search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nss: import at 3.0.1 beta 1
[mozilla-nss.git] / security / nss / cmd / pk11mode / pk11mode.c
blob6220abaa40013cc04d413136f6ab109c71f29594
1 /*
2 * pk11mode.c - Test FIPS or NONFIPS Modes for the NSS PKCS11 api.
3 * The goal of this program is to test every function
4 * entry point of the PKCS11 api at least once.
5 * To test in FIPS mode: pk11mode
6 * To test in NONFIPS mode: pk11mode nonFIPS
7 *
8 * ***** BEGIN LICENSE BLOCK *****
9 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
10 *
11 * The contents of this file are subject to the Mozilla Public License Version
12 * 1.1 (the "License"); you may not use this file except in compliance with
13 * the License. You may obtain a copy of the License at
14 * http://www.mozilla.org/MPL/
15 *
16 * Software distributed under the License is distributed on an "AS IS" basis,
17 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
18 * for the specific language governing rights and limitations under the
19 * License.
20 *
21 * The Original Code is the Netscape security libraries.
22 *
23 * The Initial Developer of the Original Code is
24 * Netscape Communications Corporation.
25 * Portions created by the Initial Developer are Copyright (C) 1994-2000
26 * the Initial Developer. All Rights Reserved.
27 *
28 * Contributor(s):
29 *
30 * Alternatively, the contents of this file may be used under the terms of
31 * either the GNU General Public License Version 2 or later (the "GPL"), or
32 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
33 * in which case the provisions of the GPL or the LGPL are applicable instead
34 * of those above. If you wish to allow use of your version of this file only
35 * under the terms of either the GPL or the LGPL, and not to allow others to
36 * use your version of this file under the terms of the MPL, indicate your
37 * decision by deleting the provisions above and replace them with the notice
38 * and other provisions required by the GPL or the LGPL. If you do not delete
39 * the provisions above, a recipient may use your version of this file under
40 * the terms of any one of the MPL, the GPL or the LGPL.
41 *
42 * ***** END LICENSE BLOCK ***** */
43
44
45 #include <assert.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <stdarg.h>
50
51 #ifdef _WIN32
52 #include <windows.h>
53 #define LIB_NAME "softokn3.dll"
54 #endif
55 #include "prlink.h"
56 #include "prprf.h"
57 #include "plgetopt.h"
58 #include "prenv.h"
59
60 #include "pkcs11.h"
61
62
63 #define NUM_ELEM(array) (sizeof(array)/sizeof(array[0]))
64
65 #ifndef NULL_PTR
66 #define NULL_PTR 0
67 #endif
68
69 struct tuple_str {
70 CK_RV errNum;
71 const char * errString;
72 };
73
74
75 typedef struct tuple_str tuple_str;
76
77 static const tuple_str errStrings[] = {
78 {CKR_OK , "CKR_OK "},
79 {CKR_CANCEL , "CKR_CANCEL "},
80 {CKR_HOST_MEMORY , "CKR_HOST_MEMORY "},
81 {CKR_SLOT_ID_INVALID , "CKR_SLOT_ID_INVALID "},
82 {CKR_GENERAL_ERROR , "CKR_GENERAL_ERROR "},
83 {CKR_FUNCTION_FAILED , "CKR_FUNCTION_FAILED "},
84 {CKR_ARGUMENTS_BAD , "CKR_ARGUMENTS_BAD "},
85 {CKR_NO_EVENT , "CKR_NO_EVENT "},
86 {CKR_NEED_TO_CREATE_THREADS , "CKR_NEED_TO_CREATE_THREADS "},
87 {CKR_CANT_LOCK , "CKR_CANT_LOCK "},
88 {CKR_ATTRIBUTE_READ_ONLY , "CKR_ATTRIBUTE_READ_ONLY "},
89 {CKR_ATTRIBUTE_SENSITIVE , "CKR_ATTRIBUTE_SENSITIVE "},
90 {CKR_ATTRIBUTE_TYPE_INVALID , "CKR_ATTRIBUTE_TYPE_INVALID "},
91 {CKR_ATTRIBUTE_VALUE_INVALID , "CKR_ATTRIBUTE_VALUE_INVALID "},
92 {CKR_DATA_INVALID , "CKR_DATA_INVALID "},
93 {CKR_DATA_LEN_RANGE , "CKR_DATA_LEN_RANGE "},
94 {CKR_DEVICE_ERROR , "CKR_DEVICE_ERROR "},
95 {CKR_DEVICE_MEMORY , "CKR_DEVICE_MEMORY "},
96 {CKR_DEVICE_REMOVED , "CKR_DEVICE_REMOVED "},
97 {CKR_ENCRYPTED_DATA_INVALID , "CKR_ENCRYPTED_DATA_INVALID "},
98 {CKR_ENCRYPTED_DATA_LEN_RANGE , "CKR_ENCRYPTED_DATA_LEN_RANGE "},
99 {CKR_FUNCTION_CANCELED , "CKR_FUNCTION_CANCELED "},
100 {CKR_FUNCTION_NOT_PARALLEL , "CKR_FUNCTION_NOT_PARALLEL "},
101 {CKR_FUNCTION_NOT_SUPPORTED , "CKR_FUNCTION_NOT_SUPPORTED "},
102 {CKR_KEY_HANDLE_INVALID , "CKR_KEY_HANDLE_INVALID "},
103 {CKR_KEY_SIZE_RANGE , "CKR_KEY_SIZE_RANGE "},
104 {CKR_KEY_TYPE_INCONSISTENT , "CKR_KEY_TYPE_INCONSISTENT "},
105 {CKR_KEY_NOT_NEEDED , "CKR_KEY_NOT_NEEDED "},
106 {CKR_KEY_CHANGED , "CKR_KEY_CHANGED "},
107 {CKR_KEY_NEEDED , "CKR_KEY_NEEDED "},
108 {CKR_KEY_INDIGESTIBLE , "CKR_KEY_INDIGESTIBLE "},
109 {CKR_KEY_FUNCTION_NOT_PERMITTED , "CKR_KEY_FUNCTION_NOT_PERMITTED "},
110 {CKR_KEY_NOT_WRAPPABLE , "CKR_KEY_NOT_WRAPPABLE "},
111 {CKR_KEY_UNEXTRACTABLE , "CKR_KEY_UNEXTRACTABLE "},
112 {CKR_MECHANISM_INVALID , "CKR_MECHANISM_INVALID "},
113 {CKR_MECHANISM_PARAM_INVALID , "CKR_MECHANISM_PARAM_INVALID "},
114 {CKR_OBJECT_HANDLE_INVALID , "CKR_OBJECT_HANDLE_INVALID "},
115 {CKR_OPERATION_ACTIVE , "CKR_OPERATION_ACTIVE "},
116 {CKR_OPERATION_NOT_INITIALIZED , "CKR_OPERATION_NOT_INITIALIZED "},
117 {CKR_PIN_INCORRECT , "CKR_PIN_INCORRECT "},
118 {CKR_PIN_INVALID , "CKR_PIN_INVALID "},
119 {CKR_PIN_LEN_RANGE , "CKR_PIN_LEN_RANGE "},
120 {CKR_PIN_EXPIRED , "CKR_PIN_EXPIRED "},
121 {CKR_PIN_LOCKED , "CKR_PIN_LOCKED "},
122 {CKR_SESSION_CLOSED , "CKR_SESSION_CLOSED "},
123 {CKR_SESSION_COUNT , "CKR_SESSION_COUNT "},
124 {CKR_SESSION_HANDLE_INVALID , "CKR_SESSION_HANDLE_INVALID "},
125 {CKR_SESSION_PARALLEL_NOT_SUPPORTED , "CKR_SESSION_PARALLEL_NOT_SUPPORTED "},
126 {CKR_SESSION_READ_ONLY , "CKR_SESSION_READ_ONLY "},
127 {CKR_SESSION_EXISTS , "CKR_SESSION_EXISTS "},
128 {CKR_SESSION_READ_ONLY_EXISTS , "CKR_SESSION_READ_ONLY_EXISTS "},
129 {CKR_SESSION_READ_WRITE_SO_EXISTS , "CKR_SESSION_READ_WRITE_SO_EXISTS "},
130 {CKR_SIGNATURE_INVALID , "CKR_SIGNATURE_INVALID "},
131 {CKR_SIGNATURE_LEN_RANGE , "CKR_SIGNATURE_LEN_RANGE "},
132 {CKR_TEMPLATE_INCOMPLETE , "CKR_TEMPLATE_INCOMPLETE "},
133 {CKR_TEMPLATE_INCONSISTENT , "CKR_TEMPLATE_INCONSISTENT "},
134 {CKR_TOKEN_NOT_PRESENT , "CKR_TOKEN_NOT_PRESENT "},
135 {CKR_TOKEN_NOT_RECOGNIZED , "CKR_TOKEN_NOT_RECOGNIZED "},
136 {CKR_TOKEN_WRITE_PROTECTED , "CKR_TOKEN_WRITE_PROTECTED "},
137 {CKR_UNWRAPPING_KEY_HANDLE_INVALID , "CKR_UNWRAPPING_KEY_HANDLE_INVALID "},
138 {CKR_UNWRAPPING_KEY_SIZE_RANGE , "CKR_UNWRAPPING_KEY_SIZE_RANGE "},
139 {CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT"},
140 {CKR_USER_ALREADY_LOGGED_IN , "CKR_USER_ALREADY_LOGGED_IN "},
141 {CKR_USER_NOT_LOGGED_IN , "CKR_USER_NOT_LOGGED_IN "},
142 {CKR_USER_PIN_NOT_INITIALIZED , "CKR_USER_PIN_NOT_INITIALIZED "},
143 {CKR_USER_TYPE_INVALID , "CKR_USER_TYPE_INVALID "},
144 {CKR_USER_ANOTHER_ALREADY_LOGGED_IN , "CKR_USER_ANOTHER_ALREADY_LOGGED_IN "},
145 {CKR_USER_TOO_MANY_TYPES , "CKR_USER_TOO_MANY_TYPES "},
146 {CKR_WRAPPED_KEY_INVALID , "CKR_WRAPPED_KEY_INVALID "},
147 {CKR_WRAPPED_KEY_LEN_RANGE , "CKR_WRAPPED_KEY_LEN_RANGE "},
148 {CKR_WRAPPING_KEY_HANDLE_INVALID , "CKR_WRAPPING_KEY_HANDLE_INVALID "},
149 {CKR_WRAPPING_KEY_SIZE_RANGE , "CKR_WRAPPING_KEY_SIZE_RANGE "},
150 {CKR_WRAPPING_KEY_TYPE_INCONSISTENT , "CKR_WRAPPING_KEY_TYPE_INCONSISTENT "},
151 {CKR_RANDOM_SEED_NOT_SUPPORTED , "CKR_RANDOM_SEED_NOT_SUPPORTED "},
152 {CKR_RANDOM_NO_RNG , "CKR_RANDOM_NO_RNG "},
153 {CKR_DOMAIN_PARAMS_INVALID , "CKR_DOMAIN_PARAMS_INVALID "},
154 {CKR_BUFFER_TOO_SMALL , "CKR_BUFFER_TOO_SMALL "},
155 {CKR_SAVED_STATE_INVALID , "CKR_SAVED_STATE_INVALID "},
156 {CKR_INFORMATION_SENSITIVE , "CKR_INFORMATION_SENSITIVE "},
157 {CKR_STATE_UNSAVEABLE , "CKR_STATE_UNSAVEABLE "},
158 {CKR_CRYPTOKI_NOT_INITIALIZED , "CKR_CRYPTOKI_NOT_INITIALIZED "},
159 {CKR_CRYPTOKI_ALREADY_INITIALIZED , "CKR_CRYPTOKI_ALREADY_INITIALIZED "},
160 {CKR_MUTEX_BAD , "CKR_MUTEX_BAD "},
161 {CKR_MUTEX_NOT_LOCKED , "CKR_MUTEX_NOT_LOCKED "},
162 {CKR_FUNCTION_REJECTED , "CKR_FUNCTION_REJECTED "},
163 {CKR_VENDOR_DEFINED , "CKR_VENDOR_DEFINED "},
164 {0xCE534351 , "CKR_NETSCAPE_CERTDB_FAILED "},
165 {0xCE534352 , "CKR_NETSCAPE_KEYDB_FAILED "}
166 };
167
168 static const CK_ULONG numStrings = sizeof(errStrings) / sizeof(tuple_str);
169
170 /* Returns constant error string for "CRV".
171 * Returns "unknown error" if errNum is unknown.
172 */
173 const char *
174 PKM_CK_RVtoStr(CK_RV errNum) {
175 CK_ULONG low = 1;
176 CK_ULONG high = numStrings - 1;
177 CK_ULONG i;
178 CK_RV num;
179 static int initDone;
180
181 /* make sure table is in ascending order.
182 * binary search depends on it.
183 */
184 if (!initDone) {
185 CK_RV lastNum = CKR_OK;
186 for (i = low; i <= high; ++i) {
187 num = errStrings[i].errNum;
188 if (num <= lastNum) {
189 fprintf(stderr,
190 "sequence error in error strings at item %d\n"
191 "error %d (%s)\n"
192 "should come after \n"
193 "error %d (%s)\n",
194 (int) i, (int) lastNum, errStrings[i-1].errString,
195 (int) num, errStrings[i].errString);
196 }
197 lastNum = num;
198 }
199 initDone = 1;
200 }
201
202 /* Do binary search of table. */
203 while (low + 1 < high) {
204 i = (low + high) / 2;
205 num = errStrings[i].errNum;
206 if (errNum == num)
207 return errStrings[i].errString;
208 if (errNum < num)
209 high = i;
210 else
211 low = i;
212 }
213 if (errNum == errStrings[low].errNum)
214 return errStrings[low].errString;
215 if (errNum == errStrings[high].errNum)
216 return errStrings[high].errString;
217 return "unknown error";
218 }
219
220 #include "pkcs11p.h"
221
222 typedef struct CK_C_INITIALIZE_ARGS_NSS {
223 CK_CREATEMUTEX CreateMutex;
224 CK_DESTROYMUTEX DestroyMutex;
225 CK_LOCKMUTEX LockMutex;
226 CK_UNLOCKMUTEX UnlockMutex;
227 CK_FLAGS flags;
228 /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
229 * a reserved field. NSS needs a way to pass instance-specific information
230 * to the library (like where to find its config files, etc). This
231 * information is usually provided by the installer and passed uninterpreted
232 * by NSS to the library, though NSS does know the specifics of the softoken
233 * version of this parameter. Most compliant PKCS#11 modules expect this
234 * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
235 * C_Initialize if Library parameters is supplied. */
236 CK_CHAR_PTR *LibraryParameters;
237 /* This field is only present if the LibraryParameters is not NULL. It must
238 * be NULL in all cases */
239 CK_VOID_PTR pReserved;
240 } CK_C_INITIALIZE_ARGS_NSS;
241
242 #include "pkcs11u.h"
243
244 static CK_ATTRIBUTE_TYPE all_known_attribute_types[] = {
245 CKA_CLASS,
246 CKA_TOKEN,
247 CKA_PRIVATE,
248 CKA_LABEL,
249 CKA_APPLICATION,
250 CKA_VALUE,
251 CKA_CERTIFICATE_TYPE,
252 CKA_ISSUER,
253 CKA_SERIAL_NUMBER,
254 CKA_KEY_TYPE,
255 CKA_SUBJECT,
256 CKA_ID,
257 CKA_SENSITIVE,
258 CKA_ENCRYPT,
259 CKA_DECRYPT,
260 CKA_WRAP,
261 CKA_UNWRAP,
262 CKA_SIGN,
263 CKA_SIGN_RECOVER,
264 CKA_VERIFY,
265 CKA_VERIFY_RECOVER,
266 CKA_DERIVE,
267 CKA_START_DATE,
268 CKA_END_DATE,
269 CKA_MODULUS,
270 CKA_MODULUS_BITS,
271 CKA_PUBLIC_EXPONENT,
272 CKA_PRIVATE_EXPONENT,
273 CKA_PRIME_1,
274 CKA_PRIME_2,
275 CKA_EXPONENT_1,
276 CKA_EXPONENT_2,
277 CKA_COEFFICIENT,
278 CKA_PRIME,
279 CKA_SUBPRIME,
280 CKA_BASE,
281 CKA_VALUE_BITS,
282 CKA_VALUE_LEN,
283 CKA_EXTRACTABLE,
284 CKA_LOCAL,
285 CKA_NEVER_EXTRACTABLE,
286 CKA_ALWAYS_SENSITIVE,
287 CKA_MODIFIABLE,
288 #ifdef CKA_NETSCAPE
289 CKA_NETSCAPE_URL,
290 CKA_NETSCAPE_EMAIL,
291 CKA_NETSCAPE_SMIME_INFO,
292 CKA_NETSCAPE_SMIME_TIMESTAMP,
293 CKA_NETSCAPE_PKCS8_SALT,
294 CKA_NETSCAPE_PASSWORD_CHECK,
295 CKA_NETSCAPE_EXPIRES,
296 #endif /* CKA_NETSCAPE */
297 #ifdef CKA_TRUST
298 CKA_TRUST_DIGITAL_SIGNATURE,
299 CKA_TRUST_NON_REPUDIATION,
300 CKA_TRUST_KEY_ENCIPHERMENT,
301 CKA_TRUST_DATA_ENCIPHERMENT,
302 CKA_TRUST_KEY_AGREEMENT,
303 CKA_TRUST_KEY_CERT_SIGN,
304 CKA_TRUST_CRL_SIGN,
305 CKA_TRUST_SERVER_AUTH,
306 CKA_TRUST_CLIENT_AUTH,
307 CKA_TRUST_CODE_SIGNING,
308 CKA_TRUST_EMAIL_PROTECTION,
309 CKA_TRUST_IPSEC_END_SYSTEM,
310 CKA_TRUST_IPSEC_TUNNEL,
311 CKA_TRUST_IPSEC_USER,
312 CKA_TRUST_TIME_STAMPING,
313 #endif /* CKA_TRUST */
314 };
315
316 static int number_of_all_known_attribute_types =
317 (sizeof(all_known_attribute_types)/sizeof(all_known_attribute_types[0]));
318
319 #define MAX_SIG_SZ 128
320 #define MAX_CIPHER_SZ 128
321 #define MAX_DATA_SZ 64
322 #define MAX_DIGEST_SZ 64
323 #define HMAC_MAX_LENGTH 64
324 #define FIPSMODE 0
325 #define NONFIPSMODE 1
326 #define HYBRIDMODE 2
327 #define NOMODE 3
328 int MODE = FIPSMODE;
329
330 CK_BBOOL true = CK_TRUE;
331 CK_BBOOL false = CK_FALSE;
332 static const CK_BYTE PLAINTEXT[] = {"Firefox Rules!"};
333 static const CK_BYTE PLAINTEXT_PAD[] =
334 {"Firefox and thunderbird rule the world!"};
335 CK_ULONG NUMTESTS = 0;
336
337 static const char * slotFlagName[] = {
338 "CKF_TOKEN_PRESENT",
339 "CKF_REMOVABLE_DEVICE",
340 "CKF_HW_SLOT",
341 "unknown token flag 0x00000008",
342 "unknown token flag 0x00000010",
343 "unknown token flag 0x00000020",
344 "unknown token flag 0x00000040",
345 "unknown token flag 0x00000080",
346 "unknown token flag 0x00000100",
347 "unknown token flag 0x00000200",
348 "unknown token flag 0x00000400",
349 "unknown token flag 0x00000800",
350 "unknown token flag 0x00001000",
351 "unknown token flag 0x00002000",
352 "unknown token flag 0x00004000",
353 "unknown token flag 0x00008000"
354 "unknown token flag 0x00010000",
355 "unknown token flag 0x00020000",
356 "unknown token flag 0x00040000",
357 "unknown token flag 0x00080000",
358 "unknown token flag 0x00100000",
359 "unknown token flag 0x00200000",
360 "unknown token flag 0x00400000",
361 "unknown token flag 0x00800000"
362 "unknown token flag 0x01000000",
363 "unknown token flag 0x02000000",
364 "unknown token flag 0x04000000",
365 "unknown token flag 0x08000000",
366 "unknown token flag 0x10000000",
367 "unknown token flag 0x20000000",
368 "unknown token flag 0x40000000",
369 "unknown token flag 0x80000000"
370 };
371
372 static const char * tokenFlagName[] = {
373 "CKF_PKM_RNG",
374 "CKF_WRITE_PROTECTED",
375 "CKF_LOGIN_REQUIRED",
376 "CKF_USER_PIN_INITIALIZED",
377 "unknown token flag 0x00000010",
378 "CKF_RESTORE_KEY_NOT_NEEDED",
379 "CKF_CLOCK_ON_TOKEN",
380 "unknown token flag 0x00000080",
381 "CKF_PROTECTED_AUTHENTICATION_PATH",
382 "CKF_DUAL_CRYPTO_OPERATIONS",
383 "CKF_TOKEN_INITIALIZED",
384 "CKF_SECONDARY_AUTHENTICATION",
385 "unknown token flag 0x00001000",
386 "unknown token flag 0x00002000",
387 "unknown token flag 0x00004000",
388 "unknown token flag 0x00008000",
389 "CKF_USER_PIN_COUNT_LOW",
390 "CKF_USER_PIN_FINAL_TRY",
391 "CKF_USER_PIN_LOCKED",
392 "CKF_USER_PIN_TO_BE_CHANGED",
393 "CKF_SO_PIN_COUNT_LOW",
394 "CKF_SO_PIN_FINAL_TRY",
395 "CKF_SO_PIN_LOCKED",
396 "CKF_SO_PIN_TO_BE_CHANGED",
397 "unknown token flag 0x01000000",
398 "unknown token flag 0x02000000",
399 "unknown token flag 0x04000000",
400 "unknown token flag 0x08000000",
401 "unknown token flag 0x10000000",
402 "unknown token flag 0x20000000",
403 "unknown token flag 0x40000000",
404 "unknown token flag 0x80000000"
405 };
406
407 static const unsigned char TLSClientRandom[] = {
408 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
409 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
410 0x0d, 0x90, 0xbb, 0x5e, 0xc6, 0xe1, 0x3f, 0x71,
411 0x0a, 0xa2, 0x70, 0x5a, 0x4f, 0xbc, 0x3f, 0x0d
412 };
413 static const unsigned char TLSServerRandom[] = {
414 0x00, 0x00, 0x1d, 0x4a, 0x7a, 0x0a, 0xa5, 0x01,
415 0x8e, 0x79, 0x72, 0xde, 0x9e, 0x2f, 0x8a, 0x0d,
416 0xed, 0xb2, 0x5d, 0xf1, 0x14, 0xc2, 0xc6, 0x66,
417 0x95, 0x86, 0xb0, 0x0d, 0x87, 0x2a, 0x2a, 0xc9
418 };
419
420 typedef enum {
421 CORRECT,
422 BOGUS_CLIENT_RANDOM,
423 BOGUS_CLIENT_RANDOM_LEN,
424 BOGUS_SERVER_RANDOM,
425 BOGUS_SERVER_RANDOM_LEN
426 } enum_random_t;
427
428 void
429 dumpToHash64(const unsigned char *buf, unsigned int bufLen)
430 {
431 unsigned int i;
432 for (i = 0; i < bufLen; i += 8) {
433 if (i % 32 == 0)
434 printf("\n");
435 printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,",
436 buf[i ], buf[i+1], buf[i+2], buf[i+3],
437 buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
438 }
439 printf("\n");
440 }
441
442
443 #ifdef _WIN32
444 HMODULE hModule;
445 #else
446 PRLibrary *lib;
447 #endif
448
449 /*
450 * All api that belongs to pk11mode.c layer start with the prefix PKM_
451 */
452 void PKM_LogIt(const char *fmt, ...);
453 void PKM_Error(const char *fmt, ...);
454 CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
455 CK_ULONG slotID);
456 CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID);
457 CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
458 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
459 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
460 CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
461 CK_SLOT_ID * pSlotList, CK_ULONG slotID);
462 CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
463 CK_ULONG slotID);
464 CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
465 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
466 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
467 CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
468 CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
469 CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
470 CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
471 CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
472 CK_C_INITIALIZE_ARGS_NSS *initArgs);
473 CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
474 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
475 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
476 CK_RV PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
477 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
478 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
479 CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
480 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
481 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
482 CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
483 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
484 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
485 CK_RV PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
486 CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
487 CK_ATTRIBUTE_PTR expected_attrs,
488 CK_ULONG expected_attrs_count);
489 CK_RV PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList,
490 CK_SESSION_HANDLE hSession, CK_MECHANISM_TYPE mechType,
491 CK_FLAGS flags, CK_BBOOL check_sizes,
492 CK_ULONG minkeysize, CK_ULONG maxkeysize);
493 CK_RV PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
494 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
495 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
496 CK_MECHANISM_TYPE mechType, enum_random_t rnd);
497 CK_RV PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
498 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
499 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
500 CK_MECHANISM_TYPE mechType,
501 enum_random_t rnd);
502 CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
503 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
504 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
505 CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
506 CK_SESSION_HANDLE hRwSession,
507 CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
508 CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey,
509 CK_MECHANISM *cryptMech,
510 const CK_BYTE * pData, CK_ULONG pDataLen);
511 CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
512 CK_SESSION_HANDLE hSession,
513 CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
514 CK_OBJECT_HANDLE hSecKeyDigest,
515 CK_MECHANISM *digestMech,
516 const CK_BYTE * pData, CK_ULONG pDataLen);
517 CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
518 CK_SESSION_HANDLE hRwSession,
519 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
520 CK_MECHANISM *signMech, const CK_BYTE * pData,
521 CK_ULONG dataLen);
522 CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
523 CK_SESSION_HANDLE hSession,
524 CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
525 const CK_BYTE * pData, CK_ULONG dataLen);
526 CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
527 CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
528 const CK_BYTE * pData, CK_ULONG pDataLen);
529 CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
530 CK_SESSION_HANDLE hRwSession,
531 CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
532 const CK_BYTE * pData, CK_ULONG pDataLen);
533 CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
534 CK_SESSION_HANDLE hSession,
535 CK_OBJECT_HANDLE hPublicKey,
536 CK_OBJECT_HANDLE hPrivateKey,
537 CK_MECHANISM *wrapMechanism,
538 CK_OBJECT_HANDLE hSecretKey,
539 CK_ATTRIBUTE *sKeyTemplate,
540 CK_ULONG skeyTempSize);
541 CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
542 CK_SESSION_HANDLE hSession,
543 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
544 CK_MECHANISM *signMech, const CK_BYTE * pData,
545 CK_ULONG pDataLen);
546 void PKM_Help();
547 void PKM_CheckPath(char *string);
548 char *PKM_FilePasswd(char *pwFile);
549 static PRBool verbose = PR_FALSE;
550
551 int main(int argc, char **argv)
552 {
553 CK_C_GetFunctionList pC_GetFunctionList;
554 CK_FUNCTION_LIST_PTR pFunctionList;
