1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/cmd/pk11mode/pk11mode.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,5307 @@
1.4 +/*
1.5 + * pk11mode.c - Test FIPS or NONFIPS Modes for the NSS PKCS11 api.
1.6 + * The goal of this program is to test every function
1.7 + * entry point of the PKCS11 api at least once.
1.8 + * To test in FIPS mode: pk11mode
1.9 + * To test in NONFIPS mode: pk11mode -n
1.10 + * usage: pk11mode -h
1.11 + *
1.12 + * This Source Code Form is subject to the terms of the Mozilla Public
1.13 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.14 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.15 +
1.16 +
1.17 +#include <assert.h>
1.18 +#include <stdio.h>
1.19 +#include <stdlib.h>
1.20 +#include <string.h>
1.21 +#include <stdarg.h>
1.22 +
1.23 +#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
1.24 +#include <unistd.h>
1.25 +#include <sys/wait.h>
1.26 +#else
1.27 +#ifndef NO_FORK_CHECK
1.28 +#define NO_FORK_CHECK
1.29 +#endif
1.30 +#endif
1.31 +
1.32 +#ifdef _WIN32
1.33 +#include <windows.h>
1.34 +#define LIB_NAME "softokn3.dll"
1.35 +#endif
1.36 +#include "prlink.h"
1.37 +#include "prprf.h"
1.38 +#include "plgetopt.h"
1.39 +#include "prenv.h"
1.40 +
1.41 +#include "pk11table.h"
1.42 +
1.43 +#define NUM_ELEM(array) (sizeof(array)/sizeof(array[0]))
1.44 +
1.45 +#ifndef NULL_PTR
1.46 +#define NULL_PTR 0
1.47 +#endif
1.48 +
1.49 +/* Returns constant error string for "CRV".
1.50 + * Returns "unknown error" if errNum is unknown.
1.51 + */
1.52 +const char *
1.53 +PKM_CK_RVtoStr(CK_RV errNum) {
1.54 + const char * err;
1.55 +
1.56 + err = getName(errNum, ConstResult);
1.57 +
1.58 + if (err) return err;
1.59 +
1.60 + return "unknown error";
1.61 +}
1.62 +
1.63 +#include "pkcs11p.h"
1.64 +
1.65 +typedef struct CK_C_INITIALIZE_ARGS_NSS {
1.66 + CK_CREATEMUTEX CreateMutex;
1.67 + CK_DESTROYMUTEX DestroyMutex;
1.68 + CK_LOCKMUTEX LockMutex;
1.69 + CK_UNLOCKMUTEX UnlockMutex;
1.70 + CK_FLAGS flags;
1.71 + /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
1.72 + * a reserved field. NSS needs a way to pass instance-specific information
1.73 + * to the library (like where to find its config files, etc). This
1.74 + * information is usually provided by the installer and passed uninterpreted
1.75 + * by NSS to the library, though NSS does know the specifics of the softoken
1.76 + * version of this parameter. Most compliant PKCS#11 modules expect this
1.77 + * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
1.78 + * C_Initialize if Library parameters is supplied. */
1.79 + CK_CHAR_PTR *LibraryParameters;
1.80 + /* This field is only present if the LibraryParameters is not NULL. It must
1.81 + * be NULL in all cases */
1.82 + CK_VOID_PTR pReserved;
1.83 +} CK_C_INITIALIZE_ARGS_NSS;
1.84 +
1.85 +#include "pkcs11u.h"
1.86 +
1.87 +#define MAX_SIG_SZ 128
1.88 +#define MAX_CIPHER_SZ 128
1.89 +#define MAX_DATA_SZ 64
1.90 +#define MAX_DIGEST_SZ 64
1.91 +#define HMAC_MAX_LENGTH 64
1.92 +#define FIPSMODE 0
1.93 +#define NONFIPSMODE 1
1.94 +#define HYBRIDMODE 2
1.95 +#define NOMODE 3
1.96 +int MODE = FIPSMODE;
1.97 +
1.98 +CK_BBOOL true = CK_TRUE;
1.99 +CK_BBOOL false = CK_FALSE;
1.100 +static const CK_BYTE PLAINTEXT[] = {"Firefox Rules!"};
1.101 +static const CK_BYTE PLAINTEXT_PAD[] =
1.102 + {"Firefox and thunderbird rule the world!"};
1.103 +CK_ULONG NUMTESTS = 0;
1.104 +
1.105 +static const char * slotFlagName[] = {
1.106 + "CKF_TOKEN_PRESENT",
1.107 + "CKF_REMOVABLE_DEVICE",
1.108 + "CKF_HW_SLOT",
1.109 + "unknown token flag 0x00000008",
1.110 + "unknown token flag 0x00000010",
1.111 + "unknown token flag 0x00000020",
1.112 + "unknown token flag 0x00000040",
1.113 + "unknown token flag 0x00000080",
1.114 + "unknown token flag 0x00000100",
1.115 + "unknown token flag 0x00000200",
1.116 + "unknown token flag 0x00000400",
1.117 + "unknown token flag 0x00000800",
1.118 + "unknown token flag 0x00001000",
1.119 + "unknown token flag 0x00002000",
1.120 + "unknown token flag 0x00004000",
1.121 + "unknown token flag 0x00008000"
1.122 + "unknown token flag 0x00010000",
1.123 + "unknown token flag 0x00020000",
1.124 + "unknown token flag 0x00040000",
1.125 + "unknown token flag 0x00080000",
1.126 + "unknown token flag 0x00100000",
1.127 + "unknown token flag 0x00200000",
1.128 + "unknown token flag 0x00400000",
1.129 + "unknown token flag 0x00800000"
1.130 + "unknown token flag 0x01000000",
1.131 + "unknown token flag 0x02000000",
1.132 + "unknown token flag 0x04000000",
1.133 + "unknown token flag 0x08000000",
1.134 + "unknown token flag 0x10000000",
1.135 + "unknown token flag 0x20000000",
1.136 + "unknown token flag 0x40000000",
1.137 + "unknown token flag 0x80000000"
1.138 +};
1.139 +
1.140 +static const char * tokenFlagName[] = {
1.141 + "CKF_PKM_RNG",
1.142 + "CKF_WRITE_PROTECTED",
1.143 + "CKF_LOGIN_REQUIRED",
1.144 + "CKF_USER_PIN_INITIALIZED",
1.145 + "unknown token flag 0x00000010",
1.146 + "CKF_RESTORE_KEY_NOT_NEEDED",
1.147 + "CKF_CLOCK_ON_TOKEN",
1.148 + "unknown token flag 0x00000080",
1.149 + "CKF_PROTECTED_AUTHENTICATION_PATH",
1.150 + "CKF_DUAL_CRYPTO_OPERATIONS",
1.151 + "CKF_TOKEN_INITIALIZED",
1.152 + "CKF_SECONDARY_AUTHENTICATION",
1.153 + "unknown token flag 0x00001000",
1.154 + "unknown token flag 0x00002000",
1.155 + "unknown token flag 0x00004000",
1.156 + "unknown token flag 0x00008000",
1.157 + "CKF_USER_PIN_COUNT_LOW",
1.158 + "CKF_USER_PIN_FINAL_TRY",
1.159 + "CKF_USER_PIN_LOCKED",
1.160 + "CKF_USER_PIN_TO_BE_CHANGED",
1.161 + "CKF_SO_PIN_COUNT_LOW",
1.162 + "CKF_SO_PIN_FINAL_TRY",
1.163 + "CKF_SO_PIN_LOCKED",
1.164 + "CKF_SO_PIN_TO_BE_CHANGED",
1.165 + "unknown token flag 0x01000000",
1.166 + "unknown token flag 0x02000000",
1.167 + "unknown token flag 0x04000000",
1.168 + "unknown token flag 0x08000000",
1.169 + "unknown token flag 0x10000000",
1.170 + "unknown token flag 0x20000000",
1.171 + "unknown token flag 0x40000000",
1.172 + "unknown token flag 0x80000000"
1.173 +};
1.174 +
1.175 +static const unsigned char TLSClientRandom[] = {
1.176 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1.177 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1.178 + 0x0d, 0x90, 0xbb, 0x5e, 0xc6, 0xe1, 0x3f, 0x71,
1.179 + 0x0a, 0xa2, 0x70, 0x5a, 0x4f, 0xbc, 0x3f, 0x0d
1.180 +};
1.181 +static const unsigned char TLSServerRandom[] = {
1.182 + 0x00, 0x00, 0x1d, 0x4a, 0x7a, 0x0a, 0xa5, 0x01,
1.183 + 0x8e, 0x79, 0x72, 0xde, 0x9e, 0x2f, 0x8a, 0x0d,
1.184 + 0xed, 0xb2, 0x5d, 0xf1, 0x14, 0xc2, 0xc6, 0x66,
1.185 + 0x95, 0x86, 0xb0, 0x0d, 0x87, 0x2a, 0x2a, 0xc9
1.186 +};
1.187 +
1.188 +typedef enum {
1.189 + CORRECT,
1.190 + BOGUS_CLIENT_RANDOM,
1.191 + BOGUS_CLIENT_RANDOM_LEN,
1.192 + BOGUS_SERVER_RANDOM,
1.193 + BOGUS_SERVER_RANDOM_LEN
1.194 +} enum_random_t;
1.195 +
1.196 +void
1.197 +dumpToHash64(const unsigned char *buf, unsigned int bufLen)
1.198 +{
1.199 + unsigned int i;
1.200 + for (i = 0; i < bufLen; i += 8) {
1.201 + if (i % 32 == 0)
1.202 + printf("\n");
1.203 + printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,",
1.204 + buf[i ], buf[i+1], buf[i+2], buf[i+3],
1.205 + buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
1.206 + }
1.207 + printf("\n");
1.208 +}
1.209 +
1.210 +
1.211 +#ifdef _WIN32
1.212 +HMODULE hModule;
1.213 +#else
1.214 +PRLibrary *lib;
1.215 +#endif
1.216 +
1.217 +/*
1.218 +* All api that belongs to pk11mode.c layer start with the prefix PKM_
1.219 +*/
1.220 +void PKM_LogIt(const char *fmt, ...);
1.221 +void PKM_Error(const char *fmt, ...);
1.222 +CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
1.223 + CK_ULONG slotID);
1.224 +CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID);
1.225 +CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
1.226 + CK_SLOT_ID *pSlotList, CK_ULONG slotID,
1.227 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.228 +CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
1.229 + CK_SLOT_ID * pSlotList, CK_ULONG slotID);
1.230 +CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
1.231 + CK_ULONG slotID);
1.232 +CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
1.233 + CK_SLOT_ID *pSlotList, CK_ULONG slotID,
1.234 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.235 +CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
1.236 + CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.237 +CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
1.238 + CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.239 +CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
1.240 + CK_C_INITIALIZE_ARGS_NSS *initArgs);
1.241 +CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
1.242 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.243 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.244 +CK_RV PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
1.245 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.246 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.247 +CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
1.248 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.249 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.250 +CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
1.251 + CK_SLOT_ID *pSlotList, CK_ULONG slotID,
1.252 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.253 +CK_RV PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
1.254 + CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
1.255 + CK_ATTRIBUTE_PTR expected_attrs,
1.256 + CK_ULONG expected_attrs_count);
1.257 +CK_RV PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList,
1.258 + CK_SESSION_HANDLE hSession, CK_MECHANISM_TYPE mechType,
1.259 + CK_FLAGS flags, CK_BBOOL check_sizes,
1.260 + CK_ULONG minkeysize, CK_ULONG maxkeysize);
1.261 +CK_RV PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
1.262 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.263 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
1.264 + CK_MECHANISM_TYPE mechType, enum_random_t rnd);
1.265 +CK_RV PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
1.266 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.267 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
1.268 + CK_MECHANISM_TYPE mechType,
1.269 + enum_random_t rnd);
1.270 +CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
1.271 + CK_SLOT_ID *pSlotList, CK_ULONG slotID,
1.272 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
1.273 +CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
1.274 + CK_SESSION_HANDLE hRwSession,
1.275 + CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
1.276 + CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey,
1.277 + CK_MECHANISM *cryptMech,
1.278 + const CK_BYTE * pData, CK_ULONG pDataLen);
1.279 +CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
1.280 + CK_SESSION_HANDLE hSession,
1.281 + CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
1.282 + CK_OBJECT_HANDLE hSecKeyDigest,
1.283 + CK_MECHANISM *digestMech,
1.284 + const CK_BYTE * pData, CK_ULONG pDataLen);
1.285 +CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
1.286 + CK_SESSION_HANDLE hRwSession,
1.287 + CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
1.288 + CK_MECHANISM *signMech, const CK_BYTE * pData,
1.289 + CK_ULONG dataLen);
1.290 +CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
1.291 + CK_SESSION_HANDLE hSession,
1.292 + CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
1.293 + const CK_BYTE * pData, CK_ULONG dataLen);
1.294 +CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
1.295 + CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
1.296 + const CK_BYTE * pData, CK_ULONG pDataLen);
1.297 +CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
1.298 + CK_SESSION_HANDLE hRwSession,
1.299 + CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
1.300 + const CK_BYTE * pData, CK_ULONG pDataLen);
1.301 +CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
1.302 + CK_SESSION_HANDLE hSession,
1.303 + CK_OBJECT_HANDLE hPublicKey,
1.304 + CK_OBJECT_HANDLE hPrivateKey,
1.305 + CK_MECHANISM *wrapMechanism,
1.306 + CK_OBJECT_HANDLE hSecretKey,
1.307 + CK_ATTRIBUTE *sKeyTemplate,
1.308 + CK_ULONG skeyTempSize);
1.309 +CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
1.310 + CK_SESSION_HANDLE hSession,
1.311 + CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
1.312 + CK_MECHANISM *signMech, const CK_BYTE * pData,
1.313 + CK_ULONG pDataLen);
1.314 +CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
1.315 + PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs);
1.316 +
1.317 +void PKM_Help();
1.318 +void PKM_CheckPath(char *string);
1.319 +char *PKM_FilePasswd(char *pwFile);
1.320 +static PRBool verbose = PR_FALSE;
1.321 +
1.322 +int main(int argc, char **argv)
1.323 +{
1.324 + CK_C_GetFunctionList pC_GetFunctionList;
1.325 + CK_FUNCTION_LIST_PTR pFunctionList;
1.326 + CK_RV crv = CKR_OK;
1.327 + CK_C_INITIALIZE_ARGS_NSS initArgs;
1.328 + CK_SLOT_ID *pSlotList = NULL;
1.329 + CK_TOKEN_INFO tokenInfo;
1.330 + CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */
1.331 +
1.332 + CK_UTF8CHAR *pwd = NULL;
1.333 + CK_ULONG pwdLen = 0;
1.334 + char *moduleSpec = NULL;
1.335 + char *configDir = NULL;
1.336 + char *dbPrefix = NULL;
1.337 + char *disableUnload = NULL;
1.338 + PRBool doForkTests = PR_TRUE;
1.339 +
1.340 + PLOptStatus os;
1.341 + PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:");
1.342 + while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
1.343 + {
1.344 + if (PL_OPT_BAD == os) continue;
1.345 + switch (opt->option)
1.346 + {
1.347 + case 'F': /* disable fork tests */
1.348 + doForkTests = PR_FALSE;
1.349 + break;
1.350 + case 'n': /* non fips mode */
1.351 + MODE = NONFIPSMODE;
1.352 + slotID = 1;
1.353 + break;
1.354 + case 'f': /* password file */
1.355 + pwd = (CK_UTF8CHAR *) PKM_FilePasswd((char *)opt->value);
1.356 + if (!pwd) PKM_Help();
1.357 + break;
1.358 + case 'd': /* opt_CertDir */
1.359 + if (!opt->value) PKM_Help();
1.360 + configDir = strdup(opt->value);
1.361 + PKM_CheckPath(configDir);
1.362 + break;
1.363 + case 'p': /* opt_DBPrefix */
1.364 + if (!opt->value) PKM_Help();
1.365 + dbPrefix = strdup(opt->value);
1.366 + break;
1.367 + case 'v':
1.368 + verbose = PR_TRUE;
1.369 + break;
1.370 + case 'h': /* help message */
1.371 + default:
1.372 + PKM_Help();
1.373 + break;
1.374 + }
1.375 + }
1.376 + PL_DestroyOptState(opt);
1.377 +
1.378 + if (!pwd) {
1.379 + pwd = (CK_UTF8CHAR *)strdup("1Mozilla");
1.380 + }
1.381 + pwdLen = strlen((const char*)pwd);
1.382 + if (!configDir) {
1.383 + configDir = strdup(".");
1.384 + }
1.385 + if (!dbPrefix) {
1.386 + dbPrefix = strdup("");
1.387 + }
1.388 +
1.389 + if (doForkTests)
1.390 + {
1.391 + /* first, try to fork without softoken loaded to make sure
1.392 + * everything is OK */
1.393 + crv = PKM_ForkCheck(123, NULL, PR_FALSE, NULL);
1.394 + if (crv != CKR_OK)
1.395 + goto cleanup;
1.396 + }
1.397 +
1.398 +
1.399 +#ifdef _WIN32
1.400 + hModule = LoadLibrary(LIB_NAME);
1.401 + if (hModule == NULL) {
1.402 + PKM_Error( "cannot load %s\n", LIB_NAME);
1.403 + goto cleanup;
1.404 + }
1.405 + if (MODE == FIPSMODE) {
1.406 + /* FIPS mode == FC_GetFunctionList */
1.407 + pC_GetFunctionList = (CK_C_GetFunctionList)
1.408 + GetProcAddress(hModule, "FC_GetFunctionList");
1.409 + } else {
1.410 + /* NON FIPS mode == C_GetFunctionList */
1.411 + pC_GetFunctionList = (CK_C_GetFunctionList)
1.412 + GetProcAddress(hModule, "C_GetFunctionList");
1.413 + }
1.414 + if (pC_GetFunctionList == NULL) {
1.415 + PKM_Error( "cannot load %s\n", LIB_NAME);
1.416 + goto cleanup;
1.417 + }
1.418 +#else
1.419 + {
1.420 + char *libname = NULL;
1.421 + /* Get the platform-dependent library name of the NSS cryptographic module */
1.422 + libname = PR_GetLibraryName(NULL, "softokn3");
1.423 + assert(libname != NULL);
1.424 + lib = PR_LoadLibrary(libname);
1.425 + assert(lib != NULL);
1.426 + PR_FreeLibraryName(libname);
1.427 + }
1.428 + if (MODE == FIPSMODE) {
1.429 + pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
1.430 + "FC_GetFunctionList");
1.431 + assert(pC_GetFunctionList != NULL);
1.432 + slotID = 0;
1.433 + } else {
1.434 + pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
1.435 + "C_GetFunctionList");
1.436 + assert(pC_GetFunctionList != NULL);
1.437 + slotID = 1;
1.438 + }
1.439 +#endif
1.440 +
1.441 + if (MODE == FIPSMODE) {
1.442 + printf("Loaded FC_GetFunctionList for FIPS MODE; slotID %d \n",
1.443 + (int) slotID);
1.444 + } else {
1.445 + printf("loaded C_GetFunctionList for NON FIPS MODE; slotID %d \n",
1.446 + (int) slotID);
1.447 + }
1.448 +
1.449 + crv = (*pC_GetFunctionList)(&pFunctionList);
1.450 + assert(crv == CKR_OK);
1.451 +
1.452 +
1.453 + if (doForkTests)
1.454 + {
1.455 + /* now, try to fork with softoken loaded, but not initialized */
1.456 + crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
1.457 + PR_TRUE, NULL);
1.458 + if (crv != CKR_OK)
1.459 + goto cleanup;
1.460 + }
1.461 +
1.462 + initArgs.CreateMutex = NULL;
1.463 + initArgs.DestroyMutex = NULL;
1.464 + initArgs.LockMutex = NULL;
1.465 + initArgs.UnlockMutex = NULL;
1.466 + initArgs.flags = CKF_OS_LOCKING_OK;
1.467 + moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
1.468 + "keyPrefix='%s' secmod='secmod.db' flags= ",
1.469 + configDir, dbPrefix, dbPrefix);
1.470 + initArgs.LibraryParameters = (CK_CHAR_PTR *) moduleSpec;
1.471 + initArgs.pReserved = NULL;
1.472 +
1.473 + /*DebugBreak();*/
1.474 + /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */
1.475 + /* NSS cryptographic module library initialization for the FIPS */
1.476 + /* Approved mode when FC_Initialize is envoked will perfom */
1.477 + /* software integrity test, and power-up self-tests before */
1.478 + /* FC_Initialize returns */
1.479 + crv = pFunctionList->C_Initialize(&initArgs);
1.480 + if (crv == CKR_OK) {
1.481 + PKM_LogIt("C_Initialize succeeded\n");
1.482 + } else {
1.483 + PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
1.484 + PKM_CK_RVtoStr(crv));
1.485 + goto cleanup;
1.486 + }
1.487 +
1.488 + if (doForkTests)
1.489 + {
1.490 + /* Disable core on fork for this test, since we are testing the
1.491 + * pathological case, and if enabled, the child process would dump
1.492 + * core in C_GetTokenInfo .
1.493 + * We can still differentiate the correct from incorrect behavior
1.494 + * by the PKCS#11 return code.
1.495 + */
1.496 + /* try to fork with softoken both loaded and initialized */
1.497 + crv = PKM_ForkCheck(CKR_DEVICE_ERROR, pFunctionList, PR_FALSE, NULL);
1.498 + if (crv != CKR_OK)
1.499 + goto cleanup;
1.500 + }
1.501 +
1.502 + if (doForkTests)
1.503 + {
1.504 + /* In this next test, we fork and try to re-initialize softoken in
1.505 + * the child. This should now work because softoken has the ability
1.506 + * to hard reset.
1.507 + */
1.508 + /* try to fork with softoken both loaded and initialized */
1.509 + crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
1.510 + if (crv != CKR_OK)
1.511 + goto cleanup;
1.512 + }
1.513 +
1.514 + crv = PKM_ShowInfo(pFunctionList, slotID);
1.515 + if (crv == CKR_OK) {
1.516 + PKM_LogIt("PKM_ShowInfo succeeded\n");
1.517 + } else {
1.518 + PKM_Error( "PKM_ShowInfo failed with 0x%08X, %-26s\n", crv,
1.519 + PKM_CK_RVtoStr(crv));
1.520 + goto cleanup;
1.521 + }
1.522 + pSlotList = PKM_GetSlotList(pFunctionList, slotID);
1.523 + if (pSlotList == NULL) {
1.524 + PKM_Error( "PKM_GetSlotList failed with \n");
1.525 + goto cleanup;
1.526 + }
1.527 + crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
1.528 + if (crv == CKR_OK) {
1.529 + PKM_LogIt("C_GetTokenInfo succeeded\n\n");
1.530 + } else {
1.531 + PKM_Error( "C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
1.532 + PKM_CK_RVtoStr(crv));
1.533 + goto cleanup;
1.534 + }
1.535 +
1.536 + if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED)) {
1.537 + PKM_LogIt("Initing PW for DB\n");
1.538 + crv = PKM_InitPWforDB(pFunctionList, pSlotList, slotID,
1.539 + pwd, pwdLen);
1.540 + if (crv == CKR_OK) {
1.541 + PKM_LogIt("PKM_InitPWforDB succeeded\n\n");
1.542 + } else {
1.543 + PKM_Error( "PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv,
1.544 + PKM_CK_RVtoStr(crv));
1.545 + goto cleanup;
1.546 + }
1.547 + } else {
1.548 + PKM_LogIt("using existing DB\n");
1.549 + }
1.550 +
1.551 + /* general mechanism by token */
1.552 + crv = PKM_Mechanism(pFunctionList, pSlotList, slotID);
1.553 + if (crv == CKR_OK) {
1.554 + PKM_LogIt("PKM_Mechanism succeeded\n\n");
1.555 + } else {
1.556 + PKM_Error( "PKM_Mechanism failed with 0x%08X, %-26s\n", crv,
1.557 + PKM_CK_RVtoStr(crv));
1.558 + goto cleanup;
1.559 + }
1.560 + /* RNG example without Login */
1.561 + crv = PKM_RNG(pFunctionList, pSlotList, slotID);
1.562 + if (crv == CKR_OK) {
1.563 + PKM_LogIt("PKM_RNG succeeded\n\n");
1.564 + } else {
1.565 + PKM_Error( "PKM_RNG failed with 0x%08X, %-26s\n", crv,
1.566 + PKM_CK_RVtoStr(crv));
1.567 + goto cleanup;
1.568 + }
1.569 +
1.570 + crv = PKM_SessionLogin(pFunctionList, pSlotList, slotID,
1.571 + pwd, pwdLen);
1.572 + if (crv == CKR_OK) {
1.573 + PKM_LogIt("PKM_SessionLogin succeeded\n\n");
1.574 + } else {
1.575 + PKM_Error( "PKM_SessionLogin failed with 0x%08X, %-26s\n", crv,
1.576 + PKM_CK_RVtoStr(crv));
1.577 + goto cleanup;
1.578 + }
1.579 +
1.580 + /*
1.581 + * PKM_KeyTest creates RSA,DSA public keys
1.582 + * and AES, DES3 secret keys.
1.583 + * then does digest, hmac, encrypt/decrypt, signing operations.
