000000UL) {
1291 PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n");
1292 } else {
1293 PKM_Error("PKM_SecKeyCrypt DES3 failed "
1294 "with 0x%08X, %-26s\n",
1295 crv, PKM_CK_RVtoStr(crv));
1296 return crv;
1297 }
1298
1299 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1300 hDES3SecKey, &mech_DES3_CBC_PAD,
1301 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1302 if (crv == CKR_OK0x00000000UL) {
1303 PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n\n");
1304 } else {
1305 PKM_Error("PKM_SecKeyCrypt DES3 failed "
1306 "with 0x%08X, %-26s\n",
1307 crv, PKM_CK_RVtoStr(crv));
1308 return crv;
1309 }
1310
1311 mech.mechanism = CKM_RSA_PKCS0x00000001UL;
1312 crv = PKM_RecoverFunctions(pFunctionList, hRwSession,
1313 hRSApubKey, hRSAprivKey,
1314 &mech,
1315 PLAINTEXT, sizeof(PLAINTEXT));
1316 if (crv == CKR_OK0x00000000UL) {
1317 PKM_LogIt("PKM_RecoverFunctions for CKM_RSA_PKCS succeeded\n\n");
1318 } else {
1319 PKM_Error("PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv,
1320 PKM_CK_RVtoStr(crv));
1321 return crv;
1322 }
1323
1324 mech.pParameter = NULL((void*)0);
1325 mech.ulParameterLen = 0;
1326
1327 for (i = 0; i < sigRSAMechsSZ; i++) {
1328
1329 mech.mechanism = sigRSAMechs[i].mechanism;
1330
1331 crv = PKM_PubKeySign(pFunctionList, hRwSession,
1332 hRSApubKey, hRSAprivKey,
1333 &mech,
1334 PLAINTEXT, sizeof(PLAINTEXT));
1335 if (crv == CKR_OK0x00000000UL) {
1336 PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n",
1337 sigRSAMechs[i].mechanismStr);
1338 } else {
1339 PKM_Error("PKM_PubKeySign failed for %-10s "
1340 "with 0x%08X, %-26s\n",
1341 sigRSAMechs[i].mechanismStr, crv,
1342 PKM_CK_RVtoStr(crv));
1343 return crv;
1344 }
1345 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1346 hRSApubKey, hRSAprivKey,
1347 &mech,
1348 hAESSecKey, &mech_AES_CBC,
1349 PLAINTEXT, sizeof(PLAINTEXT));
1350 if (crv == CKR_OK0x00000000UL) {
1351 PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
1352 "for %-10s\n\n",
1353 sigRSAMechs[i].mechanismStr);
1354 } else {
1355 PKM_Error("PKM_DualFuncSign with AES secret key failed "
1356 "for %-10s "
1357 "with 0x%08X, %-26s\n",
1358 sigRSAMechs[i].mechanismStr, crv,
1359 PKM_CK_RVtoStr(crv));
1360 return crv;
1361 }
1362 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1363 hRSApubKey, hRSAprivKey,
1364 &mech,
1365 hDES3SecKey, &mech_DES3_CBC,
1366 PLAINTEXT, sizeof(PLAINTEXT));
1367 if (crv == CKR_OK0x00000000UL) {
1368 PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
1369 "for %-10s\n\n",
1370 sigRSAMechs[i].mechanismStr);
1371 } else {
1372 PKM_Error("PKM_DualFuncSign with DES3 secret key failed "
1373 "for %-10s "
1374 "with 0x%08X, %-26s\n",
1375 sigRSAMechs[i].mechanismStr, crv,
1376 PKM_CK_RVtoStr(crv));
1377 return crv;
1378 }
1379 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1380 hRSApubKey, hRSAprivKey,
1381 &mech,
1382 hAESSecKey, &mech_AES_CBC_PAD,
1383 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1384 if (crv == CKR_OK0x00000000UL) {
1385 PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD "
1386 "succeeded for %-10s\n\n",
1387 sigRSAMechs[i].mechanismStr);
1388 } else {
1389 PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD "
1390 "failed for %-10s "
1391 "with 0x%08X, %-26s\n",
1392 sigRSAMechs[i].mechanismStr, crv,
1393 PKM_CK_RVtoStr(crv));
1394 return crv;
1395 }
1396 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1397 hRSApubKey, hRSAprivKey,
1398 &mech,
1399 hDES3SecKey, &mech_DES3_CBC_PAD,
1400 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1401 if (crv == CKR_OK0x00000000UL) {
1402 PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD "
1403 "succeeded for %-10s\n\n",
1404 sigRSAMechs[i].mechanismStr);
1405 } else {
1406 PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD "
1407 "failed for %-10s "
1408 "with 0x%08X, %-26s\n",
1409 sigRSAMechs[i].mechanismStr, crv,
1410 PKM_CK_RVtoStr(crv));
1411 return crv;
1412 }
1413
1414 } /* end of RSA for loop */
1415
1416 crv = PKM_PubKeySign(pFunctionList, hRwSession,
1417 hDSApubKey, hDSAprivKey,
1418 &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
1419 if (crv == CKR_OK0x00000000UL) {
1420 PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n");
1421 } else {
1422 PKM_Error("PKM_PubKeySign failed "
1423 "with 0x%08X, %-26s\n",
1424 crv, PKM_CK_RVtoStr(crv));
1425 return crv;
1426 }
1427 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1428 hDSApubKey, hDSAprivKey,
1429 &dsaWithSha1Mech,
1430 hAESSecKey, &mech_AES_CBC,
1431 PLAINTEXT, sizeof(PLAINTEXT));
1432 if (crv == CKR_OK0x00000000UL) {
1433 PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
1434 "for DSAWithSHA1\n\n");
1435 } else {
1436 PKM_Error("PKM_DualFuncSign with AES secret key failed "
1437 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1438 crv, PKM_CK_RVtoStr(crv));
1439 return crv;
1440 }
1441 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1442 hDSApubKey, hDSAprivKey,
1443 &dsaWithSha1Mech,
1444 hDES3SecKey, &mech_DES3_CBC,
1445 PLAINTEXT, sizeof(PLAINTEXT));
1446 if (crv == CKR_OK0x00000000UL) {
1447 PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
1448 "for DSAWithSHA1\n\n");
1449 } else {
1450 PKM_Error("PKM_DualFuncSign with DES3 secret key failed "
1451 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1452 crv, PKM_CK_RVtoStr(crv));
1453 return crv;
1454 }
1455 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1456 hDSApubKey, hDSAprivKey,
1457 &dsaWithSha1Mech,
1458 hAESSecKey, &mech_AES_CBC_PAD,
1459 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1460 if (crv == CKR_OK0x00000000UL) {
1461 PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded "
1462 "for DSAWithSHA1\n\n");
1463 } else {
1464 PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD failed "
1465 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1466 crv, PKM_CK_RVtoStr(crv));
1467 return crv;
1468 }
1469 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1470 hDSApubKey, hDSAprivKey,
1471 &dsaWithSha1Mech,
1472 hDES3SecKey, &mech_DES3_CBC_PAD,
1473 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1474 if (crv == CKR_OK0x00000000UL) {
1475 PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded "
1476 "for DSAWithSHA1\n\n");
1477 } else {
1478 PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD failed "
1479 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1480 crv, PKM_CK_RVtoStr(crv));
1481 return crv;
1482 }
1483
1484 for (i = 0; i < digestMechsSZ; i++) {
1485 mech.mechanism = digestMechs[i].mechanism;
1486 crv = PKM_Digest(pFunctionList, hRwSession,
1487 &mech, hAESSecKey,
1488 PLAINTEXT, sizeof(PLAINTEXT));
1489 if (crv == CKR_OK0x00000000UL) {
1490 PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n",
1491 digestMechs[i].mechanismStr);
1492 } else {
1493 PKM_Error("PKM_Digest with AES secret key failed for "
1494 "%-10s with 0x%08X, %-26s\n",
1495 digestMechs[i].mechanismStr, crv,
1496 PKM_CK_RVtoStr(crv));
1497 return crv;
1498 }
1499 crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
1500 hAESSecKey, &mech_AES_CBC,
1501 0, &mech,
1502 PLAINTEXT, sizeof(PLAINTEXT));
1503 if (crv == CKR_OK0x00000000UL) {
1504 PKM_LogIt("PKM_DualFuncDigest with AES secret key succeeded\n\n");
1505 } else {
1506 PKM_Error("PKM_DualFuncDigest with AES secret key "
1507 "failed with 0x%08X, %-26s\n",
1508 crv,
1509 PKM_CK_RVtoStr(crv));
1510 }
1511
1512 crv = PKM_Digest(pFunctionList, hRwSession,
1513 &mech, hDES3SecKey,
1514 PLAINTEXT, sizeof(PLAINTEXT));
1515 if (crv == CKR_OK0x00000000UL) {
1516 PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n",
1517 digestMechs[i].mechanismStr);
1518 } else {
1519 PKM_Error("PKM_Digest with DES3 secret key failed for "
1520 "%-10s with 0x%08X, %-26s\n",
1521 digestMechs[i].mechanismStr, crv,
1522 PKM_CK_RVtoStr(crv));
1523 return crv;
1524 }
1525 crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
1526 hDES3SecKey, &mech_DES3_CBC,
1527 0, &mech,
1528 PLAINTEXT, sizeof(PLAINTEXT));
1529 if (crv == CKR_OK0x00000000UL) {
1530 PKM_LogIt("PKM_DualFuncDigest DES3 secret key succeeded\n\n");
1531 } else {
1532 PKM_Error("PKM_DualFuncDigest DES3 secret key "
1533 "failed with 0x%08X, %-26s\n",
1534 crv,
1535 PKM_CK_RVtoStr(crv));
1536 }
1537
1538 crv = PKM_Digest(pFunctionList, hRwSession,
1539 &mech, 0,
1540 PLAINTEXT, sizeof(PLAINTEXT));
1541 if (crv == CKR_OK0x00000000UL) {
1542 PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n",
1543 digestMechs[i].mechanismStr);
1544 } else {
1545 PKM_Error("PKM_Digest with no secret key failed for %-10s "
1546 "with 0x%08X, %-26s\n",
1547 digestMechs[i].mechanismStr, crv,
1548 PKM_CK_RVtoStr(crv));
1549 return crv;
1550 }
1551 } /* end of digest loop */
1552
1553 for (i = 0; i < hmacMechsSZ; i++) {
1554 mech.mechanism = hmacMechs[i].mechanism;
1555 crv = PKM_Hmac(pFunctionList, hRwSession,
1556 hAESSecKey, &mech,
1557 PLAINTEXT, sizeof(PLAINTEXT));
1558 if (crv == CKR_OK0x00000000UL) {
1559 PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n",
1560 hmacMechs[i].mechanismStr);
1561 } else {
1562 PKM_Error("PKM_Hmac with AES secret key failed for %-10s "
1563 "with 0x%08X, %-26s\n",
1564 hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
1565 return crv;
1566 }
1567 if ((MODE == FIPSMODE0) && (mech.mechanism == CKM_SHA512_HMAC0x00000271UL))
1568 break;
1569 crv = PKM_Hmac(pFunctionList, hRwSession,
1570 hDES3SecKey, &mech,
1571 PLAINTEXT, sizeof(PLAINTEXT));
1572 if (crv == CKR_OK0x00000000UL) {
1573 PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n",
1574 hmacMechs[i].mechanismStr);
1575 } else {
1576 PKM_Error("PKM_Hmac with DES3 secret key failed for %-10s "
1577 "with 0x%08X, %-26s\n",
1578 hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
1579 return crv;
1580 }
1581
1582 } /* end of hmac loop */
1583
1584 crv = pFunctionList->C_Logout(hRwSession);
1585 if (crv == CKR_OK0x00000000UL) {
1586 PKM_LogIt("C_Logout succeeded\n");
1587 } else {
1588 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
1589 PKM_CK_RVtoStr(crv));
1590 return crv;
1591 }
1592
1593 crv = pFunctionList->C_CloseSession(hRwSession);
1594 if (crv != CKR_OK0x00000000UL) {
1595 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
1596 PKM_CK_RVtoStr(crv));
1597 return crv;
1598 }
1599
1600 return crv;
1601}
1602
1603void
1604PKM_LogIt(const char *fmt, ...)
1605{
1606 va_list args;
1607
1608 if (verbose) {
1609 va_start(args, fmt)__builtin_va_start(args, fmt);
1610 if (MODE == FIPSMODE0) {
1611 printf("FIPS MODE: ");
1612 } else if (MODE == NONFIPSMODE1) {
1613 printf("NON FIPS MODE: ");
1614 } else if (MODE == HYBRIDMODE2) {
1615 printf("Hybrid MODE: ");
1616 }
1617 vprintf(fmt, args);
1618 va_end(args)__builtin_va_end(args);
1619 }
1620}
1621
1622void
1623PKM_Error(const char *fmt, ...)
1624{
1625 va_list args;
1626 va_start(args, fmt)__builtin_va_start(args, fmt);
1627
1628 if (MODE == FIPSMODE0) {
1629 fprintf(stderrstderr, "\nFIPS MODE PKM_Error: ");
1630 } else if (MODE == NONFIPSMODE1) {
1631 fprintf(stderrstderr, "NON FIPS MODE PKM_Error: ");
1632 } else if (MODE == HYBRIDMODE2) {
1633 fprintf(stderrstderr, "Hybrid MODE PKM_Error: ");
1634 } else
1635 fprintf(stderrstderr, "NOMODE PKM_Error: ");
1636 vfprintf(stderrstderr, fmt, args);
1637 va_end(args)__builtin_va_end(args);
1638}
1639CK_SLOT_ID *
1640PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
1641 CK_ULONG slotID)
1642{
1643 CK_RV crv = CKR_OK0x00000000UL;
1644 CK_SLOT_ID *pSlotList = NULL((void*)0);
1645 CK_ULONG slotCount;
1646
1647 NUMTESTS++; /* increment NUMTESTS */
1648
1649 /* Get slot list */
1650 crv = pFunctionList->C_GetSlotList(CK_FALSE0 /* all slots */,
1651 NULL((void*)0), &slotCount);
1652 if (crv != CKR_OK0x00000000UL) {
1653 PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv,
1654 PKM_CK_RVtoStr(crv));
1655 return NULL((void*)0);
1656 }
1657 PKM_LogIt("C_GetSlotList reported there are %lu slots\n", slotCount);
1658 pSlotList = (CK_SLOT_ID *)malloc(slotCount * sizeof(CK_SLOT_ID));
1659 if (!pSlotList) {
1660 PKM_Error("failed to allocate slot list\n");
1661 return NULL((void*)0);
1662 }
1663 crv = pFunctionList->C_GetSlotList(CK_FALSE0 /* all slots */,
1664 pSlotList, &slotCount);
1665 if (crv != CKR_OK0x00000000UL) {
1666 PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv,
1667 PKM_CK_RVtoStr(crv));
1668 if (pSlotList)
1669 free(pSlotList);
1670 return NULL((void*)0);
1671 }
1672 return pSlotList;
1673}
1674
1675CK_RV
1676PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
1677 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
1678 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
1679{
1680 CK_RV crv = CKR_OK0x00000000UL;
1681 CK_SESSION_HANDLE hSession;
1682 static const CK_UTF8CHAR testPin[] = { "0Mozilla" };
1683 static const CK_UTF8CHAR weakPin[] = { "mozilla" };
1684
1685 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1686 CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL,
1687 NULL((void*)0), NULL((void*)0), &hSession);
1688 if (crv != CKR_OK0x00000000UL) {
1689 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
1690 PKM_CK_RVtoStr(crv));
1691 return crv;
1692 }
1693 PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER1);
1694
1695 crv = pFunctionList->C_Login(hSession, CKU_SO0, NULL((void*)0), 0);
1696 if (crv != CKR_OK0x00000000UL) {
1697 PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv,
1698 PKM_CK_RVtoStr(crv));
1699 return crv;
1700 }
1701 if (MODE == FIPSMODE0) {
1702 crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)weakPin,
1703 strlen((char *)weakPin));
1704 if (crv == CKR_OK0x00000000UL) {
1705 PKM_Error("C_InitPIN with a weak password succeeded\n");
1706 return crv;
1707 } else {
1708 PKM_LogIt("C_InitPIN with a weak password failed with "
1709 "0x%08X, %-26s\n",
1710 crv, PKM_CK_RVtoStr(crv));
1711 }
1712 }
1713 crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)testPin,
1714 strlen((char *)testPin));
1715 if (crv == CKR_OK0x00000000UL) {
1716 PKM_LogIt("C_InitPIN succeeded\n");
1717 } else {
1718 PKM_Error("C_InitPIN failed with 0x%08X, %-26s\n", crv,
1719 PKM_CK_RVtoStr(crv));
1720 return crv;
1721 }
1722 crv = pFunctionList->C_Logout(hSession);
1723 if (crv != CKR_OK0x00000000UL) {
1724 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
1725 PKM_CK_RVtoStr(crv));
1726 return crv;
1727 }
1728 crv = pFunctionList->C_CloseSession(hSession);
1729 if (crv != CKR_OK0x00000000UL) {
1730 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
1731 PKM_CK_RVtoStr(crv));
1732 return crv;
1733 }
1734
1735 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1736 CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL,
1737 NULL((void*)0), NULL((void*)0), &hSession);
1738 if (crv != CKR_OK0x00000000UL) {
1739 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
1740 PKM_CK_RVtoStr(crv));
1741 return crv;
1742 }
1743
1744 PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER1);
1745
1746 crv = pFunctionList->C_Login(hSession, CKU_USER1, (CK_UTF8CHAR *)testPin,
1747 strlen((const char *)testPin));
1748 if (crv != CKR_OK0x00000000UL) {
1749 PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv,
1750 PKM_CK_RVtoStr(crv));
1751 return crv;
1752 }
1753 if (MODE == FIPSMODE0) {
1754 crv = pFunctionList->C_SetPIN(
1755 hSession, (CK_UTF8CHAR *)testPin,
1756 strlen((const char *)testPin),
1757 (CK_UTF8CHAR *)weakPin,
1758 strlen((const char *)weakPin));
1759 if (crv == CKR_OK0x00000000UL) {
1760 PKM_Error("C_SetPIN with a weak password succeeded\n");
1761 return crv;
1762 } else {
1763 PKM_LogIt("C_SetPIN with a weak password returned with "
1764 "0x%08X, %-26s\n",
1765 crv, PKM_CK_RVtoStr(crv));
1766 }
1767 }
1768 crv = pFunctionList->C_SetPIN(
1769 hSession, (CK_UTF8CHAR *)testPin,
1770 strlen((const char *)testPin),
1771 pwd, pwdLen);
1772 if (crv != CKR_OK0x00000000UL) {
1773 PKM_Error("C_CSetPin failed with 0x%08X, %-26s\n", crv,
1774 PKM_CK_RVtoStr(crv));
1775 return crv;
1776 }
1777 crv = pFunctionList->C_Logout(hSession);
1778 if (crv != CKR_OK0x00000000UL) {
1779 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
1780 PKM_CK_RVtoStr(crv));
1781 return crv;
1782 }
1783 crv = pFunctionList->C_CloseSession(hSession);
1784 if (crv != CKR_OK0x00000000UL) {
1785 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
1786 PKM_CK_RVtoStr(crv));
1787 return crv;
1788 }
1789 return crv;
1790}
1791
1792CK_RV
1793PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID)
1794{
1795 CK_RV crv = CKR_OK0x00000000UL;
1796 CK_INFO info;
1797 CK_SLOT_ID *pSlotList = NULL((void*)0);
1798 unsigned i;
1799
1800 CK_SLOT_INFO slotInfo;
1801 CK_TOKEN_INFO tokenInfo;
1802 CK_FLAGS bitflag;
1803
1804 NUMTESTS++; /* increment NUMTESTS */
1805
1806 crv = pFunctionList->C_GetInfo(&info);
1807 if (crv == CKR_OK0x00000000UL) {
1808 PKM_LogIt("C_GetInfo succeeded\n");
1809 } else {
1810 PKM_Error("C_GetInfo failed with 0x%08X, %-26s\n", crv,
1811 PKM_CK_RVtoStr(crv));
1812 return crv;
1813 }
1814 PKM_LogIt("General information about the PKCS #11 library:\n");
1815 PKM_LogIt(" PKCS #11 version: %d.%d\n",
1816 (int)info.cryptokiVersion.major,
1817 (int)info.cryptokiVersion.minor);
1818 PKM_LogIt(" manufacturer ID: %.32s\n", info.manufacturerID);
1819 PKM_LogIt(" flags: 0x%08lX\n", info.flags);
1820 PKM_LogIt(" library description: %.32s\n", info.libraryDescription);
1821 PKM_LogIt(" library version: %d.%d\n",
1822 (int)info.libraryVersion.major, (int)info.libraryVersion.minor);
1823 PKM_LogIt("\n");
1824
1825 /* Get slot list */
1826 pSlotList = PKM_GetSlotList(pFunctionList, slotID);
1827 if (pSlotList == NULL((void*)0)) {
1828 PKM_Error("PKM_GetSlotList failed with \n");
1829 return crv;
1830 }
1831 crv = pFunctionList->C_GetSlotInfo(pSlotList[slotID], &slotInfo);
1832 if (crv == CKR_OK0x00000000UL) {
1833 PKM_LogIt("C_GetSlotInfo succeeded\n");
1834 } else {
1835 PKM_Error("C_GetSlotInfo failed with 0x%08X, %-26s\n", crv,
1836 PKM_CK_RVtoStr(crv));
1837 return crv;
1838 }
1839 PKM_LogIt("Information about slot %lu:\n", pSlotList[slotID]);
1840 PKM_LogIt(" slot description: %.64s\n", slotInfo.slotDescription);
1841 PKM_LogIt(" slot manufacturer ID: %.32s\n", slotInfo.manufacturerID);
1842 PKM_LogIt(" flags: 0x%08lX\n", slotInfo.flags);
1843 bitflag = 1;
