summaryrefslogtreecommitdiff
path: root/src/rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/rsa.c')
-rw-r--r--src/rsa.c123
1 files changed, 77 insertions, 46 deletions
diff --git a/src/rsa.c b/src/rsa.c
index a960d63..b8371cc 100644
--- a/src/rsa.c
+++ b/src/rsa.c
@@ -11,7 +11,7 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
-static void
+static int
test_rsa_decrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
CK_MECHANISM_TYPE mech_type, RSA* rsa)
{
@@ -23,8 +23,6 @@ test_rsa_decrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
int size, n_encrypted;
CK_RV rv;
- /** C_Decrypt */
-
data = p11t_test_data;
n_data = p11t_test_data_size;
@@ -37,36 +35,42 @@ test_rsa_decrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
switch(mech_type)
{
case CKM_RSA_PKCS:
- /** - CKM_RSA_PKCS */
+ P11T_CHECK_NOTE("CKM_RSA_PKCS");
n_data = size - 11;
n_encrypted = RSA_public_encrypt(n_data, data, encrypted, rsa, RSA_PKCS1_PADDING);
assert(n_encrypted == size);
break;
case CKM_RSA_X_509:
- /** - CKM_RSA_X_509 */
+ P11T_CHECK_NOTE("CKM_RSA_X_509");
n_data = size;
n_encrypted = RSA_public_encrypt(n_data, data, encrypted, rsa, RSA_NO_PADDING);
assert(n_encrypted == size);
break;
default:
- return;
+ return CONTINUE;
};
mech.mechanism = mech_type;
mech.pParameter = NULL;
mech.ulParameterLen = 0;
+ P11T_SECTION("C_DecryptInit");
+
rv = (p11t_module_funcs->C_DecryptInit)(session, &mech, key);
- p11t_check_returns("C_DecryptInit: rsa", rv, CKR_OK);
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
+
+ P11T_SECTION("C_Decrypt");
n_decrypted = sizeof(decrypted);
rv = (p11t_module_funcs->C_Decrypt)(session, encrypted, n_encrypted, decrypted, &n_decrypted);
- p11t_check_returns("C_Decrypt: rsa", rv, CKR_OK);
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
if(n_decrypted != n_data)
- p11t_check_fail("C_Decrypt: rsa decrypt failed, wrong length");
+ P11T_CHECK_FAIL("RSA decrypt failed, wrong length");
if(memcmp(data, decrypted, n_data) != 0)
- p11t_check_fail("C_Decrypt: rsa decrypt failed, bad data");
+ P11T_CHECK_FAIL("RSA decrypt failed, mangled data");
+
+ return CONTINUE;
}
static void
@@ -132,7 +136,7 @@ hash_for_rsa_pkcs_sign(int algo, int wrap, const CK_BYTE* data,
*n_output = val;
}
-static void
+static int
test_rsa_pkcs_sign_hash(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
RSA* rsa, int algo)
{
@@ -151,12 +155,16 @@ test_rsa_pkcs_sign_hash(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
mech.pParameter = NULL;
mech.ulParameterLen = 0;
+ P11T_SECTION("C_SignInit");
+
rv = (p11t_module_funcs->C_SignInit)(session, &mech, key);
- p11t_check_returns("C_SignInit: rsa pkcs", rv, CKR_OK);
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
+
+ P11T_SECTION("C_Sign");
n_sig = sizeof(sig);
rv = (p11t_module_funcs->C_Sign)(session, hash, n_hash, sig, &n_sig);
- p11t_check_returns("C_Sign: rsa pkcs", rv, CKR_OK);
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
/* Hash the data again this time without wrapping */
n_hash = sizeof(hash);
@@ -165,10 +173,12 @@ test_rsa_pkcs_sign_hash(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
/* Verify the signature */
res = RSA_verify(algo, hash, n_hash, sig, n_sig, rsa);
if(res != 1)
- p11t_check_fail("C_Sign: rsa pkcs signature did not verify");
+ P11T_CHECK_FAIL("RSA PKCS#1.5 or SSLv3 signature did not verify");
+
+ return CONTINUE;
}
-static void
+static int
test_rsa_x509_sign(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, RSA* rsa)
{
const CK_BYTE* data;
@@ -188,48 +198,55 @@ test_rsa_x509_sign(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, RSA* rsa)
mech.pParameter = NULL;
mech.ulParameterLen = 0;
+ P11T_SECTION("C_SignInit");
+
rv = (p11t_module_funcs->C_SignInit)(session, &mech, key);
- p11t_check_returns("C_SignInit: rsa x509", rv, CKR_OK);
+ P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+ P11T_SECTION("C_Sign");
n_sig = sizeof(sig);
rv = (p11t_module_funcs->C_Sign)(session, (CK_BYTE*)data, n_data, sig, &n_sig);
- p11t_check_returns("C_Sign: rsa x509", rv, CKR_OK);
- p11t_check_ulong("C_Sign: rsa x509 result length", n_sig, size);
+ P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+ P11T_CHECK_ULONG("C_Sign: rsa x509 result length", n_sig, size);
res = RSA_public_decrypt(n_sig, sig, check, rsa, RSA_NO_PADDING);
if(res < 0)
- p11t_check_fail("C_Sign: rsa x509 signature was invalid");
+ P11T_CHECK_FAIL("RSA x509 signature was invalid");
assert(res > (int)n_data);
if(memcmp(check + (res - n_data), data, n_data) != 0)
