summaryrefslogtreecommitdiff
path: root/src/dh.c
blob: 3325caa75b37bd13c5d2523475dd55774825e27e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91


#include "p11-tests-lib.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/dh.h>

static void
test_dh_key_pair_gen (CK_SLOT_ID slot, CK_MECHANISM_TYPE mech, CK_MECHANISM_INFO_PTR info)
{
	CK_SESSION_HANDLE session;

	session = p11t_session_open(slot, 0);
	if(session == CK_INVALID || !p11t_session_login (session))
		return;

	p11t_dh_test_generate_pair (session);
}

void
p11t_dh_tests (void)
{
	p11t_slot_for_each_mech (CKM_DH_PKCS_KEY_PAIR_GEN, test_dh_key_pair_gen);
}

int
p11t_dh_test_generate_pair (CK_SESSION_HANDLE session)
{
	CK_ATTRIBUTE pub_attrs[3];
	CK_ATTRIBUTE priv_attrs[3];
	CK_MECHANISM mech;
	CK_OBJECT_HANDLE pub_key;
	CK_OBJECT_HANDLE priv_key;
	CK_ULONG bits;
	CK_RV rv;
	DH *dh;

	P11T_SECTION ("C_GenerateKeyPair");

	dh = DH_generate_parameters (256, 2, NULL, NULL);
	assert (dh);

	pub_attrs[0].type = CKA_PRIME;
	pub_attrs[0].ulValueLen = BN_num_bytes (dh->p);
	pub_attrs[0].pValue = alloca (pub_attrs[0].ulValueLen);
	BN_bn2bin (dh->p, (unsigned char*)pub_attrs[0].pValue);

	pub_attrs[1].type = CKA_BASE;
	pub_attrs[1].ulValueLen = BN_num_bytes (dh->g);
	pub_attrs[1].pValue = alloca (pub_attrs[1].ulValueLen);
	BN_bn2bin (dh->g, (unsigned char*)pub_attrs[1].pValue);

	priv_attrs[0].type = CKA_PRIME;
	priv_attrs[0].ulValueLen = BN_num_bytes (dh->p);
	priv_attrs[0].pValue = alloca (priv_attrs[0].ulValueLen);
	BN_bn2bin (dh->p, (unsigned char*)priv_attrs[0].pValue);

	priv_attrs[1].type = CKA_BASE;
	priv_attrs[1].ulValueLen = BN_num_bytes (dh->g);
	priv_attrs[1].pValue = alloca (priv_attrs[1].ulValueLen);
	BN_bn2bin (dh->g, (unsigned char*)priv_attrs[1].pValue);

	priv_attrs[2].type = CKA_VALUE_BITS;
	priv_attrs[2].ulValueLen = sizeof (bits);
	priv_attrs[2].pValue = &bits;

	mech.mechanism = CKM_DH_PKCS_KEY_PAIR_GEN;
	mech.pParameter = NULL;
	mech.ulParameterLen = 0;

	if (p11t_test_unexpected) {
		rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mech, pub_attrs, 0, priv_attrs, 0, &pub_key, &priv_key);
		P11T_CHECK_RV ("DH Key Pair without CKA_PRIME", rv, CKR_TEMPLATE_INCOMPLETE);

		bits = 1024;
		rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 3, &pub_key, &priv_key);
		P11T_CHECK_RV ("DH Key Pair with CKA_VALUE_BITS larger than CKA_PRIME", rv, CKR_TEMPLATE_INCONSISTENT);
	}

	bits = 256;
	rv = (p11t_module_funcs->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 3, &pub_key, &priv_key);
	P11T_CHECK_RV ("DH Key Pair", rv, CKR_OK);

	p11t_key_test (session, pub_key, CKO_PUBLIC_KEY);
	p11t_key_test (session, priv_key, CKO_PRIVATE_KEY);

	/* Test corner cases */
	return p11t_object_generate_pair_bad (session, CKM_DH_PKCS_KEY_PAIR_GEN);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 04:23:57 +0000