1.584 + */
1.585 + crv = PKM_KeyTests(pFunctionList, pSlotList, slotID,
1.586 + pwd, pwdLen);
1.587 + if (crv == CKR_OK) {
1.588 + PKM_LogIt("PKM_KeyTests succeeded\n\n");
1.589 + } else {
1.590 + PKM_Error( "PKM_KeyTest failed with 0x%08X, %-26s\n", crv,
1.591 + PKM_CK_RVtoStr(crv));
1.592 + goto cleanup;
1.593 + }
1.594 +
1.595 + crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd,
1.596 + pwdLen);
1.597 + if (crv == CKR_OK) {
1.598 + PKM_LogIt("PKM_SecretKey succeeded\n\n");
1.599 + } else {
1.600 + PKM_Error( "PKM_SecretKey failed with 0x%08X, %-26s\n", crv,
1.601 + PKM_CK_RVtoStr(crv));
1.602 + goto cleanup;
1.603 + }
1.604 +
1.605 + crv = PKM_PublicKey(pFunctionList, pSlotList, slotID,
1.606 + pwd, pwdLen);
1.607 + if (crv == CKR_OK) {
1.608 + PKM_LogIt("PKM_PublicKey succeeded\n\n");
1.609 + } else {
1.610 + PKM_Error( "PKM_PublicKey failed with 0x%08X, %-26s\n", crv,
1.611 + PKM_CK_RVtoStr(crv));
1.612 + goto cleanup;
1.613 + }
1.614 + crv = PKM_OperationalState(pFunctionList, pSlotList, slotID,
1.615 + pwd, pwdLen);
1.616 + if (crv == CKR_OK) {
1.617 + PKM_LogIt("PKM_OperationalState succeeded\n\n");
1.618 + } else {
1.619 + PKM_Error( "PKM_OperationalState failed with 0x%08X, %-26s\n", crv,
1.620 + PKM_CK_RVtoStr(crv));
1.621 + goto cleanup;
1.622 + }
1.623 + crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID,
1.624 + pwd, pwdLen);
1.625 + if (crv == CKR_OK) {
1.626 + PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n");
1.627 + } else {
1.628 + PKM_Error( "PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv,
1.629 + PKM_CK_RVtoStr(crv));
1.630 + goto cleanup;
1.631 + }
1.632 + crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID,
1.633 + pwd, pwdLen);
1.634 + if (crv == CKR_OK) {
1.635 + PKM_LogIt("PKM_LegacyFunctions succeeded\n\n");
1.636 + } else {
1.637 + PKM_Error( "PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv,
1.638 + PKM_CK_RVtoStr(crv));
1.639 + goto cleanup;
1.640 + }
1.641 + crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID,
1.642 + pwd, pwdLen,
1.643 + CKM_TLS_KEY_AND_MAC_DERIVE, CORRECT);
1.644 +
1.645 + if (crv == CKR_OK) {
1.646 + PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n");
1.647 + } else {
1.648 + PKM_Error( "PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv,
1.649 + PKM_CK_RVtoStr(crv));
1.650 + goto cleanup;
1.651 + }
1.652 + crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
1.653 + pwd, pwdLen,
1.654 + CKM_TLS_MASTER_KEY_DERIVE,
1.655 + CORRECT);
1.656 + if (crv == CKR_OK) {
1.657 + PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
1.658 + } else {
1.659 + PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
1.660 + PKM_CK_RVtoStr(crv));
1.661 + goto cleanup;
1.662 + }
1.663 + crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
1.664 + pwd, pwdLen,
1.665 + CKM_TLS_MASTER_KEY_DERIVE_DH,
1.666 + CORRECT);
1.667 + if (crv == CKR_OK) {
1.668 + PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
1.669 + } else {
1.670 + PKM_Error( "PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
1.671 + PKM_CK_RVtoStr(crv));
1.672 + goto cleanup;
1.673 + }
1.674 + crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID,
1.675 + pwd, pwdLen);
1.676 + if (crv == CKR_OK) {
1.677 + PKM_LogIt("PKM_FindAllObjects succeeded\n\n");
1.678 + } else {
1.679 + PKM_Error( "PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv,
1.680 + PKM_CK_RVtoStr(crv));
1.681 + goto cleanup;
1.682 + }
1.683 + crv = pFunctionList->C_Finalize(NULL);
1.684 + if (crv == CKR_OK) {
1.685 + PKM_LogIt("C_Finalize succeeded\n");
1.686 + } else {
1.687 + PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv,
1.688 + PKM_CK_RVtoStr(crv));
1.689 + goto cleanup;
1.690 + }
1.691 +
1.692 + if (doForkTests)
1.693 + {
1.694 + /* try to fork with softoken still loaded, but de-initialized */
1.695 + crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
1.696 + PR_TRUE, NULL);
1.697 + if (crv != CKR_OK)
1.698 + goto cleanup;
1.699 + }
1.700 +
1.701 + if (pSlotList) free(pSlotList);
1.702 +
1.703 + /* demonstrate how an application can be in Hybrid mode */
1.704 + /* PKM_HybridMode shows how to switch between NONFIPS */
1.705 + /* mode to FIPS mode */
1.706 +
1.707 + PKM_LogIt("Testing Hybrid mode \n");
1.708 + crv = PKM_HybridMode(pwd, pwdLen, &initArgs);
1.709 + if (crv == CKR_OK) {
1.710 + PKM_LogIt("PKM_HybridMode succeeded\n");
1.711 + } else {
1.712 + PKM_Error( "PKM_HybridMode failed with 0x%08X, %-26s\n", crv,
1.713 + PKM_CK_RVtoStr(crv));
1.714 + goto cleanup;
1.715 + }
1.716 +
1.717 + if (doForkTests) {
1.718 + /* testing one more C_Initialize / C_Finalize to exercise getpid()
1.719 + * fork check code */
1.720 + crv = pFunctionList->C_Initialize(&initArgs);
1.721 + if (crv == CKR_OK) {
1.722 + PKM_LogIt("C_Initialize succeeded\n");
1.723 + } else {
1.724 + PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
1.725 + PKM_CK_RVtoStr(crv));
1.726 + goto cleanup;
1.727 + }
1.728 + crv = pFunctionList->C_Finalize(NULL);
1.729 + if (crv == CKR_OK) {
1.730 + PKM_LogIt("C_Finalize succeeded\n");
1.731 + } else {
1.732 + PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv,
1.733 + PKM_CK_RVtoStr(crv));
1.734 + goto cleanup;
1.735 + }
1.736 + /* try to C_Initialize / C_Finalize in child. This should succeed */
1.737 + crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
1.738 + }
1.739 +
1.740 + PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n");
1.741 +
1.742 +cleanup:
1.743 +
1.744 + if (pwd) {
1.745 + free(pwd);
1.746 + }
1.747 + if (configDir) {
1.748 + free(configDir);
1.749 + }
1.750 + if (dbPrefix) {
1.751 + free(dbPrefix);
1.752 + }
1.753 + if (moduleSpec) {
1.754 + PR_smprintf_free(moduleSpec);
1.755 + }
1.756 +
1.757 +#ifdef _WIN32
1.758 + FreeLibrary(hModule);
1.759 +#else
1.760 + disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
1.761 + if (!disableUnload) {
1.762 + PR_UnloadLibrary(lib);
1.763 + }
1.764 +#endif
1.765 + if (CKR_OK == crv && doForkTests && !disableUnload) {
1.766 + /* try to fork with softoken both de-initialized and unloaded */
1.767 + crv = PKM_ForkCheck(123, NULL, PR_TRUE, NULL);
1.768 + }
1.769 +
1.770 + printf("**** Total number of TESTS ran in %s is %d. ****\n",
1.771 + ((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int) NUMTESTS);
1.772 + if (CKR_OK == crv) {
1.773 + printf("**** ALL TESTS PASSED ****\n");
1.774 + }
1.775 +
1.776 + return crv;
1.777 +}
1.778 +
1.779 +/*
1.780 +* PKM_KeyTests
1.781 +*
1.782 +*
1.783 +*/
1.784 +
1.785 +CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
1.786 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.787 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.788 + CK_SESSION_HANDLE hRwSession;
1.789 +
1.790 + CK_RV crv = CKR_OK;
1.791 +
1.792 +/*** DSA Key ***/
1.793 + CK_MECHANISM dsaParamGenMech;
1.794 + CK_ULONG primeBits = 1024;
1.795 + CK_ATTRIBUTE dsaParamGenTemplate[1];
1.796 + CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
1.797 + CK_BYTE DSA_P[128];
1.798 + CK_BYTE DSA_Q[20];
1.799 + CK_BYTE DSA_G[128];
1.800 + CK_MECHANISM dsaKeyPairGenMech;
1.801 + CK_ATTRIBUTE dsaPubKeyTemplate[5];
1.802 + CK_ATTRIBUTE dsaPrivKeyTemplate[5];
1.803 + CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
1.804 + CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
1.805 +
1.806 +/**** RSA Key ***/
1.807 + CK_KEY_TYPE rsatype = CKK_RSA;
1.808 + CK_MECHANISM rsaKeyPairGenMech;
1.809 + CK_BYTE subject[] = {"RSA Private Key"};
1.810 + CK_ULONG modulusBits = 1024;
1.811 + CK_BYTE publicExponent[] = {0x01, 0x00, 0x01};
1.812 + CK_BYTE id[] = {"RSA123"};
1.813 + CK_ATTRIBUTE rsaPubKeyTemplate[9];
1.814 + CK_ATTRIBUTE rsaPrivKeyTemplate[11];
1.815 + CK_OBJECT_HANDLE hRSApubKey = CK_INVALID_HANDLE;
1.816 + CK_OBJECT_HANDLE hRSAprivKey = CK_INVALID_HANDLE;
1.817 +
1.818 + /*** AES Key ***/
1.819 + CK_MECHANISM sAESKeyMech = {
1.820 + CKM_AES_KEY_GEN, NULL, 0
1.821 + };
1.822 + CK_OBJECT_CLASS class = CKO_SECRET_KEY;
1.823 + CK_KEY_TYPE keyAESType = CKK_AES;
1.824 + CK_UTF8CHAR AESlabel[] = "An AES secret key object";
1.825 + CK_ULONG AESvalueLen = 32;
1.826 + CK_ATTRIBUTE sAESKeyTemplate[9];
1.827 + CK_OBJECT_HANDLE hAESSecKey;
1.828 +
1.829 +/*** DES3 Key ***/
1.830 + CK_KEY_TYPE keyDES3Type = CKK_DES3;
1.831 + CK_UTF8CHAR DES3label[] = "An Triple DES secret key object";
1.832 + CK_ULONG DES3valueLen = 56;
1.833 + CK_MECHANISM sDES3KeyGenMechanism = {
1.834 + CKM_DES3_KEY_GEN, NULL, 0
1.835 + };
1.836 + CK_ATTRIBUTE sDES3KeyTemplate[9];
1.837 + CK_OBJECT_HANDLE hDES3SecKey;
1.838 +
1.839 + CK_MECHANISM dsaWithSha1Mech = {
1.840 + CKM_DSA_SHA1, NULL, 0
1.841 + };
1.842 +
1.843 + CK_BYTE IV[16];
1.844 + CK_MECHANISM mech_DES3_CBC;
1.845 + CK_MECHANISM mech_DES3_CBC_PAD;
1.846 + CK_MECHANISM mech_AES_CBC_PAD;
1.847 + CK_MECHANISM mech_AES_CBC;
1.848 + struct mech_str {
1.849 + CK_ULONG mechanism;
1.850 + const char *mechanismStr;
1.851 + };
1.852 +
1.853 + typedef struct mech_str mech_str;
1.854 +
1.855 + mech_str digestMechs[] = {
1.856 + {CKM_SHA_1, "CKM_SHA_1 "},
1.857 + {CKM_SHA224, "CKM_SHA224"},
1.858 + {CKM_SHA256, "CKM_SHA256"},
1.859 + {CKM_SHA384, "CKM_SHA384"},
1.860 + {CKM_SHA512, "CKM_SHA512"}
1.861 + };
1.862 + mech_str hmacMechs[] = {
1.863 + {CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC"},
1.864 + {CKM_SHA224_HMAC, "CKM_SHA224_HMAC"},
1.865 + {CKM_SHA256_HMAC, "CKM_SHA256_HMAC"},
1.866 + {CKM_SHA384_HMAC, "CKM_SHA384_HMAC"},
1.867 + {CKM_SHA512_HMAC, "CKM_SHA512_HMAC"}
1.868 + };
1.869 + mech_str sigRSAMechs[] = {
1.870 + {CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS"},
1.871 + {CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS"},
1.872 + {CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS"},
1.873 + {CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS"},
1.874 + {CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS"}
1.875 + };
1.876 +
1.877 + CK_ULONG digestMechsSZ = NUM_ELEM(digestMechs);
1.878 + CK_ULONG sigRSAMechsSZ = NUM_ELEM(sigRSAMechs);
1.879 + CK_ULONG hmacMechsSZ = NUM_ELEM(hmacMechs);
1.880 + CK_MECHANISM mech;
1.881 +
1.882 + unsigned int i;
1.883 +
1.884 + NUMTESTS++; /* increment NUMTESTS */
1.885 +
1.886 + /* DSA key init */
1.887 + dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
1.888 + dsaParamGenMech.pParameter = NULL_PTR;
1.889 + dsaParamGenMech.ulParameterLen = 0;
1.890 + dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
1.891 + dsaParamGenTemplate[0].pValue = &primeBits;
1.892 + dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
1.893 + dsaPubKeyTemplate[0].type = CKA_PRIME;
1.894 + dsaPubKeyTemplate[0].pValue = DSA_P;
1.895 + dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
1.896 + dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
1.897 + dsaPubKeyTemplate[1].pValue = DSA_Q;
1.898 + dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
1.899 + dsaPubKeyTemplate[2].type = CKA_BASE;
1.900 + dsaPubKeyTemplate[2].pValue = DSA_G;
1.901 + dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
1.902 + dsaPubKeyTemplate[3].type = CKA_TOKEN;
1.903 + dsaPubKeyTemplate[3].pValue = &true;
1.904 + dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
1.905 + dsaPubKeyTemplate[4].type = CKA_VERIFY;
1.906 + dsaPubKeyTemplate[4].pValue = &true;
1.907 + dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
1.908 + dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
1.909 + dsaKeyPairGenMech.pParameter = NULL_PTR;
1.910 + dsaKeyPairGenMech.ulParameterLen = 0;
1.911 + dsaPrivKeyTemplate[0].type = CKA_TOKEN;
1.912 + dsaPrivKeyTemplate[0].pValue = &true;
1.913 + dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
1.914 + dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
1.915 + dsaPrivKeyTemplate[1].pValue = &true;
1.916 + dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
1.917 + dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
1.918 + dsaPrivKeyTemplate[2].pValue = &true;
1.919 + dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
1.920 + dsaPrivKeyTemplate[3].type = CKA_SIGN,
1.921 + dsaPrivKeyTemplate[3].pValue = &true;
1.922 + dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
1.923 + dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
1.924 + dsaPrivKeyTemplate[4].pValue = &true;
1.925 + dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
1.926 +
1.927 + /* RSA key init */
1.928 + rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
1.929 + rsaKeyPairGenMech.pParameter = NULL_PTR;
1.930 + rsaKeyPairGenMech.ulParameterLen = 0;
1.931 +
1.932 + rsaPubKeyTemplate[0].type = CKA_KEY_TYPE;
1.933 + rsaPubKeyTemplate[0].pValue = &rsatype;
1.934 + rsaPubKeyTemplate[0].ulValueLen = sizeof(rsatype);
1.935 + rsaPubKeyTemplate[1].type = CKA_PRIVATE;
1.936 + rsaPubKeyTemplate[1].pValue = &true;
1.937 + rsaPubKeyTemplate[1].ulValueLen = sizeof(true);
1.938 + rsaPubKeyTemplate[2].type = CKA_ENCRYPT;
1.939 + rsaPubKeyTemplate[2].pValue = &true;
1.940 + rsaPubKeyTemplate[2].ulValueLen = sizeof(true);
1.941 + rsaPubKeyTemplate[3].type = CKA_DECRYPT;
1.942 + rsaPubKeyTemplate[3].pValue = &true;
1.943 + rsaPubKeyTemplate[3].ulValueLen = sizeof(true);
1.944 + rsaPubKeyTemplate[4].type = CKA_VERIFY;
1.945 + rsaPubKeyTemplate[4].pValue = &true;
1.946 + rsaPubKeyTemplate[4].ulValueLen = sizeof(true);
1.947 + rsaPubKeyTemplate[5].type = CKA_SIGN;
1.948 + rsaPubKeyTemplate[5].pValue = &true;
1.949 + rsaPubKeyTemplate[5].ulValueLen = sizeof(true);
1.950 + rsaPubKeyTemplate[6].type = CKA_WRAP;
1.951 + rsaPubKeyTemplate[6].pValue = &true;
1.952 + rsaPubKeyTemplate[6].ulValueLen = sizeof(true);
1.953 + rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS;
1.954 + rsaPubKeyTemplate[7].pValue = &modulusBits;
1.955 + rsaPubKeyTemplate[7].ulValueLen = sizeof(modulusBits);
1.956 + rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT;
1.957 + rsaPubKeyTemplate[8].pValue = publicExponent;
1.958 + rsaPubKeyTemplate[8].ulValueLen = sizeof (publicExponent);
1.959 +
1.960 + rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE;
1.961 + rsaPrivKeyTemplate[0].pValue = &rsatype;
1.962 + rsaPrivKeyTemplate[0].ulValueLen = sizeof(rsatype);
1.963 + rsaPrivKeyTemplate[1].type = CKA_TOKEN;
1.964 + rsaPrivKeyTemplate[1].pValue = &true;
1.965 + rsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
1.966 + rsaPrivKeyTemplate[2].type = CKA_PRIVATE;
1.967 + rsaPrivKeyTemplate[2].pValue = &true;
1.968 + rsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
1.969 + rsaPrivKeyTemplate[3].type = CKA_SUBJECT;
1.970 + rsaPrivKeyTemplate[3].pValue = subject;
1.971 + rsaPrivKeyTemplate[3].ulValueLen = sizeof(subject);
1.972 + rsaPrivKeyTemplate[4].type = CKA_ID;
1.973 + rsaPrivKeyTemplate[4].pValue = id;
1.974 + rsaPrivKeyTemplate[4].ulValueLen = sizeof(id);
1.975 + rsaPrivKeyTemplate[5].type = CKA_SENSITIVE;
1.976 + rsaPrivKeyTemplate[5].pValue = &true;
1.977 + rsaPrivKeyTemplate[5].ulValueLen = sizeof(true);
1.978 + rsaPrivKeyTemplate[6].type = CKA_ENCRYPT;
1.979 + rsaPrivKeyTemplate[6].pValue = &true;
1.980 + rsaPrivKeyTemplate[6].ulValueLen = sizeof(true);
1.981 + rsaPrivKeyTemplate[7].type = CKA_DECRYPT;
1.982 + rsaPrivKeyTemplate[7].pValue = &true;
1.983 + rsaPrivKeyTemplate[7].ulValueLen = sizeof(true);
1.984 + rsaPrivKeyTemplate[8].type = CKA_VERIFY;
1.985 + rsaPrivKeyTemplate[8].pValue = &true;
1.986 + rsaPrivKeyTemplate[8].ulValueLen = sizeof(true);
1.987 + rsaPrivKeyTemplate[9].type = CKA_SIGN;
1.988 + rsaPrivKeyTemplate[9].pValue = &true;
1.989 + rsaPrivKeyTemplate[9].ulValueLen = sizeof(true);
1.990 + rsaPrivKeyTemplate[10].type = CKA_UNWRAP;
1.991 + rsaPrivKeyTemplate[10].pValue = &true;
1.992 + rsaPrivKeyTemplate[10].ulValueLen = sizeof(true);
1.993 +
1.994 + /* AES key template */
1.995 + sAESKeyTemplate[0].type = CKA_CLASS;
1.996 + sAESKeyTemplate[0].pValue = &class;
1.997 + sAESKeyTemplate[0].ulValueLen = sizeof(class);
1.998 + sAESKeyTemplate[1].type = CKA_KEY_TYPE;
1.999 + sAESKeyTemplate[1].pValue = &keyAESType;
1.1000 + sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
1.1001 + sAESKeyTemplate[2].type = CKA_LABEL;
1.1002 + sAESKeyTemplate[2].pValue = AESlabel;
1.1003 + sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
1.1004 + sAESKeyTemplate[3].type = CKA_ENCRYPT;
1.1005 + sAESKeyTemplate[3].pValue = &true;
1.1006 + sAESKeyTemplate[3].ulValueLen = sizeof(true);
1.1007 + sAESKeyTemplate[4].type = CKA_DECRYPT;
1.1008 + sAESKeyTemplate[4].pValue = &true;
1.1009 + sAESKeyTemplate[4].ulValueLen = sizeof(true);
1.1010 + sAESKeyTemplate[5].type = CKA_SIGN;
1.1011 + sAESKeyTemplate[5].pValue = &true;
1.1012 + sAESKeyTemplate[5].ulValueLen = sizeof (true);
1.1013 + sAESKeyTemplate[6].type = CKA_VERIFY;
1.1014 + sAESKeyTemplate[6].pValue = &true;
1.1015 + sAESKeyTemplate[6].ulValueLen = sizeof(true);
1.1016 + sAESKeyTemplate[7].type = CKA_UNWRAP;
1.1017 + sAESKeyTemplate[7].pValue = &true;
1.1018 + sAESKeyTemplate[7].ulValueLen = sizeof(true);
1.1019 + sAESKeyTemplate[8].type = CKA_VALUE_LEN;
1.1020 + sAESKeyTemplate[8].pValue = &AESvalueLen;
1.1021 + sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
1.1022 +
1.1023 + /* DES3 key template */
1.1024 + sDES3KeyTemplate[0].type = CKA_CLASS;
1.1025 + sDES3KeyTemplate[0].pValue = &class;
1.1026 + sDES3KeyTemplate[0].ulValueLen = sizeof(class);
1.1027 + sDES3KeyTemplate[1].type = CKA_KEY_TYPE;
1.1028 + sDES3KeyTemplate[1].pValue = &keyDES3Type;
1.1029 + sDES3KeyTemplate[1].ulValueLen = sizeof(keyDES3Type);
1.1030 + sDES3KeyTemplate[2].type = CKA_LABEL;
1.1031 + sDES3KeyTemplate[2].pValue = DES3label;
1.1032 + sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label)-1;
1.1033 + sDES3KeyTemplate[3].type = CKA_ENCRYPT;
1.1034 + sDES3KeyTemplate[3].pValue = &true;
1.1035 + sDES3KeyTemplate[3].ulValueLen = sizeof(true);
1.1036 + sDES3KeyTemplate[4].type = CKA_DECRYPT;
1.1037 + sDES3KeyTemplate[4].pValue = &true;
1.1038 + sDES3KeyTemplate[4].ulValueLen = sizeof(true);
1.1039 + sDES3KeyTemplate[5].type = CKA_UNWRAP;
1.1040 + sDES3KeyTemplate[5].pValue = &true;
1.1041 + sDES3KeyTemplate[5].ulValueLen = sizeof(true);
1.1042 + sDES3KeyTemplate[6].type = CKA_SIGN,
1.1043 + sDES3KeyTemplate[6].pValue = &true;
1.1044 + sDES3KeyTemplate[6].ulValueLen = sizeof (true);
1.1045 + sDES3KeyTemplate[7].type = CKA_VERIFY;
1.1046 + sDES3KeyTemplate[7].pValue = &true;
1.1047 + sDES3KeyTemplate[7].ulValueLen = sizeof(true);
1.1048 + sDES3KeyTemplate[8].type = CKA_VALUE_LEN;
1.1049 + sDES3KeyTemplate[8].pValue = &DES3valueLen;
1.1050 + sDES3KeyTemplate[8].ulValueLen = sizeof(DES3valueLen);
1.1051 +
1.1052 + /* mech init */
1.1053 + memset(IV, 0x01, sizeof(IV));
1.1054 + mech_DES3_CBC.mechanism = CKM_DES3_CBC;
1.1055 + mech_DES3_CBC.pParameter = IV;
1.1056 + mech_DES3_CBC.ulParameterLen = sizeof(IV);
1.1057 + mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD;
1.1058 + mech_DES3_CBC_PAD.pParameter = IV;
1.1059 + mech_DES3_CBC_PAD.ulParameterLen = sizeof(IV);
1.1060 + mech_AES_CBC.mechanism = CKM_AES_CBC;
1.1061 + mech_AES_CBC.pParameter = IV;
1.1062 + mech_AES_CBC.ulParameterLen = sizeof(IV);
1.1063 + mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD;
1.1064 + mech_AES_CBC_PAD.pParameter = IV;
1.1065 + mech_AES_CBC_PAD.ulParameterLen = sizeof(IV);
1.1066 +
1.1067 +
1.1068 + crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1.1069 + CKF_RW_SESSION | CKF_SERIAL_SESSION,
1.1070 + NULL, NULL, &hRwSession);
1.1071 + if (crv == CKR_OK) {
1.1072 + PKM_LogIt("Opening a read/write session succeeded\n");
1.1073 + } else {
1.1074 + PKM_Error( "Opening a read/write session failed "
1.1075 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1076 + return crv;
1.1077 + }
1.1078 +
1.1079 + if (MODE == FIPSMODE) {
1.1080 + crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
1.1081 + sAESKeyTemplate,
1.1082 + NUM_ELEM(sAESKeyTemplate),
1.1083 + &hAESSecKey);
1.1084 + if (crv == CKR_OK) {
1.1085 + PKM_Error("C_GenerateKey succeeded when not logged in.\n");
1.1086 + return CKR_GENERAL_ERROR;
1.1087 + } else {
1.1088 + PKM_LogIt("C_GenerateKey returned as EXPECTED with 0x%08X, %-26s\n"
1.1089 + "since not logged in\n", crv, PKM_CK_RVtoStr(crv));
1.1090 + }
1.1091 + crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
1.1092 + rsaPubKeyTemplate,
1.1093 + NUM_ELEM(rsaPubKeyTemplate),
1.1094 + rsaPrivKeyTemplate,
1.1095 + NUM_ELEM(rsaPrivKeyTemplate),
1.1096 + &hRSApubKey, &hRSAprivKey);
1.1097 + if (crv == CKR_OK) {
1.1098 + PKM_Error("C_GenerateKeyPair succeeded when not logged in.\n");
1.1099 + return CKR_GENERAL_ERROR;
1.1100 + } else {
1.1101 + PKM_LogIt("C_GenerateKeyPair returned as EXPECTED with 0x%08X, "
1.1102 + "%-26s\n since not logged in\n", crv,
1.1103 + PKM_CK_RVtoStr(crv));
1.1104 + }
1.1105 + }
1.1106 +
1.1107 + crv = pFunctionList->C_Login(hRwSession, CKU_USER, pwd, pwdLen);
1.1108 + if (crv == CKR_OK) {
1.1109 + PKM_LogIt("C_Login with correct password succeeded\n");
1.1110 + } else {
1.1111 + PKM_Error("C_Login with correct password failed "
1.1112 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1113 + return crv;
1.1114 + }
1.1115 +
1.1116 + PKM_LogIt("Generate an AES key ... \n");
1.1117 + /* generate an AES Secret Key */
1.1118 + crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
1.1119 + sAESKeyTemplate,
1.1120 + NUM_ELEM(sAESKeyTemplate),
1.1121 + &hAESSecKey);
1.1122 + if (crv == CKR_OK) {
1.1123 + PKM_LogIt("C_GenerateKey AES succeeded\n");
1.1124 + } else {
1.1125 + PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
1.1126 + crv, PKM_CK_RVtoStr(crv));
1.1127 + return crv;
1.1128 + }
1.1129 +
1.1130 + PKM_LogIt("Generate an 3DES key ...\n");
1.1131 + /* generate an 3DES Secret Key */
1.1132 + crv = pFunctionList->C_GenerateKey(hRwSession, &sDES3KeyGenMechanism,
1.1133 + sDES3KeyTemplate,
1.1134 + NUM_ELEM(sDES3KeyTemplate),
1.1135 + &hDES3SecKey);
1.1136 + if (crv == CKR_OK) {
1.1137 + PKM_LogIt("C_GenerateKey DES3 succeeded\n");
1.1138 + } else {
1.1139 + PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
1.1140 + PKM_CK_RVtoStr(crv));
1.1141 + return crv;
1.1142 + }
1.1143 +
1.1144 + PKM_LogIt("Generate DSA PQG domain parameters ... \n");
1.1145 + /* Generate DSA domain parameters PQG */
1.1146 + crv = pFunctionList->C_GenerateKey(hRwSession, &dsaParamGenMech,
1.1147 + dsaParamGenTemplate,
1.1148 + 1,
1.1149 + &hDsaParams);
1.1150 + if (crv == CKR_OK) {
1.1151 + PKM_LogIt("DSA domain parameter generation succeeded\n");
1.1152 + } else {
1.1153 + PKM_Error( "DSA domain parameter generation failed "
1.1154 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1155 + return crv;
1.1156 + }
1.1157 + crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams,
1.1158 + dsaPubKeyTemplate, 3);
1.1159 + if (crv == CKR_OK) {
1.1160 + PKM_LogIt("Getting DSA domain parameters succeeded\n");
1.1161 + } else {
1.1162 + PKM_Error( "Getting DSA domain parameters failed "
1.1163 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1164 + return crv;
1.1165 + }
1.1166 + crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams);
1.1167 + if (crv == CKR_OK) {
1.1168 + PKM_LogIt("Destroying DSA domain parameters succeeded\n");
1.1169 + } else {
1.1170 + PKM_Error( "Destroying DSA domain parameters failed "
1.1171 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1172 + return crv;
1.1173 + }
1.1174 +
1.1175 + PKM_LogIt("Generate a DSA key pair ... \n");
1.1176 + /* Generate a persistent DSA key pair */
1.1177 + crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
1.1178 + dsaPubKeyTemplate,
1.1179 + NUM_ELEM(dsaPubKeyTemplate),
1.1180 + dsaPrivKeyTemplate,
1.1181 + NUM_ELEM(dsaPrivKeyTemplate),
1.1182 + &hDSApubKey, &hDSAprivKey);
1.1183 + if (crv == CKR_OK) {
1.1184 + PKM_LogIt("DSA key pair generation succeeded\n");
1.1185 + } else {
1.1186 + PKM_Error( "DSA key pair generation failed "
1.1187 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1188 + return crv;
1.1189 + }
1.1190 +
1.1191 + PKM_LogIt("Generate a RSA key pair ... \n");
1.1192 + /*** GEN RSA Key ***/
1.1193 + crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
1.1194 + rsaPubKeyTemplate,
1.1195 + NUM_ELEM(rsaPubKeyTemplate),
1.1196 + rsaPrivKeyTemplate,
1.1197 + NUM_ELEM(rsaPrivKeyTemplate),
1.1198 + &hRSApubKey, &hRSAprivKey);
1.1199 + if (crv == CKR_OK) {
1.1200 + PKM_LogIt("C_GenerateKeyPair created an RSA key pair. \n");
1.1201 + } else {
1.1202 + PKM_Error("C_GenerateKeyPair failed to create an RSA key pair.\n"
1.1203 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1204 + return crv;
1.1205 + }
1.1206 +
1.1207 + PKM_LogIt("**** Generation of keys completed ***** \n");
1.1208 +
1.1209 + mech.mechanism = CKM_RSA_PKCS;
1.1210 + mech.pParameter = NULL;
1.1211 + mech.ulParameterLen = 0;
1.1212 +
1.1213 + crv = PKM_wrapUnwrap(pFunctionList,
1.1214 + hRwSession,
1.1215 + hRSApubKey, hRSAprivKey,
1.1216 + &mech,
1.1217 + hAESSecKey,
1.1218 + sAESKeyTemplate,
1.1219 + NUM_ELEM(sAESKeyTemplate));
1.1220 +
1.1221 + if (crv == CKR_OK) {
1.1222 + PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap AES key "
1.1223 + "succeeded\n\n");
1.1224 + } else {
1.1225 + PKM_Error( "PKM_wrapUnwrap using RSA keypair to wrap AES key failed "
1.1226 + "with 0x%08X, %-26s\n", crv,
1.1227 + PKM_CK_RVtoStr(crv));
1.1228 + return crv;
1.1229 + }
1.1230 +
1.1231 + crv = PKM_wrapUnwrap(pFunctionList,
1.1232 + hRwSession,
1.1233 + hRSApubKey, hRSAprivKey,
1.1234 + &mech,
1.1235 + hDES3SecKey,
1.1236 + sDES3KeyTemplate,
1.1237 + NUM_ELEM(sDES3KeyTemplate));
1.1238 +
1.1239 + if (crv == CKR_OK) {
1.1240 + PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
1.1241 + "succeeded\n\n");
1.1242 + } else {
1.1243 + PKM_Error( "PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
1.1244 + "failed with 0x%08X, %-26s\n", crv,
1.1245 + PKM_CK_RVtoStr(crv));
1.1246 + return crv;
1.1247 + }
1.1248 +
1.1249 + crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1.1250 + hAESSecKey, &mech_AES_CBC_PAD,
1.1251 + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1.1252 + if (crv == CKR_OK) {
1.1253 + PKM_LogIt("PKM_SecKeyCrypt succeeded \n\n");
1.1254 + } else {
1.1255 + PKM_Error( "PKM_SecKeyCrypt failed "
1.1256 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1257 + return crv;
1.1258 + }
1.1259 +
1.1260 + crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1.1261 + hAESSecKey, &mech_AES_CBC,
1.1262 + PLAINTEXT, sizeof(PLAINTEXT));
1.1263 + if (crv == CKR_OK) {
1.1264 + PKM_LogIt("PKM_SecKeyCrypt AES succeeded \n\n");
1.1265 + } else {
1.1266 + PKM_Error( "PKM_SecKeyCrypt failed "
1.1267 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1268 + return crv;
1.1269 + }
1.1270 +
1.1271 + crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1.1272 + hDES3SecKey, &mech_DES3_CBC,
1.1273 + PLAINTEXT, sizeof(PLAINTEXT));
1.1274 + if (crv == CKR_OK) {
1.1275 + PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n");
1.1276 + } else {
1.1277 + PKM_Error( "PKM_SecKeyCrypt DES3 failed "
1.1278 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1279 + return crv;
1.1280 + }
1.1281 +
1.1282 + crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
1.1283 + hDES3SecKey, &mech_DES3_CBC_PAD,
1.1284 + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1.1285 + if (crv == CKR_OK) {
1.1286 + PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n\n");
1.1287 + } else {
1.1288 + PKM_Error( "PKM_SecKeyCrypt DES3 failed "
1.1289 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1290 + return crv;
1.1291 + }
1.1292 +
1.1293 + mech.mechanism = CKM_RSA_PKCS;
1.1294 + crv = PKM_RecoverFunctions(pFunctionList, hRwSession,
1.1295 + hRSApubKey, hRSAprivKey,
1.1296 + &mech,
1.1297 + PLAINTEXT, sizeof(PLAINTEXT));
1.1298 + if (crv == CKR_OK) {
1.1299 + PKM_LogIt("PKM_RecoverFunctions for CKM_RSA_PKCS succeeded\n\n");
1.1300 + } else {
1.1301 + PKM_Error( "PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv,
1.1302 + PKM_CK_RVtoStr(crv));
1.1303 + return crv;
1.1304 + }
1.1305 +
1.1306 + mech.pParameter = NULL;
1.1307 + mech.ulParameterLen = 0;
1.1308 +
1.1309 + for (i=0; i < sigRSAMechsSZ; i++) {
1.1310 +
1.1311 + mech.mechanism = sigRSAMechs[i].mechanism;
1.1312 +
1.1313 + crv = PKM_PubKeySign(pFunctionList, hRwSession,
1.1314 + hRSApubKey, hRSAprivKey,
1.1315 + &mech,
1.1316 + PLAINTEXT, sizeof(PLAINTEXT));
1.1317 + if (crv == CKR_OK) {
1.1318 + PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n",
1.1319 + sigRSAMechs[i].mechanismStr );
1.1320 + } else {
1.1321 + PKM_Error( "PKM_PubKeySign failed for %-10s "
1.1322 + "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1.1323 + PKM_CK_RVtoStr(crv));
1.1324 + return crv;
1.1325 + }
1.1326 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1327 + hRSApubKey, hRSAprivKey,
1.1328 + &mech,
1.1329 + hAESSecKey, &mech_AES_CBC,
1.1330 + PLAINTEXT, sizeof(PLAINTEXT));
1.1331 + if (crv == CKR_OK) {
1.1332 + PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
1.1333 + "for %-10s\n\n",
1.1334 + sigRSAMechs[i].mechanismStr );
1.1335 + } else {
1.1336 + PKM_Error( "PKM_DualFuncSign with AES secret key failed "
1.1337 + "for %-10s "
1.1338 + "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1.1339 + PKM_CK_RVtoStr(crv));
1.1340 + return crv;
1.1341 + }
1.1342 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1343 + hRSApubKey, hRSAprivKey,
1.1344 + &mech,
1.1345 + hDES3SecKey, &mech_DES3_CBC,
1.1346 + PLAINTEXT, sizeof(PLAINTEXT));
1.1347 + if (crv == CKR_OK) {
1.1348 + PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
1.1349 + "for %-10s\n\n",
1.1350 + sigRSAMechs[i].mechanismStr );
