summaryrefslogtreecommitdiff
path: root/src/rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/rsa.c')
-rw-r--r--src/rsa.c142
1 files changed, 140 insertions, 2 deletions
diff --git a/src/rsa.c b/src/rsa.c
index 076e514..85911b5 100644
--- a/src/rsa.c
+++ b/src/rsa.c
@@ -402,6 +402,140 @@ test_rsa_encrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
}
static int
+test_rsa_pkcs_verify_hash(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
+ CK_OBJECT_HANDLE pubkey, CK_ULONG size, int algo)
+{
+ CK_BYTE hash[P11T_BLOCK];
+ CK_BYTE sig[P11T_BLOCK];
+ CK_MECHANISM mech;
+ CK_ULONG n_hash, n_sig;
+ CK_RV rv;
+
+ /* Hash the data with appropriate wrappers */
+ n_hash = sizeof(hash);
+ hash_for_rsa_pkcs_sign(algo, 1, p11t_test_data, p11t_test_data_size, hash, &n_hash);
+
+ mech.mechanism = CKM_RSA_PKCS;
+ mech.pParameter = NULL;
+ mech.ulParameterLen = 0;
+
+ P11T_SECTION("C_SignInit");
+
+ rv = (p11t_module_funcs->C_SignInit)(session, &mech, key);
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
+
+ P11T_SECTION("C_Sign");
+
+ n_sig = sizeof(sig);
+ rv = (p11t_module_funcs->C_Sign)(session, hash, n_hash, sig, &n_sig);
+
+ /* Requires authentication */
+ if (rv == CKR_USER_NOT_LOGGED_IN) {
+ rv = p11t_key_login_context_specific (session, key);
+ P11T_CHECK_RV("Always authenticate", rv, CKR_OK);
+ rv = (p11t_module_funcs->C_Sign)(session, hash, n_hash, sig, &n_sig);
+ }
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
+
+ P11T_SECTION("C_VerifyInit");
+
+ rv = (p11t_module_funcs->C_VerifyInit)(session, &mech, pubkey);
+ P11T_CHECK_RV("RSA PKCS", rv, CKR_OK);
+
+ P11T_SECTION("C_Verify");
+
+ rv = (p11t_module_funcs->C_Verify)(session, hash, n_hash, sig, n_sig);
+ P11T_CHECK_RV("RSA PKCS", rv, CKR_OK);
+
+ return CONTINUE;
+}
+
+static int
+test_rsa_x509_verify(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
+ CK_OBJECT_HANDLE pubkey, CK_ULONG size)
+{
+ const CK_BYTE* data;
+ CK_BYTE sig[P11T_BLOCK];
+ CK_MECHANISM mech;
+ CK_ULONG n_data, n_sig;
+ CK_RV rv;
+
+ data = p11t_test_data;
+ n_data = size / 2;
+ assert(n_data <= p11t_test_data_size);
+
+ mech.mechanism = CKM_RSA_X_509;
+ mech.pParameter = NULL;
+ mech.ulParameterLen = 0;
+
+ P11T_SECTION("C_SignInit");
+
+ rv = (p11t_module_funcs->C_SignInit)(session, &mech, key);
+ P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+ P11T_SECTION("C_Sign");
+
+ n_sig = sizeof(sig);
+ rv = (p11t_module_funcs->C_Sign)(session, (CK_BYTE*)data, n_data, sig, &n_sig);
+
+ /* Requires authentication */
+ if (rv == CKR_USER_NOT_LOGGED_IN) {
+ rv = p11t_key_login_context_specific (session, key);
+ P11T_CHECK_RV("Always authenticate", rv, CKR_OK);
+ rv = (p11t_module_funcs->C_Sign)(session, (CK_BYTE*)data, n_data, sig, &n_sig);
+ }
+
+ P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+ P11T_SECTION("C_VerifyInit");
+
+ rv = (p11t_module_funcs->C_VerifyInit)(session, &mech, pubkey);
+ P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+ P11T_SECTION("C_Verify");
+ rv = (p11t_module_funcs->C_Verify)(session, (CK_BYTE*)data, n_data, sig, n_sig);
+ P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+ return CONTINUE;
+}
+
+static int
+test_rsa_verify (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
+ CK_MECHANISM_TYPE mech_type, RSA* rsa)
+{
+ CK_OBJECT_HANDLE privkey;
+ CK_ULONG size;
+
+ P11T_SECTION("C_Verify");
+
+ /* Must find a private key for this public one */
+ privkey = p11t_key_get_private(session, key);
+ if(privkey == CK_INVALID)
+ return CONTINUE;
+
+ size = RSA_size(rsa);
+ assert(size);
+
+ switch(mech_type)
+ {
+ case CKM_RSA_PKCS:
+ P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1)");
+ test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_sha1);
+ P11T_CHECK_NOTE("CKM_RSA_PKCS (MD5)");
+ test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_md5);
+ P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1/MD5/SSL3)");
+ test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_md5_sha1);
+ break;
+ case CKM_RSA_X_509:
+ P11T_CHECK_NOTE("CKM_RSA_X_509");
+ test_rsa_x509_verify(session, privkey, key, size);
+ break;
+ };
+
+ return CONTINUE;
+}
+
+static int
test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
CK_MECHANISM_TYPE mech_type)
{
@@ -427,13 +561,16 @@ test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
if(can_encrypt)
test_rsa_encrypt(session, key, mech_type, rsa);
+ if(can_verify)
+ test_rsa_verify(session, key, mech_type, rsa);
+
RSA_free(rsa);
return CONTINUE;
}
static void
-test_rsa_pkcs(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info)
+test_rsa(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info)
{
CK_SESSION_HANDLE session;
CK_ATTRIBUTE attrs[2];
@@ -484,5 +621,6 @@ test_rsa_pkcs(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR inf
void
p11t_rsa_tests(void)
{
- p11t_slot_for_each_mech(CKM_RSA_PKCS, test_rsa_pkcs);
+ p11t_slot_for_each_mech(CKM_RSA_PKCS, test_rsa);
+ p11t_slot_for_each_mech(CKM_RSA_X_509, test_rsa);
}