- improved C_Decrypt testing
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1711 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
30e04cef59
commit
0d78f07499
|
@ -160,8 +160,8 @@ static CK_MECHANISM_TYPE find_mechanism(CK_SLOT_ID, CK_FLAGS,
|
||||||
int stop_if_not_found);
|
int stop_if_not_found);
|
||||||
static CK_SLOT_ID find_slot_by_label(const char *);
|
static CK_SLOT_ID find_slot_by_label(const char *);
|
||||||
static void get_token_info(CK_SLOT_ID, CK_TOKEN_INFO_PTR);
|
static void get_token_info(CK_SLOT_ID, CK_TOKEN_INFO_PTR);
|
||||||
static void get_mechanisms(CK_SLOT_ID,
|
static CK_ULONG get_mechanisms(CK_SLOT_ID,
|
||||||
CK_MECHANISM_TYPE_PTR *, CK_ULONG_PTR);
|
CK_MECHANISM_TYPE_PTR *, CK_FLAGS);
|
||||||
static void p11_fatal(const char *, CK_RV);
|
static void p11_fatal(const char *, CK_RV);
|
||||||
static const char * p11_slot_info_flags(CK_FLAGS);
|
static const char * p11_slot_info_flags(CK_FLAGS);
|
||||||
static const char * p11_token_info_flags(CK_FLAGS);
|
static const char * p11_token_info_flags(CK_FLAGS);
|
||||||
|
@ -572,7 +572,7 @@ list_mechs(CK_SLOT_ID slot)
|
||||||
CK_ULONG n, num_mechs = 0;
|
CK_ULONG n, num_mechs = 0;
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
|
|
||||||
get_mechanisms(slot, &mechs, &num_mechs);
|
num_mechs = get_mechanisms(slot, &mechs, -1);
|
||||||
|
|
||||||
printf("Supported mechanisms:\n");
|
printf("Supported mechanisms:\n");
|
||||||
for (n = 0; n < num_mechs; n++) {
|
for (n = 0; n < num_mechs; n++) {
|
||||||
|
@ -1039,25 +1039,17 @@ CK_MECHANISM_TYPE
|
||||||
find_mechanism(CK_SLOT_ID slot, CK_FLAGS flags, int stop_if_not_found)
|
find_mechanism(CK_SLOT_ID slot, CK_FLAGS flags, int stop_if_not_found)
|
||||||
{
|
{
|
||||||
CK_MECHANISM_TYPE *mechs = NULL, result;
|
CK_MECHANISM_TYPE *mechs = NULL, result;
|
||||||
CK_MECHANISM_INFO info;
|
CK_ULONG count = 0;
|
||||||
CK_ULONG n, count = 0;
|
|
||||||
CK_RV rv;
|
|
||||||
|
|
||||||
get_mechanisms(slot, &mechs, &count);
|
count = get_mechanisms(slot, &mechs, flags);
|
||||||
|
if (count == 0) {
|
||||||
result = NO_MECHANISM;
|
if (stop_if_not_found)
|
||||||
for (n = 0; n < count; n++) {
|
fatal("No appropriate mechanism found");
|
||||||
rv = p11->C_GetMechanismInfo(slot, mechs[n], &info);
|
result = NO_MECHANISM;
|
||||||
if (rv != CKR_OK)
|
} else {
|
||||||
continue;
|
result = mechs[0];
|
||||||
if ((info.flags & flags) == flags) {
|
free(mechs);
|
||||||
result = mechs[n];
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (stop_if_not_found && result == NO_MECHANISM)
|
|
||||||
fatal("No appropriate mechanism found");
|
|
||||||
free(mechs);
|
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -1262,21 +1254,38 @@ get_token_info(CK_SLOT_ID slot, CK_TOKEN_INFO_PTR info)
|
||||||
p11_fatal("C_GetTokenInfo", rv);
|
p11_fatal("C_GetTokenInfo", rv);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
CK_ULONG
|
||||||
get_mechanisms(CK_SLOT_ID slot,
|
get_mechanisms(CK_SLOT_ID slot,
|
||||||
CK_MECHANISM_TYPE_PTR *pList,
|
CK_MECHANISM_TYPE_PTR *pList,
|
||||||
CK_ULONG_PTR pulCount)
|
CK_FLAGS flags)
|
||||||
{
|
{
|
||||||
CK_RV rv;
|
CK_ULONG m, n, ulCount;
|
||||||
|
CK_RV rv;
|
||||||
|
|
||||||
rv = p11->C_GetMechanismList(slot, *pList, pulCount);
|
rv = p11->C_GetMechanismList(slot, *pList, &ulCount);
|
||||||
*pList = (CK_MECHANISM_TYPE *) calloc(*pulCount, sizeof(*pList));
|
*pList = (CK_MECHANISM_TYPE *) calloc(ulCount, sizeof(*pList));
|
||||||
if (*pList == NULL)
|
if (*pList == NULL)
|
||||||
fatal("calloc failed: %m");
|
fatal("calloc failed: %m");
|
||||||
|
|
||||||
rv = p11->C_GetMechanismList(slot, *pList, pulCount);
|
rv = p11->C_GetMechanismList(slot, *pList, &ulCount);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
p11_fatal("C_GetMechanismList", rv);
|
p11_fatal("C_GetMechanismList", rv);
|
||||||
|
|
||||||
|
if (flags != -1) {
|
||||||
|
CK_MECHANISM_TYPE *mechs = *pList;
|
||||||
|
