summaryrefslogtreecommitdiff
path: root/src/key.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/key.c')
-rw-r--r--src/key.c184
1 files changed, 178 insertions, 6 deletions
diff --git a/src/key.c b/src/key.c
index 0fa4c4b..977877a 100644
--- a/src/key.c
+++ b/src/key.c
@@ -145,6 +145,66 @@ test_rsa_public(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
if(RSA_size(rsa) != bits / 8)
P11T_CHECK_FAIL_MSG("CKA_MODULUS_BITS", "Does not match bits in actual modulus");
+ RSA_free(rsa);
+
+ return CONTINUE;
+}
+
+static int
+test_dsa_public(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
+{
+ CK_ATTRIBUTE attr;
+ CK_BYTE buffer[16384];
+ CK_RV rv;
+ DSA* dsa;
+
+ P11T_SECTION("CKK_DSA Public");
+
+ dsa = DSA_new();
+ assert(dsa);
+
+ attr.type = CKA_PRIME;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ P11T_CHECK_RV("CKA_PRIME", rv, CKR_OK);
+ dsa->p = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->p == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_PRIME", p11t_msg_openssl());
+ if(attr.ulValueLen % 8 != 0)
+ P11T_CHECK_FAIL_MSG("CKA_PRIME", "Must be in steps of 64 bits");
+
+ attr.type = CKA_SUBPRIME;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ P11T_CHECK_RV("CKA_SUBPRIME", rv, CKR_OK);
+ dsa->q = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->q == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", p11t_msg_openssl());
+ if(attr.ulValueLen != 20)
+ P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", "Must be 160 bits");
+
+ attr.type = CKA_BASE;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ P11T_CHECK_RV("CKA_BASE", rv, CKR_OK);
+ dsa->g = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->g == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_BASE", p11t_msg_openssl());
+
+ attr.type = CKA_VALUE;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ P11T_CHECK_RV("CKA_VALUE", rv, CKR_OK);
+ dsa->pub_key = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->pub_key == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_VALUE", p11t_msg_openssl());
+
+ DSA_free(dsa);
+
return CONTINUE;
}
@@ -191,7 +251,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
attr.pValue = buffer;
attr.ulValueLen = sizeof(buffer);
rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
- if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID)
+ if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID)
{
P11T_CHECK_RV("CKA_PUBLIC_EXPONENT", rv, CKR_OK);
rsa->e = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
@@ -204,7 +264,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
attr.pValue = buffer;
attr.ulValueLen = sizeof(buffer);
rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
- if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID)
+ if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID)
{
P11T_CHECK_RV("CKA_PRIME_1", rv, CKR_OK);
rsa->p = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
@@ -216,7 +276,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
attr.pValue = buffer;
attr.ulValueLen = sizeof(buffer);
rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
- if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID)
+ if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID)
{
P11T_CHECK_RV("CKA_PRIME_2", rv, CKR_OK);
rsa->q = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
@@ -228,7 +288,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
attr.pValue = buffer;
attr.ulValueLen = sizeof(buffer);
rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
- if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID)
+ if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID)
{
P11T_CHECK_RV("CKA_EXPONENT_1", rv, CKR_OK);
rsa->dmp1 = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
@@ -240,7 +300,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
attr.pValue = buffer;
attr.ulValueLen = sizeof(buffer);
rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
- if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID)
+ if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID)
{
P11T_CHECK_RV("CKA_EXPONENT_2", rv, CKR_OK);
rsa->dmq1 = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