1.1351 + } else {
1.1352 + PKM_Error( "PKM_DualFuncSign with DES3 secret key failed "
1.1353 + "for %-10s "
1.1354 + "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1.1355 + PKM_CK_RVtoStr(crv));
1.1356 + return crv;
1.1357 + }
1.1358 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1359 + hRSApubKey, hRSAprivKey,
1.1360 + &mech,
1.1361 + hAESSecKey, &mech_AES_CBC_PAD,
1.1362 + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1.1363 + if (crv == CKR_OK) {
1.1364 + PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD "
1.1365 + "succeeded for %-10s\n\n",
1.1366 + sigRSAMechs[i].mechanismStr );
1.1367 + } else {
1.1368 + PKM_Error( "PKM_DualFuncSign with AES secret key CBC_PAD "
1.1369 + "failed for %-10s "
1.1370 + "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1.1371 + PKM_CK_RVtoStr(crv));
1.1372 + return crv;
1.1373 + }
1.1374 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1375 + hRSApubKey, hRSAprivKey,
1.1376 + &mech,
1.1377 + hDES3SecKey, &mech_DES3_CBC_PAD,
1.1378 + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1.1379 + if (crv == CKR_OK) {
1.1380 + PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD "
1.1381 + "succeeded for %-10s\n\n",
1.1382 + sigRSAMechs[i].mechanismStr );
1.1383 + } else {
1.1384 + PKM_Error( "PKM_DualFuncSign with DES3 secret key CBC_PAD "
1.1385 + "failed for %-10s "
1.1386 + "with 0x%08X, %-26s\n", sigRSAMechs[i].mechanismStr, crv,
1.1387 + PKM_CK_RVtoStr(crv));
1.1388 + return crv;
1.1389 + }
1.1390 +
1.1391 + } /* end of RSA for loop */
1.1392 +
1.1393 + crv = PKM_PubKeySign(pFunctionList, hRwSession,
1.1394 + hDSApubKey, hDSAprivKey,
1.1395 + &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
1.1396 + if (crv == CKR_OK) {
1.1397 + PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n");
1.1398 + } else {
1.1399 + PKM_Error( "PKM_PubKeySign failed "
1.1400 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1401 + return crv;
1.1402 + }
1.1403 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1404 + hDSApubKey, hDSAprivKey,
1.1405 + &dsaWithSha1Mech,
1.1406 + hAESSecKey, &mech_AES_CBC,
1.1407 + PLAINTEXT, sizeof(PLAINTEXT));
1.1408 + if (crv == CKR_OK) {
1.1409 + PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
1.1410 + "for DSAWithSHA1\n\n");
1.1411 + } else {
1.1412 + PKM_Error( "PKM_DualFuncSign with AES secret key failed "
1.1413 + "for DSAWithSHA1 with 0x%08X, %-26s\n",
1.1414 + crv, PKM_CK_RVtoStr(crv));
1.1415 + return crv;
1.1416 + }
1.1417 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1418 + hDSApubKey, hDSAprivKey,
1.1419 + &dsaWithSha1Mech,
1.1420 + hDES3SecKey, &mech_DES3_CBC,
1.1421 + PLAINTEXT, sizeof(PLAINTEXT));
1.1422 + if (crv == CKR_OK) {
1.1423 + PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
1.1424 + "for DSAWithSHA1\n\n");
1.1425 + } else {
1.1426 + PKM_Error( "PKM_DualFuncSign with DES3 secret key failed "
1.1427 + "for DSAWithSHA1 with 0x%08X, %-26s\n",
1.1428 + crv, PKM_CK_RVtoStr(crv));
1.1429 + return crv;
1.1430 + }
1.1431 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1432 + hDSApubKey, hDSAprivKey,
1.1433 + &dsaWithSha1Mech,
1.1434 + hAESSecKey, &mech_AES_CBC_PAD,
1.1435 + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1.1436 + if (crv == CKR_OK) {
1.1437 + PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded "
1.1438 + "for DSAWithSHA1\n\n");
1.1439 + } else {
1.1440 + PKM_Error( "PKM_DualFuncSign with AES secret key CBC_PAD failed "
1.1441 + "for DSAWithSHA1 with 0x%08X, %-26s\n",
1.1442 + crv, PKM_CK_RVtoStr(crv));
1.1443 + return crv;
1.1444 + }
1.1445 + crv = PKM_DualFuncSign(pFunctionList, hRwSession,
1.1446 + hDSApubKey, hDSAprivKey,
1.1447 + &dsaWithSha1Mech,
1.1448 + hDES3SecKey, &mech_DES3_CBC_PAD,
1.1449 + PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
1.1450 + if (crv == CKR_OK) {
1.1451 + PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded "
1.1452 + "for DSAWithSHA1\n\n");
1.1453 + } else {
1.1454 + PKM_Error( "PKM_DualFuncSign with DES3 secret key CBC_PAD failed "
1.1455 + "for DSAWithSHA1 with 0x%08X, %-26s\n",
1.1456 + crv, PKM_CK_RVtoStr(crv));
1.1457 + return crv;
1.1458 + }
1.1459 +
1.1460 +
1.1461 + for (i=0; i < digestMechsSZ; i++) {
1.1462 + mech.mechanism = digestMechs[i].mechanism;
1.1463 + crv = PKM_Digest(pFunctionList, hRwSession,
1.1464 + &mech, hAESSecKey,
1.1465 + PLAINTEXT, sizeof(PLAINTEXT));
1.1466 + if (crv == CKR_OK) {
1.1467 + PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n",
1.1468 + digestMechs[i].mechanismStr);
1.1469 + } else {
1.1470 + PKM_Error( "PKM_Digest with AES secret key failed for "
1.1471 + "%-10s with 0x%08X, %-26s\n",
1.1472 + digestMechs[i].mechanismStr, crv,
1.1473 + PKM_CK_RVtoStr(crv));
1.1474 + return crv;
1.1475 + }
1.1476 + crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
1.1477 + hAESSecKey, &mech_AES_CBC,
1.1478 + 0,&mech,
1.1479 + PLAINTEXT, sizeof(PLAINTEXT));
1.1480 + if (crv == CKR_OK) {
1.1481 + PKM_LogIt("PKM_DualFuncDigest with AES secret key succeeded\n\n");
1.1482 + } else {
1.1483 + PKM_Error( "PKM_DualFuncDigest with AES secret key "
1.1484 + "failed with 0x%08X, %-26s\n", crv,
1.1485 + PKM_CK_RVtoStr(crv));
1.1486 + }
1.1487 +
1.1488 + crv = PKM_Digest(pFunctionList, hRwSession,
1.1489 + &mech, hDES3SecKey,
1.1490 + PLAINTEXT, sizeof(PLAINTEXT));
1.1491 + if (crv == CKR_OK) {
1.1492 + PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n",
1.1493 + digestMechs[i].mechanismStr);
1.1494 + } else {
1.1495 + PKM_Error( "PKM_Digest with DES3 secret key failed for "
1.1496 + "%-10s with 0x%08X, %-26s\n",
1.1497 + digestMechs[i].mechanismStr, crv,
1.1498 + PKM_CK_RVtoStr(crv));
1.1499 + return crv;
1.1500 + }
1.1501 + crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
1.1502 + hDES3SecKey, &mech_DES3_CBC,
1.1503 + 0,&mech,
1.1504 + PLAINTEXT, sizeof(PLAINTEXT));
1.1505 + if (crv == CKR_OK) {
1.1506 + PKM_LogIt("PKM_DualFuncDigest DES3 secret key succeeded\n\n");
1.1507 + } else {
1.1508 + PKM_Error( "PKM_DualFuncDigest DES3 secret key "
1.1509 + "failed with 0x%08X, %-26s\n", crv,
1.1510 + PKM_CK_RVtoStr(crv));
1.1511 + }
1.1512 +
1.1513 + crv = PKM_Digest(pFunctionList, hRwSession,
1.1514 + &mech, 0,
1.1515 + PLAINTEXT, sizeof(PLAINTEXT));
1.1516 + if (crv == CKR_OK) {
1.1517 + PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n",
1.1518 + digestMechs[i].mechanismStr );
1.1519 + } else {
1.1520 + PKM_Error( "PKM_Digest with no secret key failed for %-10s "
1.1521 + "with 0x%08X, %-26s\n", digestMechs[i].mechanismStr, crv,
1.1522 + PKM_CK_RVtoStr(crv));
1.1523 + return crv;
1.1524 + }
1.1525 + } /* end of digest loop */
1.1526 +
1.1527 + for (i=0; i < hmacMechsSZ; i++) {
1.1528 + mech.mechanism = hmacMechs[i].mechanism;
1.1529 + crv = PKM_Hmac(pFunctionList, hRwSession,
1.1530 + hAESSecKey, &mech,
1.1531 + PLAINTEXT, sizeof(PLAINTEXT));
1.1532 + if (crv == CKR_OK) {
1.1533 + PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n",
1.1534 + hmacMechs[i].mechanismStr);
1.1535 + } else {
1.1536 + PKM_Error( "PKM_Hmac with AES secret key failed for %-10s "
1.1537 + "with 0x%08X, %-26s\n",
1.1538 + hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
1.1539 + return crv;
1.1540 + }
1.1541 + if ((MODE == FIPSMODE) && (mech.mechanism == CKM_SHA512_HMAC)) break;
1.1542 + crv = PKM_Hmac(pFunctionList, hRwSession,
1.1543 + hDES3SecKey, &mech,
1.1544 + PLAINTEXT, sizeof(PLAINTEXT));
1.1545 + if (crv == CKR_OK) {
1.1546 + PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n",
1.1547 + hmacMechs[i].mechanismStr);
1.1548 + } else {
1.1549 + PKM_Error( "PKM_Hmac with DES3 secret key failed for %-10s "
1.1550 + "with 0x%08X, %-26s\n",
1.1551 + hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
1.1552 + return crv;
1.1553 + }
1.1554 +
1.1555 + } /* end of hmac loop */
1.1556 +
1.1557 + crv = pFunctionList->C_Logout(hRwSession);
1.1558 + if (crv == CKR_OK) {
1.1559 + PKM_LogIt("C_Logout succeeded\n");
1.1560 + } else {
1.1561 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.1562 + PKM_CK_RVtoStr(crv));
1.1563 + return crv;
1.1564 + }
1.1565 +
1.1566 + crv = pFunctionList->C_CloseSession(hRwSession);
1.1567 + if (crv != CKR_OK) {
1.1568 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.1569 + PKM_CK_RVtoStr(crv));
1.1570 + return crv;
1.1571 + }
1.1572 +
1.1573 + return crv;
1.1574 +
1.1575 +}
1.1576 +
1.1577 +void PKM_LogIt(const char *fmt, ...) {
1.1578 + va_list args;
1.1579 +
1.1580 + if (verbose) {
1.1581 + va_start (args, fmt);
1.1582 + if (MODE == FIPSMODE) {
1.1583 + printf("FIPS MODE: ");
1.1584 + } else if (MODE == NONFIPSMODE) {
1.1585 + printf("NON FIPS MODE: ");
1.1586 + } else if (MODE == HYBRIDMODE) {
1.1587 + printf("Hybrid MODE: ");
1.1588 + }
1.1589 + vprintf(fmt, args);
1.1590 + va_end(args);
1.1591 + }
1.1592 +}
1.1593 +
1.1594 +void PKM_Error(const char *fmt, ...) {
1.1595 + va_list args;
1.1596 + va_start (args, fmt);
1.1597 +
1.1598 + if (MODE == FIPSMODE) {
1.1599 + fprintf(stderr, "\nFIPS MODE PKM_Error: ");
1.1600 + } else if (MODE == NONFIPSMODE) {
1.1601 + fprintf(stderr, "NON FIPS MODE PKM_Error: ");
1.1602 + } else if (MODE == HYBRIDMODE) {
1.1603 + fprintf(stderr, "Hybrid MODE PKM_Error: ");
1.1604 + } else fprintf(stderr, "NOMODE PKM_Error: ");
1.1605 + vfprintf(stderr, fmt, args);
1.1606 + va_end(args);
1.1607 +}
1.1608 +CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
1.1609 + CK_ULONG slotID) {
1.1610 + CK_RV crv = CKR_OK;
1.1611 + CK_SLOT_ID *pSlotList = NULL;
1.1612 + CK_ULONG slotCount;
1.1613 +
1.1614 + NUMTESTS++; /* increment NUMTESTS */
1.1615 +
1.1616 + /* Get slot list */
1.1617 + crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
1.1618 + NULL, &slotCount);
1.1619 + if (crv != CKR_OK) {
1.1620 + PKM_Error( "C_GetSlotList failed with 0x%08X, %-26s\n", crv,
1.1621 + PKM_CK_RVtoStr(crv));
1.1622 + return NULL;
1.1623 + }
1.1624 + PKM_LogIt("C_GetSlotList reported there are %lu slots\n", slotCount);
1.1625 + pSlotList = (CK_SLOT_ID *)malloc(slotCount * sizeof(CK_SLOT_ID));
1.1626 + if (!pSlotList) {
1.1627 + PKM_Error( "failed to allocate slot list\n");
1.1628 + return NULL;
1.1629 + }
1.1630 + crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
1.1631 + pSlotList, &slotCount);
1.1632 + if (crv != CKR_OK) {
1.1633 + PKM_Error( "C_GetSlotList failed with 0x%08X, %-26s\n", crv,
1.1634 + PKM_CK_RVtoStr(crv));
1.1635 + if (pSlotList) free(pSlotList);
1.1636 + return NULL;
1.1637 + }
1.1638 + return pSlotList;
1.1639 +}
1.1640 +
1.1641 +CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
1.1642 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.1643 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.1644 + CK_RV crv = CKR_OK;
1.1645 + CK_SESSION_HANDLE hSession;
1.1646 + static const CK_UTF8CHAR testPin[] = {"0Mozilla"};
1.1647 + static const CK_UTF8CHAR weakPin[] = {"mozilla"};
1.1648 +
1.1649 + crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1.1650 + CKF_RW_SESSION | CKF_SERIAL_SESSION,
1.1651 + NULL, NULL, &hSession);
1.1652 + if (crv != CKR_OK) {
1.1653 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.1654 + PKM_CK_RVtoStr(crv));
1.1655 + return crv;
1.1656 + }
1.1657 + PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
1.1658 +
1.1659 + crv = pFunctionList->C_Login(hSession, CKU_SO, NULL, 0);
1.1660 + if (crv != CKR_OK) {
1.1661 + PKM_Error( "C_Login failed with 0x%08X, %-26s\n", crv,
1.1662 + PKM_CK_RVtoStr(crv));
1.1663 + return crv;
1.1664 + }
1.1665 + if (MODE == FIPSMODE) {
1.1666 + crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *) weakPin,
1.1667 + strlen((char *)weakPin));
1.1668 + if (crv == CKR_OK) {
1.1669 + PKM_Error( "C_InitPIN with a weak password succeeded\n");
1.1670 + return crv;
1.1671 + } else {
1.1672 + PKM_LogIt("C_InitPIN with a weak password failed with "
1.1673 + "0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1674 + }
1.1675 + }
1.1676 + crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *) testPin,
1.1677 + strlen((char *)testPin));
1.1678 + if (crv == CKR_OK) {
1.1679 + PKM_LogIt("C_InitPIN succeeded\n");
1.1680 + } else {
1.1681 + PKM_Error( "C_InitPIN failed with 0x%08X, %-26s\n", crv,
1.1682 + PKM_CK_RVtoStr(crv));
1.1683 + return crv;
1.1684 + }
1.1685 + crv = pFunctionList->C_Logout(hSession);
1.1686 + if (crv != CKR_OK) {
1.1687 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.1688 + PKM_CK_RVtoStr(crv));
1.1689 + return crv;
1.1690 + }
1.1691 + crv = pFunctionList->C_CloseSession(hSession);
1.1692 + if (crv != CKR_OK) {
1.1693 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.1694 + PKM_CK_RVtoStr(crv));
1.1695 + return crv;
1.1696 + }
1.1697 +
1.1698 +
1.1699 + crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1.1700 + CKF_RW_SESSION | CKF_SERIAL_SESSION,
1.1701 + NULL, NULL, &hSession);
1.1702 + if (crv != CKR_OK) {
1.1703 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.1704 + PKM_CK_RVtoStr(crv));
1.1705 + return crv;
1.1706 + }
1.1707 +
1.1708 + PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
1.1709 +
1.1710 + crv = pFunctionList->C_Login(hSession, CKU_USER, (CK_UTF8CHAR *) testPin,
1.1711 + strlen((const char *)testPin));
1.1712 + if (crv != CKR_OK) {
1.1713 + PKM_Error( "C_Login failed with 0x%08X, %-26s\n", crv,
1.1714 + PKM_CK_RVtoStr(crv));
1.1715 + return crv;
1.1716 + }
1.1717 + if (MODE == FIPSMODE) {
1.1718 + crv = pFunctionList->C_SetPIN(
1.1719 + hSession, (CK_UTF8CHAR *) testPin,
1.1720 + strlen((const char *)testPin),
1.1721 + (CK_UTF8CHAR *) weakPin,
1.1722 + strlen((const char *)weakPin));
1.1723 + if (crv == CKR_OK) {
1.1724 + PKM_Error( "C_SetPIN with a weak password succeeded\n");
1.1725 + return crv;
1.1726 + } else {
1.1727 + PKM_LogIt("C_SetPIN with a weak password returned with "
1.1728 + "0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1729 + }
1.1730 + }
1.1731 + crv = pFunctionList->C_SetPIN(
1.1732 + hSession, (CK_UTF8CHAR *) testPin,
1.1733 + strlen((const char *)testPin),
1.1734 + pwd, pwdLen);
1.1735 + if (crv != CKR_OK) {
1.1736 + PKM_Error( "C_CSetPin failed with 0x%08X, %-26s\n", crv,
1.1737 + PKM_CK_RVtoStr(crv));
1.1738 + return crv;
1.1739 + }
1.1740 + crv = pFunctionList->C_Logout(hSession);
1.1741 + if (crv != CKR_OK) {
1.1742 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.1743 + PKM_CK_RVtoStr(crv));
1.1744 + return crv;
1.1745 + }
1.1746 + crv = pFunctionList->C_CloseSession(hSession);
1.1747 + if (crv != CKR_OK) {
1.1748 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.1749 + PKM_CK_RVtoStr(crv));
1.1750 + return crv;
1.1751 + }
1.1752 + return crv;
1.1753 +}
1.1754 +
1.1755 +CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID) {
1.1756 + CK_RV crv = CKR_OK;
1.1757 + CK_INFO info;
1.1758 + CK_SLOT_ID *pSlotList = NULL;
1.1759 + unsigned i;
1.1760 +
1.1761 + CK_SLOT_INFO slotInfo;
1.1762 + CK_TOKEN_INFO tokenInfo;
1.1763 + CK_FLAGS bitflag;
1.1764 +
1.1765 + NUMTESTS++; /* increment NUMTESTS */
1.1766 +
1.1767 +
1.1768 + crv = pFunctionList->C_GetInfo(&info);
1.1769 + if (crv == CKR_OK) {
1.1770 + PKM_LogIt("C_GetInfo succeeded\n");
1.1771 + } else {
1.1772 + PKM_Error( "C_GetInfo failed with 0x%08X, %-26s\n", crv,
1.1773 + PKM_CK_RVtoStr(crv));
1.1774 + return crv;
1.1775 + }
1.1776 + PKM_LogIt("General information about the PKCS #11 library:\n");
1.1777 + PKM_LogIt(" PKCS #11 version: %d.%d\n",
1.1778 + (int)info.cryptokiVersion.major,
1.1779 + (int)info.cryptokiVersion.minor);
1.1780 + PKM_LogIt(" manufacturer ID: %.32s\n", info.manufacturerID);
1.1781 + PKM_LogIt(" flags: 0x%08lX\n", info.flags);
1.1782 + PKM_LogIt(" library description: %.32s\n", info.libraryDescription);
1.1783 + PKM_LogIt(" library version: %d.%d\n",
1.1784 + (int)info.libraryVersion.major, (int)info.libraryVersion.minor);
1.1785 + PKM_LogIt("\n");
1.1786 +
1.1787 + /* Get slot list */
1.1788 + pSlotList = PKM_GetSlotList(pFunctionList, slotID);
1.1789 + if (pSlotList == NULL) {
1.1790 + PKM_Error( "PKM_GetSlotList failed with \n");
1.1791 + return crv;
1.1792 + }
1.1793 + crv = pFunctionList->C_GetSlotInfo(pSlotList[slotID], &slotInfo);
1.1794 + if (crv == CKR_OK) {
1.1795 + PKM_LogIt("C_GetSlotInfo succeeded\n");
1.1796 + } else {
1.1797 + PKM_Error( "C_GetSlotInfo failed with 0x%08X, %-26s\n", crv,
1.1798 + PKM_CK_RVtoStr(crv));
1.1799 + return crv;
1.1800 + }
1.1801 + PKM_LogIt("Information about slot %lu:\n", pSlotList[slotID]);
1.1802 + PKM_LogIt(" slot description: %.64s\n", slotInfo.slotDescription);
1.1803 + PKM_LogIt(" slot manufacturer ID: %.32s\n", slotInfo.manufacturerID);
1.1804 + PKM_LogIt(" flags: 0x%08lX\n", slotInfo.flags);
1.1805 + bitflag = 1;
1.1806 + for (i = 0; i < sizeof(slotFlagName)/sizeof(slotFlagName[0]); i++) {
1.1807 + if (slotInfo.flags & bitflag) {
1.1808 + PKM_LogIt(" %s\n", slotFlagName[i]);
1.1809 + }
1.1810 + bitflag <<= 1;
1.1811 + }
1.1812 + PKM_LogIt(" slot's hardware version number: %d.%d\n",
1.1813 + (int)slotInfo.hardwareVersion.major,
1.1814 + (int)slotInfo.hardwareVersion.minor);
1.1815 + PKM_LogIt(" slot's firmware version number: %d.%d\n",
1.1816 + (int)slotInfo.firmwareVersion.major,
1.1817 + (int)slotInfo.firmwareVersion.minor);
1.1818 + PKM_LogIt("\n");
1.1819 +
1.1820 + crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
1.1821 + if (crv == CKR_OK) {
1.1822 + PKM_LogIt("C_GetTokenInfo succeeded\n");
1.1823 + } else {
1.1824 + PKM_Error( "C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
1.1825 + PKM_CK_RVtoStr(crv));
1.1826 + return crv;
1.1827 + }
1.1828 + PKM_LogIt("Information about the token in slot %lu:\n",
1.1829 + pSlotList[slotID]);
1.1830 + PKM_LogIt(" label: %.32s\n", tokenInfo.label);
1.1831 + PKM_LogIt(" device manufacturer ID: %.32s\n",
1.1832 + tokenInfo.manufacturerID);
1.1833 + PKM_LogIt(" device model: %.16s\n", tokenInfo.model);
1.1834 + PKM_LogIt(" device serial number: %.16s\n", tokenInfo.serialNumber);
1.1835 + PKM_LogIt(" flags: 0x%08lX\n", tokenInfo.flags);
1.1836 + bitflag = 1;
1.1837 + for (i = 0; i < sizeof(tokenFlagName)/sizeof(tokenFlagName[0]); i++) {
1.1838 + if (tokenInfo.flags & bitflag) {
1.1839 + PKM_LogIt(" %s\n", tokenFlagName[i]);
1.1840 + }
1.1841 + bitflag <<= 1;
1.1842 + }
1.1843 + PKM_LogIt(" maximum session count: %lu\n",
1.1844 + tokenInfo.ulMaxSessionCount);
1.1845 + PKM_LogIt(" session count: %lu\n", tokenInfo.ulSessionCount);
1.1846 + PKM_LogIt(" maximum read/write session count: %lu\n",
1.1847 + tokenInfo.ulMaxRwSessionCount);
1.1848 + PKM_LogIt(" read/write session count: %lu\n",
1.1849 + tokenInfo.ulRwSessionCount);
1.1850 + PKM_LogIt(" maximum PIN length: %lu\n", tokenInfo.ulMaxPinLen);
1.1851 + PKM_LogIt(" minimum PIN length: %lu\n", tokenInfo.ulMinPinLen);
1.1852 + PKM_LogIt(" total public memory: %lu\n",
1.1853 + tokenInfo.ulTotalPublicMemory);
1.1854 + PKM_LogIt(" free public memory: %lu\n",
1.1855 + tokenInfo.ulFreePublicMemory);
1.1856 + PKM_LogIt(" total private memory: %lu\n",
1.1857 + tokenInfo.ulTotalPrivateMemory);
1.1858 + PKM_LogIt(" free private memory: %lu\n",
1.1859 + tokenInfo.ulFreePrivateMemory);
1.1860 + PKM_LogIt(" hardware version number: %d.%d\n",
1.1861 + (int)tokenInfo.hardwareVersion.major,
1.1862 + (int)tokenInfo.hardwareVersion.minor);
1.1863 + PKM_LogIt(" firmware version number: %d.%d\n",
1.1864 + (int)tokenInfo.firmwareVersion.major,
1.1865 + (int)tokenInfo.firmwareVersion.minor);
1.1866 + if (tokenInfo.flags & CKF_CLOCK_ON_TOKEN) {
1.1867 + PKM_LogIt(" current time: %.16s\n", tokenInfo.utcTime);
1.1868 + }
1.1869 + PKM_LogIt("PKM_ShowInfo done \n\n");
1.1870 + if (pSlotList) free(pSlotList);
1.1871 + return crv;
1.1872 +}
1.1873 +
1.1874 +/* PKM_HybridMode */
1.1875 +/* The NSS cryptographic module has two modes of operation: FIPS Approved */
1.1876 +/* mode and NONFIPS Approved mode. The two modes of operation are */
1.1877 +/* independent of each other -- they have their own copies of data */
1.1878 +/* structures and they are even allowed to be active at the same time. */
1.1879 +/* The module is FIPS 140-2 compliant only when the NONFIPS mode */
1.1880 +/* is inactive. */
1.1881 +/* PKM_HybridMode demostrates how an application can switch between the */
1.1882 +/* two modes: FIPS Approved mode and NONFIPS mode. */
1.1883 +CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
1.1884 + CK_C_INITIALIZE_ARGS_NSS *initArgs) {
1.1885 +
1.1886 + CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */
1.1887 + CK_FUNCTION_LIST_PTR pC_FunctionList;
1.1888 + CK_SLOT_ID *pC_SlotList = NULL;
1.1889 + CK_ULONG slotID_C = 1;
1.1890 + CK_C_GetFunctionList pFC_GetFunctionList; /* FIPSMode */
1.1891 + CK_FUNCTION_LIST_PTR pFC_FunctionList;
1.1892 + CK_SLOT_ID *pFC_SlotList = NULL;
1.1893 + CK_ULONG slotID_FC = 0;
1.1894 + CK_RV crv = CKR_OK;
1.1895 + CK_SESSION_HANDLE hSession;
1.1896 + int origMode = MODE; /* remember the orginal MODE value */
1.1897 +
1.1898 + NUMTESTS++; /* increment NUMTESTS */
1.1899 + MODE = NONFIPSMODE;
1.1900 +#ifdef _WIN32
1.1901 + /* NON FIPS mode == C_GetFunctionList */
1.1902 + pC_GetFunctionList = (CK_C_GetFunctionList)
1.1903 + GetProcAddress(hModule, "C_GetFunctionList");
1.1904 + if (pC_GetFunctionList == NULL) {
1.1905 + PKM_Error( "cannot load %s\n", LIB_NAME);
1.1906 + return crv;
1.1907 + }
1.1908 +#else
1.1909 + pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
1.1910 + "C_GetFunctionList");
1.1911 + assert(pC_GetFunctionList != NULL);
1.1912 +#endif
1.1913 + PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n",
1.1914 + slotID_C);
1.1915 + crv = (*pC_GetFunctionList)(&pC_FunctionList);
1.1916 + assert(crv == CKR_OK);
1.1917 +
1.1918 + /* invoke C_Initialize as pC_FunctionList->C_Initialize */
1.1919 + crv = pC_FunctionList->C_Initialize(initArgs);
1.1920 + if (crv == CKR_OK) {
1.1921 + PKM_LogIt("C_Initialize succeeded\n");
1.1922 + } else {
1.1923 + PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
1.1924 + PKM_CK_RVtoStr(crv));
1.1925 + return crv;
1.1926 + }
1.1927 +
1.1928 + pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C);
1.1929 + if (pC_SlotList == NULL) {
1.1930 + PKM_Error( "PKM_GetSlotList failed with \n");
1.1931 + return crv;
1.1932 + }
1.1933 + crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C],
1.1934 + CKF_SERIAL_SESSION,
1.1935 + NULL, NULL, &hSession);
1.1936 + if (crv == CKR_OK) {
1.1937 + PKM_LogIt("NONFIPS C_OpenSession succeeded\n");
1.1938 + } else {
1.1939 + PKM_Error( "C_OpenSession failed for NONFIPS token "
1.1940 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1941 + return crv;
1.1942 + }
1.1943 +
1.1944 + crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.1945 + if (crv == CKR_OK) {
1.1946 + PKM_LogIt("able to login in NONFIPS token\n");
1.1947 + } else {
1.1948 + PKM_Error( "Unable to login in to NONFIPS token "
1.1949 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.1950 + return crv;
1.1951 + }
1.1952 +
1.1953 + crv = pC_FunctionList->C_Logout(hSession);
1.1954 + if (crv == CKR_OK) {
1.1955 + PKM_LogIt("C_Logout succeeded\n");
1.1956 + } else {
1.1957 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.1958 + PKM_CK_RVtoStr(crv));
1.1959 + return crv;
1.1960 + }
1.1961 +
1.1962 + PKM_ShowInfo(pC_FunctionList, slotID_C);
1.1963 + MODE = HYBRIDMODE;
1.1964 +
1.1965 + /* Now load the FIPS token */
1.1966 + /* FIPS mode == FC_GetFunctionList */
1.1967 + pFC_GetFunctionList = NULL;
1.1968 +#ifdef _WIN32
1.1969 + pFC_GetFunctionList = (CK_C_GetFunctionList)
1.1970 + GetProcAddress(hModule, "FC_GetFunctionList");
1.1971 +#else
1.1972 + pFC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
1.1973 + "FC_GetFunctionList");
1.1974 + assert(pFC_GetFunctionList != NULL);
1.1975 +#endif
1.1976 +
1.1977 + PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n",
1.1978 + slotID_FC);
1.1979 + PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n");
1.1980 + if (pFC_GetFunctionList == NULL) {
1.1981 + PKM_Error( "unable to load pFC_GetFunctionList\n");
1.1982 + return crv;
1.1983 + }
1.1984 +
1.1985 + crv = (*pFC_GetFunctionList)(&pFC_FunctionList);
1.1986 + assert(crv == CKR_OK);
1.1987 +
1.1988 + /* invoke FC_Initialize as pFunctionList->C_Initialize */
1.1989 + crv = pFC_FunctionList->C_Initialize(initArgs);
1.1990 + if (crv == CKR_OK) {
1.1991 + PKM_LogIt("FC_Initialize succeeded\n");
1.1992 + } else {
1.1993 + PKM_Error( "FC_Initialize failed with 0x%08X, %-26s\n", crv,
1.1994 + PKM_CK_RVtoStr(crv));
1.1995 + return crv;
1.1996 + }
1.1997 + PKM_ShowInfo(pFC_FunctionList, slotID_FC);
1.1998 +
1.1999 + pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC);
1.2000 + if (pFC_SlotList == NULL) {
1.2001 + PKM_Error( "PKM_GetSlotList failed with \n");
1.2002 + return crv;
1.2003 + }
1.2004 +
1.2005 + crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.2006 + if (crv != CKR_OK) {
1.2007 + PKM_LogIt("NONFIPS token cannot log in when FIPS token is loaded\n");
1.2008 + } else {
1.2009 + PKM_Error("Able to login in to NONFIPS token\n");
1.2010 + return crv;
1.2011 + }
1.2012 + crv = pC_FunctionList->C_CloseSession(hSession);
1.2013 + if (crv == CKR_OK) {
1.2014 + PKM_LogIt("NONFIPS pC_CloseSession succeeded\n");
1.2015 + } else {
1.2016 + PKM_Error( "pC_CloseSession failed for NONFIPS token "
1.2017 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2018 + return crv;
1.2019 + }
1.2020 +
1.2021 + PKM_LogIt("The module is FIPS 140-2 compliant\n"
1.2022 + "only when the NONFIPS Approved mode is inactive by \n"
1.2023 + "calling C_Finalize on the NONFIPS token.\n");
1.2024 +
1.2025 +
1.2026 + /* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */
1.2027 + crv = pC_FunctionList->C_Finalize(NULL);
1.2028 + if (crv == CKR_OK) {
1.2029 + PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n");
1.2030 + MODE = FIPSMODE;
1.2031 + } else {
1.2032 + PKM_Error( "C_Finalize of NONFIPS Token failed with "
1.2033 + "0x%08X, %-26s\n", crv,
1.2034 + PKM_CK_RVtoStr(crv));
1.2035 + return crv;
1.2036 + }
1.2037 +
1.2038 + PKM_LogIt("*** In FIPS mode! ***\n");
1.2039 +
1.2040 + /* could do some operations in FIPS MODE */
1.2041 +
1.2042 + crv = pFC_FunctionList->C_Finalize(NULL);
1.2043 + if (crv == CKR_OK) {
1.2044 + PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n");
1.2045 + MODE = NOMODE;
1.2046 + } else {
1.2047 + PKM_Error( "FC_Finalize failed with 0x%08X, %-26s\n", crv,
1.2048 + PKM_CK_RVtoStr(crv));
1.2049 + return crv;
1.2050 + }
1.2051 +
1.2052 + if (pC_SlotList) free(pC_SlotList);
1.2053 + if (pFC_SlotList) free(pFC_SlotList);
1.2054 +
1.2055 + MODE = origMode; /* set the mode back to the orginal Mode value */
1.2056 + PKM_LogIt("PKM_HybridMode test Completed\n\n");
1.2057 + return crv;
1.2058 +}
1.2059 +
1.2060 +CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
1.2061 + CK_SLOT_ID * pSlotList, CK_ULONG slotID) {
1.2062 +
1.2063 + CK_RV crv = CKR_OK;
1.2064 + CK_MECHANISM_TYPE *pMechanismList;
1.2065 + CK_ULONG mechanismCount;
1.2066 + CK_ULONG i;
1.2067 + const char * mechName = NULL;
1.2068 +
1.2069 + NUMTESTS++; /* increment NUMTESTS */
1.2070 +
1.2071 + /* Get the mechanism list */
1.2072 + crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
1.2073 + NULL, &mechanismCount);
1.2074 + if (crv != CKR_OK) {
1.2075 + PKM_Error( "C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
1.2076 + PKM_CK_RVtoStr(crv));
1.2077 + return crv;
1.2078 + }
1.2079 + PKM_LogIt("C_GetMechanismList reported there are %lu mechanisms\n",
1.2080 + mechanismCount);
1.2081 + pMechanismList = (CK_MECHANISM_TYPE *)
1.2082 + malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE));
1.2083 + if (!pMechanismList) {
1.2084 + PKM_Error( "failed to allocate mechanism list\n");
1.2085 + return crv;
1.2086 + }
1.2087 + crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
1.2088 + pMechanismList, &mechanismCount);
1.2089 + if (crv != CKR_OK) {
1.2090 + PKM_Error( "C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
1.2091 + PKM_CK_RVtoStr(crv));
1.2092 + return crv;
1.2093 + }
1.2094 + PKM_LogIt("C_GetMechanismList returned the mechanism types:\n");
1.2095 + if (verbose) {
1.2096 + for (i = 1; i <= mechanismCount; i++) {
1.2097 + mechName = getName(pMechanismList[(i-1)], ConstMechanism);
1.2098 +
1.2099 + /* output two mechanism name on each line */
1.2100 + /* currently the longest known mechansim name length is 37 */
1.2101 + if (mechName) {
1.2102 + printf("%-40s",mechName);
1.2103 + } else {
1.2104 + printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]);
1.2105 + }
1.2106 + if ((i != 0) && ((i % 2) == 0 )) printf("\n");
1.2107 + }
1.2108 + printf("\n\n");
1.2109 + }
1.2110 +
1.2111 + for ( i = 0; i < mechanismCount; i++ ) {
1.2112 + CK_MECHANISM_INFO minfo;
1.2113 +
1.2114 + memset(&minfo, 0, sizeof(CK_MECHANISM_INFO));
1.2115 + crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotID],
1.2116 + pMechanismList[i], &minfo);
1.2117 + if ( CKR_OK != crv ) {
1.2118 + PKM_Error( "C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n",
1.2119 + pSlotList[slotID], pMechanismList[i], crv,
1.2120 + PKM_CK_RVtoStr(crv));
1.2121 + return crv;
1.2122 + }
1.2123 +
1.2124 + mechName = getName(pMechanismList[i], ConstMechanism);
1.2125 + if (!mechName) mechName = "Unknown mechanism";
1.2126 + PKM_LogIt( " [%lu]: CK_MECHANISM_TYPE = %s 0x%08lX\n", (i+1),
1.2127 + mechName,
1.2128 + pMechanismList[i]);
1.2129 + PKM_LogIt( " ulMinKeySize = %lu\n", minfo.ulMinKeySize);
1.2130 + PKM_LogIt( " ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
1.2131 + PKM_LogIt( " flags = 0x%08x\n", minfo.flags);
1.2132 + PKM_LogIt( " -> HW = %s\n", minfo.flags & CKF_HW ?