CK_MECHANISM_INFO info;
|
||||||
|
|
||||||
|
for (m = n = 0; n < ulCount; n++) {
|
||||||
|
rv = p11->C_GetMechanismInfo(slot, mechs[n], &info);
|
||||||
|
if (rv != CKR_OK)
|
||||||
|
continue;
|
||||||
|
if ((info.flags & flags) == flags)
|
||||||
|
mechs[m++] = mechs[n];
|
||||||
|
}
|
||||||
|
ulCount = m;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ulCount;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -1995,8 +2004,10 @@ wrap_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
||||||
&cipherKeyObject);
|
&cipherKeyObject);
|
||||||
|
|
||||||
/* mechanism not implemented, don't test */
|
/* mechanism not implemented, don't test */
|
||||||
if (rv == CKR_MECHANISM_INVALID)
|
if (rv == CKR_MECHANISM_INVALID) {
|
||||||
|
printf("Wrap mechanism not supported, skipped\n");
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
if (rv != CKR_OK) {
|
if (rv != CKR_OK) {
|
||||||
p11_perror("C_UnwrapKey", rv);
|
p11_perror("C_UnwrapKey", rv);
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -2005,11 +2016,11 @@ wrap_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
||||||
/* Try to decrypt */
|
/* Try to decrypt */
|
||||||
key = getVALUE(session, cipherKeyObject, (unsigned long *) &key_len);
|
key = getVALUE(session, cipherKeyObject, (unsigned long *) &key_len);
|
||||||
if (key == NULL) {
|
if (key == NULL) {
|
||||||
printf(" Could not get unwrapped key\n");
|
printf("Could not get unwrapped key\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (key_len != EVP_CIPHER_key_length(algo)) {
|
if (key_len != EVP_CIPHER_key_length(algo)) {
|
||||||
printf(" Key length mismatch (%d != %d)\n",
|
printf("Key length mismatch (%d != %d)\n",
|
||||||
key_len, EVP_CIPHER_key_length(algo));
|
key_len, EVP_CIPHER_key_length(algo));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -2026,7 +2037,7 @@ wrap_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
||||||
|
|
||||||
if (cleartext_len != 11
|
if (cleartext_len != 11
|
||||||
|| memcmp(cleartext, "hello world", 11)) {
|
|| memcmp(cleartext, "hello world", 11)) {
|
||||||
printf(" resulting cleartext doesn't match input\n");
|
printf("resulting cleartext doesn't match input\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2097,7 +2108,9 @@ test_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
|
|
||||||
#ifdef HAVE_OPENSSL
|
#ifdef HAVE_OPENSSL
|
||||||
static int
|
static int
|
||||||
encrypt_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject)
|
encrypt_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
||||||
|
CK_MECHANISM_TYPE mech_type,
|
||||||
|
CK_OBJECT_HANDLE privKeyObject)
|
||||||
{
|
{
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
unsigned char orig_data[] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', '\0'};
|
unsigned char orig_data[] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', '\0'};
|
||||||
|
@ -2106,27 +2119,28 @@ encrypt_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE pri
|
||||||
CK_ULONG encrypted_len, data_len;
|
CK_ULONG encrypted_len, data_len;
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
|
|
||||||
|
printf(" %s: ", p11_mechanism_to_name(mech_type));
|
||||||
|
|
||||||
pkey = get_public_key(session, privKeyObject);
|
pkey = get_public_key(session, privKeyObject);
|
||||||
if (pkey == NULL) {
|
if (pkey == NULL)
|
||||||
printf(" Encryption of test data failed, returning\n");
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
if (EVP_PKEY_size(pkey) > sizeof(encrypted)) {
|
if (EVP_PKEY_size(pkey) > sizeof(encrypted)) {
|
||||||
printf(" \"encrypted\" buf in pkcs11-tool too small\n");
|
printf("Ciphertext buffer too small\n");
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey);
|
encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
if (encrypted_len <= 0) {
|
if (encrypted_len <= 0) {
|
||||||
printf(" Encryption failed, returning\n");
|
printf("Encryption failed, returning\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
