From f4b12883579af918653904d3f1351d9a454d5e6f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 16 Nov 2009 20:52:55 +0000 Subject: Implement testing of DH key pair generation --- src/Makefile.am | 1 + src/dh.c | 91 ++++++++++++ src/key.c | 409 +++++++++++++++++++++++++++------------------------- src/object.c | 50 +++++++ src/p11-tests-lib.c | 1 + src/p11-tests-lib.h | 13 +- 6 files changed, 368 insertions(+), 197 deletions(-) create mode 100644 src/dh.c (limited to 'src') diff --git a/src/Makefile.am b/src/Makefile.am index e86bd04..c4d34ed 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -11,6 +11,7 @@ libp11_tests_la_SOURCES = \ config.c \ crypto.c \ dsa.c \ + dh.c \ key.c \ module.c \ msg.c \ diff --git a/src/dh.c b/src/dh.c new file mode 100644 index 0000000..3325caa --- /dev/null +++ b/src/dh.c @@ -0,0 +1,91 @@ + +#include "p11-tests-lib.h" + +#include +#include +#include + +#include + +static void +test_dh_key_pair_gen (CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info) +{ + CK_SESSION_HANDLE session; + + session = p11t_session_open(slot, 0); + if(session == CK_INVALID || !p11t_session_login (session)) + return; + + p11t_dh_test_generate_pair (session); +} + +void +p11t_dh_tests (void) +{ + p11t_slot_for_each_mech (CKM_DH_PKCS_KEY_PAIR_GEN, test_dh_key_pair_gen); +} + +int +p11t_dh_test_generate_pair (CK_SESSION_HANDLE session) +{ + CK_ATTRIBUTE pub_attrs[3]; + CK_ATTRIBUTE priv_attrs[3]; + CK_MECHANISM mech; + CK_OBJECT_HANDLE pub_key; + CK_OBJECT_HANDLE priv_key; + CK_ULONG bits; + CK_RV rv; + DH *dh; + + P11T_SECTION ("C_GenerateKeyPair"); + + dh = DH_generate_parameters (256, 2, NULL, NULL); + assert (dh); + + pub_attrs[0].type = CKA_PRIME; + pub_attrs[0].ulValueLen = BN_num_bytes (dh->p); + pub_attrs[0].pValue = alloca (pub_attrs[0].ulValueLen); + BN_bn2bin (dh->p, (unsigned char*)pub_attrs[0].pValue); + + pub_attrs[1].type = CKA_BASE; + pub_attrs[1].ulValueLen = BN_num_bytes (dh->g); + pub_attrs[1].pValue = alloca (pub_attrs[1].ulValueLen); + BN_bn2bin (dh->g, (unsigned char*)pub_attrs[1].pValue); + + priv_attrs[0].type = CKA_PRIME; + priv_attrs[0].ulValueLen = BN_num_bytes (dh->p); + priv_attrs[0].pValue = alloca (priv_attrs[0].ulValueLen); + BN_bn2bin (dh->p, (unsigned char*)priv_attrs[0].pValue); + + priv_attrs[1].type = CKA_BASE; + priv_attrs[1].ulValueLen = BN_num_bytes (dh->g); + priv_attrs[1].pValue = alloca (priv_attrs[1].ulValueLen); + BN_bn2bin (dh->g, (unsigned char*)priv_attrs[1].pValue); + + priv_attrs[2].type = CKA_VALUE_BITS; + priv_attrs[2].ulValueLen = sizeof (bits); + priv_attrs[2].pValue = &bits; + + mech.mechanism = CKM_DH_PKCS_KEY_PAIR_GEN; + mech.pParameter = NULL; + mech.ulParameterLen = 0; + + if (p11t_test_unexpected) { + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mech, pub_attrs, 0, priv_attrs, 0, &pub_key, &priv_key); + P11T_CHECK_RV ("DH Key Pair without CKA_PRIME", rv, CKR_TEMPLATE_INCOMPLETE); + + bits = 1024; + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 3, &pub_key, &priv_key); + P11T_CHECK_RV ("DH Key Pair with CKA_VALUE_BITS larger than CKA_PRIME", rv, CKR_TEMPLATE_INCONSISTENT); + } + + bits = 256; + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 3, &pub_key, &priv_key); + P11T_CHECK_RV ("DH Key Pair", rv, CKR_OK); + + p11t_key_test (session, pub_key, CKO_PUBLIC_KEY); + p11t_key_test (session, priv_key, CKO_PRIVATE_KEY); + + /* Test corner cases */ + return p11t_object_generate_pair_bad (session, CKM_DH_PKCS_KEY_PAIR_GEN); +} diff --git a/src/key.c b/src/key.c index 0f6aa38..a305215 100644 --- a/src/key.c +++ b/src/key.c @@ -14,17 +14,21 @@ test_key_attributes(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE CK_MECHANISM_TYPE_PTR mechanisms; CK_ULONG n_mechanisms, i; CK_BBOOL bval, local; + CK_KEY_TYPE ktype; CK_DATE date; CK_RV rv; P11T_SECTION("Key Object"); attr.type = CKA_KEY_TYPE; - attr.ulValueLen = sizeof(*key_type); - attr.pValue = key_type; + attr.ulValueLen = sizeof(ktype); + attr.pValue = &ktype; rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); P11T_CHECK_RV("CKA_KEY_TYPE", rv, CKR_OK); + if (key_type) + *key_type = ktype; + attr.type = CKA_ID; attr.ulValueLen = sizeof(buffer); attr.pValue = buffer; @@ -74,7 +78,7 @@ test_key_attributes(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE { if(!local) P11T_CHECK_FAIL_MSG("CKA_KEY_GEN_MECHANISM", "Non locally generated key has key gen mechanism"); - if(!p11t_slot_get_mech_info(slot, mech_type)) + if(slot && !p11t_slot_get_mech_info(slot, mech_type)) P11T_CHECK_FAIL_MSG("CKA_KEY_GEN_MECHANISM", "Mechanism not present on slot"); } @@ -91,7 +95,7 @@ test_key_attributes(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE n_mechanisms = attr.ulValueLen / sizeof(CK_MECHANISM_TYPE); for(i = 0; i < n_mechanisms; ++i) { - if(!p11t_slot_get_mech_info(slot, mechanisms[i])) + if(slot && !p11t_slot_get_mech_info(slot, mechanisms[i])) P11T_CHECK_FAIL_MSG("CKA_ALLOWED_MECHANISMS", "Mechanism not present in slot"); } } @@ -99,6 +103,168 @@ test_key_attributes(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE return CONTINUE; } +static int +test_public_attributes(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) +{ + CK_BYTE buffer[4096]; + CK_ATTRIBUTE attr; + CK_BBOOL bval, wrap; + const char *msg; + CK_RV rv; + + P11T_SECTION("CKO_PUBLIC_KEY"); + + attr.type = CKA_SUBJECT; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_SUBJECT", rv, CKR_OK); + + if(attr.ulValueLen) + { + msg = p11t_certificate_validate_dn(attr.pValue, attr.ulValueLen); + if(msg != NULL) + P11T_CHECK_FAIL_MSG("CKA_SUBJECT", msg); + } + + attr.type = CKA_ENCRYPT; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_ENCRYPT", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_ENCRYPT", bval); + + attr.type = CKA_VERIFY; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_VERIFY", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_VERIFY", bval); + + attr.type = CKA_VERIFY_RECOVER; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_VERIFY_RECOVER", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_VERIFY_RECOVER", bval); + + attr.type = CKA_TRUSTED; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_TRUSTED", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_TRUSTED", bval); + + attr.type = CKA_WRAP; + attr.pValue = &wrap; + attr.ulValueLen = sizeof(wrap); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_WRAP", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_WRAP", wrap); + + return CONTINUE; +} + +static int +test_private_attributes(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) +{ + CK_BYTE buffer[4096]; + CK_ATTRIBUTE attr; + CK_BBOOL bval; + const char *msg; + CK_RV rv; + + P11T_SECTION("CKO_PRIVATE_KEY"); + + attr.type = CKA_SUBJECT; + attr.pValue = buffer; + attr.ulValueLen = sizeof(buffer); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_SUBJECT", rv, CKR_OK); + + if(attr.ulValueLen) + { + msg = p11t_certificate_validate_dn(attr.pValue, attr.ulValueLen); + if(msg != NULL) + P11T_CHECK_FAIL_MSG("CKA_SUBJECT", msg); + } + + attr.type = CKA_SENSITIVE; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_SENSITIVE", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_SENSITIVE", bval); + + attr.type = CKA_DECRYPT; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_DECRYPT", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_DECRYPT", bval); + + attr.type = CKA_SIGN; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_SIGN", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_SIGN", bval); + + attr.type = CKA_SIGN_RECOVER; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_SIGN_RECOVER", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_SIGN_RECOVER", bval); + + attr.type = CKA_UNWRAP; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_UNWRAP", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_UNWRAP", bval); + + attr.type = CKA_EXTRACTABLE; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_EXTRACTABLE", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_EXTRACTABLE", bval); + + attr.type = CKA_ALWAYS_SENSITIVE; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_ALWAYS_SENSITIVE", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_ALWAYS_SENSITIVE", bval); + + attr.type = CKA_NEVER_EXTRACTABLE; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_NEVER_EXTRACTABLE", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_NEVER_EXTRACTABLE", bval); + + if(p11t_test_unexpected) + { + attr.type = CKA_WRAP_WITH_TRUSTED; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_WRAP_WITH_TRUSTED", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_WRAP_WITH_TRUSTED", bval); + + attr.type = CKA_ALWAYS_AUTHENTICATE; + attr.pValue = &bval; + attr.ulValueLen = sizeof(bval); + rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); + P11T_CHECK_RV("CKA_ALWAYS_AUTHENTICATE", rv, CKR_OK); + P11T_CHECK_BOOL("CKA_ALWAYS_AUTHENTICATE", bval); + } + + return CONTINUE; +} + static int test_rsa_public(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) { @@ -591,8 +757,7 @@ test_rsa_public_create(CK_SESSION_HANDLE session, CK_BBOOL token, RSA *rsa, CK_O return CONTINUE; P11T_CHECK_RV("RSA Public Key", rv, CKR_OK); - test_rsa_public (session, object); - + p11t_key_test (session, object, CKO_PUBLIC_KEY); *result = object; return CONTINUE; } @@ -655,8 +820,7 @@ test_rsa_private_create(CK_SESSION_HANDLE session, CK_BBOOL token, RSA *rsa, CK_ return STOP; P11T_CHECK_RV("RSA Private Key", rv, CKR_OK); - test_rsa_private (session, object); - + p11t_key_test (session, object, CKO_PRIVATE_KEY); *result = object; return CONTINUE; } @@ -746,8 +910,7 @@ test_dsa_public_create(CK_SESSION_HANDLE session, CK_BBOOL token, DSA *dsa, CK_O return CONTINUE; P11T_CHECK_RV("DSA Public Key", rv, CKR_OK); - test_dsa_public (session, object); - + p11t_key_test (session, object, CKO_PUBLIC_KEY); *result = object; return CONTINUE; } @@ -805,8 +968,7 @@ test_dsa_private_create(CK_SESSION_HANDLE session, CK_BBOOL token, DSA *dsa, CK_ return CONTINUE; P11T_CHECK_RV("DSA Private Key", rv, CKR_OK); - test_dsa_private (session, object); - + p11t_key_test (session, object, CKO_PRIVATE_KEY); *result = object; return CONTINUE; } @@ -859,8 +1021,7 @@ test_dh_public_create(CK_SESSION_HANDLE session, CK_BBOOL token, DH *dh, CK_OBJE return CONTINUE; P11T_CHECK_RV("DH Public Key", rv, CKR_OK); - test_dh_public (session, object); - + p11t_key_test (session, object, CKO_PUBLIC_KEY); *result = object; return CONTINUE; } @@ -913,8 +1074,7 @@ test_dh_private_create(CK_SESSION_HANDLE session, CK_BBOOL token, DH *dh, CK_OBJ return CONTINUE; P11T_CHECK_RV("DH Private Key", rv, CKR_OK); - test_dh_private (session, object); - + p11t_key_test (session, object, CKO_PRIVATE_KEY); *result = object; return CONTINUE; } @@ -1017,163 +1177,46 @@ test_create_unexpected(CK_SESSION_HANDLE session) return CONTINUE; } -static int -test_public_attributes(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) +int +p11t_key_test (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_OBJECT_CLASS klass) { - CK_BYTE buffer[4096]; + CK_OBJECT_CLASS key_class; CK_ATTRIBUTE attr; - CK_BBOOL bval, wrap; - const char *msg; - CK_RV rv; - - P11T_SECTION("CKO_PUBLIC_KEY"); - - attr.type = CKA_SUBJECT; - attr.pValue = buffer; - attr.ulValueLen = sizeof(buffer); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_SUBJECT", rv, CKR_OK); - - if(attr.ulValueLen) - { - msg = p11t_certificate_validate_dn(attr.pValue, attr.ulValueLen); - if(msg != NULL) - P11T_CHECK_FAIL_MSG("CKA_SUBJECT", msg); - } - - attr.type = CKA_ENCRYPT; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_ENCRYPT", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_ENCRYPT", bval); - - attr.type = CKA_VERIFY; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_VERIFY", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_VERIFY", bval); - - attr.type = CKA_VERIFY_RECOVER; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_VERIFY_RECOVER", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_VERIFY_RECOVER", bval); - - attr.type = CKA_TRUSTED; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_TRUSTED", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_TRUSTED", bval); - - attr.type = CKA_WRAP; - attr.pValue = &wrap; - attr.ulValueLen = sizeof(wrap); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_WRAP", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_WRAP", wrap); - - return CONTINUE; -} - -static int -test_private_attributes(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) -{ - CK_BYTE buffer[4096]; - CK_ATTRIBUTE attr; - CK_BBOOL bval; - const char *msg; + CK_SESSION_INFO info; + CK_KEY_TYPE key_type; CK_RV rv; - P11T_SECTION("CKO_PRIVATE_KEY"); - - attr.type = CKA_SUBJECT; - attr.pValue = buffer; - attr.ulValueLen = sizeof(buffer); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_SUBJECT", rv, CKR_OK); - - if(attr.ulValueLen) - { - msg = p11t_certificate_validate_dn(attr.pValue, attr.ulValueLen); - if(msg != NULL) - P11T_CHECK_FAIL_MSG("CKA_SUBJECT", msg); - } - - attr.type = CKA_SENSITIVE; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_SENSITIVE", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_SENSITIVE", bval); - - attr.type = CKA_DECRYPT; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_DECRYPT", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_DECRYPT", bval); - - attr.type = CKA_SIGN; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_SIGN", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_SIGN", bval); - - attr.type = CKA_SIGN_RECOVER; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_SIGN_RECOVER", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_SIGN_RECOVER", bval); - - attr.type = CKA_UNWRAP; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_UNWRAP", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_UNWRAP", bval); - - attr.type = CKA_EXTRACTABLE; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_EXTRACTABLE", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_EXTRACTABLE", bval); - - attr.type = CKA_ALWAYS_SENSITIVE; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_ALWAYS_SENSITIVE", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_ALWAYS_SENSITIVE", bval); - - attr.type = CKA_NEVER_EXTRACTABLE; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_NEVER_EXTRACTABLE", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_NEVER_EXTRACTABLE", bval); - - if(p11t_test_unexpected) - { - attr.type = CKA_WRAP_WITH_TRUSTED; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_WRAP_WITH_TRUSTED", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_WRAP_WITH_TRUSTED", bval); + P11T_SECTION ("Key Object"); + attr.type = CKA_CLASS; + attr.ulValueLen = sizeof (key_class); + attr.pValue = &key_class; + rv = (p11t_module_funcs->C_GetAttributeValue) (session, object, &attr, 1); + P11T_CHECK_RV ("CKA_CLASS", rv, CKR_OK); + if (klass && klass != key_class) + P11T_CHECK_FAIL_MSG ("CKA_CLASS", "Key class is not as expected"); - attr.type = CKA_ALWAYS_AUTHENTICATE; - attr.pValue = &bval; - attr.ulValueLen = sizeof(bval); - rv = (p11t_module_funcs->C_GetAttributeValue)(session, object, &attr, 1); - P11T_CHECK_RV("CKA_ALWAYS_AUTHENTICATE", rv, CKR_OK); - P11T_CHECK_BOOL("CKA_ALWAYS_AUTHENTICATE", bval); + rv = (p11t_module_funcs->C_GetSessionInfo) (session, &info); + if (rv != CKR_OK) + info.slotID = 0; + + if (test_key_attributes (info.slotID, session, object, &key_type)) { + if (key_class == CKO_PRIVATE_KEY) { + test_private_attributes (session, object); + if (key_type == CKK_RSA) + test_rsa_private (session, object); + else if (key_type == CKK_DSA) + test_dsa_private (session, object); + else if (key_type == CKK_DH) + test_dh_private (session, object); + } else if (key_class == CKO_PUBLIC_KEY) { + test_public_attributes (session, object); + if (key_type == CKK_RSA) + test_rsa_public (session, object); + else if (key_type == CKK_DSA) + test_dsa_public (session, object); + else if (key_type == CKK_DH) + test_dh_public (session, object); + } } return CONTINUE; @@ -1185,11 +1228,9 @@ p11t_key_tests(void) CK_OBJECT_CLASS klass; CK_OBJECT_HANDLE_PTR objects; CK_SESSION_HANDLE session; - CK_OBJECT_HANDLE object; CK_ATTRIBUTE attrs[1]; CK_ULONG j, i, n_objects; CK_SLOT_ID slot; - CK_KEY_TYPE key_type; attrs[0].type = CKA_CLASS; attrs[0].ulValueLen = sizeof(klass); @@ -1206,19 +1247,7 @@ p11t_key_tests(void) objects = p11t_object_find(session, attrs, 1, &n_objects); for(i = 0; objects && i < n_objects; ++i) - { - object = objects[i]; - if(test_key_attributes(slot, session, object, &key_type)) - { - test_public_attributes(session, object); - if(key_type == CKK_RSA) - test_rsa_public(session, object); - else if(key_type == CKK_DSA) - test_dsa_public(session, object); - else if(key_type == CKK_DH) - test_dh_public(session, object); - } - } + p11t_key_test (session, objects[i], klass); if(p11t_test_write_session) test_create_unexpected(session); @@ -1231,19 +1260,7 @@ p11t_key_tests(void) objects = p11t_object_find(session, attrs, 1, &n_objects); for(i = 0; objects && i < n_objects; ++i) - { - object = objects[i]; - if(test_key_attributes(slot, session, object, &key_type)) - { - test_private_attributes(session, object); - if(key_type == CKK_RSA) - test_rsa_private(session, object); - else if(key_type == CKK_DSA) - test_dsa_private(session, object); - else if (key_type == CKK_DH) - test_dh_private (session, object); - } - } + p11t_key_test (session, objects[i], klass); free(objects); if (p11t_test_write_session) { diff --git a/src/object.c b/src/object.c index aee8363..4252bbc 100644 --- a/src/object.c +++ b/src/object.c @@ -396,6 +396,56 @@ p11t_object_tests(void) } } +int +p11t_object_generate_pair_bad (CK_SESSION_HANDLE session, CK_MECHANISM_TYPE mech) +{ + CK_OBJECT_CLASS pub_class = CKO_PUBLIC_KEY; + CK_OBJECT_CLASS priv_class = CKO_PRIVATE_KEY; + CK_ATTRIBUTE pub_attrs[1]; + CK_ATTRIBUTE priv_attrs[1]; + CK_MECHANISM mechanism; + CK_OBJECT_HANDLE