1.2133 + "TRUE" : "FALSE");
1.2134 + PKM_LogIt( " -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ?
1.2135 + "TRUE" : "FALSE");
1.2136 + PKM_LogIt( " -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ?
1.2137 + "TRUE" : "FALSE");
1.2138 + PKM_LogIt( " -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ?
1.2139 + "TRUE" : "FALSE");
1.2140 + PKM_LogIt( " -> SIGN = %s\n", minfo.flags & CKF_SIGN ?
1.2141 + "TRUE" : "FALSE");
1.2142 + PKM_LogIt( " -> SIGN_RECOVER = %s\n", minfo.flags &
1.2143 + CKF_SIGN_RECOVER ? "TRUE" : "FALSE");
1.2144 + PKM_LogIt( " -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ?
1.2145 + "TRUE" : "FALSE");
1.2146 + PKM_LogIt( " -> VERIFY_RECOVER = %s\n",
1.2147 + minfo.flags & CKF_VERIFY_RECOVER ? "TRUE" : "FALSE");
1.2148 + PKM_LogIt( " -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ?
1.2149 + "TRUE" : "FALSE");
1.2150 + PKM_LogIt( " -> GENERATE_KEY_PAIR = %s\n",
1.2151 + minfo.flags & CKF_GENERATE_KEY_PAIR ? "TRUE" : "FALSE");
1.2152 + PKM_LogIt( " -> WRAP = %s\n", minfo.flags & CKF_WRAP ?
1.2153 + "TRUE" : "FALSE");
1.2154 + PKM_LogIt( " -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ?
1.2155 + "TRUE" : "FALSE");
1.2156 + PKM_LogIt( " -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ?
1.2157 + "TRUE" : "FALSE");
1.2158 + PKM_LogIt( " -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ?
1.2159 + "TRUE" : "FALSE");
1.2160 +
1.2161 + PKM_LogIt( "\n");
1.2162 + }
1.2163 +
1.2164 +
1.2165 + return crv;
1.2166 +
1.2167 +}
1.2168 +
1.2169 +CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID * pSlotList,
1.2170 + CK_ULONG slotID) {
1.2171 + CK_SESSION_HANDLE hSession;
1.2172 + CK_RV crv = CKR_OK;
1.2173 + CK_BYTE randomData[16];
1.2174 + CK_BYTE seed[] = {0x01, 0x03, 0x35, 0x55, 0xFF};
1.2175 +
1.2176 + NUMTESTS++; /* increment NUMTESTS */
1.2177 +
1.2178 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.2179 + NULL, NULL, &hSession);
1.2180 + if (crv != CKR_OK) {
1.2181 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.2182 + PKM_CK_RVtoStr(crv));
1.2183 + return crv;
1.2184 + }
1.2185 +
1.2186 + crv = pFunctionList->C_GenerateRandom(hSession,
1.2187 + randomData, sizeof randomData);
1.2188 + if (crv == CKR_OK) {
1.2189 + PKM_LogIt("C_GenerateRandom without login succeeded\n");
1.2190 + } else {
1.2191 + PKM_Error( "C_GenerateRandom without login failed "
1.2192 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2193 + return crv;
1.2194 + }
1.2195 + crv = pFunctionList->C_SeedRandom(hSession, seed, sizeof(seed));
1.2196 + if (crv == CKR_OK) {
1.2197 + PKM_LogIt("C_SeedRandom without login succeeded\n");
1.2198 + } else {
1.2199 + PKM_Error( "C_SeedRandom without login failed "
1.2200 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2201 + return crv;
1.2202 + }
1.2203 + crv = pFunctionList->C_GenerateRandom(hSession,
1.2204 + randomData, sizeof randomData);
1.2205 + if (crv == CKR_OK) {
1.2206 + PKM_LogIt("C_GenerateRandom without login succeeded\n");
1.2207 + } else {
1.2208 + PKM_Error( "C_GenerateRandom without login failed "
1.2209 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2210 + return crv;
1.2211 + }
1.2212 + crv = pFunctionList->C_CloseSession(hSession);
1.2213 + if (crv != CKR_OK) {
1.2214 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.2215 + PKM_CK_RVtoStr(crv));
1.2216 + return crv;
1.2217 + }
1.2218 +
1.2219 + return crv;
1.2220 +
1.2221 +}
1.2222 +
1.2223 +CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
1.2224 + CK_SLOT_ID *pSlotList, CK_ULONG slotID,
1.2225 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.2226 + CK_SESSION_HANDLE hSession;
1.2227 + CK_RV crv = CKR_OK;
1.2228 +
1.2229 + NUMTESTS++; /* increment NUMTESTS */
1.2230 +
1.2231 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.2232 + NULL, NULL, &hSession);
1.2233 + if (crv != CKR_OK) {
1.2234 + PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.2235 + PKM_CK_RVtoStr(crv));
1.2236 + return crv;
1.2237 + }
1.2238 +
1.2239 + crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)
1.2240 + "netscape", 8);
1.2241 + if (crv == CKR_OK) {
1.2242 + PKM_Error("C_Login with wrong password succeeded\n");
1.2243 + return CKR_FUNCTION_FAILED;
1.2244 + } else {
1.2245 + PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
1.2246 + "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
1.2247 + }
1.2248 + crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)
1.2249 + "red hat", 7);
1.2250 + if (crv == CKR_OK) {
1.2251 + PKM_Error("C_Login with wrong password succeeded\n");
1.2252 + return CKR_FUNCTION_FAILED;
1.2253 + } else {
1.2254 + PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
1.2255 + "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
1.2256 + }
1.2257 + crv = pFunctionList->C_Login(hSession, CKU_USER,
1.2258 + (unsigned char *) "sun", 3);
1.2259 + if (crv == CKR_OK) {
1.2260 + PKM_Error("C_Login with wrong password succeeded\n");
1.2261 + return CKR_FUNCTION_FAILED;
1.2262 + } else {
1.2263 + PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
1.2264 + "%-26s.\n ", crv, PKM_CK_RVtoStr(crv));
1.2265 + }
1.2266 + crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.2267 + if (crv == CKR_OK) {
1.2268 + PKM_LogIt("C_Login with correct password succeeded\n");
1.2269 + } else {
1.2270 + PKM_Error("C_Login with correct password failed "
1.2271 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2272 + return crv;
1.2273 + }
1.2274 +
1.2275 + crv = pFunctionList->C_Logout(hSession);
1.2276 + if (crv == CKR_OK) {
1.2277 + PKM_LogIt("C_Logout succeeded\n");
1.2278 + } else {
1.2279 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.2280 + PKM_CK_RVtoStr(crv));
1.2281 + return crv;
1.2282 + }
1.2283 +
1.2284 + crv = pFunctionList->C_CloseSession(hSession);
1.2285 + if (crv != CKR_OK) {
1.2286 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.2287 + PKM_CK_RVtoStr(crv));
1.2288 + return crv;
1.2289 + }
1.2290 +
1.2291 + return crv;
1.2292 +
1.2293 +}
1.2294 +
1.2295 +/*
1.2296 +* PKM_LegacyFunctions
1.2297 +*
1.2298 +* Legacyfunctions exist only for backwards compatibility.
1.2299 +* C_GetFunctionStatus and C_CancelFunction functions were
1.2300 +* meant for managing parallel execution of cryptographic functions.
1.2301 +*
1.2302 +* C_GetFunctionStatus is a legacy function which should simply return
1.2303 +* the value CKR_FUNCTION_NOT_PARALLEL.
1.2304 +*
1.2305 +* C_CancelFunction is a legacy function which should simply return the
1.2306 +* value CKR_FUNCTION_NOT_PARALLEL.
1.2307 +*
1.2308 +*/
1.2309 +CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
1.2310 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.2311 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.2312 + CK_SESSION_HANDLE hSession;
1.2313 + CK_RV crv = CKR_OK;
1.2314 + NUMTESTS++; /* increment NUMTESTS */
1.2315 +
1.2316 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.2317 + NULL, NULL, &hSession);
1.2318 + if (crv != CKR_OK) {
1.2319 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.2320 + PKM_CK_RVtoStr(crv));
1.2321 + return crv;
1.2322 + }
1.2323 +
1.2324 + crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.2325 + if (crv == CKR_OK) {
1.2326 + PKM_LogIt("C_Login with correct password succeeded\n");
1.2327 + } else {
1.2328 + PKM_Error( "C_Login with correct password failed "
1.2329 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2330 + return crv;
1.2331 + }
1.2332 +
1.2333 + crv = pFunctionList->C_GetFunctionStatus(hSession);
1.2334 + if (crv == CKR_FUNCTION_NOT_PARALLEL) {
1.2335 + PKM_LogIt("C_GetFunctionStatus correctly"
1.2336 + "returned CKR_FUNCTION_NOT_PARALLEL \n");
1.2337 + } else {
1.2338 + PKM_Error( "C_GetFunctionStatus failed "
1.2339 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2340 + return crv;
1.2341 + }
1.2342 +
1.2343 + crv = pFunctionList->C_CancelFunction(hSession);
1.2344 + if (crv == CKR_FUNCTION_NOT_PARALLEL) {
1.2345 + PKM_LogIt("C_CancelFunction correctly "
1.2346 + "returned CKR_FUNCTION_NOT_PARALLEL \n");
1.2347 + } else {
1.2348 + PKM_Error( "C_CancelFunction failed "
1.2349 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2350 + return crv;
1.2351 + }
1.2352 +
1.2353 + crv = pFunctionList->C_Logout(hSession);
1.2354 + if (crv == CKR_OK) {
1.2355 + PKM_LogIt("C_Logout succeeded\n");
1.2356 + } else {
1.2357 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.2358 + PKM_CK_RVtoStr(crv));
1.2359 + return crv;
1.2360 + }
1.2361 +
1.2362 + crv = pFunctionList->C_CloseSession(hSession);
1.2363 + if (crv != CKR_OK) {
1.2364 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.2365 + PKM_CK_RVtoStr(crv));
1.2366 + return crv;
1.2367 + }
1.2368 +
1.2369 + return crv;
1.2370 +
1.2371 +}
1.2372 +
1.2373 +/*
1.2374 +* PKM_DualFuncDigest - demostrates the Dual-function
1.2375 +* cryptograpic functions:
1.2376 +*
1.2377 +* C_DigestEncryptUpdate - multi-part Digest and Encrypt
1.2378 +* C_DecryptDigestUpdate - multi-part Decrypt and Digest
1.2379 +*
1.2380 +*
1.2381 +*/
1.2382 +
1.2383 +CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
1.2384 + CK_SESSION_HANDLE hSession,
1.2385 + CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
1.2386 + CK_OBJECT_HANDLE hSecKeyDigest,
1.2387 + CK_MECHANISM *digestMech,
1.2388 + const CK_BYTE * pData, CK_ULONG pDataLen) {
1.2389 + CK_RV crv = CKR_OK;
1.2390 + CK_BYTE eDigest[MAX_DIGEST_SZ];
1.2391 + CK_BYTE dDigest[MAX_DIGEST_SZ];
1.2392 + CK_ULONG ulDigestLen;
1.2393 + CK_BYTE ciphertext[MAX_CIPHER_SZ];
1.2394 + CK_ULONG ciphertextLen, lastLen;
1.2395 + CK_BYTE plaintext[MAX_DATA_SZ];
1.2396 + CK_ULONG plaintextLen;
1.2397 + unsigned int i;
1.2398 +
1.2399 + memset(eDigest, 0, sizeof(eDigest));
1.2400 + memset(dDigest, 0, sizeof(dDigest));
1.2401 + memset(ciphertext, 0, sizeof(ciphertext));
1.2402 + memset(plaintext, 0, sizeof(plaintext));
1.2403 +
1.2404 + NUMTESTS++; /* increment NUMTESTS */
1.2405 +
1.2406 + /*
1.2407 + * First init the Digest and Ecrypt operations
1.2408 + */
1.2409 + crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSecKey);
1.2410 + if (crv != CKR_OK) {
1.2411 + PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
1.2412 + PKM_CK_RVtoStr(crv));
1.2413 + return crv;
1.2414 + }
1.2415 + crv = pFunctionList->C_DigestInit(hSession, digestMech);
1.2416 + if (crv != CKR_OK) {
1.2417 + PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
1.2418 + PKM_CK_RVtoStr(crv));
1.2419 + return crv;
1.2420 + }
1.2421 +
1.2422 + ciphertextLen = sizeof(ciphertext);
1.2423 + crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE * ) pData,
1.2424 + pDataLen,
1.2425 + ciphertext, &ciphertextLen);
1.2426 + if (crv != CKR_OK) {
1.2427 + PKM_Error( "C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv,
1.2428 + PKM_CK_RVtoStr(crv));
1.2429 + return crv;
1.2430 + }
1.2431 +
1.2432 + ulDigestLen = sizeof(eDigest);
1.2433 + crv = pFunctionList->C_DigestFinal(hSession, eDigest, &ulDigestLen);
1.2434 + if (crv != CKR_OK) {
1.2435 + PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
1.2436 + PKM_CK_RVtoStr(crv));
1.2437 + return crv;
1.2438 + }
1.2439 +
1.2440 +
1.2441 + /* get the last piece of ciphertext (length should be 0 */
1.2442 + lastLen = sizeof(ciphertext) - ciphertextLen;
1.2443 + crv = pFunctionList->C_EncryptFinal(hSession,
1.2444 + (CK_BYTE * )&ciphertext[ciphertextLen],
1.2445 + &lastLen);
1.2446 + if (crv != CKR_OK) {
1.2447 + PKM_Error( "C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
1.2448 + PKM_CK_RVtoStr(crv));
1.2449 + return crv;
1.2450 + }
1.2451 + ciphertextLen = ciphertextLen + lastLen;
1.2452 + if (verbose) {
1.2453 + printf("ciphertext = ");
1.2454 + for (i = 0; i < ciphertextLen; i++) {
1.2455 + printf("%02x", (unsigned)ciphertext[i]);
1.2456 + }
1.2457 + printf("\n");
1.2458 + printf("eDigest = ");
1.2459 + for (i = 0; i < ulDigestLen; i++) {
1.2460 + printf("%02x", (unsigned)eDigest[i]);
1.2461 + }
1.2462 + printf("\n");
1.2463 + }
1.2464 +
1.2465 + /* Decrypt the text */
1.2466 + crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSecKey);
1.2467 + if (crv != CKR_OK) {
1.2468 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2469 + PKM_CK_RVtoStr(crv));
1.2470 + return crv;
1.2471 + }
1.2472 + crv = pFunctionList->C_DigestInit(hSession, digestMech);
1.2473 + if (crv != CKR_OK) {
1.2474 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2475 + PKM_CK_RVtoStr(crv));
1.2476 + return crv;
1.2477 + }
1.2478 +
1.2479 + plaintextLen = sizeof(plaintext);
1.2480 + crv = pFunctionList->C_DecryptDigestUpdate(hSession, ciphertext,
1.2481 + ciphertextLen,
1.2482 + plaintext,
1.2483 + &plaintextLen);
1.2484 + if (crv != CKR_OK) {
1.2485 + PKM_Error( "C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv,
1.2486 + PKM_CK_RVtoStr(crv));
1.2487 + return crv;
1.2488 + }
1.2489 + lastLen = sizeof(plaintext) - plaintextLen;
1.2490 +
1.2491 + crv = pFunctionList->C_DecryptFinal(hSession,
1.2492 + (CK_BYTE * )&plaintext[plaintextLen],
1.2493 + &lastLen);
1.2494 + if (crv != CKR_OK) {
1.2495 + PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
1.2496 + PKM_CK_RVtoStr(crv));
1.2497 + return crv;
1.2498 + }
1.2499 + plaintextLen = plaintextLen + lastLen;
1.2500 +
1.2501 + ulDigestLen = sizeof(dDigest);
1.2502 + crv = pFunctionList->C_DigestFinal(hSession, dDigest, &ulDigestLen);
1.2503 + if (crv != CKR_OK) {
1.2504 + PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
1.2505 + PKM_CK_RVtoStr(crv));
1.2506 + return crv;
1.2507 + }
1.2508 +
1.2509 + if (plaintextLen != pDataLen) {
1.2510 + PKM_Error( "plaintextLen is %lu\n", plaintextLen);
1.2511 + return crv;
1.2512 + }
1.2513 +
1.2514 + if (verbose) {
1.2515 + printf("plaintext = ");
1.2516 + for (i = 0; i < plaintextLen; i++) {
1.2517 + printf("%02x", (unsigned)plaintext[i]);
1.2518 + }
1.2519 + printf("\n");
1.2520 + printf("dDigest = ");
1.2521 + for (i = 0; i < ulDigestLen; i++) {
1.2522 + printf("%02x", (unsigned)dDigest[i]);
1.2523 + }
1.2524 + printf("\n");
1.2525 + }
1.2526 +
1.2527 + if (memcmp(eDigest, dDigest, ulDigestLen) == 0) {
1.2528 + PKM_LogIt("Encrypted Digest equals Decrypted Digest\n");
1.2529 + } else {
1.2530 + PKM_Error( "Digests don't match\n");
1.2531 + }
1.2532 +
1.2533 + if ((plaintextLen == pDataLen) &&
1.2534 + (memcmp(plaintext, pData, pDataLen)) == 0) {
1.2535 + PKM_LogIt("DualFuncDigest decrypt test case passed\n");
1.2536 + } else {
1.2537 + PKM_Error( "DualFuncDigest derypt test case failed\n");
1.2538 + }
1.2539 +
1.2540 + return crv;
1.2541 +
1.2542 +}
1.2543 +
1.2544 +/*
1.2545 +* PKM_SecKeyCrypt - Symmetric key encrypt/decyprt
1.2546 +*
1.2547 +*/
1.2548 +
1.2549 +CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
1.2550 + CK_SESSION_HANDLE hSession,
1.2551 + CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
1.2552 + const CK_BYTE * pData, CK_ULONG dataLen) {
1.2553 + CK_RV crv = CKR_OK;
1.2554 +
1.2555 + CK_BYTE cipher1[MAX_CIPHER_SZ];
1.2556 + CK_BYTE cipher2[MAX_CIPHER_SZ];
1.2557 + CK_BYTE data1[MAX_DATA_SZ];
1.2558 + CK_BYTE data2[MAX_DATA_SZ];
1.2559 + CK_ULONG cipher1Len =0, cipher2Len =0, lastLen =0;
1.2560 + CK_ULONG data1Len =0, data2Len =0;
1.2561 +
1.2562 + NUMTESTS++; /* increment NUMTESTS */
1.2563 +
1.2564 + memset(cipher1, 0, sizeof(cipher1));
1.2565 + memset(cipher2, 0, sizeof(cipher2));
1.2566 + memset(data1, 0, sizeof(data1));
1.2567 + memset(data2, 0, sizeof(data2));
1.2568 +
1.2569 + /* C_Encrypt */
1.2570 + crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
1.2571 + if (crv != CKR_OK) {
1.2572 + PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
1.2573 + PKM_CK_RVtoStr(crv));
1.2574 + return crv;
1.2575 + }
1.2576 + cipher1Len = sizeof(cipher1);
1.2577 + crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE * ) pData, dataLen,
1.2578 + cipher1, &cipher1Len);
1.2579 + if (crv != CKR_OK) {
1.2580 + PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
1.2581 + PKM_CK_RVtoStr(crv));
1.2582 + return crv;
1.2583 + }
1.2584 +
1.2585 + /* C_EncryptUpdate */
1.2586 + crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
1.2587 + if (crv != CKR_OK) {
1.2588 + PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
1.2589 + PKM_CK_RVtoStr(crv));
1.2590 + return crv;
1.2591 + }
1.2592 + cipher2Len = sizeof(cipher2);
1.2593 + crv = pFunctionList->C_EncryptUpdate (hSession, (CK_BYTE * ) pData,
1.2594 + dataLen,
1.2595 + cipher2, &cipher2Len);
1.2596 + if (crv != CKR_OK) {
1.2597 + PKM_Error( "C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
1.2598 + PKM_CK_RVtoStr(crv));
1.2599 + return crv;
1.2600 + }
1.2601 + lastLen = sizeof(cipher2) - cipher2Len;
1.2602 +
1.2603 + crv = pFunctionList->C_EncryptFinal(hSession,
1.2604 + (CK_BYTE * )&cipher2[cipher2Len],
1.2605 + &lastLen);
1.2606 + cipher2Len = cipher2Len + lastLen;
1.2607 +
1.2608 + if ( (cipher1Len == cipher2Len) &&
1.2609 + (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0) ) {
1.2610 + PKM_LogIt("encrypt test case passed\n");
1.2611 + } else {
1.2612 + PKM_Error( "encrypt test case failed\n");
1.2613 + return CKR_GENERAL_ERROR;
1.2614 + }
1.2615 +
1.2616 + /* C_Decrypt */
1.2617 + crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
1.2618 + if (crv != CKR_OK) {
1.2619 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2620 + PKM_CK_RVtoStr(crv));
1.2621 + return crv;
1.2622 + }
1.2623 + data1Len = sizeof(data1);
1.2624 + crv = pFunctionList->C_Decrypt(hSession, cipher1, cipher1Len,
1.2625 + data1, &data1Len);
1.2626 + if (crv != CKR_OK) {
1.2627 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2628 + PKM_CK_RVtoStr(crv));
1.2629 + return crv;
1.2630 + }
1.2631 + /* now use C_DecryptUpdate the text */
1.2632 + crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
1.2633 + if (crv != CKR_OK) {
1.2634 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2635 + PKM_CK_RVtoStr(crv));
1.2636 + return crv;
1.2637 + }
1.2638 + data2Len = sizeof(data2);
1.2639 + crv = pFunctionList->C_DecryptUpdate(hSession, cipher2,
1.2640 + cipher2Len,
1.2641 + data2, &data2Len);
1.2642 + if (crv != CKR_OK) {
1.2643 + PKM_Error( "C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
1.2644 + PKM_CK_RVtoStr(crv));
1.2645 + return crv;
1.2646 + }
1.2647 + lastLen = sizeof(data2) - data2Len;
1.2648 + crv = pFunctionList->C_DecryptFinal(hSession,
1.2649 + (CK_BYTE * )&data2[data2Len],
1.2650 + &lastLen);
1.2651 + if (crv != CKR_OK) {
1.2652 + PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
1.2653 + PKM_CK_RVtoStr(crv));
1.2654 + return crv;
1.2655 + }
1.2656 + data2Len = data2Len + lastLen;
1.2657 +
1.2658 +
1.2659 + /* Comparison of Decrypt data */
1.2660 +
1.2661 + if ( (data1Len == data2Len) && (dataLen == data1Len) &&
1.2662 + (memcmp(data1, pData, dataLen) == 0) &&
1.2663 + (memcmp(data2, pData, dataLen) == 0) ) {
1.2664 + PKM_LogIt("decrypt test case passed\n");
1.2665 + } else {
1.2666 + PKM_Error( "derypt test case failed\n");
1.2667 + }
1.2668 +
1.2669 + return crv;
1.2670 +
1.2671 +}
1.2672 +
1.2673 +
1.2674 +CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
1.2675 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.2676 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.2677 + CK_SESSION_HANDLE hSession;
1.2678 + CK_RV crv = CKR_OK;
1.2679 + CK_MECHANISM sAESKeyMech = {
1.2680 + CKM_AES_KEY_GEN, NULL, 0
1.2681 + };
1.2682 + CK_OBJECT_CLASS class = CKO_SECRET_KEY;
1.2683 + CK_KEY_TYPE keyAESType = CKK_AES;
1.2684 + CK_UTF8CHAR AESlabel[] = "An AES secret key object";
1.2685 + CK_ULONG AESvalueLen = 16;
1.2686 + CK_ATTRIBUTE sAESKeyTemplate[9];
1.2687 + CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
1.2688 +
1.2689 + CK_BYTE KEY[16];
1.2690 + CK_BYTE IV[16];
1.2691 + static const CK_BYTE CIPHERTEXT[] = {
1.2692 + 0x7e,0x6a,0x3f,0x3b,0x39,0x3c,0xf2,0x4b,
1.2693 + 0xce,0xcc,0x23,0x6d,0x80,0xfd,0xe0,0xff
1.2694 + };
1.2695 + CK_BYTE ciphertext[64];
1.2696 + CK_BYTE ciphertext2[64];
1.2697 + CK_ULONG ciphertextLen, ciphertext2Len, lastLen;
1.2698 + CK_BYTE plaintext[32];
1.2699 + CK_BYTE plaintext2[32];
1.2700 + CK_ULONG plaintextLen, plaintext2Len;
1.2701 + CK_BYTE wrappedKey[16];
1.2702 + CK_ULONG wrappedKeyLen;
1.2703 + CK_MECHANISM aesEcbMech = {
1.2704 + CKM_AES_ECB, NULL, 0
1.2705 + };
1.2706 + CK_OBJECT_HANDLE hTestKey;
1.2707 + CK_MECHANISM mech_AES_CBC;
1.2708 +
1.2709 + NUMTESTS++; /* increment NUMTESTS */
1.2710 +
1.2711 + memset(ciphertext, 0, sizeof(ciphertext));
1.2712 + memset(ciphertext2, 0, sizeof(ciphertext2));
1.2713 + memset(IV, 0x00, sizeof(IV));
1.2714 + memset(KEY, 0x00, sizeof(KEY));
1.2715 +
1.2716 + mech_AES_CBC.mechanism = CKM_AES_CBC;
1.2717 + mech_AES_CBC.pParameter = IV;
1.2718 + mech_AES_CBC.ulParameterLen = sizeof(IV);
1.2719 +
1.2720 + /* AES key template */
1.2721 + sAESKeyTemplate[0].type = CKA_CLASS;
1.2722 + sAESKeyTemplate[0].pValue = &class;
1.2723 + sAESKeyTemplate[0].ulValueLen = sizeof(class);
1.2724 + sAESKeyTemplate[1].type = CKA_KEY_TYPE;
1.2725 + sAESKeyTemplate[1].pValue = &keyAESType;
1.2726 + sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
1.2727 + sAESKeyTemplate[2].type = CKA_LABEL;
1.2728 + sAESKeyTemplate[2].pValue = AESlabel;
1.2729 + sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
1.2730 + sAESKeyTemplate[3].type = CKA_ENCRYPT;
1.2731 + sAESKeyTemplate[3].pValue = &true;
1.2732 + sAESKeyTemplate[3].ulValueLen = sizeof(true);
1.2733 + sAESKeyTemplate[4].type = CKA_DECRYPT;
1.2734 + sAESKeyTemplate[4].pValue = &true;
1.2735 + sAESKeyTemplate[4].ulValueLen = sizeof(true);
1.2736 + sAESKeyTemplate[5].type = CKA_SIGN;
1.2737 + sAESKeyTemplate[5].pValue = &true;
1.2738 + sAESKeyTemplate[5].ulValueLen = sizeof (true);
1.2739 + sAESKeyTemplate[6].type = CKA_VERIFY;
1.2740 + sAESKeyTemplate[6].pValue = &true;
1.2741 + sAESKeyTemplate[6].ulValueLen = sizeof(true);
1.2742 + sAESKeyTemplate[7].type = CKA_UNWRAP;
1.2743 + sAESKeyTemplate[7].pValue = &true;
1.2744 + sAESKeyTemplate[7].ulValueLen = sizeof(true);