mech.mechanism = CKM_RSA_PKCS;
|
mech.mechanism = mech_type;
|
||||||
rv = p11->C_DecryptInit(session, &mech, privKeyObject);
|
rv = p11->C_DecryptInit(session, &mech, privKeyObject);
|
||||||
if (rv == CKR_MECHANISM_INVALID) {
|
if (rv == CKR_MECHANISM_INVALID) {
|
||||||
printf(" Mechanism CKM_RSA_PKCS not supported\n");
|
printf("Mechanism not supported\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
|
@ -2138,11 +2152,17 @@ encrypt_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE pri
|
||||||
p11_fatal("C_Decrypt", rv);
|
p11_fatal("C_Decrypt", rv);
|
||||||
|
|
||||||
if (data_len != sizeof(orig_data) || memcmp(orig_data, data, data_len)) {
|
if (data_len != sizeof(orig_data) || memcmp(orig_data, data, data_len)) {
|
||||||
printf(" resulting cleartext doesn't match input\n");
|
CK_ULONG n;
|
||||||
|
|
||||||
|
printf("resulting cleartext doesn't match input\n");
|
||||||
|
printf(" Decrypt:");
|
||||||
|
for (n = 0; n < data_len; n++)
|
||||||
|
printf(" %02x", data[n]);
|
||||||
|
printf("\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
printf(" CKM_RSA_PKCS: OK\n");
|
printf("OK\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -2158,9 +2178,9 @@ test_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
CK_OBJECT_HANDLE privKeyObject;
|
CK_OBJECT_HANDLE privKeyObject;
|
||||||
CK_SESSION_HANDLE sess;
|
CK_SESSION_HANDLE sess;
|
||||||
CK_MECHANISM_TYPE firstMechType;
|
CK_MECHANISM_TYPE *mechs = NULL;
|
||||||
CK_SESSION_INFO sessionInfo;
|
CK_SESSION_INFO sessionInfo;
|
||||||
CK_ULONG j;
|
CK_ULONG j, n, num_mechs = 0;
|
||||||
char *label;
|
char *label;
|
||||||
|
|
||||||
rv = p11->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
|
rv = p11->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
|
||||||
|
@ -2175,8 +2195,8 @@ test_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
return errors;
|
return errors;
|
||||||
}
|
}
|
||||||
|
|
||||||
firstMechType = find_mechanism(slot, CKF_DECRYPT | CKF_HW, 0);
|
num_mechs = get_mechanisms(slot, &mechs, CKF_DECRYPT);
|
||||||
if (firstMechType == NO_MECHANISM) {
|
if (num_mechs == 0) {
|
||||||
printf("Decrypt: not implemented\n");
|
printf("Decrypt: not implemented\n");
|
||||||
return errors;
|
return errors;
|
||||||
}
|
}
|
||||||
|
@ -2188,7 +2208,7 @@ test_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
printf("(%s) ", label);
|
printf("(%s) ", label);
|
||||||
free(label);
|
free(label);
|
||||||
}
|
}
|
||||||
if (!getUNWRAP(sess, privKeyObject)) {
|
if (!getDECRYPT(sess, privKeyObject)) {
|
||||||
printf(" -- can't be used to decrypt, skipping\n");
|
printf(" -- can't be used to decrypt, skipping\n");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -2197,10 +2217,14 @@ test_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
#ifndef HAVE_OPENSSL
|
#ifndef HAVE_OPENSSL
|
||||||
printf("No OpenSSL support, unable to validate decryption\n");
|
printf("No OpenSSL support, unable to validate decryption\n");
|
||||||
#else
|
#else
|
||||||
errors += encrypt_decrypt(slot, sess, privKeyObject);
|
for (n = 0; n < num_mechs; n++) {
|
||||||
|
errors += encrypt_decrypt(slot, sess,
|
||||||
|
mechs[n], privKeyObject);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
free(mechs);
|
||||||
return errors;
|
return errors;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2359,7 +2383,7 @@ test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
|
|
||||||
printf("\n*** We allready opened a session and logged in ***\n");
|
printf("\n*** We allready opened a session and logged in ***\n");
|
||||||
|
|
||||||
get_mechanisms(slot, &mech_type, &num_mechs);
|
num_mechs = get_mechanisms(slot, &mech_type, -1);
|
||||||
for (i = 0; i < num_mechs; i++) {
|
for (i = 0; i < num_mechs; i++) {
|
||||||
if (mech_type[i] == CKM_RSA_PKCS_KEY_PAIR_GEN)
|
if (mech_type[i] == CKM_RSA_PKCS_KEY_PAIR_GEN)
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue