summaryrefslogtreecommitdiff
path: root/src/key.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/key.c')
-rw-r--r--src/key.c257
1 files changed, 250 insertions, 7 deletions
diff --git a/src/key.c b/src/key.c
index a305215..41f66f4 100644
--- a/src/key.c
+++ b/src/key.c
@@ -1,6 +1,8 @@
#include "p11-tests-lib.h"
+#include <string.h>
+
/* ----------------------------------------------------------------------------------
* TESTS
*/
@@ -266,6 +268,102 @@ test_private_attributes(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
}
static int
+test_secret_attributes (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
+{
+ CK_ATTRIBUTE attr;
+ CK_BBOOL bval;
+ CK_RV rv;
+
+ attr.type = CKA_SENSITIVE;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_SENSITIVE", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_SENSITIVE", bval);
+
+ attr.type = CKA_ENCRYPT;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_ENCRYPT", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_ENCRYPT", bval);
+
+ attr.type = CKA_DECRYPT;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_DECRYPT", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_DECRYPT", bval);
+
+ attr.type = CKA_SIGN;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_SIGN", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_SIGN", bval);
+
+ attr.type = CKA_VERIFY;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_VERIFY", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_VERIFY", bval);
+
+ attr.type = CKA_WRAP;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_WRAP", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_WRAP", bval);
+
+ attr.type = CKA_UNWRAP;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_UNWRAP", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_UNWRAP", bval);
+
+ attr.type = CKA_EXTRACTABLE;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_EXTRACTABLE", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_EXTRACTABLE", bval);
+
+ attr.type = CKA_ALWAYS_SENSITIVE;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_ALWAYS_SENSITIVE", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_ALWAYS_SENSITIVE", bval);
+
+ attr.type = CKA_NEVER_EXTRACTABLE;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_NEVER_EXTRACTABLE", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_NEVER_EXTRACTABLE", bval);
+
+ if(p11t_test_unexpected) {
+ attr.type = CKA_WRAP_WITH_TRUSTED;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_WRAP_WITH_TRUSTED", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_WRAP_WITH_TRUSTED", bval);
+ }
+
+ attr.type = CKA_TRUSTED;
+ attr.pValue = &bval;
+ attr.ulValueLen = sizeof (bval);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_TRUSTED", rv, CKR_OK);
+ P11T_CHECK_BOOL ("CKA_TRUSTED", bval);
+
+ return CONTINUE;
+}
+
+static int
test_rsa_public(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
{
CK_ATTRIBUTE attr;
@@ -702,6 +800,73 @@ test_dh_private (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
return CONTINUE;
}
+static int
+test_aes_secret (session, object)
+{
+ CK_ATTRIBUTE attr;
+ CK_BYTE buffer[16384];
+ CK_BYTE check[1024];
+ EVP_CIPHER_CTX ctx;
+ CK_ULONG length;
+ void *plaintext;
+ int outlen;
+ CK_RV rv;
+
+ P11T_SECTION ("CKK_AES Secret");
+
+ attr.type = CKA_CHECK_VALUE;
+ attr.pValue = check;
+ attr.ulValueLen = sizeof (check);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_CHECK_VALUE", rv, CKR_OK);
+ if (attr.ulValueLen != 3)
+ P11T_CHECK_FAIL_MSG ("CKA_CHECK_VALUE", "Should be 3 bytes");
+
+ attr.type = CKA_VALUE_LEN;
+ attr.pValue = &length;
+ attr.ulValueLen = sizeof (length);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ P11T_CHECK_RV ("CKA_VALUE_LEN", rv, CKR_OK);
+
+ attr.type = CKA_VALUE;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof (buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1);
+ if (rv != CKR_ATTRIBUTE_SENSITIVE) {
+ P11T_CHECK_RV ("CKA_VALUE", rv, CKR_OK);
+
+ if (length != attr.ulValueLen)
+ P11T_CHECK_FAIL_MSG ("CKA_VALUE_LEN", "Should match the length of CKA_VALUE");