1.2745 + sAESKeyTemplate[8].type = CKA_VALUE_LEN;
1.2746 + sAESKeyTemplate[8].pValue = &AESvalueLen;
1.2747 + sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
1.2748 +
1.2749 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.2750 + NULL, NULL, &hSession);
1.2751 + if (crv != CKR_OK) {
1.2752 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.2753 + PKM_CK_RVtoStr(crv));
1.2754 + return crv;
1.2755 + }
1.2756 +
1.2757 + crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.2758 + if (crv == CKR_OK) {
1.2759 + PKM_LogIt("C_Login with correct password succeeded\n");
1.2760 + } else {
1.2761 + PKM_Error( "C_Login with correct password failed "
1.2762 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.2763 + return crv;
1.2764 + }
1.2765 +
1.2766 + PKM_LogIt("Generate an AES key ... \n");
1.2767 + /* generate an AES Secret Key */
1.2768 + crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
1.2769 + sAESKeyTemplate,
1.2770 + NUM_ELEM(sAESKeyTemplate),
1.2771 + &hKey);
1.2772 + if (crv == CKR_OK) {
1.2773 + PKM_LogIt("C_GenerateKey AES succeeded\n");
1.2774 + } else {
1.2775 + PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
1.2776 + crv, PKM_CK_RVtoStr(crv));
1.2777 + return crv;
1.2778 + }
1.2779 +
1.2780 + crv = pFunctionList->C_EncryptInit(hSession, &aesEcbMech, hKey);
1.2781 + if (crv != CKR_OK) {
1.2782 + PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
1.2783 + PKM_CK_RVtoStr(crv));
1.2784 + return crv;
1.2785 + }
1.2786 + wrappedKeyLen = sizeof(wrappedKey);
1.2787 + crv = pFunctionList->C_Encrypt(hSession, KEY, sizeof(KEY),
1.2788 + wrappedKey, &wrappedKeyLen);
1.2789 + if (crv != CKR_OK) {
1.2790 + PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
1.2791 + PKM_CK_RVtoStr(crv));
1.2792 + return crv;
1.2793 + }
1.2794 + if (wrappedKeyLen != sizeof(wrappedKey)) {
1.2795 + PKM_Error( "wrappedKeyLen is %lu\n", wrappedKeyLen);
1.2796 + return crv;
1.2797 + }
1.2798 + /* Import an encrypted key */
1.2799 + crv = pFunctionList->C_UnwrapKey(hSession, &aesEcbMech, hKey,
1.2800 + wrappedKey, wrappedKeyLen,
1.2801 + sAESKeyTemplate,
1.2802 + NUM_ELEM(sAESKeyTemplate),
1.2803 + &hTestKey);
1.2804 + if (crv != CKR_OK) {
1.2805 + PKM_Error( "C_UnwraPKey failed with 0x%08X, %-26s\n", crv,
1.2806 + PKM_CK_RVtoStr(crv));
1.2807 + return crv;
1.2808 + }
1.2809 + /* AES Encrypt the text */
1.2810 + crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
1.2811 + if (crv != CKR_OK) {
1.2812 + PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
1.2813 + PKM_CK_RVtoStr(crv));
1.2814 + return crv;
1.2815 + }
1.2816 + ciphertextLen = sizeof(ciphertext);
1.2817 + crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *) PLAINTEXT,
1.2818 + sizeof(PLAINTEXT),
1.2819 + ciphertext, &ciphertextLen);
1.2820 + if (crv != CKR_OK) {
1.2821 + PKM_Error( "C_Encrypt failed with 0x%08X, %-26s\n", crv,
1.2822 + PKM_CK_RVtoStr(crv));
1.2823 + return crv;
1.2824 + }
1.2825 +
1.2826 + if ( (ciphertextLen == sizeof(CIPHERTEXT)) &&
1.2827 + (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) {
1.2828 + PKM_LogIt("AES CBCVarKey128 encrypt test case 1 passed\n");
1.2829 + } else {
1.2830 + PKM_Error( "AES CBCVarKey128 encrypt test case 1 failed\n");
1.2831 + return crv;
1.2832 + }
1.2833 +
1.2834 + /* now use EncryptUpdate the text */
1.2835 + crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
1.2836 + if (crv != CKR_OK) {
1.2837 + PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
1.2838 + PKM_CK_RVtoStr(crv));
1.2839 + return crv;
1.2840 + }
1.2841 + ciphertext2Len = sizeof(ciphertext2);
1.2842 + crv = pFunctionList->C_EncryptUpdate (hSession, (CK_BYTE *) PLAINTEXT,
1.2843 + sizeof(PLAINTEXT),
1.2844 + ciphertext2, &ciphertext2Len);
1.2845 + if (crv != CKR_OK) {
1.2846 + PKM_Error( "C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
1.2847 + PKM_CK_RVtoStr(crv));
1.2848 + return crv;
1.2849 + }
1.2850 + lastLen = sizeof(ciphertext2) - ciphertext2Len;
1.2851 +
1.2852 + crv = pFunctionList->C_EncryptFinal(hSession,
1.2853 + (CK_BYTE * )&ciphertext2[ciphertext2Len],
1.2854 + &lastLen);
1.2855 + ciphertext2Len = ciphertext2Len + lastLen;
1.2856 +
1.2857 + if ( (ciphertextLen == ciphertext2Len) &&
1.2858 + (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) &&
1.2859 + (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) {
1.2860 + PKM_LogIt("AES CBCVarKey128 encrypt test case 2 passed\n");
1.2861 + } else {
1.2862 + PKM_Error( "AES CBCVarKey128 encrypt test case 2 failed\n");
1.2863 + return CKR_GENERAL_ERROR;
1.2864 + }
1.2865 +
1.2866 + /* AES CBC Decrypt the text */
1.2867 + crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
1.2868 + if (crv != CKR_OK) {
1.2869 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2870 + PKM_CK_RVtoStr(crv));
1.2871 + return crv;
1.2872 + }
1.2873 + plaintextLen = sizeof(plaintext);
1.2874 + crv = pFunctionList->C_Decrypt(hSession, ciphertext, ciphertextLen,
1.2875 + plaintext, &plaintextLen);
1.2876 + if (crv != CKR_OK) {
1.2877 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2878 + PKM_CK_RVtoStr(crv));
1.2879 + return crv;
1.2880 + }
1.2881 + if ((plaintextLen == sizeof(PLAINTEXT))
1.2882 + && (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) {
1.2883 + PKM_LogIt("AES CBCVarKey128 decrypt test case 1 passed\n");
1.2884 + } else {
1.2885 + PKM_Error( "AES CBCVarKey128 derypt test case 1 failed\n");
1.2886 + }
1.2887 + /* now use DecryptUpdate the text */
1.2888 + crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
1.2889 + if (crv != CKR_OK) {
1.2890 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.2891 + PKM_CK_RVtoStr(crv));
1.2892 + return crv;
1.2893 + }
1.2894 + plaintext2Len = sizeof(plaintext2);
1.2895 + crv = pFunctionList->C_DecryptUpdate(hSession, ciphertext2,
1.2896 + ciphertext2Len,
1.2897 + plaintext2, &plaintext2Len);
1.2898 + if (crv != CKR_OK) {
1.2899 + PKM_Error( "C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
1.2900 + PKM_CK_RVtoStr(crv));
1.2901 + return crv;
1.2902 + }
1.2903 + lastLen = sizeof(plaintext2) - plaintext2Len;
1.2904 + crv = pFunctionList->C_DecryptFinal(hSession,
1.2905 + (CK_BYTE * )&plaintext2[plaintext2Len],
1.2906 + &lastLen);
1.2907 + plaintext2Len = plaintext2Len + lastLen;
1.2908 +
1.2909 + if ( (plaintextLen == plaintext2Len) &&
1.2910 + (memcmp(plaintext, plaintext2, plaintext2Len) == 0) &&
1.2911 + (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) {
1.2912 + PKM_LogIt("AES CBCVarKey128 decrypt test case 2 passed\n");
1.2913 + } else {
1.2914 + PKM_Error( "AES CBCVarKey128 decrypt test case 2 failed\n");
1.2915 + return CKR_GENERAL_ERROR;
1.2916 + }
1.2917 +
1.2918 + crv = pFunctionList->C_Logout(hSession);
1.2919 + if (crv == CKR_OK) {
1.2920 + PKM_LogIt("C_Logout succeeded\n");
1.2921 + } else {
1.2922 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.2923 + PKM_CK_RVtoStr(crv));
1.2924 + return crv;
1.2925 + }
1.2926 + crv = pFunctionList->C_CloseSession(hSession);
1.2927 + if (crv != CKR_OK) {
1.2928 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.2929 + PKM_CK_RVtoStr(crv));
1.2930 + return crv;
1.2931 + }
1.2932 +
1.2933 +
1.2934 + return crv;
1.2935 +
1.2936 +}
1.2937 +
1.2938 +CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
1.2939 + CK_SESSION_HANDLE hRwSession,
1.2940 + CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
1.2941 + CK_MECHANISM *signMech, const CK_BYTE * pData,
1.2942 + CK_ULONG pDataLen) {
1.2943 + CK_RV crv = CKR_OK;
1.2944 + CK_BYTE sig[MAX_SIG_SZ];
1.2945 + CK_ULONG sigLen = 0 ;
1.2946 +
1.2947 + NUMTESTS++; /* increment NUMTESTS */
1.2948 + memset(sig, 0, sizeof(sig));
1.2949 +
1.2950 + /* C_Sign */
1.2951 + crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
1.2952 + if (crv != CKR_OK) {
1.2953 + PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
1.2954 + PKM_CK_RVtoStr(crv));
1.2955 + return crv;
1.2956 + }
1.2957 + sigLen = sizeof(sig);
1.2958 + crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE * ) pData, pDataLen,
1.2959 + sig, &sigLen);
1.2960 + if (crv != CKR_OK) {
1.2961 + PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
1.2962 + PKM_CK_RVtoStr(crv));
1.2963 + return crv;
1.2964 + }
1.2965 +
1.2966 + /* C_Verify the signature */
1.2967 + crv = pFunctionList->C_VerifyInit(hRwSession, signMech, hPubKey);
1.2968 + if (crv != CKR_OK) {
1.2969 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.2970 + PKM_CK_RVtoStr(crv));
1.2971 + return crv;
1.2972 + }
1.2973 + crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE * ) pData, pDataLen,
1.2974 + sig, sigLen);
1.2975 + if (crv == CKR_OK) {
1.2976 + PKM_LogIt("C_Verify succeeded\n");
1.2977 + } else {
1.2978 + PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
1.2979 + PKM_CK_RVtoStr(crv));
1.2980 + return crv;
1.2981 + }
1.2982 +
1.2983 + /* Check that the mechanism is Multi-part */
1.2984 + if (signMech->mechanism == CKM_DSA ||
1.2985 + signMech->mechanism == CKM_RSA_PKCS) {
1.2986 + return crv;
1.2987 + }
1.2988 +
1.2989 + memset(sig, 0, sizeof(sig));
1.2990 + /* SignUpdate */
1.2991 + crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
1.2992 + if (crv != CKR_OK) {
1.2993 + PKM_Error( "C_SignInit failed with 0x%08lX %-26s\n", crv,
1.2994 + PKM_CK_RVtoStr(crv));
1.2995 + return crv;
1.2996 + }
1.2997 + crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE * ) pData, pDataLen);
1.2998 + if (crv != CKR_OK) {
1.2999 + PKM_Error( "C_Sign failed with 0x%08lX %-26s\n", crv,
1.3000 + PKM_CK_RVtoStr(crv));
1.3001 + return crv;
1.3002 + }
1.3003 +
1.3004 + sigLen = sizeof(sig);
1.3005 + crv = pFunctionList->C_SignFinal(hRwSession, sig, &sigLen);
1.3006 + if (crv != CKR_OK) {
1.3007 + PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
1.3008 + PKM_CK_RVtoStr(crv));
1.3009 + return crv;
1.3010 + }
1.3011 +
1.3012 + /* C_VerifyUpdate the signature */
1.3013 + crv = pFunctionList->C_VerifyInit(hRwSession, signMech,
1.3014 + hPubKey);
1.3015 + if (crv != CKR_OK) {
1.3016 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.3017 + PKM_CK_RVtoStr(crv));
1.3018 + return crv;
1.3019 + }
1.3020 + crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE * ) pData,
1.3021 + pDataLen);
1.3022 + if (crv != CKR_OK) {
1.3023 + PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
1.3024 + PKM_CK_RVtoStr(crv));
1.3025 + return crv;
1.3026 + }
1.3027 + crv = pFunctionList->C_VerifyFinal(hRwSession, sig, sigLen);
1.3028 + if (crv == CKR_OK) {
1.3029 + PKM_LogIt("C_VerifyFinal succeeded\n");
1.3030 + } else {
1.3031 + PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
1.3032 + PKM_CK_RVtoStr(crv));
1.3033 + return crv;
1.3034 + }
1.3035 + return crv;
1.3036 +
1.3037 +}
1.3038 +
1.3039 +CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
1.3040 + CK_SLOT_ID * pSlotList,
1.3041 + CK_ULONG slotID, CK_UTF8CHAR_PTR pwd,
1.3042 + CK_ULONG pwdLen){
1.3043 + CK_SESSION_HANDLE hSession;
1.3044 + CK_RV crv = CKR_OK;
1.3045 +
1.3046 +/*** DSA Key ***/
1.3047 + CK_MECHANISM dsaParamGenMech;
1.3048 + CK_ULONG primeBits = 1024;
1.3049 + CK_ATTRIBUTE dsaParamGenTemplate[1];
1.3050 + CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
1.3051 + CK_BYTE DSA_P[128];
1.3052 + CK_BYTE DSA_Q[20];
1.3053 + CK_BYTE DSA_G[128];
1.3054 + CK_MECHANISM dsaKeyPairGenMech;
1.3055 + CK_ATTRIBUTE dsaPubKeyTemplate[5];
1.3056 + CK_ATTRIBUTE dsaPrivKeyTemplate[5];
1.3057 + CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
1.3058 + CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
1.3059 +
1.3060 + /* From SHA1ShortMsg.req, Len = 136 */
1.3061 + CK_BYTE MSG[] = {
1.3062 + 0xba, 0x33, 0x95, 0xfb,
1.3063 + 0x5a, 0xfa, 0x8e, 0x6a,
1.3064 + 0x43, 0xdf, 0x41, 0x6b,
1.3065 + 0x32, 0x7b, 0x74, 0xfa,
1.3066 + 0x44
1.3067 + };
1.3068 + CK_BYTE MD[] = {
1.3069 + 0xf7, 0x5d, 0x92, 0xa4,
1.3070 + 0xbb, 0x4d, 0xec, 0xc3,
1.3071 + 0x7c, 0x5c, 0x72, 0xfa,
1.3072 + 0x04, 0x75, 0x71, 0x0a,
1.3073 + 0x06, 0x75, 0x8c, 0x1d
1.3074 + };
1.3075 +
1.3076 + CK_BYTE sha1Digest[20];
1.3077 + CK_ULONG sha1DigestLen;
1.3078 + CK_BYTE dsaSig[40];
1.3079 + CK_ULONG dsaSigLen;
1.3080 + CK_MECHANISM sha1Mech = {
1.3081 + CKM_SHA_1, NULL, 0
1.3082 + };
1.3083 + CK_MECHANISM dsaMech = {
1.3084 + CKM_DSA, NULL, 0
1.3085 + };
1.3086 + CK_MECHANISM dsaWithSha1Mech = {
1.3087 + CKM_DSA_SHA1, NULL, 0
1.3088 + };
1.3089 +
1.3090 + NUMTESTS++; /* increment NUMTESTS */
1.3091 +
1.3092 + /* DSA key init */
1.3093 + dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
1.3094 + dsaParamGenMech.pParameter = NULL_PTR;
1.3095 + dsaParamGenMech.ulParameterLen = 0;
1.3096 + dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
1.3097 + dsaParamGenTemplate[0].pValue = &primeBits;
1.3098 + dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
1.3099 + dsaPubKeyTemplate[0].type = CKA_PRIME;
1.3100 + dsaPubKeyTemplate[0].pValue = DSA_P;
1.3101 + dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
1.3102 + dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
1.3103 + dsaPubKeyTemplate[1].pValue = DSA_Q;
1.3104 + dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
1.3105 + dsaPubKeyTemplate[2].type = CKA_BASE;
1.3106 + dsaPubKeyTemplate[2].pValue = DSA_G;
1.3107 + dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
1.3108 + dsaPubKeyTemplate[3].type = CKA_TOKEN;
1.3109 + dsaPubKeyTemplate[3].pValue = &true;
1.3110 + dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
1.3111 + dsaPubKeyTemplate[4].type = CKA_VERIFY;
1.3112 + dsaPubKeyTemplate[4].pValue = &true;
1.3113 + dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
1.3114 + dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
1.3115 + dsaKeyPairGenMech.pParameter = NULL_PTR;
1.3116 + dsaKeyPairGenMech.ulParameterLen = 0;
1.3117 + dsaPrivKeyTemplate[0].type = CKA_TOKEN;
1.3118 + dsaPrivKeyTemplate[0].pValue = &true;
1.3119 + dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
1.3120 + dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
1.3121 + dsaPrivKeyTemplate[1].pValue = &true;
1.3122 + dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
1.3123 + dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
1.3124 + dsaPrivKeyTemplate[2].pValue = &true;
1.3125 + dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
1.3126 + dsaPrivKeyTemplate[3].type = CKA_SIGN,
1.3127 + dsaPrivKeyTemplate[3].pValue = &true;
1.3128 + dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
1.3129 + dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
1.3130 + dsaPrivKeyTemplate[4].pValue = &true;
1.3131 + dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
1.3132 +
1.3133 + crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1.3134 + CKF_RW_SESSION | CKF_SERIAL_SESSION,
1.3135 + NULL, NULL, &hSession);
1.3136 + if (crv != CKR_OK) {
1.3137 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.3138 + PKM_CK_RVtoStr(crv));
1.3139 + return crv;
1.3140 + }
1.3141 +
1.3142 + crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.3143 + if (crv == CKR_OK) {
1.3144 + PKM_LogIt("C_Login with correct password succeeded\n");
1.3145 + } else {
1.3146 + PKM_Error( "C_Login with correct password failed "
1.3147 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3148 + return crv;
1.3149 + }
1.3150 +
1.3151 + PKM_LogIt("Generate DSA PQG domain parameters ... \n");
1.3152 + /* Generate DSA domain parameters PQG */
1.3153 + crv = pFunctionList->C_GenerateKey(hSession, &dsaParamGenMech,
1.3154 + dsaParamGenTemplate,
1.3155 + 1,
1.3156 + &hDsaParams);
1.3157 + if (crv == CKR_OK) {
1.3158 + PKM_LogIt("DSA domain parameter generation succeeded\n");
1.3159 + } else {
1.3160 + PKM_Error( "DSA domain parameter generation failed "
1.3161 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3162 + return crv;
1.3163 + }
1.3164 + crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams,
1.3165 + dsaPubKeyTemplate, 3);
1.3166 + if (crv == CKR_OK) {
1.3167 + PKM_LogIt("Getting DSA domain parameters succeeded\n");
1.3168 + } else {
1.3169 + PKM_Error( "Getting DSA domain parameters failed "
1.3170 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3171 + return crv;
1.3172 + }
1.3173 + crv = pFunctionList->C_DestroyObject(hSession, hDsaParams);
1.3174 + if (crv == CKR_OK) {
1.3175 + PKM_LogIt("Destroying DSA domain parameters succeeded\n");
1.3176 + } else {
1.3177 + PKM_Error( "Destroying DSA domain parameters failed "
1.3178 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3179 + return crv;
1.3180 + }
1.3181 +
1.3182 + PKM_LogIt("Generate a DSA key pair ... \n");
1.3183 + /* Generate a persistent DSA key pair */
1.3184 + crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech,
1.3185 + dsaPubKeyTemplate,
1.3186 + NUM_ELEM(dsaPubKeyTemplate),
1.3187 + dsaPrivKeyTemplate,
1.3188 + NUM_ELEM(dsaPrivKeyTemplate),
1.3189 + &hDSApubKey, &hDSAprivKey);
1.3190 + if (crv == CKR_OK) {
1.3191 + PKM_LogIt("DSA key pair generation succeeded\n");
1.3192 + } else {
1.3193 + PKM_Error( "DSA key pair generation failed "
1.3194 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3195 + return crv;
1.3196 + }
1.3197 +
1.3198 + /* Compute SHA-1 digest */
1.3199 + crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
1.3200 + if (crv != CKR_OK) {
1.3201 + PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
1.3202 + PKM_CK_RVtoStr(crv));
1.3203 + return crv;
1.3204 + }
1.3205 + sha1DigestLen = sizeof(sha1Digest);
1.3206 + crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
1.3207 + sha1Digest, &sha1DigestLen);
1.3208 + if (crv != CKR_OK) {
1.3209 + PKM_Error( "C_Digest failed with 0x%08X, %-26s\n", crv,
1.3210 + PKM_CK_RVtoStr(crv));
1.3211 + return crv;
1.3212 + }
1.3213 + if (sha1DigestLen != sizeof(sha1Digest)) {
1.3214 + PKM_Error( "sha1DigestLen is %lu\n", sha1DigestLen);
1.3215 + return crv;
1.3216 + }
1.3217 +
1.3218 + if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) {
1.3219 + PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n");
1.3220 + } else {
1.3221 + PKM_Error( "SHA-1 SHA1ShortMsg test case Len = 136 failed\n");
1.3222 + }
1.3223 +
1.3224 + crv = PKM_PubKeySign(pFunctionList, hSession,
1.3225 + hDSApubKey, hDSAprivKey,
1.3226 + &dsaMech, sha1Digest, sizeof(sha1Digest));
1.3227 + if (crv == CKR_OK) {
1.3228 + PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n");
1.3229 + } else {
1.3230 + PKM_Error( "PKM_PubKeySign failed "
1.3231 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3232 + return crv;
1.3233 + }
1.3234 + crv = PKM_PubKeySign(pFunctionList, hSession,
1.3235 + hDSApubKey, hDSAprivKey,
1.3236 + &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
1.3237 + if (crv == CKR_OK) {
1.3238 + PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n");
1.3239 + } else {
1.3240 + PKM_Error( "PKM_PubKeySign failed "
1.3241 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3242 + return crv;
1.3243 + }
1.3244 +
1.3245 + /* Sign with DSA */
1.3246 + crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey);
1.3247 + if (crv != CKR_OK) {
1.3248 + PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
1.3249 + PKM_CK_RVtoStr(crv));
1.3250 + return crv;
1.3251 + }
1.3252 + dsaSigLen = sizeof(dsaSig);
1.3253 + crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen,
1.3254 + dsaSig, &dsaSigLen);
1.3255 + if (crv != CKR_OK) {
1.3256 + PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
1.3257 + PKM_CK_RVtoStr(crv));
1.3258 + return crv;
1.3259 + }
1.3260 +
1.3261 + /* Verify the DSA signature */
1.3262 + crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
1.3263 + if (crv != CKR_OK) {
1.3264 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.3265 + PKM_CK_RVtoStr(crv));
1.3266 + return crv;
1.3267 + }
1.3268 + crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
1.3269 + dsaSig, dsaSigLen);
1.3270 + if (crv == CKR_OK) {
1.3271 + PKM_LogIt("C_Verify succeeded\n");
1.3272 + } else {
1.3273 + PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
1.3274 + PKM_CK_RVtoStr(crv));
1.3275 + return crv;
1.3276 + }
1.3277 +
1.3278 + /* Verify the signature in a different way */
1.3279 + crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
1.3280 + hDSApubKey);
1.3281 + if (crv != CKR_OK) {
1.3282 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.3283 + PKM_CK_RVtoStr(crv));
1.3284 + return crv;
1.3285 + }
1.3286 + crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
1.3287 + if (crv != CKR_OK) {
1.3288 + PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
1.3289 + PKM_CK_RVtoStr(crv));
1.3290 + return crv;
1.3291 + }
1.3292 + crv = pFunctionList->C_VerifyUpdate(hSession, MSG+1, sizeof(MSG)-1);
1.3293 + if (crv != CKR_OK) {
1.3294 + PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
1.3295 + PKM_CK_RVtoStr(crv));
1.3296 + return crv;
1.3297 + }
1.3298 + crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
1.3299 + if (crv == CKR_OK) {
1.3300 + PKM_LogIt("C_VerifyFinal succeeded\n");
1.3301 + } else {
1.3302 + PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
1.3303 + PKM_CK_RVtoStr(crv));
1.3304 + return crv;
1.3305 + }
1.3306 +
1.3307 + /* Verify the signature in a different way */
1.3308 + crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
1.3309 + hDSApubKey);
1.3310 + if (crv != CKR_OK) {
1.3311 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n",
1.3312 + crv, PKM_CK_RVtoStr(crv));
1.3313 + return crv;
1.3314 + }
1.3315 + crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
1.3316 + if (crv != CKR_OK) {
1.3317 + PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n",
1.3318 + crv, PKM_CK_RVtoStr(crv));
1.3319 + return crv;
1.3320 + }
1.3321 + crv = pFunctionList->C_VerifyUpdate(hSession, MSG+1, sizeof(MSG)-1);
1.3322 + if (crv != CKR_OK) {
1.3323 + PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n",
1.3324 + crv, PKM_CK_RVtoStr(crv));
1.3325 + return crv;
1.3326 + }
1.3327 + crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