@@ -252,7 +312,7 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
attr.pValue = buffer;
attr.ulValueLen = sizeof(buffer);
rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
- if(rv != CKR_ATTRIBUTE_SENSITIVE || rv != CKR_ATTRIBUTE_TYPE_INVALID)
+ if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID)
{
P11T_CHECK_RV("CKA_COEFFICIENT", rv, CKR_OK);
rsa->iqmp = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
@@ -272,6 +332,69 @@ test_rsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
P11T_CHECK_FAIL_MSG("Check RSA private key", "RSA key is not valid");
}
+ RSA_free(rsa);
+
+ return CONTINUE;
+}
+
+static int
+test_dsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
+{
+ CK_ATTRIBUTE attr;
+ CK_BYTE buffer[16384];
+ CK_RV rv;
+ DSA* dsa;
+
+ P11T_SECTION("CKK_DSA Private");
+
+ dsa = DSA_new();
+ assert(dsa);
+
+ attr.type = CKA_PRIME;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ P11T_CHECK_RV("CKA_PRIME", rv, CKR_OK);
+ dsa->p = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->p == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_PRIME", p11t_msg_openssl());
+ if(attr.ulValueLen % 8 != 0)
+ P11T_CHECK_FAIL_MSG("CKA_PRIME", "Must be in steps of 64 bits");
+
+ attr.type = CKA_SUBPRIME;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ P11T_CHECK_RV("CKA_SUBPRIME", rv, CKR_OK);
+ dsa->q = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->q == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", p11t_msg_openssl());
+ if(attr.ulValueLen != 20)
+ P11T_CHECK_FAIL_MSG("CKA_SUBPRIME", "Must be 160 bits");
+
+ attr.type = CKA_BASE;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ P11T_CHECK_RV("CKA_BASE", rv, CKR_OK);
+ dsa->g = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->g == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_BASE", p11t_msg_openssl());
+
+ attr.type = CKA_VALUE;
+ attr.pValue = buffer;
+ attr.ulValueLen = sizeof(buffer);
+ rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1);
+ if(rv != CKR_ATTRIBUTE_SENSITIVE && rv != CKR_ATTRIBUTE_TYPE_INVALID)
+ {
+ P11T_CHECK_RV("CKA_VALUE", rv, CKR_OK);
+ dsa->priv_key = BN_bin2bn(attr.pValue, attr.ulValueLen, NULL);
+ if(dsa->priv_key == NULL)
+ P11T_CHECK_FAIL_MSG("CKA_VALUE", p11t_msg_openssl());
+ }
+
+ DSA_free(dsa);
+
return CONTINUE;
}
@@ -471,6 +594,8 @@ p11t_key_tests(void)
test_public_attributes(session, object);
if(key_type == CKK_RSA)
test_rsa_public(session, object);
+ else if(key_type == CKK_DSA)
+ test_dsa_public(session, object);
}
}
free(objects);
@@ -488,6 +613,8 @@ p11t_key_tests(void)
test_private_attributes(session, object);
if(key_type == CKK_RSA)
test_rsa_private(session, object);
+ else if(key_type == CKK_DSA)
+ test_dsa_private(session, object);
}
}
free(objects);
@@ -575,6 +702,51 @@ p11t_key_export_public_rsa(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key)
return rsa;
}
+DSA*
+p11t_key_export_public_dsa(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key)
+{
+ CK_ATTRIBUTE attrs[4];
+ CK_BYTE prime[4096];
+ CK_BYTE subprime[4096];
+ CK_BYTE base[4096];
+ CK_BYTE value[4096];
+ DSA *dsa;
+
+ attrs[0].type = CKA_PRIME;
+ attrs[0].ulValueLen = sizeof(prime);
+ attrs[0].pValue = prime;
+
+ attrs[1].type = CKA_SUBPRIME;
+ attrs[1].ulValueLen = sizeof(subprime);
+ attrs[1].pValue = subprime;
+
+ attrs[2].type = CKA_BASE;
+ attrs[2].ulValueLen = sizeof(base);
+ attrs[2].pValue = base;
+
+ attrs[3].type = CKA_VALUE;
+ attrs[3].ulValueLen = sizeof(value);
+ attrs[3].pValue = value;
+
+ if(!p11t_object_get(session, key, attrs, 4))
+ return NULL;
+
+ if(attrs[0].ulValueLen == CK_INVALID ||
+ attrs[1].ulValueLen == CK_INVALID ||
+ attrs[2].ulValueLen == CK_INVALID ||
+ attrs[3].ulValueLen == CK_INVALID)
+ return NULL;
+
+ dsa = DSA_new();
+ dsa->p = BN_bin2bn(prime, attrs[0].ulValueLen, NULL);
+ dsa->q = BN_bin2bn(subprime, attrs[1].ulValueLen, NULL);
+ dsa->g = BN_bin2bn(base, attrs[2].ulValueLen, NULL);
+ dsa->pub_key = BN_bin2bn(value, attrs[3].ulValueLen, NULL);
+ assert(dsa && dsa->p && dsa->q && dsa->g && dsa->pub_key);
+
+ return dsa;
+}
+
CK_RV
p11t_key_login_context_specific (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 16:16:35 +0000