From 4add01fdfa020177347183b30d4e4734f3d5b575 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Wed, 24 Dec 2008 01:13:05 +0000
Subject: Implement RSA_X_509 and Verify.

---
 src/rsa.c | 142 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 140 insertions(+), 2 deletions(-)

diff --git a/src/rsa.c b/src/rsa.c
index 076e514..85911b5 100644
--- a/src/rsa.c
+++ b/src/rsa.c
@@ -401,6 +401,140 @@ test_rsa_encrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
 	return CONTINUE;
 }
 
+static int
+test_rsa_pkcs_verify_hash(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
+                          CK_OBJECT_HANDLE pubkey, CK_ULONG size, int algo)
+{
+	CK_BYTE hash[P11T_BLOCK];
+	CK_BYTE sig[P11T_BLOCK];
+	CK_MECHANISM mech;
+	CK_ULONG n_hash, n_sig;
+	CK_RV rv;
+
+	/* Hash the data with appropriate wrappers */
+	n_hash = sizeof(hash);
+	hash_for_rsa_pkcs_sign(algo, 1, p11t_test_data, p11t_test_data_size, hash, &n_hash);
+
+	mech.mechanism = CKM_RSA_PKCS;
+	mech.pParameter = NULL;
+	mech.ulParameterLen = 0;
+
+	P11T_SECTION("C_SignInit");
+
+	rv = (p11t_module_funcs->C_SignInit)(session, &mech, key);
+	P11T_CHECK_RV("Normal call", rv, CKR_OK);
+
+	P11T_SECTION("C_Sign");
+
+	n_sig = sizeof(sig);
+	rv = (p11t_module_funcs->C_Sign)(session, hash, n_hash, sig, &n_sig);
+
+	/* Requires authentication */
+	if (rv == CKR_USER_NOT_LOGGED_IN) {
+		rv = p11t_key_login_context_specific (session, key);
+		P11T_CHECK_RV("Always authenticate", rv, CKR_OK);
+		rv = (p11t_module_funcs->C_Sign)(session, hash, n_hash, sig, &n_sig);
+	}
+	P11T_CHECK_RV("Normal call", rv, CKR_OK);
+
+	P11T_SECTION("C_VerifyInit");
+
+	rv = (p11t_module_funcs->C_VerifyInit)(session, &mech, pubkey);
+	P11T_CHECK_RV("RSA PKCS", rv, CKR_OK);
+
+	P11T_SECTION("C_Verify");
+
+	rv = (p11t_module_funcs->C_Verify)(session, hash, n_hash, sig, n_sig);
+	P11T_CHECK_RV("RSA PKCS", rv, CKR_OK);
+
+	return CONTINUE;
+}
+
+static int
+test_rsa_x509_verify(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
+                     CK_OBJECT_HANDLE pubkey, CK_ULONG size)
+{
+	const CK_BYTE* data;
+	CK_BYTE sig[P11T_BLOCK];
+	CK_MECHANISM mech;
+	CK_ULONG n_data, n_sig;
+	CK_RV rv;
+
+	data = p11t_test_data;
+	n_data = size / 2;
+	assert(n_data <= p11t_test_data_size);
+
+	mech.mechanism = CKM_RSA_X_509;
+	mech.pParameter = NULL;
+	mech.ulParameterLen = 0;
+
+	P11T_SECTION("C_SignInit");
+
+	rv = (p11t_module_funcs->C_SignInit)(session, &mech, key);
+	P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+	P11T_SECTION("C_Sign");
+
+	n_sig = sizeof(sig);
+	rv = (p11t_module_funcs->C_Sign)(session, (CK_BYTE*)data, n_data, sig, &n_sig);
+
+	/* Requires authentication */
+	if (rv == CKR_USER_NOT_LOGGED_IN) {
+		rv = p11t_key_login_context_specific (session, key);
+		P11T_CHECK_RV("Always authenticate", rv, CKR_OK);
+		rv = (p11t_module_funcs->C_Sign)(session, (CK_BYTE*)data, n_data, sig, &n_sig);
+	}
+
+	P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+	P11T_SECTION("C_VerifyInit");
+
+	rv = (p11t_module_funcs->C_VerifyInit)(session, &mech, pubkey);
+	P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+	P11T_SECTION("C_Verify");
+	rv = (p11t_module_funcs->C_Verify)(session, (CK_BYTE*)data, n_data, sig, n_sig);
+	P11T_CHECK_RV("RSA X509 Call", rv, CKR_OK);
+
+	return CONTINUE;
+}
+
+static int
+test_rsa_verify (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
+                 CK_MECHANISM_TYPE mech_type, RSA* rsa)
+{
+	CK_OBJECT_HANDLE privkey;
+	CK_ULONG size;
+
+	P11T_SECTION("C_Verify");
+
+	/* Must find a private key for this public one */
+	privkey = p11t_key_get_private(session, key);
+	if(privkey == CK_INVALID)
+		return CONTINUE;
+
+	size = RSA_size(rsa);
+	assert(size);
+
+	switch(mech_type)
+	{
+	case CKM_RSA_PKCS:
+		P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1)");
+		test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_sha1);
+		P11T_CHECK_NOTE("CKM_RSA_PKCS (MD5)");
+		test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_md5);
+		P11T_CHECK_NOTE("CKM_RSA_PKCS (SHA1/MD5/SSL3)");
+		test_rsa_pkcs_verify_hash(session, privkey, key, size, NID_md5_sha1);
+		break;
+	case CKM_RSA_X_509:
+		P11T_CHECK_NOTE("CKM_RSA_X_509");
+		test_rsa_x509_verify(session, privkey, key, size);
+		break;
+	};
+
+	return CONTINUE;
+}
+
 static int
 test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
                     CK_MECHANISM_TYPE mech_type)
@@ -427,13 +561,16 @@ test_rsa_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
 	if(can_encrypt)
 		test_rsa_encrypt(session, key, mech_type, rsa);
 
+	if(can_verify)
+		test_rsa_verify(session, key, mech_type, rsa);
+
 	RSA_free(rsa);
 
 	return CONTINUE;
 }
 
 static void
-test_rsa_pkcs(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info)
+test_rsa(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info)
 {
 	CK_SESSION_HANDLE session;
 	CK_ATTRIBUTE attrs[2];
@@ -484,5 +621,6 @@ test_rsa_pkcs(CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR inf
 void
 p11t_rsa_tests(void)
 {
-	p11t_slot_for_each_mech(CKM_RSA_PKCS, test_rsa_pkcs);
+	p11t_slot_for_each_mech(CKM_RSA_PKCS, test_rsa);
+	p11t_slot_for_each_mech(CKM_RSA_X_509, test_rsa);
 }
-- 
cgit v1.2.3