diff options
Diffstat (limited to 'src/key.c')
-rw-r--r-- | src/key.c | 372 |
1 files changed, 372 insertions, 0 deletions
@@ -419,6 +419,345 @@ test_dsa_private(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) } static int +test_rsa_public_create(CK_SESSION_HANDLE session, CK_BBOOL token, RSA *rsa, CK_OBJECT_HANDLE_PTR result) +{ + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[10]; + CK_KEY_TYPE key_type = CKK_RSA; + CK_ULONG rsa_bits = 1024; + CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; + CK_RV rv; + + P11T_SECTION("C_CreateObject"); + + /* Fill in all the attributes */ + attrs[0].type = CKA_TOKEN; + attrs[0].pValue = &token; + attrs[0].ulValueLen = sizeof (token); + + attrs[1].type = CKA_CLASS; + attrs[1].ulValueLen = sizeof (klass); + attrs[1].pValue = &klass; + + attrs[2].type = CKA_LABEL; + attrs[2].pValue = "Test Public Key"; + attrs[2].ulValueLen = 15; + + attrs[3].type = CKA_KEY_TYPE; + attrs[3].pValue = &key_type; + attrs[3].ulValueLen = sizeof (key_type); + + attrs[4].type = CKA_MODULUS_BITS; + attrs[4].pValue = &rsa_bits; + attrs[4].ulValueLen = sizeof (rsa_bits); + + if(p11t_test_unexpected) + { + rv = (p11t_module_funcs->C_CreateObject)(session, attrs, 5, &object); + P11T_CHECK_RV("RSA Public incomplete template", rv, CKR_TEMPLATE_INCOMPLETE); + } + + attrs[5].type = CKA_MODULUS; + attrs[5].ulValueLen = BN_num_bytes (rsa->n); + attrs[5].pValue = alloca (attrs[5].ulValueLen); + BN_bn2bin (rsa->n, (unsigned char*)attrs[5].pValue); + + attrs[6].type = CKA_PUBLIC_EXPONENT; + attrs[6].ulValueLen = BN_num_bytes (rsa->e); + attrs[6].pValue = alloca (attrs[6].ulValueLen); + BN_bn2bin (rsa->e, (unsigned char*)attrs[6].pValue); + + rv = (p11t_module_funcs->C_CreateObject)(session, attrs, 7, &object); + if (rv == CKR_TEMPLATE_INCOMPLETE) + return CONTINUE; + P11T_CHECK_RV("RSA Public Key", rv, CKR_OK); + + test_rsa_public (session, object); + + *result = object; + return CONTINUE; +} + +static int +test_rsa_private_create(CK_SESSION_HANDLE session, CK_BBOOL token, RSA *rsa, CK_OBJECT_HANDLE_PTR result) +{ + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[10]; + CK_KEY_TYPE key_type = CKK_RSA; + CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; + CK_RV rv; + + P11T_SECTION("C_CreateObject"); + + /* Fill in all the attributes */ + attrs[0].type = CKA_TOKEN; + attrs[0].pValue = &token; + attrs[0].ulValueLen = sizeof (token); + + attrs[1].type = CKA_CLASS; + attrs[1].ulValueLen = sizeof (klass); + attrs[1].pValue = &klass; + + attrs[2].type = CKA_LABEL; + attrs[2].pValue = "Test Private Key"; + attrs[2].ulValueLen = 15; + + attrs[3].type = CKA_KEY_TYPE; + attrs[3].pValue = &key_type; + attrs[3].ulValueLen = sizeof (key_type); + + attrs[4].type = CKA_MODULUS; + attrs[4].ulValueLen = BN_num_bytes (rsa->n); + attrs[4].pValue = alloca (attrs[4].ulValueLen); + BN_bn2bin (rsa->n, (unsigned char*)attrs[4].pValue); + + attrs[5].type = CKA_PRIVATE_EXPONENT; + attrs[5].ulValueLen = BN_num_bytes (rsa->d); + attrs[5].pValue = alloca (attrs[5].ulValueLen); + BN_bn2bin (rsa->d, (unsigned char*)attrs[5].pValue); + + attrs[6].type = CKA_PUBLIC_EXPONENT; + attrs[6].ulValueLen = BN_num_bytes (rsa->e); + attrs[6].pValue = alloca (attrs[6].ulValueLen); + BN_bn2bin (rsa->e, (unsigned char*)attrs[6].pValue); + + attrs[7].type = CKA_PRIME_1; + attrs[7].ulValueLen = BN_num_bytes (rsa->p); + attrs[7].pValue = alloca (attrs[7].ulValueLen); + BN_bn2bin (rsa->p, (unsigned char*)attrs[7].pValue); + + attrs[8].type = CKA_PRIME_2; + attrs[8].ulValueLen = BN_num_bytes (rsa->q); + attrs[8].pValue = alloca (attrs[8].ulValueLen); + BN_bn2bin (rsa->q, (unsigned char*)attrs[8].pValue); + + rv = (p11t_module_funcs->C_CreateObject)(session, attrs, 9, &object); + if (rv == CKR_TEMPLATE_INCOMPLETE) + return