555 CK_RV crv = CKR_OK;
556 CK_C_INITIALIZE_ARGS_NSS initArgs;
557 CK_SLOT_ID *pSlotList = NULL;
558 CK_TOKEN_INFO tokenInfo;
559 CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */
560
561 CK_UTF8CHAR *pwd = NULL;
562 CK_ULONG pwdLen = 0;
563 char *moduleSpec = NULL;
564 char *configDir = NULL;
565 char *dbPrefix = NULL;
566 char *disableUnload = NULL;
567
568 PLOptStatus os;
569 PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:d:p:");
570 while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
571 {
572 if (PL_OPT_BAD == os) continue;
573 switch (opt->option)
574 {
575 case 'n': /* non fips mode */
576 MODE = NONFIPSMODE;
577 slotID = 1;
578 break;
579 case 'f': /* password file */
580 pwd = (CK_UTF8CHAR *) PKM_FilePasswd((char *)opt->value);
581 if (!pwd) PKM_Help();
582 break;
583 case 'd': /* opt_CertDir */
584 if (!opt->value) PKM_Help();
585 configDir = strdup(opt->value);
586 PKM_CheckPath(configDir);
587 break;
588 case 'p': /* opt_DBPrefix */
589 if (!opt->value) PKM_Help();
590 dbPrefix = strdup(opt->value);
591 break;
592 case 'v':
593 verbose = PR_TRUE;
594 break;
595 case 'h': /* help message */
596 default:
597 PKM_Help();
598 break;
599 }
600 }
601 PL_DestroyOptState(opt);
602
603 if (!pwd) {
604 pwd = (CK_UTF8CHAR *)strdup("1Mozilla");
605 }
606 pwdLen = strlen((const char*)pwd);
607 if (!configDir) {
608 configDir = strdup(".");
609 }
610 if (!dbPrefix) {
611 dbPrefix = strdup("");
612 }
613
614 #ifdef _WIN32
615 hModule = LoadLibrary(LIB_NAME);
616 if (hModule == NULL) {
617 PKM_Error( "cannot load %s\n", LIB_NAME);
618 goto cleanup;
619 }
620 if (MODE == FIPSMODE) {
621 /* FIPS mode == FC_GetFunctionList */
622 pC_GetFunctionList = (CK_C_GetFunctionList)
623 GetProcAddress(hModule, "FC_GetFunctionList");
624 } else {
625 /* NON FIPS mode == C_GetFunctionList */
626 pC_GetFunctionList = (CK_C_GetFunctionList)
627 GetProcAddress(hModule, "C_GetFunctionList");
628 }
629 if (pC_GetFunctionList == NULL) {
630 PKM_Error( "cannot load %s\n", LIB_NAME);
631 goto cleanup;
632 }
633 #else
634 {
635 char *libname = NULL;
636 /* Get the platform-dependent library name of the NSS cryptographic module */
637 libname = PR_GetLibraryName(NULL, "softokn3");
638 assert(libname != NULL);
639 lib = PR_LoadLibrary(libname);
640 assert(lib != NULL);
641 PR_FreeLibraryName(libname);
642 }
643 if (MODE == FIPSMODE) {
644 pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
645 "FC_GetFunctionList");
646 assert(pC_GetFunctionList != NULL);
647 slotID = 0;
648 } else {
649 pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
650 "C_GetFunctionList");
651 assert(pC_GetFunctionList != NULL);
652 slotID = 1;
653 }
654 #endif
655
656 if (MODE == FIPSMODE) {
657 printf("Loaded FC_GetFunctionList for FIPS MODE; slotID %d \n",
658 (int) slotID);
659 } else {
660 printf("loaded C_GetFunctionList for NON FIPS MODE; slotID %d \n",
661 (int) slotID);
662 }
663
664 crv = (*pC_GetFunctionList)(&pFunctionList);
665 assert(crv == CKR_OK);
666
667 initArgs.CreateMutex = NULL;
668 initArgs.DestroyMutex = NULL;
669 initArgs.LockMutex = NULL;
670 initArgs.UnlockMutex = NULL;
671 initArgs.flags = CKF_OS_LOCKING_OK;
672 moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
673 "keyPrefix='%s' secmod='secmod.db' flags= ",
674 configDir, dbPrefix, dbPrefix);
675 initArgs.LibraryParameters = (CK_CHAR_PTR *) moduleSpec;
676 initArgs.pReserved = NULL;
677
678 /*DebugBreak();*/
679 /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */
680 /* NSS cryptographic module library initialization for the FIPS */
681 /* Approved mode when FC_Initialize is envoked will perfom */
682 /* software integrity test, and power-up self-tests before */
683 /* FC_Initialize returns */
684 crv = pFunctionList->C_Initialize(&initArgs);
685 if (crv == CKR_OK) {
686 PKM_LogIt("C_Initialize succeeded\n");
687 } else {
688 PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
689 PKM_CK_RVtoStr(crv));
690 goto cleanup;
691 }
692 crv = PKM_ShowInfo(pFunctionList, slotID);
693 if (crv == CKR_OK) {
694 PKM_LogIt("PKM_ShowInfo succeeded\n");
695 } else {
696 PKM_Error( "PKM_ShowInfo failed with 0x%08X, %-26s\n", crv,
697 PKM_CK_RVtoStr(crv));
698 goto cleanup;
699 }
700 pSlotList = PKM_GetSlotList(pFunctionList, slotID);
701 if (pSlotList == NULL) {
702 PKM_Error( "PKM_GetSlotList failed with \n");
703 goto cleanup;
704 }
705 crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
706 if (crv == CKR_OK) {
707 PKM_LogIt("C_GetTokenInfo succeeded\n\n");
708 } else {
709 PKM_Error( "C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
710 PKM_CK_RVtoStr(crv));
711 goto cleanup;
712 }
713
714 if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED)) {
715 PKM_LogIt("Initing PW for DB\n");
716 crv = PKM_InitPWforDB(pFunctionList, pSlotList, slotID,
717 pwd, pwdLen);
718 if (crv == CKR_OK) {
719 PKM_LogIt("PKM_InitPWforDB succeeded\n\n");
720 } else {
721 PKM_Error( "PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv,
722 PKM_CK_RVtoStr(crv));
723 goto cleanup;
724 }
725 } else {
726 PKM_LogIt("using existing DB\n");
727 }
728
729 /* general mechanism by token */
730 crv = PKM_Mechanism(pFunctionList, pSlotList, slotID);
731 if (crv == CKR_OK) {
732 PKM_LogIt("PKM_Mechanism succeeded\n\n");
733 } else {
734 PKM_Error( "PKM_Mechanism failed with 0x%08X, %-26s\n", crv,
735 PKM_CK_RVtoStr(crv));
736 goto cleanup;
737 }
738 /* RNG example without Login */
739 crv = PKM_RNG(pFunctionList, pSlotList, slotID);
740 if (crv == CKR_OK) {
741 PKM_LogIt("PKM_RNG succeeded\n\n");
742 } else {
743 PKM_Error( "PKM_RNG failed with 0x%08X, %-26s\n", crv,
744 PKM_CK_RVtoStr(crv));
745 goto cleanup;
746 }
747
748 crv = PKM_SessionLogin(pFunctionList, pSlotList, slotID,
749 pwd, pwdLen);
750 if (crv == CKR_OK) {
751 PKM_LogIt("PKM_SessionLogin succeeded\n\n");
752 } else {
753 PKM_Error( "PKM_SessionLogin failed with 0x%08X, %-26s\n", crv,
754 PKM_CK_RVtoStr(crv));
755 goto cleanup;
756 }
757
758 /*
759 * PKM_KeyTest creates RSA,DSA public keys
760 * and AES, DES3 secret keys.
761 * then does digest, hmac, encrypt/decrypt, signing operations.
762 */
763 crv = PKM_KeyTests(pFunctionList, pSlotList, slotID,
764 pwd, pwdLen);
765 if (crv == CKR_OK) {
766 PKM_LogIt("PKM_KeyTests succeeded\n\n");
767 } else {
768 PKM_Error( "PKM_KeyTest failed with 0x%08X, %-26s\n", crv,
769 PKM_CK_RVtoStr(crv));
770 goto cleanup;
771 }
772
773 crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd,
774 pwdLen);
775 if (crv == CKR_OK) {
776 PKM_LogIt("PKM_SecretKey succeeded\n\n");
777 } else {
778 PKM_Error( "PKM_SecretKey failed with 0x%08X, %-26s\n", crv,
779 PKM_CK_RVtoStr(crv));
780 goto cleanup;
781 }
782
783 crv = PKM_PublicKey(pFunctionList, pSlotList, slotID,
784 pwd, pwdLen);
785 if (crv == CKR_OK) {
786 PKM_LogIt("PKM_PublicKey succeeded\n\n");
787 } else {
788 PKM_Error( "PKM_PublicKey failed with 0x%08X, %-26s\n", crv,
789 PKM_CK_RVtoStr(crv));
790 goto cleanup;
791 }
792 crv = PKM_OperationalState(pFunctionList, pSlotList, slotID,
793 pwd, pwdLen);
794 if (crv == CKR_OK) {
795 PKM_LogIt("PKM_OperationalState succeeded\n\n");
796 } else {
797 PKM_Error( "PKM_OperationalState failed with 0x%08X, %-26s\n", crv,
798 PKM_CK_RVtoStr(crv));
799 goto cleanup;
800 }
801 crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID,
802 pwd, pwdLen);
803 if (crv == CKR_OK) {
804 PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n");
805 } else {
806 PKM_Error( "PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv,
807 PKM_CK_RVtoStr(crv));
808 goto cleanup;
809 }
810 crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID,
811 pwd, pwdLen);
812 if (crv == CKR_OK) {
813 PKM_LogIt("PKM_LegacyFunctions succeeded\n\n");
814 } else {
815 PKM_Error( "PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv,
816 PKM_CK_RVtoStr(crv));
817 goto cleanup;
818 }
819 crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID,
820 pwd, pwdLen,
821 CKM_TLS_KEY_AND_MAC_DERIVE, CORRECT);
822
823 if (crv == CKR_OK) {
824 PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n");
825 } else {
826 PKM_Error( "PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv,
827 PKM_CK_RVtoStr(crv));
828 goto cleanup;
829 }
830 crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
831 pwd, pwdLen,
832 CKM_TLS_MASTER_KEY_DERIVE,
833 CORRECT);
834 if (crv == CKR_OK) {
835 PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
836 } else {
837 PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
838 PKM_CK_RVtoStr(crv));
839 goto cleanup;
840 }
841 crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
842 pwd, pwdLen,
843 CKM_TLS_MASTER_KEY_DERIVE_DH,
844 CORRECT);
845 if (crv == CKR_OK) {
846 PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
847 } else {
848 PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
849 PKM_CK_RVtoStr(crv));
850 goto cleanup;
851 }
852 crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID,
853 pwd, pwdLen);
854 if (crv == CKR_OK) {
855 PKM_LogIt("PKM_FindAllObjects succeeded\n\n");
856 } else {
857 PKM_Error( "PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv,
858 PKM_CK_RVtoStr(crv));
859 goto cleanup;
860 }
861 crv = pFunctionList->C_Finalize(NULL);
862 if (crv == CKR_OK) {
863 PKM_LogIt("C_Finalize succeeded\n");
864 } else {
865 PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv,
866 PKM_CK_RVtoStr(crv));
867 goto cleanup;
868 }
869
870 if (pSlotList) free(pSlotList);
871
872 /* demostrate how an application can be in Hybrid mode */
873 /* PKM_HybridMode shows how to switch between NONFIPS */
874 /* mode to FIPS mode */
875
876 PKM_LogIt("Testing Hybrid mode \n");
877 crv = PKM_HybridMode(pwd, pwdLen, &initArgs);
878 if (crv == CKR_OK) {
879 PKM_LogIt("PKM_HybridMode succeeded\n");
880 } else {
881 PKM_Error( "PKM_HybridMode failed with 0x%08X, %-26s\n", crv,
882 PKM_CK_RVtoStr(crv));
883 goto cleanup;
884 }
885
886 printf("**** Total number of TESTS ran in %s is %d. ****\n",
887 ((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int) NUMTESTS);
888 printf("**** ALL TESTS PASSED ****\n");
889 PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n");
890
891 cleanup:
892
893 if (pwd) {
894 free(pwd);
895 }
896 if (configDir) {
897 free(configDir);
898 }
899 if (dbPrefix) {
900 free(dbPrefix);
901 }
902 if (moduleSpec) {
903 free(moduleSpec);
904 }
905
906 #ifdef _WIN32
907 FreeLibrary(hModule);
908 #else
909 disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
910 if (!disableUnload) {
911 PR_UnloadLibrary(lib);
912 }
913 #endif
914
915 return crv;
916 }
917
918 /*
919 * PKM_KeyTests
920 *
921 *
922 */
923
924 CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
925 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
926 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
927 CK_SESSION_HANDLE hRwSession;
928
929 CK_RV crv = CKR_OK;
930
931 /*** DSA Key ***/
932 CK_MECHANISM dsaParamGenMech;
933 CK_ULONG primeBits = 1024;
934 CK_ATTRIBUTE dsaParamGenTemplate[1];
935 CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
936 CK_BYTE DSA_P[128];
937 CK_BYTE DSA_Q[20];
938 CK_BYTE DSA_G[128];
939 CK_MECHANISM dsaKeyPairGenMech;
940 CK_ATTRIBUTE dsaPubKeyTemplate[5];
941 CK_ATTRIBUTE dsaPrivKeyTemplate[5];
942 CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
943 CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
944
945 /**** RSA Key ***/
946 CK_KEY_TYPE rsatype = CKK_RSA;
947 CK_MECHANISM rsaKeyPairGenMech;
948 CK_BYTE subject[] = {"RSA Private Key"};
949 CK_ULONG modulusBits = 1024;
950 CK_BYTE publicExponent[] = {0x01, 0x00, 0x01};
951 CK_BYTE id[] = {"RSA123"};
952 CK_ATTRIBUTE rsaPubKeyTemplate[9];
953 CK_ATTRIBUTE rsaPrivKeyTemplate[11];
954 CK_OBJECT_HANDLE hRSApubKey = CK_INVALID_HANDLE;
955 CK_OBJECT_HANDLE hRSAprivKey = CK_INVALID_HANDLE;
956
957 /*** AES Key ***/
958 CK_MECHANISM sAESKeyMech = {
959 CKM_AES_KEY_GEN, NULL, 0
960 };
961 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
962 CK_KEY_TYPE keyAESType = CKK_AES;
963 CK_UTF8CHAR AESlabel[] = "An AES secret key object";
964 CK_ULONG AESvalueLen = 32;
965 CK_ATTRIBUTE sAESKeyTemplate[9];
966 CK_OBJECT_HANDLE hAESSecKey;
967
968 /*** DES3 Key ***/
969 CK_KEY_TYPE keyDES3Type = CKK_DES3;
970 CK_UTF8CHAR DES3label[] = "An Triple DES secret key object";
971 CK_ULONG DES3valueLen = 56;
972 CK_MECHANISM sDES3KeyGenMechanism = {
973 CKM_DES3_KEY_GEN, NULL, 0
974 };
975 CK_ATTRIBUTE sDES3KeyTemplate[9];
976 CK_OBJECT_HANDLE hDES3SecKey;
977
978 CK_MECHANISM dsaWithSha1Mech = {
979 CKM_DSA_SHA1, NULL, 0
980 };
981
982 CK_BYTE IV[16];
983 CK_MECHANISM mech_DES3_CBC;
984 CK_MECHANISM mech_DES3_CBC_PAD;
985 CK_MECHANISM mech_AES_CBC_PAD;
986 CK_MECHANISM mech_AES_CBC;
987 struct mech_str {
988 CK_ULONG mechanism;
989 const char *mechanismStr;
990 };
991
992 typedef struct mech_str mech_str;
993
994 mech_str digestMechs[] = {
995 {CKM_SHA_1, "CKM_SHA_1 "},
996 {CKM_SHA256, "CKM_SHA256"},
997 {CKM_SHA384, "CKM_SHA384"},
998 {CKM_SHA512, "CKM_SHA512"}
999 };
1000 mech_str hmacMechs[] = {
1001 {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
1002 {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
1003 {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
1004 {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
1005 };
1006 mech_str sigRSAMechs[] = {
1007 {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
1008 {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
1009 {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
1010 {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
1011 };
1012
1013 CK_ULONG digestMechsSZ = NUM_ELEM(digestMechs);
1014 CK_ULONG sigRSAMechsSZ = NUM_ELEM(sigRSAMechs);
1015 CK_ULONG hmacMechsSZ = NUM_ELEM(hmacMechs);
1016 CK_MECHANISM mech;
1017
1018 unsigned int i;
1019
1020 NUMTESTS++; /* increment NUMTESTS */
1021
1022 /* DSA key init */
1023 dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
1024 dsaParamGenMech.pParameter = NULL_PTR;
1025 dsaParamGenMech.ulParameterLen = 0;
1026 dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
1027 dsaParamGenTemplate[0].pValue = &primeBits;
1028 dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
1029 dsaPubKeyTemplate[0].type = CKA_PRIME;
1030 dsaPubKeyTemplate[0].pValue = DSA_P;
1031 dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
1032 dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
1033 dsaPubKeyTemplate[1].pValue = DSA_Q;
1034 dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
1035 dsaPubKeyTemplate[2].type = CKA_BASE;
1036 dsaPubKeyTemplate[2].pValue = DSA_G;
1037 dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
1038 dsaPubKeyTemplate[3].type = CKA_TOKEN;
1039 dsaPubKeyTemplate[3].pValue = &true;
1040 dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
1041 dsaPubKeyTemplate[4].type = CKA_VERIFY;
1042 dsaPubKeyTemplate[4].pValue = &true;
1043 dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
1044 dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
1045 dsaKeyPairGenMech.pParameter = NULL_PTR;
1046 dsaKeyPairGenMech.ulParameterLen = 0;
1047 dsaPrivKeyTemplate[0].type = CKA_TOKEN;
1048 dsaPrivKeyTemplate[0].pValue = &true;
1049 dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
1050 dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
1051 dsaPrivKeyTemplate[1].pValue = &true;
1052 dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
1053 dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
1054 dsaPrivKeyTemplate[2].pValue = &true;
1055 dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
1056 dsaPrivKeyTemplate[3].type = CKA_SIGN,
1057 dsaPrivKeyTemplate[3].pValue = &true;
1058 dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
1059 dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
1060 dsaPrivKeyTemplate[4].pValue = &true;
1061 dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
1062
1063 /* RSA key init */
1064 rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
1065 rsaKeyPairGenMech.pParameter = NULL_PTR;
1066 rsaKeyPairGenMech.ulParameterLen = 0;
1067
1068 rsaPubKeyTemplate[0].type = CKA_KEY_TYPE;
1069 rsaPubKeyTemplate[0].pValue = &rsatype;
1070 rsaPubKeyTemplate[0].ulValueLen = sizeof(rsatype);
1071 rsaPubKeyTemplate[1].type = CKA_PRIVATE;
1072 rsaPubKeyTemplate[1].pValue = &true;
1073 rsaPubKeyTemplate[1].ulValueLen = sizeof(true);
1074 rsaPubKeyTemplate[2].type = CKA_ENCRYPT;
1075 rsaPubKeyTemplate[2].pValue = &true;
1076 rsaPubKeyTemplate[2].ulValueLen = sizeof(true);
1077 rsaPubKeyTemplate[3].type = CKA_DECRYPT;
1078 rsaPubKeyTemplate[3].pValue = &true;
1079 rsaPubKeyTemplate[3].ulValueLen = sizeof(true);
1080 rsaPubKeyTemplate[4].type = CKA_VERIFY;
1081 rsaPubKeyTemplate[4].pValue = &true;
1082 rsaPubKeyTemplate[4].ulValueLen = sizeof(true);
1083 rsaPubKeyTemplate[5].type = CKA_SIGN;
1084 rsaPubKeyTemplate[5].pValue = &true;
1085 rsaPubKeyTemplate[5].ulValueLen = sizeof(true);
1086 rsaPubKeyTemplate[6].type = CKA_WRAP;
1087 rsaPubKeyTemplate[6].pValue = &true;
1088 rsaPubKeyTemplate[6].ulValueLen = sizeof(true);
1089 rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS;
1090 rsaPubKeyTemplate[7].pValue = &modulusBits;
1091 rsaPubKeyTemplate[7].ulValueLen = sizeof(modulusBits);
1092 rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT;
1093 rsaPubKeyTemplate[8].pValue = publicExponent;
1094 rsaPubKeyTemplate[8].ulValueLen = sizeof (publicExponent);
1095
1096 rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE;
1097 rsaPrivKeyTemplate[0].pValue = &rsatype;
1098 rsaPrivKeyTemplate[0].ulValueLen = sizeof(rsatype);
1099 rsaPrivKeyTemplate[1].type = CKA_TOKEN;
1100 rsaPrivKeyTemplate[1].pValue = &true;
1101 rsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
1102 rsaPrivKeyTemplate[2].type = CKA_PRIVATE;
1103 rsaPrivKeyTemplate[2].pValue = &true;
1104 rsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
1105 rsaPrivKeyTemplate[3].type = CKA_SUBJECT;
1106 rsaPrivKeyTemplate[3].pValue = subject;
1107 rsaPrivKeyTemplate[3].ulValueLen = sizeof(subject);
1108 rsaPrivKeyTemplate[4].type = CKA_ID;
1109 rsaPrivKeyTemplate[4].pValue = id;
1110 rsaPrivKeyTemplate[4].ulValueLen = sizeof(id);
1111 rsaPrivKeyTemplate[5].type = CKA_SENSITIVE;
1112 rsaPrivKeyTemplate[5].pValue = &true;
1113 rsaPrivKeyTemplate[5].ulValueLen = sizeof(true);
1114 rsaPrivKeyTemplate[6].type = CKA_ENCRYPT;
1115 rsaPrivKeyTemplate[6].pValue = &true;
1116 rsaPrivKeyTemplate[6].ulValueLen = sizeof(true);
1117 rsaPrivKeyTemplate[7].type = CKA_DECRYPT;
1118 rsaPrivKeyTemplate[7].pValue = &true;
1119 rsaPrivKeyTemplate[7].ulValueLen = sizeof(true);
1120 rsaPrivKeyTemplate[8].type = CKA_VERIFY;
1121 rsaPrivKeyTemplate[8].pValue = &true;
1122 rsaPrivKeyTemplate[8].ulValueLen = sizeof(true);
1123 rsaPrivKeyTemplate[9].type = CKA_SIGN;
1124 rsaPrivKeyTemplate[9].pValue = &true;
1125 rsaPrivKeyTemplate[9].ulValueLen = sizeof(true);
1126 rsaPrivKeyTemplate[10].type = CKA_UNWRAP;
1127 rsaPrivKeyTemplate[10].pValue = &true;
1128 rsaPrivKeyTemplate[10].ulValueLen = sizeof(true);
1129
1130 /* AES key template */
1131 sAESKeyTemplate[0].type = CKA_CLASS;
1132 sAESKeyTemplate[0].pValue = &class;
1133 sAESKeyTemplate[0].ulValueLen = sizeof(class);
1134 sAESKeyTemplate[1].type = CKA_KEY_TYPE;
1135 sAESKeyTemplate[1].pValue = &keyAESType;
1136 sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
1137 sAESKeyTemplate[2].type = CKA_LABEL;
1138 sAESKeyTemplate[2].pValue = AESlabel;
1139 sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
1140 sAESKeyTemplate[3].type = CKA_ENCRYPT;
1141 sAESKeyTemplate[3].pValue = &true;
1142 sAESKeyTemplate[3].ulValueLen = sizeof(true);
1143 sAESKeyTemplate[4].type = CKA_DECRYPT;
1144 sAESKeyTemplate[4].pValue = &true;
1145 sAESKeyTemplate[4].ulValueLen = sizeof(true);
1146 sAESKeyTemplate[5].type = CKA_SIGN;
1147 sAESKeyTemplate[5].pValue = &true;
1148 sAESKeyTemplate[5].ulValueLen = sizeof (true);
1149 sAESKeyTemplate[6].type = CKA_VERIFY;
1150 sAESKeyTemplate[6].pValue = &true;
1151 sAESKeyTemplate[6].ulValueLen = sizeof(true);
1152 sAESKeyTemplate[7].type = CKA_UNWRAP;
1153 sAESKeyTemplate[7].pValue = &true;
1154 sAESKeyTemplate[7].ulValueLen = sizeof(true);
1155 sAESKeyTemplate[8].type = CKA_VALUE_LEN;
1156 sAESKeyTemplate[8].pValue = &AESvalueLen;
1157 sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
1158
1159 /* DES3 key template */
1160 sDES3KeyTemplate[0].type = CKA_CLASS;
1161 sDES3KeyTemplate[0].pValue = &class;
1162 sDES3KeyTemplate[0].ulValueLen = sizeof(class);
1163 sDES3KeyTemplate[1].type = CKA_KEY_TYPE;
1164 sDES3KeyTemplate[1].pValue = &keyDES3Type;
1165 sDES3KeyTemplate[1].ulValueLen = sizeof(keyDES3Type);
1166 sDES3KeyTemplate[2].type = CKA_LABEL;
1167 sDES3KeyTemplate[2].pValue = DES3label;
1168 sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label)-1;
1169 sDES3KeyTemplate[3].type = CKA_ENCRYPT;
1170 sDES3KeyTemplate[3].pValue = &true;
1171 sDES3KeyTemplate[3].ulValueLen = sizeof(true);
1172 sDES3KeyTemplate[4].type = CKA_DECRYPT;
1173 sDES3KeyTemplate[4].pValue = &true;
1174 sDES3KeyTemplate[4].ulValueLen = sizeof(true);
1175 sDES3KeyTemplate[5].type = CKA_UNWRAP;
1176 sDES3KeyTemplate[5].pValue = &true;
