giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
opensc/src/tests/p11test/p11test_case_common.c

959 lines
27 KiB
C
Raw Blame History

/*
* p11test_case_common.c: Functions shared between test cases.
*
* Copyright (C) 2016, 2017 Red Hat, Inc.
*
* Author: Jakub Jelen <jjelen@redhat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "p11test_case_common.h"
char name_buffer[11];
char flag_buffer[11];
/**
* If the object enforces re-authentication, do it now.
*/
void always_authenticate(test_cert_t *o, token_info_t *info)
{
CK_RV rv;
if (!o->always_auth) {
return;
}
rv = info->function_pointer->C_Login(info->session_handle,
CKU_CONTEXT_SPECIFIC, info->pin, info->pin_length);
if (rv != CKR_OK) {
fail_msg(" [ SKIP %s ] Re-authentication failed", o->id_str);
exit(1);
}
}
/**
* Allocate new place for next certificate to store in the list
* and return pointer to this object
*/
test_cert_t *
add_object(test_certs_t *objects, CK_ATTRIBUTE key_id, CK_ATTRIBUTE label)
{
test_cert_t *o = NULL;
objects->count = objects->count+1;
objects->data = realloc(objects->data, objects->count * sizeof(test_cert_t));
if (objects->data == NULL)
return NULL;
o = &(objects->data[objects->count - 1]);
o->private_handle = CK_INVALID_HANDLE;
o->public_handle = CK_INVALID_HANDLE;
o->always_auth = 0;
o->bits = 0;
o->verify_public = 0;
o->num_mechs = 0;
o->type = -1;
o->sign = 0;
o->verify = 0;
o->decrypt = 0;
o->encrypt = 0;
o->wrap = 0;
o->unwrap = 0;
o->derive_priv = 0;
o->derive_pub = 0;
o->key_type = -1;
o->x509 = NULL; /* The "reuse" capability of d2i_X509() is strongly discouraged */
o->key.rsa = NULL;
o->key.ec = NULL;
/* Store the passed CKA_ID and CKA_LABEL */
o->key_id = malloc(key_id.ulValueLen);
memcpy(o->key_id, key_id.pValue, key_id.ulValueLen);
o->key_id_size = key_id.ulValueLen;
o->id_str = convert_byte_string(o->key_id, o->key_id_size);
o->label = malloc(label.ulValueLen + 1);
strncpy(o->label, label.pValue, label.ulValueLen);
o->label[label.ulValueLen] = '\0';
return o;
}
/*
* Search for certificate in the list by ID and return pointer to it
*/
test_cert_t * search_certificate(test_certs_t *objects, CK_ATTRIBUTE *id)
{
unsigned int i = 0;
while (i < objects->count && (objects->data[i].key_id_size != id->ulValueLen ||
memcmp(objects->data[i].key_id, id->pValue, id->ulValueLen) != 0))
i++;
if (i == objects->count)
return NULL;
return &(objects->data[i]);
}
static void
add_supported_mechs(test_cert_t *o)
{
size_t i;
if (o->type == EVP_PK_RSA) {
if (token.num_rsa_mechs > 0 ) {
/* Get supported mechanisms by token */
o->num_mechs = token.num_rsa_mechs;
for (i = 0; i < token.num_rsa_mechs; i++) {
o->mechs[i].mech = token.rsa_mechs[i].mech;
o->mechs[i].result_flags = 0;
o->mechs[i].usage_flags =
token.rsa_mechs[i].usage_flags;
}
} else {
/* Use the default list */
o->num_mechs = 1;
o->mechs[0].mech = CKM_RSA_PKCS;
o->mechs[0].result_flags = 0;
o->mechs[0].usage_flags = CKF_SIGN | CKF_VERIFY
| CKF_ENCRYPT | CKF_DECRYPT;
}
} else if (o->type == EVP_PK_EC) {
if (token.num_ec_mechs > 0 ) {
o->num_mechs = token.num_ec_mechs;
for (i = 0; i < token.num_ec_mechs; i++) {
o->mechs[i].mech = token.ec_mechs[i].mech;
o->mechs[i].result_flags = 0;