1844 for (i = 0; i < sizeof(slotFlagName) / sizeof(slotFlagName[0]); i++) {
1845 if (slotInfo.flags & bitflag) {
1846 PKM_LogIt(" %s\n", slotFlagName[i]);
1847 }
1848 bitflag <<= 1;
1849 }
1850 PKM_LogIt(" slot's hardware version number: %d.%d\n",
1851 (int)slotInfo.hardwareVersion.major,
1852 (int)slotInfo.hardwareVersion.minor);
1853 PKM_LogIt(" slot's firmware version number: %d.%d\n",
1854 (int)slotInfo.firmwareVersion.major,
1855 (int)slotInfo.firmwareVersion.minor);
1856 PKM_LogIt("\n");
1857
1858 crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
1859 if (crv == CKR_OK0x00000000UL) {
1860 PKM_LogIt("C_GetTokenInfo succeeded\n");
1861 } else {
1862 PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
1863 PKM_CK_RVtoStr(crv));
1864 return crv;
1865 }
1866 PKM_LogIt("Information about the token in slot %lu:\n",
1867 pSlotList[slotID]);
1868 PKM_LogIt(" label: %.32s\n", tokenInfo.label);
1869 PKM_LogIt(" device manufacturer ID: %.32s\n",
1870 tokenInfo.manufacturerID);
1871 PKM_LogIt(" device model: %.16s\n", tokenInfo.model);
1872 PKM_LogIt(" device serial number: %.16s\n", tokenInfo.serialNumber);
1873 PKM_LogIt(" flags: 0x%08lX\n", tokenInfo.flags);
1874 bitflag = 1;
1875 for (i = 0; i < sizeof(tokenFlagName) / sizeof(tokenFlagName[0]); i++) {
1876 if (tokenInfo.flags & bitflag) {
1877 PKM_LogIt(" %s\n", tokenFlagName[i]);
1878 }
1879 bitflag <<= 1;
1880 }
1881 PKM_LogIt(" maximum session count: %lu\n",
1882 tokenInfo.ulMaxSessionCount);
1883 PKM_LogIt(" session count: %lu\n", tokenInfo.ulSessionCount);
1884 PKM_LogIt(" maximum read/write session count: %lu\n",
1885 tokenInfo.ulMaxRwSessionCount);
1886 PKM_LogIt(" read/write session count: %lu\n",
1887 tokenInfo.ulRwSessionCount);
1888 PKM_LogIt(" maximum PIN length: %lu\n", tokenInfo.ulMaxPinLen);
1889 PKM_LogIt(" minimum PIN length: %lu\n", tokenInfo.ulMinPinLen);
1890 PKM_LogIt(" total public memory: %lu\n",
1891 tokenInfo.ulTotalPublicMemory);
1892 PKM_LogIt(" free public memory: %lu\n",
1893 tokenInfo.ulFreePublicMemory);
1894 PKM_LogIt(" total private memory: %lu\n",
1895 tokenInfo.ulTotalPrivateMemory);
1896 PKM_LogIt(" free private memory: %lu\n",
1897 tokenInfo.ulFreePrivateMemory);
1898 PKM_LogIt(" hardware version number: %d.%d\n",
1899 (int)tokenInfo.hardwareVersion.major,
1900 (int)tokenInfo.hardwareVersion.minor);
1901 PKM_LogIt(" firmware version number: %d.%d\n",
1902 (int)tokenInfo.firmwareVersion.major,
1903 (int)tokenInfo.firmwareVersion.minor);
1904 if (tokenInfo.flags & CKF_CLOCK_ON_TOKEN0x00000040UL) {
1905 PKM_LogIt(" current time: %.16s\n", tokenInfo.utcTime);
1906 }
1907 PKM_LogIt("PKM_ShowInfo done \n\n");
1908 free(pSlotList);
1909 return crv;
1910}
1911
1912/* PKM_HybridMode */
1913/* The NSS cryptographic module has two modes of operation: FIPS Approved */
1914/* mode and NONFIPS Approved mode. The two modes of operation are */
1915/* independent of each other -- they have their own copies of data */
1916/* structures and they are even allowed to be active at the same time. */
1917/* The module is FIPS 140-2 compliant only when the NONFIPS mode */
1918/* is inactive. */
1919/* PKM_HybridMode demostrates how an application can switch between the */
1920/* two modes: FIPS Approved mode and NONFIPS mode. */
1921CK_RV
1922PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
1923 CK_C_INITIALIZE_ARGS_NSS *initArgs)
1924{
1925
1926 CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */
1927 CK_FUNCTION_LIST_PTR pC_FunctionList;
1928 CK_SLOT_ID *pC_SlotList = NULL((void*)0);
1929 CK_ULONG slotID_C = 1;
1930 CK_C_GetFunctionList pFC_GetFunctionList; /* FIPSMode */
1931 CK_FUNCTION_LIST_PTR pFC_FunctionList;
1932 CK_SLOT_ID *pFC_SlotList = NULL((void*)0);
1933 CK_ULONG slotID_FC = 0;
1934 CK_RV crv = CKR_OK0x00000000UL;
1935 CK_SESSION_HANDLE hSession;
1936 int origMode = MODE; /* remember the orginal MODE value */
1937
1938 NUMTESTS++; /* increment NUMTESTS */
1939 MODE = NONFIPSMODE1;
1940#ifdef _WIN32
1941 /* NON FIPS mode == C_GetFunctionList */
1942 pC_GetFunctionList = (CK_C_GetFunctionList)
1943 GetProcAddress(hModule, "C_GetFunctionList");
1944 if (pC_GetFunctionList == NULL((void*)0)) {
1945 PKM_Error("cannot load %s\n", LIB_NAME);
1946 return crv;
1947 }
1948#else
1949 pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
1950 "C_GetFunctionList");
1951 assert(pC_GetFunctionList != NULL)((pC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail
("pC_GetFunctionList != NULL", "pk11mode.c", 1951, __extension__
__PRETTY_FUNCTION__));
1952#endif
1953 PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n",
1954 slotID_C);
1955 crv = (*pC_GetFunctionList)(&pC_FunctionList);
1956 assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK"
, "pk11mode.c", 1956, __extension__ __PRETTY_FUNCTION__));
1957
1958 /* invoke C_Initialize as pC_FunctionList->C_Initialize */
1959 crv = pC_FunctionList->C_Initialize(initArgs);
1960 if (crv == CKR_OK0x00000000UL) {
1961 PKM_LogIt("C_Initialize succeeded\n");
1962 } else {
1963 PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
1964 PKM_CK_RVtoStr(crv));
1965 return crv;
1966 }
1967
1968 pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C);
1969 if (pC_SlotList == NULL((void*)0)) {
1970 PKM_Error("PKM_GetSlotList failed with \n");
1971 return crv;
1972 }
1973 crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C],
1974 CKF_SERIAL_SESSION0x00000004UL,
1975 NULL((void*)0), NULL((void*)0), &hSession);
1976 if (crv == CKR_OK0x00000000UL) {
1977 PKM_LogIt("NONFIPS C_OpenSession succeeded\n");
1978 } else {
1979 PKM_Error("C_OpenSession failed for NONFIPS token "
1980 "with 0x%08X, %-26s\n",
1981 crv, PKM_CK_RVtoStr(crv));
1982 return crv;
1983 }
1984
1985 crv = pC_FunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
1986 if (crv == CKR_OK0x00000000UL) {
1987 PKM_LogIt("able to login in NONFIPS token\n");
1988 } else {
1989 PKM_Error("Unable to login in to NONFIPS token "
1990 "with 0x%08X, %-26s\n",
1991 crv, PKM_CK_RVtoStr(crv));
1992 return crv;
1993 }
1994
1995 crv = pC_FunctionList->C_Logout(hSession);
1996 if (crv == CKR_OK0x00000000UL) {
1997 PKM_LogIt("C_Logout succeeded\n");
1998 } else {
1999 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
2000 PKM_CK_RVtoStr(crv));
2001 return crv;
2002 }
2003
2004 PKM_ShowInfo(pC_FunctionList, slotID_C);
2005 MODE = HYBRIDMODE2;
2006
2007 /* Now load the FIPS token */
2008 /* FIPS mode == FC_GetFunctionList */
2009 pFC_GetFunctionList = NULL((void*)0);
2010#ifdef _WIN32
2011 pFC_GetFunctionList = (CK_C_GetFunctionList)
2012 GetProcAddress(hModule, "FC_GetFunctionList");
2013#else
2014 pFC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
2015 "FC_GetFunctionList");
2016 assert(pFC_GetFunctionList != NULL)((pFC_GetFunctionList != ((void*)0)) ? (void) (0) : __assert_fail
("pFC_GetFunctionList != NULL", "pk11mode.c", 2016, __extension__
__PRETTY_FUNCTION__));
2017#endif
2018
2019 PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n",
2020 slotID_FC);
2021 PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n");
2022 if (pFC_GetFunctionList == NULL((void*)0)) {
2023 PKM_Error("unable to load pFC_GetFunctionList\n");
2024 return crv;
2025 }
2026
2027 crv = (*pFC_GetFunctionList)(&pFC_FunctionList);
2028 assert(crv == CKR_OK)((crv == 0x00000000UL) ? (void) (0) : __assert_fail ("crv == CKR_OK"
, "pk11mode.c", 2028, __extension__ __PRETTY_FUNCTION__));
2029
2030 /* invoke FC_Initialize as pFunctionList->C_Initialize */
2031 crv = pFC_FunctionList->C_Initialize(initArgs);
2032 if (crv == CKR_OK0x00000000UL) {
2033 PKM_LogIt("FC_Initialize succeeded\n");
2034 } else {
2035 PKM_Error("FC_Initialize failed with 0x%08X, %-26s\n", crv,
2036 PKM_CK_RVtoStr(crv));
2037 return crv;
2038 }
2039 PKM_ShowInfo(pFC_FunctionList, slotID_FC);
2040
2041 pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC);
2042 if (pFC_SlotList == NULL((void*)0)) {
2043 PKM_Error("PKM_GetSlotList failed with \n");
2044 return crv;
2045 }
2046
2047 crv = pC_FunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
2048 if (crv != CKR_OK0x00000000UL) {
2049 PKM_LogIt("NONFIPS token cannot log in when FIPS token is loaded\n");
2050 } else {
2051 PKM_Error("Able to login in to NONFIPS token\n");
2052 return crv;
2053 }
2054 crv = pC_FunctionList->C_CloseSession(hSession);
2055 if (crv == CKR_OK0x00000000UL) {
2056 PKM_LogIt("NONFIPS pC_CloseSession succeeded\n");
2057 } else {
2058 PKM_Error("pC_CloseSession failed for NONFIPS token "
2059 "with 0x%08X, %-26s\n",
2060 crv, PKM_CK_RVtoStr(crv));
2061 return crv;
2062 }
2063
2064 PKM_LogIt("The module is FIPS 140-2 compliant\n"
2065 "only when the NONFIPS Approved mode is inactive by \n"
2066 "calling C_Finalize on the NONFIPS token.\n");
2067
2068 /* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */
2069 crv = pC_FunctionList->C_Finalize(NULL((void*)0));
2070 if (crv == CKR_OK0x00000000UL) {
2071 PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n");
2072 MODE = FIPSMODE0;
2073 } else {
2074 PKM_Error("C_Finalize of NONFIPS Token failed with "
2075 "0x%08X, %-26s\n",
2076 crv,
2077 PKM_CK_RVtoStr(crv));
2078 return crv;
2079 }
2080
2081 PKM_LogIt("*** In FIPS mode! ***\n");
2082
2083 /* could do some operations in FIPS MODE */
2084
2085 crv = pFC_FunctionList->C_Finalize(NULL((void*)0));
2086 if (crv == CKR_OK0x00000000UL) {
2087 PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n");
2088 MODE = NOMODE3;
2089 } else {
2090 PKM_Error("FC_Finalize failed with 0x%08X, %-26s\n", crv,
2091 PKM_CK_RVtoStr(crv));
2092 return crv;
2093 }
2094
2095 if (pC_SlotList)
2096 free(pC_SlotList);
2097 if (pFC_SlotList)
2098 free(pFC_SlotList);
2099
2100 MODE = origMode; /* set the mode back to the orginal Mode value */
2101 PKM_LogIt("PKM_HybridMode test Completed\n\n");
2102 return crv;
2103}
2104
2105CK_RV
2106PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
2107 CK_SLOT_ID *pSlotList, CK_ULONG slotID)
2108{
2109
2110 CK_RV crv = CKR_OK0x00000000UL;
2111 CK_MECHANISM_TYPE *pMechanismList;
2112 CK_ULONG mechanismCount;
2113 CK_ULONG i;
2114 const char *mechName = NULL((void*)0);
2115
2116 NUMTESTS++; /* increment NUMTESTS */
2117
2118 /* Get the mechanism list */
2119 crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
2120 NULL((void*)0), &mechanismCount);
2121 if (crv != CKR_OK0x00000000UL) {
2122 PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
2123 PKM_CK_RVtoStr(crv));
2124 return crv;
2125 }
2126 PKM_LogIt("C_GetMechanismList reported there are %lu mechanisms\n",
2127 mechanismCount);
2128 pMechanismList = (CK_MECHANISM_TYPE *)
2129 malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE));
2130 if (!pMechanismList) {
2131 PKM_Error("failed to allocate mechanism list\n");
2132 return crv;
2133 }
2134 crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
2135 pMechanismList, &mechanismCount);
2136 if (crv != CKR_OK0x00000000UL) {
2137 PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
2138 PKM_CK_RVtoStr(crv));
2139 return crv;
2140 }
2141 PKM_LogIt("C_GetMechanismList returned the mechanism types:\n");
2142 if (verbose) {
2143 for (i = 0; i < mechanismCount; i++) {
2144 mechName = getName(pMechanismList[(i)], ConstMechanism);
2145
2146 /* output two mechanism name on each line */
2147 /* currently the longest known mechansim name length is 37 */
2148 if (mechName) {
2149 printf("%-40s", mechName);
2150 } else {
2151 printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]);
2152 }
2153 if ((i % 2) == 1)
2154 printf("\n");
2155 }
2156 printf("\n\n");
2157 }
2158
2159 for (i = 0; i < mechanismCount; i++) {
2160 CK_MECHANISM_INFO minfo;
2161
2162 memset(&minfo, 0, sizeof(CK_MECHANISM_INFO));
2163 crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotID],
2164 pMechanismList[i], &minfo);
2165 if (CKR_OK0x00000000UL != crv) {
2166 PKM_Error("C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n",
2167 pSlotList[slotID], pMechanismList[i], crv,
2168 PKM_CK_RVtoStr(crv));
2169 return crv;
2170 }
2171
2172 mechName = getName(pMechanismList[i], ConstMechanism);
2173 if (!mechName)
2174 mechName = "Unknown mechanism";
2175 PKM_LogIt(" [%lu]: CK_MECHANISM_TYPE = %s 0x%08lX\n", (i + 1),
2176 mechName,
2177 pMechanismList[i]);
2178 PKM_LogIt(" ulMinKeySize = %lu\n", minfo.ulMinKeySize);
2179 PKM_LogIt(" ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
2180 PKM_LogIt(" flags = 0x%08x\n", minfo.flags);
2181 PKM_LogIt(" -> HW = %s\n", minfo.flags & CKF_HW0x00000001UL ? "TRUE" : "FALSE");
2182 PKM_LogIt(" -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT0x00000100UL ? "TRUE" : "FALSE");
2183 PKM_LogIt(" -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT0x00000200UL ? "TRUE" : "FALSE");
2184 PKM_LogIt(" -> DIGEST = %s\n", minfo.flags & CKF_DIGEST0x00000400UL ? "TRUE" : "FALSE");
2185 PKM_LogIt(" -> SIGN = %s\n", minfo.flags & CKF_SIGN0x00000800UL ? "TRUE" : "FALSE");
2186 PKM_LogIt(" -> SIGN_RECOVER = %s\n", minfo.flags & CKF_SIGN_RECOVER0x00001000UL ? "TRUE" : "FALSE");
2187 PKM_LogIt(" -> VERIFY = %s\n", minfo.flags & CKF_VERIFY0x00002000 ? "TRUE" : "FALSE");
2188 PKM_LogIt(" -> VERIFY_RECOVER = %s\n",
2189 minfo.flags & CKF_VERIFY_RECOVER0x00004000UL ? "TRUE" : "FALSE");
2190 PKM_LogIt(" -> GENERATE = %s\n", minfo.flags & CKF_GENERATE0x00008000UL ? "TRUE" : "FALSE");
2191 PKM_LogIt(" -> GENERATE_KEY_PAIR = %s\n",
2192 minfo.flags & CKF_GENERATE_KEY_PAIR0x00010000UL ? "TRUE" : "FALSE");
2193 PKM_LogIt(" -> WRAP = %s\n", minfo.flags & CKF_WRAP0x00020000UL ? "TRUE" : "FALSE");
2194 PKM_LogIt(" -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP0x00040000UL ? "TRUE" : "FALSE");
2195 PKM_LogIt(" -> DERIVE = %s\n", minfo.flags & CKF_DERIVE0x00080000UL ? "TRUE" : "FALSE");
2196 PKM_LogIt(" -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION0x80000000UL ? "TRUE" : "FALSE");
2197
2198 PKM_LogIt("\n");
2199 }
2200
2201 return crv;
2202}
2203
2204CK_RV
2205PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
2206 CK_ULONG slotID)
2207{
2208 CK_SESSION_HANDLE hSession;
2209 CK_RV crv = CKR_OK0x00000000UL;
2210 CK_BYTE randomData[16];
2211 CK_BYTE seed[] = { 0x01, 0x03, 0x35, 0x55, 0xFF };
2212
2213 NUMTESTS++; /* increment NUMTESTS */
2214
2215 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
2216 NULL((void*)0), NULL((void*)0), &hSession);
2217 if (crv != CKR_OK0x00000000UL) {
2218 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
2219 PKM_CK_RVtoStr(crv));
2220 return crv;
2221 }
2222
2223 crv = pFunctionList->C_GenerateRandom(hSession,
2224 randomData, sizeof randomData);
2225 if (crv == CKR_OK0x00000000UL) {
2226 PKM_LogIt("C_GenerateRandom without login succeeded\n");
2227 } else {
2228 PKM_Error("C_GenerateRandom without login failed "
2229 "with 0x%08X, %-26s\n",
2230 crv, PKM_CK_RVtoStr(crv));
2231 return crv;
2232 }
2233 crv = pFunctionList->C_SeedRandom(hSession, seed, sizeof(seed));
2234 if (crv == CKR_OK0x00000000UL) {
2235 PKM_LogIt("C_SeedRandom without login succeeded\n");
2236 } else {
2237 PKM_Error("C_SeedRandom without login failed "
2238 "with 0x%08X, %-26s\n",
2239 crv, PKM_CK_RVtoStr(crv));
2240 return crv;
2241 }
2242 crv = pFunctionList->C_GenerateRandom(hSession,
2243 randomData, sizeof randomData);
2244 if (crv == CKR_OK0x00000000UL) {
2245 PKM_LogIt("C_GenerateRandom without login succeeded\n");
2246 } else {
2247 PKM_Error("C_GenerateRandom without login failed "
2248 "with 0x%08X, %-26s\n",
2249 crv, PKM_CK_RVtoStr(crv));
2250 return crv;
2251 }
2252 crv = pFunctionList->C_CloseSession(hSession);
2253 if (crv != CKR_OK0x00000000UL) {
2254 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
2255 PKM_CK_RVtoStr(crv));
2256 return crv;
2257 }
2258
2259 return crv;
2260}
2261
2262CK_RV
2263PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
2264 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
2265 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
2266{
2267 CK_SESSION_HANDLE hSession;
2268 CK_RV crv = CKR_OK0x00000000UL;
2269
2270 NUMTESTS++; /* increment NUMTESTS */
2271
2272 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
2273 NULL((void*)0), NULL((void*)0), &hSession);
2274 if (crv != CKR_OK0x00000000UL) {
2275 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
2276 PKM_CK_RVtoStr(crv));
2277 return crv;
2278 }
2279
2280 crv = pFunctionList->C_Login(hSession, CKU_USER1, (unsigned char *)"netscape", 8);
2281 if (crv == CKR_OK0x00000000UL) {
2282 PKM_Error("C_Login with wrong password succeeded\n");
2283 return CKR_FUNCTION_FAILED0x00000006UL;
2284 } else {
2285 PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
2286 "%-26s.\n ",
2287 crv, PKM_CK_RVtoStr(crv));
2288 }
2289 crv = pFunctionList->C_Login(hSession, CKU_USER1, (unsigned char *)"red hat", 7);
2290 if (crv == CKR_OK0x00000000UL) {
2291 PKM_Error("C_Login with wrong password succeeded\n");
2292 return CKR_FUNCTION_FAILED0x00000006UL;
2293 } else {
2294 PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
2295 "%-26s.\n ",
2296 crv, PKM_CK_RVtoStr(crv));
2297 }
2298 crv = pFunctionList->C_Login(hSession, CKU_USER1,
2299 (unsigned char *)"sun", 3);
2300 if (crv == CKR_OK0x00000000UL) {
2301 PKM_Error("C_Login with wrong password succeeded\n");
2302 return CKR_FUNCTION_FAILED0x00000006UL;
2303 } else {
2304 PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
2305 "%-26s.\n ",
2306 crv, PKM_CK_RVtoStr(crv));
2307 }
2308 crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
2309 if (crv == CKR_OK0x00000000UL) {
2310 PKM_LogIt("C_Login with correct password succeeded\n");
2311 } else {
2312 PKM_Error("C_Login with correct password failed "
2313 "with 0x%08X, %-26s\n",
2314 crv, PKM_CK_RVtoStr(crv));
2315 return crv;
2316 }
2317
2318 crv = pFunctionList->C_Logout(hSession);
2319 if (crv == CKR_OK0x00000000UL) {
2320 PKM_LogIt("C_Logout succeeded\n");
2321 } else {
2322 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
2323 PKM_CK_RVtoStr(crv));
2324 return crv;
2325 }
2326
2327 crv = pFunctionList->C_CloseSession(hSession);
2328 if (crv != CKR_OK0x00000000UL) {
2329 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
2330 PKM_CK_RVtoStr(crv));
2331 return crv;
2332 }
2333
2334 return crv;
2335}
2336
2337/*
2338* PKM_LegacyFunctions
2339*
2340* Legacyfunctions exist only for backwards compatibility.