1177 sDES3KeyTemplate[5].ulValueLen = sizeof(true);
1178 sDES3KeyTemplate[6].type = CKA_SIGN,
1179 sDES3KeyTemplate[6].pValue = &true;
1180 sDES3KeyTemplate[6].ulValueLen = sizeof (true);
1181 sDES3KeyTemplate[7].type = CKA_VERIFY;
1182 sDES3KeyTemplate[7].pValue = &true;
1183 sDES3KeyTemplate[7].ulValueLen = sizeof(true);
1184 sDES3KeyTemplate[8].type = CKA_VALUE_LEN;
1185 sDES3KeyTemplate[8].pValue = &DES3valueLen;
1186 sDES3KeyTemplate[8].ulValueLen = sizeof(DES3valueLen);
1187
1188 /* mech init */
1189 memset(IV, 0x01, sizeof(IV));
1190 mech_DES3_CBC.mechanism = CKM_DES3_CBC;
1191 mech_DES3_CBC.pParameter = IV;
1192 mech_DES3_CBC.ulParameterLen = sizeof(IV);
1193 mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD;
1194 mech_DES3_CBC_PAD.pParameter = IV;
1195 mech_DES3_CBC_PAD.ulParameterLen = sizeof(IV);
1196 mech_AES_CBC.mechanism = CKM_AES_CBC;
1197 mech_AES_CBC.pParameter = IV;
1198 mech_AES_CBC.ulParameterLen = sizeof(IV);
1199 mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD;
1200 mech_AES_CBC_PAD.pParameter = IV;
1201 mech_AES_CBC_PAD.ulParameterLen = sizeof(IV);
1202
1203
1204 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1205 CKF_RW_SESSION | CKF_SERIAL_SESSION,
1206 NULL, NULL, &hRwSession);
1207 if (crv == CKR_OK) {
1208 PKM_LogIt("Opening a read/write session succeeded\n");
1209 } else {
1210 PKM_Error( "Opening a read/write session failed "
1211 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1212 return crv;
1213 }
1214
1215 if (MODE == FIPSMODE) {
1216 crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
1217 sAESKeyTemplate,
1218 NUM_ELEM(sAESKeyTemplate),
1219 &hAESSecKey);
1220 if (crv == CKR_OK) {
1221 PKM_Error("C_GenerateKey succeeded when not logged in.\n");
1222 return CKR_GENERAL_ERROR;
1223 } else {
1224 PKM_LogIt("C_GenerateKey returned as EXPECTED with 0x%08X, %-26s\n"
1225 "since not logged in\n", crv, PKM_CK_RVtoStr(crv));
1226 }
1227 crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
1228 rsaPubKeyTemplate,
1229 NUM_ELEM(rsaPubKeyTemplate),
1230 rsaPrivKeyTemplate,
1231 NUM_ELEM(rsaPrivKeyTemplate),
1232 &hRSApubKey, &hRSAprivKey);
1233 if (crv == CKR_OK) {
1234 PKM_Error("C_GenerateKeyPair succeeded when not logged in.\n");
1235 return CKR_GENERAL_ERROR;
1236 } else {
1237 PKM_LogIt("C_GenerateKeyPair returned as EXPECTED with 0x%08X, "
1238 "%-26s\n since not logged in\n", crv,
1239 PKM_CK_RVtoStr(crv));
1240 }
1241 }
1242
1243 crv = pFunctionList->C_Login(hRwSession, CKU_USER, pwd, pwdLen);
1244 if (crv == CKR_OK) {
1245 PKM_LogIt("C_Login with correct password succeeded\n");
1246 } else {
1247 PKM_Error("C_Login with correct password failed "
1248 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1249 return crv;
1250 }
1251
1252 PKM_LogIt("Generate an AES key ... \n");
1253 /* generate an AES Secret Key */
1254 crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
1255 sAESKeyTemplate,
1256 NUM_ELEM(sAESKeyTemplate),
1257 &hAESSecKey);
1258 if (crv == CKR_OK) {
1259 PKM_LogIt("C_GenerateKey AES succeeded\n");
1260 } else {
1261 PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
1262 crv, PKM_CK_RVtoStr(crv));
1263 return crv;
1264 }
1265
1266 PKM_LogIt("Generate an 3DES key ...\n");
1267 /* generate an 3DES Secret Key */
1268 crv = pFunctionList->C_GenerateKey(hRwSession, &sDES3KeyGenMechanism,
1269 sDES3KeyTemplate,
1270 NUM_ELEM(sDES3KeyTemplate),
1271 &hDES3SecKey);
1272 if (crv == CKR_OK) {
1273 PKM_LogIt("C_GenerateKey DES3 succeeded\n");
1274 } else {
1275 PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
1276 PKM_CK_RVtoStr(crv));
1277 return crv;
1278 }
1279
1280 PKM_LogIt("Generate DSA PQG domain parameters ... \n");
1281 /* Generate DSA domain parameters PQG */
1282 crv = pFunctionList->C_GenerateKey(hRwSession, &dsaParamGenMech,
1283 dsaParamGenTemplate,
1284 1,
1285 &hDsaParams);
1286 if (crv == CKR_OK) {
1287 PKM_LogIt("DSA domain parameter generation succeeded\n");
1288 } else {
1289 PKM_Error( "DSA domain parameter generation failed "
1290 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1291 return crv;
1292 }
1293 crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams,
1294 dsaPubKeyTemplate, 3);
1295 if (crv == CKR_OK) {
1296 PKM_LogIt("Getting DSA domain parameters succeeded\n");
1297 } else {
1298 PKM_Error( "Getting DSA domain parameters failed "
1299 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1300 return crv;
1301 }
1302 crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams);
1303 if (crv == CKR_OK) {
1304 PKM_LogIt("Destroying DSA domain parameters succeeded\n");
1305 } else {
1306 PKM_Error( "Destroying DSA domain parameters failed "
1307 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1308 return crv;
1309 }
1310
1311 PKM_LogIt("Generate a DSA key pair ... \n");
1312 /* Generate a persistent DSA key pair */
1313 crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
1314 dsaPubKeyTemplate,
1315 NUM_ELEM(dsaPubKeyTemplate),
1316 dsaPrivKeyTemplate,
1317 NUM_ELEM(dsaPrivKeyTemplate),
1318 &hDSApubKey, &hDSAprivKey);
1319 if (crv == CKR_OK) {
1320 PKM_LogIt("DSA key pair generation succeeded\n");
1321 } else {
1322 PKM_Error( "DSA key pair generation failed "
1323 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1324 return crv;
1325 }
1326
1327 PKM_LogIt("Generate a RSA key pair ... \n");
1328 /*** GEN RSA Key ***/
1329 crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
1330 rsaPubKeyTemplate,
1331 NUM_ELEM(rsaPubKeyTemplate),
1332 rsaPrivKeyTemplate,
1333 NUM_ELEM(rsaPrivKeyTemplate),
1334 &hRSApubKey, &hRSAprivKey);
1335 if (crv == CKR_OK) {
1336 PKM_LogIt("C_GenerateKeyPair created an RSA key pair. \n");
1337 } else {
1338 PKM_Error("C_GenerateKeyPair failed to create an RSA key pair.\n"
1339 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1340 return crv;
1341 }
1342
1343 PKM_LogIt("**** Generation of keys completed ***** \n");
1344
1345 mech.mechanism = CKM_RSA_PKCS;
1346 mech.pParameter = NULL;
1347 mech.ulParameterLen = 0;
1348
1349 crv = PKM_wrapUnwrap(pFunctionList,
1350 hRwSession,
1351 hRSApubKey, hRSAprivKey,
1352 &mech,
1353 hAESSecKey,
1354 sAESKeyTemplate,
1355 NUM_ELEM(sAESKeyTemplate));
1356
1357 if (crv == CKR_OK) {
1358 PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap AES key "
1359 "succeeded\n\n");
1360 } else {
1361 PKM_Error( "PKM_wrapUnwrap using RSA keypair to wrap AES key failed "
1362 "with 0x%08X, %-26s\n", crv,
1363 PKM_CK_RVtoStr(crv));
1364 return crv;
1365 }
1366
1367 crv = PKM_wrapUnwrap(pFunctionList,
1368 hRwSession,
1369 hRSApubKey, hRSAprivKey,
1370 &mech,
1371 hDES3SecKey,
1372 sDES3KeyTemplate,
1373 NUM_ELEM(sDES3KeyTemplate));
1374
1375 if (crv == CKR_OK) {
1376 PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
1377 "succeeded\n\n");
1378 } else {
1379 PKM_Error( "PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
1380 "failed with 0x%08X, %-26s\n", crv,
1381 PKM_CK_RVtoStr(crv));
1382 return crv;
1383 }
1384
1385 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1386 hAESSecKey, &mech_AES_CBC_PAD,
1387 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1388 if (crv == CKR_OK) {
1389 PKM_LogIt("PKM_SecKeyCrypt succeeded \n\n");
1390 } else {
1391 PKM_Error( "PKM_SecKeyCrypt failed "
1392 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1393 return crv;
1394 }
1395
1396 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1397 hAESSecKey, &mech_AES_CBC,
1398 PLAINTEXT, sizeof(PLAINTEXT));
1399 if (crv == CKR_OK) {
1400 PKM_LogIt("PKM_SecKeyCrypt AES succeeded \n\n");
1401 } else {
1402 PKM_Error( "PKM_SecKeyCrypt failed "
1403 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1404 return crv;
1405 }
1406
1407 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1408 hDES3SecKey, &mech_DES3_CBC,
1409 PLAINTEXT, sizeof(PLAINTEXT));
1410 if (crv == CKR_OK) {
1411 PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n");
1412 } else {
1413 PKM_Error( "PKM_SecKeyCrypt DES3 failed "
1414 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1415 return crv;
1416 }
1417
1418 crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1419 hDES3SecKey, &mech_DES3_CBC_PAD,
1420 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1421 if (crv == CKR_OK) {
1422 PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n\n");
1423 } else {
1424 PKM_Error( "PKM_SecKeyCrypt DES3 failed "
1425 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1426 return crv;
1427 }
1428
1429 mech.mechanism = CKM_RSA_PKCS;
1430 crv = PKM_RecoverFunctions(pFunctionList, hRwSession,
1431 hRSApubKey, hRSAprivKey,
1432 &mech,
1433 PLAINTEXT, sizeof(PLAINTEXT));
1434 if (crv == CKR_OK) {
1435 PKM_LogIt("PKM_RecoverFunctions for CKM_RSA_PKCS succeeded\n\n");
1436 } else {
1437 PKM_Error( "PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv,
1438 PKM_CK_RVtoStr(crv));
1439 return crv;
1440 }
1441
1442 mech.pParameter = NULL;
1443 mech.ulParameterLen = 0;
1444
1445 for (i=0; i < sigRSAMechsSZ; i++) {
1446
1447 mech.mechanism = sigRSAMechs[i].mechanism;
1448
1449 crv = PKM_PubKeySign(pFunctionList, hRwSession,
1450 hRSApubKey, hRSAprivKey,
1451 &mech,
1452 PLAINTEXT, sizeof(PLAINTEXT));
1453 if (crv == CKR_OK) {
1454 PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n",
1455 sigRSAMechs[i].mechanismStr );
1456 } else {
1457 PKM_Error( "PKM_PubKeySign failed for %-10s "
1458 "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1459 PKM_CK_RVtoStr(crv));
1460 return crv;
1461 }
1462 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1463 hRSApubKey, hRSAprivKey,
1464 &mech,
1465 hAESSecKey, &mech_AES_CBC,
1466 PLAINTEXT, sizeof(PLAINTEXT));
1467 if (crv == CKR_OK) {
1468 PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
1469 "for %-10s\n\n",
1470 sigRSAMechs[i].mechanismStr );
1471 } else {
1472 PKM_Error( "PKM_DualFuncSign with AES secret key failed "
1473 "for %-10s "
1474 "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1475 PKM_CK_RVtoStr(crv));
1476 return crv;
1477 }
1478 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1479 hRSApubKey, hRSAprivKey,
1480 &mech,
1481 hDES3SecKey, &mech_DES3_CBC,
1482 PLAINTEXT, sizeof(PLAINTEXT));
1483 if (crv == CKR_OK) {
1484 PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
1485 "for %-10s\n\n",
1486 sigRSAMechs[i].mechanismStr );
1487 } else {
1488 PKM_Error( "PKM_DualFuncSign with DES3 secret key failed "
1489 "for %-10s "
1490 "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1491 PKM_CK_RVtoStr(crv));
1492 return crv;
1493 }
1494 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1495 hRSApubKey, hRSAprivKey,
1496 &mech,
1497 hAESSecKey, &mech_AES_CBC_PAD,
1498 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1499 if (crv == CKR_OK) {
1500 PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD "
1501 "succeeded for %-10s\n\n",
1502 sigRSAMechs[i].mechanismStr );
1503 } else {
1504 PKM_Error( "PKM_DualFuncSign with AES secret key CBC_PAD "
1505 "failed for %-10s "
1506 "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1507 PKM_CK_RVtoStr(crv));
1508 return crv;
1509 }
1510 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1511 hRSApubKey, hRSAprivKey,
1512 &mech,
1513 hDES3SecKey, &mech_DES3_CBC_PAD,
1514 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1515 if (crv == CKR_OK) {
1516 PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD "
1517 "succeeded for %-10s\n\n",
1518 sigRSAMechs[i].mechanismStr );
1519 } else {
1520 PKM_Error( "PKM_DualFuncSign with DES3 secret key CBC_PAD "
1521 "failed for %-10s "
1522 "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1523 PKM_CK_RVtoStr(crv));
1524 return crv;
1525 }
1526
1527 } /* end of RSA for loop */
1528
1529 crv = PKM_PubKeySign(pFunctionList, hRwSession,
1530 hDSApubKey, hDSAprivKey,
1531 &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
1532 if (crv == CKR_OK) {
1533 PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n");
1534 } else {
1535 PKM_Error( "PKM_PubKeySign failed "
1536 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1537 return crv;
1538 }
1539 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1540 hDSApubKey, hDSAprivKey,
1541 &dsaWithSha1Mech,
1542 hAESSecKey, &mech_AES_CBC,
1543 PLAINTEXT, sizeof(PLAINTEXT));
1544 if (crv == CKR_OK) {
1545 PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
1546 "for DSAWithSHA1\n\n");
1547 } else {
1548 PKM_Error( "PKM_DualFuncSign with AES secret key failed "
1549 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1550 crv, PKM_CK_RVtoStr(crv));
1551 return crv;
1552 }
1553 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1554 hDSApubKey, hDSAprivKey,
1555 &dsaWithSha1Mech,
1556 hDES3SecKey, &mech_DES3_CBC,
1557 PLAINTEXT, sizeof(PLAINTEXT));
1558 if (crv == CKR_OK) {
1559 PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
1560 "for DSAWithSHA1\n\n");
1561 } else {
1562 PKM_Error( "PKM_DualFuncSign with DES3 secret key failed "
1563 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1564 crv, PKM_CK_RVtoStr(crv));
1565 return crv;
1566 }
1567 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1568 hDSApubKey, hDSAprivKey,
1569 &dsaWithSha1Mech,
1570 hAESSecKey, &mech_AES_CBC_PAD,
1571 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1572 if (crv == CKR_OK) {
1573 PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded "
1574 "for DSAWithSHA1\n\n");
1575 } else {
1576 PKM_Error( "PKM_DualFuncSign with AES secret key CBC_PAD failed "
1577 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1578 crv, PKM_CK_RVtoStr(crv));
1579 return crv;
1580 }
1581 crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1582 hDSApubKey, hDSAprivKey,
1583 &dsaWithSha1Mech,
1584 hDES3SecKey, &mech_DES3_CBC_PAD,
1585 PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1586 if (crv == CKR_OK) {
1587 PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded "
1588 "for DSAWithSHA1\n\n");
1589 } else {
1590 PKM_Error( "PKM_DualFuncSign with DES3 secret key CBC_PAD failed "
1591 "for DSAWithSHA1 with 0x%08X, %-26s\n",
1592 crv, PKM_CK_RVtoStr(crv));
1593 return crv;
1594 }
1595
1596
1597 for (i=0; i < digestMechsSZ; i++) {
1598 mech.mechanism = digestMechs[i].mechanism;
1599 crv = PKM_Digest(pFunctionList, hRwSession,
1600 &mech, hAESSecKey,
1601 PLAINTEXT, sizeof(PLAINTEXT));
1602 if (crv == CKR_OK) {
1603 PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n",
1604 digestMechs[i].mechanismStr);
1605 } else {
1606 PKM_Error( "PKM_Digest with AES secret key failed for "
1607 "%-10s with 0x%08X, %-26s\n",
1608 digestMechs[i].mechanismStr, crv,
1609 PKM_CK_RVtoStr(crv));
1610 return crv;
1611 }
1612 crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
1613 hAESSecKey, &mech_AES_CBC,
1614 0,&mech,
1615 PLAINTEXT, sizeof(PLAINTEXT));
1616 if (crv == CKR_OK) {
1617 PKM_LogIt("PKM_DualFuncDigest with AES secret key succeeded\n\n");
1618 } else {
1619 PKM_Error( "PKM_DualFuncDigest with AES secret key "
1620 "failed with 0x%08X, %-26s\n", crv,
1621 PKM_CK_RVtoStr(crv));
1622 }
1623
1624 crv = PKM_Digest(pFunctionList, hRwSession,
1625 &mech, hDES3SecKey,
1626 PLAINTEXT, sizeof(PLAINTEXT));
1627 if (crv == CKR_OK) {
1628 PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n",
1629 digestMechs[i].mechanismStr);
1630 } else {
1631 PKM_Error( "PKM_Digest with DES3 secret key failed for "
1632 "%-10s with 0x%08X, %-26s\n",
1633 digestMechs[i].mechanismStr, crv,
1634 PKM_CK_RVtoStr(crv));
1635 return crv;
1636 }
1637 crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
1638 hDES3SecKey, &mech_DES3_CBC,
1639 0,&mech,
1640 PLAINTEXT, sizeof(PLAINTEXT));
1641 if (crv == CKR_OK) {
1642 PKM_LogIt("PKM_DualFuncDigest DES3 secret key succeeded\n\n");
1643 } else {
1644 PKM_Error( "PKM_DualFuncDigest DES3 secret key "
1645 "failed with 0x%08X, %-26s\n", crv,
1646 PKM_CK_RVtoStr(crv));
1647 }
1648
1649 crv = PKM_Digest(pFunctionList, hRwSession,
1650 &mech, 0,
1651 PLAINTEXT, sizeof(PLAINTEXT));
1652 if (crv == CKR_OK) {
1653 PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n",
1654 digestMechs[i].mechanismStr );
1655 } else {
1656 PKM_Error( "PKM_Digest with no secret key failed for %-10s "
1657 "with 0x%08X, %-26s\n", digestMechs[i].mechanismStr, crv,
1658 PKM_CK_RVtoStr(crv));
1659 return crv;
1660 }
1661 } /* end of digest loop */
1662
1663 for (i=0; i < hmacMechsSZ; i++) {
1664 mech.mechanism = hmacMechs[i].mechanism;
1665 crv = PKM_Hmac(pFunctionList, hRwSession,
1666 hAESSecKey, &mech,
1667 PLAINTEXT, sizeof(PLAINTEXT));
1668 if (crv == CKR_OK) {
1669 PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n",
1670 hmacMechs[i].mechanismStr);
1671 } else {
1672 PKM_Error( "PKM_Hmac with AES secret key failed for %-10s "
1673 "with 0x%08X, %-26s\n",
1674 hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
1675 return crv;
1676 }
1677 if ((MODE == FIPSMODE) && (mech.mechanism == CKM_SHA512_HMAC)) break;
1678 crv = PKM_Hmac(pFunctionList, hRwSession,
1679 hDES3SecKey, &mech,
1680 PLAINTEXT, sizeof(PLAINTEXT));
1681 if (crv == CKR_OK) {
1682 PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n",
1683 hmacMechs[i].mechanismStr);
1684 } else {
1685 PKM_Error( "PKM_Hmac with DES3 secret key failed for %-10s "
1686 "with 0x%08X, %-26s\n",
1687 hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
1688 return crv;
1689 }
1690
1691 } /* end of hmac loop */
1692
1693 crv = pFunctionList->C_Logout(hRwSession);
1694 if (crv == CKR_OK) {
1695 PKM_LogIt("C_Logout succeeded\n");
1696 } else {
1697 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1698 PKM_CK_RVtoStr(crv));
1699 return crv;
1700 }
1701
1702 crv = pFunctionList->C_CloseSession(hRwSession);
1703 if (crv != CKR_OK) {
1704 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1705 PKM_CK_RVtoStr(crv));
1706 return crv;
1707 }
1708
1709 return crv;
1710
1711 }
1712
1713 void PKM_LogIt(const char *fmt, ...) {
1714 va_list args;
1715
1716 if (verbose) {
1717 va_start (args, fmt);
1718 if (MODE == FIPSMODE) {
1719 printf("FIPS MODE: ");
1720 } else if (MODE == NONFIPSMODE) {
1721 printf("NON FIPS MODE: ");
1722 } else if (MODE == HYBRIDMODE) {
1723 printf("Hybrid MODE: ");
1724 } else printf ("NO MODE: ");
1725 vprintf(fmt, args);
1726 va_end(args);
1727 }
1728 }
1729
1730 void PKM_Error(const char *fmt, ...) {
1731 va_list args;
1732 va_start (args, fmt);
1733
1734 if (MODE == FIPSMODE) {
1735 fprintf(stderr, "\nFIPS MODE PKM_Error: ");
1736 } else if (MODE == NONFIPSMODE) {
1737 fprintf(stderr, "NON FIPS MODE PKM_Error: ");
1738 } else if (MODE == HYBRIDMODE) {
1739 fprintf(stderr, "Hybrid MODE PKM_Error: ");
1740 } else fprintf(stderr, "NOMODE PKM_Error: ");
1741 vfprintf(stderr, fmt, args);
1742 va_end(args);
1743 }
1744 CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
1745 CK_ULONG slotID) {
1746 CK_RV crv = CKR_OK;
1747 CK_SLOT_ID *pSlotList = NULL;
1748 CK_ULONG slotCount;
1749
1750 NUMTESTS++; /* increment NUMTESTS */
1751
1752 /* Get slot list */
1753 crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
1754 NULL, &slotCount);
1755 if (crv != CKR_OK) {
1756 PKM_Error( "C_GetSlotList failed with 0x%08X, %-26s\n", crv,
1757 PKM_CK_RVtoStr(crv));
1758 return NULL;
1759 }
1760 PKM_LogIt("C_GetSlotList reported there are %lu slots\n", slotCount);
1761 pSlotList = (CK_SLOT_ID *)malloc(slotCount * sizeof(CK_SLOT_ID));
1762 if (!pSlotList) {
1763 PKM_Error( "failed to allocate slot list\n");
1764 return NULL;
1765 }
1766 crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
1767 pSlotList, &slotCount);
1768 if (crv != CKR_OK) {
1769 PKM_Error( "C_GetSlotList failed with 0x%08X, %-26s\n", crv,
1770 PKM_CK_RVtoStr(crv));
1771 if (pSlotList) free(pSlotList);
1772 return NULL;
1773 }
1774 return pSlotList;
1775 }
1776
1777 CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
1778 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1779 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1780 CK_RV crv = CKR_OK;
1781 CK_SESSION_HANDLE hSession;
1782 static const CK_UTF8CHAR testPin[] = {"0Mozilla"};
1783 static const CK_UTF8CHAR weakPin[] = {"mozilla"};
1784
1785 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1786 CKF_RW_SESSION | CKF_SERIAL_SESSION,
1787 NULL, NULL, &hSession);
1788 if (crv != CKR_OK) {
1789 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1790 PKM_CK_RVtoStr(crv));
1791 return crv;
1792 }
1793 PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
1794
1795 crv = pFunctionList->C_Login(hSession, CKU_SO, NULL, 0);
1796 if (crv != CKR_OK) {
1797 PKM_Error( "C_Login failed with 0x%08X, %-26s\n", crv,
1798 PKM_CK_RVtoStr(crv));
1799 return crv;
1800 }
1801 if (MODE == FIPSMODE) {
1802 crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *) weakPin,
1803 sizeof(weakPin));
1804 if (crv == CKR_OK) {
1805 PKM_Error( "C_InitPIN with a weak password succeeded\n");
1806 return crv;
1807 } else {
1808 PKM_LogIt("C_InitPIN with a weak password failed with "
1809 "0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1810 }
1811 }
1812 crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *) testPin,
1813 sizeof(testPin));
1814 if (crv == CKR_OK) {
1815 PKM_LogIt("C_InitPIN succeeded\n");
