diff options
-rw-r--r-- | src/rsa.c | 142 |
1 files changed, 140 insertions, 2 deletions
@@ -402,6 +402,140 @@ test_rsa_encrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, } static int +test_rsa_pkcs_verify_hash(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, + CK_OBJECT_HANDLE pubkey, CK_ULONG size, int algo) +{ + CK_BYTE hash[P11T_BLOCK]; + CK_BYTE sig[P11T_BLOCK]; + CK_MECHANISM mech; + CK_ULONG n_hash, n_sig; + CK_RV rv; + + /* Hash the data with appropriate wrappers */ + n_hash = sizeof(hash); + hash_for_rsa_pkcs_sign(algo, 1, p11t_test_data, p11t_test_data_size, hash, &n_hash); + + mech.mechanism = CKM_RSA_PKCS; + mech.pParameter = NULL; + mech.ulParameterLen = 0; + + P11T_SECTION("C_SignInit"); + + rv = (p11t_module_funcs->C_SignInit)(session, &mech, key); + P11T_CHECK_RV("Normal call", rv, CKR_OK); + + P11T_SECTION("C_Sign"); + + n_sig = sizeof(sig); + rv = (p11t_module_funcs->C_Sign)(session, hash, n_hash, sig, &n_sig); + + /* Requires authentication */ + if (rv == CKR_USER_NOT_LOGGED_IN) { + rv = p11t_key_login_context_specific (session, key); + P11T_CHECK_RV("Always authenticate", rv, CKR_OK); + rv = (p11t_module_funcs->C_Sign)(session, hash, n_hash, sig, &n_sig); + } + P11T_CHECK_RV("Normal call", rv, CKR_OK); + + P11T_SECTION("C_VerifyInit"); + + rv = (p11t_module_funcs->C_VerifyInit)(session, &mech, pubkey); + P11T_CHECK_RV("RSA PKCS", rv, CKR_OK); + + P11T_SECTION("C_Verify"); + + rv = (p11t_module_funcs->C_Verify)(session, hash, n_hash, sig, n_sig); + P11T_CHECK_RV("RSA PKCS", rv, CKR_OK); + + return CONTINUE; +} + +static int +test_rsa_x509_verify(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, + CK_OBJECT_HANDLE pubkey, CK_ULONG size) +{ + const CK_BYTE* data; + CK_BYTE sig[P11T_BLOCK]; + CK_MECHANISM mech; + CK_ULONG n_data, n_sig; + CK_RV rv; + + data = p11t_test_data; + n_data = size / 2; + assert(n_data <= p11t_test_data_size); + + mech.mechanism = CKM_RSA_X_509; + mech.pParameter = NULL; + mech.ulParameterLen = 0; + + P11T_SECTION("C_SignInit"); + + rv = (p11t_module_funcs->C_SignInit)(session, &mech, key); + P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK); + + P11T_SECTION("C_Sign"); + + n_sig = sizeof(sig); + rv = (p11t_module_funcs->C_Sign)(session, (CK_BYTE*)data, n_data, sig, &n_sig); + + /* Requires authentication */ + if (rv == CKR_USER_NOT_LOGGED_IN) { + rv = p11t_key_login_context_specific (session, key); + P11T_CHECK_RV("Always authenticate", rv, CKR_OK); + rv = (p11t_module_funcs->C_Sign)(session, (CK_BYTE*)data, n_data, sig, &n_sig); + } + + P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK); + + P11T_SECTION("C_VerifyInit"); + + rv = (p11t_module_funcs->C_VerifyInit)(session, &mech, pubkey); + P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK); + + P11T_SECTION("C_Verify"); + rv = (p11t_module_funcs->C_Verify)(session, (CK_BYTE*)data, n_data, sig, n_sig); + P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK); + + return CONTINUE; +} + +static int +test_rsa_verify (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, + CK_MECHANISM_TYPE mech_type, RSA* rsa) +{ + CK_OBJECT_HANDLE privkey; + CK_ULONG size; + + P11T_SECTION("C_Verify"); + + /* Must find a private key for this public one */ + privkey = p11t_key_get_private(session, key); + if(privkey == CK_INVALID) + return CONTINUE; + + size = RSA_size(rsa); + assert(size); + + switch(mech_type) + { + case CKM_RSA_PKCS: + P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1)"); + test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_sha1); + P11T_CHECK_NOTE("CKM_RSA_PKCS (MD5)"); + test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_md5); + P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1/MD5/SSL3)"); + test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_md5_sha1); + break; + case CKM_RSA_X_509: + P11T_CHECK_NOTE("CKM_RSA_X_509"); + test_rsa_x509_verify(session, privkey, key, size); + break; + }; + + return CONTINUE; +} + +static int test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE mech_type) { @@ -427,13 +561,16 @@ test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, if(can_encrypt) test_rsa_encrypt(session, key, mech_type, rsa); + if(can_verify) + test_rsa_verify(session, key, mech_type, rsa); + RSA_free(rsa); return CONTINUE; } static void -test_rsa_pkcs(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info) +test_rsa(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info) { CK_SESSION_HANDLE session; CK_ATTRIBUTE attrs[2]; @@ -484,5 +621,6 @@ test_rsa_pkcs(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR inf void p11t_rsa_tests(void) { - p11t_slot_for_each_mech(CKM_RSA_PKCS, test_rsa_pkcs); + p11t_slot_for_each_mech(CKM_RSA_PKCS, test_rsa); + p11t_slot_for_each_mech(CKM_RSA_X_509, test_rsa); } |