pub_key, priv_key; + CK_RV rv; + + if (!p11t_test_unexpected) + return CONTINUE; + + /* An valid mechanism */ + mechanism.mechanism = mech; + mechanism.pParameter = NULL; + mechanism.ulParameterLen = 0; + + pub_attrs[0].type = CKA_CLASS; + pub_attrs[0].pValue = &pub_class; + pub_attrs[0].ulValueLen = sizeof (pub_class); + + priv_attrs[0].type = CKA_CLASS; + priv_attrs[0].pValue = &priv_class; + priv_attrs[0].ulValueLen = sizeof (priv_class); + + P11T_SECTION ("C_GenerateKeyPair"); + + rv = (p11t_module_funcs->C_GenerateKeyPair) ((CK_ULONG)-9, &mechanism, pub_attrs, 1, priv_attrs, 1, &pub_key, &priv_key); + P11T_CHECK_RV ("Invalid Session", rv, CKR_SESSION_HANDLE_INVALID); + + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, NULL, pub_attrs, 1, priv_attrs, 1, &pub_key, &priv_key); + P11T_CHECK_RV ("Missing mechanism", rv, CKR_ARGUMENTS_BAD); + + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mechanism, NULL, 1, priv_attrs, 1, &pub_key, &priv_key); + P11T_CHECK_RV ("Missing public attributes", rv, CKR_ARGUMENTS_BAD); + + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mechanism, pub_attrs, 1, NULL, 1, &pub_key, &priv_key); + P11T_CHECK_RV ("Missing private attributes", rv, CKR_ARGUMENTS_BAD); + + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mechanism, pub_attrs, 1, priv_attrs, 1, NULL, &priv_key); + P11T_CHECK_RV ("Missing public key handle", rv, CKR_ARGUMENTS_BAD); + + rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mechanism, pub_attrs, 1, priv_attrs, 1, &pub_key, NULL); + P11T_CHECK_RV ("Missing private key handle", rv, CKR_ARGUMENTS_BAD); + + return CONTINUE; +} + /* ---------------------------------------------------------------------------------- * METHODS */ diff --git a/src/p11-tests-lib.c b/src/p11-tests-lib.c index 4e51a12..269be11 100644 --- a/src/p11-tests-lib.c +++ b/src/p11-tests-lib.c @@ -85,6 +85,7 @@ p11_tests_perform (CK_FUNCTION_LIST_PTR module) p11t_certificate_tests(); p11t_rsa_tests(); p11t_dsa_tests(); + p11t_dh_tests (); /* Remaining module tests */ p11t_module_finalize(); diff --git a/src/p11-tests-lib.h b/src/p11-tests-lib.h index ac35204..500f75c 100644 --- a/src/p11-tests-lib.h +++ b/src/p11-tests-lib.h @@ -132,6 +132,15 @@ void p11t_dsa_tests(void); void p11t_dsa_test_public_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE handle); void p11t_dsa_test_private_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE handle); +int p11t_dh_test_generate_pair (CK_SESSION_HANDLE session); + +/* ------------------------------------------------------------------- + * dh.c + */ + +void p11t_dh_tests (void); +int p11t_dh_test_generate_pair (CK_SESSION_HANDLE session); + /* ------------------------------------------------------------------- * key.c */ @@ -148,6 +157,7 @@ DSA* p11t_key_export_public_dsa(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key) CK_RV p11t_key_login_context_specific (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key); void p11t_key_tests(void); +int p11t_key_test (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_OBJECT_CLASS klass); /* ------------------------------------------------------------------- * msg.c @@ -193,7 +203,8 @@ int p11t_object_get(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_OBJECT_HANDLE p11t_object_find_one(CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs); -void p11t_object_tests(void); +void p11t_object_tests (void); +int p11t_object_generate_pair_bad (CK_SESSION_HANDLE session, CK_MECHANISM_TYPE mech); /* ------------------------------------------------------------------- * rsa.c -- cgit v1.2.3