diff options
Diffstat (limited to 'src/key.c')
-rw-r--r-- | src/key.c | 184 |
1 files changed, 178 insertions, 6 deletions
@@ -145,6 +145,66 @@ test_rsa_public(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) if(RSA_size(rsa) != bits / 8) P11T_CHECK_FAIL_MSG("CKA_MODULUS_BITS", "Does not match bits in actual modulus"); + RSA_free(rsa); + + return CONTINUE; +} + +static int +test_dsa_public(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) +{ + CK_ATTRIBUTE attr; + CK_BYTE buffer[16384]; + CK_RV rv; + DSA* dsa; + + P11T_SECTION("CKK_DSA Public"); + + dsa = DSA_new(); + assert(dsa); + + attr.type = CKA_PRIME; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_PRIME", rv, CKR_OK); + dsa->p = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->p == NULL) + P11T_CHECK_FAIL_MSG("CKA_PRIME", p11t_msg_openssl()); + if(attr.ulValueLen % 8 != 0) + P11T_CHECK_FAIL_MSG("CKA_PRIME", "Must be in steps of 64 bits"); + + attr.type = CKA_SUBPRIME; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_SUBPRIME", rv, CKR_OK); + dsa->q = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->q == NULL) + P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", p11t_msg_openssl()); + if(attr.ulValueLen != 20) + P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", "Must be 160 bits"); + + attr.type = CKA_BASE; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_BASE", rv, CKR_OK); + dsa->g = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->g == NULL) + P11T_CHECK_FAIL_MSG("CKA_BASE", p11t_msg_openssl()); + + attr.type = CKA_VALUE; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_VALUE", rv, CKR_OK); + dsa->pub_key = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->pub_key == NULL) + P11T_CHECK_FAIL_MSG("CKA_VALUE", p11t_msg_openssl()); + + DSA_free(dsa); + return CONTINUE; } @@ -191,7 +251,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) attr.pValue = buffer; attr.ulValueLen = sizeof(buffer); rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID) + if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { P11T_CHECK_RV("CKA_PUBLIC_EXPONENT", rv, CKR_OK); rsa->e = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); @@ -204,7 +264,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) attr.pValue = buffer; attr.ulValueLen = sizeof(buffer); rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID) + if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { P11T_CHECK_RV("CKA_PRIME_1", rv, CKR_OK); rsa->p = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); @@ -216,7 +276,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) attr.pValue = buffer; attr.ulValueLen = sizeof(buffer); rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID) + if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { P11T_CHECK_RV("CKA_PRIME_2", rv, CKR_OK); rsa->q = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); @@ -228,7 +288,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) attr.pValue = buffer; attr.ulValueLen = sizeof(buffer); rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID) + if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { P11T_CHECK_RV("CKA_EXPONENT_1", rv, CKR_OK); rsa->dmp1 = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); @@ -240,7 +300,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) attr.pValue = buffer; attr.ulValueLen = sizeof(buffer); rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID) + if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { P11T_CHECK_RV("CKA_EXPONENT_2", rv, CKR_OK); rsa->dmq1 = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); @@ -252,7 +312,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) attr.pValue = buffer; attr.ulValueLen = sizeof(buffer); rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID) + if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) { P11T_CHECK_RV("CKA_COEFFICIENT", rv, CKR_OK); rsa->iqmp = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); @@ -272,6 +332,69 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) P11T_CHECK_FAIL_MSG("Check RSA private key", "RSA key is not valid"); } + RSA_free(rsa); + + return CONTINUE; +} + +static int +test_dsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) +{ + CK_ATTRIBUTE attr; + CK_BYTE buffer[16384]; + CK_RV rv; + DSA* dsa; + + P11T_SECTION("CKK_DSA Private"); + + dsa = DSA_new(); + assert(dsa); + + attr.type = CKA_PRIME; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_PRIME", rv, CKR_OK); + dsa->p = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->p == NULL) + P11T_CHECK_FAIL_MSG("CKA_PRIME", p11t_msg_openssl()); + if(attr.ulValueLen % 8 != 0) + P11T_CHECK_FAIL_MSG("CKA_PRIME", "Must be in steps of 64 bits"); + + attr.type = CKA_SUBPRIME; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_SUBPRIME", rv, CKR_OK); + dsa->q = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->q == NULL) + P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", p11t_msg_openssl()); + if(attr.ulValueLen != 20) + P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", "Must be 160 bits"); + + attr.type = CKA_BASE; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_BASE", rv, CKR_OK); + dsa->g = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->g == NULL) + P11T_CHECK_FAIL_MSG("CKA_BASE", p11t_msg_openssl()); + + attr.type = CKA_VALUE; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID) + { + P11T_CHECK_RV("CKA_VALUE", rv, CKR_OK); + dsa->priv_key = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL); + if(dsa->priv_key == NULL) + P11T_CHECK_FAIL_MSG("CKA_VALUE", p11t_msg_openssl()); + } + + DSA_free(dsa); + return CONTINUE; } @@ -471,6 +594,8 @@ p11t_key_tests(void) test_public_attributes(session, object); if(key_type == CKK_RSA) test_rsa_public(session, object); + else if(key_type == CKK_DSA) + test_dsa_public(session, object); } } free(objects); @@ -488,6 +613,8 @@ p11t_key_tests(void) test_private_attributes(session, object); if(key_type == CKK_RSA) test_rsa_private(session, object); + else if(key_type == CKK_DSA) + test_dsa_private(session, object); } } free(objects); @@ -575,6 +702,51 @@ p11t_key_export_public_rsa(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key) return rsa; } +DSA* +p11t_key_export_public_dsa(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key) +{ + CK_ATTRIBUTE attrs[4]; + CK_BYTE prime[4096]; + CK_BYTE subprime[4096]; + CK_BYTE base[4096]; + CK_BYTE value[4096]; + DSA *dsa; + + attrs[0].type = CKA_PRIME; + attrs[0].ulValueLen = sizeof(prime); + attrs[0].pValue = prime; + + attrs[1].type = CKA_SUBPRIME; + attrs[1].ulValueLen = sizeof(subprime); + attrs[1].pValue = subprime; + + attrs[2].type = CKA_BASE; + attrs[2].ulValueLen = sizeof(base); + attrs[2].pValue = base; + + attrs[3].type = CKA_VALUE; + attrs[3].ulValueLen = sizeof(value); + attrs[3].pValue = value; + + if(!p11t_object_get(session, key, attrs, 4)) + return NULL; + + if(attrs[0].ulValueLen == CK_INVALID || + attrs[1].ulValueLen == CK_INVALID || + attrs[2].ulValueLen == CK_INVALID || + attrs[3].ulValueLen == CK_INVALID) + return NULL; + + dsa = DSA_new(); + dsa->p = BN_bin2bn(prime, attrs[0].ulValueLen, NULL); + dsa->q = BN_bin2bn(subprime, attrs[1].ulValueLen, NULL); + dsa->g = BN_bin2bn(base, attrs[2].ulValueLen, NULL); + dsa->pub_key = BN_bin2bn(value, attrs[3].ulValueLen, NULL); + assert(dsa && dsa->p && dsa->q && dsa->g && dsa->pub_key); + + return dsa; +} + CK_RV p11t_key_login_context_specific (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key) { |