Added C_DecryptInit() and C_Decrypt() for RSA keys
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1485 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
7730dc1199
commit
ebca5c681c
|
@ -1800,21 +1800,20 @@ CK_RV pkcs15_prkey_sign(struct sc_pkcs11_session *ses, void *obj,
|
|||
}
|
||||
|
||||
static CK_RV
|
||||
pkcs15_prkey_unwrap(struct sc_pkcs11_session *ses, void *obj,
|
||||
pkcs15_prkey_decrypt(struct sc_pkcs11_session *ses, void *obj,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
|
||||
void **result)
|
||||
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
|
||||
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
|
||||
{
|
||||
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) ses->slot->card->fw_data;
|
||||
struct pkcs15_prkey_object *prkey;
|
||||
struct pkcs15_slot_data *data = slot_data(ses->slot->fw_data);
|
||||
u8 unwrapped_key[256];
|
||||
int rv;
|
||||
u8 decrypted[256];
|
||||
int buff_too_small, rv;
|
||||
|
||||
sc_debug(context, "Initiating key unwrap.\n");
|
||||
sc_debug(context, "Initiating unwrap/decryption.\n");
|
||||
|
||||
/* See which of the alternative keys supports unwrap */
|
||||
/* See which of the alternative keys supports unwrap/decrypt */
|
||||
prkey = (struct pkcs15_prkey_object *) obj;
|
||||
while (prkey
|
||||
&& !(prkey->prv_info->usage
|
||||
|
@ -1824,14 +1823,13 @@ pkcs15_prkey_unwrap(struct sc_pkcs11_session *ses, void *obj,
|
|||
if (prkey == NULL)
|
||||
return CKR_KEY_FUNCTION_NOT_PERMITTED;
|
||||
|
||||
|
||||
if (pMechanism->mechanism != CKM_RSA_PKCS)
|
||||
return CKR_MECHANISM_INVALID;
|
||||
|
||||
rv = sc_pkcs15_decipher(fw_data->p15_card, prkey->prv_p15obj,
|
||||
SC_ALGORITHM_RSA_PAD_PKCS1,
|
||||
pData, ulDataLen,
|
||||
unwrapped_key, sizeof(unwrapped_key));
|
||||
pEncryptedData, ulEncryptedDataLen,
|
||||
decrypted, sizeof(decrypted));
|
||||
|
||||
/* Do we have to try a re-login and then try to decrypt again? */
|
||||
if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
|
||||
|
@ -1845,18 +1843,45 @@ pkcs15_prkey_unwrap(struct sc_pkcs11_session *ses, void *obj,
|
|||
if (rv == 0)
|
||||
rv = sc_pkcs15_decipher(fw_data->p15_card, prkey->prv_p15obj,
|
||||
SC_ALGORITHM_RSA_PAD_PKCS1,
|
||||
pData, ulDataLen,
|
||||
unwrapped_key, sizeof(unwrapped_key));
|
||||
pEncryptedData, ulEncryptedDataLen,
|
||||
decrypted, sizeof(decrypted));
|
||||
|
||||
sc_unlock(ses->slot->card->card);
|
||||
}
|
||||
|
||||
sc_debug(context, "Key unwrap complete. Result %d.\n", rv);
|
||||
sc_debug(context, "Key unwrap/decryption complete. Result %d.\n", rv);
|
||||
|
||||
if (rv < 0)
|
||||
return sc_to_cryptoki_error(rv, ses->slot->card->reader);
|
||||
|
||||
buff_too_small = (*pulDataLen < rv);
|
||||
*pulDataLen = rv;
|
||||
if (pData == NULL_PTR)
|
||||
return CKR_OK;
|
||||
if (buff_too_small)
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
memcpy(pData, decrypted, *pulDataLen);
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
pkcs15_prkey_unwrap(struct sc_pkcs11_session *ses, void *obj,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
|
||||
void **result)
|
||||
{
|
||||
u8 unwrapped_key[256];
|
||||
int key_len = sizeof(unwrapped_key), rv;
|
||||
|
||||
rv = pkcs15_prkey_decrypt(ses, obj, pMechanism, pData, ulDataLen,
|
||||
unwrapped_key, &key_len);
|
||||
|
||||
if (rv < 0)
|
||||