2341* C_GetFunctionStatus and C_CancelFunction functions were
2342* meant for managing parallel execution of cryptographic functions.
2343*
2344* C_GetFunctionStatus is a legacy function which should simply return
2345* the value CKR_FUNCTION_NOT_PARALLEL.
2346*
2347* C_CancelFunction is a legacy function which should simply return the
2348* value CKR_FUNCTION_NOT_PARALLEL.
2349*
2350*/
2351CK_RV
2352PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
2353 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
2354 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
2355{
2356 CK_SESSION_HANDLE hSession;
2357 CK_RV crv = CKR_OK0x00000000UL;
2358 NUMTESTS++; /* increment NUMTESTS */
2359
2360 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
2361 NULL((void*)0), NULL((void*)0), &hSession);
2362 if (crv != CKR_OK0x00000000UL) {
2363 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
2364 PKM_CK_RVtoStr(crv));
2365 return crv;
2366 }
2367
2368 crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
2369 if (crv == CKR_OK0x00000000UL) {
2370 PKM_LogIt("C_Login with correct password succeeded\n");
2371 } else {
2372 PKM_Error("C_Login with correct password failed "
2373 "with 0x%08X, %-26s\n",
2374 crv, PKM_CK_RVtoStr(crv));
2375 return crv;
2376 }
2377
2378 crv = pFunctionList->C_GetFunctionStatus(hSession);
2379 if (crv == CKR_FUNCTION_NOT_PARALLEL0x00000051UL) {
2380 PKM_LogIt("C_GetFunctionStatus correctly"
2381 "returned CKR_FUNCTION_NOT_PARALLEL \n");
2382 } else {
2383 PKM_Error("C_GetFunctionStatus failed "
2384 "with 0x%08X, %-26s\n",
2385 crv, PKM_CK_RVtoStr(crv));
2386 return crv;
2387 }
2388
2389 crv = pFunctionList->C_CancelFunction(hSession);
2390 if (crv == CKR_FUNCTION_NOT_PARALLEL0x00000051UL) {
2391 PKM_LogIt("C_CancelFunction correctly "
2392 "returned CKR_FUNCTION_NOT_PARALLEL \n");
2393 } else {
2394 PKM_Error("C_CancelFunction failed "
2395 "with 0x%08X, %-26s\n",
2396 crv, PKM_CK_RVtoStr(crv));
2397 return crv;
2398 }
2399
2400 crv = pFunctionList->C_Logout(hSession);
2401 if (crv == CKR_OK0x00000000UL) {
2402 PKM_LogIt("C_Logout succeeded\n");
2403 } else {
2404 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
2405 PKM_CK_RVtoStr(crv));
2406 return crv;
2407 }
2408
2409 crv = pFunctionList->C_CloseSession(hSession);
2410 if (crv != CKR_OK0x00000000UL) {
2411 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
2412 PKM_CK_RVtoStr(crv));
2413 return crv;
2414 }
2415
2416 return crv;
2417}
2418
2419/*
2420* PKM_DualFuncDigest - demostrates the Dual-function
2421* cryptograpic functions:
2422*
2423* C_DigestEncryptUpdate - multi-part Digest and Encrypt
2424* C_DecryptDigestUpdate - multi-part Decrypt and Digest
2425*
2426*
2427*/
2428
2429CK_RV
2430PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
2431 CK_SESSION_HANDLE hSession,
2432 CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
2433 CK_OBJECT_HANDLE hSecKeyDigest,
2434 CK_MECHANISM *digestMech,
2435 const CK_BYTE *pData, CK_ULONG pDataLen)
2436{
2437 CK_RV crv = CKR_OK0x00000000UL;
2438 CK_BYTE eDigest[MAX_DIGEST_SZ64];
2439 CK_BYTE dDigest[MAX_DIGEST_SZ64];
2440 CK_ULONG ulDigestLen;
2441 CK_BYTE ciphertext[MAX_CIPHER_SZ128];
2442 CK_ULONG ciphertextLen, lastLen;
2443 CK_BYTE plaintext[MAX_DATA_SZ64];
2444 CK_ULONG plaintextLen;
2445 unsigned int i;
2446
2447 memset(eDigest, 0, sizeof(eDigest));
2448 memset(dDigest, 0, sizeof(dDigest));
2449 memset(ciphertext, 0, sizeof(ciphertext));
2450 memset(plaintext, 0, sizeof(plaintext));
2451
2452 NUMTESTS++; /* increment NUMTESTS */
2453
2454 /*
2455 * First init the Digest and Ecrypt operations
2456 */
2457 crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSecKey);
2458 if (crv != CKR_OK0x00000000UL) {
2459 PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2460 PKM_CK_RVtoStr(crv));
2461 return crv;
2462 }
2463 crv = pFunctionList->C_DigestInit(hSession, digestMech);
2464 if (crv != CKR_OK0x00000000UL) {
2465 PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
2466 PKM_CK_RVtoStr(crv));
2467 return crv;
2468 }
2469
2470 ciphertextLen = sizeof(ciphertext);
2471 crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE *)pData,
2472 pDataLen,
2473 ciphertext, &ciphertextLen);
2474 if (crv != CKR_OK0x00000000UL) {
2475 PKM_Error("C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv,
2476 PKM_CK_RVtoStr(crv));
2477 return crv;
2478 }
2479
2480 ulDigestLen = sizeof(eDigest);
2481 crv = pFunctionList->C_DigestFinal(hSession, eDigest, &ulDigestLen);
2482 if (crv != CKR_OK0x00000000UL) {
2483 PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
2484 PKM_CK_RVtoStr(crv));
2485 return crv;
2486 }
2487
2488 /* get the last piece of ciphertext (length should be 0 */
2489 lastLen = sizeof(ciphertext) - ciphertextLen;
2490 crv = pFunctionList->C_EncryptFinal(hSession,
2491 (CK_BYTE *)&ciphertext[ciphertextLen],
2492 &lastLen);
2493 if (crv != CKR_OK0x00000000UL) {
2494 PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
2495 PKM_CK_RVtoStr(crv));
2496 return crv;
2497 }
2498 ciphertextLen = ciphertextLen + lastLen;
2499 if (verbose) {
2500 printf("ciphertext = ");
2501 for (i = 0; i < ciphertextLen; i++) {
2502 printf("%02x", (unsigned)ciphertext[i]);
2503 }
2504 printf("\n");
2505 printf("eDigest = ");
2506 for (i = 0; i < ulDigestLen; i++) {
2507 printf("%02x", (unsigned)eDigest[i]);
2508 }
2509 printf("\n");
2510 }
2511
2512 /* Decrypt the text */
2513 crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSecKey);
2514 if (crv != CKR_OK0x00000000UL) {
2515 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2516 PKM_CK_RVtoStr(crv));
2517 return crv;
2518 }
2519 crv = pFunctionList->C_DigestInit(hSession, digestMech);
2520 if (crv != CKR_OK0x00000000UL) {
2521 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2522 PKM_CK_RVtoStr(crv));
2523 return crv;
2524 }
2525
2526 plaintextLen = sizeof(plaintext);
2527 crv = pFunctionList->C_DecryptDigestUpdate(hSession, ciphertext,
2528 ciphertextLen,
2529 plaintext,
2530 &plaintextLen);
2531 if (crv != CKR_OK0x00000000UL) {
2532 PKM_Error("C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv,
2533 PKM_CK_RVtoStr(crv));
2534 return crv;
2535 }
2536 lastLen = sizeof(plaintext) - plaintextLen;
2537
2538 crv = pFunctionList->C_DecryptFinal(hSession,
2539 (CK_BYTE *)&plaintext[plaintextLen],
2540 &lastLen);
2541 if (crv != CKR_OK0x00000000UL) {
2542 PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
2543 PKM_CK_RVtoStr(crv));
2544 return crv;
2545 }
2546 plaintextLen = plaintextLen + lastLen;
2547
2548 ulDigestLen = sizeof(dDigest);
2549 crv = pFunctionList->C_DigestFinal(hSession, dDigest, &ulDigestLen);
2550 if (crv != CKR_OK0x00000000UL) {
2551 PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
2552 PKM_CK_RVtoStr(crv));
2553 return crv;
2554 }
2555
2556 if (plaintextLen != pDataLen) {
2557 PKM_Error("plaintextLen is %lu\n", plaintextLen);
2558 return crv;
2559 }
2560
2561 if (verbose) {
2562 printf("plaintext = ");
2563 for (i = 0; i < plaintextLen; i++) {
2564 printf("%02x", (unsigned)plaintext[i]);
2565 }
2566 printf("\n");
2567 printf("dDigest = ");
2568 for (i = 0; i < ulDigestLen; i++) {
2569 printf("%02x", (unsigned)dDigest[i]);
2570 }
2571 printf("\n");
2572 }
2573
2574 if (memcmp(eDigest, dDigest, ulDigestLen) == 0) {
2575 PKM_LogIt("Encrypted Digest equals Decrypted Digest\n");
2576 } else {
2577 PKM_Error("Digests don't match\n");
2578 }
2579
2580 if ((plaintextLen == pDataLen) &&
2581 (memcmp(plaintext, pData, pDataLen)) == 0) {
2582 PKM_LogIt("DualFuncDigest decrypt test case passed\n");
2583 } else {
2584 PKM_Error("DualFuncDigest derypt test case failed\n");
2585 }
2586
2587 return crv;
2588}
2589
2590/*
2591* PKM_SecKeyCrypt - Symmetric key encrypt/decyprt
2592*
2593*/
2594
2595CK_RV
2596PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
2597 CK_SESSION_HANDLE hSession,
2598 CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
2599 const CK_BYTE *pData, CK_ULONG dataLen)
2600{
2601 CK_RV crv = CKR_OK0x00000000UL;
2602
2603 CK_BYTE cipher1[MAX_CIPHER_SZ128];
2604 CK_BYTE cipher2[MAX_CIPHER_SZ128];
2605 CK_BYTE data1[MAX_DATA_SZ64];
2606 CK_BYTE data2[MAX_DATA_SZ64];
2607 CK_ULONG cipher1Len = 0, cipher2Len = 0, lastLen = 0;
2608 CK_ULONG data1Len = 0, data2Len = 0;
2609
2610 NUMTESTS++; /* increment NUMTESTS */
2611
2612 memset(cipher1, 0, sizeof(cipher1));
2613 memset(cipher2, 0, sizeof(cipher2));
2614 memset(data1, 0, sizeof(data1));
2615 memset(data2, 0, sizeof(data2));
2616
2617 /* C_Encrypt */
2618 crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
2619 if (crv != CKR_OK0x00000000UL) {
2620 PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2621 PKM_CK_RVtoStr(crv));
2622 return crv;
2623 }
2624 cipher1Len = sizeof(cipher1);
2625 crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)pData, dataLen,
2626 cipher1, &cipher1Len);
2627 if (crv != CKR_OK0x00000000UL) {
2628 PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
2629 PKM_CK_RVtoStr(crv));
2630 return crv;
2631 }
2632
2633 /* C_EncryptUpdate */
2634 crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
2635 if (crv != CKR_OK0x00000000UL) {
2636 PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2637 PKM_CK_RVtoStr(crv));
2638 return crv;
2639 }
2640 cipher2Len = sizeof(cipher2);
2641 crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)pData,
2642 dataLen,
2643 cipher2, &cipher2Len);
2644 if (crv != CKR_OK0x00000000UL) {
2645 PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
2646 PKM_CK_RVtoStr(crv));
2647 return crv;
2648 }
2649 lastLen = sizeof(cipher2) - cipher2Len;
2650
2651 crv = pFunctionList->C_EncryptFinal(hSession,
2652 (CK_BYTE *)&cipher2[cipher2Len],
2653 &lastLen);
2654 cipher2Len = cipher2Len + lastLen;
2655
2656 if ((cipher1Len == cipher2Len) &&
2657 (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0)) {
2658 PKM_LogIt("encrypt test case passed\n");
2659 } else {
2660 PKM_Error("encrypt test case failed\n");
2661 return CKR_GENERAL_ERROR0x00000005UL;
2662 }
2663
2664 /* C_Decrypt */
2665 crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
2666 if (crv != CKR_OK0x00000000UL) {
2667 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2668 PKM_CK_RVtoStr(crv));
2669 return crv;
2670 }
2671 data1Len = sizeof(data1);
2672 crv = pFunctionList->C_Decrypt(hSession, cipher1, cipher1Len,
2673 data1, &data1Len);
2674 if (crv != CKR_OK0x00000000UL) {
2675 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2676 PKM_CK_RVtoStr(crv));
2677 return crv;
2678 }
2679 /* now use C_DecryptUpdate the text */
2680 crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
2681 if (crv != CKR_OK0x00000000UL) {
2682 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2683 PKM_CK_RVtoStr(crv));
2684 return crv;
2685 }
2686 data2Len = sizeof(data2);
2687 crv = pFunctionList->C_DecryptUpdate(hSession, cipher2,
2688 cipher2Len,
2689 data2, &data2Len);
2690 if (crv != CKR_OK0x00000000UL) {
2691 PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
2692 PKM_CK_RVtoStr(crv));
2693 return crv;
2694 }
2695 lastLen = sizeof(data2) - data2Len;
2696 crv = pFunctionList->C_DecryptFinal(hSession,
2697 (CK_BYTE *)&data2[data2Len],
2698 &lastLen);
2699 if (crv != CKR_OK0x00000000UL) {
2700 PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
2701 PKM_CK_RVtoStr(crv));
2702 return crv;
2703 }
2704 data2Len = data2Len + lastLen;
2705
2706 /* Comparison of Decrypt data */
2707
2708 if ((data1Len == data2Len) && (dataLen == data1Len) &&
2709 (memcmp(data1, pData, dataLen) == 0) &&
2710 (memcmp(data2, pData, dataLen) == 0)) {
2711 PKM_LogIt("decrypt test case passed\n");
2712 } else {
2713 PKM_Error("derypt test case failed\n");
2714 }
2715
2716 return crv;
2717}
2718
2719CK_RV
2720PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
2721 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
2722 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
2723{
2724 CK_SESSION_HANDLE hSession;
2725 CK_RV crv = CKR_OK0x00000000UL;
2726 CK_MECHANISM sAESKeyMech = {
2727 CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0
2728 };
2729 CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL;
2730 CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL;
2731 CK_UTF8CHAR AESlabel[] = "An AES secret key object";
2732 CK_ULONG AESvalueLen = 16;
2733 CK_ATTRIBUTE sAESKeyTemplate[9];
2734 CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE0;
2735
2736 CK_BYTE KEY[16];
2737 CK_BYTE IV[16];
2738 static const CK_BYTE CIPHERTEXT[] = {
2739 0x7e, 0x6a, 0x3f, 0x3b, 0x39, 0x3c, 0xf2, 0x4b,
2740 0xce, 0xcc, 0x23, 0x6d, 0x80, 0xfd, 0xe0, 0xff
2741 };
2742 CK_BYTE ciphertext[64];
2743 CK_BYTE ciphertext2[64];
2744 CK_ULONG ciphertextLen, ciphertext2Len, lastLen;
2745 CK_BYTE plaintext[32];
2746 CK_BYTE plaintext2[32];
2747 CK_ULONG plaintextLen, plaintext2Len;
2748 CK_BYTE wrappedKey[16];
2749 CK_ULONG wrappedKeyLen;
2750 CK_MECHANISM aesEcbMech = {
2751 CKM_AES_ECB0x00001081UL, NULL((void*)0), 0
2752 };
2753 CK_OBJECT_HANDLE hTestKey;
2754 CK_MECHANISM mech_AES_CBC;
2755
2756 NUMTESTS++; /* increment NUMTESTS */
2757
2758 memset(ciphertext, 0, sizeof(ciphertext));
2759 memset(ciphertext2, 0, sizeof(ciphertext2));
2760 memset(IV, 0x00, sizeof(IV));
2761 memset(KEY, 0x00, sizeof(KEY));
2762
2763 mech_AES_CBC.mechanism = CKM_AES_CBC0x00001082UL;
2764 mech_AES_CBC.pParameter = IV;
2765 mech_AES_CBC.ulParameterLen = sizeof(IV);
2766
2767 /* AES key template */
2768 sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL;
2769 sAESKeyTemplate[0].pValue = &class;
2770 sAESKeyTemplate[0].ulValueLen = sizeof(class);
2771 sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL;
2772 sAESKeyTemplate[1].pValue = &keyAESType;
2773 sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
2774 sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL;
2775 sAESKeyTemplate[2].pValue = AESlabel;
2776 sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
2777 sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL;
2778 sAESKeyTemplate[3].pValue = &true;
2779 sAESKeyTemplate[3].ulValueLen = sizeof(true);
2780 sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL;
2781 sAESKeyTemplate[4].pValue = &true;
2782 sAESKeyTemplate[4].ulValueLen = sizeof(true);
2783 sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL;
2784 sAESKeyTemplate[5].pValue = &true;
2785 sAESKeyTemplate[5].ulValueLen = sizeof(true);
2786 sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL;
2787 sAESKeyTemplate[6].pValue = &true;
2788 sAESKeyTemplate[6].ulValueLen = sizeof(true);
2789 sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL;
2790 sAESKeyTemplate[7].pValue = &true;
2791 sAESKeyTemplate[7].ulValueLen = sizeof(true);
2792 sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL;
2793 sAESKeyTemplate[8].pValue = &AESvalueLen;
2794 sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
2795
2796 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
2797 NULL((void*)0), NULL((void*)0), &hSession);
2798 if (crv != CKR_OK0x00000000UL) {
2799 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
2800 PKM_CK_RVtoStr(crv));
2801 return crv;
2802 }
2803
2804 crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
2805 if (crv == CKR_OK0x00000000UL) {
2806 PKM_LogIt("C_Login with correct password succeeded\n");
2807 } else {
2808 PKM_Error("C_Login with correct password failed "
2809 "with 0x%08X, %-26s\n",
2810 crv, PKM_CK_RVtoStr(crv));
2811 return crv;
2812 }
2813
2814 PKM_LogIt("Generate an AES key ... \n");
2815 /* generate an AES Secret Key */
2816 crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
2817 sAESKeyTemplate,
2818 NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])),
2819 &hKey);
2820 if (crv == CKR_OK0x00000000UL) {
2821 PKM_LogIt("C_GenerateKey AES succeeded\n");
2822 } else {
2823 PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
2824 crv, PKM_CK_RVtoStr(crv));
2825 return crv;
2826 }
2827
2828 crv = pFunctionList->C_EncryptInit(hSession, &aesEcbMech, hKey);
2829 if (crv != CKR_OK0x00000000UL) {
2830 PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2831 PKM_CK_RVtoStr(crv));
2832 return crv;
2833 }
2834 wrappedKeyLen = sizeof(wrappedKey);
2835 crv = pFunctionList->C_Encrypt(hSession, KEY, sizeof(KEY),
2836 wrappedKey, &wrappedKeyLen);
2837 if (crv != CKR_OK0x00000000UL) {
2838 PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
2839 PKM_CK_RVtoStr(crv));
2840 return crv;
2841 }
2842 if (wrappedKeyLen != sizeof(wrappedKey)) {
2843 PKM_Error("wrappedKeyLen is %lu\n", wrappedKeyLen);
2844 return crv;
2845 }
2846 /* Import an encrypted key */
2847 crv = pFunctionList->C_UnwrapKey(hSession, &aesEcbMech, hKey,
2848 wrappedKey, wrappedKeyLen,
2849 sAESKeyTemplate,
2850 NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])),
2851 &hTestKey);
2852 if (crv != CKR_OK0x00000000UL) {
2853 PKM_Error("C_UnwraPKey failed with 0x%08X, %-26s\n", crv,
2854 PKM_CK_RVtoStr(crv));
2855 return crv;
2856 }
2857 /* AES Encrypt the text */
2858 crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
2859 if (crv != CKR_OK0x00000000UL) {
2860 PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2861 PKM_CK_RVtoStr(crv));
2862 return crv;
2863 }
2864 ciphertextLen = sizeof(ciphertext);
2865 crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)PLAINTEXT,
2866 sizeof(PLAINTEXT),
2867 ciphertext, &ciphertextLen);
2868 if (crv != CKR_OK0x00000000UL) {
2869 PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
2870 PKM_CK_RVtoStr(crv));
2871 return crv;
2872 }
2873
2874 if ((ciphertextLen == sizeof(CIPHERTEXT)) &&
2875 (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) {