o->mechs[i].usage_flags =
token.ec_mechs[i].usage_flags;
}
} else {
/* Use the default list */
o->num_mechs = 1;
o->mechs[0].mech = CKM_ECDSA;
o->mechs[0].result_flags = 0;
o->mechs[0].usage_flags = CKF_SIGN | CKF_VERIFY;
}
} else if (o->type == EVP_PKEY_ED25519) {
if (token.num_ed_mechs > 0 ) {
o->num_mechs = token.num_ed_mechs;
for (i = 0; i < token.num_ed_mechs; i++) {
o->mechs[i].mech = token.ed_mechs[i].mech;
o->mechs[i].result_flags = 0;
o->mechs[i].usage_flags =
token.ed_mechs[i].usage_flags;
}
} else {
/* Use the default list */
o->num_mechs = 1;
o->mechs[0].mech = CKM_EDDSA;
o->mechs[0].result_flags = 0;
o->mechs[0].usage_flags = CKF_SIGN | CKF_VERIFY;
}
} else if (o->type == EVP_PKEY_X25519) {
if (token.num_montgomery_mechs > 0 ) {
o->num_mechs = token.num_montgomery_mechs;
for (i = 0; i < token.num_ed_mechs; i++) {
o->mechs[i].mech = token.montgomery_mechs[i].mech;
o->mechs[i].result_flags = 0;
o->mechs[i].usage_flags =
token.montgomery_mechs[i].usage_flags;
}
} else {
/* Use the default list */
o->num_mechs = 1;
o->mechs[0].mech = CKM_ECDH1_DERIVE;
o->mechs[0].result_flags = 0;
o->mechs[0].usage_flags = CKF_DERIVE;
}
}
}
/**
* Allocate place in the structure for every certificate found
* and store related information
*/
int callback_certificates(test_certs_t *objects,
CK_ATTRIBUTE template[], unsigned int template_size, CK_OBJECT_HANDLE object_handle)
{
EVP_PKEY *evp = NULL;
const u_char *cp = NULL;
test_cert_t *o = NULL;
if (*(CK_CERTIFICATE_TYPE *)template[3].pValue != CKC_X_509)
return 0;
if ((o = add_object(objects, template[0], template[2])) == NULL)
return -1;
/* Extract public key from the certificate */
cp = template[1].pValue;
if (d2i_X509(&(o->x509), &cp, template[1].ulValueLen) == NULL) {
fail_msg("d2i_X509");
return -1;
} else if ((evp = X509_get_pubkey(o->x509)) == NULL) {
fail_msg("X509_get_pubkey failed.");
return -1;
}
if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) {
/* Extract public RSA key */
RSA *rsa = EVP_PKEY_get0_RSA(evp);
if ((o->key.rsa = RSAPublicKey_dup(rsa)) == NULL) {
fail_msg("RSAPublicKey_dup failed");
return -1;
}
o->type = EVP_PK_RSA;
o->bits = EVP_PKEY_bits(evp);
} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
/* Extract public EC key */
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp);
if ((o->key.ec = EC_KEY_dup(ec)) == NULL) {
fail_msg("EC_KEY_dup failed");
return -1;
}
o->type = EVP_PK_EC;
o->bits = EVP_PKEY_bits(evp);
} else {
fprintf(stderr, "[WARN %s ]evp->type = 0x%.4X (not RSA, EC)\n",
o->id_str, EVP_PKEY_id(evp));
}
EVP_PKEY_free(evp);
debug_print(" [ OK %s ] Certificate with label %s loaded successfully",
o->id_str, o->label);
return 0;
}
/**
* Pair found private keys on the card with existing certificates
*/
int callback_private_keys(test_certs_t *objects,
CK_ATTRIBUTE template[], unsigned int template_size, CK_OBJECT_HANDLE object_handle)
{
test_cert_t *o = NULL;
char *key_id;
/* Search for already stored certificate with same ID */
if ((o = search_certificate(objects, &(template[3]))) == NULL) {
key_id = convert_byte_string(template[3].pValue,
template[3].ulValueLen);
fprintf(stderr, "Can't find certificate for private key with ID %s\n", key_id);
free(key_id);
fprintf(stderr, "Let's create a bogus structure without certificate data\n");
if ((o = add_object(objects, template[3], template[7])) == NULL)
return -1;
}
if (o->private_handle != CK_INVALID_HANDLE) {
key_id = convert_byte_string(template[3].pValue, template[3].ulValueLen);
fprintf(stderr, "Object already filled? ID %s\n", key_id);
free(key_id);
return -1;
}
/* Store attributes, flags and handles */
o->private_handle = object_handle;
o->sign = (template[0].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[0].pValue) : CK_FALSE;
o->decrypt = (template[1].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[1].pValue) : CK_FALSE;
o->key_type = (template[2].ulValueLen != (CK_ULONG) -1)
? *((CK_KEY_TYPE *) template[2].pValue) : (CK_KEY_TYPE) -1;
o->always_auth = (template[4].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[4].pValue) : CK_FALSE;
o->unwrap = (template[5].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[5].pValue) : CK_FALSE;
o->derive_priv = (template[6].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[6].pValue) : CK_FALSE;
debug_print(" [ OK %s ] Private key loaded successfully S:%d D:%d T:%02lX",
o->id_str, o->sign, o->decrypt, o->key_type);
return 0;
}
/**
* Pair found public keys on the card with existing certificates
*/
int callback_public_keys(test_certs_t *objects,
CK_ATTRIBUTE template[], unsigned int template_size, CK_OBJECT_HANDLE object_handle)
{
test_cert_t *o = NULL;
char *key_id;
/* Search for already stored certificate with same ID */
if ((o = search_certificate(objects, &(template[3]))) == NULL) {
key_id = convert_byte_string(template[3].pValue, template[3].ulValueLen);
fprintf(stderr, "Can't find certificate for public key with ID %s\n", key_id);
free(key_id);
return -1;
}
if (o->verify_public != 0) {
key_id = convert_byte_string(template[3].pValue, template[3].ulValueLen);
fprintf(stderr, "Object already filled? ID %s\n", key_id);
free(key_id);
return -1;
}
o->public_handle = object_handle;
o->verify = (template[0].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[0].pValue) : CK_FALSE;
o->encrypt = (template[1].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[1].pValue) : CK_FALSE;
/* store key type in case there is no corresponding private key */
o->key_type = (template[2].ulValueLen != (CK_ULONG) -1)
? *((CK_KEY_TYPE *) template[2].pValue) : (CK_KEY_TYPE) -1;
o->wrap = (template[8].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[8].pValue) : CK_FALSE;
o->derive_pub = (template[9].ulValueLen != (CK_ULONG) -1)
? *((CK_BBOOL *) template[9].pValue) : CK_FALSE;
/* check if we get the same public key as from the certificate */
if (o->key_type == CKK_RSA) {
BIGNUM *n = NULL, *e = NULL;
n = BN_bin2bn(template[4].pValue, template[4].ulValueLen, NULL);
e = BN_bin2bn(template[5].pValue, template[5].ulValueLen, NULL);
if (o->key.rsa != NULL) {
const BIGNUM *cert_n = NULL, *cert_e = NULL;
RSA_get0_key(o->key.rsa, &cert_n, &cert_e, NULL);
if (BN_cmp(cert_n, n) != 0 ||
BN_cmp(cert_e, e) != 0) {
debug_print(" [WARN %s ] Got different public key then from the certificate",
o->id_str);
BN_free(n);
BN_free(e);
return -1;
}
BN_free(n);
BN_free(e);
o->verify_public = 1;
} else { /* store the public key for future use */
o->type = EVP_PK_RSA;
o->key.rsa = RSA_new();
if (RSA_set0_key(o->key.rsa, n, e, NULL) != 1) {
fail_msg("Unable to set key params");
return -1;
}
o->bits = RSA_bits(o->key.rsa);
n = NULL;
e = NULL;
}
} else if (o->key_type == CKK_EC) {
ASN1_OBJECT *oid = NULL;
ASN1_OCTET_STRING *s = NULL;
const unsigned char *pub, *p;
BIGNUM *bn = NULL;
EC_POINT *ecpoint;
EC_GROUP *ecgroup = NULL;
int nid, pub_len;
/* Parse the nid out of the EC_PARAMS */
p = template[6].pValue;
oid = d2i_ASN1_OBJECT(NULL, &p, template[6].ulValueLen);
if (oid == NULL) {
debug_print(" [WARN %s ] Failed to convert EC_PARAMS"
" to OpenSSL format", o->id_str);
return -1;
}
nid = OBJ_obj2nid(oid);
ASN1_OBJECT_free(oid);
if (nid == NID_undef) {
debug_print(" [WARN %s ] Failed to convert EC_PARAMS"
" to NID", o->id_str);
return -1;
}
ecgroup = EC_GROUP_new_by_curve_name(nid);
if (ecgroup == NULL) {
debug_print(" [WARN %s ] Failed to create new EC_GROUP"
" from NID", o->id_str);
return -1;
}
EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE);
p = template[7].pValue;
s = d2i_ASN1_OCTET_STRING(NULL, &p, template[7].ulValueLen);
pub = ASN1_STRING_get0_data(s);
pub_len = ASN1_STRING_length(s);
bn = BN_bin2bn(pub, pub_len, NULL);
ASN1_STRING_free(s);
if (bn == NULL) {
debug_print(" [WARN %s ] Can not convert EC_POINT from"
" PKCS#11 to BIGNUM", o->id_str);
EC_GROUP_free(ecgroup);
return -1;
}
ecpoint = EC_POINT_bn2point(ecgroup, bn, NULL, NULL);
BN_free(bn);
if (ecpoint == NULL) {
debug_print(" [WARN %s ] Can not convert EC_POINT from"
" BIGNUM to OpenSSL format", o->id_str);
EC_GROUP_free(ecgroup);
return -1;
}
if (o->key.ec != NULL) {
const EC_GROUP *cert_group = EC_KEY_get0_group(o->key.ec);
const EC_POINT *cert_point = EC_KEY_get0_public_key(o->key.ec);
int cert_nid = EC_GROUP_get_curve_name(cert_group);
if (cert_nid != nid ||
EC_GROUP_cmp(cert_group, ecgroup, NULL) != 0 ||
EC_POINT_cmp(ecgroup, cert_point, ecpoint, NULL) != 0) {
debug_print(" [WARN %s ] Got different public"
"key then from the certificate",
o->id_str);
EC_GROUP_free(ecgroup);
EC_POINT_free(ecpoint);
return -1;
}
EC_GROUP_free(ecgroup);
EC_POINT_free(ecpoint);
o->verify_public = 1;
} else { /* store the public key for future use */
o->type = EVP_PK_EC;
o->key.ec = EC_KEY_new_by_curve_name(nid);
EC_KEY_set_public_key(o->key.ec, ecpoint);
EC_KEY_set_group(o->key.ec, ecgroup);
o->bits = EC_GROUP_get_degree(ecgroup);
}
} else if (o->key_type == CKK_EC_EDWARDS
|| o->key_type == CKK_EC_MONTGOMERY) {
EVP_PKEY *key = NULL;
ASN1_PRINTABLESTRING *curve = NULL;
ASN1_OBJECT *obj = NULL;
const unsigned char *a;
ASN1_OCTET_STRING *os;
int evp_type;
a = template[6].pValue;
if (d2i_ASN1_PRINTABLESTRING(&curve, &a, (long)template[6].ulValueLen) != NULL) {
switch (o->key_type) {
case CKK_EC_EDWARDS:
if (strcmp((char *)curve->data, "edwards25519")) {
debug_print(" [WARN %s ] Unknown curve name. "
" expected edwards25519, got %s", o->id_str, curve->data);
return -1;
}
evp_type = EVP_PKEY_ED25519;
break;
case CKK_EC_MONTGOMERY:
if (strcmp((char *)curve->data, "curve25519")) {
debug_print(" [WARN %s ] Unknown curve name. "
" expected curve25519, got %s", o->id_str, curve->data);
return -1;
}
evp_type = EVP_PKEY_X25519;
break;
default:
debug_print(" [WARN %s ] Unknown key type %lu", o->id_str, o->key_type);
return -1;
}
ASN1_PRINTABLESTRING_free(curve);
} else if (d2i_ASN1_OBJECT(&obj, &a, (long)template[6].ulValueLen) != NULL) {
int nid = OBJ_obj2nid(obj);
switch (o->key_type) {
case CKK_EC_EDWARDS:
if (nid != NID_ED25519) {
debug_print(" [WARN %s ] Unknown OID. "
" expected NID_ED25519 (%d), got %d", o->id_str, NID_ED25519, nid);
return -1;
}
evp_type = EVP_PKEY_ED25519;
break;
case CKK_EC_MONTGOMERY:
if (nid != NID_X25519) {
debug_print(" [WARN %s ] Unknown OID. "
" expected NID_X25519 (%d), got %d", o->id_str, NID_X25519, nid);
return -1;
}
evp_type = EVP_PKEY_X25519;
break;
default:
debug_print(" [WARN %s ] Unknown key type %lu", o->id_str, o->key_type);
return -1;
}
ASN1_OBJECT_free(obj);
} else {
debug_print(" [WARN %s ] Failed to convert EC_PARAMS"
" to curve name or object id", o->id_str);
return -1;
}
/* PKCS#11-compliant modules should return ASN1_OCTET_STRING */
a = template[7].pValue;
os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)template[7].ulValueLen);
if (!os) {
debug_print(" [WARN %s ] Can not decode EC_POINT", o->id_str);
return -1;
}
if (os->length != 32) {
debug_print(" [WARN %s ] Invalid length of EC_POINT value", o->id_str);
return -1;
}
key = EVP_PKEY_new_raw_public_key(evp_type, NULL,
(const uint8_t *)os->data,
os->length);
if (key == NULL) {
debug_print(" [WARN %s ] Out of memory", o->id_str);
ASN1_STRING_free(os);
return -1;
}
if (o->key.pkey != NULL) {
unsigned char *pub = NULL;
size_t publen = 0;
/* TODO check EVP_PKEY type */
if (EVP_PKEY_get_raw_public_key(o->key.pkey, NULL, &publen) != 1) {
debug_print(" [WARN %s ] Can not get size of the key", o->id_str);
ASN1_STRING_free(os);
return -1;
}
pub = malloc(publen);
if (pub == NULL) {
debug_print(" [WARN %s ] Out of memory", o->id_str);
ASN1_STRING_free(os);
return -1;
}
if (EVP_PKEY_get_raw_public_key(o->key.pkey, pub, &publen) != 1 ||
publen != (size_t)os->length ||
memcmp(pub, os->data, publen) != 0) {
debug_print(" [WARN %s ] Got different public"
"key then from the certificate",
o->id_str);
free(pub);
ASN1_STRING_free(os);
return -1;
}
free(pub);
EVP_PKEY_free(key);
o->verify_public = 1;
} else { /* store the public key for future use */
o->type = evp_type;
o->key.pkey = key;
o->bits = 255;
}
ASN1_STRING_free(os);
} else {
debug_print(" [WARN %s ] unknown key. Key type: %02lX",
o->id_str, o->key_type);
return -1;
}
add_supported_mechs(o);
debug_print(" [ OK %s ] Public key loaded successfully V:%d E:%d T:%02lX",
o->id_str, o->verify, o->encrypt, o->key_type);
return 0;
}
int search_objects(test_certs_t *objects, token_info_t *info,
CK_ATTRIBUTE filter[], CK_LONG filter_size, CK_ATTRIBUTE template[], CK_LONG template_size,
int (*callback)(test_certs_t *, CK_ATTRIBUTE[], unsigned int, CK_OBJECT_HANDLE))
{
CK_RV rv;
CK_FUNCTION_LIST_PTR fp = info->function_pointer;
CK_ULONG object_count;
CK_OBJECT_HANDLE object_handle = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE_PTR object_handles = NULL;
unsigned long i = 0, objects_length = 0;
int j, ret = -1;
/* FindObjects first
* https://wiki.oasis-open.org/pkcs11/CommonBugs
*/
rv = fp->C_FindObjectsInit(info->session_handle, filter, filter_size);
if (rv != CKR_OK) {
fprintf(stderr, "C_FindObjectsInit: rv = 0x%.8lX\n", rv);
return -1;
}
while(1) {
rv = fp->C_FindObjects(info->session_handle, &object_handle, 1, &object_count);
if (object_count == 0)
break;
if (rv != CKR_OK) {
fprintf(stderr, "C_FindObjects: rv = 0x%.8lX\n", rv);
goto out;
}
/* store handle */
if (i >= objects_length) {
CK_OBJECT_HANDLE_PTR new_object_handles = NULL;
objects_length += 4; // do not realloc after each row
new_object_handles = realloc(object_handles, objects_length * sizeof(CK_OBJECT_HANDLE));
if (new_object_handles == NULL) {
fail_msg("Realloc failed. Need to store object handles.\n");
goto out;
}
object_handles = new_object_handles;
}
object_handles[i++] = object_handle;
}
objects_length = i; //terminate list of handles
rv = fp->C_FindObjectsFinal(info->session_handle);
if (rv != CKR_OK) {
fprintf(stderr, "C_FindObjectsFinal: rv = 0x%.8lX\n", rv);
fail_msg("Could not find certificate.\n");
goto out;
}
for (i = 0; i < objects_length; i++) {
/* Find attributes one after another to handle errors
* https://wiki.oasis-open.org/pkcs11/CommonBugs
*/
for (j = 0; j < template_size; j++) {
template[j].pValue = NULL;
template[j].ulValueLen = 0;
rv = fp->C_GetAttributeValue(info->session_handle, object_handles[i],
&(template[j]), 1);
if (rv == CKR_ATTRIBUTE_TYPE_INVALID) {
continue;
} else if (rv != CKR_OK) {
fail_msg("C_GetAttributeValue: rv = 0x%.8lX\n", rv);
goto out;
}
/* Allocate memory to hold the data we want */
if (template[j].ulValueLen == 0) {
continue;
} else {
template[j].pValue = malloc(template[j].ulValueLen);
if (template[j].pValue == NULL) {
fail_msg("malloc failed");
goto out;
}
}
/* Call again to get actual attribute */
rv = fp->C_GetAttributeValue(info->session_handle, object_handles[i],
&(template[j]), 1);
if (rv != CKR_OK) {
fail_msg("C_GetAttributeValue: rv = 0x%.8lX\n", rv);
goto out;
}
}
callback(objects, template, template_size, object_handles[i]);
// XXX check results
for (j = 0; j < template_size; j++)
free(template[j].pValue);
}
ret = 0;
out:
free(object_handles);
return ret;
}
void search_for_all_objects(test_certs_t *objects, token_info_t *info)
{
CK_OBJECT_CLASS keyClass = CKO_CERTIFICATE;
CK_OBJECT_CLASS privateClass = CKO_PRIVATE_KEY;
CK_OBJECT_CLASS publicClass = CKO_PUBLIC_KEY;
CK_ATTRIBUTE filter[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass)},
};
CK_ULONG filter_size = 1;
CK_ATTRIBUTE attrs[] = {
{ CKA_ID, NULL_PTR, 0},
{ CKA_VALUE, NULL_PTR, 0},
{ CKA_LABEL, NULL_PTR, 0},
{ CKA_CERTIFICATE_TYPE, NULL_PTR, 0},
};
CK_ULONG attrs_size = sizeof (attrs) / sizeof (CK_ATTRIBUTE);
CK_ATTRIBUTE private_attrs[] = {
{ CKA_SIGN, NULL, 0}, // CK_BBOOL
{ CKA_DECRYPT, NULL, 0}, // CK_BBOOL
{ CKA_KEY_TYPE, NULL, 0}, // CKK_
{ CKA_ID, NULL, 0},
{ CKA_ALWAYS_AUTHENTICATE, NULL, 0}, // CK_BBOOL
{ CKA_UNWRAP, NULL, 0}, // CK_BBOOL
{ CKA_DERIVE, NULL, 0}, // CK_BBOOL
{ CKA_LABEL, NULL_PTR, 0},
};
CK_ULONG private_attrs_size = sizeof (private_attrs) / sizeof (CK_ATTRIBUTE);
CK_ATTRIBUTE public_attrs[] = {
{ CKA_VERIFY, NULL, 0}, // CK_BBOOL
{ CKA_ENCRYPT, NULL, 0}, // CK_BBOOL
{ CKA_KEY_TYPE, NULL, 0},
{ CKA_ID, NULL, 0},
{ CKA_MODULUS, NULL, 0},
{ CKA_PUBLIC_EXPONENT, NULL, 0},
{ CKA_EC_PARAMS, NULL, 0},
{ CKA_EC_POINT, NULL, 0},
{ CKA_WRAP, NULL, 0}, // CK_BBOOL
{ CKA_DERIVE, NULL, 0}, // CK_BBOOL
};
CK_ULONG public_attrs_size = sizeof (public_attrs) / sizeof (CK_ATTRIBUTE);
debug_print("\nSearch for all certificates on the card");
search_objects(objects, info, filter, filter_size,
attrs, attrs_size, callback_certificates);
/* do the same thing with private keys (collect handles based on the collected IDs) */
debug_print("\nSearch for all private keys respective to the certificates");
filter[0].pValue = &privateClass;
// search for all and pair on the fly
search_objects(objects, info, filter, filter_size,
private_attrs, private_attrs_size, callback_private_keys);
debug_print("\nSearch for all public keys respective to the certificates");
filter[0].pValue = &publicClass;
search_objects(objects, info, filter, filter_size,
public_attrs, public_attrs_size, callback_public_keys);
}
void clean_all_objects(test_certs_t *objects) {
unsigned int i;
for (i = 0; i < objects->count; i++) {
free(objects->data[i].key_id);
free(objects->data[i].id_str);
free(objects->data[i].label);
X509_free(objects->data[i].x509);
if (objects->data[i].key_type == CKK_RSA &&
objects->data[i].key.rsa != NULL) {
RSA_free(objects->data[i].key.rsa);
} else if (objects->data[i].key_type == CKK_EC &&
objects->data[i].key.ec != NULL) {
EC_KEY_free(objects->data[i].key.ec);
} else if (objects->data[i].key_type == CKK_EC_EDWARDS &&
objects->data[i].key.pkey != NULL) {
EVP_PKEY_free(objects->data[i].key.pkey);
}
}
free(objects->data);
}
const char *get_mechanism_name(int mech_id)
{
switch (mech_id) {
case CKM_RSA_PKCS:
return "RSA_PKCS";
case CKM_SHA1_RSA_PKCS:
return "SHA1_RSA_PKCS";
case CKM_SHA224_RSA_PKCS:
return "SHA224_RSA_PKCS";
case CKM_SHA256_RSA_PKCS:
return "SHA256_RSA_PKCS";
case CKM_SHA384_RSA_PKCS:
return "SHA384_RSA_PKCS";
case CKM_SHA512_RSA_PKCS:
return "SHA512_RSA_PKCS";
case CKM_RSA_X_509:
return "RSA_X_509";
case CKM_ECDSA:
return "ECDSA";
case CKM_ECDSA_SHA1:
return "ECDSA_SHA1";
case CKM_ECDSA_SHA224:
return "ECDSA_SHA224";
case CKM_ECDSA_SHA256:
return "ECDSA_SHA256";
case CKM_ECDSA_SHA384:
return "ECDSA_SHA384";
case CKM_ECDSA_SHA512:
return "ECDSA_SHA512";
case CKM_EDDSA:
return "EDDSA";
case CKM_XEDDSA:
return "XEDDSA";
case CKM_ECDH1_DERIVE:
return "ECDH1_DERIVE";
case CKM_ECDH1_COFACTOR_DERIVE:
return "ECDH1_COFACTOR_DERIVE";
case CKM_EC_KEY_PAIR_GEN:
return "EC_KEY_PAIR_GEN";
case CKM_EC_EDWARDS_KEY_PAIR_GEN:
return "EC_EDWARDS_KEY_PAIR_GEN";
case CKM_RSA_PKCS_KEY_PAIR_GEN:
return "RSA_PKCS_KEY_PAIR_GEN";
case CKM_GENERIC_SECRET_KEY_GEN:
return "GENERIC_SECRET_KEY_GEN";
case CKM_MD5_RSA_PKCS:
return "MD5_RSA_PKCS";
case CKM_RIPEMD160_RSA_PKCS:
return "RIPEMD160_RSA_PKCS";
case CKM_RSA_PKCS_PSS:
return "RSA_PKCS_PSS";
case CKM_SHA1_RSA_PKCS_PSS:
return "SHA1_RSA_PKCS_PSS";
case CKM_SHA224_RSA_PKCS_PSS:
return "SHA224_RSA_PKCS_PSS";
case CKM_SHA256_RSA_PKCS_PSS:
return "SHA256_RSA_PKCS_PSS";
case CKM_SHA384_RSA_PKCS_PSS:
return "SHA384_RSA_PKCS_PSS";
case CKM_SHA512_RSA_PKCS_PSS:
return "SHA512_RSA_PKCS_PSS";
case CKM_MD5_HMAC:
return "MD5_HMAC";
case CKM_SHA_1_HMAC:
return "SHA_1_HMAC";
case CKM_SHA224_HMAC:
return "SHA224_HMAC";
case CKM_SHA256_HMAC:
return "SHA256_HMAC";
case CKM_SHA384_HMAC:
return "SHA384_HMAC";
case CKM_SHA512_HMAC:
return "SHA512_HMAC";
case CKM_RSA_PKCS_OAEP:
return "RSA_PKCS_OAEP";
case CKM_RIPEMD160:
return "RIPEMD160";
case CKM_GOSTR3411:
return "GOSTR3411";
case CKM_MD5:
return "MD5";
case CKM_SHA_1:
return "SHA_1";
case CKM_SHA224:
return "SHA224";
case CKM_SHA256:
return "SHA256";
case CKM_SHA384:
return "SHA384";
case CKM_SHA512:
return "SHA512";
case CKM_SHA3_256:
return "SHA3_256";
case CKM_SHA3_224:
return "SHA3_224";
case CKM_SHA3_384:
return "SHA3_384";
case CKM_SHA3_512:
return "SHA3_512";
default:
sprintf(name_buffer, "0x%.8X", mech_id);
return name_buffer;
}
}
const char *get_mgf_name(int mgf_id)
{
switch (mgf_id) {
case CKG_MGF1_SHA1:
return "MGF1_SHA_1";
case CKG_MGF1_SHA224:
return "MGF1_SHA224";
case CKG_MGF1_SHA256:
return "MGF1_SHA256";
case CKG_MGF1_SHA384:
return "MGF1_SHA384";
case CKG_MGF1_SHA512:
return "MGF1_SHA512";
default:
sprintf(name_buffer, "0x%.8X", mgf_id);
return name_buffer;
}
}
const char *get_mechanism_flag_name(int mech_id)
{
switch (mech_id) {
case CKF_HW:
return "CKF_HW";
case CKF_ENCRYPT:
return "CKF_ENCRYPT";
case CKF_DECRYPT:
return "CKF_DECRYPT";
case CKF_DIGEST:
return "CKF_DIGEST";
case CKF_SIGN:
return "CKF_SIGN";
case CKF_SIGN_RECOVER:
return "CKF_SIGN_RECOVER";
case CKF_VERIFY:
return "CKF_VERIFY";
case CKF_VERIFY_RECOVER:
return "CKF_VERIFY_RECOVER";
case CKF_GENERATE:
return "CKF_GENERATE";
case CKF_GENERATE_KEY_PAIR:
return "CKF_GENERATE_KEY_PAIR";
case CKF_WRAP:
return "CKF_WRAP";
case CKF_UNWRAP:
return "CKF_UNWRAP";
case CKF_DERIVE:
return "CKF_DERIVE";
case CKF_EC_F_P:
return "CKF_EC_F_P";
case CKF_EC_F_2M:
return "CKF_EC_F_2M";
case CKF_EC_NAMEDCURVE:
return "CKF_EC_NAMEDCURVE";
case CKF_EC_UNCOMPRESS:
return "CKF_EC_UNCOMPRESS";
case CKF_EC_COMPRESS:
return "CKF_EC_COMPRESS";
case CKF_EC_ECPARAMETERS:
return "CKF_EC_ECPARAMETERS";
default:
sprintf(flag_buffer, "0x%.8X", mech_id);
return flag_buffer;
}
}
char *convert_byte_string(unsigned char *id, unsigned long length)
{
unsigned int i;
char *data = malloc(3 * length * sizeof(char) + 1);
for (i = 0; i < length; i++)
sprintf(&data[i*3], "%02X:", id[i]);
data[length*3-1] = '\0';
return data;
}
void write_data_row(token_info_t *info, int cols, ...)
{
va_list ap;
int i, intval, type;
char *data;
cols = cols*2; /* shut GCC up */
va_start(ap, cols);
fprintf(info->log.fd, "\n\t[");
for (i = 1; i <= cols; i+=2) {
if (i > 1)
fprintf(info->log.fd, ",");
type = va_arg(ap, int);
if (type == 'd') {
intval = va_arg(ap, int);
fprintf(info->log.fd, "\n\t\t\"%d\"", intval);
} else if (type == 's') {
data = va_arg(ap, char*);
fprintf(info->log.fd, "\n\t\t\"%s\"", data);
}
}
fprintf(info->log.fd, "\n\t]");
va_end(ap);
}
int is_pss_mechanism(CK_MECHANISM_TYPE mech)
{
return (mech == CKM_RSA_PKCS_PSS
|| mech == CKM_SHA1_RSA_PKCS_PSS
|| mech == CKM_SHA256_RSA_PKCS_PSS
|| mech == CKM_SHA384_RSA_PKCS_PSS
|| mech == CKM_SHA512_RSA_PKCS_PSS
|| mech == CKM_SHA224_RSA_PKCS_PSS);
}
Reference in New Issue View Git Blame Copy Permalink