1816 } else {
1817 PKM_Error( "C_InitPIN failed with 0x%08X, %-26s\n", crv,
1818 PKM_CK_RVtoStr(crv));
1819 return crv;
1820 }
1821 crv = pFunctionList->C_Logout(hSession);
1822 if (crv != CKR_OK) {
1823 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1824 PKM_CK_RVtoStr(crv));
1825 return crv;
1826 }
1827 crv = pFunctionList->C_CloseSession(hSession);
1828 if (crv != CKR_OK) {
1829 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1830 PKM_CK_RVtoStr(crv));
1831 return crv;
1832 }
1833
1834
1835 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1836 CKF_RW_SESSION | CKF_SERIAL_SESSION,
1837 NULL, NULL, &hSession);
1838 if (crv != CKR_OK) {
1839 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1840 PKM_CK_RVtoStr(crv));
1841 return crv;
1842 }
1843
1844 PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
1845
1846 crv = pFunctionList->C_Login(hSession, CKU_USER, (CK_UTF8CHAR *) testPin,
1847 strlen((const char *)testPin));
1848 if (crv != CKR_OK) {
1849 PKM_Error( "C_Login failed with 0x%08X, %-26s\n", crv,
1850 PKM_CK_RVtoStr(crv));
1851 return crv;
1852 }
1853 if (MODE == FIPSMODE) {
1854 crv = pFunctionList->C_SetPIN(
1855 hSession, (CK_UTF8CHAR *) testPin,
1856 strlen((const char *)testPin),
1857 (CK_UTF8CHAR *) weakPin,
1858 strlen((const char *)weakPin));
1859 if (crv == CKR_OK) {
1860 PKM_Error( "C_SetPIN with a weak password succeeded\n");
1861 return crv;
1862 } else {
1863 PKM_LogIt("C_SetPIN with a weak password returned with "
1864 "0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1865 }
1866 }
1867 crv = pFunctionList->C_SetPIN(
1868 hSession, (CK_UTF8CHAR *) testPin,
1869 strlen((const char *)testPin),
1870 pwd, pwdLen);
1871 if (crv != CKR_OK) {
1872 PKM_Error( "C_CSetPin failed with 0x%08X, %-26s\n", crv,
1873 PKM_CK_RVtoStr(crv));
1874 return crv;
1875 }
1876 crv = pFunctionList->C_Logout(hSession);
1877 if (crv != CKR_OK) {
1878 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1879 PKM_CK_RVtoStr(crv));
1880 return crv;
1881 }
1882 crv = pFunctionList->C_CloseSession(hSession);
1883 if (crv != CKR_OK) {
1884 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1885 PKM_CK_RVtoStr(crv));
1886 return crv;
1887 }
1888 return crv;
1889 }
1890
1891 CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
1892 CK_RV crv = CKR_OK;
1893 CK_INFO info;
1894 CK_SLOT_ID *pSlotList = NULL;
1895 unsigned i;
1896
1897 CK_SLOT_INFO slotInfo;
1898 CK_TOKEN_INFO tokenInfo;
1899 CK_FLAGS bitflag;
1900
1901 NUMTESTS++; /* increment NUMTESTS */
1902
1903
1904 crv = pFunctionList->C_GetInfo(&info);
1905 if (crv == CKR_OK) {
1906 PKM_LogIt("C_GetInfo succeeded\n");
1907 } else {
1908 PKM_Error( "C_GetInfo failed with 0x%08X, %-26s\n", crv,
1909 PKM_CK_RVtoStr(crv));
1910 return crv;
1911 }
1912 PKM_LogIt("General information about the PKCS #11 library:\n");
1913 PKM_LogIt(" PKCS #11 version: %d.%d\n",
1914 (int)info.cryptokiVersion.major,
1915 (int)info.cryptokiVersion.minor);
1916 PKM_LogIt(" manufacturer ID: %.32s\n", info.manufacturerID);
1917 PKM_LogIt(" flags: 0x%08lX\n", info.flags);
1918 PKM_LogIt(" library description: %.32s\n", info.libraryDescription);
1919 PKM_LogIt(" library version: %d.%d\n",
1920 (int)info.libraryVersion.major, (int)info.libraryVersion.minor);
1921 PKM_LogIt("\n");
1922
1923 /* Get slot list */
1924 pSlotList = PKM_GetSlotList(pFunctionList, slotID);
1925 if (pSlotList == NULL) {
1926 PKM_Error( "PKM_GetSlotList failed with \n");
1927 return crv;
1928 }
1929 crv = pFunctionList->C_GetSlotInfo(pSlotList[slotID], &slotInfo);
1930 if (crv == CKR_OK) {
1931 PKM_LogIt("C_GetSlotInfo succeeded\n");
1932 } else {
1933 PKM_Error( "C_GetSlotInfo failed with 0x%08X, %-26s\n", crv,
1934 PKM_CK_RVtoStr(crv));
1935 return crv;
1936 }
1937 PKM_LogIt("Information about slot %lu:\n", pSlotList[slotID]);
1938 PKM_LogIt(" slot description: %.64s\n", slotInfo.slotDescription);
1939 PKM_LogIt(" slot manufacturer ID: %.32s\n", slotInfo.manufacturerID);
1940 PKM_LogIt(" flags: 0x%08lX\n", slotInfo.flags);
1941 bitflag = 1;
1942 for (i = 0; i < sizeof(slotFlagName)/sizeof(slotFlagName[0]); i++) {
1943 if (slotInfo.flags & bitflag) {
1944 PKM_LogIt(" %s\n", slotFlagName[i]);
1945 }
1946 bitflag <<= 1;
1947 }
1948 PKM_LogIt(" slot's hardware version number: %d.%d\n",
1949 (int)slotInfo.hardwareVersion.major,
1950 (int)slotInfo.hardwareVersion.minor);
1951 PKM_LogIt(" slot's firmware version number: %d.%d\n",
1952 (int)slotInfo.firmwareVersion.major,
1953 (int)slotInfo.firmwareVersion.minor);
1954 PKM_LogIt("\n");
1955
1956 crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
1957 if (crv == CKR_OK) {
1958 PKM_LogIt("C_GetTokenInfo succeeded\n");
1959 } else {
1960 PKM_Error( "C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
1961 PKM_CK_RVtoStr(crv));
1962 return crv;
1963 }
1964 PKM_LogIt("Information about the token in slot %lu:\n",
1965 pSlotList[slotID]);
1966 PKM_LogIt(" label: %.32s\n", tokenInfo.label);
1967 PKM_LogIt(" device manufacturer ID: %.32s\n",
1968 tokenInfo.manufacturerID);
1969 PKM_LogIt(" device model: %.16s\n", tokenInfo.model);
1970 PKM_LogIt(" device serial number: %.16s\n", tokenInfo.serialNumber);
1971 PKM_LogIt(" flags: 0x%08lX\n", tokenInfo.flags);
1972 bitflag = 1;
1973 for (i = 0; i < sizeof(tokenFlagName)/sizeof(tokenFlagName[0]); i++) {
1974 if (tokenInfo.flags & bitflag) {
1975 PKM_LogIt(" %s\n", tokenFlagName[i]);
1976 }
1977 bitflag <<= 1;
1978 }
1979 PKM_LogIt(" maximum session count: %lu\n",
1980 tokenInfo.ulMaxSessionCount);
1981 PKM_LogIt(" session count: %lu\n", tokenInfo.ulSessionCount);
1982 PKM_LogIt(" maximum read/write session count: %lu\n",
1983 tokenInfo.ulMaxRwSessionCount);
1984 PKM_LogIt(" read/write session count: %lu\n",
1985 tokenInfo.ulRwSessionCount);
1986 PKM_LogIt(" maximum PIN length: %lu\n", tokenInfo.ulMaxPinLen);
1987 PKM_LogIt(" minimum PIN length: %lu\n", tokenInfo.ulMinPinLen);
1988 PKM_LogIt(" total public memory: %lu\n",
1989 tokenInfo.ulTotalPublicMemory);
1990 PKM_LogIt(" free public memory: %lu\n",
1991 tokenInfo.ulFreePublicMemory);
1992 PKM_LogIt(" total private memory: %lu\n",
1993 tokenInfo.ulTotalPrivateMemory);
1994 PKM_LogIt(" free private memory: %lu\n",
1995 tokenInfo.ulFreePrivateMemory);
1996 PKM_LogIt(" hardware version number: %d.%d\n",
1997 (int)tokenInfo.hardwareVersion.major,
1998 (int)tokenInfo.hardwareVersion.minor);
1999 PKM_LogIt(" firmware version number: %d.%d\n",
2000 (int)tokenInfo.firmwareVersion.major,
2001 (int)tokenInfo.firmwareVersion.minor);
2002 if (tokenInfo.flags & CKF_CLOCK_ON_TOKEN) {
2003 PKM_LogIt(" current time: %.16s\n", tokenInfo.utcTime);
2004 }
2005 PKM_LogIt("PKM_ShowInfo done \n\n");
2006 if (pSlotList) free(pSlotList);
2007 return crv;
2008 }
2009
2010 /* PKM_HybridMode */
2011 /* The NSS cryptographic module has two modes of operation: FIPS Approved */
2012 /* mode and NONFIPS Approved mode. The two modes of operation are */
2013 /* independent of each other -- they have their own copies of data */
2014 /* structures and they are even allowed to be active at the same time. */
2015 /* The module is FIPS 140-2 compliant only when the NONFIPS mode */
2016 /* is inactive. */
2017 /* PKM_HybridMode demostrates how an application can switch between the */
2018 /* two modes: FIPS Approved mode and NONFIPS mode. */
2019 CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
2020 CK_C_INITIALIZE_ARGS_NSS *initArgs) {
2021
2022 CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */
2023 CK_FUNCTION_LIST_PTR pC_FunctionList;
2024 CK_SLOT_ID *pC_SlotList = NULL;
2025 CK_ULONG slotID_C = 1;
2026 CK_C_GetFunctionList pFC_GetFunctionList; /* FIPSMode */
2027 CK_FUNCTION_LIST_PTR pFC_FunctionList;
2028 CK_SLOT_ID *pFC_SlotList = NULL;
2029 CK_ULONG slotID_FC = 0;
2030 CK_RV crv = CKR_OK;
2031 CK_SESSION_HANDLE hSession;
2032 int origMode = MODE; /* remember the orginal MODE value */
2033
2034 NUMTESTS++; /* increment NUMTESTS */
2035 MODE = NONFIPSMODE;
2036 #ifdef _WIN32
2037 /* NON FIPS mode == C_GetFunctionList */
2038 pC_GetFunctionList = (CK_C_GetFunctionList)
2039 GetProcAddress(hModule, "C_GetFunctionList");
2040 if (pC_GetFunctionList == NULL) {
2041 PKM_Error( "cannot load %s\n", LIB_NAME);
2042 return crv;
2043 }
2044 #else
2045 pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
2046 "C_GetFunctionList");
2047 assert(pC_GetFunctionList != NULL);
2048 #endif
2049 PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n",
2050 slotID_C);
2051 crv = (*pC_GetFunctionList)(&pC_FunctionList);
2052 assert(crv == CKR_OK);
2053
2054 /* invoke C_Initialize as pC_FunctionList->C_Initialize */
2055 crv = pC_FunctionList->C_Initialize(initArgs);
2056 if (crv == CKR_OK) {
2057 PKM_LogIt("C_Initialize succeeded\n");
2058 } else {
2059 PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
2060 PKM_CK_RVtoStr(crv));
2061 return crv;
2062 }
2063
2064 pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C);
2065 if (pC_SlotList == NULL) {
2066 PKM_Error( "PKM_GetSlotList failed with \n");
2067 return crv;
2068 }
2069 crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C],
2070 CKF_SERIAL_SESSION,
2071 NULL, NULL, &hSession);
2072 if (crv == CKR_OK) {
2073 PKM_LogIt("NONFIPS C_OpenSession succeeded\n");
2074 } else {
2075 PKM_Error( "C_OpenSession failed for NONFIPS token "
2076 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2077 return crv;
2078 }
2079
2080 crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
2081 if (crv == CKR_OK) {
2082 PKM_LogIt("able to login in NONFIPS token\n");
2083 } else {
2084 PKM_Error( "Unable to login in to NONFIPS token "
2085 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2086 return crv;
2087 }
2088
2089 crv = pC_FunctionList->C_Logout(hSession);
2090 if (crv == CKR_OK) {
2091 PKM_LogIt("C_Logout succeeded\n");
2092 } else {
2093 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
2094 PKM_CK_RVtoStr(crv));
2095 return crv;
2096 }
2097
2098 PKM_ShowInfo(pC_FunctionList, slotID_C);
2099 MODE = HYBRIDMODE;
2100
2101 /* Now load the FIPS token */
2102 /* FIPS mode == FC_GetFunctionList */
2103 pFC_GetFunctionList = NULL;
2104 #ifdef _WIN32
2105 pFC_GetFunctionList = (CK_C_GetFunctionList)
2106 GetProcAddress(hModule, "FC_GetFunctionList");
2107 #else
2108 pFC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
2109 "FC_GetFunctionList");
2110 assert(pFC_GetFunctionList != NULL);
2111 #endif
2112
2113 PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n",
2114 slotID_FC);
2115 PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n");
2116 if (pFC_GetFunctionList == NULL) {
2117 PKM_Error( "unable to load pFC_GetFunctionList\n");
2118 return crv;
2119 }
2120
2121 crv = (*pFC_GetFunctionList)(&pFC_FunctionList);
2122 assert(crv == CKR_OK);
2123
2124 /* invoke FC_Initialize as pFunctionList->C_Initialize */
2125 crv = pFC_FunctionList->C_Initialize(initArgs);
2126 if (crv == CKR_OK) {
2127 PKM_LogIt("FC_Initialize succeeded\n");
2128 } else {
2129 PKM_Error( "FC_Initialize failed with 0x%08X, %-26s\n", crv,
2130 PKM_CK_RVtoStr(crv));
2131 return crv;
2132 }
2133 PKM_ShowInfo(pFC_FunctionList, slotID_FC);
2134
2135 pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC);
2136 if (pFC_SlotList == NULL) {
2137 PKM_Error( "PKM_GetSlotList failed with \n");
2138 return crv;
2139 }
2140
2141 crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
2142 if (crv != CKR_OK) {
2143 PKM_LogIt("NONFIPS token cannot log in when FIPS token is loaded\n");
2144 } else {
2145 PKM_Error("Able to login in to NONFIPS token\n");
2146 return crv;
2147 }
2148 crv = pC_FunctionList->C_CloseSession(hSession);
2149 if (crv == CKR_OK) {
2150 PKM_LogIt("NONFIPS pC_CloseSession succeeded\n");
2151 } else {
2152 PKM_Error( "pC_CloseSession failed for NONFIPS token "
2153 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2154 return crv;
2155 }
2156
2157 PKM_LogIt("The module is FIPS 140-2 compliant\n"
2158 "only when the NONFIPS Approved mode is inactive by \n"
2159 "calling C_Finalize on the NONFIPS token.\n");
2160
2161
2162 /* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */
2163 crv = pC_FunctionList->C_Finalize(NULL);
2164 if (crv == CKR_OK) {
2165 PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n");
2166 MODE = FIPSMODE;
2167 } else {
2168 PKM_Error( "C_Finalize of NONFIPS Token failed with "
2169 "0x%08X, %-26s\n", crv,
2170 PKM_CK_RVtoStr(crv));
2171 return crv;
2172 }
2173
2174 PKM_LogIt("*** In FIPS mode! ***\n");
2175
2176 /* could do some operations in FIPS MODE */
2177
2178 crv = pFC_FunctionList->C_Finalize(NULL);
2179 if (crv == CKR_OK) {
2180 PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n");
2181 MODE = NOMODE;
2182 } else {
2183 PKM_Error( "FC_Finalize failed with 0x%08X, %-26s\n", crv,
2184 PKM_CK_RVtoStr(crv));
2185 return crv;
2186 }
2187
2188 if (pC_SlotList) free(pC_SlotList);
2189 if (pFC_SlotList) free(pFC_SlotList);
2190
2191 MODE = origMode; /* set the mode back to the orginal Mode value */
2192 PKM_LogIt("PKM_HybridMode test Completed\n\n");
2193 return crv;
2194 }
2195
2196 CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
2197 CK_SLOT_ID * pSlotList, CK_ULONG slotID) {
2198
2199 CK_RV crv = CKR_OK;
2200 CK_MECHANISM_TYPE *pMechanismList;
2201 CK_ULONG mechanismCount;
2202 CK_ULONG i;
2203
2204 NUMTESTS++; /* increment NUMTESTS */
2205
2206 /* Get the mechanism list */
2207 crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
2208 NULL, &mechanismCount);
2209 if (crv != CKR_OK) {
2210 PKM_Error( "C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
2211 PKM_CK_RVtoStr(crv));
2212 return crv;
2213 }
2214 PKM_LogIt("C_GetMechanismList reported there are %lu mechanisms\n",
2215 mechanismCount);
2216 pMechanismList = (CK_MECHANISM_TYPE *)
2217 malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE));
2218 if (!pMechanismList) {
2219 PKM_Error( "failed to allocate mechanism list\n");
2220 return crv;
2221 }
2222 crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
2223 pMechanismList, &mechanismCount);
2224 if (crv != CKR_OK) {
2225 PKM_Error( "C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
2226 PKM_CK_RVtoStr(crv));
2227 return crv;
2228 }
2229 PKM_LogIt("C_GetMechanismList returned the mechanism types:\n");
2230 if (verbose) {
2231 for (i = 0; i < mechanismCount; i++) {
2232 printf(" 0x%08lX", pMechanismList[i]);
2233 if ((i != 0) && ((i % 4) == 0 )) printf("\n");
2234 }
2235 printf("\n");
2236 }
2237
2238 for ( i = 0; i < mechanismCount; i++ ) {
2239 CK_MECHANISM_INFO minfo;
2240
2241 memset(&minfo, 0, sizeof(CK_MECHANISM_INFO));
2242 crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotID],
2243 pMechanismList[i], &minfo);
2244 if ( CKR_OK != crv ) {
2245 PKM_Error( "C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n",
2246 pSlotList[slotID], pMechanismList[i], crv,
2247 PKM_CK_RVtoStr(crv));
2248 return crv;
2249 }
2250
2251 PKM_LogIt( " [%lu]: CK_MECHANISM_TYPE = %lu\n", (i+1),
2252 pMechanismList[i]);
2253 PKM_LogIt( " ulMinKeySize = %lu\n", minfo.ulMinKeySize);
2254 PKM_LogIt( " ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
2255 PKM_LogIt( " flags = 0x%08x\n", minfo.flags);
2256 PKM_LogIt( " -> HW = %s\n", minfo.flags & CKF_HW ?
2257 "TRUE" : "FALSE");
2258 PKM_LogIt( " -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ?
2259 "TRUE" : "FALSE");
2260 PKM_LogIt( " -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ?
2261 "TRUE" : "FALSE");
2262 PKM_LogIt( " -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ?
2263 "TRUE" : "FALSE");
2264 PKM_LogIt( " -> SIGN = %s\n", minfo.flags & CKF_SIGN ?
2265 "TRUE" : "FALSE");
2266 PKM_LogIt( " -> SIGN_RECOVER = %s\n", minfo.flags &
2267 CKF_SIGN_RECOVER ? "TRUE" : "FALSE");
2268 PKM_LogIt( " -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ?
2269 "TRUE" : "FALSE");
2270 PKM_LogIt( " -> VERIFY_RECOVER = %s\n",
2271 minfo.flags & CKF_VERIFY_RECOVER ? "TRUE" : "FALSE");
2272 PKM_LogIt( " -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ?
2273 "TRUE" : "FALSE");
2274 PKM_LogIt( " -> GENERATE_KEY_PAIR = %s\n",
2275 minfo.flags & CKF_GENERATE_KEY_PAIR ? "TRUE" : "FALSE");
2276 PKM_LogIt( " -> WRAP = %s\n", minfo.flags & CKF_WRAP ?
2277 "TRUE" : "FALSE");
2278 PKM_LogIt( " -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ?
2279 "TRUE" : "FALSE");
2280 PKM_LogIt( " -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ?
2281 "TRUE" : "FALSE");
2282 PKM_LogIt( " -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ?
2283 "TRUE" : "FALSE");
2284
2285 PKM_LogIt( "\n");
2286 }
2287
2288
2289 return crv;
2290
2291 }
2292
2293 CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
2294 CK_ULONG slotID) {
2295 CK_SESSION_HANDLE hSession;
2296 CK_RV crv = CKR_OK;
2297 CK_BYTE randomData[16];
2298 CK_BYTE seed[] = {0x01, 0x03, 0x35, 0x55, 0xFF};
2299
2300 NUMTESTS++; /* increment NUMTESTS */
2301
2302 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
2303 NULL, NULL, &hSession);
2304 if (crv != CKR_OK) {
2305 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
2306 PKM_CK_RVtoStr(crv));
2307 return crv;
2308 }
2309
2310 crv = pFunctionList->C_GenerateRandom(hSession,
2311 randomData, sizeof randomData);
2312 if (crv == CKR_OK) {
2313 PKM_LogIt("C_GenerateRandom without login succeeded\n");
2314 } else {
2315 PKM_Error( "C_GenerateRandom without login failed "
2316 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2317 return crv;
2318 }
2319 crv = pFunctionList->C_SeedRandom(hSession, seed, sizeof(seed));
2320 if (crv == CKR_OK) {
2321 PKM_LogIt("C_SeedRandom without login succeeded\n");
2322 } else {
2323 PKM_Error( "C_SeedRandom without login failed "
2324 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2325 return crv;
2326 }
2327 crv = pFunctionList->C_GenerateRandom(hSession,
2328 randomData, sizeof randomData);
2329 if (crv == CKR_OK) {
2330 PKM_LogIt("C_GenerateRandom without login succeeded\n");
2331 } else {
2332 PKM_Error( "C_GenerateRandom without login failed "
2333 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2334 return crv;
2335 }
2336 crv = pFunctionList->C_CloseSession(hSession);
2337 if (crv != CKR_OK) {
2338 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
2339 PKM_CK_RVtoStr(crv));
2340 return crv;
2341 }
2342
2343 return crv;
2344
2345 }
2346
2347 CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
2348 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
2349 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
2350 CK_SESSION_HANDLE hSession;
2351 CK_RV crv = CKR_OK;
2352
2353 NUMTESTS++; /* increment NUMTESTS */
2354
2355 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
2356 NULL, NULL, &hSession);
2357 if (crv != CKR_OK) {
2358 PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
2359 PKM_CK_RVtoStr(crv));
2360 return crv;
2361 }
2362
2363 crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)
2364 "netscape", 8);
2365 if (crv == CKR_OK) {
2366 PKM_Error("C_Login with wrong password succeeded\n");
2367 return CKR_FUNCTION_FAILED;
2368 } else {
2369 PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
2370 "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
2371 }
2372 crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)
2373 "red hat", 7);
2374 if (crv == CKR_OK) {
2375 PKM_Error("C_Login with wrong password succeeded\n");
2376 return CKR_FUNCTION_FAILED;
2377 } else {
2378 PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
2379 "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
2380 }
2381 crv = pFunctionList->C_Login(hSession, CKU_USER,
2382 (unsigned char *) "sun", 3);
2383 if (crv == CKR_OK) {
2384 PKM_Error("C_Login with wrong password succeeded\n");
2385 return CKR_FUNCTION_FAILED;
2386 } else {
2387 PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
2388 "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
2389 }
2390 crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
2391 if (crv == CKR_OK) {
2392 PKM_LogIt("C_Login with correct password succeeded\n");
2393 } else {
2394 PKM_Error("C_Login with correct password failed "
2395 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2396 return crv;
2397 }
2398
2399 crv = pFunctionList->C_Logout(hSession);
2400 if (crv == CKR_OK) {
2401 PKM_LogIt("C_Logout succeeded\n");
2402 } else {
2403 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
2404 PKM_CK_RVtoStr(crv));
2405 return crv;
2406 }
2407
2408 crv = pFunctionList->C_CloseSession(hSession);
2409 if (crv != CKR_OK) {
2410 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
2411 PKM_CK_RVtoStr(crv));
2412 return crv;
2413 }
2414
2415 return crv;
2416
2417 }
2418
2419 /*
2420 * PKM_LegacyFunctions
2421 *
2422 * Legacyfunctions exist only for backwards compatibility.
2423 * C_GetFunctionStatus and C_CancelFunction functions were
2424 * meant for managing parallel execution of cryptographic functions.
2425 *
2426 * C_GetFunctionStatus is a legacy function which should simply return
2427 * the value CKR_FUNCTION_NOT_PARALLEL.
2428 *
2429 * C_CancelFunction is a legacy function which should simply return the
2430 * value CKR_FUNCTION_NOT_PARALLEL.