- p11t_check_fail("C_Sign: rsa x509 signature did not verify");
+ P11T_CHECK_FAIL("RSA x509 signature did not verify");
+
+ return CONTINUE;
}
-static void
+static int
test_rsa_sign(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
CK_MECHANISM_TYPE mech_type, RSA* rsa)
{
- /** C_Sign */
+ P11T_SECTION("C_Sign");
switch(mech_type)
{
case CKM_RSA_PKCS:
- /** - CKM_RSA_PKCS (SHA1) */
+ P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1)");
test_rsa_pkcs_sign_hash(session, key, rsa, NID_sha1);
- /** - CKM_RSA_PKCS (MD5) */
+ P11T_CHECK_NOTE("CKM_RSA_PKCS (MD5)");
test_rsa_pkcs_sign_hash(session, key, rsa, NID_md5);
- /** - CKM_RSA_PKCS (SHA1/MD5/SSL3) */
+ P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1/MD5/SSL3)");
test_rsa_pkcs_sign_hash(session, key, rsa, NID_md5_sha1);
break;
case CKM_RSA_X_509:
+ P11T_CHECK_NOTE("CKM_RSA_X_509");
test_rsa_x509_sign(session, key, rsa);
break;
- default:
- return;
};
+
+ return CONTINUE;
}
-static void
+static int
test_rsa_private_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
CK_MECHANISM_TYPE mech_type)
{
@@ -246,11 +263,11 @@ test_rsa_private_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
attrs[1].pValue = &can_sign;
if(!p11t_object_get(session, key, attrs, 2))
- return;
+ return CONTINUE;
rsa = p11t_key_export_public_rsa(session, key);
if(!rsa)
- return;
+ return CONTINUE;
if(can_decrypt)
test_rsa_decrypt(session, key, mech_type, rsa);
@@ -259,9 +276,11 @@ test_rsa_private_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
test_rsa_sign(session, key, mech_type, rsa);
RSA_free(rsa);
+
+ return CONTINUE;
}
-static void
+static int
test_rsa_encrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
CK_MECHANISM_TYPE mech_type, RSA* rsa)
{
@@ -277,7 +296,7 @@ test_rsa_encrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
data = p11t_test_data;
n_data = p11t_test_data_size;
- /** C_Encrypt */
+ P11T_SECTION("C_Encrypt");
size = RSA_size(rsa);
assert(size);
@@ -288,51 +307,61 @@ test_rsa_encrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
switch(mech_type)
{
case CKM_RSA_PKCS:
- /** - CKM_RSA_PKCS */
+ P11T_CHECK_NOTE("CKM_RSA_PKCS");
n_data = size - 11;
break;
case CKM_RSA_X_509:
- /** - CKM_RSA_X_509 */
+ P11T_CHECK_NOTE("CKM_RSA_X_509");
n_data = size;
break;
default:
- return;
+ return CONTINUE;
};
mech.mechanism = mech_type;
mech.pParameter = NULL;
mech.ulParameterLen = 0;
+ P11T_SECTION("C_EncryptInit");
+
/* Now ask PKCS#11 to decrypt it */
rv = (p11t_module_funcs->C_EncryptInit)(session, &mech, key);
- p11t_check_returns("C_EncryptInit: rsa", rv, CKR_OK);
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
+
+ P11T_SECTION("C_Encrypt");
n_encrypted = sizeof(encrypted);
rv = (p11t_module_funcs->C_Encrypt)(session, (CK_BYTE*)data, n_data, encrypted, &n_encrypted);
- p11t_check_returns("C_Encrypt: rsa", rv, CKR_OK);
+ P11T_CHECK_RV("Normal call", rv, CKR_OK);
if(size != n_encrypted)
- p11t_check_fail("C_Encrypt: rsa encrypt failed, wrong length");
+ P11T_CHECK_FAIL("RSA encrypt failed, wrong length");
/* We need to find a private key in order to validate */
privkey = p11t_key_get_private(session, key);
if(privkey == CK_INVALID)
- return;
+ return CONTINUE;
+
+ P11T_SECTION("C_DecryptInit");
rv = (p11t_module_funcs->C_DecryptInit)(session, &mech, privkey);
- p11t_check_returns("C_DecryptInit: rsa validate", rv, CKR_OK);
+ P11T_CHECK_RV("Module encrypted data", rv, CKR_OK);
+
+ P11T_SECTION("C_Decrypt");
n_check = sizeof(check);
rv = (p11t_module_funcs->C_Decrypt)(session, encrypted, n_encrypted, check, &n_check);
- p11t_check_returns("C_Decrypt: rsa validate", rv, CKR_OK);
+ P11T_CHECK_RV("Module encrypted data", rv, CKR_OK);
if(n_check != n_data)
- p11t_check_fail("C_Decrypt: rsa validate failed, wrong length");
+ P11T_CHECK_FAIL("RSA validate failed, wrong length");
if(memcmp(data, check, n_data) != 0)
- p11t_check_fail("C_Decrypt: rsa validate failed, bad data");
+ P11T_CHECK_FAIL("RSA validate failed, bad data");
+
+ return CONTINUE;
}
-static void
+static int
test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
CK_MECHANISM_TYPE mech_type)
{
@@ -349,16 +378,18 @@ test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
attrs[1].pValue = &can_verify;
if(!p11t_object_get(session, key, attrs, 2))
- return;
+ return CONTINUE;
rsa = p11t_key_export_public_rsa(session, key);
if(!rsa)
- return;
+ return CONTINUE;
if(can_encrypt)
test_rsa_encrypt(session, key, mech_type, rsa);
RSA_free(rsa);
+
+ return CONTINUE;
}
static void
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 17:00:58 +0000