1.3328 + if (crv == CKR_OK) {
1.3329 + PKM_LogIt("C_VerifyFinal of multi update succeeded.\n");
1.3330 + } else {
1.3331 + PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n",
1.3332 + crv, PKM_CK_RVtoStr(crv));
1.3333 + return crv;
1.3334 + }
1.3335 + /* Now modify the data */
1.3336 + MSG[0] += 1;
1.3337 + /* Compute SHA-1 digest */
1.3338 + crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
1.3339 + if (crv != CKR_OK) {
1.3340 + PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
1.3341 + PKM_CK_RVtoStr(crv));
1.3342 + return crv;
1.3343 + }
1.3344 + sha1DigestLen = sizeof(sha1Digest);
1.3345 + crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
1.3346 + sha1Digest, &sha1DigestLen);
1.3347 + if (crv != CKR_OK) {
1.3348 + PKM_Error( "C_Digest failed with 0x%08X, %-26s\n", crv,
1.3349 + PKM_CK_RVtoStr(crv));
1.3350 + return crv;
1.3351 + }
1.3352 + crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
1.3353 + if (crv != CKR_OK) {
1.3354 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.3355 + PKM_CK_RVtoStr(crv));
1.3356 + return crv;
1.3357 + }
1.3358 + crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
1.3359 + dsaSig, dsaSigLen);
1.3360 + if (crv != CKR_SIGNATURE_INVALID) {
1.3361 + PKM_Error( "C_Verify of modified data succeeded\n");
1.3362 + return crv;
1.3363 + } else {
1.3364 + PKM_LogIt("C_Verify of modified data returned as EXPECTED "
1.3365 + " with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3366 + }
1.3367 +
1.3368 + crv = pFunctionList->C_Logout(hSession);
1.3369 + if (crv == CKR_OK) {
1.3370 + PKM_LogIt("C_Logout succeeded\n");
1.3371 + } else {
1.3372 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.3373 + PKM_CK_RVtoStr(crv));
1.3374 + return crv;
1.3375 + }
1.3376 +
1.3377 + crv = pFunctionList->C_CloseSession(hSession);
1.3378 + if (crv != CKR_OK) {
1.3379 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.3380 + PKM_CK_RVtoStr(crv));
1.3381 + return crv;
1.3382 + }
1.3383 +
1.3384 + return crv;
1.3385 +
1.3386 +}
1.3387 +
1.3388 +CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
1.3389 + CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
1.3390 + const CK_BYTE * pData, CK_ULONG pDataLen) {
1.3391 +
1.3392 + CK_RV crv = CKR_OK;
1.3393 +
1.3394 + CK_BYTE hmac1[HMAC_MAX_LENGTH];
1.3395 + CK_ULONG hmac1Len = 0;
1.3396 + CK_BYTE hmac2[HMAC_MAX_LENGTH];
1.3397 + CK_ULONG hmac2Len = 0;
1.3398 +
1.3399 + memset(hmac1, 0, sizeof(hmac1));
1.3400 + memset(hmac2, 0, sizeof(hmac2));
1.3401 +
1.3402 + NUMTESTS++; /* increment NUMTESTS */
1.3403 +
1.3404 + crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
1.3405 + if (crv == CKR_OK) {
1.3406 + PKM_LogIt("C_SignInit succeeded\n");
1.3407 + } else {
1.3408 + PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
1.3409 + PKM_CK_RVtoStr(crv));
1.3410 + return crv;
1.3411 + }
1.3412 +
1.3413 + hmac1Len = sizeof(hmac1);
1.3414 + crv = pFunctionList->C_Sign(hSession, (CK_BYTE * )pData,
1.3415 + pDataLen,
1.3416 + (CK_BYTE * )hmac1, &hmac1Len);
1.3417 + if (crv == CKR_OK) {
1.3418 + PKM_LogIt("C_Sign succeeded\n");
1.3419 + } else {
1.3420 + PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
1.3421 + PKM_CK_RVtoStr(crv));
1.3422 + return crv;
1.3423 + }
1.3424 +
1.3425 + crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
1.3426 + if (crv == CKR_OK) {
1.3427 + PKM_LogIt("C_SignInit succeeded\n");
1.3428 + } else {
1.3429 + PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
1.3430 + PKM_CK_RVtoStr(crv));
1.3431 + return crv;
1.3432 + }
1.3433 +
1.3434 + crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE * )pData,
1.3435 + pDataLen);
1.3436 + if (crv == CKR_OK) {
1.3437 + PKM_LogIt("C_SignUpdate succeeded\n");
1.3438 + } else {
1.3439 + PKM_Error( "C_SignUpdate failed with 0x%08X, %-26s\n", crv,
1.3440 + PKM_CK_RVtoStr(crv));
1.3441 + return crv;
1.3442 + }
1.3443 +
1.3444 + hmac2Len = sizeof(hmac2);
1.3445 + crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE * )hmac2, &hmac2Len);
1.3446 + if (crv == CKR_OK) {
1.3447 + PKM_LogIt("C_SignFinal succeeded\n");
1.3448 + } else {
1.3449 + PKM_Error( "C_SignFinal failed with 0x%08X, %-26s\n", crv,
1.3450 + PKM_CK_RVtoStr(crv));
1.3451 + return crv;
1.3452 + }
1.3453 +
1.3454 + if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0) ) {
1.3455 + PKM_LogIt("hmacs are equal!\n");
1.3456 + } else {
1.3457 + PKM_Error("hmacs are not equal!\n");
1.3458 + }
1.3459 + crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
1.3460 + if (crv != CKR_OK) {
1.3461 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.3462 + PKM_CK_RVtoStr(crv));
1.3463 + return crv;
1.3464 + }
1.3465 + crv = pFunctionList->C_Verify(hSession, (CK_BYTE * )pData,
1.3466 + pDataLen,
1.3467 + (CK_BYTE * ) hmac2, hmac2Len);
1.3468 + if (crv == CKR_OK) {
1.3469 + PKM_LogIt("C_Verify of hmac succeeded\n");
1.3470 + } else {
1.3471 + PKM_Error( "C_Verify failed with 0x%08X, %-26s\n", crv,
1.3472 + PKM_CK_RVtoStr(crv));
1.3473 + return crv;
1.3474 + }
1.3475 + crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
1.3476 + if (crv != CKR_OK) {
1.3477 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.3478 + PKM_CK_RVtoStr(crv));
1.3479 + return crv;
1.3480 + }
1.3481 + crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE * )pData,
1.3482 + pDataLen);
1.3483 + if (crv == CKR_OK) {
1.3484 + PKM_LogIt("C_VerifyUpdate of hmac succeeded\n");
1.3485 + } else {
1.3486 + PKM_Error( "C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
1.3487 + PKM_CK_RVtoStr(crv));
1.3488 + return crv;
1.3489 + }
1.3490 + crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE * ) hmac1,
1.3491 + hmac1Len);
1.3492 + if (crv == CKR_OK) {
1.3493 + PKM_LogIt("C_VerifyFinal of hmac succeeded\n");
1.3494 + } else {
1.3495 + PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
1.3496 + PKM_CK_RVtoStr(crv));
1.3497 + return crv;
1.3498 + }
1.3499 + return crv;
1.3500 +}
1.3501 +
1.3502 +CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
1.3503 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.3504 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.3505 + CK_RV crv = CKR_OK;
1.3506 +
1.3507 + CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
1.3508 + CK_SESSION_INFO sinfo;
1.3509 + CK_ATTRIBUTE_PTR pTemplate;
1.3510 + CK_ULONG tnObjects = 0;
1.3511 + int curMode;
1.3512 + int i;
1.3513 + int number_of_all_known_attribute_types = totalKnownType(ConstAttribute);
1.3514 +
1.3515 + NUMTESTS++; /* increment NUMTESTS */
1.3516 +
1.3517 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.3518 + NULL, NULL, &h);
1.3519 + if ( CKR_OK != crv ) {
1.3520 + PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
1.3521 + "returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
1.3522 + PKM_CK_RVtoStr(crv));
1.3523 + return crv;
1.3524 + }
1.3525 +
1.3526 + PKM_LogIt( " Opened a session: handle = 0x%08x\n", h);
1.3527 +
1.3528 + (void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO));
1.3529 + crv = pFunctionList->C_GetSessionInfo(h, &sinfo);
1.3530 + if ( CKR_OK != crv ) {
1.3531 + PKM_LogIt( "C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv,
1.3532 + PKM_CK_RVtoStr(crv));
1.3533 + return crv;
1.3534 + }
1.3535 +
1.3536 + PKM_LogIt( " SESSION INFO:\n");
1.3537 + PKM_LogIt( " slotID = %lu\n", sinfo.slotID);
1.3538 + PKM_LogIt( " state = %lu\n", sinfo.state);
1.3539 + PKM_LogIt( " flags = 0x%08x\n", sinfo.flags);
1.3540 +#ifdef CKF_EXCLUSIVE_SESSION
1.3541 + PKM_LogIt( " -> EXCLUSIVE SESSION = %s\n", sinfo.flags &
1.3542 + CKF_EXCLUSIVE_SESSION ? "TRUE" : "FALSE");
1.3543 +#endif /* CKF_EXCLUSIVE_SESSION */
1.3544 + PKM_LogIt( " -> RW SESSION = %s\n", sinfo.flags &
1.3545 + CKF_RW_SESSION ? "TRUE" : "FALSE");
1.3546 + PKM_LogIt( " -> SERIAL SESSION = %s\n", sinfo.flags &
1.3547 + CKF_SERIAL_SESSION ? "TRUE" : "FALSE");
1.3548 +#ifdef CKF_INSERTION_CALLBACK
1.3549 + PKM_LogIt( " -> INSERTION CALLBACK = %s\n", sinfo.flags &
1.3550 + CKF_INSERTION_CALLBACK ? "TRUE" : "FALSE");
1.3551 +#endif /* CKF_INSERTION_CALLBACK */
1.3552 + PKM_LogIt( " ulDeviceError = %lu\n", sinfo.ulDeviceError);
1.3553 + PKM_LogIt( "\n");
1.3554 +
1.3555 + crv = pFunctionList->C_FindObjectsInit(h, NULL, 0);
1.3556 + if ( CKR_OK != crv ) {
1.3557 + PKM_LogIt( "C_FindObjectsInit(%lu, NULL, 0) returned "
1.3558 + "0x%08X, %-26s\n",
1.3559 + h, crv, PKM_CK_RVtoStr(crv));
1.3560 + return crv;
1.3561 + }
1.3562 +
1.3563 + pTemplate = (CK_ATTRIBUTE_PTR)calloc(number_of_all_known_attribute_types,
1.3564 + sizeof(CK_ATTRIBUTE));
1.3565 + if ( (CK_ATTRIBUTE_PTR)NULL == pTemplate ) {
1.3566 + PKM_Error( "[pTemplate memory allocation of %lu bytes failed]\n",
1.3567 + number_of_all_known_attribute_types *
1.3568 + sizeof(CK_ATTRIBUTE));
1.3569 + return crv;
1.3570 + }
1.3571 +
1.3572 + PKM_LogIt( " All objects:\n");
1.3573 + /* Printing table set to NOMODE */
1.3574 + curMode = MODE;
1.3575 + MODE = NOMODE;
1.3576 +
1.3577 + while (1) {
1.3578 + CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0;
1.3579 + CK_ULONG nObjects = 0;
1.3580 + CK_ULONG k;
1.3581 + CK_ULONG nAttributes = 0;
1.3582 + CK_ATTRIBUTE_PTR pT2;
1.3583 + CK_ULONG l;
1.3584 + const char * attName = NULL;
1.3585 +
1.3586 + crv = pFunctionList->C_FindObjects(h, &o, 1, &nObjects);
1.3587 + if ( CKR_OK != crv ) {
1.3588 + PKM_Error( "C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n",
1.3589 + h, crv, PKM_CK_RVtoStr(crv));
1.3590 + return crv;
1.3591 + }
1.3592 +
1.3593 + if ( 0 == nObjects ) {
1.3594 + PKM_LogIt( "\n");
1.3595 + break;
1.3596 + }
1.3597 +
1.3598 + tnObjects++;
1.3599 +
1.3600 + PKM_LogIt( " OBJECT HANDLE %lu:\n", o);
1.3601 +
1.3602 + k = 0;
1.3603 + for (i=0; i < constCount; i++) {
1.3604 + if (consts[i].type == ConstAttribute) {
1.3605 + pTemplate[k].type = consts[i].value;
1.3606 + pTemplate[k].pValue = (CK_VOID_PTR) NULL;
1.3607 + pTemplate[k].ulValueLen = 0;
1.3608 + k++;
1.3609 + }
1.3610 + assert(k <= number_of_all_known_attribute_types);
1.3611 + }
1.3612 +
1.3613 + crv = pFunctionList->C_GetAttributeValue(h, o, pTemplate,
1.3614 + number_of_all_known_attribute_types);
1.3615 + switch ( crv ) {
1.3616 + case CKR_OK:
1.3617 + case CKR_ATTRIBUTE_SENSITIVE:
1.3618 + case CKR_ATTRIBUTE_TYPE_INVALID:
1.3619 + case CKR_BUFFER_TOO_SMALL:
1.3620 + break;
1.3621 + default:
1.3622 + PKM_Error( "C_GetAtributeValue(%lu, %lu, {all attribute types},"
1.3623 + "%lu) returned 0x%08X, %-26s\n",
1.3624 + h, o, number_of_all_known_attribute_types, crv,
1.3625 + PKM_CK_RVtoStr(crv));
1.3626 + return crv;
1.3627 + }
1.3628 +
1.3629 + for ( k = 0; k < (CK_ULONG) number_of_all_known_attribute_types; k++) {
1.3630 + if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
1.3631 + nAttributes++;
1.3632 + }
1.3633 + }
1.3634 +
1.3635 + PKM_LogIt( " %lu attributes:\n", nAttributes);
1.3636 + for ( k = 0; k < (CK_ULONG) number_of_all_known_attribute_types;
1.3637 + k++ ) {
1.3638 + if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
1.3639 + attName = getNameFromAttribute(pTemplate[k].type);
1.3640 + if (!attName) {
1.3641 + PKM_Error("Unable to find attribute name update pk11table.c\n");
1.3642 + }
1.3643 + PKM_LogIt( " %s 0x%08x (len = %lu)\n",
1.3644 + attName,
1.3645 + pTemplate[k].type,
1.3646 + pTemplate[k].ulValueLen);
1.3647 + }
1.3648 + }
1.3649 + PKM_LogIt( "\n");
1.3650 +
1.3651 + pT2 = (CK_ATTRIBUTE_PTR)calloc(nAttributes, sizeof(CK_ATTRIBUTE));
1.3652 + if ( (CK_ATTRIBUTE_PTR)NULL == pT2 ) {
1.3653 + PKM_Error( "[pT2 memory allocation of %lu bytes failed]\n",
1.3654 + nAttributes * sizeof(CK_ATTRIBUTE));
1.3655 + return crv;
1.3656 + }
1.3657 +
1.3658 + /* allocate memory for the attribute values */
1.3659 + for ( l = 0, k = 0; k < (CK_ULONG) number_of_all_known_attribute_types;
1.3660 + k++ ) {
1.3661 + if ( -1 != (CK_LONG)pTemplate[k].ulValueLen ) {
1.3662 + pT2[l].type = pTemplate[k].type;
1.3663 + pT2[l].ulValueLen = pTemplate[k].ulValueLen;
1.3664 + if (pT2[l].ulValueLen > 0) {
1.3665 + pT2[l].pValue = (CK_VOID_PTR)malloc(pT2[l].ulValueLen);
1.3666 + if ( (CK_VOID_PTR)NULL == pT2[l].pValue ) {
1.3667 + PKM_Error( "pValue memory allocation of %lu bytes failed]\n",
1.3668 + pT2[l].ulValueLen);
1.3669 + return crv;
1.3670 + }
1.3671 + } else pT2[l].pValue = (CK_VOID_PTR) NULL;
1.3672 + l++;
1.3673 + }
1.3674 + }
1.3675 +
1.3676 + assert( l == nAttributes );
1.3677 +
1.3678 + crv = pFunctionList->C_GetAttributeValue(h, o, pT2, nAttributes);
1.3679 + switch ( crv ) {
1.3680 + case CKR_OK:
1.3681 + case CKR_ATTRIBUTE_SENSITIVE:
1.3682 + case CKR_ATTRIBUTE_TYPE_INVALID:
1.3683 + case CKR_BUFFER_TOO_SMALL:
1.3684 + break;
1.3685 + default:
1.3686 + PKM_Error( "C_GetAtributeValue(%lu, %lu, {existent attribute"
1.3687 + " types}, %lu) returned 0x%08X, %-26s\n",
1.3688 + h, o, nAttributes, crv, PKM_CK_RVtoStr(crv));
1.3689 + return crv;
1.3690 + }
1.3691 +
1.3692 + for ( l = 0; l < nAttributes; l++ ) {
1.3693 + attName = getNameFromAttribute(pT2[l].type);
1.3694 + if (!attName) attName = "unknown attribute";
1.3695 + PKM_LogIt( " type = %s len = %ld",
1.3696 + attName, (CK_LONG)pT2[l].ulValueLen);
1.3697 +
1.3698 + if ( -1 == (CK_LONG)pT2[l].ulValueLen ) {
1.3699 + ;
1.3700 + } else {
1.3701 + CK_ULONG m;
1.3702 +
1.3703 + if ( pT2[l].ulValueLen <= 8 ) {
1.3704 + PKM_LogIt( ", value = ");
1.3705 + } else {
1.3706 + PKM_LogIt( ", value = \n ");
1.3707 + }
1.3708 +
1.3709 + for ( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
1.3710 + PKM_LogIt( "%02x", (CK_ULONG)(0xff &
1.3711 + ((CK_CHAR_PTR)pT2[l].pValue)[m]));
1.3712 + }
1.3713 +
1.3714 + PKM_LogIt( " ");
1.3715 +
1.3716 + for ( m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++ ) {
1.3717 + CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m];
1.3718 + if ( (c < 0x20) || (c >= 0x7f) ) {
1.3719 + c = '.';
1.3720 + }
1.3721 + PKM_LogIt( "%c", c);
1.3722 + }
1.3723 + }
1.3724 +
1.3725 + PKM_LogIt( "\n");
1.3726 + }
1.3727 +
1.3728 + PKM_LogIt( "\n");
1.3729 +
1.3730 + for ( l = 0; l < nAttributes; l++ ) {
1.3731 + if (pT2[l].pValue) {
1.3732 + free(pT2[l].pValue);
1.3733 + }
1.3734 + }
1.3735 + free(pT2);
1.3736 + } /* while(1) */
1.3737 +
1.3738 + MODE = curMode; /* reset the logging MODE */
1.3739 +
1.3740 + crv = pFunctionList->C_FindObjectsFinal(h);
1.3741 + if ( CKR_OK != crv ) {
1.3742 + PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv,
1.3743 + PKM_CK_RVtoStr(crv));
1.3744 + return crv;
1.3745 + }
1.3746 +
1.3747 + PKM_LogIt( " (%lu objects total)\n", tnObjects);
1.3748 +
1.3749 + crv = pFunctionList->C_CloseSession(h);
1.3750 + if ( CKR_OK != crv ) {
1.3751 + PKM_Error( "C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv,
1.3752 + PKM_CK_RVtoStr(crv));
1.3753 + return crv;
1.3754 + }
1.3755 +
1.3756 + return crv;
1.3757 +}
1.3758 +/* session to create, find, and delete a couple session objects */
1.3759 +CK_RV PKM_MultiObjectManagement (CK_FUNCTION_LIST_PTR pFunctionList,
1.3760 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.3761 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.3762 +
1.3763 + CK_RV crv = CKR_OK;
1.3764 +
1.3765 + CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
1.3766 + CK_SESSION_HANDLE h2 = (CK_SESSION_HANDLE)0;
1.3767 + CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1];
1.3768 + CK_OBJECT_CLASS cko_data = CKO_DATA;
1.3769 + char *key = "TEST PROGRAM";
1.3770 + CK_ULONG key_len = 0;
1.3771 + CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0;
1.3772 + CK_OBJECT_HANDLE hTwoIn = (CK_OBJECT_HANDLE)0;
1.3773 + CK_OBJECT_HANDLE hThreeIn = (CK_OBJECT_HANDLE)0;
1.3774 + CK_OBJECT_HANDLE hDeltaIn = (CK_OBJECT_HANDLE)0;
1.3775 + CK_OBJECT_HANDLE found[10];
1.3776 + CK_ULONG nFound;
1.3777 + CK_ULONG hDeltaLen, hThreeLen = 0;
1.3778 +
1.3779 + CK_TOKEN_INFO tinfo;
1.3780 +
1.3781 + NUMTESTS++; /* increment NUMTESTS */
1.3782 + key_len = sizeof(key);
1.3783 + crv = pFunctionList->C_OpenSession(pSlotList[slotID],
1.3784 + CKF_SERIAL_SESSION, NULL, NULL, &h);
1.3785 + if ( CKR_OK != crv ) {
1.3786 + PKM_Error( "C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
1.3787 + "returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
1.3788 + PKM_CK_RVtoStr(crv));
1.3789 + return crv;
1.3790 + }
1.3791 + crv = pFunctionList->C_Login(h, CKU_USER, pwd, pwdLen);
1.3792 + if (crv == CKR_OK) {
1.3793 + PKM_LogIt("C_Login with correct password succeeded\n");
1.3794 + } else {
1.3795 + PKM_Error( "C_Login with correct password failed "
1.3796 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3797 + return crv;
1.3798 + }
1.3799 +
1.3800 +
1.3801 + (void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO));
1.3802 + crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tinfo);
1.3803 + if ( CKR_OK != crv ) {
1.3804 + PKM_Error("C_GetTokenInfo(%lu, ) returned 0x%08X, %-26s\n",
1.3805 + pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
1.3806 + return crv;
1.3807 + }
1.3808 +
1.3809 +
1.3810 + PKM_LogIt( " Opened a session: handle = 0x%08x\n", h);
1.3811 +
1.3812 + one[0].type = CKA_CLASS;
1.3813 + one[0].pValue = &cko_data;
1.3814 + one[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
1.3815 + one[1].type = CKA_TOKEN;
1.3816 + one[1].pValue = &false;
1.3817 + one[1].ulValueLen = sizeof(CK_BBOOL);
1.3818 + one[2].type = CKA_PRIVATE;
1.3819 + one[2].pValue = &false;
1.3820 + one[2].ulValueLen = sizeof(CK_BBOOL);
1.3821 + one[3].type = CKA_MODIFIABLE;
1.3822 + one[3].pValue = &true;
1.3823 + one[3].ulValueLen = sizeof(CK_BBOOL);
1.3824 + one[4].type = CKA_LABEL;
1.3825 + one[4].pValue = "Test data object one";
1.3826 + one[4].ulValueLen = strlen(one[4].pValue);
1.3827 + one[5].type = CKA_APPLICATION;
1.3828 + one[5].pValue = key;
1.3829 + one[5].ulValueLen = key_len;
1.3830 + one[6].type = CKA_VALUE;
1.3831 + one[6].pValue = "Object one";
1.3832 + one[6].ulValueLen = strlen(one[6].pValue);
1.3833 +
1.3834 + two[0].type = CKA_CLASS;
1.3835 + two[0].pValue = &cko_data;
1.3836 + two[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
1.3837 + two[1].type = CKA_TOKEN;
1.3838 + two[1].pValue = &false;
1.3839 + two[1].ulValueLen = sizeof(CK_BBOOL);
1.3840 + two[2].type = CKA_PRIVATE;
1.3841 + two[2].pValue = &false;
1.3842 + two[2].ulValueLen = sizeof(CK_BBOOL);
1.3843 + two[3].type = CKA_MODIFIABLE;
1.3844 + two[3].pValue = &true;
1.3845 + two[3].ulValueLen = sizeof(CK_BBOOL);
1.3846 + two[4].type = CKA_LABEL;
1.3847 + two[4].pValue = "Test data object two";
1.3848 + two[4].ulValueLen = strlen(two[4].pValue);
1.3849 + two[5].type = CKA_APPLICATION;
1.3850 + two[5].pValue = key;
1.3851 + two[5].ulValueLen = key_len;
1.3852 + two[6].type = CKA_VALUE;
1.3853 + two[6].pValue = "Object two";
1.3854 + two[6].ulValueLen = strlen(two[6].pValue);
1.3855 +
1.3856 + three[0].type = CKA_CLASS;
1.3857 + three[0].pValue = &cko_data;
1.3858 + three[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
1.3859 + three[1].type = CKA_TOKEN;
1.3860 + three[1].pValue = &false;
1.3861 + three[1].ulValueLen = sizeof(CK_BBOOL);
1.3862 + three[2].type = CKA_PRIVATE;
1.3863 + three[2].pValue = &false;
1.3864 + three[2].ulValueLen = sizeof(CK_BBOOL);
1.3865 + three[3].type = CKA_MODIFIABLE;
1.3866 + three[3].pValue = &true;
1.3867 + three[3].ulValueLen = sizeof(CK_BBOOL);
1.3868 + three[4].type = CKA_LABEL;
1.3869 + three[4].pValue = "Test data object three";
1.3870 + three[4].ulValueLen = strlen(three[4].pValue);
1.3871 + three[5].type = CKA_APPLICATION;
1.3872 + three[5].pValue = key;
1.3873 + three[5].ulValueLen = key_len;
1.3874 + three[6].type = CKA_VALUE;
1.3875 + three[6].pValue = "Object three";
1.3876 + three[6].ulValueLen = strlen(three[6].pValue);
1.3877 +
1.3878 + crv = pFunctionList->C_CreateObject(h, one, 7, &hOneIn);
1.3879 + if ( CKR_OK != crv ) {
1.3880 + PKM_Error( "C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n",
1.3881 + h, crv, PKM_CK_RVtoStr(crv));
1.3882 + return crv;
1.3883 + }
1.3884 +
1.3885 + PKM_LogIt( " Created object one: handle = %lu\n", hOneIn);
1.3886 +
1.3887 + crv = pFunctionList->C_CreateObject(h, two, 7, &hTwoIn);
1.3888 + if ( CKR_OK != crv ) {
1.3889 + PKM_Error( "C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n",
1.3890 + h, crv, PKM_CK_RVtoStr(crv));
1.3891 + return crv;
1.3892 + }
1.3893 +
1.3894 + PKM_LogIt( " Created object two: handle = %lu\n", hTwoIn);
1.3895 +
1.3896 + crv = pFunctionList->C_CreateObject(h, three, 7, &hThreeIn);
1.3897 + if ( CKR_OK != crv ) {
1.3898 + PKM_Error( "C_CreateObject(%lu, three, 7, ) returned 0x%08x\n",
1.3899 + h, crv, PKM_CK_RVtoStr(crv));
1.3900 + return crv;
1.3901 + }
1.3902 + crv = pFunctionList->C_GetObjectSize(h, hThreeIn, &hThreeLen);
1.3903 + if (crv == CKR_OK) {
1.3904 + PKM_LogIt("C_GetObjectSize succeeded\n");
1.3905 + } else {
1.3906 + PKM_Error("C_GetObjectSize failed "
1.3907 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3908 + return crv;
1.3909 + }
1.3910 +
1.3911 + PKM_LogIt( " Created object three: handle = %lu\n", hThreeIn);
1.3912 +
1.3913 + delta[0].type = CKA_VALUE;
1.3914 + delta[0].pValue = "Copied object";
1.3915 + delta[0].ulValueLen = strlen(delta[0].pValue);
1.3916 +
1.3917 + crv = pFunctionList->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn);
1.3918 + if ( CKR_OK != crv ) {
1.3919 + PKM_Error( "C_CopyObject(%lu, %lu, delta, 1, ) returned "
1.3920 + "0x%08X, %-26s\n",
1.3921 + h, hThreeIn, crv, PKM_CK_RVtoStr(crv));
1.3922 + return crv;
1.3923 + }
1.3924 + crv = pFunctionList->C_GetObjectSize(h, hDeltaIn, &hDeltaLen);
1.3925 + if (crv == CKR_OK) {
1.3926 + PKM_LogIt("C_GetObjectSize succeeded\n");
1.3927 + } else {
1.3928 + PKM_Error("C_GetObjectSize failed "
1.3929 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.3930 + return crv;
1.3931 + }
1.3932 +
1.3933 + if (hThreeLen == hDeltaLen) {
1.3934 + PKM_LogIt("Copied object size same as orginal\n");
1.3935 + } else {
1.3936 + PKM_Error("Copied object different from original\n");
1.3937 + return CKR_DEVICE_ERROR;