return sc_to_cryptoki_error(rv, ses->slot->card->reader);
|
||||
return sc_pkcs11_create_secret_key(ses,
|
||||
unwrapped_key, rv,
|
||||
unwrapped_key, key_len,
|
||||
pTemplate, ulAttributeCount,
|
||||
(struct sc_pkcs11_object **) result);
|
||||
}
|
||||
|
@ -1869,7 +1894,8 @@ struct sc_pkcs11_object_ops pkcs15_prkey_ops = {
|
|||
NULL,
|
||||
NULL,
|
||||
pkcs15_prkey_sign,
|
||||
pkcs15_prkey_unwrap
|
||||
pkcs15_prkey_unwrap,
|
||||
pkcs15_prkey_decrypt
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -2188,7 +2214,7 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
|||
/* Register generic mechanisms */
|
||||
sc_pkcs11_register_generic_mechanisms(p11card);
|
||||
|
||||
mech_info.flags = CKF_HW | CKF_SIGN | CKF_UNWRAP;
|
||||
mech_info.flags = CKF_HW | CKF_SIGN | CKF_UNWRAP | CKF_DECRYPT;
|
||||
#ifdef HAVE_OPENSSL
|
||||
mech_info.flags |= CKF_VERIFY;
|
||||
#endif
|
||||
|
|
|
@ -17,7 +17,7 @@ struct hash_signature_info {
|
|||
sc_pkcs11_mechanism_type_t *sign_type;
|
||||
};
|
||||
|
||||
/* Also used for verification data */
|
||||
/* Also used for verification and decryption data */
|
||||
struct signature_data {
|
||||
struct sc_pkcs11_object *key;
|
||||
struct hash_signature_info *info;
|
||||
|
@ -638,6 +638,102 @@ done:
|
|||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Initialize a decryption context. When we get here, we know
|
||||
* the key object is capable of decrypting _something_
|
||||
*/sc_pkcs11_decr_init(struct sc_pkcs11_session *session,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
struct sc_pkcs11_object *key,
|
||||
CK_MECHANISM_TYPE key_type)
|
||||
{
|
||||
struct sc_pkcs11_card *p11card;
|
||||
sc_pkcs11_operation_t *operation;
|
||||
sc_pkcs11_mechanism_type_t *mt;
|
||||
int rv;
|
||||
|
||||
if (!session || !session->slot
|
||||
|| !(p11card = session->slot->card))
|
||||
return CKR_ARGUMENTS_BAD;
|
||||
|
||||
/* See if we support this mechanism type */
|
||||
mt = sc_pkcs11_find_mechanism(p11card, pMechanism->mechanism, CKF_DECRYPT);
|
||||
if (mt == NULL)
|
||||
return CKR_MECHANISM_INVALID;
|
||||
|
||||
/* See if compatible with key type */
|
||||
if (mt->key_type != key_type)
|
||||
return CKR_KEY_TYPE_INCONSISTENT;
|
||||
|
||||
rv = session_start_operation(session, SC_PKCS11_OPERATION_DECRYPT, mt, &operation);
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
memcpy(&operation->mechanism, pMechanism, sizeof(CK_MECHANISM));
|
||||
rv = mt->decrypt_init(operation, key);
|
||||
|
||||
if (rv != CKR_OK)
|
||||
session_stop_operation(session, SC_PKCS11_OPERATION_DECRYPT);
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
CK_RV
|
||||
sc_pkcs11_decr(struct sc_pkcs11_session *session,
|
||||
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
|
||||
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
|
||||
{
|
||||
sc_pkcs11_operation_t *op;
|
||||
int rv;
|
||||
|
||||
rv = session_get_operation(session, SC_PKCS11_OPERATION_DECRYPT, &op);
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
rv = op->type->decrypt(op, pEncryptedData, ulEncryptedDataLen,
|
||||
pData, pulDataLen);
|
||||
|
||||
done:
|
||||
if (rv != CKR_BUFFER_TOO_SMALL && pData != NULL)
|
||||
session_stop_operation(session, SC_PKCS11_OPERATION_DECRYPT);
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize a signature operation
|
||||
*/
|
||||
static CK_RV
|
||||
sc_pkcs11_decrypt_init(sc_pkcs11_operation_t *operation,
|
||||
struct sc_pkcs11_object *key)
|
||||
{
|
||||
struct signature_data *data;
|
||||
|
||||
if (!(data = (struct signature_data *) calloc(1, sizeof(*data))))
|
||||
return CKR_HOST_MEMORY;
|
||||
|
||||
data->key = key;
|
||||
|
||||
operation->priv_data = data;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
sc_pkcs11_decrypt(sc_pkcs11_operation_t *operation,
|
||||
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
|
||||
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
|
||||
{
|
||||
struct signature_data *data;
|
||||
struct sc_pkcs11_object *key;
|
||||
int rv;
|
||||
|
||||
data = (struct signature_data*) operation->priv_data;
|
||||
|
||||
key = data->key;
|
||||
return key->ops->decrypt(operation->session,
|
||||
key, &operation->mechanism,
|
||||
pEncryptedData, ulEncryptedDataLen,
|
||||
pData, pulDataLen);
|
||||
}
|
||||
|
||||
/*
|
||||
* Create new mechanism type for a mechanism supported by
|
||||
* the card
|
||||
|
@ -675,6 +771,10 @@ sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE mech,
|
|||
if (pInfo->flags & CKF_UNWRAP) {
|
||||
/* ... */
|
||||
}
|
||||
if (pInfo->flags & CKF_DECRYPT) {
|
||||
mt->decrypt_init = sc_pkcs11_decrypt_init;
|
||||
mt->decrypt = sc_pkcs11_decrypt;
|
||||
}
|
||||
|
||||
return mt;
|
||||
}
|
||||
|
|
|
@ -523,7 +523,6 @@ CK_RV C_Sign(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
out: sc_debug(context, "Signing result was %d\n", rv);
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
|
||||
}
|
||||
|
||||
CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||
|
@ -679,7 +678,48 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
|
||||
CK_OBJECT_HANDLE hKey) /* handle of the decryption key */
|
||||
{
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
CK_BBOOL can_decrypt;
|
||||
CK_KEY_TYPE key_type;
|
||||
CK_ATTRIBUTE decrypt_attribute = { CKA_DECRYPT, &can_decrypt, sizeof(can_decrypt) };
|
||||
CK_ATTRIBUTE key_type_attr = { CKA_KEY_TYPE, &key_type, sizeof(key_type) };
|
||||
struct sc_pkcs11_session *session;
|
||||
struct sc_pkcs11_object *object;
|
||||
int rv;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
||||
rv = pool_find(&session->slot->object_pool, hKey, (void**) &object);
|
||||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
||||
if (object->ops->decrypt == NULL_PTR) {
|
||||
rv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = object->ops->get_attribute(session, object, &decrypt_attribute);
|
||||
if (rv != CKR_OK || !can_decrypt) {
|
||||
rv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
goto out;
|
||||
}
|
||||
rv = object->ops->get_attribute(session, object, &key_type_attr);
|
||||
if (rv != CKR_OK) {
|
||||
rv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rv = sc_pkcs11_decr_init(session, pMechanism, object, key_type);
|
||||
|
||||
out: sc_debug(context, "Decrypt initialization returns %d\n", rv);
|
||||
sc_pkcs11_unlock();
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||
|
@ -688,7 +728,23 @@ CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, /* the session's handle */
|
|||
CK_BYTE_PTR pData, /* receives decrypted output */
|
||||
CK_ULONG_PTR pulDataLen) /* receives decrypted byte count */
|
||||
{
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
int rv;
|
||||
struct sc_pkcs11_session *session;
|
||||
|
||||
rv = sc_pkcs11_lock();