STOP; + P11T_CHECK_RV("RSA Private Key", rv, CKR_OK); + + test_rsa_private (session, object); + + *result = object; + return CONTINUE; +} + +static int +test_rsa_create(CK_SESSION_HANDLE session, CK_BBOOL token) +{ + CK_OBJECT_HANDLE pub, prv; + CK_RV rv; + RSA *rsa; + + rsa = RSA_generate_key (1024, 17, NULL, NULL); + assert (rsa); + + pub = prv = 0; + test_rsa_public_create (session, token, rsa, &pub); + test_rsa_private_create (session, token, rsa, &prv); + + if (pub != 0) + p11t_rsa_test_public_key (session, pub); + if (prv != 0) + p11t_rsa_test_private_key (session, prv); + + P11T_SECTION("C_DestroyObject"); + + rv = (p11t_module_funcs->C_DestroyObject)(session, pub); + P11T_CHECK_RV("RSA Public Key", rv, CKR_OK); + + rv = (p11t_module_funcs->C_DestroyObject)(session, pub); + P11T_CHECK_RV("Deleted object", rv, CKR_OBJECT_HANDLE_INVALID); + + RSA_free (rsa); + return CONTINUE; +} + + +static int +test_dsa_public_create(CK_SESSION_HANDLE session, CK_BBOOL token, DSA *dsa, CK_OBJECT_HANDLE_PTR result) +{ + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[10]; + CK_KEY_TYPE key_type = CKK_DSA; + CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY; + CK_RV rv; + + P11T_SECTION("C_CreateObject"); + + /* Fill in all the attributes */ + attrs[0].type = CKA_TOKEN; + attrs[0].pValue = &token; + attrs[0].ulValueLen = sizeof (token); + + attrs[1].type = CKA_CLASS; + attrs[1].ulValueLen = sizeof (klass); + attrs[1].pValue = &klass; + + attrs[2].type = CKA_LABEL; + attrs[2].pValue = "Test DSA Public Key"; + attrs[2].ulValueLen = 19; + + attrs[3].type = CKA_KEY_TYPE; + attrs[3].pValue = &key_type; + attrs[3].ulValueLen = sizeof (key_type); + + attrs[4].type = CKA_PRIME; + attrs[4].ulValueLen = BN_num_bytes (dsa->p); + attrs[4].pValue = alloca (attrs[4].ulValueLen); + BN_bn2bin (dsa->p, (unsigned char*)attrs[4].pValue); + + attrs[5].type = CKA_SUBPRIME; + attrs[5].ulValueLen = BN_num_bytes (dsa->q); + attrs[5].pValue = alloca (attrs[5].ulValueLen); + BN_bn2bin (dsa->q, (unsigned char*)attrs[5].pValue); + + attrs[6].type = CKA_BASE; + attrs[6].ulValueLen = BN_num_bytes (dsa->g); + attrs[6].pValue = alloca (attrs[6].ulValueLen); + BN_bn2bin (dsa->g, (unsigned char*)attrs[6].pValue); + + attrs[7].type = CKA_VALUE; + attrs[7].ulValueLen = BN_num_bytes (dsa->pub_key); + attrs[7].pValue = alloca (attrs[7].ulValueLen); + BN_bn2bin (dsa->pub_key, (unsigned char*)attrs[7].pValue); + + rv = (p11t_module_funcs->C_CreateObject)(session, attrs, 8, &object); + if (rv == CKR_TEMPLATE_INCOMPLETE) + return CONTINUE; + P11T_CHECK_RV("DSA Public Key", rv, CKR_OK); + + test_dsa_public (session, object); + + *result = object; + return CONTINUE; +} + +static int +test_dsa_private_create(CK_SESSION_HANDLE session, CK_BBOOL token, DSA *dsa, CK_OBJECT_HANDLE_PTR result) +{ + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[10]; + CK_KEY_TYPE key_type = CKK_DSA; + CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY; + CK_RV rv; + + P11T_SECTION("C_CreateObject"); + + /* Fill in all the attributes */ + attrs[0].type = CKA_TOKEN; + attrs[0].pValue = &token; + attrs[0].ulValueLen = sizeof (token); + + attrs[1].type = CKA_CLASS; + attrs[1].ulValueLen = sizeof (klass); + attrs[1].pValue = &klass; + + attrs[2].type = CKA_LABEL; + attrs[2].pValue = "Test DSA Private Key"; + attrs[2].ulValueLen = 20; + + attrs[3].type = CKA_KEY_TYPE; + attrs[3].pValue = &key_type; + attrs[3].ulValueLen = sizeof (key_type); + + attrs[4].type = CKA_PRIME; + attrs[4].ulValueLen = BN_num_bytes (dsa->p); + attrs[4].pValue = alloca (attrs[4].ulValueLen); + BN_bn2bin (dsa->p, (unsigned char*)attrs[4].pValue); + + attrs[5].type = CKA_SUBPRIME; + attrs[5].ulValueLen = BN_num_bytes (dsa->q); + attrs[5].pValue = alloca (attrs[5].ulValueLen); + BN_bn2bin (dsa->q, (unsigned char*)attrs[5].pValue); + + attrs[6].type = CKA_BASE; + attrs[6].ulValueLen = BN_num_bytes (dsa->g); + attrs[6].pValue = alloca (attrs[6].ulValueLen); + BN_bn2bin (dsa->g, (unsigned char*)attrs[6].pValue); + + attrs[7].type = CKA_VALUE; + attrs[7].ulValueLen = BN_num_bytes (dsa->priv_key); + attrs[7].pValue = alloca (attrs[7].ulValueLen); + BN_bn2bin (dsa->priv_key, (unsigned char*)attrs[7].pValue); + + rv = (p11t_module_funcs->C_CreateObject)(session, attrs, 8, &object); + if (rv == CKR_TEMPLATE_INCOMPLETE) + return CONTINUE; + P11T_CHECK_RV("DSA Private Key", rv, CKR_OK); + + test_dsa_private (session, object); + + *result = object; + return CONTINUE; +} + +static int +test_dsa_create(CK_SESSION_HANDLE session, CK_BBOOL token) +{ + CK_OBJECT_HANDLE pub, prv; + CK_RV rv; + DSA *dsa; + int ret; + + dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); + assert (dsa); + ret = DSA_generate_key (dsa); + assert (ret == 1); + + pub = prv = 0; + test_dsa_public_create (session, token, dsa, &pub); + test_dsa_private_create (session, token, dsa, &prv); + + if (pub != 0) + p11t_dsa_test_public_key (session, pub); + if (prv != 0) + p11t_dsa_test_private_key (session, prv); + + P11T_SECTION("C_DestroyObject"); + + rv = (p11t_module_funcs->C_DestroyObject)(session, pub); + P11T_CHECK_RV("DSA Public Key", rv, CKR_OK); + + DSA_free (dsa); + return CONTINUE; +} + +static int +test_create_unexpected(CK_SESSION_HANDLE session) +{ + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attrs[1]; + CK_BBOOL token = CK_FALSE; + CK_RV rv; + + if(!p11t_test_unexpected) + return CONTINUE; + + P11T_SECTION("C_CreateObject"); + + /* Fill in all the attributes */ + attrs[0].type = CKA_TOKEN; + attrs[0].pValue = &token; + attrs[0].ulValueLen = sizeof (token); + + rv = (p11t_module_funcs->C_CreateObject)((CK_SESSION_HANDLE)-83, attrs, 1, &object); + P11T_CHECK_RV("Invalid session", rv, CKR_SESSION_HANDLE_INVALID); + + rv = (p11t_module_funcs->C_CreateObject)(session, NULL, 1, &object); + P11T_CHECK_RV("Invalid session", rv, CKR_ARGUMENTS_BAD); + + rv = (p11t_module_funcs->C_CreateObject)(session, attrs, 1, NULL); + P11T_CHECK_RV("Invalid session", rv, CKR_ARGUMENTS_BAD); + + /* No class in the template */ + rv = (p11t_module_funcs->C_CreateObject)(session, attrs, 1, &object); + P11T_CHECK_RV("Invalid session", rv, CKR_TEMPLATE_INCOMPLETE); + + return CONTINUE; +} + +static int test_public_attributes(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) { CK_BYTE buffer[4096]; @@ -618,6 +957,10 @@ p11t_key_tests(void) test_dsa_public(session, object); } } + + if(p11t_test_write_session) + test_create_unexpected(session); + free(objects); if(p11t_session_login(session)) @@ -638,6 +981,11 @@ p11t_key_tests(void) } } free(objects); + + if (p11t_test_write_session) { + test_rsa_create (session, CK_FALSE); + test_dsa_create (session, CK_FALSE); + } } p11t_session_close(session); @@ -797,3 +1145,27 @@ p11t_key_login_context_specific (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key pin = p11t_session_get_pin (info.slotID, CKU_CONTEXT_SPECIFIC, &n_pin); return (p11t_module_funcs->C_Login)(session, CKU_CONTEXT_SPECIFIC, pin, n_pin); } + +CK_MECHANISM_TYPE_PTR +p11t_key_get_mechanisms(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_ULONG_PTR n_mechanisms) +{ + CK_ATTRIBUTE attr; + + attr.type = CKA_ALLOWED_MECHANISMS; + attr.pValue = NULL; + attr.ulValueLen = 0; + + if (!p11t_object_get(session, key, &attr, 1)) + return NULL; + + attr.pValue = malloc(attr.ulValueLen); + assert (attr.pValue); + + if (!p11t_object_get (session, key, &attr, 1)) { + free (attr.pValue); + return NULL; + } + + *n_mechanisms = attr.ulValueLen / sizeof (CK_MECHANISM_TYPE); + return attr.pValue; +} |