2876 PKM_LogIt("AES CBCVarKey128 encrypt test case 1 passed\n");
2877 } else {
2878 PKM_Error("AES CBCVarKey128 encrypt test case 1 failed\n");
2879 return crv;
2880 }
2881
2882 /* now use EncryptUpdate the text */
2883 crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
2884 if (crv != CKR_OK0x00000000UL) {
2885 PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2886 PKM_CK_RVtoStr(crv));
2887 return crv;
2888 }
2889 ciphertext2Len = sizeof(ciphertext2);
2890 crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)PLAINTEXT,
2891 sizeof(PLAINTEXT),
2892 ciphertext2, &ciphertext2Len);
2893 if (crv != CKR_OK0x00000000UL) {
2894 PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
2895 PKM_CK_RVtoStr(crv));
2896 return crv;
2897 }
2898 lastLen = sizeof(ciphertext2) - ciphertext2Len;
2899
2900 crv = pFunctionList->C_EncryptFinal(hSession,
2901 (CK_BYTE *)&ciphertext2[ciphertext2Len],
2902 &lastLen);
2903 ciphertext2Len = ciphertext2Len + lastLen;
2904
2905 if ((ciphertextLen == ciphertext2Len) &&
2906 (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) &&
2907 (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) {
2908 PKM_LogIt("AES CBCVarKey128 encrypt test case 2 passed\n");
2909 } else {
2910 PKM_Error("AES CBCVarKey128 encrypt test case 2 failed\n");
2911 return CKR_GENERAL_ERROR0x00000005UL;
2912 }
2913
2914 /* AES CBC Decrypt the text */
2915 crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
2916 if (crv != CKR_OK0x00000000UL) {
2917 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2918 PKM_CK_RVtoStr(crv));
2919 return crv;
2920 }
2921 plaintextLen = sizeof(plaintext);
2922 crv = pFunctionList->C_Decrypt(hSession, ciphertext, ciphertextLen,
2923 plaintext, &plaintextLen);
2924 if (crv != CKR_OK0x00000000UL) {
2925 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2926 PKM_CK_RVtoStr(crv));
2927 return crv;
2928 }
2929 if ((plaintextLen == sizeof(PLAINTEXT)) &&
2930 (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) {
2931 PKM_LogIt("AES CBCVarKey128 decrypt test case 1 passed\n");
2932 } else {
2933 PKM_Error("AES CBCVarKey128 derypt test case 1 failed\n");
2934 }
2935 /* now use DecryptUpdate the text */
2936 crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
2937 if (crv != CKR_OK0x00000000UL) {
2938 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2939 PKM_CK_RVtoStr(crv));
2940 return crv;
2941 }
2942 plaintext2Len = sizeof(plaintext2);
2943 crv = pFunctionList->C_DecryptUpdate(hSession, ciphertext2,
2944 ciphertext2Len,
2945 plaintext2, &plaintext2Len);
2946 if (crv != CKR_OK0x00000000UL) {
2947 PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
2948 PKM_CK_RVtoStr(crv));
2949 return crv;
2950 }
2951 lastLen = sizeof(plaintext2) - plaintext2Len;
2952 crv = pFunctionList->C_DecryptFinal(hSession,
2953 (CK_BYTE *)&plaintext2[plaintext2Len],
2954 &lastLen);
2955 plaintext2Len = plaintext2Len + lastLen;
2956
2957 if ((plaintextLen == plaintext2Len) &&
2958 (memcmp(plaintext, plaintext2, plaintext2Len) == 0) &&
2959 (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) {
2960 PKM_LogIt("AES CBCVarKey128 decrypt test case 2 passed\n");
2961 } else {
2962 PKM_Error("AES CBCVarKey128 decrypt test case 2 failed\n");
2963 return CKR_GENERAL_ERROR0x00000005UL;
2964 }
2965
2966 crv = pFunctionList->C_Logout(hSession);
2967 if (crv == CKR_OK0x00000000UL) {
2968 PKM_LogIt("C_Logout succeeded\n");
2969 } else {
2970 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
2971 PKM_CK_RVtoStr(crv));
2972 return crv;
2973 }
2974 crv = pFunctionList->C_CloseSession(hSession);
2975 if (crv != CKR_OK0x00000000UL) {
2976 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
2977 PKM_CK_RVtoStr(crv));
2978 return crv;
2979 }
2980
2981 return crv;
2982}
2983
2984CK_RV
2985PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
2986 CK_SESSION_HANDLE hRwSession,
2987 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
2988 CK_MECHANISM *signMech, const CK_BYTE *pData,
2989 CK_ULONG pDataLen)
2990{
2991 CK_RV crv = CKR_OK0x00000000UL;
2992 CK_BYTE sig[MAX_SIG_SZ128];
2993 CK_ULONG sigLen = 0;
2994
2995 NUMTESTS++; /* increment NUMTESTS */
2996 memset(sig, 0, sizeof(sig));
2997
2998 /* C_Sign */
2999 crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
3000 if (crv != CKR_OK0x00000000UL) {
3001 PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
3002 PKM_CK_RVtoStr(crv));
3003 return crv;
3004 }
3005 sigLen = sizeof(sig);
3006 crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)pData, pDataLen,
3007 sig, &sigLen);
3008 if (crv != CKR_OK0x00000000UL) {
3009 PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
3010 PKM_CK_RVtoStr(crv));
3011 return crv;
3012 }
3013
3014 /* C_Verify the signature */
3015 crv = pFunctionList->C_VerifyInit(hRwSession, signMech, hPubKey);
3016 if (crv != CKR_OK0x00000000UL) {
3017 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3018 PKM_CK_RVtoStr(crv));
3019 return crv;
3020 }
3021 crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE *)pData, pDataLen,
3022 sig, sigLen);
3023 if (crv == CKR_OK0x00000000UL) {
3024 PKM_LogIt("C_Verify succeeded\n");
3025 } else {
3026 PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
3027 PKM_CK_RVtoStr(crv));
3028 return crv;
3029 }
3030
3031 /* Check that the mechanism is Multi-part */
3032 if (signMech->mechanism == CKM_DSA0x00000011UL ||
3033 signMech->mechanism == CKM_RSA_PKCS0x00000001UL) {
3034 return crv;
3035 }
3036
3037 memset(sig, 0, sizeof(sig));
3038 /* SignUpdate */
3039 crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
3040 if (crv != CKR_OK0x00000000UL) {
3041 PKM_Error("C_SignInit failed with 0x%08lX %-26s\n", crv,
3042 PKM_CK_RVtoStr(crv));
3043 return crv;
3044 }
3045 crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE *)pData, pDataLen);
3046 if (crv != CKR_OK0x00000000UL) {
3047 PKM_Error("C_Sign failed with 0x%08lX %-26s\n", crv,
3048 PKM_CK_RVtoStr(crv));
3049 return crv;
3050 }
3051
3052 sigLen = sizeof(sig);
3053 crv = pFunctionList->C_SignFinal(hRwSession, sig, &sigLen);
3054 if (crv != CKR_OK0x00000000UL) {
3055 PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
3056 PKM_CK_RVtoStr(crv));
3057 return crv;
3058 }
3059
3060 /* C_VerifyUpdate the signature */
3061 crv = pFunctionList->C_VerifyInit(hRwSession, signMech,
3062 hPubKey);
3063 if (crv != CKR_OK0x00000000UL) {
3064 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3065 PKM_CK_RVtoStr(crv));
3066 return crv;
3067 }
3068 crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE *)pData,
3069 pDataLen);
3070 if (crv != CKR_OK0x00000000UL) {
3071 PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3072 PKM_CK_RVtoStr(crv));
3073 return crv;
3074 }
3075 crv = pFunctionList->C_VerifyFinal(hRwSession, sig, sigLen);
3076 if (crv == CKR_OK0x00000000UL) {
3077 PKM_LogIt("C_VerifyFinal succeeded\n");
3078 } else {
3079 PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
3080 PKM_CK_RVtoStr(crv));
3081 return crv;
3082 }
3083 return crv;
3084}
3085
3086CK_RV
3087PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
3088 CK_SLOT_ID *pSlotList,
3089 CK_ULONG slotID, CK_UTF8CHAR_PTR pwd,
3090 CK_ULONG pwdLen)
3091{
3092 CK_SESSION_HANDLE hSession;
3093 CK_RV crv = CKR_OK0x00000000UL;
3094
3095 /*** DSA Key ***/
3096 CK_MECHANISM dsaParamGenMech;
3097 CK_ULONG primeBits = 1024;
3098 CK_ATTRIBUTE dsaParamGenTemplate[1];
3099 CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE0;
3100 CK_BYTE DSA_P[128];
3101 CK_BYTE DSA_Q[20];
3102 CK_BYTE DSA_G[128];
3103 CK_MECHANISM dsaKeyPairGenMech;
3104 CK_ATTRIBUTE dsaPubKeyTemplate[5];
3105 CK_ATTRIBUTE dsaPrivKeyTemplate[5];
3106 CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE0;
3107 CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE0;
3108
3109 /* From SHA1ShortMsg.req, Len = 136 */
3110 CK_BYTE MSG[] = {
3111 0xba, 0x33, 0x95, 0xfb,
3112 0x5a, 0xfa, 0x8e, 0x6a,
3113 0x43, 0xdf, 0x41, 0x6b,
3114 0x32, 0x7b, 0x74, 0xfa,
3115 0x44
3116 };
3117 CK_BYTE MD[] = {
3118 0xf7, 0x5d, 0x92, 0xa4,
3119 0xbb, 0x4d, 0xec, 0xc3,
3120 0x7c, 0x5c, 0x72, 0xfa,
3121 0x04, 0x75, 0x71, 0x0a,
3122 0x06, 0x75, 0x8c, 0x1d
3123 };
3124
3125 CK_BYTE sha1Digest[20];
3126 CK_ULONG sha1DigestLen;
3127 CK_BYTE dsaSig[40];
3128 CK_ULONG dsaSigLen;
3129 CK_MECHANISM sha1Mech = {
3130 CKM_SHA_10x00000220UL, NULL((void*)0), 0
3131 };
3132 CK_MECHANISM dsaMech = {
3133 CKM_DSA0x00000011UL, NULL((void*)0), 0
3134 };
3135 CK_MECHANISM dsaWithSha1Mech = {
3136 CKM_DSA_SHA10x00000012UL, NULL((void*)0), 0
3137 };
3138
3139 NUMTESTS++; /* increment NUMTESTS */
3140
3141 /* DSA key init */
3142 dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN0x00002000UL;
3143 dsaParamGenMech.pParameter = NULL_PTR0;
3144 dsaParamGenMech.ulParameterLen = 0;
3145 dsaParamGenTemplate[0].type = CKA_PRIME_BITS0x00000133UL;
3146 dsaParamGenTemplate[0].pValue = &primeBits;
3147 dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
3148 dsaPubKeyTemplate[0].type = CKA_PRIME0x00000130UL;
3149 dsaPubKeyTemplate[0].pValue = DSA_P;
3150 dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
3151 dsaPubKeyTemplate[1].type = CKA_SUBPRIME0x00000131UL;
3152 dsaPubKeyTemplate[1].pValue = DSA_Q;
3153 dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
3154 dsaPubKeyTemplate[2].type = CKA_BASE0x00000132UL;
3155 dsaPubKeyTemplate[2].pValue = DSA_G;
3156 dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
3157 dsaPubKeyTemplate[3].type = CKA_TOKEN0x00000001UL;
3158 dsaPubKeyTemplate[3].pValue = &true;
3159 dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
3160 dsaPubKeyTemplate[4].type = CKA_VERIFY0x0000010AUL;
3161 dsaPubKeyTemplate[4].pValue = &true;
3162 dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
3163 dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN0x00000010UL;
3164 dsaKeyPairGenMech.pParameter = NULL_PTR0;
3165 dsaKeyPairGenMech.ulParameterLen = 0;
3166 dsaPrivKeyTemplate[0].type = CKA_TOKEN0x00000001UL;
3167 dsaPrivKeyTemplate[0].pValue = &true;
3168 dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
3169 dsaPrivKeyTemplate[1].type = CKA_PRIVATE0x00000002UL;
3170 dsaPrivKeyTemplate[1].pValue = &true;
3171 dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
3172 dsaPrivKeyTemplate[2].type = CKA_SENSITIVE0x00000103UL;
3173 dsaPrivKeyTemplate[2].pValue = &true;
3174 dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
3175 dsaPrivKeyTemplate[3].type = CKA_SIGN0x00000108UL,
3176 dsaPrivKeyTemplate[3].pValue = &true;
3177 dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
3178 dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE0x00000162UL;
3179 dsaPrivKeyTemplate[4].pValue = &true;
3180 dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
3181
3182 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
3183 CKF_RW_SESSION0x00000002UL | CKF_SERIAL_SESSION0x00000004UL,
3184 NULL((void*)0), NULL((void*)0), &hSession);
3185 if (crv != CKR_OK0x00000000UL) {
3186 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
3187 PKM_CK_RVtoStr(crv));
3188 return crv;
3189 }
3190
3191 crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
3192 if (crv == CKR_OK0x00000000UL) {
3193 PKM_LogIt("C_Login with correct password succeeded\n");
3194 } else {
3195 PKM_Error("C_Login with correct password failed "
3196 "with 0x%08X, %-26s\n",
3197 crv, PKM_CK_RVtoStr(crv));
3198 return crv;
3199 }
3200
3201 PKM_LogIt("Generate DSA PQG domain parameters ... \n");
3202 /* Generate DSA domain parameters PQG */
3203 crv = pFunctionList->C_GenerateKey(hSession, &dsaParamGenMech,
3204 dsaParamGenTemplate,
3205 1,
3206 &hDsaParams);
3207 if (crv == CKR_OK0x00000000UL) {
3208 PKM_LogIt("DSA domain parameter generation succeeded\n");
3209 } else {
3210 PKM_Error("DSA domain parameter generation failed "
3211 "with 0x%08X, %-26s\n",
3212 crv, PKM_CK_RVtoStr(crv));
3213 return crv;
3214 }
3215 crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams,
3216 dsaPubKeyTemplate, 3);
3217 if (crv == CKR_OK0x00000000UL) {
3218 PKM_LogIt("Getting DSA domain parameters succeeded\n");
3219 } else {
3220 PKM_Error("Getting DSA domain parameters failed "
3221 "with 0x%08X, %-26s\n",
3222 crv, PKM_CK_RVtoStr(crv));
3223 return crv;
3224 }
3225 crv = pFunctionList->C_DestroyObject(hSession, hDsaParams);
3226 if (crv == CKR_OK0x00000000UL) {
3227 PKM_LogIt("Destroying DSA domain parameters succeeded\n");
3228 } else {
3229 PKM_Error("Destroying DSA domain parameters failed "
3230 "with 0x%08X, %-26s\n",
3231 crv, PKM_CK_RVtoStr(crv));
3232 return crv;
3233 }
3234
3235 PKM_LogIt("Generate a DSA key pair ... \n");
3236 /* Generate a persistent DSA key pair */
3237 crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech,
3238 dsaPubKeyTemplate,
3239 NUM_ELEM(dsaPubKeyTemplate)(sizeof(dsaPubKeyTemplate) / sizeof(dsaPubKeyTemplate[0])),
3240 dsaPrivKeyTemplate,
3241 NUM_ELEM(dsaPrivKeyTemplate)(sizeof(dsaPrivKeyTemplate) / sizeof(dsaPrivKeyTemplate[0])),
3242 &hDSApubKey, &hDSAprivKey);
3243 if (crv == CKR_OK0x00000000UL) {
3244 PKM_LogIt("DSA key pair generation succeeded\n");
3245 } else {
3246 PKM_Error("DSA key pair generation failed "
3247 "with 0x%08X, %-26s\n",
3248 crv, PKM_CK_RVtoStr(crv));
3249 return crv;
3250 }
3251
3252 /* Compute SHA-1 digest */
3253 crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
3254 if (crv != CKR_OK0x00000000UL) {
3255 PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
3256 PKM_CK_RVtoStr(crv));
3257 return crv;
3258 }
3259 sha1DigestLen = sizeof(sha1Digest);
3260 crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
3261 sha1Digest, &sha1DigestLen);
3262 if (crv != CKR_OK0x00000000UL) {
3263 PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv,
3264 PKM_CK_RVtoStr(crv));
3265 return crv;
3266 }
3267 if (sha1DigestLen != sizeof(sha1Digest)) {
3268 PKM_Error("sha1DigestLen is %lu\n", sha1DigestLen);
3269 return crv;
3270 }
3271
3272 if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) {
3273 PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n");
3274 } else {
3275 PKM_Error("SHA-1 SHA1ShortMsg test case Len = 136 failed\n");
3276 }
3277
3278 crv = PKM_PubKeySign(pFunctionList, hSession,
3279 hDSApubKey, hDSAprivKey,
3280 &dsaMech, sha1Digest, sizeof(sha1Digest));
3281 if (crv == CKR_OK0x00000000UL) {
3282 PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n");
3283 } else {
3284 PKM_Error("PKM_PubKeySign failed "
3285 "with 0x%08X, %-26s\n",
3286 crv, PKM_CK_RVtoStr(crv));
3287 return crv;
3288 }
3289 crv = PKM_PubKeySign(pFunctionList, hSession,
3290 hDSApubKey, hDSAprivKey,
3291 &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
3292 if (crv == CKR_OK0x00000000UL) {
3293 PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n");
3294 } else {
3295 PKM_Error("PKM_PubKeySign failed "
3296 "with 0x%08X, %-26s\n",
3297 crv, PKM_CK_RVtoStr(crv));
3298 return crv;
3299 }
3300
3301 /* Sign with DSA */
3302 crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey);
3303 if (crv != CKR_OK0x00000000UL) {
3304 PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
3305 PKM_CK_RVtoStr(crv));
3306 return crv;
3307 }
3308 dsaSigLen = sizeof(dsaSig);
3309 crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen,
3310 dsaSig, &dsaSigLen);
3311 if (crv != CKR_OK0x00000000UL) {
3312 PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
3313 PKM_CK_RVtoStr(crv));
3314 return crv;
3315 }
3316
3317 /* Verify the DSA signature */
3318 crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
3319 if (crv != CKR_OK0x00000000UL) {
3320 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3321 PKM_CK_RVtoStr(crv));
3322 return crv;
3323 }
3324 crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
3325 dsaSig, dsaSigLen);
3326 if (crv == CKR_OK0x00000000UL) {
3327 PKM_LogIt("C_Verify succeeded\n");
3328 } else {
3329 PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
3330 PKM_CK_RVtoStr(crv));
3331 return crv;
3332 }
3333
3334 /* Verify the signature in a different way */
3335 crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
3336 hDSApubKey);
3337 if (crv != CKR_OK0x00000000UL) {
3338 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3339 PKM_CK_RVtoStr(crv));
3340 return crv;
3341 }
3342 crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
3343 if (crv != CKR_OK0x00000000UL) {
3344 PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3345 PKM_CK_RVtoStr(crv));
3346 return crv;
3347 }
3348 crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1);
3349 if (crv != CKR_OK0x00000000UL) {
3350 PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3351 PKM_CK_RVtoStr(crv));
3352 return crv;
3353 }
3354 crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
3355 if (crv == CKR_OK0x00000000UL) {
3356 PKM_LogIt("C_VerifyFinal succeeded\n");
3357 } else {
3358 PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
3359 PKM_CK_RVtoStr(crv));
3360 return crv;
3361 }
3362
3363 /* Verify the signature in a different way */
3364 crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
3365 hDSApubKey);
3366 if (crv != CKR_OK0x00000000UL) {
3367 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n",
3368 crv, PKM_CK_RVtoStr(crv));
3369 return crv;
3370 }
3371 crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
3372 if (crv != CKR_OK0x00000000UL) {
3373 PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n",
3374 crv, PKM_CK_RVtoStr(crv));
3375 return crv;
3376 }
3377 crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1);
3378 if (crv != CKR_OK0x00000000UL) {
3379 PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n",
3380 crv, PKM_CK_RVtoStr(crv));
3381 return crv;
3382 }
3383 crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
3384 if (crv == CKR_OK0x00000000UL) {
3385 PKM_LogIt("C_VerifyFinal of multi update succeeded.\n");
3386 } else {
3387 PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n",
3388 crv, PKM_CK_RVtoStr(crv));
3389 return crv;
3390 }
3391 /* Now modify the data */
3392 MSG[0] += 1;
3393 /* Compute SHA-1 digest */
3394 crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
3395 if (crv != CKR_OK0x00000000UL) {
3396 PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
3397 PKM_CK_RVtoStr(crv));
3398 return crv;
3399 }
3400 sha1DigestLen = sizeof(sha1Digest);
3401 crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
3402 sha1Digest, &sha1DigestLen);
3403 if (crv != CKR_OK0x00000000UL) {
3404 PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv,
3405 PKM_CK_RVtoStr(crv));
3406 return crv;
3407 }
3408 crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
3409 if (crv != CKR_OK0x00000000UL) {
3410 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3411 PKM_CK_RVtoStr(crv));
3412 return crv;
3413 }
3414 crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
3415 dsaSig, dsaSigLen);
3416 if (crv != CKR_SIGNATURE_INVALID0x000000C0UL) {
3417 PKM_Error("C_Verify of modified data succeeded\n");
3418 return crv;
3419 } else {
3420 PKM_LogIt("C_Verify of modified data returned as EXPECTED "
3421 " with 0x%08X, %-26s\n",
3422 crv, PKM_CK_RVtoStr(crv));
3423 }
3424
3425 crv = pFunctionList->C_Logout(hSession);
3426 if (crv == CKR_OK0x00000000UL) {
3427 PKM_LogIt("C_Logout succeeded\n");
3428 } else {
3429 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
3430 PKM_CK_RVtoStr(crv));
3431 return crv;
3432 }
3433
3434 crv = pFunctionList->C_CloseSession(hSession);
3435 if (crv != CKR_OK0x00000000UL) {
3436 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
3437 PKM_CK_RVtoStr(crv));
3438 return crv;
3439 }
3440
3441 return crv;
3442}
3443
3444CK_RV
3445PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
3446 CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
3447 const CK_BYTE *pData, CK_ULONG pDataLen)
3448{
3449
3450 CK_RV crv = CKR_OK0x00000000UL;
3451
3452 CK_BYTE hmac1[HMAC_MAX_LENGTH64];
3453 CK_ULONG hmac1Len = 0;
3454 CK_BYTE hmac2[HMAC_MAX_LENGTH64];
3455 CK_ULONG hmac2Len = 0;
3456
3457 memset(hmac1, 0, sizeof(hmac1));
3458 memset(hmac2, 0, sizeof(hmac2));
3459
3460 NUMTESTS++; /* increment NUMTESTS */
3461
3462 crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
3463 if (crv == CKR_OK0x00000000UL) {
3464 PKM_LogIt("C_SignInit succeeded\n");
3465 } else {
3466 PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
3467 PKM_CK_RVtoStr(crv));
3468 return crv;
3469 }
3470
3471 hmac1Len = sizeof(hmac1);
3472 crv = pFunctionList->C_Sign(hSession, (CK_BYTE *)pData,
3473 pDataLen,
3474 (CK_BYTE *)hmac1, &hmac1Len);
3475 if (crv == CKR_OK0x00000000UL) {
3476 PKM_LogIt("C_Sign succeeded\n");
3477 } else {
3478 PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
3479 PKM_CK_RVtoStr(crv));
3480 return crv;
3481 }
3482
3483 crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
3484 if (crv == CKR_OK0x00000000UL) {
3485 PKM_LogIt("C_SignInit succeeded\n");
3486 } else {
3487 PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
3488 PKM_CK_RVtoStr(crv));
3489 return crv;
3490 }
3491
3492 crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE *)pData,
3493 pDataLen);
3494 if (crv == CKR_OK0x00000000UL) {
3495 PKM_LogIt("C_SignUpdate succeeded\n");
3496 } else {
3497 PKM_Error("C_SignUpdate failed with 0x%08X, %-26s\n", crv,
3498 PKM_CK_RVtoStr(crv));
3499 return crv;
3500 }
3501
3502 hmac2Len = sizeof(hmac2);
3503 crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE *)hmac2, &hmac2Len);
3504 if (crv == CKR_OK0x00000000UL) {
3505 PKM_LogIt("C_SignFinal succeeded\n");
3506 } else {
3507 PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv,
3508 PKM_CK_RVtoStr(crv));
3509 return crv;
3510 }
3511
3512 if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0)) {
3513 PKM_LogIt("hmacs are equal!\n");
3514 } else {
3515 PKM_Error("hmacs are not equal!\n");
3516 }
3517 crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
3518 if (crv != CKR_OK0x00000000UL) {
3519 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3520 PKM_CK_RVtoStr(crv));
3521 return crv;
3522 }
3523 crv = pFunctionList->C_Verify(hSession, (CK_BYTE *)pData,
3524 pDataLen,
3525 (CK_BYTE *)hmac2, hmac2Len);
3526 if (crv == CKR_OK0x00000000UL) {
3527 PKM_LogIt("C_Verify of hmac succeeded\n");
3528 } else {
3529 PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
3530 PKM_CK_RVtoStr(crv));
3531 return crv;
3532 }
3533 crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
3534 if (crv != CKR_OK0x00000000UL) {
3535 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3536 PKM_CK_RVtoStr(crv));
3537 return crv;
3538 }
3539 crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE *)pData,
3540 pDataLen);
3541 if (crv == CKR_OK0x00000000UL) {
3542 PKM_LogIt("C_VerifyUpdate of hmac succeeded\n");
3543 } else {
3544 PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3545 PKM_CK_RVtoStr(crv));
3546 return crv;
3547 }
3548 crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE *)hmac1,
3549 hmac1Len);
3550 if (crv == CKR_OK0x00000000UL) {
3551 PKM_LogIt("C_VerifyFinal of hmac succeeded\n");
3552 } else {
3553 PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
3554 PKM_CK_RVtoStr(crv));
3555 return crv;
3556 }
3557 return crv;
3558}
3559
3560CK_RV
3561PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
3562 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
3563 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
3564{
3565 CK_RV crv = CKR_OK0x00000000UL;
3566
3567 CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
3568 CK_SESSION_INFO sinfo;
3569 CK_ATTRIBUTE_PTR pTemplate;
3570 CK_ULONG tnObjects = 0;
3571 int curMode;
3572 unsigned int i;
3573 unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute);
3574
3575 NUMTESTS++; /* increment NUMTESTS */
3576
3577 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
3578 NULL((void*)0), NULL((void*)0), &h);
3579 if (CKR_OK0x00000000UL != crv) {
3580 PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
3581 "returned 0x%08X, %-26s\n",
3582 pSlotList[slotID], crv,
3583 PKM_CK_RVtoStr(crv));
3584 return crv;
3585 }
3586
3587 PKM_LogIt(" Opened a session: handle = 0x%08x\n", h);
3588
3589 (void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO));
3590 crv = pFunctionList->C_GetSessionInfo(h, &sinfo);
3591 if (CKR_OK0x00000000UL != crv) {
3592 PKM_LogIt("C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv,
3593 PKM_CK_RVtoStr(crv));
3594 return crv;
3595 }
3596
3597 PKM_LogIt(" SESSION INFO:\n");
3598 PKM_LogIt(" slotID = %lu\n", sinfo.slotID);
3599 PKM_LogIt(" state = %lu\n", sinfo.state);
3600 PKM_LogIt(" flags = 0x%08x\n", sinfo.flags);
3601#ifdef CKF_EXCLUSIVE_SESSION
3602 PKM_LogIt(" -> EXCLUSIVE SESSION = %s\n", sinfo.flags & CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE");
3603#endif /* CKF_EXCLUSIVE_SESSION */
3604 PKM_LogIt(" -> RW SESSION = %s\n", sinfo.flags & CKF_RW_SESSION0x00000002UL ? "TRUE" : "FALSE");
3605 PKM_LogIt(" -> SERIAL SESSION = %s\n", sinfo.flags & CKF_SERIAL_SESSION0x00000004UL ? "TRUE" : "FALSE");
3606#ifdef CKF_INSERTION_CALLBACK
3607 PKM_LogIt(" -> INSERTION CALLBACK = %s\n", sinfo.flags & CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE");
3608#endif /* CKF_INSERTION_CALLBACK */
3609 PKM_LogIt(" ulDeviceError = %lu\n", sinfo.ulDeviceError);
3610 PKM_LogIt("\n");
3611
3612 crv = pFunctionList->C_FindObjectsInit(h, NULL((void*)0), 0);
3613 if (CKR_OK0x00000000UL != crv) {
3614 PKM_LogIt("C_FindObjectsInit(%lu, NULL, 0) returned "
3615 "0x%08X, %-26s\n",
3616 h, crv, PKM_CK_RVtoStr(crv));
3617 return crv;
3618 }
3619
3620 pTemplate = (CK_ATTRIBUTE_PTR)calloc(number_of_all_known_attribute_types,
3621 sizeof(CK_ATTRIBUTE));
3622 if ((CK_ATTRIBUTE_PTR)NULL((void*)0) == pTemplate) {
3623 PKM_Error("[pTemplate memory allocation of %lu bytes failed]\n",
3624 number_of_all_known_attribute_types *
3625 sizeof(CK_ATTRIBUTE));
3626 return crv;
3627 }
3628
3629 PKM_LogIt(" All objects:\n");
3630 /* Printing table set to NOMODE */
3631 curMode = MODE;
3632 MODE = NOMODE3;
3633
3634 while (1) {
3635 CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0;
3636 CK_ULONG nObjects = 0;
3637 CK_ULONG k;
3638 CK_ULONG nAttributes = 0;
3639 CK_ATTRIBUTE_PTR pT2;
3640 CK_ULONG l;
3641 const char *attName = NULL((void*)0);
3642
3643 crv = pFunctionList->C_FindObjects(h, &o, 1, &nObjects);
3644 if (CKR_OK0x00000000UL != crv) {
3645 PKM_Error("C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n",
3646 h, crv, PKM_CK_RVtoStr(crv));
3647 return crv;
3648 }
3649
3650 if (0 == nObjects) {
3651 PKM_LogIt("\n");
3652 break;
3653 }
3654
3655 tnObjects++;
3656
3657 PKM_LogIt(" OBJECT HANDLE %lu:\n", o);
3658
3659 k = 0;
3660 for (i = 0; i < constCount; i++) {
3661 if (consts[i].type == ConstAttribute) {
3662 pTemplate[k].type = consts[i].value;
3663 pTemplate[k].pValue = (CK_VOID_PTR)NULL((void*)0);
3664 pTemplate[k].ulValueLen = 0;
3665 k++;
3666 }
3667 assert(k <= number_of_all_known_attribute_types)((k <= number_of_all_known_attribute_types) ? (void) (0) :
__assert_fail ("k <= number_of_all_known_attribute_types"
, "pk11mode.c", 3667, __extension__ __PRETTY_FUNCTION__));
3668 }
3669
3670 crv = pFunctionList->C_GetAttributeValue(h, o, pTemplate,
3671 number_of_all_known_attribute_types);
3672 switch (crv) {
3673 case CKR_OK0x00000000UL:
3674 case CKR_ATTRIBUTE_SENSITIVE0x00000011UL:
3675 case CKR_ATTRIBUTE_TYPE_INVALID0x00000012UL:
3676 case CKR_BUFFER_TOO_SMALL0x00000150UL:
3677 break;
3678 default:
3679 PKM_Error("C_GetAtributeValue(%lu, %lu, {all attribute types},"
3680 "%lu) returned 0x%08X, %-26s\n",
3681 h, o, number_of_all_known_attribute_types, crv,
3682 PKM_CK_RVtoStr(crv));
3683 return crv;
3684 }
3685
3686 for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; k++) {
3687 if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
3688 nAttributes++;
3689 }
3690 }
3691
3692 PKM_LogIt(" %lu attributes:\n", nAttributes);
3693 for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types;
3694 k++) {
3695 if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
3696 attName = getNameFromAttribute(pTemplate[k].type);
3697 if (!attName) {
3698 PKM_Error("Unable to find attribute name update pk11table.c\n");
3699 }
3700 PKM_LogIt(" %s 0x%08x (len = %lu)\n",
3701 attName,
3702 pTemplate[k].type,
3703 pTemplate[k].ulValueLen);
3704 }
3705 }
3706 PKM_LogIt("\n");
3707
3708 pT2 = (CK_ATTRIBUTE_PTR)calloc(nAttributes, sizeof(CK_ATTRIBUTE));
3709 if ((CK_ATTRIBUTE_PTR)NULL((void*)0) == pT2) {
3710 PKM_Error("[pT2 memory allocation of %lu bytes failed]\n",
3711 nAttributes * sizeof(CK_ATTRIBUTE));
3712 return crv;
3713 }
3714
3715 /* allocate memory for the attribute values */
3716 for (l = 0, k = 0; k < (CK_ULONG)number_of_all_known_attribute_types;
3717 k++) {
3718 if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
3719 pT2[l].type = pTemplate[k].type;
3720 pT2[l].ulValueLen = pTemplate[k].ulValueLen;
3721 if (pT2[l].ulValueLen > 0) {
3722 pT2[l].pValue = (CK_VOID_PTR)malloc(pT2[l].ulValueLen);
3723 if ((CK_VOID_PTR)NULL((void*)0) == pT2[l].pValue) {
3724 PKM_Error("pValue memory allocation of %lu bytes failed]\n",
3725 pT2[l].ulValueLen);
3726 return crv;
3727 }
3728 } else
3729 pT2[l].pValue = (CK_VOID_PTR)NULL((void*)0);
3730 l++;
3731 }
3732 }
3733
3734 assert(l == nAttributes)((l == nAttributes) ? (void) (0) : __assert_fail ("l == nAttributes"
, "pk11mode.c", 3734, __extension__ __PRETTY_FUNCTION__));
3735
3736 crv = pFunctionList->C_GetAttributeValue(h, o, pT2, nAttributes);
3737 switch (crv) {
3738 case CKR_OK0x00000000UL:
3739 case CKR_ATTRIBUTE_SENSITIVE0x00000011UL:
3740 case CKR_ATTRIBUTE_TYPE_INVALID0x00000012UL:
3741 case CKR_BUFFER_TOO_SMALL0x00000150UL:
3742 break;
3743 default:
3744 PKM_Error("C_GetAtributeValue(%lu, %lu, {existent attribute"
3745 " types}, %lu) returned 0x%08X, %-26s\n",
3746 h, o, nAttributes, crv, PKM_CK_RVtoStr(crv));
3747 return crv;
3748 }
3749
3750 for (l = 0; l < nAttributes; l++) {
3751 attName = getNameFromAttribute(pT2[l].type);
3752 if (!attName)
3753 attName = "unknown attribute";
3754 PKM_LogIt(" type = %s len = %ld",
3755 attName, (CK_LONG)pT2[l].ulValueLen);
3756
3757 if (-1 == (CK_LONG)pT2[l].ulValueLen) {
3758 ;
3759 } else {
3760 CK_ULONG m;
3761
3762 if (pT2[l].ulValueLen <= 8) {
3763 PKM_LogIt(", value = ");
3764 } else {
3765 PKM_LogIt(", value = \n ");
3766 }
3767
3768 for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) {
3769 PKM_LogIt("%02x", (CK_ULONG)(0xff &
3770 ((CK_CHAR_PTR)pT2[l].pValue)[m]));
3771 }
3772
3773 PKM_LogIt(" ");
3774
3775 for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) {
3776 CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m];
3777 if ((c < 0x20) || (c >= 0x7f)) {
3778 c = '.';
3779 }
3780 PKM_LogIt("%c", c);
3781 }
3782 }
3783
3784 PKM_LogIt("\n");
3785 }
3786
3787 PKM_LogIt("\n");
3788
3789 for (l = 0; l < nAttributes; l++) {
3790 if (pT2[l].pValue) {
3791 free(pT2[l].pValue);
3792 }
3793 }
3794 free(pT2);
3795 } /* while(1) */
3796
3797 MODE = curMode; /* reset the logging MODE */
3798
3799 crv = pFunctionList->C_FindObjectsFinal(h);
3800 if (CKR_OK0x00000000UL != crv) {
3801 PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv,
3802 PKM_CK_RVtoStr(crv));
3803 return crv;
3804 }
3805
3806 PKM_LogIt(" (%lu objects total)\n", tnObjects);
3807
3808 crv = pFunctionList->C_CloseSession(h);
3809 if (CKR_OK0x00000000UL != crv) {
3810 PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv,
3811 PKM_CK_RVtoStr(crv));
3812 return crv;
3813 }
3814
3815 return crv;
3816}
3817/* session to create, find, and delete a couple session objects */
3818CK_RV
3819PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
3820 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
3821 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
3822{
3823
3824 CK_RV crv = CKR_OK0x00000000UL;
3825
3826 CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
3827 CK_SESSION_HANDLE h2 = (CK_SESSION_HANDLE)0;
3828 CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1];
3829 CK_OBJECT_CLASS cko_data = CKO_DATA0x00000000UL;
3830 char *key = "TEST PROGRAM";
3831 CK_ULONG key_len = 0;
3832 CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0;
3833 CK_OBJECT_HANDLE hTwoIn = (CK_OBJECT_HANDLE)0;
3834 CK_OBJECT_HANDLE hThreeIn = (CK_OBJECT_HANDLE)0;
3835 CK_OBJECT_HANDLE hDeltaIn = (CK_OBJECT_HANDLE)0;
3836 CK_OBJECT_HANDLE found[10];
3837 CK_ULONG nFound;
3838 CK_ULONG hDeltaLen, hThreeLen = 0;
3839
3840 CK_TOKEN_INFO tinfo;
3841
3842 NUMTESTS++; /* increment NUMTESTS */
3843 key_len = sizeof(key);
3844 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
3845 CKF_SERIAL_SESSION0x00000004UL, NULL((void*)0), NULL((void*)0), &h);
3846 if (CKR_OK0x00000000UL != crv) {
3847 PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
3848 "returned 0x%08X, %-26s\n",
3849 pSlotList[slotID], crv,
3850 PKM_CK_RVtoStr(crv));
3851 return crv;
3852 }
3853 crv = pFunctionList->C_Login(h, CKU_USER1, pwd, pwdLen);
3854 if (crv == CKR_OK0x00000000UL) {
3855 PKM_LogIt("C_Login with correct password succeeded\n");
3856 } else {
3857 PKM_Error("C_Login with correct password failed "
3858 "with 0x%08X, %-26s\n",
3859 crv, PKM_CK_RVtoStr(crv));
3860 return crv;
3861 }
3862
3863 (void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO));
3864 crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tinfo);
3865 if (CKR_OK0x00000000UL != crv) {
3866 PKM_Error("C_GetTokenInfo(%lu, ) returned 0x%08X, %-26s\n",
3867 pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
3868 return crv;
3869 }
3870
3871 PKM_LogIt(" Opened a session: handle = 0x%08x\n", h);
3872
3873 one[0].type = CKA_CLASS0x00000000UL;
3874 one[0].pValue = &cko_data;
3875 one[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
3876 one[1].type = CKA_TOKEN0x00000001UL;
3877 one[1].pValue = &false;
3878 one[1].ulValueLen = sizeof(CK_BBOOL);
3879 one[2].type = CKA_PRIVATE0x00000002UL;
3880 one[2].pValue = &false;
3881 one[2].ulValueLen = sizeof(CK_BBOOL);
3882 one[3].type = CKA_MODIFIABLE0x00000170UL;
3883 one[3].pValue = &true;
3884 one[3].ulValueLen = sizeof(CK_BBOOL);
3885 one[4].type = CKA_LABEL0x00000003UL;
3886 one[4].pValue = "Test data object one";
3887 one[4].ulValueLen = strlen(one[4].pValue);
3888 one[5].type = CKA_APPLICATION0x00000010UL;
3889 one[5].pValue = key;
3890 one[5].ulValueLen = key_len;
3891 one[6].type = CKA_VALUE0x00000011UL;
3892 one[6].pValue = "Object one";
3893 one[6].ulValueLen = strlen(one[6].pValue);
3894
3895 two[0].type = CKA_CLASS0x00000000UL;
3896 two[0].pValue = &cko_data;
3897 two[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
3898 two[1].type = CKA_TOKEN0x00000001UL;
3899 two[1].pValue = &false;
3900 two[1].ulValueLen = sizeof(CK_BBOOL);
3901 two[2].type = CKA_PRIVATE0x00000002UL;
3902 two[2].pValue = &false;
3903 two[2].ulValueLen = sizeof(CK_BBOOL);
3904 two[3].type = CKA_MODIFIABLE0x00000170UL;
3905 two[3].pValue = &true;
3906 two[3].ulValueLen = sizeof(CK_BBOOL);
3907 two[4].type = CKA_LABEL0x00000003UL;
3908 two[4].pValue = "Test data object two";
3909 two[4].ulValueLen = strlen(two[4].pValue);
3910 two[5].type = CKA_APPLICATION0x00000010UL;
3911 two[5].pValue = key;
3912 two[5].ulValueLen = key_len;
3913 two[6].type = CKA_VALUE0x00000011UL;
3914 two[6].pValue = "Object two";
3915 two[6].ulValueLen = strlen(two[6].pValue);
3916
3917 three[0].type = CKA_CLASS0x00000000UL;
3918 three[0].pValue = &cko_data;
3919 three[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
3920 three[1].type = CKA_TOKEN0x00000001UL;
3921 three[1].pValue = &false;
3922 three[1].ulValueLen = sizeof(CK_BBOOL);
3923 three[2].type = CKA_PRIVATE0x00000002UL;
3924 three[2].pValue = &false;
3925 three[2].ulValueLen = sizeof(CK_BBOOL);
3926 three[3].type = CKA_MODIFIABLE0x00000170UL;
3927 three[3].pValue = &true;
3928 three[3].ulValueLen = sizeof(CK_BBOOL);
3929 three[4].type = CKA_LABEL0x00000003UL;
3930 three[4].pValue = "Test data object three";
3931 three[4].ulValueLen = strlen(three[4].pValue);
3932 three[5].type = CKA_APPLICATION0x00000010UL;
3933 three[5].pValue = key;
3934 three[5].ulValueLen = key_len;
3935 three[6].type = CKA_VALUE0x00000011UL;
3936 three[6].pValue = "Object three";
3937 three[6].ulValueLen = strlen(three[6].pValue);
3938
3939 crv = pFunctionList->C_CreateObject(h, one, 7, &hOneIn);
3940 if (CKR_OK0x00000000UL != crv) {
3941 PKM_Error("C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n",
3942 h, crv, PKM_CK_RVtoStr(crv));
3943 return crv;
3944 }
3945
3946 PKM_LogIt(" Created object one: handle = %lu\n", hOneIn);
3947
3948 crv = pFunctionList->C_CreateObject(h, two, 7, &hTwoIn);
3949 if (CKR_OK0x00000000UL != crv) {
3950 PKM_Error("C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n",
3951 h, crv, PKM_CK_RVtoStr(crv));
3952 return crv;
3953 }
3954
3955 PKM_LogIt(" Created object two: handle = %lu\n", hTwoIn);
3956
3957 crv = pFunctionList->C_CreateObject(h, three, 7, &hThreeIn);
3958 if (CKR_OK0x00000000UL != crv) {
3959 PKM_Error("C_CreateObject(%lu, three, 7, ) returned 0x%08x\n",
3960 h, crv, PKM_CK_RVtoStr(crv));
3961 return crv;
3962 }
3963 crv = pFunctionList->C_GetObjectSize(h, hThreeIn, &hThreeLen);
3964 if (crv == CKR_OK0x00000000UL) {
3965 PKM_LogIt("C_GetObjectSize succeeded\n");
3966 } else {
3967 PKM_Error("C_GetObjectSize failed "
3968 "with 0x%08X, %-26s\n",
3969 crv, PKM_CK_RVtoStr(crv));
3970 return crv;
3971 }
3972
3973 PKM_LogIt(" Created object three: handle = %lu\n", hThreeIn);
3974
3975 delta[0].type = CKA_VALUE0x00000011UL;
3976 delta[0].pValue = "Copied object";
3977 delta[0].ulValueLen = strlen(delta[0].pValue);
3978
3979 crv = pFunctionList->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn);
3980 if (CKR_OK0x00000000UL != crv) {
3981 PKM_Error("C_CopyObject(%lu, %lu, delta, 1, ) returned "
3982 "0x%08X, %-26s\n",
3983 h, hThreeIn, crv, PKM_CK_RVtoStr(crv));
3984 return crv;
3985 }
3986 crv = pFunctionList->C_GetObjectSize(h, hDeltaIn, &hDeltaLen);
3987 if (crv == CKR_OK0x00000000UL) {
3988 PKM_LogIt("C_GetObjectSize succeeded\n");
3989 } else {
3990 PKM_Error("C_GetObjectSize failed "
3991 "with 0x%08X, %-26s\n",
3992 crv, PKM_CK_RVtoStr(crv));
3993 return crv;
3994 }
3995
3996 if (hThreeLen == hDeltaLen) {
3997 PKM_LogIt("Copied object size same as orginal\n");
3998 } else {
3999 PKM_Error("Copied object different from original\n");
4000 return CKR_DEVICE_ERROR0x00000030UL;
4001 }
4002
4003 PKM_LogIt(" Copied object three: new handle = %lu\n", hDeltaIn);
4004
4005 mask[0].type = CKA_APPLICATION0x00000010UL;
4006 mask[0].pValue = key;
4007 mask[0].ulValueLen = key_len;
4008
4009 crv = pFunctionList->C_FindObjectsInit(h, mask, 1);
4010 if (CKR_OK0x00000000UL != crv) {
4011 PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
4012 h, crv, PKM_CK_RVtoStr(crv));
4013 return crv;
4014 }
4015
4016 (void)memset(&found, 0, sizeof(found));
4017 nFound = 0;
4018 crv = pFunctionList->C_FindObjects(h, found, 10, &nFound);
4019 if (CKR_OK0x00000000UL != crv) {
4020 PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
4021 h, crv, PKM_CK_RVtoStr(crv));
4022 return crv;
4023 }
4024
4025 if (4 != nFound) {
4026 PKM_Error("Found %lu objects, not 4.\n", nFound);
4027 return crv;
4028 }
4029
4030 PKM_LogIt(" Found 4 objects: %lu, %lu, %lu, %lu\n",
4031 found[0], found[1], found[2], found[3]);
4032
4033 crv = pFunctionList->C_FindObjectsFinal(h);
4034 if (CKR_OK0x00000000UL != crv) {
4035 PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n",
4036 h, crv, PKM_CK_RVtoStr(crv));
4037 return crv;
4038 }
4039
4040 crv = pFunctionList->C_DestroyObject(h, hThreeIn);
4041 if (CKR_OK0x00000000UL != crv) {
4042 PKM_Error("C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h,
4043 hThreeIn, crv, PKM_CK_RVtoStr(crv));
4044 return crv;
4045 }
4046
4047 PKM_LogIt(" Destroyed object three (handle = %lu)\n", hThreeIn);
4048
4049 delta[0].type = CKA_APPLICATION0x00000010UL;
4050 delta[0].pValue = "Changed application";
4051 delta[0].ulValueLen = strlen(delta[0].pValue);
4052
4053 crv = pFunctionList->C_SetAttributeValue(h, hTwoIn, delta, 1);
4054 if (CKR_OK0x00000000UL != crv) {
4055 PKM_Error("C_SetAttributeValue(%lu, %lu, delta, 1) returned "
4056 "0x%08X, %-26s\n",
4057 h, hTwoIn, crv, PKM_CK_RVtoStr(crv));
4058 return crv;
4059 }
4060
4061 PKM_LogIt(" Changed object two (handle = %lu).\n", hTwoIn);
4062
4063 /* Can another session find these session objects? */
4064
4065 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
4066 NULL((void*)0), NULL((void*)0), &h2);
4067 if (CKR_OK0x00000000UL != crv) {
4068 PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
4069 " returned 0x%08X, %-26s\n",
4070 pSlotList[slotID], crv,
4071 PKM_CK_RVtoStr(crv));
4072 return crv;
4073 }
4074 PKM_LogIt(" Opened a second session: handle = 0x%08x\n", h2);
4075
4076 /* mask is still the same */
4077
4078 crv = pFunctionList->C_FindObjectsInit(h2, mask, 1);
4079 if (CKR_OK0x00000000UL != crv) {
4080 PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
4081 h2, crv, PKM_CK_RVtoStr(crv));
4082 return crv;
4083 }
4084
4085 (void)memset(&found, 0, sizeof(found));
4086 nFound = 0;
4087 crv = pFunctionList->C_FindObjects(h2, found, 10, &nFound);
4088 if (CKR_OK0x00000000UL != crv) {
4089 PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
4090 h2, crv, PKM_CK_RVtoStr(crv));
4091 return crv;
4092 }
4093
4094 if (2 != nFound) {
4095 PKM_Error("Found %lu objects, not 2.\n", nFound);
4096 return crv;
4097 }
4098
4099 PKM_LogIt(" Found 2 objects: %lu, %lu\n",
4100 found[0], found[1]);
4101
4102 crv = pFunctionList->C_FindObjectsFinal(h2);
4103 if (CKR_OK0x00000000UL != crv) {
4104 PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv,
4105 PKM_CK_RVtoStr(crv));
4106 return crv;
4107 }
4108 crv = pFunctionList->C_Logout(h);
4109 if (crv == CKR_OK0x00000000UL) {
4110 PKM_LogIt("C_Logout succeeded\n");
4111 } else {
4112 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
4113 PKM_CK_RVtoStr(crv));
4114 return crv;
4115 }
4116 crv = pFunctionList->C_CloseAllSessions(pSlotList[slotID]);
4117 if (CKR_OK0x00000000UL != crv) {
4118 PKM_Error("C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n",
4119 pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
4120 return crv;
4121 }
4122
4123 PKM_LogIt("\n");
4124 return crv;
4125}
4126
4127CK_RV
4128PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
4129 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
4130 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
4131{
4132 CK_SESSION_HANDLE hSession;
4133 CK_RV crv = CKR_OK0x00000000UL;
4134 CK_MECHANISM sAESKeyMech = {
4135 CKM_AES_KEY_GEN0x00001080UL, NULL((void*)0), 0
4136 };
4137 CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL;
4138 CK_KEY_TYPE keyAESType = CKK_AES0x0000001FUL;
4139 CK_UTF8CHAR AESlabel[] = "An AES secret key object";
4140 CK_ULONG AESvalueLen = 16;
4141 CK_ATTRIBUTE sAESKeyTemplate[9];
4142 CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE0;
4143 CK_BYTE_PTR pstate = NULL((void*)0);
4144 CK_ULONG statelen, digestlen, plainlen, plainlen_1, plainlen_2, slen;
4145
4146 static const CK_UTF8CHAR *plaintext = (CK_UTF8CHAR *)"Firefox rules.";
4147 static const CK_UTF8CHAR *plaintext_1 = (CK_UTF8CHAR *)"Thunderbird rules.";
4148 static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)"Firefox and Thunderbird.";
4149
4150 char digest[MAX_DIGEST_SZ64], digest_1[MAX_DIGEST_SZ64];
4151 char sign[MAX_SIG_SZ128];
4152 CK_MECHANISM signmech;
4153 CK_MECHANISM digestmech;
4154
4155 NUMTESTS++; /* increment NUMTESTS */
4156
4157 /* AES key template */
4158 sAESKeyTemplate[0].type = CKA_CLASS0x00000000UL;
4159 sAESKeyTemplate[0].pValue = &class;
4160 sAESKeyTemplate[0].ulValueLen = sizeof(class);
4161 sAESKeyTemplate[1].type = CKA_KEY_TYPE0x00000100UL;
4162 sAESKeyTemplate[1].pValue = &keyAESType;
4163 sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
4164 sAESKeyTemplate[2].type = CKA_LABEL0x00000003UL;
4165 sAESKeyTemplate[2].pValue = AESlabel;
4166 sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
4167 sAESKeyTemplate[3].type = CKA_ENCRYPT0x00000104UL;
4168 sAESKeyTemplate[3].pValue = &true;
4169 sAESKeyTemplate[3].ulValueLen = sizeof(true);
4170 sAESKeyTemplate[4].type = CKA_DECRYPT0x00000105UL;
4171 sAESKeyTemplate[4].pValue = &true;
4172 sAESKeyTemplate[4].ulValueLen = sizeof(true);
4173 sAESKeyTemplate[5].type = CKA_SIGN0x00000108UL;
4174 sAESKeyTemplate[5].pValue = &true;
4175 sAESKeyTemplate[5].ulValueLen = sizeof(true);
4176 sAESKeyTemplate[6].type = CKA_VERIFY0x0000010AUL;
4177 sAESKeyTemplate[6].pValue = &true;
4178 sAESKeyTemplate[6].ulValueLen = sizeof(true);
4179 sAESKeyTemplate[7].type = CKA_UNWRAP0x00000107UL;
4180 sAESKeyTemplate[7].pValue = &true;
4181 sAESKeyTemplate[7].ulValueLen = sizeof(true);
4182 sAESKeyTemplate[8].type = CKA_VALUE_LEN0x00000161UL;
4183 sAESKeyTemplate[8].pValue = &AESvalueLen;
4184 sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
4185
4186 signmech.mechanism = CKM_SHA_1_HMAC0x00000221UL;
4187 signmech.pParameter = NULL((void*)0);
4188 signmech.ulParameterLen = 0;
4189 digestmech.mechanism = CKM_SHA2560x00000250UL;
4190 digestmech.pParameter = NULL((void*)0);
4191 digestmech.ulParameterLen = 0;
4192
4193 plainlen = strlen((char *)plaintext);
4194 plainlen_1 = strlen((char *)plaintext_1);
4195 plainlen_2 = strlen((char *)plaintext_2);
4196 digestlen = MAX_DIGEST_SZ64;
4197
4198 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
4199 NULL((void*)0), NULL((void*)0), &hSession);
4200 if (crv != CKR_OK0x00000000UL) {
4201 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
4202 PKM_CK_RVtoStr(crv));
4203 return crv;
4204 }
4205
4206 crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
4207 if (crv == CKR_OK0x00000000UL) {
4208 PKM_LogIt("C_Login with correct password succeeded\n");
4209 } else {
4210 PKM_Error("C_Login with correct password failed "
4211 "with 0x%08X, %-26s\n",
4212 crv, PKM_CK_RVtoStr(crv));
4213 return crv;
4214 }
4215
4216 PKM_LogIt("Generate an AES key ...\n");
4217 /* generate an AES Secret Key */
4218 crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
4219 sAESKeyTemplate,
4220 NUM_ELEM(sAESKeyTemplate)(sizeof(sAESKeyTemplate) / sizeof(sAESKeyTemplate[0])),
4221 &sKey);
4222 if (crv == CKR_OK0x00000000UL) {
4223 PKM_LogIt("C_GenerateKey AES succeeded\n");
4224 } else {
4225 PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
4226 crv, PKM_CK_RVtoStr(crv));
4227 return crv;
4228 }
4229
4230 crv = pFunctionList->C_SignInit(hSession, &signmech, sKey);
4231 if (crv != CKR_OK0x00000000UL) {
4232 PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv,
4233 PKM_CK_RVtoStr(crv));
4234 return crv;
4235 }
4236
4237 slen = sizeof(sign);
4238 crv = pFunctionList->C_Sign(hSession, (CK_BYTE_PTR)plaintext, plainlen,
4239 (CK_BYTE_PTR)sign, &slen);
4240 if (crv != CKR_OK0x00000000UL) {
4241 PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv,
4242 PKM_CK_RVtoStr(crv));
4243 return crv;
4244 }
4245
4246 crv = pFunctionList->C_DestroyObject(hSession, sKey);
4247 if (crv != CKR_OK0x00000000UL) {
4248 PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv,
4249 PKM_CK_RVtoStr(crv));
4250 return crv;
4251 }
4252
4253 digestlen = MAX_DIGEST_SZ64;
4254 crv = pFunctionList->C_DigestInit(hSession, &digestmech);
4255 if (crv != CKR_OK0x00000000UL) {
4256 PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
4257 PKM_CK_RVtoStr(crv));
4258 return crv;
4259 }
4260 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext,
4261 plainlen);
4262 if (crv != CKR_OK0x00000000UL) {
4263 PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
4264 PKM_CK_RVtoStr(crv));
4265 return crv;
4266 }
4267
4268 crv = pFunctionList->C_GetOperationState(hSession, NULL((void*)0), &statelen);
4269 if (crv != CKR_OK0x00000000UL) {
4270 PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
4271 PKM_CK_RVtoStr(crv));
4272 return crv;
4273 }
4274
4275 pstate = (CK_BYTE_PTR)malloc(statelen * sizeof(CK_BYTE_PTR));
4276 crv = pFunctionList->C_GetOperationState(hSession, pstate, &statelen);
4277 if (crv != CKR_OK0x00000000UL) {
4278 PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
4279 PKM_CK_RVtoStr(crv));
4280 return crv;
4281 }
4282
4283 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_1,
4284 plainlen_1);
4285 if (crv != CKR_OK0x00000000UL) {
4286 PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
4287 PKM_CK_RVtoStr(crv));
4288 return crv;
4289 }
4290 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_2,
4291 plainlen_2);
4292 if (crv != CKR_OK0x00000000UL) {
4293 PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
4294 PKM_CK_RVtoStr(crv));
4295 return crv;
4296 }
4297
4298 /*
4299 * This will override/negate the above 2 digest_update
4300 * operations
4301 */
4302 crv = pFunctionList->C_SetOperationState(hSession, pstate, statelen,
4303 0, 0);
4304 if (crv != CKR_OK0x00000000UL) {
4305 PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv,
4306 PKM_CK_RVtoStr(crv));
4307 return crv;
4308 }
4309 crv = pFunctionList->C_DigestFinal(hSession, (CK_BYTE_PTR)digest,
4310 &digestlen);
4311 if (crv != CKR_OK0x00000000UL) {
4312 PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv,
4313 PKM_CK_RVtoStr(crv));
4314 return crv;
4315 }
4316 digestlen = MAX_DIGEST_SZ64;
4317 crv = pFunctionList->C_DigestInit(hSession, &digestmech);
4318 if (crv != CKR_OK0x00000000UL) {
4319 PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
4320 PKM_CK_RVtoStr(crv));
4321 return crv;
4322 }
4323 crv = pFunctionList->C_Digest(hSession, (CK_BYTE_PTR)plaintext, plainlen,
4324 (CK_BYTE_PTR)digest_1, &digestlen);
4325 if (crv != CKR_OK0x00000000UL) {
4326 PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv,
4327 PKM_CK_RVtoStr(crv));
4328 return crv;
4329 }
4330 if (memcmp(digest, digest_1, digestlen) == 0) {
4331 PKM_LogIt("Digest and digest_1 are equal!\n");
4332 } else {
4333 PKM_Error("Digest and digest_1 are not equal!\n");
4334 }
4335 crv = pFunctionList->C_Logout(hSession);
4336 if (crv == CKR_OK0x00000000UL) {
4337 PKM_LogIt("C_Logout succeeded\n");
4338 } else {
4339 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
4340 PKM_CK_RVtoStr(crv));
4341 return crv;
4342 }
4343 crv = pFunctionList->C_CloseSession(hSession);
4344 if (CKR_OK0x00000000UL != crv) {
4345 PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n",
4346 hSession, crv, PKM_CK_RVtoStr(crv));
4347 return crv;
4348 }
4349
4350 return crv;
4351}
4352
4353/*
4354* Recover Functions
4355*/
4356CK_RV
4357PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
4358 CK_SESSION_HANDLE hSession,
4359 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
4360 CK_MECHANISM *signMech, const CK_BYTE *pData,
4361 CK_ULONG pDataLen)
4362{
4363 CK_RV crv = CKR_OK0x00000000UL;
4364 CK_BYTE sig[MAX_SIG_SZ128];
4365 CK_ULONG sigLen = MAX_SIG_SZ128;
4366 CK_BYTE recover[MAX_SIG_SZ128];
4367 CK_ULONG recoverLen = MAX_SIG_SZ128;
4368
4369 NUMTESTS++; /* increment NUMTESTS */
4370
4371 /* initializes a signature operation,
4372 * where the data can be recovered from the signature
4373 */
4374 crv = pFunctionList->C_SignRecoverInit(hSession, signMech,
4375 hPrivKey);
4376 if (crv == CKR_OK0x00000000UL) {
4377 PKM_LogIt("C_SignRecoverInit succeeded. \n");
4378 } else {
4379 PKM_Error("C_SignRecoverInit failed.\n"
4380 "with 0x%08X, %-26s\n",
4381 crv, PKM_CK_RVtoStr(crv));
4382 return crv;
4383 }
4384
4385 /* signs single-part data,
4386 * where the data can be recovered from the signature
4387 */
4388 crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE *)pData,
4389 pDataLen,
4390 (CK_BYTE *)sig, &sigLen);
4391 if (crv == CKR_OK0x00000000UL) {
4392 PKM_LogIt("C_SignRecover succeeded. \n");
4393 } else {
4394 PKM_Error("C_SignRecoverInit failed to create an RSA key pair.\n"
4395 "with 0x%08X, %-26s\n",
4396 crv, PKM_CK_RVtoStr(crv));
4397 return crv;
4398 }
4399
4400 /*
4401 * initializes a verification operation
4402 *where the data is recovered from the signature
4403 */
4404 crv = pFunctionList->C_VerifyRecoverInit(hSession, signMech,
4405 hPubKey);
4406 if (crv == CKR_OK0x00000000UL) {
4407 PKM_LogIt("C_VerifyRecoverInit succeeded. \n");
4408 } else {
4409 PKM_Error("C_VerifyRecoverInit failed.\n"
4410 "with 0x%08X, %-26s\n",
4411 crv, PKM_CK_RVtoStr(crv));
4412 return crv;
4413 }
4414
4415 /*
4416 * verifies a signature on single-part data,
4417 * where the data is recovered from the signature
4418 */
4419 crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE *)sig,
4420 sigLen,
4421 (CK_BYTE *)recover, &recoverLen);
4422 if (crv == CKR_OK0x00000000UL) {
4423 PKM_LogIt("C_VerifyRecover succeeded. \n");
4424 } else {
4425 PKM_Error("C_VerifyRecover failed.\n"
4426 "with 0x%08X, %-26s\n",
4427 crv, PKM_CK_RVtoStr(crv));
4428 return crv;
4429 }
4430
4431 if ((recoverLen == pDataLen) &&
4432 (memcmp(recover, pData, pDataLen) == 0)) {
4433 PKM_LogIt("VerifyRecover test case passed\n");
4434 } else {
4435 PKM_Error("VerifyRecover test case failed\n");
4436 }
4437
4438 return crv;
4439}
4440/*
4441* wrapUnwrap
4442* wrap the secretkey with the public key.
4443* unwrap the secretkey with the private key.
4444*/
4445CK_RV
4446PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
4447 CK_SESSION_HANDLE hSession,
4448 CK_OBJECT_HANDLE hPublicKey,
4449 CK_OBJECT_HANDLE hPrivateKey,
4450 CK_MECHANISM *wrapMechanism,
4451 CK_OBJECT_HANDLE hSecretKey,
4452 CK_ATTRIBUTE *sKeyTemplate,
4453 CK_ULONG skeyTempSize)
4454{
4455 CK_RV crv = CKR_OK0x00000000UL;
4456 CK_OBJECT_HANDLE hSecretKeyUnwrapped = CK_INVALID_HANDLE0;
4457 CK_BYTE wrappedKey[128];
4458 CK_ULONG ulWrappedKeyLen = 0;
4459
4460 NUMTESTS++; /* increment NUMTESTS */
4461
4462 ulWrappedKeyLen = sizeof(wrappedKey);
4463 crv = pFunctionList->C_WrapKey(
4464 hSession, wrapMechanism,
4465 hPublicKey, hSecretKey,
4466 wrappedKey, &ulWrappedKeyLen);
4467 if (crv == CKR_OK0x00000000UL) {
4468 PKM_LogIt("C_WrapKey succeeded\n");
4469 } else {
4470 PKM_Error("C_WrapKey failed with 0x%08X, %-26s\n", crv,
4471 PKM_CK_RVtoStr(crv));
4472 return crv;
4473 }
4474 crv = pFunctionList->C_UnwrapKey(
4475 hSession, wrapMechanism, hPrivateKey,
4476 wrappedKey, ulWrappedKeyLen, sKeyTemplate,
4477 skeyTempSize,
4478 &hSecretKeyUnwrapped);
4479 if ((crv == CKR_OK0x00000000UL) && (hSecretKeyUnwrapped != CK_INVALID_HANDLE0)) {
4480 PKM_LogIt("C_UnwrapKey succeeded\n");
4481 } else {
4482 PKM_Error("C_UnwrapKey failed with 0x%08X, %-26s\n", crv,
4483 PKM_CK_RVtoStr(crv));
4484 return crv;
4485 }
4486
4487 return crv;
4488}
4489
4490/*
4491 * Tests if the object's attributes match the expected_attrs
4492 */
4493CK_RV
4494PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
4495 CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
4496 CK_ATTRIBUTE_PTR expected_attrs,
4497 CK_ULONG expected_attrs_count)
4498{
4499 CK_RV crv;
4500 CK_ATTRIBUTE_PTR tmp_attrs;
4501 unsigned int i;
4502
4503 NUMTESTS++; /* increment NUMTESTS */
4504
4505 /* First duplicate the themplate */
4506 tmp_attrs = malloc(expected_attrs_count * sizeof(CK_ATTRIBUTE));
4507
4508 if (tmp_attrs == NULL((void*)0)) {
4509 PKM_Error("Internal test memory failure\n");
4510 return (CKR_HOST_MEMORY0x00000002UL);
4511 }
4512
4513 for (i = 0; i < expected_attrs_count; i++) {
4514 tmp_attrs[i].type = expected_attrs[i].type;
4515 tmp_attrs[i].ulValueLen = expected_attrs[i].ulValueLen;
4516
4517 /* Don't give away the expected one. just zeros */
4518 tmp_attrs[i].pValue = calloc(expected_attrs[i].ulValueLen, 1);
4519
4520 if (tmp_attrs[i].pValue == NULL((void*)0)) {
4521 unsigned int j;
4522 for (j = 0; j < i; j++)
4523 free(tmp_attrs[j].pValue);
4524
4525 free(tmp_attrs);
4526 printf("Internal test memory failure\n");
4527 return (CKR_HOST_MEMORY0x00000002UL);
4528 }
4529 }
4530
4531 /* then get the attributes from the object */
4532 crv = pFunctionList->C_GetAttributeValue(hSession, obj, tmp_attrs,
4533 expected_attrs_count);
4534 if (crv != CKR_OK0x00000000UL) {
4535 PKM_Error("C_GetAttributeValue failed with 0x%08X, %-26s\n", crv,
4536 PKM_CK_RVtoStr(crv));
4537 crv = CKR_FUNCTION_FAILED0x00000006UL;
4538 goto out;
4539 }
4540
4541 /* Finally compare with the expected ones */
4542 for (i = 0; i < expected_attrs_count; i++) {
4543
4544 if (memcmp(tmp_attrs[i].pValue, expected_attrs[i].pValue,
4545 expected_attrs[i].ulValueLen) != 0) {
4546 PKM_LogIt("comparing attribute type 0x%x with expected 0x%x\n",
4547 tmp_attrs[i].type, expected_attrs[i].type);
4548 PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n",
4549 tmp_attrs[i].pValue, expected_attrs[i].pValue);
4550 /* don't report error at this time */
4551 }
4552 }
4553
4554out:
4555 for (i = 0; i < expected_attrs_count; i++)
4556 free(tmp_attrs[i].pValue);
4557 free(tmp_attrs);
4558 return (crv);
4559}
4560
4561/*
4562 * Check the validity of a mech
4563 */
4564CK_RV
4565PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
4566 CK_MECHANISM_TYPE mechType, CK_FLAGS flags,
4567 CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize)
4568{
4569 CK_SESSION_INFO sess_info;
4570 CK_MECHANISM_INFO mech_info;
4571 CK_RV crv;
4572
4573 NUMTESTS++; /* increment NUMTESTS */
4574
4575 if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info)) !=
4576 CKR_OK0x00000000UL) {
4577 PKM_Error("C_GetSessionInfo failed with 0x%08X, %-26s\n", crv,
4578 PKM_CK_RVtoStr(crv));
4579 return (CKR_FUNCTION_FAILED0x00000006UL);
4580 }
4581
4582 crv = pFunctionList->C_GetMechanismInfo(0, mechType,
4583 &mech_info);
4584
4585 crv = pFunctionList->C_GetMechanismInfo(sess_info.slotID, mechType,
4586 &mech_info);
4587
4588 if (crv != CKR_OK0x00000000UL) {
4589 PKM_Error("C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv,
4590 PKM_CK_RVtoStr(crv));
4591 return (CKR_FUNCTION_FAILED0x00000006UL);
4592 }
4593
4594 if ((mech_info.flags & flags) == 0) {
4595 PKM_Error("0x%x flag missing from mech\n", flags);
4596 return (CKR_MECHANISM_INVALID0x00000070UL);
4597 }
4598 if (!check_sizes)
4599 return (CKR_OK0x00000000UL);
4600
4601 if (mech_info.ulMinKeySize != minkeysize) {
4602 PKM_Error("Bad MinKeySize %d expected %d\n", mech_info.ulMinKeySize,
4603 minkeysize);
4604 return (CKR_MECHANISM_INVALID0x00000070UL);
4605 }
4606 if (mech_info.ulMaxKeySize != maxkeysize) {
4607 PKM_Error("Bad MaxKeySize %d expected %d\n", mech_info.ulMaxKeySize,
4608 maxkeysize);
4609 return (CKR_MECHANISM_INVALID0x00000070UL);
4610 }
4611 return (CKR_OK0x00000000UL);
4612}
4613
4614/*
4615 * Can be called with a non-null premaster_key_len for the
4616 * *_DH mechanisms. In that case, no checking for the matching of
4617 * the expected results is done.
4618 * The rnd argument tells which correct/bogus randomInfo to use.
4619 */
4620CK_RV
4621PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
4622 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
4623 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
4624 CK_MECHANISM_TYPE mechType,
4625 enum_random_t rnd)
4626{
4627 CK_SESSION_HANDLE hSession;
4628 CK_RV crv;
4629 CK_MECHANISM mk_mech;
4630 CK_VERSION version;
4631 CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL;
4632 CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL;
4633 CK_BBOOL derive_bool = true;
4634 CK_ATTRIBUTE attrs[4];
4635 CK_ULONG attrs_count = 4;
4636 CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE0;
4637 CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE0;
4638 CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params;
4639 CK_MECHANISM skmd_mech;
4640
4641 CK_BBOOL isDH = false;
4642
4643 NUMTESTS++; /* increment NUMTESTS */
4644
4645 attrs[0].type = CKA_CLASS0x00000000UL;
4646 attrs[0].pValue = &class;
4647 attrs[0].ulValueLen = sizeof(class);
4648 attrs[1].type = CKA_KEY_TYPE0x00000100UL;
4649 attrs[1].pValue = &type;
4650 attrs[1].ulValueLen = sizeof(type);
4651 attrs[2].type = CKA_DERIVE0x0000010CUL;
4652 attrs[2].pValue = &derive_bool;
4653 attrs[2].ulValueLen = sizeof(derive_bool);
4654 attrs[3].type = CKA_VALUE0x00000011UL;
4655 attrs[3].pValue = NULL((void*)0);
4656 attrs[3].ulValueLen = 0;
4657
4658 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
4659 NULL((void*)0), NULL((void*)0), &hSession);
4660 if (crv != CKR_OK0x00000000UL) {
4661 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
4662 PKM_CK_RVtoStr(crv));
4663 return crv;
4664 }
4665 crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
4666 if (crv == CKR_OK0x00000000UL) {
4667 PKM_LogIt("C_Login with correct password succeeded\n");
4668 } else {
4669 PKM_Error("C_Login with correct password failed "
4670 "with 0x%08X, %-26s\n",
4671 crv, PKM_CK_RVtoStr(crv));
4672 return crv;
4673 }
4674
4675 /* Before all, check if the mechanism is supported correctly */
4676 if (MODE == FIPSMODE0) {
4677 crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE0x00080000UL, false,
4678 0, 0);
4679 if (crv != CKR_OK0x00000000UL) {
4680 PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
4681 PKM_CK_RVtoStr(crv));
4682 return (crv);
4683 }
4684 }
4685
4686 mk_mech.mechanism = mechType;
4687 mk_mech.pParameter = &mkd_params;
4688 mk_mech.ulParameterLen = sizeof(mkd_params);
4689
4690 switch (mechType) {
4691 case CKM_TLS_MASTER_KEY_DERIVE_DH0x00000377UL:
4692 isDH = true;
4693 /* FALLTHRU */
4694 case CKM_TLS_MASTER_KEY_DERIVE0x00000375UL:
4695 attrs[3].pValue = NULL((void*)0);
4696 attrs[3].ulValueLen = 0;
4697
4698 mkd_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom;
4699 mkd_params.RandomInfo.ulClientRandomLen =
4700 sizeof(TLSClientRandom);
4701 mkd_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom;
4702 mkd_params.RandomInfo.ulServerRandomLen =
4703 sizeof(TLSServerRandom);
4704 break;
4705 }
4706 mkd_params.pVersion = (!isDH) ? &version : NULL((void*)0);
4707
4708 /* First create the pre-master secret key */
4709
4710 skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL;
4711 skmd_mech.pParameter = &mkd_params;
4712 skmd_mech.ulParameterLen = sizeof(mkd_params);
4713
4714 crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
4715 attrs,
4716 attrs_count,
4717 &pmk_obj);
4718 if (crv == CKR_OK0x00000000UL) {
4719 PKM_LogIt("C_GenerateKey succeeded\n");
4720 } else {
4721 PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
4722 PKM_CK_RVtoStr(crv));
4723 return crv;
4724 }
4725 /* Test the bad cases */
4726 switch (rnd) {
4727 case CORRECT:
4728 goto correct;
4729
4730 case BOGUS_CLIENT_RANDOM:
4731 mkd_params.RandomInfo.pClientRandom = NULL((void*)0);
4732 break;
4733
4734 case BOGUS_CLIENT_RANDOM_LEN:
4735 mkd_params.RandomInfo.ulClientRandomLen = 0;
4736 break;
4737
4738 case BOGUS_SERVER_RANDOM:
4739 mkd_params.RandomInfo.pServerRandom = NULL((void*)0);
4740 break;
4741
4742 case BOGUS_SERVER_RANDOM_LEN:
4743 mkd_params.RandomInfo.ulServerRandomLen = 0;
4744 break;
4745 }
4746 crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL((void*)0), 0,
4747 &mk_obj);
4748 if (crv != CKR_MECHANISM_PARAM_INVALID0x00000071UL) {
4749 PKM_LogIt("C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv,
4750 PKM_CK_RVtoStr(crv));
4751 } else {
4752 PKM_Error("C_DeriveKey did not fail with bad data \n");
4753 }
4754 goto out;
4755
4756correct:
4757 /* Now derive the master secret key */
4758 crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL((void*)0), 0,
4759 &mk_obj);
4760 if (crv == CKR_OK0x00000000UL) {
4761 PKM_LogIt("C_DeriveKey succeeded\n");
4762 } else {
4763 PKM_Error("C_DeriveKey failed with 0x%08X, %-26s\n", crv,
4764 PKM_CK_RVtoStr(crv));
4765 return crv;
4766 }
4767
4768out:
4769 if (pmk_obj != CK_INVALID_HANDLE0)
4770 (void)pFunctionList->C_DestroyObject(hSession, pmk_obj);
4771 if (mk_obj != CK_INVALID_HANDLE0)
4772 (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
4773 crv = pFunctionList->C_Logout(hSession);
4774
4775 if (crv == CKR_OK0x00000000UL) {
4776 PKM_LogIt("C_Logout succeeded\n");
4777 } else {
4778 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
4779 PKM_CK_RVtoStr(crv));
4780 return crv;
4781 }
4782
4783 crv = pFunctionList->C_CloseSession(hSession);
4784 if (crv != CKR_OK0x00000000UL) {
4785 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
4786 PKM_CK_RVtoStr(crv));
4787 return crv;
4788 }
4789 return (crv);
4790}
4791
4792CK_RV
4793PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
4794 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
4795 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
4796 CK_MECHANISM_TYPE mechType, enum_random_t rnd)
4797{
4798 CK_SESSION_HANDLE hSession;
4799 CK_RV crv;
4800 CK_MECHANISM kmd_mech;
4801 CK_MECHANISM skmd_mech;
4802 CK_OBJECT_CLASS class = CKO_SECRET_KEY0x00000004UL;
4803 CK_KEY_TYPE type = CKK_GENERIC_SECRET0x00000010UL;
4804 CK_BBOOL derive_bool = true;
4805 CK_BBOOL sign_bool = true, verify_bool = true;
4806 CK_BBOOL encrypt_bool = true, decrypt_bool = true;
4807 CK_ULONG value_len;
4808
4809 /*
4810 * We arrange this template so that:
4811 * . Attributes 0-6 are good for a MAC key comparison template.
4812 * . Attributes 2-5 are good for the master key creation template.
4813 * . Attributes 3-8 are good for a cipher key comparison template.