1.3938 + }
1.3939 +
1.3940 + PKM_LogIt( " Copied object three: new handle = %lu\n", hDeltaIn);
1.3941 +
1.3942 + mask[0].type = CKA_APPLICATION;
1.3943 + mask[0].pValue = key;
1.3944 + mask[0].ulValueLen = key_len;
1.3945 +
1.3946 + crv = pFunctionList->C_FindObjectsInit(h, mask, 1);
1.3947 + if ( CKR_OK != crv ) {
1.3948 + PKM_Error( "C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
1.3949 + h, crv, PKM_CK_RVtoStr(crv));
1.3950 + return crv;
1.3951 + }
1.3952 +
1.3953 + (void)memset(&found, 0, sizeof(found));
1.3954 + nFound = 0;
1.3955 + crv = pFunctionList->C_FindObjects(h, found, 10, &nFound);
1.3956 + if ( CKR_OK != crv ) {
1.3957 + PKM_Error( "C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
1.3958 + h, crv, PKM_CK_RVtoStr(crv));
1.3959 + return crv;
1.3960 + }
1.3961 +
1.3962 + if ( 4 != nFound ) {
1.3963 + PKM_Error( "Found %lu objects, not 4.\n", nFound);
1.3964 + return crv;
1.3965 + }
1.3966 +
1.3967 + PKM_LogIt( " Found 4 objects: %lu, %lu, %lu, %lu\n",
1.3968 + found[0], found[1], found[2], found[3]);
1.3969 +
1.3970 + crv = pFunctionList->C_FindObjectsFinal(h);
1.3971 + if ( CKR_OK != crv ) {
1.3972 + PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n",
1.3973 + h, crv, PKM_CK_RVtoStr(crv));
1.3974 + return crv;
1.3975 + }
1.3976 +
1.3977 + crv = pFunctionList->C_DestroyObject(h, hThreeIn);
1.3978 + if ( CKR_OK != crv ) {
1.3979 + PKM_Error( "C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h,
1.3980 + hThreeIn, crv, PKM_CK_RVtoStr(crv));
1.3981 + return crv;
1.3982 + }
1.3983 +
1.3984 + PKM_LogIt( " Destroyed object three (handle = %lu)\n", hThreeIn);
1.3985 +
1.3986 + delta[0].type = CKA_APPLICATION;
1.3987 + delta[0].pValue = "Changed application";
1.3988 + delta[0].ulValueLen = strlen(delta[0].pValue);
1.3989 +
1.3990 + crv = pFunctionList->C_SetAttributeValue(h, hTwoIn, delta, 1);
1.3991 + if ( CKR_OK != crv ) {
1.3992 + PKM_Error("C_SetAttributeValue(%lu, %lu, delta, 1) returned "
1.3993 + "0x%08X, %-26s\n",
1.3994 + h, hTwoIn, crv, PKM_CK_RVtoStr(crv));
1.3995 + return crv;
1.3996 + }
1.3997 +
1.3998 + PKM_LogIt( " Changed object two (handle = %lu).\n", hTwoIn);
1.3999 +
1.4000 + /* Can another session find these session objects? */
1.4001 +
1.4002 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.4003 + NULL, NULL, &h2);
1.4004 + if ( CKR_OK != crv ) {
1.4005 + PKM_Error( "C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
1.4006 + " returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
1.4007 + PKM_CK_RVtoStr(crv));
1.4008 + return crv;
1.4009 + }
1.4010 + PKM_LogIt( " Opened a second session: handle = 0x%08x\n", h2);
1.4011 +
1.4012 + /* mask is still the same */
1.4013 +
1.4014 + crv = pFunctionList->C_FindObjectsInit(h2, mask, 1);
1.4015 + if ( CKR_OK != crv ) {
1.4016 + PKM_Error( "C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
1.4017 + h2, crv, PKM_CK_RVtoStr(crv));
1.4018 + return crv;
1.4019 + }
1.4020 +
1.4021 + (void)memset(&found, 0, sizeof(found));
1.4022 + nFound = 0;
1.4023 + crv = pFunctionList->C_FindObjects(h2, found, 10, &nFound);
1.4024 + if ( CKR_OK != crv ) {
1.4025 + PKM_Error( "C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
1.4026 + h2, crv, PKM_CK_RVtoStr(crv));
1.4027 + return crv;
1.4028 + }
1.4029 +
1.4030 + if ( 2 != nFound ) {
1.4031 + PKM_Error( "Found %lu objects, not 2.\n", nFound);
1.4032 + return crv;
1.4033 + }
1.4034 +
1.4035 + PKM_LogIt( " Found 2 objects: %lu, %lu\n",
1.4036 + found[0], found[1]);
1.4037 +
1.4038 + crv = pFunctionList->C_FindObjectsFinal(h2);
1.4039 + if ( CKR_OK != crv ) {
1.4040 + PKM_Error( "C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv,
1.4041 + PKM_CK_RVtoStr(crv));
1.4042 + return crv;
1.4043 + }
1.4044 + crv = pFunctionList->C_Logout(h);
1.4045 + if (crv == CKR_OK) {
1.4046 + PKM_LogIt("C_Logout succeeded\n");
1.4047 + } else {
1.4048 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.4049 + PKM_CK_RVtoStr(crv));
1.4050 + return crv;
1.4051 + }
1.4052 + crv = pFunctionList->C_CloseAllSessions(pSlotList[slotID]);
1.4053 + if ( CKR_OK != crv ) {
1.4054 + PKM_Error( "C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n",
1.4055 + pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
1.4056 + return crv;
1.4057 + }
1.4058 +
1.4059 + PKM_LogIt( "\n");
1.4060 + return crv;
1.4061 +}
1.4062 +
1.4063 +CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
1.4064 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.4065 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
1.4066 + CK_SESSION_HANDLE hSession;
1.4067 + CK_RV crv = CKR_OK;
1.4068 + CK_MECHANISM sAESKeyMech = {
1.4069 + CKM_AES_KEY_GEN, NULL, 0
1.4070 + };
1.4071 + CK_OBJECT_CLASS class = CKO_SECRET_KEY;
1.4072 + CK_KEY_TYPE keyAESType = CKK_AES;
1.4073 + CK_UTF8CHAR AESlabel[] = "An AES secret key object";
1.4074 + CK_ULONG AESvalueLen = 16;
1.4075 + CK_ATTRIBUTE sAESKeyTemplate[9];
1.4076 + CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE;
1.4077 + CK_BYTE_PTR pstate = NULL;
1.4078 + CK_ULONG statelen, digestlen, plainlen, plainlen_1, plainlen_2, slen;
1.4079 +
1.4080 + static const CK_UTF8CHAR *plaintext = (CK_UTF8CHAR *)"Firefox rules.";
1.4081 + static const CK_UTF8CHAR *plaintext_1 = (CK_UTF8CHAR *)"Thunderbird rules.";
1.4082 + static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)
1.4083 + "Firefox and Thunderbird.";
1.4084 +
1.4085 + char digest[MAX_DIGEST_SZ], digest_1[MAX_DIGEST_SZ];
1.4086 + char sign[MAX_SIG_SZ];
1.4087 + CK_MECHANISM signmech;
1.4088 + CK_MECHANISM digestmech;
1.4089 +
1.4090 + NUMTESTS++; /* increment NUMTESTS */
1.4091 +
1.4092 +
1.4093 + /* AES key template */
1.4094 + sAESKeyTemplate[0].type = CKA_CLASS;
1.4095 + sAESKeyTemplate[0].pValue = &class;
1.4096 + sAESKeyTemplate[0].ulValueLen = sizeof(class);
1.4097 + sAESKeyTemplate[1].type = CKA_KEY_TYPE;
1.4098 + sAESKeyTemplate[1].pValue = &keyAESType;
1.4099 + sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
1.4100 + sAESKeyTemplate[2].type = CKA_LABEL;
1.4101 + sAESKeyTemplate[2].pValue = AESlabel;
1.4102 + sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel)-1;
1.4103 + sAESKeyTemplate[3].type = CKA_ENCRYPT;
1.4104 + sAESKeyTemplate[3].pValue = &true;
1.4105 + sAESKeyTemplate[3].ulValueLen = sizeof(true);
1.4106 + sAESKeyTemplate[4].type = CKA_DECRYPT;
1.4107 + sAESKeyTemplate[4].pValue = &true;
1.4108 + sAESKeyTemplate[4].ulValueLen = sizeof(true);
1.4109 + sAESKeyTemplate[5].type = CKA_SIGN;
1.4110 + sAESKeyTemplate[5].pValue = &true;
1.4111 + sAESKeyTemplate[5].ulValueLen = sizeof (true);
1.4112 + sAESKeyTemplate[6].type = CKA_VERIFY;
1.4113 + sAESKeyTemplate[6].pValue = &true;
1.4114 + sAESKeyTemplate[6].ulValueLen = sizeof(true);
1.4115 + sAESKeyTemplate[7].type = CKA_UNWRAP;
1.4116 + sAESKeyTemplate[7].pValue = &true;
1.4117 + sAESKeyTemplate[7].ulValueLen = sizeof(true);
1.4118 + sAESKeyTemplate[8].type = CKA_VALUE_LEN;
1.4119 + sAESKeyTemplate[8].pValue = &AESvalueLen;
1.4120 + sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
1.4121 +
1.4122 + signmech.mechanism = CKM_SHA_1_HMAC;
1.4123 + signmech.pParameter = NULL;
1.4124 + signmech.ulParameterLen = 0;
1.4125 + digestmech.mechanism = CKM_SHA256;
1.4126 + digestmech.pParameter = NULL;
1.4127 + digestmech.ulParameterLen = 0;
1.4128 +
1.4129 +
1.4130 + plainlen = strlen((char *)plaintext);
1.4131 + plainlen_1 = strlen((char *)plaintext_1);
1.4132 + plainlen_2 = strlen((char *)plaintext_2);
1.4133 + digestlen = MAX_DIGEST_SZ;
1.4134 +
1.4135 +
1.4136 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.4137 + NULL, NULL, &hSession);
1.4138 + if (crv != CKR_OK) {
1.4139 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.4140 + PKM_CK_RVtoStr(crv));
1.4141 + return crv;
1.4142 + }
1.4143 +
1.4144 + crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.4145 + if (crv == CKR_OK) {
1.4146 + PKM_LogIt("C_Login with correct password succeeded\n");
1.4147 + } else {
1.4148 + PKM_Error( "C_Login with correct password failed "
1.4149 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4150 + return crv;
1.4151 + }
1.4152 +
1.4153 + PKM_LogIt("Generate an AES key ...\n");
1.4154 + /* generate an AES Secret Key */
1.4155 + crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
1.4156 + sAESKeyTemplate,
1.4157 + NUM_ELEM(sAESKeyTemplate),
1.4158 + &sKey);
1.4159 + if (crv == CKR_OK) {
1.4160 + PKM_LogIt("C_GenerateKey AES succeeded\n");
1.4161 + } else {
1.4162 + PKM_Error( "C_GenerateKey AES failed with 0x%08X, %-26s\n",
1.4163 + crv, PKM_CK_RVtoStr(crv));
1.4164 + return crv;
1.4165 + }
1.4166 +
1.4167 + crv = pFunctionList->C_SignInit(hSession, &signmech, sKey);
1.4168 + if (crv != CKR_OK) {
1.4169 + PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv,
1.4170 + PKM_CK_RVtoStr(crv));
1.4171 + return crv;
1.4172 + }
1.4173 +
1.4174 + slen = sizeof(sign);
1.4175 + crv = pFunctionList->C_Sign(hSession, (CK_BYTE_PTR)plaintext, plainlen,
1.4176 + (CK_BYTE_PTR)sign, &slen);
1.4177 + if (crv != CKR_OK) {
1.4178 + PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv,
1.4179 + PKM_CK_RVtoStr(crv));
1.4180 + return crv;
1.4181 + }
1.4182 +
1.4183 + crv = pFunctionList->C_DestroyObject(hSession, sKey);
1.4184 + if (crv != CKR_OK) {
1.4185 + PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv,
1.4186 + PKM_CK_RVtoStr(crv));
1.4187 + return crv;
1.4188 + }
1.4189 +
1.4190 + digestlen = MAX_DIGEST_SZ;
1.4191 + crv = pFunctionList->C_DigestInit(hSession, &digestmech);
1.4192 + if (crv != CKR_OK) {
1.4193 + PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
1.4194 + PKM_CK_RVtoStr(crv));
1.4195 + return crv;
1.4196 + }
1.4197 + crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext,
1.4198 + plainlen);
1.4199 + if (crv != CKR_OK) {
1.4200 + PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
1.4201 + PKM_CK_RVtoStr(crv));
1.4202 + return crv;
1.4203 + }
1.4204 +
1.4205 + crv = pFunctionList->C_GetOperationState(hSession, NULL, &statelen);
1.4206 + if (crv != CKR_OK) {
1.4207 + PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
1.4208 + PKM_CK_RVtoStr(crv));
1.4209 + return crv;
1.4210 + }
1.4211 +
1.4212 + pstate = (CK_BYTE_PTR) malloc(statelen * sizeof (CK_BYTE_PTR));
1.4213 + crv = pFunctionList->C_GetOperationState(hSession, pstate, &statelen);
1.4214 + if (crv != CKR_OK) {
1.4215 + PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
1.4216 + PKM_CK_RVtoStr(crv));
1.4217 + return crv;
1.4218 + }
1.4219 +
1.4220 + crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_1,
1.4221 + plainlen_1);
1.4222 + if (crv != CKR_OK) {
1.4223 + PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
1.4224 + PKM_CK_RVtoStr(crv));
1.4225 + return crv;
1.4226 + }
1.4227 + crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_2,
1.4228 + plainlen_2);
1.4229 + if (crv != CKR_OK) {
1.4230 + PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
1.4231 + PKM_CK_RVtoStr(crv));
1.4232 + return crv;
1.4233 + }
1.4234 +
1.4235 + /*
1.4236 + * This will override/negate the above 2 digest_update
1.4237 + * operations
1.4238 + */
1.4239 + crv = pFunctionList->C_SetOperationState(hSession, pstate, statelen,
1.4240 + 0, 0);
1.4241 + if (crv != CKR_OK) {
1.4242 + PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv,
1.4243 + PKM_CK_RVtoStr(crv));
1.4244 + return crv;
1.4245 + }
1.4246 + crv = pFunctionList->C_DigestFinal(hSession, (CK_BYTE_PTR)digest,
1.4247 + &digestlen);
1.4248 + if (crv != CKR_OK) {
1.4249 + PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv,
1.4250 + PKM_CK_RVtoStr(crv));
1.4251 + return crv;
1.4252 + }
1.4253 + digestlen = MAX_DIGEST_SZ;
1.4254 + crv = pFunctionList->C_DigestInit(hSession, &digestmech);
1.4255 + if (crv != CKR_OK) {
1.4256 + PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
1.4257 + PKM_CK_RVtoStr(crv));
1.4258 + return crv;
1.4259 + }
1.4260 + crv = pFunctionList->C_Digest(hSession, (CK_BYTE_PTR)plaintext, plainlen,
1.4261 + (CK_BYTE_PTR)digest_1, &digestlen);
1.4262 + if (crv != CKR_OK) {
1.4263 + PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv,
1.4264 + PKM_CK_RVtoStr(crv));
1.4265 + return crv;
1.4266 + }
1.4267 + if (memcmp(digest, digest_1, digestlen) == 0) {
1.4268 + PKM_LogIt("Digest and digest_1 are equal!\n");
1.4269 + } else {
1.4270 + PKM_Error("Digest and digest_1 are not equal!\n");
1.4271 + }
1.4272 + crv = pFunctionList->C_Logout(hSession);
1.4273 + if (crv == CKR_OK) {
1.4274 + PKM_LogIt("C_Logout succeeded\n");
1.4275 + } else {
1.4276 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.4277 + PKM_CK_RVtoStr(crv));
1.4278 + return crv;
1.4279 + }
1.4280 + crv = pFunctionList->C_CloseSession(hSession);
1.4281 + if ( CKR_OK != crv ) {
1.4282 + PKM_Error( "C_CloseSession(%lu) returned 0x%08X, %-26s\n",
1.4283 + hSession, crv, PKM_CK_RVtoStr(crv));
1.4284 + return crv;
1.4285 + }
1.4286 +
1.4287 + return crv;
1.4288 +}
1.4289 +
1.4290 +
1.4291 +/*
1.4292 +* Recover Functions
1.4293 +*/
1.4294 +CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
1.4295 + CK_SESSION_HANDLE hSession,
1.4296 + CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
1.4297 + CK_MECHANISM *signMech, const CK_BYTE * pData,
1.4298 + CK_ULONG pDataLen) {
1.4299 + CK_RV crv = CKR_OK;
1.4300 + CK_BYTE sig[MAX_SIG_SZ];
1.4301 + CK_ULONG sigLen = MAX_SIG_SZ;
1.4302 + CK_BYTE recover[MAX_SIG_SZ];
1.4303 + CK_ULONG recoverLen = MAX_SIG_SZ;
1.4304 +
1.4305 + NUMTESTS++; /* increment NUMTESTS */
1.4306 +
1.4307 + /* initializes a signature operation,
1.4308 + * where the data can be recovered from the signature
1.4309 + */
1.4310 + crv = pFunctionList->C_SignRecoverInit(hSession, signMech,
1.4311 + hPrivKey);
1.4312 + if (crv == CKR_OK) {
1.4313 + PKM_LogIt("C_SignRecoverInit succeeded. \n");
1.4314 + } else {
1.4315 + PKM_Error("C_SignRecoverInit failed.\n"
1.4316 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4317 + return crv;
1.4318 + }
1.4319 +
1.4320 + /* signs single-part data,
1.4321 + * where the data can be recovered from the signature
1.4322 + */
1.4323 + crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE * )pData,
1.4324 + pDataLen,
1.4325 + (CK_BYTE * )sig, &sigLen);
1.4326 + if (crv == CKR_OK) {
1.4327 + PKM_LogIt("C_SignRecover succeeded. \n");
1.4328 + } else {
1.4329 + PKM_Error("C_SignRecoverInit failed to create an RSA key pair.\n"
1.4330 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4331 + return crv;
1.4332 + }
1.4333 +
1.4334 + /*
1.4335 + * initializes a verification operation
1.4336 + *where the data is recovered from the signature
1.4337 + */
1.4338 + crv = pFunctionList->C_VerifyRecoverInit(hSession, signMech,
1.4339 + hPubKey);
1.4340 + if (crv == CKR_OK) {
1.4341 + PKM_LogIt("C_VerifyRecoverInit succeeded. \n");
1.4342 + } else {
1.4343 + PKM_Error("C_VerifyRecoverInit failed.\n"
1.4344 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4345 + return crv;
1.4346 + }
1.4347 +
1.4348 + /*
1.4349 + * verifies a signature on single-part data,
1.4350 + * where the data is recovered from the signature
1.4351 + */
1.4352 + crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE * )sig,
1.4353 + sigLen,
1.4354 + (CK_BYTE * )recover, &recoverLen);
1.4355 + if (crv == CKR_OK) {
1.4356 + PKM_LogIt("C_VerifyRecover succeeded. \n");
1.4357 + } else {
1.4358 + PKM_Error("C_VerifyRecover failed.\n"
1.4359 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4360 + return crv;
1.4361 + }
1.4362 +
1.4363 + if ((recoverLen == pDataLen)
1.4364 + && (memcmp(recover, pData, pDataLen) == 0)) {
1.4365 + PKM_LogIt("VerifyRecover test case passed\n");
1.4366 + } else {
1.4367 + PKM_Error( "VerifyRecover test case failed\n");
1.4368 + }
1.4369 +
1.4370 + return crv;
1.4371 +}
1.4372 +/*
1.4373 +* wrapUnwrap
1.4374 +* wrap the secretkey with the public key.
1.4375 +* unwrap the secretkey with the private key.
1.4376 +*/
1.4377 +CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
1.4378 + CK_SESSION_HANDLE hSession,
1.4379 + CK_OBJECT_HANDLE hPublicKey,
1.4380 + CK_OBJECT_HANDLE hPrivateKey,
1.4381 + CK_MECHANISM *wrapMechanism,
1.4382 + CK_OBJECT_HANDLE hSecretKey,
1.4383 + CK_ATTRIBUTE *sKeyTemplate,
1.4384 + CK_ULONG skeyTempSize) {
1.4385 + CK_RV crv = CKR_OK;
1.4386 + CK_OBJECT_HANDLE hSecretKeyUnwrapped = CK_INVALID_HANDLE;
1.4387 + CK_BYTE wrappedKey[128];
1.4388 + CK_ULONG ulWrappedKeyLen = 0;
1.4389 +
1.4390 + NUMTESTS++; /* increment NUMTESTS */
1.4391 +
1.4392 + ulWrappedKeyLen = sizeof(wrappedKey);
1.4393 + crv = pFunctionList->C_WrapKey(
1.4394 + hSession, wrapMechanism,
1.4395 + hPublicKey, hSecretKey,
1.4396 + wrappedKey, &ulWrappedKeyLen);
1.4397 + if (crv == CKR_OK) {
1.4398 + PKM_LogIt("C_WrapKey succeeded\n");
1.4399 + } else {
1.4400 + PKM_Error( "C_WrapKey failed with 0x%08X, %-26s\n", crv,
1.4401 + PKM_CK_RVtoStr(crv));
1.4402 + return crv;
1.4403 + }
1.4404 + crv = pFunctionList->C_UnwrapKey(
1.4405 + hSession, wrapMechanism, hPrivateKey,
1.4406 + wrappedKey, ulWrappedKeyLen, sKeyTemplate,
1.4407 + skeyTempSize,
1.4408 + &hSecretKeyUnwrapped);
1.4409 + if ((crv == CKR_OK) && (hSecretKeyUnwrapped != CK_INVALID_HANDLE)) {
1.4410 + PKM_LogIt("C_UnwrapKey succeeded\n");
1.4411 + } else {
1.4412 + PKM_Error( "C_UnwrapKey failed with 0x%08X, %-26s\n", crv,
1.4413 + PKM_CK_RVtoStr(crv));
1.4414 + return crv;
1.4415 + }
1.4416 +
1.4417 + return crv;
1.4418 +}
1.4419 +
1.4420 +/*
1.4421 + * Tests if the object's attributes match the expected_attrs
1.4422 + */
1.4423 +CK_RV
1.4424 +PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
1.4425 + CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
1.4426 + CK_ATTRIBUTE_PTR expected_attrs,
1.4427 + CK_ULONG expected_attrs_count)
1.4428 +{
1.4429 + CK_RV crv;
1.4430 + CK_ATTRIBUTE_PTR tmp_attrs;
1.4431 + unsigned int i;
1.4432 +
1.4433 + NUMTESTS++; /* increment NUMTESTS */
1.4434 +
1.4435 + /* First duplicate the themplate */
1.4436 + tmp_attrs = malloc(expected_attrs_count * sizeof (CK_ATTRIBUTE));
1.4437 +
1.4438 + if (tmp_attrs == NULL) {
1.4439 + PKM_Error("Internal test memory failure\n");
1.4440 + return (CKR_HOST_MEMORY);
1.4441 + }
1.4442 +
1.4443 + for (i = 0; i < expected_attrs_count; i++) {
1.4444 + tmp_attrs[i].type = expected_attrs[i].type;
1.4445 + tmp_attrs[i].ulValueLen = expected_attrs[i].ulValueLen;
1.4446 +
1.4447 + /* Don't give away the expected one. just zeros */
1.4448 + tmp_attrs[i].pValue = calloc(expected_attrs[i].ulValueLen, 1);
1.4449 +
1.4450 + if (tmp_attrs[i].pValue == NULL) {
1.4451 + unsigned int j;
1.4452 + for (j = 0; j < i; j++)
1.4453 + free(tmp_attrs[j].pValue);
1.4454 +
1.4455 + free(tmp_attrs);
1.4456 + printf("Internal test memory failure\n");
1.4457 + return (CKR_HOST_MEMORY);
1.4458 + }
1.4459 + }
1.4460 +
1.4461 + /* then get the attributes from the object */
1.4462 + crv = pFunctionList->C_GetAttributeValue(hSession, obj, tmp_attrs,
1.4463 + expected_attrs_count);
1.4464 + if (crv != CKR_OK) {
1.4465 + PKM_Error( "C_GetAttributeValue failed with 0x%08X, %-26s\n", crv,
1.4466 + PKM_CK_RVtoStr(crv));
1.4467 + crv = CKR_FUNCTION_FAILED;
1.4468 + goto out;
1.4469 + }
1.4470 +
1.4471 + /* Finally compare with the expected ones */
1.4472 + for (i = 0; i < expected_attrs_count; i++) {
1.4473 +
1.4474 + if (memcmp(tmp_attrs[i].pValue, expected_attrs[i].pValue,
1.4475 + expected_attrs[i].ulValueLen) != 0) {
1.4476 + PKM_LogIt("comparing attribute type 0x%x with expected 0x%x\n",
1.4477 + tmp_attrs[i].type, expected_attrs[i].type);
1.4478 + PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n",
1.4479 + tmp_attrs[i].pValue, expected_attrs[i].pValue);
1.4480 + /* don't report error at this time */
1.4481 + }
1.4482 + }
1.4483 +
1.4484 + out:
1.4485 + for (i = 0; i < expected_attrs_count; i++)
1.4486 + free(tmp_attrs[i].pValue);
1.4487 + free(tmp_attrs);
1.4488 + return (crv);
1.4489 +}
1.4490 +
1.4491 +/*
1.4492 + * Check the validity of a mech
1.4493 + */
1.4494 +CK_RV
1.4495 +PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
1.4496 + CK_MECHANISM_TYPE mechType, CK_FLAGS flags,
1.4497 + CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize)
1.4498 +{
1.4499 + CK_SESSION_INFO sess_info;
1.4500 + CK_MECHANISM_INFO mech_info;
1.4501 + CK_RV crv;
1.4502 +
1.4503 + NUMTESTS++; /* increment NUMTESTS */
1.4504 +
1.4505 + if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info))
1.4506 + != CKR_OK) {
1.4507 + PKM_Error( "C_GetSessionInfo failed with 0x%08X, %-26s\n", crv,
1.4508 + PKM_CK_RVtoStr(crv));
1.4509 + return (CKR_FUNCTION_FAILED);
1.4510 + }
1.4511 +
1.4512 + crv = pFunctionList->C_GetMechanismInfo(0, mechType,
1.4513 + &mech_info);
1.4514 +
1.4515 +
1.4516 + crv = pFunctionList->C_GetMechanismInfo(sess_info.slotID, mechType,
1.4517 + &mech_info);
1.4518 +
1.4519 + if (crv != CKR_OK) {
1.4520 + PKM_Error( "C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv,
1.4521 + PKM_CK_RVtoStr(crv));
1.4522 + return (CKR_FUNCTION_FAILED);
1.4523 + }
1.4524 +
1.4525 + if ((mech_info.flags & flags) == 0) {
1.4526 + PKM_Error("0x%x flag missing from mech\n", flags);
1.4527 + return (CKR_MECHANISM_INVALID);
1.4528 + }
1.4529 + if (!check_sizes)
1.4530 + return (CKR_OK);
1.4531 +
1.4532 + if (mech_info.ulMinKeySize != minkeysize) {
1.4533 + PKM_Error("Bad MinKeySize %d expected %d\n", mech_info.ulMinKeySize,
1.4534 + minkeysize);
1.4535 + return (CKR_MECHANISM_INVALID);
1.4536 + }
1.4537 + if (mech_info.ulMaxKeySize != maxkeysize) {
1.4538 + PKM_Error("Bad MaxKeySize %d expected %d\n", mech_info.ulMaxKeySize,
1.4539 + maxkeysize);
1.4540 + return (CKR_MECHANISM_INVALID);
1.4541 + }
1.4542 + return (CKR_OK);
1.4543 +}
1.4544 +
1.4545 +
1.4546 +
1.4547 +
1.4548 +
1.4549 +/*
1.4550 + * Can be called with a non-null premaster_key_len for the
1.4551 + * *_DH mechanisms. In that case, no checking for the matching of
1.4552 + * the expected results is done.
1.4553 + * The rnd argument tells which correct/bogus randomInfo to use.
1.4554 + */
1.4555 +CK_RV
1.4556 +PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList,
1.4557 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.4558 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
1.4559 + CK_MECHANISM_TYPE mechType,
1.4560 + enum_random_t rnd) {
1.4561 + CK_SESSION_HANDLE hSession;
1.4562 + CK_RV crv;
1.4563 + CK_MECHANISM mk_mech;
1.4564 + CK_VERSION expected_version, version;
1.4565 + CK_OBJECT_CLASS class = CKO_SECRET_KEY;
1.4566 + CK_KEY_TYPE type = CKK_GENERIC_SECRET;
1.4567 + CK_BBOOL derive_bool = true;
1.4568 + CK_ATTRIBUTE attrs[4];
1.4569 + CK_ULONG attrs_count = 4;
1.4570 + CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE;
1.4571 + CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
1.4572 + CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params;
1.4573 + CK_MECHANISM skmd_mech;
1.4574 +
1.4575 + CK_BBOOL isDH = false;
1.4576 +
1.4577 + NUMTESTS++; /* increment NUMTESTS */
1.4578 +
1.4579 + attrs[0].type = CKA_CLASS;
1.4580 + attrs[0].pValue = &class;
1.4581 + attrs[0].ulValueLen = sizeof (class);
1.4582 + attrs[1].type = CKA_KEY_TYPE;
1.4583 + attrs[1].pValue = &type;
1.4584 + attrs[1].ulValueLen = sizeof (type);
1.4585 + attrs[2].type = CKA_DERIVE;
1.4586 + attrs[2].pValue = &derive_bool;
1.4587 + attrs[2].ulValueLen = sizeof (derive_bool);
1.4588 + attrs[3].type = CKA_VALUE;
1.4589 + attrs[3].pValue = NULL;
1.4590 + attrs[3].ulValueLen = 0;
1.4591 +
1.4592 +
1.4593 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.4594 + NULL, NULL, &hSession);
1.4595 + if (crv != CKR_OK) {
1.4596 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.4597 + PKM_CK_RVtoStr(crv));
1.4598 + return crv;
1.4599 + }
1.4600 + crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.4601 + if (crv == CKR_OK) {
1.4602 + PKM_LogIt("C_Login with correct password succeeded\n");
1.4603 + } else {
1.4604 + PKM_Error( "C_Login with correct password failed "
1.4605 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4606 + return crv;
1.4607 + }
1.4608 +
1.4609 + /* Before all, check if the mechanism is supported correctly */
1.4610 + if (MODE == FIPSMODE) {
1.4611 + crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE, false,
1.4612 + 0, 0);
1.4613 + if (crv != CKR_OK) {
1.4614 + PKM_Error( "PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
1.4615 + PKM_CK_RVtoStr(crv));
1.4616 + return (crv);
1.4617 + }
1.4618 + }
1.4619 +
1.4620 + mk_mech.mechanism = mechType;
1.4621 + mk_mech.pParameter = &mkd_params;
1.4622 + mk_mech.ulParameterLen = sizeof (mkd_params);
1.4623 +
1.4624 + switch (mechType) {
1.4625 + case CKM_TLS_MASTER_KEY_DERIVE_DH:
1.4626 + isDH = true;
1.4627 + /* FALLTHRU */
1.4628 + case CKM_TLS_MASTER_KEY_DERIVE:
1.4629 + attrs[3].pValue = NULL;
1.4630 + attrs[3].ulValueLen = 0;
1.4631 + expected_version.major = 3;
1.4632 + expected_version.minor = 1;
1.4633 +
1.4634 + mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom;
1.4635 + mkd_params.RandomInfo.ulClientRandomLen =
1.4636 + sizeof (TLSClientRandom);
1.4637 + mkd_params.RandomInfo.pServerRandom = (unsigned char * ) TLSServerRandom;
1.4638 + mkd_params.RandomInfo.ulServerRandomLen =
1.4639 + sizeof (TLSServerRandom);
1.4640 + break;
1.4641 + }
1.4642 + mkd_params.pVersion = (!isDH) ? &version : NULL;
1.4643 +
1.4644 + /* First create the pre-master secret key */
1.4645 +
1.4646 + skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
1.4647 + skmd_mech.pParameter = &mkd_params;
1.4648 + skmd_mech.ulParameterLen = sizeof (mkd_params);
1.4649 +
1.4650 +
1.4651 + crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
1.4652 + attrs,
1.4653 + attrs_count,
1.4654 + &pmk_obj);
1.4655 + if (crv == CKR_OK) {
1.4656 + PKM_LogIt("C_GenerateKey succeeded\n");
1.4657 + } else {
1.4658 + PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
1.4659 + PKM_CK_RVtoStr(crv));
1.4660 + return crv;
1.4661 +
1.4662 + }
1.4663 + /* Test the bad cases */
1.4664 + switch (rnd) {
1.4665 + case CORRECT:
1.4666 + goto correct;
1.4667 +
1.4668 + case BOGUS_CLIENT_RANDOM:
1.4669 + mkd_params.RandomInfo.pClientRandom = NULL;
1.4670 + break;
1.4671 +
1.4672 + case BOGUS_CLIENT_RANDOM_LEN:
1.4673 + mkd_params.RandomInfo.ulClientRandomLen = 0;
1.4674 + break;
1.4675 +
1.4676 + case BOGUS_SERVER_RANDOM:
1.4677 + mkd_params.RandomInfo.pServerRandom = NULL;
1.4678 + break;
1.4679 +
1.4680 + case BOGUS_SERVER_RANDOM_LEN:
1.4681 + mkd_params.RandomInfo.ulServerRandomLen = 0;
1.4682 + break;
1.4683 + }
1.4684 + crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
1.4685 + &mk_obj);
1.4686 + if (crv != CKR_MECHANISM_PARAM_INVALID) {
1.4687 + PKM_LogIt( "C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv,
1.4688 + PKM_CK_RVtoStr(crv));
1.4689 + } else {
1.4690 + PKM_Error( "C_DeriveKey did not fail with bad data \n" );
1.4691 + }
1.4692 + goto out;
1.4693 +
1.4694 +
1.4695 + correct:
1.4696 + /* Now derive the master secret key */
1.4697 + crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
1.4698 + &mk_obj);
1.4699 + if (crv == CKR_OK) {
1.4700 + PKM_LogIt("C_DeriveKey succeeded\n");
1.4701 + } else {
1.4702 + PKM_Error( "C_DeriveKey failed with 0x%08X, %-26s\n", crv,
1.4703 + PKM_CK_RVtoStr(crv));
1.4704 + return crv;
1.4705 +
1.4706 + }
1.4707 +
1.4708 + out:
1.4709 + if (pmk_obj != CK_INVALID_HANDLE)
1.4710 + (void) pFunctionList->C_DestroyObject(hSession, pmk_obj);
1.4711 + if (mk_obj != CK_INVALID_HANDLE)
1.4712 + (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
1.4713 + crv = pFunctionList->C_Logout(hSession);
1.4714 +
1.4715 + if (crv == CKR_OK) {
1.4716 + PKM_LogIt("C_Logout succeeded\n");
1.4717 + } else {
1.4718 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.4719 + PKM_CK_RVtoStr(crv));
1.4720 + return crv;
1.4721 + }
1.4722 +
1.4723 + crv = pFunctionList->C_CloseSession(hSession);
1.4724 + if (crv != CKR_OK) {
1.4725 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.4726 + PKM_CK_RVtoStr(crv));
1.4727 + return crv;
1.4728 + }
1.4729 + return (crv);
1.4730 +}
1.4731 +
1.4732 +
1.4733 +CK_RV
1.4734 +PKM_TLSKeyAndMacDerive( CK_FUNCTION_LIST_PTR pFunctionList,
1.4735 + CK_SLOT_ID * pSlotList, CK_ULONG slotID,
1.4736 + CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
1.4737 + CK_MECHANISM_TYPE mechType, enum_random_t rnd)
1.4738 +{
1.4739 + CK_SESSION_HANDLE hSession;
1.4740 + CK_RV crv;
1.4741 + CK_MECHANISM kmd_mech;
1.4742 + CK_MECHANISM skmd_mech;
1.4743 + CK_OBJECT_CLASS class = CKO_SECRET_KEY;
1.4744 + CK_KEY_TYPE type = CKK_GENERIC_SECRET;
1.4745 + CK_BBOOL derive_bool = true;
1.4746 + CK_BBOOL sign_bool = true, verify_bool = true;
1.4747 + CK_BBOOL encrypt_bool = true, decrypt_bool = true;
1.4748 + CK_ULONG value_len;
1.4749 +
1.4750 + /*
1.4751 + * We arrange this template so that:
1.4752 + * . Attributes 0-6 are good for a MAC key comparison template.
1.4753 + * . Attributes 2-5 are good for the master key creation template.
1.4754 + * . Attributes 3-8 are good for a cipher key comparison template.
1.4755 + */
1.4756 + CK_ATTRIBUTE attrs[9];
1.4757 +
1.4758 + CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
1.4759 + CK_SSL3_KEY_MAT_PARAMS km_params;
1.4760 + CK_SSL3_KEY_MAT_OUT kmo;
1.4761 + CK_BYTE IVClient[8];
1.4762 + CK_BYTE IVServer[8];
1.4763 +
1.4764 + NUMTESTS++; /* increment NUMTESTS */
1.4765 +
1.4766 + attrs[0].type = CKA_SIGN;
1.4767 + attrs[0].pValue = &sign_bool;
1.4768 + attrs[0].ulValueLen = sizeof (sign_bool);
1.4769 + attrs[1].type = CKA_VERIFY;
1.4770 + attrs[1].pValue = &verify_bool;
1.4771 + attrs[1].ulValueLen = sizeof (verify_bool);
1.4772 + attrs[2].type = CKA_KEY_TYPE;
1.4773 + attrs[2].pValue = &type;
1.4774 + attrs[2].ulValueLen = sizeof (type);
1.4775 + attrs[3].type = CKA_CLASS;
1.4776 + attrs[3].pValue = &class;
1.4777 + attrs[3].ulValueLen = sizeof (class);
1.4778 + attrs[4].type = CKA_DERIVE;
1.4779 + attrs[4].pValue = &derive_bool;
1.4780 + attrs[4].ulValueLen = sizeof (derive_bool);
1.4781 + attrs[5].type = CKA_VALUE;
1.4782 + attrs[5].pValue = NULL;
1.4783 + attrs[5].ulValueLen = 0;
1.4784 + attrs[6].type = CKA_VALUE_LEN;
1.4785 + attrs[6].pValue = &value_len;
1.4786 + attrs[6].ulValueLen = sizeof (value_len);
1.4787 + attrs[7].type = CKA_ENCRYPT;
1.4788 + attrs[7].pValue = &encrypt_bool;
1.4789 + attrs[7].ulValueLen = sizeof (encrypt_bool);
1.4790 + attrs[8].type = CKA_DECRYPT;
1.4791 + attrs[8].pValue = &decrypt_bool;
1.4792 + attrs[8].ulValueLen = sizeof (decrypt_bool);
1.4793 +
1.4794 + crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
1.4795 + NULL, NULL, &hSession);
1.4796 + if (crv != CKR_OK) {
1.4797 + PKM_Error( "C_OpenSession failed with 0x%08X, %-26s\n", crv,
1.4798 + PKM_CK_RVtoStr(crv));
1.4799 + return crv;
1.4800 + }
1.4801 + crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
1.4802 + if (crv == CKR_OK) {
1.4803 + PKM_LogIt("C_Login with correct password succeeded\n");
1.4804 + } else {
1.4805 + PKM_Error( "C_Login with correct password failed "
1.4806 + "with 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4807 + return crv;
1.4808 + }
1.4809 +
1.4810 +
1.4811 + /* Before all, check if the mechanism is supported correctly */
1.4812 + if (MODE == FIPSMODE) {
1.4813 + crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE,
1.4814 + CK_TRUE, 48, 48);
1.4815 +
1.4816 + if (crv != CKR_OK) {
1.4817 + PKM_Error( "PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
1.4818 + PKM_CK_RVtoStr(crv));
1.4819 + return (crv);
1.4820 + }
1.4821 + }
1.4822 + kmd_mech.mechanism = mechType;
1.4823 + kmd_mech.pParameter = &km_params;
1.4824 + kmd_mech.ulParameterLen = sizeof (km_params);
1.4825 +
1.4826 + km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */
1.4827 + km_params.ulKeySizeInBits = 192; /* 3DES key size */
1.4828 + km_params.ulIVSizeInBits = 64; /* 3DES block size */
1.4829 + km_params.pReturnedKeyMaterial = &kmo;
1.4830 + km_params.bIsExport = false;
1.4831 + kmo.hClientMacSecret = CK_INVALID_HANDLE;
1.4832 + kmo.hServerMacSecret = CK_INVALID_HANDLE;
1.4833 + kmo.hClientKey = CK_INVALID_HANDLE;
1.4834 + kmo.hServerKey = CK_INVALID_HANDLE;
1.4835 + kmo.pIVClient = IVClient;
1.4836 + kmo.pIVServer = IVServer;
1.4837 +
1.4838 + skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
1.4839 + skmd_mech.pParameter = &km_params;
1.4840 + skmd_mech.ulParameterLen = sizeof (km_params);
1.4841 +
1.4842 +
1.4843 + crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
1.4844 + &attrs[2],
1.4845 + 4,
1.4846 + &mk_obj);
1.4847 + if (crv == CKR_OK) {
1.4848 + PKM_LogIt("C_GenerateKey succeeded\n");
1.4849 + } else {
1.4850 + PKM_Error( "C_GenerateKey failed with 0x%08X, %-26s\n", crv,
1.4851 + PKM_CK_RVtoStr(crv));
1.4852 + return crv;
1.4853 + }
1.4854 +
1.4855 + attrs[5].pValue = NULL;
1.4856 + attrs[5].ulValueLen = 0;
1.4857 +
1.4858 + km_params.RandomInfo.pClientRandom = (unsigned char *) TLSClientRandom;
1.4859 + km_params.RandomInfo.ulClientRandomLen =
1.4860 + sizeof (TLSClientRandom);
1.4861 + km_params.RandomInfo.pServerRandom = (unsigned char *) TLSServerRandom;
1.4862 + km_params.RandomInfo.ulServerRandomLen =
1.4863 + sizeof (TLSServerRandom);
1.4864 +
1.4865 + /* Test the bad cases */
1.4866 + switch (rnd) {
1.4867 + case CORRECT:
1.4868 + goto correct;
1.4869 +
1.4870 + case BOGUS_CLIENT_RANDOM:
1.4871 + km_params.RandomInfo.pClientRandom = NULL;
1.4872 + break;
1.4873 +
1.4874 + case BOGUS_CLIENT_RANDOM_LEN:
1.4875 + km_params.RandomInfo.ulClientRandomLen = 0;
1.4876 + break;
1.4877 +
1.4878 + case BOGUS_SERVER_RANDOM:
1.4879 + km_params.RandomInfo.pServerRandom = NULL;
1.4880 + break;
1.4881 +
1.4882 + case BOGUS_SERVER_RANDOM_LEN:
1.4883 + km_params.RandomInfo.ulServerRandomLen = 0;
1.4884 + break;
1.4885 + }
1.4886 + crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
1.4887 + NULL);
1.4888 + if (crv != CKR_MECHANISM_PARAM_INVALID) {
1.4889 + PKM_Error( "key materials derivation returned unexpected "
1.4890 + "error 0x%08X, %-26s\n", crv, PKM_CK_RVtoStr(crv));
1.4891 + (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
1.4892 + return (CKR_FUNCTION_FAILED);
1.4893 +
1.4894 + }
1.4895 + return (CKR_OK);
1.4896 +
1.4897 + correct:
1.4898 + /*
1.4899 + * Then use the master key and the client 'n server random data to
1.4900 + * derive the key materials
1.4901 + */
1.4902 + crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
1.4903 + NULL);
1.4904 + if (crv != CKR_OK) {
1.4905 + PKM_Error( "Cannot derive the key materials, crv 0x%08X, %-26s\n",
1.4906 + crv, PKM_CK_RVtoStr(crv));
1.4907 + (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
1.4908 + return (crv);
1.4909 + }
1.4910 +
1.4911 + if (mk_obj != CK_INVALID_HANDLE)
1.4912 + (void) pFunctionList->C_DestroyObject(hSession, mk_obj);
1.4913 + if (kmo.hClientMacSecret != CK_INVALID_HANDLE)
1.4914 + (void) pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret);
1.4915 + if (kmo.hServerMacSecret != CK_INVALID_HANDLE)
1.4916 + (void) pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret);
1.4917 + if (kmo.hClientKey != CK_INVALID_HANDLE)
1.4918 + (void) pFunctionList->C_DestroyObject(hSession, kmo.hClientKey);
1.4919 + if (kmo.hServerKey != CK_INVALID_HANDLE)
1.4920 + (void) pFunctionList->C_DestroyObject(hSession, kmo.hServerKey);
1.4921 +
1.4922 + crv = pFunctionList->C_Logout(hSession);
1.4923 + if (crv == CKR_OK) {
1.4924 + PKM_LogIt("C_Logout succeeded\n");
1.4925 + } else {
1.4926 + PKM_Error( "C_Logout failed with 0x%08X, %-26s\n", crv,
1.4927 + PKM_CK_RVtoStr(crv));
1.4928 + return crv;
1.4929 + }
1.4930 + crv = pFunctionList->C_CloseSession(hSession);
1.4931 + if (crv != CKR_OK) {
1.4932 + PKM_Error( "C_CloseSession failed with 0x%08X, %-26s\n", crv,
1.4933 + PKM_CK_RVtoStr(crv));
1.4934 + return crv;
1.4935 + }
1.4936 +
1.4937 + return (crv);
1.4938 +}
1.4939 +
1.4940 +CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
1.4941 + CK_SESSION_HANDLE hRwSession,
1.4942 + CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
1.4943 + CK_MECHANISM *sigMech,
1.4944 + CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech,
1.4945 + const CK_BYTE * pData, CK_ULONG pDataLen) {
1.4946 +
1.4947 + CK_RV crv = CKR_OK;
1.4948 + CK_BYTE encryptedData[MAX_CIPHER_SZ];
1.4949 + CK_ULONG ulEncryptedDataLen = 0;
1.4950 + CK_ULONG ulLastUpdateSize = 0 ;
1.4951 + CK_BYTE sig[MAX_SIG_SZ];
1.4952 + CK_ULONG ulSigLen = 0;
1.4953 + CK_BYTE data[MAX_DATA_SZ];
1.4954 + CK_ULONG ulDataLen = 0;
1.4955 +
1.4956 + memset(encryptedData, 0, sizeof(encryptedData));
1.4957 + memset(sig, 0, sizeof(sig));
1.4958 + memset(data, 0, sizeof(data));
1.4959 +
1.4960 + NUMTESTS++; /* increment NUMTESTS */
1.4961 +
1.4962 + /* Check that the mechanism is Multi-part */
1.4963 + if (sigMech->mechanism == CKM_DSA || sigMech->mechanism == CKM_RSA_PKCS) {
1.4964 + PKM_Error( "PKM_DualFuncSign must be called with a Multi-part "
1.4965 + "operation mechanism\n");
1.4966 + return CKR_DEVICE_ERROR;
1.4967 + }
1.4968 +
1.4969 + /* Sign and Encrypt */
1.4970 + if (privateKey == 0 && publicKey == 0) {
1.4971 + crv = pFunctionList->C_SignInit(hRwSession, sigMech, secretKey);
1.4972 + if (crv != CKR_OK) {
1.4973 + PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
1.4974 + PKM_CK_RVtoStr(crv));
1.4975 + return crv;
1.4976 + }
1.4977 + } else {
1.4978 + crv = pFunctionList->C_SignInit(hRwSession, sigMech, privateKey);
1.4979 + if (crv != CKR_OK) {
1.4980 + PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
1.4981 + PKM_CK_RVtoStr(crv));
1.4982 + return crv;
1.4983 + }
1.4984 + }
1.4985 + crv = pFunctionList->C_EncryptInit(hRwSession, cryptMech, secretKey);
1.4986 + if (crv != CKR_OK) {
1.4987 + PKM_Error( "C_EncryptInit failed with 0x%08X, %-26s\n", crv,
1.4988 + PKM_CK_RVtoStr(crv));
1.4989 + return crv;
1.4990 + }
1.4991 +
1.4992 +
1.4993 + ulEncryptedDataLen = sizeof(encryptedData);
1.4994 + crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE * ) pData,
1.4995 + pDataLen,
1.4996 + encryptedData,
1.4997 + &ulEncryptedDataLen);
1.4998 + if (crv != CKR_OK) {
1.4999 + PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
1.5000 + PKM_CK_RVtoStr(crv));
1.5001 + return crv;
1.5002 + }
1.5003 +
1.5004 + ulLastUpdateSize = sizeof(encryptedData) - ulEncryptedDataLen;
1.5005 + crv = pFunctionList->C_EncryptFinal(hRwSession,
1.5006 + (CK_BYTE * )&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize);
1.5007 + if (crv != CKR_OK) {
1.5008 + PKM_Error( "C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
1.5009 + PKM_CK_RVtoStr(crv));
1.5010 + return crv;
1.5011 + }
1.5012 + ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize;
1.5013 + ulSigLen = sizeof(sig);
1.5014 + crv = pFunctionList->C_SignFinal(hRwSession, sig, &ulSigLen);
1.5015 + if (crv != CKR_OK) {
1.5016 + PKM_Error( "C_SignFinal failed with 0x%08X, %-26s\n", crv,
1.5017 + PKM_CK_RVtoStr(crv));
1.5018 + return crv;
1.5019 + }
1.5020 +
1.5021 + /* Decrypt and Verify */
1.5022 +
1.5023 + crv = pFunctionList->C_DecryptInit(hRwSession, cryptMech, secretKey);
1.5024 + if (crv != CKR_OK) {
1.5025 + PKM_Error( "C_DecryptInit failed with 0x%08X, %-26s\n", crv,
1.5026 + PKM_CK_RVtoStr(crv));
1.5027 + return crv;
1.5028 + }
1.5029 + crv = pFunctionList->C_VerifyInit(hRwSession, sigMech,
1.5030 + publicKey);
1.5031 + if (crv != CKR_OK) {
1.5032 + PKM_Error( "C_VerifyInit failed with 0x%08X, %-26s\n", crv,
1.5033 + PKM_CK_RVtoStr(crv));
1.5034 + return crv;
1.5035 + }
1.5036 +
1.5037 + ulDataLen = sizeof(data);
1.5038 + crv = pFunctionList->C_DecryptVerifyUpdate(hRwSession,
1.5039 + encryptedData,
1.5040 + ulEncryptedDataLen,
1.5041 + data, &ulDataLen);
1.5042 + if (crv != CKR_OK) {
1.5043 + PKM_Error( "C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv,
1.5044 + PKM_CK_RVtoStr(crv));
1.5045 + return crv;
1.5046 + }
1.5047 + ulLastUpdateSize = sizeof(data) - ulDataLen;
1.5048 + /* Get last little piece of plaintext. Should have length 0 */
1.5049 + crv = pFunctionList->C_DecryptFinal(hRwSession, &data[ulDataLen],
1.5050 + &ulLastUpdateSize);
1.5051 + if (crv != CKR_OK) {
1.5052 + PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
1.5053 + PKM_CK_RVtoStr(crv));
1.5054 + return crv;
1.5055 + }
1.5056 +
1.5057 + if (ulLastUpdateSize != 0) {
1.5058 + crv = pFunctionList->C_VerifyUpdate(hRwSession, &data[ulDataLen],
1.5059 + ulLastUpdateSize);
1.5060 + if (crv != CKR_OK) {
1.5061 + PKM_Error( "C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
1.5062 + PKM_CK_RVtoStr(crv));
1.5063 + return crv;
1.5064 + }
1.5065 + }
1.5066 + ulDataLen = ulDataLen + ulLastUpdateSize;
1.5067 +
1.5068 + /* input for the verify operation is the decrypted data */
1.5069 + crv = pFunctionList->C_VerifyFinal(hRwSession, sig, ulSigLen);
1.5070 + if (crv == CKR_OK) {
1.5071 + PKM_LogIt("C_VerifyFinal succeeded\n");
1.5072 + } else {
1.5073 + PKM_Error( "C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
1.5074 + PKM_CK_RVtoStr(crv));
1.5075 + return crv;
1.5076 + }
1.5077 +
1.5078 + /* Comparison of Decrypted data with inputed data */
1.5079 + if ( (ulDataLen == pDataLen) &&
1.5080 + (memcmp(data, pData, pDataLen) == 0) ) {
1.5081 + PKM_LogIt("PKM_DualFuncSign decrypt test case passed\n");
1.5082 + } else {
1.5083 + PKM_Error( "PKM_DualFuncSign derypt test case failed\n");
1.5084 + }
1.5085 +
1.5086 + return crv;
1.5087 +
1.5088 +}
1.5089 +
1.5090 +CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
1.5091 + CK_SESSION_HANDLE hSession,
1.5092 + CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
1.5093 + const CK_BYTE * pData, CK_ULONG pDataLen) {
1.5094 + CK_RV crv = CKR_OK;
1.5095 + CK_BYTE digest1[MAX_DIGEST_SZ];
1.5096 + CK_ULONG digest1Len = 0 ;
1.5097 + CK_BYTE digest2[MAX_DIGEST_SZ];
1.5098 + CK_ULONG digest2Len = 0;
1.5099 +
1.5100 + /* Tested with CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512 */
1.5101 +
1.5102 + memset(digest1, 0, sizeof(digest1));
1.5103 + memset(digest2, 0, sizeof(digest2));
1.5104 +
1.5105 + NUMTESTS++; /* increment NUMTESTS */
1.5106 +
1.5107 + crv = pFunctionList->C_DigestInit(hSession, digestMech);
1.5108 + if (crv != CKR_OK) {
1.5109 + PKM_Error( "C_SignInit failed with 0x%08X, %-26s\n", crv,
1.5110 + PKM_CK_RVtoStr(crv));
1.5111 + return crv;
1.5112 + }
1.5113 + digest1Len = sizeof(digest1);
1.5114 + crv = pFunctionList->C_Digest(hSession, (CK_BYTE * ) pData, pDataLen,
1.5115 + digest1, &digest1Len);
1.5116 + if (crv != CKR_OK) {
1.5117 + PKM_Error( "C_Sign failed with 0x%08X, %-26s\n", crv,
1.5118 + PKM_CK_RVtoStr(crv));
1.5119 + return crv;
1.5120 + }
1.5121 +
1.5122 +
1.5123 + crv = pFunctionList->C_DigestInit(hSession, digestMech);
1.5124 + if (crv != CKR_OK) {
1.5125 + PKM_Error( "C_DigestInit failed with 0x%08X, %-26s\n", crv,
1.5126 + PKM_CK_RVtoStr(crv));
1.5127 + return crv;
1.5128 + }
1.5129 +
1.5130 + crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE * ) pData, pDataLen);
1.5131 + if (crv != CKR_OK) {
1.5132 + PKM_Error( "C_DigestUpdate failed with 0x%08X, %-26s\n", crv,
1.5133 + PKM_CK_RVtoStr(crv));
1.5134 + return crv;
1.5135 + }
1.5136 +
1.5137 + /* C_DigestKey continues a multiple-part message-digesting operation by*/
1.5138 + /* digesting the value of a secret key. (only used with C_DigestUpdate)*/
1.5139 + if (hSecretKey != 0) {
1.5140 + crv = pFunctionList->C_DigestKey(hSession, hSecretKey);
1.5141 + if (crv != CKR_OK) {
1.5142 + PKM_Error( "C_DigestKey failed with 0x%08X, %-26s\n", crv,
1.5143 + PKM_CK_RVtoStr(crv));
1.5144 + return crv;
1.5145 + }
1.5146 + }
1.5147 +
1.5148 + digest2Len = sizeof(digest2);
1.5149 + crv = pFunctionList->C_DigestFinal(hSession, digest2, &digest2Len);
1.5150 + if (crv != CKR_OK) {
1.5151 + PKM_Error( "C_DigestFinal failed with 0x%08X, %-26s\n", crv,
1.5152 + PKM_CK_RVtoStr(crv));
1.5153 + return crv;
1.5154 + }
1.5155 +
1.5156 + if (hSecretKey == 0){
1.5157 + /* did not digest a secret key so digests should equal */
1.5158 + if ( (digest1Len == digest2Len)
1.5159 + && (memcmp(digest1, digest2, digest1Len) == 0) ) {
1.5160 + PKM_LogIt("Single and Multiple-part message digest "
1.5161 + "operations successful\n");
1.5162 + } else {
1.5163 + PKM_Error("Single and Multiple-part message digest "
1.5164 + "operations failed\n");
1.5165 + }
1.5166 + } else {
1.5167 + if (digest1Len == digest2Len) {
1.5168 + PKM_LogIt("PKM_Digest Single and Multiple-part message digest "
1.5169 + "operations successful\n");
1.5170 + } else {
1.5171 + PKM_Error("PKM_Digest Single and Multiple-part message digest "
1.5172 + "operations failed\n");
1.5173 + }
1.5174 +
1.5175 + }
1.5176 +
1.5177 + return crv;
1.5178 +
1.5179 +}
1.5180 +
1.5181 +char * PKM_FilePasswd(char *pwFile)
1.5182 +{
1.5183 + unsigned char phrase[200];
1.5184 + PRFileDesc *fd;
1.5185 + PRInt32 nb;
1.5186 + int i;
1.5187 +
1.5188 + if (!pwFile)
1.5189 + return 0;
1.5190 +
1.5191 + fd = PR_Open(pwFile, PR_RDONLY, 0);
1.5192 + if (!fd) {
1.5193 + fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
1.5194 + return NULL;
1.5195 + }
1.5196 +
1.5197 + nb = PR_Read(fd, phrase, sizeof(phrase));
1.5198 +
1.5199 + PR_Close(fd);
1.5200 + /* handle the Windows EOL case */
1.5201 + i = 0;
1.5202 + while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) i++;
1.5203 + phrase[i] = '\0';
1.5204 + if (nb == 0) {
1.5205 + fprintf(stderr,"password file contains no data\n");
1.5206 + return NULL;
1.5207 + }
1.5208 + return (char*) strdup((char*)phrase);
1.5209 +}
1.5210 +
1.5211 +void PKM_Help()
1.5212 +{
1.5213 + PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
1.5214 + PR_fprintf(debug_out, "pk11mode test program usage:\n");
1.5215 + PR_fprintf(debug_out, "\t-f <file> Password File : echo pw > file \n");
1.5216 + PR_fprintf(debug_out, "\t-F Disable Unix fork tests\n");
1.5217 + PR_fprintf(debug_out, "\t-n Non Fips Mode \n");
1.5218 + PR_fprintf(debug_out, "\t-d <path> Database path location\n");
1.5219 + PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix\n");
1.5220 + PR_fprintf(debug_out, "\t-v verbose\n");
1.5221 + PR_fprintf(debug_out, "\t-h this help message\n");
1.5222 + exit(1);
1.5223 +}
1.5224 +
1.5225 +void PKM_CheckPath(char *string)
1.5226 +{
1.5227 + char *src;
1.5228 + char *dest;
1.5229 +
1.5230 + /*
1.5231 + * windows support convert any back slashes to
1.5232 + * forward slashes.
1.5233 + */
1.5234 + for (src=string, dest=string; *src; src++,dest++) {
1.5235 + if (*src == '\\') {
1.5236 + *dest = '/';
1.5237 + }
1.5238 + }
1.5239 + dest--;
1.5240 + /* if the last char is a / set it to 0 */
1.5241 + if (*dest == '/')
1.5242 + *dest = 0;
1.5243 +
1.5244 +}
1.5245 +
1.5246 +CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
1.5247 + PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs)
1.5248 +{
1.5249 + CK_RV crv = CKR_OK;
1.5250 +#ifndef NO_FORK_CHECK
1.5251 + int rc = -1;
1.5252 + pid_t child, ret;
1.5253 + NUMTESTS++; /* increment NUMTESTS */
1.5254 + if (forkAssert) {
1.5255 + putenv("NSS_STRICT_NOFORK=1");
1.5256 + } else {
1.5257 + putenv("NSS_STRICT_NOFORK=0");
1.5258 + }
1.5259 + child = fork();
1.5260 + switch (child) {
1.5261 + case -1:
1.5262 + PKM_Error("Fork failed.\n");
1.5263 + crv = CKR_DEVICE_ERROR;
1.5264 + break;
1.5265 + case 0:
1.5266 + if (fList) {
1.5267 + if (!initArgs) {
1.5268 + /* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo
1.5269 + * in the child. This call should always fail.
1.5270 + * If softoken is uninitialized,
1.5271 + * it fails with CKR_CRYPTOKI_NOT_INITIALIZED.
1.5272 + * If it was initialized in the parent, the fork check should
1.5273 + * kick in, and make it return CKR_DEVICE_ERROR.
1.5274 + */
1.5275 + CK_RV child_crv = fList->C_GetTokenInfo(0, NULL);
1.5276 + exit(child_crv & 255);
1.5277 + } else {
1.5278 + /* If softoken is loaded, make a PKCS#11 call to C_Initialize
1.5279 + * in the child. This call should always fail.
1.5280 + * If softoken is uninitialized, this should succeed.
1.5281 + * If it was initialized in the parent, the fork check should
1.5282 + * kick in, and make it return CKR_DEVICE_ERROR.
1.5283 + */
1.5284 + CK_RV child_crv = fList->C_Initialize(initArgs);
1.5285 + if (CKR_OK == child_crv) {
1.5286 + child_crv = fList->C_Finalize(NULL);
1.5287 + }
1.5288 + exit(child_crv & 255);
1.5289 + }
1.5290 + }
1.5291 + exit(expected & 255);
1.5292 + default:
1.5293 + PKM_LogIt("Fork succeeded.\n");
1.5294 + ret = wait(&rc);
1.5295 + if (ret != child || (!WIFEXITED(rc)) ||
1.5296 + ( (expected & 255) != (WEXITSTATUS(rc) & 255)) ) {
1.5297 + int retStatus = -1;
1.5298 + if (WIFEXITED(rc)) {
1.5299 + retStatus = WEXITSTATUS(rc);
1.5300 + }
1.5301 + PKM_Error("Child misbehaved.\n");
1.5302 + printf("Child return status : %d.\n", retStatus & 255);
1.5303 + crv = CKR_DEVICE_ERROR;
1.5304 + }
1.5305 + break;
1.5306 + }
1.5307 +#endif
1.5308 + return crv;
1.5309 +}
1.5310 +