|
||||
if (rv != CKR_OK)
|
||||
return rv;
|
||||
|
||||
rv = pool_find(&session_pool, hSession, (void**) &session);
|
||||
if (rv != CKR_OK)
|
||||
goto out;
|
||||
|
||||
rv = sc_pkcs11_decr(session, pEncryptedData, ulEncryptedDataLen,
|
||||
pData, pulDataLen);
|
||||
|
||||
out: sc_debug(context, "Decryption result was %d\n", rv);
|
||||
sc_pkcs11_unlock();
|
||||
return rv;
|
||||
}
|
||||
|
||||
CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession, /* the session's handle */
|
||||
|
|
|
@ -104,12 +104,20 @@ struct sc_pkcs11_object_ops {
|
|||
CK_RV (*get_size)(struct sc_pkcs11_session *, void *);
|
||||
|
||||
/* Cryptographic methods */
|
||||
CK_RV (*sign)(struct sc_pkcs11_session *, void *, CK_MECHANISM_PTR pMechanism, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulDataLen);
|
||||
CK_RV (*sign)(struct sc_pkcs11_session *, void *,
|
||||
CK_MECHANISM_PTR,
|
||||
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulDataLen);
|
||||
CK_RV (*unwrap_key)(struct sc_pkcs11_session *, void *,
|
||||
CK_MECHANISM_PTR,
|
||||
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
|
||||
CK_ATTRIBUTE_PTR, CK_ULONG,
|
||||
void **);
|
||||
CK_RV (*decrypt)(struct sc_pkcs11_session *, void *,
|
||||
CK_MECHANISM_PTR,
|
||||
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
|
||||
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
|
||||
|
||||
/* Others to be added when implemented */
|
||||
};
|
||||
|
||||
|
@ -224,6 +232,7 @@ enum {
|
|||
SC_PKCS11_OPERATION_SIGN,
|
||||
SC_PKCS11_OPERATION_VERIFY,
|
||||
SC_PKCS11_OPERATION_DIGEST,
|
||||
SC_PKCS11_OPERATION_DECRYPT,
|
||||
SC_PKCS11_OPERATION_MAX
|
||||
};
|
||||
|
||||
|
@ -260,6 +269,11 @@ struct sc_pkcs11_mechanism_type {
|
|||
CK_RV (*verif_final)(sc_pkcs11_operation_t *,
|
||||
CK_BYTE_PTR, CK_ULONG);
|
||||
#endif
|
||||
CK_RV (*decrypt_init)(sc_pkcs11_operation_t *,
|
||||
struct sc_pkcs11_object *);
|
||||
CK_RV (*decrypt)(sc_pkcs11_operation_t *,
|
||||
CK_BYTE_PTR, CK_ULONG,
|
||||
CK_BYTE_PTR, CK_ULONG_PTR);
|
||||
/* mechanism specific data */
|
||||
const void * mech_data;
|
||||
};
|
||||
|
|
|
@ -1955,7 +1955,7 @@ wrap_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||
EVP_SealInit(&seal_ctx, algo,
|
||||
&key, &key_len,
|
||||
iv, &pkey, 1);
|
||||
|
||||
|
||||
/* Encrypt something */
|
||||
len = sizeof(ciphered);
|
||||
EVP_SealUpdate(&seal_ctx, ciphered, &len, (const unsigned char *) "hello world", 11);
|
||||
|
@ -1965,6 +1965,8 @@ wrap_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||
EVP_SealFinal(&seal_ctx, ciphered + ciphered_len, &len);
|
||||
ciphered_len += len;
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
mech.mechanism = CKM_RSA_PKCS;
|
||||
rv = p11->C_UnwrapKey(session, &mech, privKeyObject,
|
||||
key, key_len,
|
||||
|
@ -2072,6 +2074,116 @@ test_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
|||
return errors;
|
||||
}
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
static int
|
||||
encrypt_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject)
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
EVP_CIPHER_CTX encrypt_ctx;
|
||||
unsigned char orig_data[] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', '\0'};
|
||||
unsigned char encrypted[512], data[512];
|
||||
CK_MECHANISM mech;
|
||||
int encrypted_len, data_len, r;
|
||||
CK_RV rv;
|
||||
|