4814 */
4815 CK_ATTRIBUTE attrs[9];
4816
4817 CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE0;
4818 CK_SSL3_KEY_MAT_PARAMS km_params;
4819 CK_SSL3_KEY_MAT_OUT kmo;
4820 CK_BYTE IVClient[8];
4821 CK_BYTE IVServer[8];
4822
4823 NUMTESTS++; /* increment NUMTESTS */
4824
4825 attrs[0].type = CKA_SIGN0x00000108UL;
4826 attrs[0].pValue = &sign_bool;
4827 attrs[0].ulValueLen = sizeof(sign_bool);
4828 attrs[1].type = CKA_VERIFY0x0000010AUL;
4829 attrs[1].pValue = &verify_bool;
4830 attrs[1].ulValueLen = sizeof(verify_bool);
4831 attrs[2].type = CKA_KEY_TYPE0x00000100UL;
4832 attrs[2].pValue = &type;
4833 attrs[2].ulValueLen = sizeof(type);
4834 attrs[3].type = CKA_CLASS0x00000000UL;
4835 attrs[3].pValue = &class;
4836 attrs[3].ulValueLen = sizeof(class);
4837 attrs[4].type = CKA_DERIVE0x0000010CUL;
4838 attrs[4].pValue = &derive_bool;
4839 attrs[4].ulValueLen = sizeof(derive_bool);
4840 attrs[5].type = CKA_VALUE0x00000011UL;
4841 attrs[5].pValue = NULL((void*)0);
4842 attrs[5].ulValueLen = 0;
4843 attrs[6].type = CKA_VALUE_LEN0x00000161UL;
4844 attrs[6].pValue = &value_len;
4845 attrs[6].ulValueLen = sizeof(value_len);
4846 attrs[7].type = CKA_ENCRYPT0x00000104UL;
4847 attrs[7].pValue = &encrypt_bool;
4848 attrs[7].ulValueLen = sizeof(encrypt_bool);
4849 attrs[8].type = CKA_DECRYPT0x00000105UL;
4850 attrs[8].pValue = &decrypt_bool;
4851 attrs[8].ulValueLen = sizeof(decrypt_bool);
4852
4853 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION0x00000004UL,
4854 NULL((void*)0), NULL((void*)0), &hSession);
4855 if (crv != CKR_OK0x00000000UL) {
4856 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
4857 PKM_CK_RVtoStr(crv));
4858 return crv;
4859 }
4860 crv = pFunctionList->C_Login(hSession, CKU_USER1, pwd, pwdLen);
4861 if (crv == CKR_OK0x00000000UL) {
4862 PKM_LogIt("C_Login with correct password succeeded\n");
4863 } else {
4864 PKM_Error("C_Login with correct password failed "
4865 "with 0x%08X, %-26s\n",
4866 crv, PKM_CK_RVtoStr(crv));
4867 return crv;
4868 }
4869
4870 /* Before all, check if the mechanism is supported correctly */
4871 if (MODE == FIPSMODE0) {
4872 crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE0x00080000UL,
4873 CK_TRUE1, 48, 48);
4874
4875 if (crv != CKR_OK0x00000000UL) {
4876 PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
4877 PKM_CK_RVtoStr(crv));
4878 return (crv);
4879 }
4880 }
4881 kmd_mech.mechanism = mechType;
4882 kmd_mech.pParameter = &km_params;
4883 kmd_mech.ulParameterLen = sizeof(km_params);
4884
4885 km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */
4886 km_params.ulKeySizeInBits = 192; /* 3DES key size */
4887 km_params.ulIVSizeInBits = 64; /* 3DES block size */
4888 km_params.pReturnedKeyMaterial = &kmo;
4889 km_params.bIsExport = false;
4890 kmo.hClientMacSecret = CK_INVALID_HANDLE0;
4891 kmo.hServerMacSecret = CK_INVALID_HANDLE0;
4892 kmo.hClientKey = CK_INVALID_HANDLE0;
4893 kmo.hServerKey = CK_INVALID_HANDLE0;
4894 kmo.pIVClient = IVClient;
4895 kmo.pIVServer = IVServer;
4896
4897 skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN0x00000370UL;
4898 skmd_mech.pParameter = &km_params;
4899 skmd_mech.ulParameterLen = sizeof(km_params);
4900
4901 crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
4902 &attrs[2],
4903 4,
4904 &mk_obj);
4905 if (crv == CKR_OK0x00000000UL) {
4906 PKM_LogIt("C_GenerateKey succeeded\n");
4907 } else {
4908 PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
4909 PKM_CK_RVtoStr(crv));
4910 return crv;
4911 }
4912
4913 attrs[5].pValue = NULL((void*)0);
4914 attrs[5].ulValueLen = 0;
4915
4916 km_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom;
4917 km_params.RandomInfo.ulClientRandomLen =
4918 sizeof(TLSClientRandom);
4919 km_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom;
4920 km_params.RandomInfo.ulServerRandomLen =
4921 sizeof(TLSServerRandom);
4922
4923 /* Test the bad cases */
4924 switch (rnd) {
4925 case CORRECT:
4926 goto correct;
4927
4928 case BOGUS_CLIENT_RANDOM:
4929 km_params.RandomInfo.pClientRandom = NULL((void*)0);
4930 break;
4931
4932 case BOGUS_CLIENT_RANDOM_LEN:
4933 km_params.RandomInfo.ulClientRandomLen = 0;
4934 break;
4935
4936 case BOGUS_SERVER_RANDOM:
4937 km_params.RandomInfo.pServerRandom = NULL((void*)0);
4938 break;
4939
4940 case BOGUS_SERVER_RANDOM_LEN:
4941 km_params.RandomInfo.ulServerRandomLen = 0;
4942 break;
4943 }
4944 crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL((void*)0), 0,
4945 NULL((void*)0));
4946 if (crv != CKR_MECHANISM_PARAM_INVALID0x00000071UL) {
4947 PKM_Error("key materials derivation returned unexpected "
4948 "error 0x%08X, %-26s\n",
4949 crv, PKM_CK_RVtoStr(crv));
4950 (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
4951 return (CKR_FUNCTION_FAILED0x00000006UL);
4952 }
4953 return (CKR_OK0x00000000UL);
4954
4955correct:
4956 /*
4957 * Then use the master key and the client 'n server random data to
4958 * derive the key materials
4959 */
4960 crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL((void*)0), 0,
4961 NULL((void*)0));
4962 if (crv != CKR_OK0x00000000UL) {
4963 PKM_Error("Cannot derive the key materials, crv 0x%08X, %-26s\n",
4964 crv, PKM_CK_RVtoStr(crv));
4965 (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
4966 return (crv);
4967 }
4968
4969 if (mk_obj != CK_INVALID_HANDLE0)
4970 (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
4971 if (kmo.hClientMacSecret != CK_INVALID_HANDLE0)
4972 (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret);
4973 if (kmo.hServerMacSecret != CK_INVALID_HANDLE0)
4974 (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret);
4975 if (kmo.hClientKey != CK_INVALID_HANDLE0)
4976 (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientKey);
4977 if (kmo.hServerKey != CK_INVALID_HANDLE0)
4978 (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerKey);
4979
4980 crv = pFunctionList->C_Logout(hSession);
4981 if (crv == CKR_OK0x00000000UL) {
4982 PKM_LogIt("C_Logout succeeded\n");
4983 } else {
4984 PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
4985 PKM_CK_RVtoStr(crv));
4986 return crv;
4987 }
4988 crv = pFunctionList->C_CloseSession(hSession);
4989 if (crv != CKR_OK0x00000000UL) {
4990 PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
4991 PKM_CK_RVtoStr(crv));
4992 return crv;
4993 }
4994
4995 return (crv);
4996}
4997
4998CK_RV
4999PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
5000 CK_SESSION_HANDLE hRwSession,
5001 CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
5002 CK_MECHANISM *sigMech,
5003 CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech,
5004 const CK_BYTE *pData, CK_ULONG pDataLen)
5005{
5006
5007 CK_RV crv = CKR_OK0x00000000UL;
5008 CK_BYTE encryptedData[MAX_CIPHER_SZ128];
5009 CK_ULONG ulEncryptedDataLen = 0;
5010 CK_ULONG ulLastUpdateSize = 0;
5011 CK_BYTE sig[MAX_SIG_SZ128];
5012 CK_ULONG ulSigLen = 0;
5013 CK_BYTE data[MAX_DATA_SZ64];
5014 CK_ULONG ulDataLen = 0;
5015
5016 memset(encryptedData, 0, sizeof(encryptedData));
5017 memset(sig, 0, sizeof(sig));
5018 memset(data, 0, sizeof(data));
5019
5020 NUMTESTS++; /* increment NUMTESTS */
5021
5022 /* Check that the mechanism is Multi-part */
5023 if (sigMech->mechanism == CKM_DSA0x00000011UL || sigMech->mechanism == CKM_RSA_PKCS0x00000001UL) {
5024 PKM_Error("PKM_DualFuncSign must be called with a Multi-part "
5025 "operation mechanism\n");
5026 return CKR_DEVICE_ERROR0x00000030UL;
5027 }
5028
5029 /* Sign and Encrypt */
5030 if (privateKey == 0 && publicKey == 0) {
5031 crv = pFunctionList->C_SignInit(hRwSession, sigMech, secretKey);
5032 if (crv != CKR_OK0x00000000UL) {
5033 PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
5034 PKM_CK_RVtoStr(crv));
5035 return crv;
5036 }
5037 } else {
5038 crv = pFunctionList->C_SignInit(hRwSession, sigMech, privateKey);
5039 if (crv != CKR_OK0x00000000UL) {
5040 PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
5041 PKM_CK_RVtoStr(crv));
5042 return crv;
5043 }
5044 }
5045 crv = pFunctionList->C_EncryptInit(hRwSession, cryptMech, secretKey);
5046 if (crv != CKR_OK0x00000000UL) {
5047 PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
5048 PKM_CK_RVtoStr(crv));
5049 return crv;
5050 }
5051
5052 ulEncryptedDataLen = sizeof(encryptedData);
5053 crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE *)pData,
5054 pDataLen,
5055 encryptedData,
5056 &ulEncryptedDataLen);
5057 if (crv != CKR_OK0x00000000UL) {
5058 PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
5059 PKM_CK_RVtoStr(crv));
5060 return crv;
5061 }
5062
5063 ulLastUpdateSize = sizeof(encryptedData) - ulEncryptedDataLen;
5064 crv = pFunctionList->C_EncryptFinal(hRwSession,
5065 (CK_BYTE *)&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize);
5066 if (crv != CKR_OK0x00000000UL) {
5067 PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
5068 PKM_CK_RVtoStr(crv));
5069 return crv;
5070 }
5071 ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize;
5072 ulSigLen = sizeof(sig);
5073 crv = pFunctionList->C_SignFinal(hRwSession, sig, &ulSigLen);
5074 if (crv != CKR_OK0x00000000UL) {
5075 PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv,
5076 PKM_CK_RVtoStr(crv));
5077 return crv;
5078 }
5079
5080 /* Decrypt and Verify */
5081
5082 crv = pFunctionList->C_DecryptInit(hRwSession, cryptMech, secretKey);
5083 if (crv != CKR_OK0x00000000UL) {
5084 PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
5085 PKM_CK_RVtoStr(crv));
5086 return crv;
5087 }
5088 crv = pFunctionList->C_VerifyInit(hRwSession, sigMech,
5089 publicKey);
5090 if (crv != CKR_OK0x00000000UL) {
5091 PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
5092 PKM_CK_RVtoStr(crv));
5093 return crv;
5094 }
5095
5096 ulDataLen = sizeof(data);
5097 crv = pFunctionList->C_DecryptVerifyUpdate(hRwSession,
5098 encryptedData,
5099 ulEncryptedDataLen,
5100 data, &ulDataLen);
5101 if (crv != CKR_OK0x00000000UL) {
5102 PKM_Error("C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv,
5103 PKM_CK_RVtoStr(crv));
5104 return crv;
5105 }
5106 ulLastUpdateSize = sizeof(data) - ulDataLen;
5107 /* Get last little piece of plaintext. Should have length 0 */
5108 crv = pFunctionList->C_DecryptFinal(hRwSession, &data[ulDataLen],
5109 &ulLastUpdateSize);
5110 if (crv != CKR_OK0x00000000UL) {
5111 PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
5112 PKM_CK_RVtoStr(crv));
5113 return crv;
5114 }
5115
5116 if (ulLastUpdateSize != 0) {
5117 crv = pFunctionList->C_VerifyUpdate(hRwSession, &data[ulDataLen],
5118 ulLastUpdateSize);
5119 if (crv != CKR_OK0x00000000UL) {
5120 PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
5121 PKM_CK_RVtoStr(crv));
5122 return crv;
5123 }
5124 }
5125 ulDataLen = ulDataLen + ulLastUpdateSize;
5126
5127 /* input for the verify operation is the decrypted data */
5128 crv = pFunctionList->C_VerifyFinal(hRwSession, sig, ulSigLen);
5129 if (crv == CKR_OK0x00000000UL) {
5130 PKM_LogIt("C_VerifyFinal succeeded\n");
5131 } else {
5132 PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
5133 PKM_CK_RVtoStr(crv));
5134 return crv;
5135 }
5136
5137 /* Comparison of Decrypted data with inputed data */
5138 if ((ulDataLen == pDataLen) &&
5139 (memcmp(data, pData, pDataLen) == 0)) {
5140 PKM_LogIt("PKM_DualFuncSign decrypt test case passed\n");
5141 } else {
5142 PKM_Error("PKM_DualFuncSign derypt test case failed\n");
5143 }
5144
5145 return crv;
5146}
5147
5148CK_RV
5149PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
5150 CK_SESSION_HANDLE hSession,
5151 CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
5152 const CK_BYTE *pData, CK_ULONG pDataLen)
5153{
5154 CK_RV crv = CKR_OK0x00000000UL;
5155 CK_BYTE digest1[MAX_DIGEST_SZ64];
5156 CK_ULONG digest1Len = 0;
5157 CK_BYTE digest2[MAX_DIGEST_SZ64];
5158 CK_ULONG digest2Len = 0;
5159
5160 /* Tested with CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512 */
5161
5162 memset(digest1, 0, sizeof(digest1));
5163 memset(digest2, 0, sizeof(digest2));
5164
5165 NUMTESTS++; /* increment NUMTESTS */
5166
5167 crv = pFunctionList->C_DigestInit(hSession, digestMech);
5168 if (crv != CKR_OK0x00000000UL) {
5169 PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
5170 PKM_CK_RVtoStr(crv));
5171 return crv;
5172 }
5173 digest1Len = sizeof(digest1);
5174 crv = pFunctionList->C_Digest(hSession, (CK_BYTE *)pData, pDataLen,
5175 digest1, &digest1Len);
5176 if (crv != CKR_OK0x00000000UL) {
5177 PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
5178 PKM_CK_RVtoStr(crv));
5179 return crv;
5180 }
5181
5182 crv = pFunctionList->C_DigestInit(hSession, digestMech);
5183 if (crv != CKR_OK0x00000000UL) {
5184 PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
5185 PKM_CK_RVtoStr(crv));
5186 return crv;
5187 }
5188
5189 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE *)pData, pDataLen);
5190 if (crv != CKR_OK0x00000000UL) {
5191 PKM_Error("C_DigestUpdate failed with 0x%08X, %-26s\n", crv,
5192 PKM_CK_RVtoStr(crv));
5193 return crv;
5194 }
5195
5196 /* C_DigestKey continues a multiple-part message-digesting operation by*/
5197 /* digesting the value of a secret key. (only used with C_DigestUpdate)*/
5198 if (hSecretKey != 0) {
5199 crv = pFunctionList->C_DigestKey(hSession, hSecretKey);
5200 if (crv != CKR_OK0x00000000UL) {
5201 PKM_Error("C_DigestKey failed with 0x%08X, %-26s\n", crv,
5202 PKM_CK_RVtoStr(crv));
5203 return crv;
5204 }
5205 }
5206
5207 digest2Len = sizeof(digest2);
5208 crv = pFunctionList->C_DigestFinal(hSession, digest2, &digest2Len);
5209 if (crv != CKR_OK0x00000000UL) {
5210 PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
5211 PKM_CK_RVtoStr(crv));
5212 return crv;
5213 }
5214
5215 if (hSecretKey == 0) {
5216 /* did not digest a secret key so digests should equal */
5217 if ((digest1Len == digest2Len) &&
5218 (memcmp(digest1, digest2, digest1Len) == 0)) {
5219 PKM_LogIt("Single and Multiple-part message digest "
5220 "operations successful\n");
5221 } else {
5222 PKM_Error("Single and Multiple-part message digest "
5223 "operations failed\n");
5224 }
5225 } else {
5226 if (digest1Len == digest2Len) {
5227 PKM_LogIt("PKM_Digest Single and Multiple-part message digest "
5228 "operations successful\n");
5229 } else {
5230 PKM_Error("PKM_Digest Single and Multiple-part message digest "
5231 "operations failed\n");
5232 }
5233 }
5234
5235 return crv;
5236}
5237
5238char *
5239PKM_FilePasswd(char *pwFile)
5240{
5241 unsigned char phrase[500];
5242 PRFileDesc *fd;
5243 PRInt32 nb;
5244 int i;
5245
5246 if (!pwFile)
5247 return 0;
5248
5249 fd = PR_Open(pwFile, PR_RDONLY0x01, 0);
5250 if (!fd) {
5251 fprintf(stderrstderr, "No password file \"%s\" exists.\n", pwFile);
5252 return NULL((void*)0);
5253 }
5254
5255 nb = PR_Read(fd, phrase, sizeof(phrase));
5256
5257 PR_Close(fd);
5258 /* handle the Windows EOL case */
5259 i = 0;
5260 while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb)
5261 i++;
5262 phrase[i] = '\0';
5263 if (nb == 0) {
5264 fprintf(stderrstderr, "password file contains no data\n");
5265 return NULL((void*)0);
5266 }
5267 return (char *)strdup((char *)phrase);
5268}
5269
5270void
5271PKM_Help()
5272{
5273 PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
5274 PR_fprintf(debug_out, "pk11mode test program usage:\n");
5275 PR_fprintf(debug_out, "\t-f <file> Password File : echo pw > file \n");
5276 PR_fprintf(debug_out, "\t-F Disable Unix fork tests\n");
5277 PR_fprintf(debug_out, "\t-n Non Fips Mode \n");
5278 PR_fprintf(debug_out, "\t-d <path> Database path location\n");
5279 PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix\n");
5280 PR_fprintf(debug_out, "\t-v verbose\n");
5281 PR_fprintf(debug_out, "\t-h this help message\n");
5282 exit(1);
5283}
5284
5285void
5286PKM_CheckPath(char *string)
5287{
5288 char *src;
5289 char *dest;
5290
5291 /*
5292 * windows support convert any back slashes to
5293 * forward slashes.
5294 */
5295 for (src = string, dest = string; *src; src++, dest++) {
5296 if (*src == '\\') {
5297 *dest = '/';
5298 }
5299 }
5300 dest--;
5301 /* if the last char is a / set it to 0 */
5302 if (*dest == '/')
5303 *dest = 0;
5304}
5305
5306CK_RV
5307PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
5308 PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs)
5309{
5310 CK_RV crv = CKR_OK0x00000000UL;
5311#ifndef NO_FORK_CHECK
5312 int rc = -1;
5313 pid_t child, ret;
5314 NUMTESTS++; /* increment NUMTESTS */
5315 if (forkAssert) {
5316 putenv("NSS_STRICT_NOFORK=1");
5317 } else {
5318 putenv("NSS_STRICT_NOFORK=0");
5319 }
5320 child = fork();
5321 switch (child) {
5322 case -1:
5323 PKM_Error("Fork failed.\n");
5324 crv = CKR_DEVICE_ERROR0x00000030UL;
5325 break;
5326 case 0:
5327 if (fList) {
5328 if (!initArgs) {
5329 /* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo
5330 * in the child. This call should always fail.
5331 * If softoken is uninitialized,
5332 * it fails with CKR_CRYPTOKI_NOT_INITIALIZED.
5333 * If it was initialized in the parent, the fork check should
5334 * kick in, and make it return CKR_DEVICE_ERROR.
5335 */
5336 CK_RV child_crv = fList->C_GetTokenInfo(0, NULL((void*)0));
5337 exit(child_crv & 255);
5338 } else {
5339 /* If softoken is loaded, make a PKCS#11 call to C_Initialize
5340 * in the child. This call should always fail.
5341 * If softoken is uninitialized, this should succeed.
5342 * If it was initialized in the parent, the fork check should
5343 * kick in, and make it return CKR_DEVICE_ERROR.
5344 */
5345 CK_RV child_crv = fList->C_Initialize(initArgs);
5346 if (CKR_OK0x00000000UL == child_crv) {
5347 child_crv = fList->C_Finalize(NULL((void*)0));
5348 }
5349 exit(child_crv & 255);
5350 }
5351 }
5352 exit(expected & 255);
5353 default:
5354 PKM_LogIt("Fork succeeded.\n");
5355 ret = wait(&rc);
5356 if (ret != child || (!WIFEXITED(rc)(((rc) & 0x7f) == 0)) ||
5357 ((expected & 255) != (WEXITSTATUS(rc)(((rc) & 0xff00) >> 8) & 255))) {
5358 int retStatus = -1;
5359 if (WIFEXITED(rc)(((rc) & 0x7f) == 0)) {
5360 retStatus = WEXITSTATUS(rc)(((rc) & 0xff00) >> 8);
5361 }
5362 PKM_Error("Child misbehaved.\n");
5363 printf("Child return status : %d.\n", retStatus & 255);
5364 crv = CKR_DEVICE_ERROR0x00000030UL;
5365 }
5366 break;
5367 }
5368#endif
5369 return crv;
5370}