2431 *
2432 */
2433 CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
2434 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
2435 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
2436 CK_SESSION_HANDLE hSession;
2437 CK_RV crv = CKR_OK;
2438 NUMTESTS++; /* increment NUMTESTS */
2439
2440 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
2441 NULL, NULL, &hSession);
2442 if (crv != CKR_OK) {
2443 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
2444 PKM_CK_RVtoStr(crv));
2445 return crv;
2446 }
2447
2448 crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
2449 if (crv == CKR_OK) {
2450 PKM_LogIt("C_Login with correct password succeeded\n");
2451 } else {
2452 PKM_Error( "C_Login with correct password failed "
2453 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2454 return crv;
2455 }
2456
2457 crv = pFunctionList->C_GetFunctionStatus(hSession);
2458 if (crv == CKR_FUNCTION_NOT_PARALLEL) {
2459 PKM_LogIt("C_GetFunctionStatus correctly"
2460 "returned CKR_FUNCTION_NOT_PARALLEL \n");
2461 } else {
2462 PKM_Error( "C_GetFunctionStatus failed "
2463 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2464 return crv;
2465 }
2466
2467 crv = pFunctionList->C_CancelFunction(hSession);
2468 if (crv == CKR_FUNCTION_NOT_PARALLEL) {
2469 PKM_LogIt("C_CancelFunction correctly "
2470 "returned CKR_FUNCTION_NOT_PARALLEL \n");
2471 } else {
2472 PKM_Error( "C_CancelFunction failed "
2473 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2474 return crv;
2475 }
2476
2477 crv = pFunctionList->C_Logout(hSession);
2478 if (crv == CKR_OK) {
2479 PKM_LogIt("C_Logout succeeded\n");
2480 } else {
2481 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
2482 PKM_CK_RVtoStr(crv));
2483 return crv;
2484 }
2485
2486 crv = pFunctionList->C_CloseSession(hSession);
2487 if (crv != CKR_OK) {
2488 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
2489 PKM_CK_RVtoStr(crv));
2490 return crv;
2491 }
2492
2493 return crv;
2494
2495 }
2496
2497 /*
2498 * PKM_DualFuncDigest - demostrates the Dual-function
2499 * cryptograpic functions:
2500 *
2501 * C_DigestEncryptUpdate - multi-part Digest and Encrypt
2502 * C_DecryptDigestUpdate - multi-part Decrypt and Digest
2503 *
2504 *
2505 */
2506
2507 CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
2508 CK_SESSION_HANDLE hSession,
2509 CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
2510 CK_OBJECT_HANDLE hSecKeyDigest,
2511 CK_MECHANISM *digestMech,
2512 const CK_BYTE * pData, CK_ULONG pDataLen) {
2513 CK_RV crv = CKR_OK;
2514 CK_BYTE eDigest[MAX_DIGEST_SZ];
2515 CK_BYTE dDigest[MAX_DIGEST_SZ];
2516 CK_ULONG ulDigestLen;
2517 CK_BYTE ciphertext[MAX_CIPHER_SZ];
2518 CK_ULONG ciphertextLen, lastLen;
2519 CK_BYTE plaintext[MAX_DATA_SZ];
2520 CK_ULONG plaintextLen;
2521 unsigned int i;
2522
2523 memset(eDigest, 0, sizeof(eDigest));
2524 memset(dDigest, 0, sizeof(dDigest));
2525 memset(ciphertext, 0, sizeof(ciphertext));
2526 memset(plaintext, 0, sizeof(plaintext));
2527
2528 NUMTESTS++; /* increment NUMTESTS */
2529
2530 /*
2531 * First init the Digest and Ecrypt operations
2532 */
2533 crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSecKey);
2534 if (crv != CKR_OK) {
2535 PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2536 PKM_CK_RVtoStr(crv));
2537 return crv;
2538 }
2539 crv = pFunctionList->C_DigestInit(hSession, digestMech);
2540 if (crv != CKR_OK) {
2541 PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
2542 PKM_CK_RVtoStr(crv));
2543 return crv;
2544 }
2545
2546 ciphertextLen = sizeof(ciphertext);
2547 crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE * ) pData,
2548 pDataLen,
2549 ciphertext, &ciphertextLen);
2550 if (crv != CKR_OK) {
2551 PKM_Error( "C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv,
2552 PKM_CK_RVtoStr(crv));
2553 return crv;
2554 }
2555
2556 ulDigestLen = sizeof(eDigest);
2557 crv = pFunctionList->C_DigestFinal(hSession, eDigest, &ulDigestLen);
2558 if (crv != CKR_OK) {
2559 PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
2560 PKM_CK_RVtoStr(crv));
2561 return crv;
2562 }
2563
2564
2565 /* get the last piece of ciphertext (length should be 0 */
2566 lastLen = sizeof(ciphertext) - ciphertextLen;
2567 crv = pFunctionList->C_EncryptFinal(hSession,
2568 (CK_BYTE * )&ciphertext[ciphertextLen],
2569 &lastLen);
2570 if (crv != CKR_OK) {
2571 PKM_Error( "C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
2572 PKM_CK_RVtoStr(crv));
2573 return crv;
2574 }
2575 ciphertextLen = ciphertextLen + lastLen;
2576 if (verbose) {
2577 printf("ciphertext = ");
2578 for (i = 0; i < ciphertextLen; i++) {
2579 printf("%02x", (unsigned)ciphertext[i]);
2580 }
2581 printf("\n");
2582 printf("eDigest = ");
2583 for (i = 0; i < ulDigestLen; i++) {
2584 printf("%02x", (unsigned)eDigest[i]);
2585 }
2586 printf("\n");
2587 }
2588
2589 /* Decrypt the text */
2590 crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSecKey);
2591 if (crv != CKR_OK) {
2592 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2593 PKM_CK_RVtoStr(crv));
2594 return crv;
2595 }
2596 crv = pFunctionList->C_DigestInit(hSession, digestMech);
2597 if (crv != CKR_OK) {
2598 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2599 PKM_CK_RVtoStr(crv));
2600 return crv;
2601 }
2602
2603 plaintextLen = sizeof(plaintext);
2604 crv = pFunctionList->C_DecryptDigestUpdate(hSession, ciphertext,
2605 ciphertextLen,
2606 plaintext,
2607 &plaintextLen);
2608 if (crv != CKR_OK) {
2609 PKM_Error( "C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv,
2610 PKM_CK_RVtoStr(crv));
2611 return crv;
2612 }
2613 lastLen = sizeof(plaintext) - plaintextLen;
2614
2615 crv = pFunctionList->C_DecryptFinal(hSession,
2616 (CK_BYTE * )&plaintext[plaintextLen],
2617 &lastLen);
2618 if (crv != CKR_OK) {
2619 PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
2620 PKM_CK_RVtoStr(crv));
2621 return crv;
2622 }
2623 plaintextLen = plaintextLen + lastLen;
2624
2625 ulDigestLen = sizeof(dDigest);
2626 crv = pFunctionList->C_DigestFinal(hSession, dDigest, &ulDigestLen);
2627 if (crv != CKR_OK) {
2628 PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
2629 PKM_CK_RVtoStr(crv));
2630 return crv;
2631 }
2632
2633 if (plaintextLen != pDataLen) {
2634 PKM_Error( "plaintextLen is %lu\n", plaintextLen);
2635 return crv;
2636 }
2637
2638 if (verbose) {
2639 printf("plaintext = ");
2640 for (i = 0; i < plaintextLen; i++) {
2641 printf("%02x", (unsigned)plaintext[i]);
2642 }
2643 printf("\n");
2644 printf("dDigest = ");
2645 for (i = 0; i < ulDigestLen; i++) {
2646 printf("%02x", (unsigned)dDigest[i]);
2647 }
2648 printf("\n");
2649 }
2650
2651 if (memcmp(eDigest, dDigest, ulDigestLen) == 0) {
2652 PKM_LogIt("Encrypted Digest equals Decrypted Digest\n");
2653 } else {
2654 PKM_Error( "Digests don't match\n");
2655 }
2656
2657 if ((plaintextLen == pDataLen) &&
2658 (memcmp(plaintext, pData, pDataLen)) == 0) {
2659 PKM_LogIt("DualFuncDigest decrypt test case passed\n");
2660 } else {
2661 PKM_Error( "DualFuncDigest derypt test case failed\n");
2662 }
2663
2664 return crv;
2665
2666 }
2667
2668 /*
2669 * PKM_SecKeyCrypt - Symmetric key encrypt/decyprt
2670 *
2671 */
2672
2673 CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
2674 CK_SESSION_HANDLE hSession,
2675 CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
2676 const CK_BYTE * pData, CK_ULONG dataLen) {
2677 CK_RV crv = CKR_OK;
2678
2679 CK_BYTE cipher1[MAX_CIPHER_SZ];
2680 CK_BYTE cipher2[MAX_CIPHER_SZ];
2681 CK_BYTE data1[MAX_DATA_SZ];
2682 CK_BYTE data2[MAX_DATA_SZ];
2683 CK_ULONG cipher1Len =0, cipher2Len =0, lastLen =0;
2684 CK_ULONG data1Len =0, data2Len =0;
2685
2686 NUMTESTS++; /* increment NUMTESTS */
2687
2688 memset(cipher1, 0, sizeof(cipher1));
2689 memset(cipher2, 0, sizeof(cipher2));
2690 memset(data1, 0, sizeof(data1));
2691 memset(data2, 0, sizeof(data2));
2692
2693 /* C_Encrypt */
2694 crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
2695 if (crv != CKR_OK) {
2696 PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2697 PKM_CK_RVtoStr(crv));
2698 return crv;
2699 }
2700 cipher1Len = sizeof(cipher1);
2701 crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE * ) pData, dataLen,
2702 cipher1, &cipher1Len);
2703 if (crv != CKR_OK) {
2704 PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
2705 PKM_CK_RVtoStr(crv));
2706 return crv;
2707 }
2708
2709 /* C_EncryptUpdate */
2710 crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
2711 if (crv != CKR_OK) {
2712 PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2713 PKM_CK_RVtoStr(crv));
2714 return crv;
2715 }
2716 cipher2Len = sizeof(cipher2);
2717 crv = pFunctionList->C_EncryptUpdate (hSession, (CK_BYTE * ) pData,
2718 dataLen,
2719 cipher2, &cipher2Len);
2720 if (crv != CKR_OK) {
2721 PKM_Error( "C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
2722 PKM_CK_RVtoStr(crv));
2723 return crv;
2724 }
2725 lastLen = sizeof(cipher2) - cipher2Len;
2726
2727 crv = pFunctionList->C_EncryptFinal(hSession,
2728 (CK_BYTE * )&cipher2[cipher2Len],
2729 &lastLen);
2730 cipher2Len = cipher2Len + lastLen;
2731
2732 if ( (cipher1Len == cipher2Len) &&
2733 (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0) ) {
2734 PKM_LogIt("encrypt test case passed\n");
2735 } else {
2736 PKM_Error( "encrypt test case failed\n");
2737 return CKR_GENERAL_ERROR;
2738 }
2739
2740 /* C_Decrypt */
2741 crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
2742 if (crv != CKR_OK) {
2743 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2744 PKM_CK_RVtoStr(crv));
2745 return crv;
2746 }
2747 data1Len = sizeof(data1);
2748 crv = pFunctionList->C_Decrypt(hSession, cipher1, cipher1Len,
2749 data1, &data1Len);
2750 if (crv != CKR_OK) {
2751 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2752 PKM_CK_RVtoStr(crv));
2753 return crv;
2754 }
2755 /* now use C_DecryptUpdate the text */
2756 crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
2757 if (crv != CKR_OK) {
2758 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2759 PKM_CK_RVtoStr(crv));
2760 return crv;
2761 }
2762 data2Len = sizeof(data2);
2763 crv = pFunctionList->C_DecryptUpdate(hSession, cipher2,
2764 cipher2Len,
2765 data2, &data2Len);
2766 if (crv != CKR_OK) {
2767 PKM_Error( "C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
2768 PKM_CK_RVtoStr(crv));
2769 return crv;
2770 }
2771 lastLen = sizeof(data2) - data2Len;
2772 crv = pFunctionList->C_DecryptFinal(hSession,
2773 (CK_BYTE * )&data2[data2Len],
2774 &lastLen);
2775 if (crv != CKR_OK) {
2776 PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
2777 PKM_CK_RVtoStr(crv));
2778 return crv;
2779 }
2780 data2Len = data2Len + lastLen;
2781
2782
2783 /* Comparison of Decrypt data */
2784
2785 if ( (data1Len == data2Len) && (dataLen == data1Len) &&
2786 (memcmp(data1, pData, dataLen) == 0) &&
2787 (memcmp(data2, pData, dataLen) == 0) ) {
2788 PKM_LogIt("decrypt test case passed\n");
2789 } else {
2790 PKM_Error( "derypt test case failed\n");
2791 }
2792
2793 return crv;
2794
2795 }
2796
2797
2798 CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
2799 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
2800 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
2801 CK_SESSION_HANDLE hSession;
2802 CK_RV crv = CKR_OK;
2803 CK_MECHANISM sAESKeyMech = {
2804 CKM_AES_KEY_GEN, NULL, 0
2805 };
2806 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
2807 CK_KEY_TYPE keyAESType = CKK_AES;
2808 CK_UTF8CHAR AESlabel[] = "An AES secret key object";
2809 CK_ULONG AESvalueLen = 16;
2810 CK_ATTRIBUTE sAESKeyTemplate[9];
2811 CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
2812
2813 CK_BYTE KEY[16];
2814 CK_BYTE IV[16];
2815 static const CK_BYTE CIPHERTEXT[] = {
2816 0x7e,0x6a,0x3f,0x3b,0x39,0x3c,0xf2,0x4b,
2817 0xce,0xcc,0x23,0x6d,0x80,0xfd,0xe0,0xff
2818 };
2819 CK_BYTE ciphertext[64];
2820 CK_BYTE ciphertext2[64];
2821 CK_ULONG ciphertextLen, ciphertext2Len, lastLen;
2822 CK_BYTE plaintext[32];
2823 CK_BYTE plaintext2[32];
2824 CK_ULONG plaintextLen, plaintext2Len;
2825 CK_BYTE wrappedKey[16];
2826 CK_ULONG wrappedKeyLen;
2827 CK_MECHANISM aesEcbMech = {
2828 CKM_AES_ECB, NULL, 0
2829 };
2830 CK_OBJECT_HANDLE hTestKey;
2831 CK_MECHANISM mech_AES_CBC;
2832
2833 NUMTESTS++; /* increment NUMTESTS */
2834
2835 memset(ciphertext, 0, sizeof(ciphertext));
2836 memset(ciphertext2, 0, sizeof(ciphertext2));
2837 memset(IV, 0x00, sizeof(IV));
2838 memset(KEY, 0x00, sizeof(KEY));
2839
2840 mech_AES_CBC.mechanism = CKM_AES_CBC;
2841 mech_AES_CBC.pParameter = IV;
2842 mech_AES_CBC.ulParameterLen = sizeof(IV);
2843
2844 /* AES key template */
2845 sAESKeyTemplate[0].type = CKA_CLASS;
2846 sAESKeyTemplate[0].pValue = &class;
2847 sAESKeyTemplate[0].ulValueLen = sizeof(class);
2848 sAESKeyTemplate[1].type = CKA_KEY_TYPE;
2849 sAESKeyTemplate[1].pValue = &keyAESType;
2850 sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
2851 sAESKeyTemplate[2].type = CKA_LABEL;
2852 sAESKeyTemplate[2].pValue = AESlabel;
2853 sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
2854 sAESKeyTemplate[3].type = CKA_ENCRYPT;
2855 sAESKeyTemplate[3].pValue = &true;
2856 sAESKeyTemplate[3].ulValueLen = sizeof(true);
2857 sAESKeyTemplate[4].type = CKA_DECRYPT;
2858 sAESKeyTemplate[4].pValue = &true;
2859 sAESKeyTemplate[4].ulValueLen = sizeof(true);
2860 sAESKeyTemplate[5].type = CKA_SIGN;
2861 sAESKeyTemplate[5].pValue = &true;
2862 sAESKeyTemplate[5].ulValueLen = sizeof (true);
2863 sAESKeyTemplate[6].type = CKA_VERIFY;
2864 sAESKeyTemplate[6].pValue = &true;
2865 sAESKeyTemplate[6].ulValueLen = sizeof(true);
2866 sAESKeyTemplate[7].type = CKA_UNWRAP;
2867 sAESKeyTemplate[7].pValue = &true;
2868 sAESKeyTemplate[7].ulValueLen = sizeof(true);
2869 sAESKeyTemplate[8].type = CKA_VALUE_LEN;
2870 sAESKeyTemplate[8].pValue = &AESvalueLen;
2871 sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
2872
2873 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
2874 NULL, NULL, &hSession);
2875 if (crv != CKR_OK) {
2876 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
2877 PKM_CK_RVtoStr(crv));
2878 return crv;
2879 }
2880
2881 crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
2882 if (crv == CKR_OK) {
2883 PKM_LogIt("C_Login with correct password succeeded\n");
2884 } else {
2885 PKM_Error( "C_Login with correct password failed "
2886 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
2887 return crv;
2888 }
2889
2890 PKM_LogIt("Generate an AES key ... \n");
2891 /* generate an AES Secret Key */
2892 crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
2893 sAESKeyTemplate,
2894 NUM_ELEM(sAESKeyTemplate),
2895 &hKey);
2896 if (crv == CKR_OK) {
2897 PKM_LogIt("C_GenerateKey AES succeeded\n");
2898 } else {
2899 PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
2900 crv, PKM_CK_RVtoStr(crv));
2901 return crv;
2902 }
2903
2904 crv = pFunctionList->C_EncryptInit(hSession, &aesEcbMech, hKey);
2905 if (crv != CKR_OK) {
2906 PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2907 PKM_CK_RVtoStr(crv));
2908 return crv;
2909 }
2910 wrappedKeyLen = sizeof(wrappedKey);
2911 crv = pFunctionList->C_Encrypt(hSession, KEY, sizeof(KEY),
2912 wrappedKey, &wrappedKeyLen);
2913 if (crv != CKR_OK) {
2914 PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
2915 PKM_CK_RVtoStr(crv));
2916 return crv;
2917 }
2918 if (wrappedKeyLen != sizeof(wrappedKey)) {
2919 PKM_Error( "wrappedKeyLen is %lu\n", wrappedKeyLen);
2920 return crv;
2921 }
2922 /* Import an encrypted key */
2923 crv = pFunctionList->C_UnwrapKey(hSession, &aesEcbMech, hKey,
2924 wrappedKey, wrappedKeyLen,
2925 sAESKeyTemplate,
2926 NUM_ELEM(sAESKeyTemplate),
2927 &hTestKey);
2928 if (crv != CKR_OK) {
2929 PKM_Error( "C_UnwraPKey failed with 0x%08X, %-26s\n", crv,
2930 PKM_CK_RVtoStr(crv));
2931 return crv;
2932 }
2933 /* AES Encrypt the text */
2934 crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
2935 if (crv != CKR_OK) {
2936 PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2937 PKM_CK_RVtoStr(crv));
2938 return crv;
2939 }
2940 ciphertextLen = sizeof(ciphertext);
2941 crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *) PLAINTEXT,
2942 sizeof(PLAINTEXT),
2943 ciphertext, &ciphertextLen);
2944 if (crv != CKR_OK) {
2945 PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
2946 PKM_CK_RVtoStr(crv));
2947 return crv;
2948 }
2949
2950 if ( (ciphertextLen == sizeof(CIPHERTEXT)) &&
2951 (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) {
2952 PKM_LogIt("AES CBCVarKey128 encrypt test case 1 passed\n");
2953 } else {
2954 PKM_Error( "AES CBCVarKey128 encrypt test case 1 failed\n");
2955 return crv;
2956 }
2957
2958 /* now use EncryptUpdate the text */
2959 crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
2960 if (crv != CKR_OK) {
2961 PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
2962 PKM_CK_RVtoStr(crv));
2963 return crv;
2964 }
2965 ciphertext2Len = sizeof(ciphertext2);
2966 crv = pFunctionList->C_EncryptUpdate (hSession, (CK_BYTE *) PLAINTEXT,
2967 sizeof(PLAINTEXT),
2968 ciphertext2, &ciphertext2Len);
2969 if (crv != CKR_OK) {
2970 PKM_Error( "C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
2971 PKM_CK_RVtoStr(crv));
2972 return crv;
2973 }
2974 lastLen = sizeof(ciphertext2) - ciphertext2Len;
2975
2976 crv = pFunctionList->C_EncryptFinal(hSession,
2977 (CK_BYTE * )&ciphertext2[ciphertext2Len],
2978 &lastLen);
2979 ciphertext2Len = ciphertext2Len + lastLen;
2980
2981 if ( (ciphertextLen == ciphertext2Len) &&
2982 (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) &&
2983 (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) {
2984 PKM_LogIt("AES CBCVarKey128 encrypt test case 2 passed\n");
2985 } else {
2986 PKM_Error( "AES CBCVarKey128 encrypt test case 2 failed\n");
2987 return CKR_GENERAL_ERROR;
2988 }
2989
2990 /* AES CBC Decrypt the text */
2991 crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
2992 if (crv != CKR_OK) {
2993 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
2994 PKM_CK_RVtoStr(crv));
2995 return crv;
2996 }
2997 plaintextLen = sizeof(plaintext);
2998 crv = pFunctionList->C_Decrypt(hSession, ciphertext, ciphertextLen,
2999 plaintext, &plaintextLen);
3000 if (crv != CKR_OK) {
3001 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
3002 PKM_CK_RVtoStr(crv));
3003 return crv;
3004 }
3005 if ((plaintextLen == sizeof(PLAINTEXT))
3006 && (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) {
3007 PKM_LogIt("AES CBCVarKey128 decrypt test case 1 passed\n");
3008 } else {
3009 PKM_Error( "AES CBCVarKey128 derypt test case 1 failed\n");
3010 }
3011 /* now use DecryptUpdate the text */
3012 crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
3013 if (crv != CKR_OK) {
3014 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
3015 PKM_CK_RVtoStr(crv));
3016 return crv;
3017 }
3018 plaintext2Len = sizeof(plaintext2);
3019 crv = pFunctionList->C_DecryptUpdate(hSession, ciphertext2,
3020 ciphertext2Len,
3021 plaintext2, &plaintext2Len);
3022 if (crv != CKR_OK) {
3023 PKM_Error( "C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
3024 PKM_CK_RVtoStr(crv));
3025 return crv;
3026 }
3027 lastLen = sizeof(plaintext2) - plaintext2Len;
3028 crv = pFunctionList->C_DecryptFinal(hSession,
3029 (CK_BYTE * )&plaintext2[plaintext2Len],
3030 &lastLen);
3031 plaintext2Len = plaintext2Len + lastLen;
3032
3033 if ( (plaintextLen == plaintext2Len) &&
3034 (memcmp(plaintext, plaintext2, plaintext2Len) == 0) &&
3035 (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) {
3036 PKM_LogIt("AES CBCVarKey128 decrypt test case 2 passed\n");
3037 } else {
3038 PKM_Error( "AES CBCVarKey128 decrypt test case 2 failed\n");
3039 return CKR_GENERAL_ERROR;
3040 }
3041
3042 crv = pFunctionList->C_Logout(hSession);
3043 if (crv == CKR_OK) {
3044 PKM_LogIt("C_Logout succeeded\n");
3045 } else {
3046 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
3047 PKM_CK_RVtoStr(crv));
3048 return crv;
3049 }
3050 crv = pFunctionList->C_CloseSession(hSession);
3051 if (crv != CKR_OK) {
3052 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
3053 PKM_CK_RVtoStr(crv));
3054 return crv;
3055 }
3056
3057
3058 return crv;
3059
3060 }
3061
3062 CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
3063 CK_SESSION_HANDLE hRwSession,
3064 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
3065 CK_MECHANISM *signMech, const CK_BYTE * pData,
3066 CK_ULONG pDataLen) {
3067 CK_RV crv = CKR_OK;
3068 CK_BYTE sig[MAX_SIG_SZ];
3069 CK_ULONG sigLen = 0 ;
3070
3071 NUMTESTS++; /* increment NUMTESTS */
3072 memset(sig, 0, sizeof(sig));
3073
3074 /* C_Sign */
3075 crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
3076 if (crv != CKR_OK) {
3077 PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
3078 PKM_CK_RVtoStr(crv));
3079 return crv;
3080 }
3081 sigLen = sizeof(sig);
3082 crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE * ) pData, pDataLen,
3083 sig, &sigLen);
3084 if (crv != CKR_OK) {
3085 PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
3086 PKM_CK_RVtoStr(crv));
3087 return crv;
3088 }
3089
3090 /* C_Verify the signature */
3091 crv = pFunctionList->C_VerifyInit(hRwSession, signMech, hPubKey);
3092 if (crv != CKR_OK) {
3093 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3094 PKM_CK_RVtoStr(crv));
3095 return crv;
3096 }
3097 crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE * ) pData, pDataLen,
3098 sig, sigLen);
3099 if (crv == CKR_OK) {
3100 PKM_LogIt("C_Verify succeeded\n");
3101 } else {
3102 PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
3103 PKM_CK_RVtoStr(crv));
3104 return crv;
3105 }
3106
3107 /* Check that the mechanism is Multi-part */
3108 if (signMech->mechanism == CKM_DSA ||
3109 signMech->mechanism == CKM_RSA_PKCS) {
3110 return crv;
3111 }
3112
3113 memset(sig, 0, sizeof(sig));
3114 /* SignUpdate */
3115 crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
3116 if (crv != CKR_OK) {
3117 PKM_Error( "C_SignInit failed with 0x%08lX %-26s\n", crv,
3118 PKM_CK_RVtoStr(crv));
3119 return crv;
3120 }
3121 crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE * ) pData, pDataLen);
3122 if (crv != CKR_OK) {
3123 PKM_Error( "C_Sign failed with 0x%08lX %-26s\n", crv,
3124 PKM_CK_RVtoStr(crv));
3125 return crv;
3126 }
3127
3128 sigLen = sizeof(sig);
3129 crv = pFunctionList->C_SignFinal(hRwSession, sig, &sigLen);
3130 if (crv != CKR_OK) {
3131 PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
3132 PKM_CK_RVtoStr(crv));
3133 return crv;
3134 }
3135
3136 /* C_VerifyUpdate the signature */
3137 crv = pFunctionList->C_VerifyInit(hRwSession, signMech,
3138 hPubKey);
3139 if (crv != CKR_OK) {
3140 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3141 PKM_CK_RVtoStr(crv));
3142 return crv;
3143 }
3144 crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE * ) pData,
3145 pDataLen);
3146 if (crv != CKR_OK) {
3147 PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3148 PKM_CK_RVtoStr(crv));
3149 return crv;
3150 }
3151 crv = pFunctionList->C_VerifyFinal(hRwSession, sig, sigLen);
3152 if (crv == CKR_OK) {
3153 PKM_LogIt("C_VerifyFinal succeeded\n");
3154 } else {
3155 PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
3156 PKM_CK_RVtoStr(crv));
3157 return crv;
3158 }
3159 return crv;
3160
3161 }
3162
3163
3164
3165 CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
3166 CK_SLOT_ID * pSlotList,
3167 CK_ULONG slotID, CK_UTF8CHAR_PTR pwd,
3168 CK_ULONG pwdLen){
3169 CK_SESSION_HANDLE hSession;
3170 CK_RV crv = CKR_OK;
3171
3172 /*** DSA Key ***/
3173 CK_MECHANISM dsaParamGenMech;
3174 CK_ULONG primeBits = 1024;
3175 CK_ATTRIBUTE dsaParamGenTemplate[1];
3176 CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
3177 CK_BYTE DSA_P[128];
3178 CK_BYTE DSA_Q[20];
3179 CK_BYTE DSA_G[128];
3180 CK_MECHANISM dsaKeyPairGenMech;
3181 CK_ATTRIBUTE dsaPubKeyTemplate[5];
3182 CK_ATTRIBUTE dsaPrivKeyTemplate[5];
3183 CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
3184 CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
3185
3186 /* From SHA1ShortMsg.req, Len = 136 */
3187 CK_BYTE MSG[] = {
3188 0xba, 0x33, 0x95, 0xfb,
3189 0x5a, 0xfa, 0x8e, 0x6a,
3190 0x43, 0xdf, 0x41, 0x6b,
3191 0x32, 0x7b, 0x74, 0xfa,
3192 0x44
3193 };
3194 CK_BYTE MD[] = {
3195 0xf7, 0x5d, 0x92, 0xa4,
3196 0xbb, 0x4d, 0xec, 0xc3,
3197 0x7c, 0x5c, 0x72, 0xfa,
3198 0x04, 0x75, 0x71, 0x0a,
3199 0x06, 0x75, 0x8c, 0x1d
3200 };
3201
3202 CK_BYTE sha1Digest[20];
3203 CK_ULONG sha1DigestLen;
3204 CK_BYTE dsaSig[40];
3205 CK_ULONG dsaSigLen;
3206 CK_MECHANISM sha1Mech = {
3207 CKM_SHA_1, NULL, 0
3208 };
3209 CK_MECHANISM dsaMech = {
3210 CKM_DSA, NULL, 0
3211 };
3212 CK_MECHANISM dsaWithSha1Mech = {
3213 CKM_DSA_SHA1, NULL, 0
3214 };
3215
3216 NUMTESTS++; /* increment NUMTESTS */
3217
3218 /* DSA key init */
3219 dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
3220 dsaParamGenMech.pParameter = NULL_PTR;
3221 dsaParamGenMech.ulParameterLen = 0;
3222 dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
3223 dsaParamGenTemplate[0].pValue = &primeBits;
3224 dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
3225 dsaPubKeyTemplate[0].type = CKA_PRIME;
3226 dsaPubKeyTemplate[0].pValue = DSA_P;
3227 dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
3228 dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
3229 dsaPubKeyTemplate[1].pValue = DSA_Q;
3230 dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
3231 dsaPubKeyTemplate[2].type = CKA_BASE;
3232 dsaPubKeyTemplate[2].pValue = DSA_G;
3233 dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
3234 dsaPubKeyTemplate[3].type = CKA_TOKEN;
3235 dsaPubKeyTemplate[3].pValue = &true;
3236 dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
3237 dsaPubKeyTemplate[4].type = CKA_VERIFY;
3238 dsaPubKeyTemplate[4].pValue = &true;
3239 dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
3240 dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
3241 dsaKeyPairGenMech.pParameter = NULL_PTR;
3242 dsaKeyPairGenMech.ulParameterLen = 0;
3243 dsaPrivKeyTemplate[0].type = CKA_TOKEN;
3244 dsaPrivKeyTemplate[0].pValue = &true;
3245 dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
3246 dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
3247 dsaPrivKeyTemplate[1].pValue = &true;
3248 dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
3249 dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
3250 dsaPrivKeyTemplate[2].pValue = &true;
3251 dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
3252 dsaPrivKeyTemplate[3].type = CKA_SIGN,
3253 dsaPrivKeyTemplate[3].pValue = &true;
3254 dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
3255 dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
3256 dsaPrivKeyTemplate[4].pValue = &true;
3257 dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
3258
3259 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
3260 CKF_RW_SESSION | CKF_SERIAL_SESSION,
3261 NULL, NULL, &hSession);
3262 if (crv != CKR_OK) {
3263 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
3264 PKM_CK_RVtoStr(crv));
3265 return crv;
3266 }
3267
3268 crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
3269 if (crv == CKR_OK) {
3270 PKM_LogIt("C_Login with correct password succeeded\n");
3271 } else {
3272 PKM_Error( "C_Login with correct password failed "
3273 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3274 return crv;
3275 }
3276
3277 PKM_LogIt("Generate DSA PQG domain parameters ... \n");
3278 /* Generate DSA domain parameters PQG */
3279 crv = pFunctionList->C_GenerateKey(hSession, &dsaParamGenMech,
3280 dsaParamGenTemplate,
3281 1,
3282 &hDsaParams);
3283 if (crv == CKR_OK) {
3284 PKM_LogIt("DSA domain parameter generation succeeded\n");
3285 } else {
3286 PKM_Error( "DSA domain parameter generation failed "
3287 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3288 return crv;
3289 }
3290 crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams,
3291 dsaPubKeyTemplate, 3);
3292 if (crv == CKR_OK) {
3293 PKM_LogIt("Getting DSA domain parameters succeeded\n");
3294 } else {
3295 PKM_Error( "Getting DSA domain parameters failed "
3296 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3297 return crv;
3298 }
3299 crv = pFunctionList->C_DestroyObject(hSession, hDsaParams);
3300 if (crv == CKR_OK) {
3301 PKM_LogIt("Destroying DSA domain parameters succeeded\n");
3302 } else {
3303 PKM_Error( "Destroying DSA domain parameters failed "
3304 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3305 return crv;
3306 }
3307
3308 PKM_LogIt("Generate a DSA key pair ... \n");
3309 /* Generate a persistent DSA key pair */
3310 crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech,
3311 dsaPubKeyTemplate,
3312 NUM_ELEM(dsaPubKeyTemplate),
3313 dsaPrivKeyTemplate,
3314 NUM_ELEM(dsaPrivKeyTemplate),
3315 &hDSApubKey, &hDSAprivKey);
3316 if (crv == CKR_OK) {
3317 PKM_LogIt("DSA key pair generation succeeded\n");
3318 } else {
3319 PKM_Error( "DSA key pair generation failed "
3320 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3321 return crv;
3322 }
3323
3324 /* Compute SHA-1 digest */
3325 crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
3326 if (crv != CKR_OK) {
3327 PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
3328 PKM_CK_RVtoStr(crv));
3329 return crv;
3330 }
3331 sha1DigestLen = sizeof(sha1Digest);
3332 crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
3333 sha1Digest, &sha1DigestLen);
3334 if (crv != CKR_OK) {
3335 PKM_Error( "C_Digest failed with 0x%08X, %-26s\n", crv,
3336 PKM_CK_RVtoStr(crv));
3337 return crv;
3338 }
3339 if (sha1DigestLen != sizeof(sha1Digest)) {
3340 PKM_Error( "sha1DigestLen is %lu\n", sha1DigestLen);
3341 return crv;
3342 }
3343
3344 if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) {
3345 PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n");
3346 } else {
3347 PKM_Error( "SHA-1 SHA1ShortMsg test case Len = 136 failed\n");
3348 }
3349
3350 crv = PKM_PubKeySign(pFunctionList, hSession,
3351 hDSApubKey, hDSAprivKey,
3352 &dsaMech, sha1Digest, sizeof(sha1Digest));
3353 if (crv == CKR_OK) {
3354 PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n");
3355 } else {
3356 PKM_Error( "PKM_PubKeySign failed "
3357 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3358 return crv;
3359 }
3360 crv = PKM_PubKeySign(pFunctionList, hSession,
3361 hDSApubKey, hDSAprivKey,
3362 &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
3363 if (crv == CKR_OK) {
3364 PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n");
3365 } else {
3366 PKM_Error( "PKM_PubKeySign failed "
3367 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3368 return crv;
3369 }
3370
3371 /* Sign with DSA */
3372 crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey);
3373 if (crv != CKR_OK) {
3374 PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
3375 PKM_CK_RVtoStr(crv));
3376 return crv;
3377 }
3378 dsaSigLen = sizeof(dsaSig);
3379 crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen,
3380 dsaSig, &dsaSigLen);
3381 if (crv != CKR_OK) {
3382 PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
3383 PKM_CK_RVtoStr(crv));
3384 return crv;
3385 }
3386
3387 /* Verify the DSA signature */
3388 crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
3389 if (crv != CKR_OK) {
3390 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3391 PKM_CK_RVtoStr(crv));
3392 return crv;
3393 }
3394 crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
3395 dsaSig, dsaSigLen);
3396 if (crv == CKR_OK) {
3397 PKM_LogIt("C_Verify succeeded\n");
3398 } else {
3399 PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
3400 PKM_CK_RVtoStr(crv));
3401 return crv;
3402 }
3403
3404 /* Verify the signature in a different way */
3405 crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
3406 hDSApubKey);
3407 if (crv != CKR_OK) {
3408 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3409 PKM_CK_RVtoStr(crv));
3410 return crv;
3411 }
3412 crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
3413 if (crv != CKR_OK) {
3414 PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3415 PKM_CK_RVtoStr(crv));
3416 return crv;
3417 }
3418 crv = pFunctionList->C_VerifyUpdate(hSession, MSG+1, sizeof(MSG)-1);
3419 if (crv != CKR_OK) {
3420 PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3421 PKM_CK_RVtoStr(crv));
3422 return crv;
3423 }
3424 crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
3425 if (crv == CKR_OK) {
3426 PKM_LogIt("C_VerifyFinal succeeded\n");
3427 } else {
3428 PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
3429 PKM_CK_RVtoStr(crv));
3430 return crv;
3431 }
3432
3433 /* Verify the signature in a different way */
3434 crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
3435 hDSApubKey);
3436 if (crv != CKR_OK) {
3437 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n",
3438 crv, PKM_CK_RVtoStr(crv));
3439 return crv;
3440 }
3441 crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
3442 if (crv != CKR_OK) {
3443 PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n",
3444 crv, PKM_CK_RVtoStr(crv));
3445 return crv;
3446 }
3447 crv = pFunctionList->C_VerifyUpdate(hSession, MSG+1, sizeof(MSG)-1);
3448 if (crv != CKR_OK) {
3449 PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n",
3450 crv, PKM_CK_RVtoStr(crv));
3451 return crv;
3452 }
3453 crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
3454 if (crv == CKR_OK) {
3455 PKM_LogIt("C_VerifyFinal of multi update succeeded.\n");
3456 } else {
3457 PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n",
3458 crv, PKM_CK_RVtoStr(crv));
3459 return crv;
3460 }
3461 /* Now modify the data */
3462 MSG[0] += 1;
3463 /* Compute SHA-1 digest */
3464 crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
3465 if (crv != CKR_OK) {
3466 PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
3467 PKM_CK_RVtoStr(crv));
3468 return crv;
3469 }
3470 sha1DigestLen = sizeof(sha1Digest);
3471 crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
3472 sha1Digest, &sha1DigestLen);
3473 if (crv != CKR_OK) {
3474 PKM_Error( "C_Digest failed with 0x%08X, %-26s\n", crv,
3475 PKM_CK_RVtoStr(crv));
3476 return crv;
3477 }
3478 crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
3479 if (crv != CKR_OK) {
3480 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3481 PKM_CK_RVtoStr(crv));
3482 return crv;
3483 }
3484 crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
3485 dsaSig, dsaSigLen);
3486 if (crv != CKR_SIGNATURE_INVALID) {
3487 PKM_Error( "C_Verify of modified data succeeded\n");
3488 return crv;
3489 } else {
3490 PKM_LogIt("C_Verify of modified data returned as EXPECTED "
3491 " with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3492 }
3493
3494 crv = pFunctionList->C_Logout(hSession);
3495 if (crv == CKR_OK) {
3496 PKM_LogIt("C_Logout succeeded\n");
3497 } else {
3498 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
3499 PKM_CK_RVtoStr(crv));
3500 return crv;
3501 }
3502
3503 crv = pFunctionList->C_CloseSession(hSession);
3504 if (crv != CKR_OK) {
3505 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
3506 PKM_CK_RVtoStr(crv));
3507 return crv;
3508 }
3509
3510 return crv;
3511
3512 }
3513
3514 CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
3515 CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
3516 const CK_BYTE * pData, CK_ULONG pDataLen) {
3517
3518 CK_RV crv = CKR_OK;
3519
3520 CK_BYTE hmac1[HMAC_MAX_LENGTH];
3521 CK_ULONG hmac1Len = 0;
3522 CK_BYTE hmac2[HMAC_MAX_LENGTH];
3523 CK_ULONG hmac2Len = 0;
3524
3525 memset(hmac1, 0, sizeof(hmac1));
3526 memset(hmac2, 0, sizeof(hmac2));
3527
3528 NUMTESTS++; /* increment NUMTESTS */
3529
3530 crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
3531 if (crv == CKR_OK) {
3532 PKM_LogIt("C_SignInit succeeded\n");
3533 } else {
3534 PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
3535 PKM_CK_RVtoStr(crv));
3536 return crv;
3537 }
3538
3539 hmac1Len = sizeof(hmac1);
3540 crv = pFunctionList->C_Sign(hSession, (CK_BYTE * )pData,
3541 pDataLen,
3542 (CK_BYTE * )hmac1, &hmac1Len);
3543 if (crv == CKR_OK) {
3544 PKM_LogIt("C_Sign succeeded\n");
3545 } else {
3546 PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
3547 PKM_CK_RVtoStr(crv));
3548 return crv;
3549 }
3550
3551 crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
3552 if (crv == CKR_OK) {
3553 PKM_LogIt("C_SignInit succeeded\n");
3554 } else {
3555 PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
3556 PKM_CK_RVtoStr(crv));
3557 return crv;
3558 }
3559
3560 crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE * )pData,
3561 pDataLen);
3562 if (crv == CKR_OK) {
3563 PKM_LogIt("C_SignUpdate succeeded\n");
3564 } else {
3565 PKM_Error( "C_SignUpdate failed with 0x%08X, %-26s\n", crv,
3566 PKM_CK_RVtoStr(crv));
3567 return crv;
3568 }
3569
3570 hmac2Len = sizeof(hmac2);
3571 crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE * )hmac2, &hmac2Len);
3572 if (crv == CKR_OK) {
3573 PKM_LogIt("C_SignFinal succeeded\n");
3574 } else {
3575 PKM_Error( "C_SignFinal failed with 0x%08X, %-26s\n", crv,
3576 PKM_CK_RVtoStr(crv));
3577 return crv;
3578 }
3579
3580 if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0) ) {
3581 PKM_LogIt("hmacs are equal!\n");
3582 } else {
3583 PKM_Error("hmacs are not equal!\n");
3584 }
3585 crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
3586 if (crv != CKR_OK) {
3587 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3588 PKM_CK_RVtoStr(crv));
3589 return crv;
3590 }
3591 crv = pFunctionList->C_Verify(hSession, (CK_BYTE * )pData,
3592 pDataLen,
3593 (CK_BYTE * ) hmac2, hmac2Len);
3594 if (crv == CKR_OK) {
3595 PKM_LogIt("C_Verify of hmac succeeded\n");
3596 } else {
3597 PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
3598 PKM_CK_RVtoStr(crv));
3599 return crv;
3600 }
3601 crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
3602 if (crv != CKR_OK) {
3603 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
3604 PKM_CK_RVtoStr(crv));
3605 return crv;
3606 }
3607 crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE * )pData,
3608 pDataLen);
3609 if (crv == CKR_OK) {
3610 PKM_LogIt("C_VerifyUpdate of hmac succeeded\n");
3611 } else {
3612 PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
3613 PKM_CK_RVtoStr(crv));
3614 return crv;
3615 }
3616 crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE * ) hmac1,
3617 hmac1Len);
3618 if (crv == CKR_OK) {
3619 PKM_LogIt("C_VerifyFinal of hmac succeeded\n");
3620 } else {
3621 PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
3622 PKM_CK_RVtoStr(crv));
3623 return crv;
3624 }
3625 return crv;
3626 }
3627
3628 CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
3629 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
3630 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
3631 CK_RV crv = CKR_OK;
3632
3633 CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
3634 CK_SESSION_INFO sinfo;
3635 CK_ATTRIBUTE_PTR pTemplate;
3636 CK_ULONG tnObjects = 0;
3637
3638 NUMTESTS++; /* increment NUMTESTS */
3639
3640 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
3641 NULL, NULL, &h);
3642 if ( CKR_OK != crv ) {
3643 PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
3644 "returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
3645 PKM_CK_RVtoStr(crv));
3646 return crv;
3647 }
3648
3649 PKM_LogIt( " Opened a session: handle = 0x%08x\n", h);
3650
3651 (void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO));
3652 crv = pFunctionList->C_GetSessionInfo(h, &sinfo);
3653 if ( CKR_OK != crv ) {
3654 PKM_LogIt( "C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv,
3655 PKM_CK_RVtoStr(crv));
3656 return crv;
3657 }
3658
3659 PKM_LogIt( " SESSION INFO:\n");
3660 PKM_LogIt( " slotID = %lu\n", sinfo.slotID);
3661 PKM_LogIt( " state = %lu\n", sinfo.state);
3662 PKM_LogIt( " flags = 0x%08x\n", sinfo.flags);
3663 #ifdef CKF_EXCLUSIVE_SESSION
3664 PKM_LogIt( " -> EXCLUSIVE SESSION = %s\n", sinfo.flags &
3665 CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE");
3666 #endif /* CKF_EXCLUSIVE_SESSION */
3667 PKM_LogIt( " -> RW SESSION = %s\n", sinfo.flags &
3668 CKF_RW_SESSION ? "TRUE" : "FALSE");
3669 PKM_LogIt( " -> SERIAL SESSION = %s\n", sinfo.flags &
3670 CKF_SERIAL_SESSION ? "TRUE" : "FALSE");
3671 #ifdef CKF_INSERTION_CALLBACK
3672 PKM_LogIt( " -> INSERTION CALLBACK = %s\n", sinfo.flags &
3673 CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE");
3674 #endif /* CKF_INSERTION_CALLBACK */
3675 PKM_LogIt( " ulDeviceError = %lu\n", sinfo.ulDeviceError);
3676 PKM_LogIt( "\n");
3677
3678 crv = pFunctionList->C_FindObjectsInit(h, NULL, 0);
3679 if ( CKR_OK != crv ) {
3680 PKM_LogIt( "C_FindObjectsInit(%lu, NULL, 0) returned "
3681 "0x%08X, %-26s\n",
3682 h, crv, PKM_CK_RVtoStr(crv));
3683 return crv;
3684 }
3685
3686 pTemplate = (CK_ATTRIBUTE_PTR)calloc(number_of_all_known_attribute_types,
3687 sizeof(CK_ATTRIBUTE));
3688 if ( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
3689 PKM_Error( "[memory allocation of %lu bytes failed]\n",
3690 number_of_all_known_attribute_types *
3691 sizeof(CK_ATTRIBUTE));
3692 return crv;
3693 }
3694
3695 PKM_LogIt( " All objects:\n");
3696
3697 while (1) {
3698 CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0;
3699 CK_ULONG nObjects = 0;
3700 CK_ULONG k;
3701 CK_ULONG nAttributes = 0;
3702 CK_ATTRIBUTE_PTR pT2;
3703 CK_ULONG l;
3704
3705 crv = pFunctionList->C_FindObjects(h, &o, 1, &nObjects);
3706 if ( CKR_OK != crv ) {
3707 PKM_Error( "C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n",
3708 h, crv, PKM_CK_RVtoStr(crv));
3709 return crv;
3710 }
3711
3712 if ( 0 == nObjects ) {
3713 PKM_LogIt( "\n");
3714 break;
3715 }
3716
3717 tnObjects++;
3718
3719 PKM_LogIt( " OBJECT HANDLE %lu:\n", o);
3720
3721 for ( k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; k++ ) {
3722 pTemplate[k].type = all_known_attribute_types[k];
3723 pTemplate[k].pValue = (CK_VOID_PTR) NULL;
3724 pTemplate[k].ulValueLen = 0;
3725 }
3726
3727 crv = pFunctionList->C_GetAttributeValue(h, o, pTemplate,
3728 number_of_all_known_attribute_types);
3729 switch ( crv ) {
3730 case CKR_OK:
3731 case CKR_ATTRIBUTE_SENSITIVE:
3732 case CKR_ATTRIBUTE_TYPE_INVALID:
3733 case CKR_BUFFER_TOO_SMALL:
3734 break;
3735 default:
3736 PKM_Error( "C_GetAtributeValue(%lu, %lu, {all attribute types},"
3737 "%lu) returned 0x%08X, %-26s\n",
3738 h, o, number_of_all_known_attribute_types, crv,
3739 PKM_CK_RVtoStr(crv));
3740 return crv;
3741 }
3742
3743 for ( k = 0; k < (CK_ULONG) number_of_all_known_attribute_types; k++) {
3744 if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
3745 nAttributes++;
3746 }
3747 }
3748
3749 if ( 1 ) {
3750 PKM_LogIt( " %lu attributes:\n", nAttributes);
3751 for ( k = 0; k < (CK_ULONG) number_of_all_known_attribute_types;
3752 k++ ) {
3753 if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
3754 PKM_LogIt( " 0x%08x (len = %lu)\n",
3755 pTemplate[k].type,
3756 pTemplate[k].ulValueLen);
3757 }
3758 }
3759 PKM_LogIt( "\n");
3760 }
3761
3762 pT2 = (CK_ATTRIBUTE_PTR)calloc(nAttributes, sizeof(CK_ATTRIBUTE));
3763 if ( (CK_ATTRIBUTE_PTR)NULL == pT2 ) {
3764 PKM_Error( "[memory allocation of %lu bytes failed]\n",
3765 nAttributes * sizeof(CK_ATTRIBUTE));
3766 return crv;
3767 }
3768
3769 for ( l = 0, k = 0; k < (CK_ULONG) number_of_all_known_attribute_types;
3770 k++ ) {
3771 if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
3772 pT2[l].type = pTemplate[k].type;
3773 pT2[l].ulValueLen = pTemplate[k].ulValueLen;
3774 pT2[l].pValue = (CK_VOID_PTR)malloc(pT2[l].ulValueLen);
3775 if ( (CK_VOID_PTR)NULL == pT2[l].pValue ) {
3776 PKM_Error( "[memory allocation of %lu bytes failed]\n",
3777 pT2[l].ulValueLen);
3778 return crv;
3779 }
3780 l++;
3781 }
3782 }
3783
3784 assert( l == nAttributes );
3785
3786 crv = pFunctionList->C_GetAttributeValue(h, o, pT2, nAttributes);
3787 switch ( crv ) {
3788 case CKR_OK:
3789 case CKR_ATTRIBUTE_SENSITIVE:
3790 case CKR_ATTRIBUTE_TYPE_INVALID:
3791 case CKR_BUFFER_TOO_SMALL:
3792 break;
3793 default:
3794 PKM_Error( "C_GetAtributeValue(%lu, %lu, {existant attribute"
3795 " types}, %lu) returned 0x%08X, %-26s\n",
3796 h, o, nAttributes, crv, PKM_CK_RVtoStr(crv));
3797 return crv;
3798 }
3799
3800 for ( l = 0; l < nAttributes; l++ ) {
3801 PKM_LogIt( " type = 0x%08x, len = %ld", pT2[l].type,
3802 (CK_LONG)pT2[l].ulValueLen);
3803 if ( -1 == (CK_LONG)pT2[l].ulValueLen ) {
3804 ;
3805 } else {
3806 CK_ULONG m;
3807
3808 if ( pT2[l].ulValueLen <= 8 ) {
3809 PKM_LogIt( ", value = ");
3810 } else {
3811 PKM_LogIt( ", value = \n ");
3812 }
3813
3814 for ( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
3815 PKM_LogIt( "%02x", (CK_ULONG)(0xff &
3816 ((CK_CHAR_PTR)pT2[l].pValue)[m]));
3817 }
3818
3819 PKM_LogIt( " ");
3820
3821 for ( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
3822 CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m];
3823 if ( (c < 0x20) || (c >= 0x7f) ) {
3824 c = '.';
3825 }
3826 PKM_LogIt( "%c", c);
3827 }
3828 }
3829
3830 PKM_LogIt( "\n");
3831 }
3832
3833 PKM_LogIt( "\n");
3834
3835 for ( l = 0; l < nAttributes; l++ ) {
3836 free(pT2[l].pValue);
3837 }
3838 free(pT2);
3839 } /* while(1) */
3840
3841 crv = pFunctionList->C_FindObjectsFinal(h);
3842 if ( CKR_OK != crv ) {
3843 PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv,
3844 PKM_CK_RVtoStr(crv));
3845 return crv;
3846 }
3847
3848 PKM_LogIt( " (%lu objects total)\n", tnObjects);
3849
3850 crv = pFunctionList->C_CloseSession(h);
3851 if ( CKR_OK != crv ) {
3852 PKM_Error( "C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv,
3853 PKM_CK_RVtoStr(crv));
3854 return crv;
3855 }
3856
3857 return crv;
3858 }
3859 /* session to create, find, and delete a couple session objects */
3860 CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
3861 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
3862 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
3863
3864 CK_RV crv = CKR_OK;
3865
3866 CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
3867 CK_SESSION_HANDLE h2 = (CK_SESSION_HANDLE)0;
3868 CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1];
3869 CK_OBJECT_CLASS cko_data = CKO_DATA;
3870 char *key = "TEST PROGRAM";
3871 CK_ULONG key_len = 0;
3872 CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0;
3873 CK_OBJECT_HANDLE hTwoIn = (CK_OBJECT_HANDLE)0;
3874 CK_OBJECT_HANDLE hThreeIn = (CK_OBJECT_HANDLE)0;
3875 CK_OBJECT_HANDLE hDeltaIn = (CK_OBJECT_HANDLE)0;
3876 CK_OBJECT_HANDLE found[10];
3877 CK_ULONG nFound;
3878 CK_ULONG hDeltaLen, hThreeLen = 0;
3879
3880 CK_TOKEN_INFO tinfo;
3881
3882 NUMTESTS++; /* increment NUMTESTS */
3883 key_len = sizeof(key);
3884 crv = pFunctionList->C_OpenSession(pSlotList[slotID],
3885 CKF_SERIAL_SESSION, NULL, NULL, &h);
3886 if ( CKR_OK != crv ) {
3887 PKM_Error( "C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
3888 "returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
3889 PKM_CK_RVtoStr(crv));
3890 return crv;
3891 }
3892 crv = pFunctionList->C_Login(h, CKU_USER, pwd, pwdLen);
3893 if (crv == CKR_OK) {
3894 PKM_LogIt("C_Login with correct password succeeded\n");
3895 } else {
3896 PKM_Error( "C_Login with correct password failed "
3897 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
3898 return crv;
3899 }
3900
3901
3902 (void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO));
3903 crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tinfo);
3904 if ( CKR_OK != crv ) {
3905 PKM_Error("C_GetTokenInfo(%lu, ) returned 0x%08X, %-26s\n",
3906 pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
3907 return crv;
3908 }
3909
3910
3911 PKM_LogIt( " Opened a session: handle = 0x%08x\n", h);
3912
3913 one[0].type = CKA_CLASS;
3914 one[0].pValue = &cko_data;
3915 one[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
3916 one[1].type = CKA_TOKEN;
3917 one[1].pValue = &false;
3918 one[1].ulValueLen = sizeof(CK_BBOOL);
3919 one[2].type = CKA_PRIVATE;
3920 one[2].pValue = &false;
3921 one[2].ulValueLen = sizeof(CK_BBOOL);
3922 one[3].type = CKA_MODIFIABLE;
3923 one[3].pValue = &true;
3924 one[3].ulValueLen = sizeof(CK_BBOOL);
3925 one[4].type = CKA_LABEL;
3926 one[4].pValue = "Test data object one";
3927 one[4].ulValueLen = strlen(one[4].pValue);
3928 one[5].type = CKA_APPLICATION;
3929 one[5].pValue = key;
3930 one[5].ulValueLen = key_len;
3931 one[6].type = CKA_VALUE;
3932 one[6].pValue = "Object one";
3933 one[6].ulValueLen = strlen(one[6].pValue);
3934
3935 two[0].type = CKA_CLASS;
3936 two[0].pValue = &cko_data;
3937 two[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
3938 two[1].type = CKA_TOKEN;
3939 two[1].pValue = &false;
3940 two[1].ulValueLen = sizeof(CK_BBOOL);
3941 two[2].type = CKA_PRIVATE;
3942 two[2].pValue = &false;
3943 two[2].ulValueLen = sizeof(CK_BBOOL);
3944 two[3].type = CKA_MODIFIABLE;
3945 two[3].pValue = &true;
3946 two[3].ulValueLen = sizeof(CK_BBOOL);
3947 two[4].type = CKA_LABEL;
3948 two[4].pValue = "Test data object two";
3949 two[4].ulValueLen = strlen(two[4].pValue);
3950 two[5].type = CKA_APPLICATION;
3951 two[5].pValue = key;
3952 two[5].ulValueLen = key_len;
3953 two[6].type = CKA_VALUE;
3954 two[6].pValue = "Object two";
3955 two[6].ulValueLen = strlen(two[6].pValue);
3956
3957 three[0].type = CKA_CLASS;
3958 three[0].pValue = &cko_data;
3959 three[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
3960 three[1].type = CKA_TOKEN;
3961 three[1].pValue = &false;
3962 three[1].ulValueLen = sizeof(CK_BBOOL);
3963 three[2].type = CKA_PRIVATE;
3964 three[2].pValue = &false;
3965 three[2].ulValueLen = sizeof(CK_BBOOL);
3966 three[3].type = CKA_MODIFIABLE;
3967 three[3].pValue = &true;
3968 three[3].ulValueLen = sizeof(CK_BBOOL);
3969 three[4].type = CKA_LABEL;
3970 three[4].pValue = "Test data object three";
3971 three[4].ulValueLen = strlen(three[4].pValue);
3972 three[5].type = CKA_APPLICATION;
3973 three[5].pValue = key;
3974 three[5].ulValueLen = key_len;
3975 three[6].type = CKA_VALUE;
3976 three[6].pValue = "Object three";
3977 three[6].ulValueLen = strlen(three[6].pValue);
3978
3979 crv = pFunctionList->C_CreateObject(h, one, 7, &hOneIn);
3980 if ( CKR_OK != crv ) {
3981 PKM_Error( "C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n",
3982 h, crv, PKM_CK_RVtoStr(crv));
3983 return crv;
3984 }
3985
3986 PKM_LogIt( " Created object one: handle = %lu\n", hOneIn);
3987
3988 crv = pFunctionList->C_CreateObject(h, two, 7, &hTwoIn);
3989 if ( CKR_OK != crv ) {
3990 PKM_Error( "C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n",
3991 h, crv, PKM_CK_RVtoStr(crv));
3992 return crv;
3993 }
3994
3995 PKM_LogIt( " Created object two: handle = %lu\n", hTwoIn);
3996
3997 crv = pFunctionList->C_CreateObject(h, three, 7, &hThreeIn);
3998 if ( CKR_OK != crv ) {
3999 PKM_Error( "C_CreateObject(%lu, three, 7, ) returned 0x%08x\n",
4000 h, crv, PKM_CK_RVtoStr(crv));
4001 return crv;
4002 }
4003 crv = pFunctionList->C_GetObjectSize(h, hThreeIn, &hThreeLen);
4004 if (crv == CKR_OK) {
4005 PKM_LogIt("C_GetObjectSize succeeded\n");
4006 } else {
4007 PKM_Error("C_GetObjectSize failed "
4008 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4009 return crv;
4010 }
4011
4012 PKM_LogIt( " Created object three: handle = %lu\n", hThreeIn);
4013
4014 delta[0].type = CKA_VALUE;
4015 delta[0].pValue = "Copied object";
4016 delta[0].ulValueLen = strlen(delta[0].pValue);
4017
4018 crv = pFunctionList->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn);
4019 if ( CKR_OK != crv ) {
4020 PKM_Error( "C_CopyObject(%lu, %lu, delta, 1, ) returned "
4021 "0x%08X, %-26s\n",
4022 h, hThreeIn, crv, PKM_CK_RVtoStr(crv));
4023 return crv;
4024 }
4025 crv = pFunctionList->C_GetObjectSize(h, hDeltaIn, &hDeltaLen);
4026 if (crv == CKR_OK) {
4027 PKM_LogIt("C_GetObjectSize succeeded\n");
4028 } else {
4029 PKM_Error("C_GetObjectSize failed "
4030 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4031 return crv;
4032 }
4033
4034 if (hThreeLen == hDeltaLen) {
4035 PKM_LogIt("Copied object size same as orginal\n");
4036 } else {
4037 PKM_Error("Copied object different from original\n");
4038 return CKR_DEVICE_ERROR;
4039 }
4040
4041 PKM_LogIt( " Copied object three: new handle = %lu\n", hDeltaIn);
4042
4043 mask[0].type = CKA_APPLICATION;
4044 mask[0].pValue = key;
4045 mask[0].ulValueLen = key_len;
4046
4047 crv = pFunctionList->C_FindObjectsInit(h, mask, 1);
4048 if ( CKR_OK != crv ) {
4049 PKM_Error( "C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
4050 h, crv, PKM_CK_RVtoStr(crv));
4051 return crv;
4052 }
4053
4054 (void)memset(&found, 0, sizeof(found));
4055 nFound = 0;
4056 crv = pFunctionList->C_FindObjects(h, found, 10, &nFound);
4057 if ( CKR_OK != crv ) {
4058 PKM_Error( "C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
4059 h, crv, PKM_CK_RVtoStr(crv));
4060 return crv;
4061 }
4062
4063 if ( 4 != nFound ) {
4064 PKM_Error( "Found %lu objects, not 4.\n", nFound);
4065 return crv;
4066 }
4067
4068 PKM_LogIt( " Found 4 objects: %lu, %lu, %lu, %lu\n",
4069 found[0], found[1], found[2], found[3]);
4070
4071 crv = pFunctionList->C_FindObjectsFinal(h);
4072 if ( CKR_OK != crv ) {
4073 PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n",
4074 h, crv, PKM_CK_RVtoStr(crv));
4075 return crv;
4076 }
4077
4078 crv = pFunctionList->C_DestroyObject(h, hThreeIn);
4079 if ( CKR_OK != crv ) {
4080 PKM_Error( "C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h,
4081 hThreeIn, crv, PKM_CK_RVtoStr(crv));
4082 return crv;
4083 }
4084
4085 PKM_LogIt( " Destroyed object three (handle = %lu)\n", hThreeIn);
4086
4087 delta[0].type = CKA_APPLICATION;
4088 delta[0].pValue = "Changed application";
4089 delta[0].ulValueLen = strlen(delta[0].pValue);
4090
4091 crv = pFunctionList->C_SetAttributeValue(h, hTwoIn, delta, 1);
4092 if ( CKR_OK != crv ) {
4093 PKM_Error("C_SetAttributeValue(%lu, %lu, delta, 1) returned "
4094 "0x%08X, %-26s\n",
4095 h, hTwoIn, crv, PKM_CK_RVtoStr(crv));
4096 return crv;
4097 }
4098
4099 PKM_LogIt( " Changed object two (handle = %lu).\n", hTwoIn);
4100
4101 /* Can another session find these session objects? */
4102
4103 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
4104 NULL, NULL, &h2);
4105 if ( CKR_OK != crv ) {
4106 PKM_Error( "C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
4107 " returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
4108 PKM_CK_RVtoStr(crv));
4109 return crv;
4110 }
4111 PKM_LogIt( " Opened a second session: handle = 0x%08x\n", h2);
4112
4113 /* mask is still the same */
4114
4115 crv = pFunctionList->C_FindObjectsInit(h2, mask, 1);
4116 if ( CKR_OK != crv ) {
4117 PKM_Error( "C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
4118 h2, crv, PKM_CK_RVtoStr(crv));
4119 return crv;
4120 }
4121
4122 (void)memset(&found, 0, sizeof(found));
4123 nFound = 0;
4124 crv = pFunctionList->C_FindObjects(h2, found, 10, &nFound);
4125 if ( CKR_OK != crv ) {
4126 PKM_Error( "C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
4127 h2, crv, PKM_CK_RVtoStr(crv));
4128 return crv;
4129 }
4130
4131 if ( 2 != nFound ) {
4132 PKM_Error( "Found %lu objects, not 2.\n", nFound);
4133 return crv;
4134 }
4135
4136 PKM_LogIt( " Found 2 objects: %lu, %lu\n",
4137 found[0], found[1]);
4138
4139 crv = pFunctionList->C_FindObjectsFinal(h2);
4140 if ( CKR_OK != crv ) {
4141 PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv,
4142 PKM_CK_RVtoStr(crv));
4143 return crv;
4144 }
4145 crv = pFunctionList->C_Logout(h);
4146 if (crv == CKR_OK) {
4147 PKM_LogIt("C_Logout succeeded\n");
4148 } else {
4149 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
4150 PKM_CK_RVtoStr(crv));
4151 return crv;
4152 }
4153 crv = pFunctionList->C_CloseAllSessions(pSlotList[slotID]);
4154 if ( CKR_OK != crv ) {
4155 PKM_Error( "C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n",
4156 pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
4157 return crv;
4158 }
4159
4160 PKM_LogIt( "\n");
4161 return crv;
4162 }
4163
4164 CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
4165 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
4166 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
4167 CK_SESSION_HANDLE hSession;
4168 CK_RV crv = CKR_OK;
4169 CK_MECHANISM sAESKeyMech = {
4170 CKM_AES_KEY_GEN, NULL, 0
4171 };
4172 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
4173 CK_KEY_TYPE keyAESType = CKK_AES;
4174 CK_UTF8CHAR AESlabel[] = "An AES secret key object";
4175 CK_ULONG AESvalueLen = 16;
4176 CK_ATTRIBUTE sAESKeyTemplate[9];
4177 CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE;
4178 CK_BYTE_PTR pstate = NULL;
4179 CK_ULONG statelen, digestlen, plainlen, plainlen_1, plainlen_2, slen;
4180
4181 static const CK_UTF8CHAR *plaintext = (CK_UTF8CHAR *)"Firefox rules.";
4182 static const CK_UTF8CHAR *plaintext_1 = (CK_UTF8CHAR *)"Thunderbird rules.";
4183 static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)
4184 "Firefox and Thunderbird.";
4185
4186 char digest[MAX_DIGEST_SZ], digest_1[MAX_DIGEST_SZ];
4187 char sign[MAX_SIG_SZ];
4188 CK_MECHANISM signmech;
4189 CK_MECHANISM digestmech;
4190
4191 NUMTESTS++; /* increment NUMTESTS */
4192
4193
4194 /* AES key template */
4195 sAESKeyTemplate[0].type = CKA_CLASS;
4196 sAESKeyTemplate[0].pValue = &class;
4197 sAESKeyTemplate[0].ulValueLen = sizeof(class);
4198 sAESKeyTemplate[1].type = CKA_KEY_TYPE;
4199 sAESKeyTemplate[1].pValue = &keyAESType;
4200 sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
4201 sAESKeyTemplate[2].type = CKA_LABEL;
4202 sAESKeyTemplate[2].pValue = AESlabel;
4203 sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
4204 sAESKeyTemplate[3].type = CKA_ENCRYPT;
4205 sAESKeyTemplate[3].pValue = &true;
4206 sAESKeyTemplate[3].ulValueLen = sizeof(true);
4207 sAESKeyTemplate[4].type = CKA_DECRYPT;
4208 sAESKeyTemplate[4].pValue = &true;
4209 sAESKeyTemplate[4].ulValueLen = sizeof(true);
4210 sAESKeyTemplate[5].type = CKA_SIGN;
4211 sAESKeyTemplate[5].pValue = &true;
4212 sAESKeyTemplate[5].ulValueLen = sizeof (true);
4213 sAESKeyTemplate[6].type = CKA_VERIFY;
4214 sAESKeyTemplate[6].pValue = &true;
4215 sAESKeyTemplate[6].ulValueLen = sizeof(true);
4216 sAESKeyTemplate[7].type = CKA_UNWRAP;
4217 sAESKeyTemplate[7].pValue = &true;
4218 sAESKeyTemplate[7].ulValueLen = sizeof(true);
4219 sAESKeyTemplate[8].type = CKA_VALUE_LEN;
4220 sAESKeyTemplate[8].pValue = &AESvalueLen;
4221 sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
4222
4223 signmech.mechanism = CKM_SHA_1_HMAC;
4224 signmech.pParameter = NULL;
4225 signmech.ulParameterLen = 0;
4226 digestmech.mechanism = CKM_SHA256;
4227 digestmech.pParameter = NULL;
4228 digestmech.ulParameterLen = 0;
4229
4230
4231 plainlen = strlen((char *)plaintext);
4232 plainlen_1 = strlen((char *)plaintext_1);
4233 plainlen_2 = strlen((char *)plaintext_2);
4234 digestlen = MAX_DIGEST_SZ;
4235
4236
4237 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
4238 NULL, NULL, &hSession);
4239 if (crv != CKR_OK) {
4240 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
4241 PKM_CK_RVtoStr(crv));
4242 return crv;
4243 }
4244
4245 crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
4246 if (crv == CKR_OK) {
4247 PKM_LogIt("C_Login with correct password succeeded\n");
4248 } else {
4249 PKM_Error( "C_Login with correct password failed "
4250 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4251 return crv;
4252 }
4253
4254 PKM_LogIt("Generate an AES key ...\n");
4255 /* generate an AES Secret Key */
4256 crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
4257 sAESKeyTemplate,
4258 NUM_ELEM(sAESKeyTemplate),
4259 &sKey);
4260 if (crv == CKR_OK) {
4261 PKM_LogIt("C_GenerateKey AES succeeded\n");
4262 } else {
4263 PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
4264 crv, PKM_CK_RVtoStr(crv));
4265 return crv;
4266 }
4267
4268 crv = pFunctionList->C_SignInit(hSession, &signmech, sKey);
4269 if (crv != CKR_OK) {
4270 PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv,
4271 PKM_CK_RVtoStr(crv));
4272 return crv;
4273 }
4274
4275 slen = sizeof(sign);
4276 crv = pFunctionList->C_Sign(hSession, (CK_BYTE_PTR)plaintext, plainlen,
4277 (CK_BYTE_PTR)sign, &slen);
4278 if (crv != CKR_OK) {
4279 PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv,
4280 PKM_CK_RVtoStr(crv));
4281 return crv;
4282 }
4283
4284 crv = pFunctionList->C_DestroyObject(hSession, sKey);
4285 if (crv != CKR_OK) {
4286 PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv,
4287 PKM_CK_RVtoStr(crv));
4288 return crv;
4289 }
4290
4291 digestlen = MAX_DIGEST_SZ;
4292 crv = pFunctionList->C_DigestInit(hSession, &digestmech);
4293 if (crv != CKR_OK) {
4294 PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
4295 PKM_CK_RVtoStr(crv));
4296 return crv;
4297 }
4298 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext,
4299 plainlen);
4300 if (crv != CKR_OK) {
4301 PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
4302 PKM_CK_RVtoStr(crv));
4303 return crv;
4304 }
4305
4306 crv = pFunctionList->C_GetOperationState(hSession, NULL, &statelen);
4307 if (crv != CKR_OK) {
4308 PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
4309 PKM_CK_RVtoStr(crv));
4310 return crv;
4311 }
4312
4313 pstate = (CK_BYTE_PTR) malloc(statelen * sizeof (CK_BYTE_PTR));
4314 crv = pFunctionList->C_GetOperationState(hSession, pstate, &statelen);
4315 if (crv != CKR_OK) {
4316 PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
4317 PKM_CK_RVtoStr(crv));
4318 return crv;
4319 }
4320
4321 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_1,
4322 plainlen_1);
4323 if (crv != CKR_OK) {
4324 PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
4325 PKM_CK_RVtoStr(crv));
4326 return crv;
4327 }
4328 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_2,
4329 plainlen_2);
4330 if (crv != CKR_OK) {
4331 PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
4332 PKM_CK_RVtoStr(crv));
4333 return crv;
4334 }
4335
4336 /*
4337 * This will override/negate the above 2 digest_update
4338 * operations
4339 */
4340 crv = pFunctionList->C_SetOperationState(hSession, pstate, statelen,
4341 0, 0);
4342 if (crv != CKR_OK) {
4343 PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv,
4344 PKM_CK_RVtoStr(crv));
4345 return crv;
4346 }
4347 crv = pFunctionList->C_DigestFinal(hSession, (CK_BYTE_PTR)digest,
4348 &digestlen);
4349 if (crv != CKR_OK) {
4350 PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv,
4351 PKM_CK_RVtoStr(crv));
4352 return crv;
4353 }
4354 digestlen = MAX_DIGEST_SZ;
4355 crv = pFunctionList->C_DigestInit(hSession, &digestmech);
4356 if (crv != CKR_OK) {
4357 PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
4358 PKM_CK_RVtoStr(crv));
4359 return crv;
4360 }
4361 crv = pFunctionList->C_Digest(hSession, (CK_BYTE_PTR)plaintext, plainlen,
4362 (CK_BYTE_PTR)digest_1, &digestlen);
4363 if (crv != CKR_OK) {
4364 PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv,
4365 PKM_CK_RVtoStr(crv));
4366 return crv;
4367 }
4368 if (memcmp(digest, digest_1, digestlen) == 0) {
4369 PKM_LogIt("Digest and digest_1 are equal!\n");
4370 } else {
4371 PKM_Error("Digest and digest_1 are not equal!\n");
4372 }
4373 crv = pFunctionList->C_Logout(hSession);
4374 if (crv == CKR_OK) {
4375 PKM_LogIt("C_Logout succeeded\n");
4376 } else {
4377 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
4378 PKM_CK_RVtoStr(crv));
4379 return crv;
4380 }
4381 crv = pFunctionList->C_CloseSession(hSession);
4382 if ( CKR_OK != crv ) {
4383 PKM_Error( "C_CloseSession(%lu) returned 0x%08X, %-26s\n",
4384 hSession, crv, PKM_CK_RVtoStr(crv));
4385 return crv;
4386 }
4387
4388 return crv;
4389 }
4390
4391
4392 /*
4393 * Recover Functions
4394 */
4395 CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
4396 CK_SESSION_HANDLE hSession,
4397 CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
4398 CK_MECHANISM *signMech, const CK_BYTE * pData,
4399 CK_ULONG pDataLen) {
4400 CK_RV crv = CKR_OK;
4401 CK_BYTE sig[MAX_SIG_SZ];
4402 CK_ULONG sigLen = MAX_SIG_SZ;
4403 CK_BYTE recover[MAX_SIG_SZ];
4404 CK_ULONG recoverLen = MAX_SIG_SZ;
4405
4406 NUMTESTS++; /* increment NUMTESTS */
4407
4408 /* initializes a signature operation,
4409 * where the data can be recovered from the signature
4410 */
4411 crv = pFunctionList->C_SignRecoverInit(hSession, signMech,
4412 hPrivKey);
4413 if (crv == CKR_OK) {
4414 PKM_LogIt("C_SignRecoverInit succeeded. \n");
4415 } else {
4416 PKM_Error("C_SignRecoverInit failed.\n"
4417 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4418 return crv;
4419 }
4420
4421 /* signs single-part data,
4422 * where the data can be recovered from the signature
4423 */
4424 crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE * )pData,
4425 pDataLen,
4426 (CK_BYTE * )sig, &sigLen);
4427 if (crv == CKR_OK) {
4428 PKM_LogIt("C_SignRecover succeeded. \n");
4429 } else {
4430 PKM_Error("C_SignRecoverInit failed to create an RSA key pair.\n"
4431 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4432 return crv;
4433 }
4434
4435 /*
4436 * initializes a verification operation
4437 *where the data is recovered from the signature
4438 */
4439 crv = pFunctionList->C_VerifyRecoverInit(hSession, signMech,
4440 hPubKey);
4441 if (crv == CKR_OK) {
4442 PKM_LogIt("C_VerifyRecoverInit succeeded. \n");
4443 } else {
4444 PKM_Error("C_VerifyRecoverInit failed.\n"
4445 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4446 return crv;
4447 }
4448
4449 /*
4450 * verifies a signature on single-part data,
4451 * where the data is recovered from the signature
4452 */
4453 crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE * )sig,
4454 sigLen,
4455 (CK_BYTE * )recover, &recoverLen);
4456 if (crv == CKR_OK) {
4457 PKM_LogIt("C_VerifyRecover succeeded. \n");
4458 } else {
4459 PKM_Error("C_VerifyRecover failed.\n"
4460 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4461 return crv;
4462 }
4463
4464 if ((recoverLen == pDataLen)
4465 && (memcmp(recover, pData, pDataLen) == 0)) {
4466 PKM_LogIt("VerifyRecover test case passed\n");
4467 } else {
4468 PKM_Error( "VerifyRecover test case failed\n");
4469 }
4470
4471 return crv;
4472 }
4473 /*
4474 * wrapUnwrap
4475 * wrap the secretkey with the public key.
4476 * unwrap the secretkey with the private key.
4477 */
4478 CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
4479 CK_SESSION_HANDLE hSession,
4480 CK_OBJECT_HANDLE hPublicKey,
4481 CK_OBJECT_HANDLE hPrivateKey,
4482 CK_MECHANISM *wrapMechanism,
4483 CK_OBJECT_HANDLE hSecretKey,
4484 CK_ATTRIBUTE *sKeyTemplate,
4485 CK_ULONG skeyTempSize) {
4486 CK_RV crv = CKR_OK;
4487 CK_OBJECT_HANDLE hSecretKeyUnwrapped = CK_INVALID_HANDLE;
4488 CK_BYTE wrappedKey[128];
4489 CK_ULONG ulWrappedKeyLen = 0;
4490
4491 NUMTESTS++; /* increment NUMTESTS */
4492
4493 ulWrappedKeyLen = sizeof(wrappedKey);
4494 crv = pFunctionList->C_WrapKey(
4495 hSession, wrapMechanism,
4496 hPublicKey, hSecretKey,
4497 wrappedKey, &ulWrappedKeyLen);
4498 if (crv == CKR_OK) {
4499 PKM_LogIt("C_WrapKey succeeded\n");
4500 } else {
4501 PKM_Error( "C_WrapKey failed with 0x%08X, %-26s\n", crv,
4502 PKM_CK_RVtoStr(crv));
4503 return crv;
4504 }
4505 crv = pFunctionList->C_UnwrapKey(
4506 hSession, wrapMechanism, hPrivateKey,
4507 wrappedKey, ulWrappedKeyLen, sKeyTemplate,
4508 skeyTempSize,
4509 &hSecretKeyUnwrapped);
4510 if ((crv == CKR_OK) && (hSecretKeyUnwrapped != CK_INVALID_HANDLE)) {
4511 PKM_LogIt("C_UnwrapKey succeeded\n");
4512 } else {
4513 PKM_Error( "C_UnwrapKey failed with 0x%08X, %-26s\n", crv,
4514 PKM_CK_RVtoStr(crv));
4515 return crv;
4516 }
4517
4518 return crv;
4519 }
4520
4521 /*
4522 * Tests if the object's attributes match the expected_attrs
4523 */
4524 CK_RV
4525 PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
4526 CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
4527 CK_ATTRIBUTE_PTR expected_attrs,
4528 CK_ULONG expected_attrs_count)
4529 {
4530 CK_RV crv;
4531 CK_ATTRIBUTE_PTR tmp_attrs;
4532 unsigned int i;
4533
4534 NUMTESTS++; /* increment NUMTESTS */
4535
4536 /* First duplicate the themplate */
4537 tmp_attrs = malloc(expected_attrs_count * sizeof (CK_ATTRIBUTE));
4538
4539 if (tmp_attrs == NULL) {
4540 PKM_Error("Internal test memory failure\n");
4541 return (CKR_HOST_MEMORY);
4542 }
4543
4544 for (i = 0; i < expected_attrs_count; i++) {
4545 tmp_attrs[i].type = expected_attrs[i].type;
4546 tmp_attrs[i].ulValueLen = expected_attrs[i].ulValueLen;
4547
4548 /* Don't give away the expected one. just zeros */
4549 tmp_attrs[i].pValue = calloc(expected_attrs[i].ulValueLen, 1);
4550
4551 if (tmp_attrs[i].pValue == NULL) {
4552 unsigned int j;
4553 for (j = 0; j < i; j++)
4554 free(tmp_attrs[j].pValue);
4555
4556 free(tmp_attrs);
4557 printf("Internal test memory failure\n");
4558 return (CKR_HOST_MEMORY);
4559 }
4560 }
4561
4562 /* then get the attributes from the object */
4563 crv = pFunctionList->C_GetAttributeValue(hSession, obj, tmp_attrs,
4564 expected_attrs_count);
4565 if (crv != CKR_OK) {
4566 PKM_Error( "C_GetAttributeValue failed with 0x%08X, %-26s\n", crv,
4567 PKM_CK_RVtoStr(crv));
4568 crv = CKR_FUNCTION_FAILED;
4569 goto out;
4570 }
4571
4572 /* Finally compare with the expected ones */
4573 for (i = 0; i < expected_attrs_count; i++) {
4574
4575 if (memcmp(tmp_attrs[i].pValue, expected_attrs[i].pValue,
4576 expected_attrs[i].ulValueLen) != 0) {
4577 PKM_LogIt("comparing attribute type 0x%x with expected 0x%x\n",
4578 tmp_attrs[i].type, expected_attrs[i].type);
4579 PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n",
4580 tmp_attrs[i].pValue, expected_attrs[i].pValue);
4581 /* don't report error at this time */
4582 }
4583 }
4584
4585 out:
4586 for (i = 0; i < expected_attrs_count; i++)
4587 free(tmp_attrs[i].pValue);
4588 free(tmp_attrs);
4589 return (crv);
4590 }
4591
4592 /*
4593 * Check the validity of a mech
4594 */
4595 CK_RV
4596 PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
4597 CK_MECHANISM_TYPE mechType, CK_FLAGS flags,
4598 CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize)
4599 {
4600 CK_SESSION_INFO sess_info;
4601 CK_MECHANISM_INFO mech_info;
4602 CK_RV crv;
4603
4604 NUMTESTS++; /* increment NUMTESTS */
4605
4606 if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info))
4607 != CKR_OK) {
4608 PKM_Error( "C_GetSessionInfo failed with 0x%08X, %-26s\n", crv,
4609 PKM_CK_RVtoStr(crv));
4610 return (CKR_FUNCTION_FAILED);
4611 }
4612
4613 crv = pFunctionList->C_GetMechanismInfo(0, mechType,
4614 &mech_info);
4615
4616
4617 crv = pFunctionList->C_GetMechanismInfo(sess_info.slotID, mechType,
4618 &mech_info);
4619
4620 if (crv != CKR_OK) {
4621 PKM_Error( "C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv,
4622 PKM_CK_RVtoStr(crv));
4623 return (CKR_FUNCTION_FAILED);
4624 }
4625
4626 if ((mech_info.flags & flags) == 0) {
4627 PKM_Error("0x%x flag missing from mech\n", flags);
4628 return (CKR_MECHANISM_INVALID);
4629 }
4630 if (!check_sizes)
4631 return (CKR_OK);
4632
4633 if (mech_info.ulMinKeySize != minkeysize) {
4634 PKM_Error("Bad MinKeySize %d expected %d\n", mech_info.ulMinKeySize,
4635 minkeysize);
4636 return (CKR_MECHANISM_INVALID);
4637 }
4638 if (mech_info.ulMaxKeySize != maxkeysize) {
4639 PKM_Error("Bad MaxKeySize %d expected %d\n", mech_info.ulMaxKeySize,
4640 maxkeysize);
4641 return (CKR_MECHANISM_INVALID);
4642 }
4643 return (CKR_OK);
4644 }
4645
4646
4647
4648
4649
4650 /*
4651 * Can be called with a non-null premaster_key_len for the
4652 * *_DH mechanisms. In that case, no checking for the matching of
4653 * the expected results is done.
4654 * The rnd argument tells which correct/bogus randomInfo to use.
4655 */
4656 CK_RV
4657 PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList,
4658 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
4659 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
4660 CK_MECHANISM_TYPE mechType,
4661 enum_random_t rnd) {
4662 CK_SESSION_HANDLE hSession;
4663 CK_RV crv;
4664 CK_MECHANISM mk_mech;
4665 CK_VERSION expected_version, version;
4666 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
4667 CK_KEY_TYPE type = CKK_GENERIC_SECRET;
4668 CK_BBOOL derive_bool = true;
4669 CK_ATTRIBUTE attrs[4];
4670 CK_ULONG attrs_count = 4;
4671 CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE;
4672 CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
4673 CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params;
4674 CK_MECHANISM skmd_mech;
4675
4676 CK_BBOOL isDH = false;
4677
4678 NUMTESTS++; /* increment NUMTESTS */
4679
4680 attrs[0].type = CKA_CLASS;
4681 attrs[0].pValue = &class;
4682 attrs[0].ulValueLen = sizeof (class);
4683 attrs[1].type = CKA_KEY_TYPE;
4684 attrs[1].pValue = &type;
4685 attrs[1].ulValueLen = sizeof (type);
4686 attrs[2].type = CKA_DERIVE;
4687 attrs[2].pValue = &derive_bool;
4688 attrs[2].ulValueLen = sizeof (derive_bool);
4689 attrs[3].type = CKA_VALUE;
4690 attrs[3].pValue = NULL;
4691 attrs[3].ulValueLen = 0;
4692
4693
4694 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
4695 NULL, NULL, &hSession);
4696 if (crv != CKR_OK) {
4697 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
4698 PKM_CK_RVtoStr(crv));
4699 return crv;
4700 }
4701 crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
4702 if (crv == CKR_OK) {
4703 PKM_LogIt("C_Login with correct password succeeded\n");
4704 } else {
4705 PKM_Error( "C_Login with correct password failed "
4706 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4707 return crv;
4708 }
4709
4710 /* Before all, check if the mechanism is supported correctly */
4711 if (MODE == FIPSMODE) {
4712 crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE, false,
4713 0, 0);
4714 if (crv != CKR_OK) {
4715 PKM_Error( "PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
4716 PKM_CK_RVtoStr(crv));
4717 return (crv);
4718 }
4719 }
4720
4721 mk_mech.mechanism = mechType;
4722 mk_mech.pParameter = &mkd_params;
4723 mk_mech.ulParameterLen = sizeof (mkd_params);
4724
4725 switch (mechType) {
4726 case CKM_TLS_MASTER_KEY_DERIVE_DH:
4727 isDH = true;
4728 /* FALLTHRU */
4729 case CKM_TLS_MASTER_KEY_DERIVE:
4730 attrs[3].pValue = NULL;
4731 attrs[3].ulValueLen = 0;
4732 expected_version.major = 3;
4733 expected_version.minor = 1;
4734
4735 mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom;
4736 mkd_params.RandomInfo.ulClientRandomLen =
4737 sizeof (TLSClientRandom);
4738 mkd_params.RandomInfo.pServerRandom = (unsigned char * ) TLSServerRandom;
4739 mkd_params.RandomInfo.ulServerRandomLen =
4740 sizeof (TLSServerRandom);
4741 break;
4742 }
4743 mkd_params.pVersion = (!isDH) ? &version : NULL;
4744
4745 /* First create the pre-master secret key */
4746
4747 skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
4748 skmd_mech.pParameter = &mkd_params;
4749 skmd_mech.ulParameterLen = sizeof (mkd_params);
4750
4751
4752 crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
4753 attrs,
4754 attrs_count,
4755 &pmk_obj);
4756 if (crv == CKR_OK) {
4757 PKM_LogIt("C_GenerateKey succeeded\n");
4758 } else {
4759 PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
4760 PKM_CK_RVtoStr(crv));
4761 return crv;
4762
4763 }
4764 /* Test the bad cases */
4765 switch (rnd) {
4766 case CORRECT:
4767 goto correct;
4768
4769 case BOGUS_CLIENT_RANDOM:
4770 mkd_params.RandomInfo.pClientRandom = NULL;
4771 break;
4772
4773 case BOGUS_CLIENT_RANDOM_LEN:
4774 mkd_params.RandomInfo.ulClientRandomLen = 0;
4775 break;
4776
4777 case BOGUS_SERVER_RANDOM:
4778 mkd_params.RandomInfo.pServerRandom = NULL;
4779 break;
4780
4781 case BOGUS_SERVER_RANDOM_LEN:
4782 mkd_params.RandomInfo.ulServerRandomLen = 0;
4783 break;
4784 }
4785 crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
4786 &mk_obj);
4787 if (crv != CKR_MECHANISM_PARAM_INVALID) {
4788 PKM_LogIt( "C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv,
4789 PKM_CK_RVtoStr(crv));
4790 } else {
4791 PKM_Error( "C_DeriveKey did not fail with bad data \n" );
4792 }
4793 goto out;
4794
4795
4796 correct:
4797 /* Now derive the master secret key */
4798 crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
4799 &mk_obj);
4800 if (crv == CKR_OK) {
4801 PKM_LogIt("C_DeriveKey succeeded\n");
4802 } else {
4803 PKM_Error( "C_DeriveKey failed with 0x%08X, %-26s\n", crv,
4804 PKM_CK_RVtoStr(crv));
4805 return crv;
4806
4807 }
4808
4809 out:
4810 if (pmk_obj != CK_INVALID_HANDLE)
4811 (void) pFunctionList->C_DestroyObject(hSession, pmk_obj);
4812 if (mk_obj != CK_INVALID_HANDLE)
4813 (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
4814 crv = pFunctionList->C_Logout(hSession);
4815
4816 if (crv == CKR_OK) {
4817 PKM_LogIt("C_Logout succeeded\n");
4818 } else {
4819 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
4820 PKM_CK_RVtoStr(crv));
4821 return crv;
4822 }
4823
4824 crv = pFunctionList->C_CloseSession(hSession);
4825 if (crv != CKR_OK) {
4826 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
4827 PKM_CK_RVtoStr(crv));
4828 return crv;
4829 }
4830 return (crv);
4831 }
4832
4833
4834 CK_RV
4835 PKM_TLSKeyAndMacDerive( CK_FUNCTION_LIST_PTR pFunctionList,
4836 CK_SLOT_ID * pSlotList, CK_ULONG slotID,
4837 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
4838 CK_MECHANISM_TYPE mechType, enum_random_t rnd)
4839 {
4840 CK_SESSION_HANDLE hSession;
4841 CK_RV crv;
4842 CK_MECHANISM kmd_mech;
4843 CK_MECHANISM skmd_mech;
4844 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
4845 CK_KEY_TYPE type = CKK_GENERIC_SECRET;
4846 CK_BBOOL derive_bool = true;
4847 CK_BBOOL sign_bool = true, verify_bool = true;
4848 CK_BBOOL encrypt_bool = true, decrypt_bool = true;
4849 CK_ULONG value_len;
4850
4851 /*
4852 * We arrange this template so that:
4853 * . Attributes 0-6 are good for a MAC key comparison template.
4854 * . Attributes 2-5 are good for the master key creation template.
4855 * . Attributes 3-8 are good for a cipher key comparison template.
4856 */
4857 CK_ATTRIBUTE attrs[9];
4858
4859 CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
4860 CK_SSL3_KEY_MAT_PARAMS km_params;
4861 CK_SSL3_KEY_MAT_OUT kmo;
4862 CK_BYTE IVClient[8];
4863 CK_BYTE IVServer[8];
4864
4865 NUMTESTS++; /* increment NUMTESTS */
4866
4867 attrs[0].type = CKA_SIGN;
4868 attrs[0].pValue = &sign_bool;
4869 attrs[0].ulValueLen = sizeof (sign_bool);
4870 attrs[1].type = CKA_VERIFY;
4871 attrs[1].pValue = &verify_bool;
4872 attrs[1].ulValueLen = sizeof (verify_bool);
4873 attrs[2].type = CKA_KEY_TYPE;
4874 attrs[2].pValue = &type;
4875 attrs[2].ulValueLen = sizeof (type);
4876 attrs[3].type = CKA_CLASS;
4877 attrs[3].pValue = &class;
4878 attrs[3].ulValueLen = sizeof (class);
4879 attrs[4].type = CKA_DERIVE;
4880 attrs[4].pValue = &derive_bool;
4881 attrs[4].ulValueLen = sizeof (derive_bool);
4882 attrs[5].type = CKA_VALUE;
4883 attrs[5].pValue = NULL;
4884 attrs[5].ulValueLen = 0;
4885 attrs[6].type = CKA_VALUE_LEN;
4886 attrs[6].pValue = &value_len;
4887 attrs[6].ulValueLen = sizeof (value_len);
4888 attrs[7].type = CKA_ENCRYPT;
4889 attrs[7].pValue = &encrypt_bool;
4890 attrs[7].ulValueLen = sizeof (encrypt_bool);
4891 attrs[8].type = CKA_DECRYPT;
4892 attrs[8].pValue = &decrypt_bool;
4893 attrs[8].ulValueLen = sizeof (decrypt_bool);
4894
4895 crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
4896 NULL, NULL, &hSession);
4897 if (crv != CKR_OK) {
4898 PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
4899 PKM_CK_RVtoStr(crv));
4900 return crv;
4901 }
4902 crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
4903 if (crv == CKR_OK) {
4904 PKM_LogIt("C_Login with correct password succeeded\n");
4905 } else {
4906 PKM_Error( "C_Login with correct password failed "
4907 "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4908 return crv;
4909 }
4910
4911
4912 /* Before all, check if the mechanism is supported correctly */
4913 if (MODE == FIPSMODE) {
4914 crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE,
4915 CK_TRUE, 48, 48);
4916
4917 if (crv != CKR_OK) {
4918 PKM_Error( "PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
4919 PKM_CK_RVtoStr(crv));
4920 return (crv);
4921 }
4922 }
4923 kmd_mech.mechanism = mechType;
4924 kmd_mech.pParameter = &km_params;
4925 kmd_mech.ulParameterLen = sizeof (km_params);
4926
4927 km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */
4928 km_params.ulKeySizeInBits = 192; /* 3DES key size */
4929 km_params.ulIVSizeInBits = 64; /* 3DES block size */
4930 km_params.pReturnedKeyMaterial = &kmo;
4931 km_params.bIsExport = false;
4932 kmo.hClientMacSecret = CK_INVALID_HANDLE;
4933 kmo.hServerMacSecret = CK_INVALID_HANDLE;
4934 kmo.hClientKey = CK_INVALID_HANDLE;
4935 kmo.hServerKey = CK_INVALID_HANDLE;
4936 kmo.pIVClient = IVClient;
4937 kmo.pIVServer = IVServer;
4938
4939 skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
4940 skmd_mech.pParameter = &km_params;
4941 skmd_mech.ulParameterLen = sizeof (km_params);
4942
4943
4944 crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
4945 &attrs[2],
4946 4,
4947 &mk_obj);
4948 if (crv == CKR_OK) {
4949 PKM_LogIt("C_GenerateKey succeeded\n");
4950 } else {
4951 PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
4952 PKM_CK_RVtoStr(crv));
4953 return crv;
4954 }
4955
4956 attrs[5].pValue = NULL;
4957 attrs[5].ulValueLen = 0;
4958
4959 km_params.RandomInfo.pClientRandom = (unsigned char *) TLSClientRandom;
4960 km_params.RandomInfo.ulClientRandomLen =
4961 sizeof (TLSClientRandom);
4962 km_params.RandomInfo.pServerRandom = (unsigned char *) TLSServerRandom;
4963 km_params.RandomInfo.ulServerRandomLen =
4964 sizeof (TLSServerRandom);
4965
4966 /* Test the bad cases */
4967 switch (rnd) {
4968 case CORRECT:
4969 goto correct;
4970
4971 case BOGUS_CLIENT_RANDOM:
4972 km_params.RandomInfo.pClientRandom = NULL;
4973 break;
4974
4975 case BOGUS_CLIENT_RANDOM_LEN:
4976 km_params.RandomInfo.ulClientRandomLen = 0;
4977 break;
4978
4979 case BOGUS_SERVER_RANDOM:
4980 km_params.RandomInfo.pServerRandom = NULL;
4981 break;
4982
4983 case BOGUS_SERVER_RANDOM_LEN:
4984 km_params.RandomInfo.ulServerRandomLen = 0;
4985 break;
4986 }
4987 crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
4988 NULL);
4989 if (crv != CKR_MECHANISM_PARAM_INVALID) {
4990 PKM_Error( "key materials derivation returned unexpected "
4991 "error 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
4992 (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
4993 return (CKR_FUNCTION_FAILED);
4994
4995 }
4996 return (CKR_OK);
4997
4998 correct:
4999 /*
5000 * Then use the master key and the client 'n server random data to
5001 * derive the key materials
5002 */
5003 crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
5004 NULL);
5005 if (crv != CKR_OK) {
5006 PKM_Error( "Cannot derive the key materials, crv 0x%08X, %-26s\n",
5007 crv, PKM_CK_RVtoStr(crv));
5008 (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
5009 return (crv);
5010 }
5011
5012 if (mk_obj != CK_INVALID_HANDLE)
5013 (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
5014 if (kmo.hClientMacSecret != CK_INVALID_HANDLE)
5015 (void) pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret);
5016 if (kmo.hServerMacSecret != CK_INVALID_HANDLE)
5017 (void) pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret);
5018 if (kmo.hClientKey != CK_INVALID_HANDLE);
5019 (void) pFunctionList->C_DestroyObject(hSession, kmo.hClientKey);
5020 if (kmo.hServerKey != CK_INVALID_HANDLE)
5021 (void) pFunctionList->C_DestroyObject(hSession, kmo.hServerKey);
5022 crv = pFunctionList->C_Logout(hSession);
5023 if (crv == CKR_OK) {
5024 PKM_LogIt("C_Logout succeeded\n");
5025 } else {
5026 PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
5027 PKM_CK_RVtoStr(crv));
5028 return crv;
5029 }
5030 crv = pFunctionList->C_CloseSession(hSession);
5031 if (crv != CKR_OK) {
5032 PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
5033 PKM_CK_RVtoStr(crv));
5034 return crv;
5035 }
5036
5037
5038 return (crv);
5039 }
5040
5041
5042
5043 CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
5044 CK_SESSION_HANDLE hRwSession,
5045 CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
5046 CK_MECHANISM *sigMech,
5047 CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech,
5048 const CK_BYTE * pData, CK_ULONG pDataLen) {
5049
5050 CK_RV crv = CKR_OK;
5051 CK_BYTE encryptedData[MAX_CIPHER_SZ];
5052 CK_ULONG ulEncryptedDataLen = 0;
5053 CK_ULONG ulLastUpdateSize = 0 ;
5054 CK_BYTE sig[MAX_SIG_SZ];
5055 CK_ULONG ulSigLen = 0;
5056 CK_BYTE data[MAX_DATA_SZ];
5057 CK_ULONG ulDataLen = 0;
5058
5059 memset(encryptedData, 0, sizeof(encryptedData));
5060 memset(sig, 0, sizeof(sig));
5061 memset(data, 0, sizeof(data));
5062
5063 NUMTESTS++; /* increment NUMTESTS */
5064
5065 /* Check that the mechanism is Multi-part */
5066 if (sigMech->mechanism == CKM_DSA || sigMech->mechanism == CKM_RSA_PKCS) {
5067 PKM_Error( "PKM_DualFuncSign must be called with a Multi-part "
5068 "operation mechanism\n");
5069 return CKR_DEVICE_ERROR;
5070 }
5071
5072 /* Sign and Encrypt */
5073 if (privateKey == 0 && publicKey == 0) {
5074 crv = pFunctionList->C_SignInit(hRwSession, sigMech, secretKey);
5075 if (crv != CKR_OK) {
5076 PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
5077 PKM_CK_RVtoStr(crv));
5078 return crv;
5079 }
5080 } else {
5081 crv = pFunctionList->C_SignInit(hRwSession, sigMech, privateKey);
5082 if (crv != CKR_OK) {
5083 PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
5084 PKM_CK_RVtoStr(crv));
5085 return crv;
5086 }
5087 }
5088 crv = pFunctionList->C_EncryptInit(hRwSession, cryptMech, secretKey);
5089 if (crv != CKR_OK) {
5090 PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
5091 PKM_CK_RVtoStr(crv));
5092 return crv;
5093 }
5094
5095
5096 ulEncryptedDataLen = sizeof(encryptedData);
5097 crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE * ) pData,
5098 pDataLen,
5099 encryptedData,
5100 &ulEncryptedDataLen);
5101 if (crv != CKR_OK) {
5102 PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
5103 PKM_CK_RVtoStr(crv));
5104 return crv;
5105 }
5106
5107 ulLastUpdateSize = sizeof(encryptedData) - ulEncryptedDataLen;
5108 crv = pFunctionList->C_EncryptFinal(hRwSession,
5109 (CK_BYTE * )&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize);
5110 if (crv != CKR_OK) {
5111 PKM_Error( "C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
5112 PKM_CK_RVtoStr(crv));
5113 return crv;
5114 }
5115 ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize;
5116 ulSigLen = sizeof(sig);
5117 crv = pFunctionList->C_SignFinal(hRwSession, sig, &ulSigLen);
5118 if (crv != CKR_OK) {
5119 PKM_Error( "C_SignFinal failed with 0x%08X, %-26s\n", crv,
5120 PKM_CK_RVtoStr(crv));
5121 return crv;
5122 }
5123
5124 /* Decrypt and Verify */
5125
5126 crv = pFunctionList->C_DecryptInit(hRwSession, cryptMech, secretKey);
5127 if (crv != CKR_OK) {
5128 PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
5129 PKM_CK_RVtoStr(crv));
5130 return crv;
5131 }
5132 crv = pFunctionList->C_VerifyInit(hRwSession, sigMech,
5133 publicKey);
5134 if (crv != CKR_OK) {
5135 PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
5136 PKM_CK_RVtoStr(crv));
5137 return crv;
5138 }
5139
5140 ulDataLen = sizeof(data);
5141 crv = pFunctionList->C_DecryptVerifyUpdate(hRwSession,
5142 encryptedData,
5143 ulEncryptedDataLen,
5144 data, &ulDataLen);
5145 if (crv != CKR_OK) {
5146 PKM_Error( "C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv,
5147 PKM_CK_RVtoStr(crv));
5148 return crv;
5149 }
5150 ulLastUpdateSize = sizeof(data) - ulDataLen;
5151 /* Get last little piece of plaintext. Should have length 0 */
5152 crv = pFunctionList->C_DecryptFinal(hRwSession, &data[ulDataLen],
5153 &ulLastUpdateSize);
5154 if (crv != CKR_OK) {
5155 PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
5156 PKM_CK_RVtoStr(crv));
5157 return crv;
5158 }
5159
5160 if (ulLastUpdateSize != 0) {
5161 crv = pFunctionList->C_VerifyUpdate(hRwSession, &data[ulDataLen],
5162 ulLastUpdateSize);
5163 if (crv != CKR_OK) {
5164 PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
5165 PKM_CK_RVtoStr(crv));
5166 return crv;
5167 }
5168 }
5169 ulDataLen = ulDataLen + ulLastUpdateSize;
5170
5171 /* input for the verify operation is the decrypted data */
5172 crv = pFunctionList->C_VerifyFinal(hRwSession, sig, ulSigLen);
5173 if (crv == CKR_OK) {
5174 PKM_LogIt("C_VerifyFinal succeeded\n");
5175 } else {
5176 PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
5177 PKM_CK_RVtoStr(crv));
5178 return crv;
5179 }
5180
5181 /* Comparison of Decrypted data with inputed data */
5182 if ( (ulDataLen == pDataLen) &&
5183 (memcmp(data, pData, pDataLen) == 0) ) {
5184 PKM_LogIt("PKM_DualFuncSign decrypt test case passed\n");
5185 } else {
5186 PKM_Error( "PKM_DualFuncSign derypt test case failed\n");
5187 }
5188
5189 return crv;
5190
5191 }
5192
5193 CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
5194 CK_SESSION_HANDLE hSession,
5195 CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
5196 const CK_BYTE * pData, CK_ULONG pDataLen) {
5197 CK_RV crv = CKR_OK;
5198 CK_BYTE digest1[MAX_DIGEST_SZ];
5199 CK_ULONG digest1Len = 0 ;
5200 CK_BYTE digest2[MAX_DIGEST_SZ];
5201 CK_ULONG digest2Len = 0;
5202
5203 /* Tested with CKM_SHA_1, CKM_SHA256, CKM_SHA384, CKM_SHA512 */
5204
5205 memset(digest1, 0, sizeof(digest1));
5206 memset(digest2, 0, sizeof(digest2));
5207
5208 NUMTESTS++; /* increment NUMTESTS */
5209
5210 crv = pFunctionList->C_DigestInit(hSession, digestMech);
5211 if (crv != CKR_OK) {
5212 PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
5213 PKM_CK_RVtoStr(crv));
5214 return crv;
5215 }
5216 digest1Len = sizeof(digest1);
5217 crv = pFunctionList->C_Digest(hSession, (CK_BYTE * ) pData, pDataLen,
5218 digest1, &digest1Len);
5219 if (crv != CKR_OK) {
5220 PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
5221 PKM_CK_RVtoStr(crv));
5222 return crv;
5223 }
5224
5225
5226 crv = pFunctionList->C_DigestInit(hSession, digestMech);
5227 if (crv != CKR_OK) {
5228 PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
5229 PKM_CK_RVtoStr(crv));
5230 return crv;
5231 }
5232
5233 crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE * ) pData, pDataLen);
5234 if (crv != CKR_OK) {
5235 PKM_Error( "C_DigestUpdate failed with 0x%08X, %-26s\n", crv,
5236 PKM_CK_RVtoStr(crv));
5237 return crv;
5238 }
5239
5240 /* C_DigestKey continues a multiple-part message-digesting operation by*/
5241 /* digesting the value of a secret key. (only used with C_DigestUpdate)*/
5242 if (hSecretKey != 0) {
5243 crv = pFunctionList->C_DigestKey(hSession, hSecretKey);
5244 if (crv != CKR_OK) {
5245 PKM_Error( "C_DigestKey failed with 0x%08X, %-26s\n", crv,
5246 PKM_CK_RVtoStr(crv));
5247 return crv;
5248 }
5249 }
5250
5251 digest2Len = sizeof(digest2);
5252 crv = pFunctionList->C_DigestFinal(hSession, digest2, &digest2Len);
5253 if (crv != CKR_OK) {
5254 PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
5255 PKM_CK_RVtoStr(crv));
5256 return crv;
5257 }
5258
5259 if (hSecretKey == 0){
5260 /* did not digest a secret key so digests should equal */
5261 if ( (digest1Len == digest2Len)
5262 && (memcmp(digest1, digest2, digest1Len) == 0) ) {
5263 PKM_LogIt("Single and Multiple-part message digest "
5264 "operations succesful\n");
5265 } else {
5266 PKM_Error("Single and Multiple-part message digest "
5267 "operations failed\n");
5268 }
5269 } else {
5270 if (digest1Len == digest2Len) {
5271 PKM_LogIt("PKM_Digest Single and Multiple-part message digest "
5272 "operations succesful\n");
5273 } else {
5274 PKM_Error("PKM_Digest Single and Multiple-part message digest "
5275 "operations failed\n");
5276 }
5277
5278 }
5279
5280 return crv;
5281
5282 }
5283
5284 char * PKM_FilePasswd(char *pwFile)
5285 {
5286 unsigned char phrase[200];
5287 PRFileDesc *fd;
5288 PRInt32 nb;
5289 int i;
5290
5291 if (!pwFile)
5292 return 0;
5293
5294 fd = PR_Open(pwFile, PR_RDONLY, 0);
5295 if (!fd) {
5296 fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
5297 return NULL;
5298 }
5299
5300 nb = PR_Read(fd, phrase, sizeof(phrase));
5301
5302 PR_Close(fd);
5303 /* handle the Windows EOL case */
5304 i = 0;
5305 while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) i++;
5306 phrase[i] = '\0';
5307 if (nb == 0) {
5308 fprintf(stderr,"password file contains no data\n");
5309 return NULL;
5310 }
5311 return (char*) strdup((char*)phrase);
5312 }
5313
5314 void PKM_Help()
5315 {
5316 PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
5317 PR_fprintf(debug_out, "pk11mode test program usage:\n");
5318 PR_fprintf(debug_out, "\t-f <file> Password File : echo pw > file \n");
5319 PR_fprintf(debug_out, "\t-n Non Fips Mode \n");
5320 PR_fprintf(debug_out, "\t-d <path> Database path location)\n");
5321 PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix)\n");
5322 PR_fprintf(debug_out, "\t-h this help message\n");
5323 exit(1);
5324 }
5325
5326 void PKM_CheckPath(char *string)
5327 {
5328 char *src;
5329 char *dest;
5330
5331 /*
5332 * windows support convert any back slashes to
5333 * forward slashes.
5334 */
5335 for (src=string, dest=string; *src; src++,dest++) {
5336 if (*src == '\\') {
5337 *dest = '/';
5338 }
5339 }
5340 dest--;
5341 /* if the last char is a / set it to 0 */
5342 if (*dest == '/')
5343 *dest = 0;
5344
5345 }
Mozilla NSS module