||||
pkey = get_public_key(session, privKeyObject);
|
||||
if (pkey == NULL) {
|
||||
printf(" Encryption of test data failed, returning\n");
|
||||
return 0;
|
||||
}
|
||||
if (EVP_PKEY_size(pkey) > sizeof(encrypted)) {
|
||||
printf(" \"encrypted\" buf in pkcs11-tool too small\n");
|
||||
EVP_PKEY_free(pkey);
|
||||
return 0;
|
||||
}
|
||||
encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (encrypted_len <= 0) {
|
||||
printf(" Encryption failed, returning\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
mech.mechanism = CKM_RSA_PKCS;
|
||||
rv = p11->C_DecryptInit(session, &mech, privKeyObject);
|
||||
if (rv == CKR_MECHANISM_INVALID) {
|
||||
printf(" Mechanism CKM_RSA_PKCS not supported\n");
|
||||
return 0;
|
||||
}
|
||||
if (rv != CKR_OK)
|
||||
p11_fatal("C_DecryptInit", rv);
|
||||
|
||||
data_len = encrypted_len;
|
||||
rv = p11->C_Decrypt(session, encrypted, encrypted_len, data, &data_len);
|
||||
if (rv != CKR_OK)
|
||||
p11_fatal("C_DecryptInit", rv);
|
||||
|
||||
if (data_len != sizeof(orig_data) || memcmp(orig_data, data, data_len)) {
|
||||
printf(" resulting cleartext doesn't match input\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf(" CKM_RSA_PKCS: OK\n");
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Test decryption functions
|
||||
*/
|
||||
static int
|
||||
test_decrypt(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||
{
|
||||
int errors = 0;
|
||||
CK_RV rv;
|
||||
CK_OBJECT_HANDLE privKeyObject;
|
||||
CK_SESSION_HANDLE sess;
|
||||
CK_MECHANISM_TYPE firstMechType;
|
||||
CK_SESSION_INFO sessionInfo;
|
||||
CK_ULONG j;
|
||||
char *label;
|
||||
|
||||
rv = p11->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, &sess);
|
||||
if (rv != CKR_OK)
|
||||
p11_fatal("C_OpenSession", rv);
|
||||
|
||||
rv = p11->C_GetSessionInfo(sess, &sessionInfo);
|
||||
if (rv != CKR_OK)
|
||||
p11_fatal("C_OpenSession", rv);
|
||||
if ((sessionInfo.state & CKS_RO_USER_FUNCTIONS) == 0) {
|
||||
printf("Decryption: not logged in, skipping decryption tests\n");
|
||||
return errors;
|
||||
}
|
||||
|
||||
firstMechType = find_mechanism(slot, CKF_DECRYPT | CKF_HW, 0);
|
||||
if (firstMechType == NO_MECHANISM) {
|
||||
printf("Decrypt: not implemented\n");
|
||||
return errors;
|
||||
}
|
||||
|
||||
printf("Decryption (RSA)\n");
|
||||
for (j = 0; find_object(sess, CKO_PRIVATE_KEY, &privKeyObject, NULL, 0, j); j++) {
|
||||
printf(" testing key %ld ", j);
|
||||
if ((label = getLABEL(sess, privKeyObject, NULL)) != NULL) {
|
||||
printf("(%s) ", label);
|
||||
free(label);
|
||||
}
|
||||
if (!getUNWRAP(sess, privKeyObject)) {
|
||||
printf(" -- can't be used to decrypt, skipping\n");
|
||||
continue;
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
#ifndef HAVE_OPENSSL
|
||||
printf("No OpenSSL support, unable to validate decryption\n");
|
||||
#else
|
||||
errors += encrypt_decrypt(slot, sess, privKeyObject);
|
||||
#endif
|
||||
}
|
||||
|
||||
return errors;
|
||||
}
|
||||
|
||||
static int
|
||||
test_random(CK_SLOT_ID slot)
|
||||
{
|
||||
|
@ -2183,6 +2295,8 @@ p11_test(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
|||
|
||||
errors += test_unwrap(slot, session);
|
||||
|
||||
errors += test_decrypt(slot, session);
|
||||
|
||||
errors += test_card_detection(0);
|
||||
|
||||
errors += test_card_detection(1);
|
||||
|
|
Loading…
Reference in New Issue