+
+ switch (attr.ulValueLen) {
+ case 16:
+ EVP_EncryptInit (&ctx, EVP_aes_128_ecb (), buffer, NULL);
+ break;
+ case 24:
+ EVP_EncryptInit (&ctx, EVP_aes_192_ecb (), buffer, NULL);
+ break;
+ case 32:
+ EVP_EncryptInit (&ctx, EVP_aes_256_ecb (), buffer, NULL);
+ break;
+ default:
+ P11T_CHECK_FAIL_MSG ("CKA_VALUE", "Length should be 16, 24 or 32 bytes");
+ break;
+ };
+
+ plaintext = calloc (attr.ulValueLen, 1);
+ if (!EVP_EncryptUpdate (&ctx, buffer, &outlen, plaintext, attr.ulValueLen))
+ assert (0);
+ assert (outlen == attr.ulValueLen);
+
+ EVP_CIPHER_CTX_cleanup (&ctx);
+
+ if (memcmp (check, buffer, 3) != 0)
+ P11T_CHECK_FAIL_MSG ("CKA_CHECK_VALUE", "Check value is not correct");
+
+ }
+
+ return CONTINUE;
+}
static int
test_rsa_public_create(CK_SESSION_HANDLE session, CK_BBOOL token, RSA *rsa, CK_OBJECT_HANDLE_PTR result)
@@ -1127,19 +1292,83 @@ test_dh_create(CK_SESSION_HANDLE session, CK_BBOOL token)
test_dh_public_create (session, token, dh, &pub);
test_dh_private_create (session, token, dh, &prv);
+ if (pub != 0 && prv != 0)
+ p11t_dh_test_key_pair (session, pub, prv);
+
+ P11T_SECTION ("C_DestroyObject");
+
+ rv = (p11t_module_funcs->C_DestroyObject) (session, pub);
+ P11T_CHECK_RV ("DH Public Key", rv, CKR_OK);
+ rv = (p11t_module_funcs->C_DestroyObject) (session, prv);
+ P11T_CHECK_RV ("DH Private Key", rv, CKR_OK);
+
+ DH_free (dh);
+ return CONTINUE;
+}
+
+static int
+test_aes_secret_create (CK_SESSION_HANDLE session, CK_BBOOL token, void *value,
+ size_t length, CK_OBJECT_HANDLE_PTR result)
+{
+ CK_OBJECT_HANDLE object;
+ CK_ATTRIBUTE attrs[10];
+ CK_KEY_TYPE key_type = CKK_AES;
+ CK_OBJECT_CLASS klass = CKO_SECRET_KEY;
+ CK_RV rv;
+
+ P11T_SECTION("C_CreateObject");
+
+ /* Fill in all the attributes */
+ attrs[0].type = CKA_TOKEN;
+ attrs[0].pValue = &token;
+ attrs[0].ulValueLen = sizeof (token);
+
+ attrs[1].type = CKA_CLASS;
+ attrs[1].ulValueLen = sizeof (klass);
+ attrs[1].pValue = &klass;
+
+ attrs[2].type = CKA_LABEL;
+ attrs[2].pValue = "Test AES Secret Key";
+ attrs[2].ulValueLen = 20;
+
+ attrs[3].type = CKA_KEY_TYPE;
+ attrs[3].pValue = &key_type;
+ attrs[3].ulValueLen = sizeof (key_type);
+
+ attrs[4].type = CKA_VALUE;
+ attrs[4].ulValueLen = length;
+ attrs[4].pValue = value;
+
+ rv = (p11t_module_funcs->C_CreateObject) (session, attrs, 5, &object);
+ if (rv == CKR_TEMPLATE_INCOMPLETE)
+ return CONTINUE;
+ P11T_CHECK_RV ("AES Secret Key", rv, CKR_OK);
+
+ p11t_key_test (session, object, CKO_SECRET_KEY);
+ *result = object;
+ return CONTINUE;
+}
+
+static int
+test_aes_create (CK_SESSION_HANDLE session, CK_BBOOL token)
+{
+ CK_OBJECT_HANDLE key;
+ CK_RV rv;
+
+ key = 0;
+ if (!test_aes_secret_create (session, token, "0123456789ABCDEF", 16, &key))
+ return STOP;
+
#if 0
if (pub != 0)
- p11t_dh_test_public_key (session, pub);
- if (prv != 0)
- p11t_dh_test_private_key (session, prv);
+ p11t_aes_test_secret_key (session, key);
#endif
- P11T_SECTION("C_DestroyObject");
+ P11T_SECTION ("C_DestroyObject");
- rv = (p11t_module_funcs->C_DestroyObject)(session, pub);
- P11T_CHECK_RV("DH Public Key", rv, CKR_OK);
+ rv = (p11t_module_funcs->C_DestroyObject) (session, key);
+ P11T_CHECK_RV ("AES Secret Key", rv, CKR_OK);
- DH_free (dh);
return CONTINUE;
}
@@ -1216,6 +1445,10 @@ p11t_key_test (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_OBJECT_CLA
test_dsa_public (session, object);
else if (key_type == CKK_DH)
test_dh_public (session, object);
+ } else if (key_class == CKO_SECRET_KEY) {
+ test_secret_attributes (session, object);
+ if (key_type == CKK_AES)
+ test_aes_secret (session, object);
}
}
@@ -1268,6 +1501,16 @@ p11t_key_tests(void)
test_dsa_create (session, CK_FALSE);
test_dh_create (session, CK_FALSE);
}
+
+ klass = CKO_SECRET_KEY;
+ objects = p11t_object_find (session, attrs, 1, &n_objects);
+ for (i = 0; objects && i < n_objects; ++i)
+ p11t_key_test (session, objects[i], klass);
+ free (objects);
+
+ if (p11t_test_write_session) {
+ test_aes_create (session, CK_FALSE);
+ }
}
p11t_session_close(session);