├── AUTHORS ├── LICENSE ├── Makefile.am ├── NEWS ├── README ├── README.svn ├── autogen.sh ├── configure.ac ├── m4 ├── acx_dlopen.m4 ├── acx_pedantic.m4 ├── acx_prefixhack.m4 └── acx_strict.m4 └── src ├── Makefile.am ├── cryptoki.h ├── cryptoki_compat └── pkcs11.h ├── error.cpp ├── error.h ├── getpw.cpp ├── getpw.h ├── import.cpp ├── import.h ├── library.cpp ├── library.h ├── mechanisms.cpp ├── mechanisms.h ├── pkcs11-testing.cpp ├── pkcs11-testing.h ├── publickey.cpp ├── publickey.h ├── session.cpp ├── session.h ├── showslots.cpp ├── showslots.h ├── stability.cpp └── stability.h /AUTHORS: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | * Developers 4 | 5 | Rickard Bellgrim (.SE, The Internet Infrastructure Foundation, www.iis.se) 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | Copyright (c) 2010 .SE, The Internet Infrastructure Foundation 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions 8 | are met: 9 | 1. Redistributions of source code must retain the above copyright 10 | notice, this list of conditions and the following disclaimer. 11 | 2. Redistributions in binary form must reproduce the above copyright 12 | notice, this list of conditions and the following disclaimer in the 13 | documentation and/or other materials provided with the distribution. 14 | 15 | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 | ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 19 | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 21 | GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 23 | IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 25 | IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | ACLOCAL_AMFLAGS = -I m4 4 | 5 | MAINTAINERCLEANFILES = \ 6 | config.log config.status \ 7 | $(srcdir)/Makefile.in \ 8 | $(srcdir)/config.h.in $(srcdir)/config.h.in~ \ 9 | $(srcdir)/configure \ 10 | $(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \ 11 | $(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/compile \ 12 | $(srcdir)/config.guess $(srcdir)/config.sub 13 | 14 | SUBDIRS = src 15 | 16 | EXTRA_DIST = $(srcdir)/LICENSE 17 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | NEWS for pkcs11-testing -- History of user visible changes 4 | 5 | pkcs11-testing 0.9.0b1 - 2010-09-27 6 | 7 | * Informal release to the testing team 8 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | 1. Configure the installation/compilation scripts 4 | 5 | ./configure 6 | 7 | 2. Compile the source code 8 | 9 | make 10 | 11 | 3. Install the program 12 | 13 | sudo make install 14 | 15 | 4. Run the program 16 | 17 | pkcs11-testing 18 | -------------------------------------------------------------------------------- /README.svn: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | If the code is downloaded directly from the SVN, then you have to prepare the 4 | configuration scripts before continuing with the real README. 5 | 6 | 1. You need to install automake, autoconf, libtool, etc. 7 | 8 | 2. Run the command 'sh autogen.sh' 9 | 10 | 3. Continue reading in the file README. 11 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # $Id$ 4 | 5 | autoreconf --install --force 6 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | dnl 2 | dnl $Id$ 3 | dnl 4 | 5 | ################## 6 | # # 7 | # Version # 8 | # # 9 | ################ 10 | 11 | # Program version 12 | 13 | define([VERSION_MAJOR], [0]) 14 | define([VERSION_MINOR], [9]) 15 | define([VERSION_FIX], [0]) 16 | define([PACKAGE_SUFFIX], [b1]) 17 | 18 | ################## 19 | # # 20 | # Configure code # 21 | # # 22 | ################## 23 | 24 | # Init 25 | AC_PREREQ(2.61) 26 | AC_INIT([pkcs11-testing],[VERSION_MAJOR.VERSION_MINOR.VERSION_FIX[]PACKAGE_SUFFIX]) 27 | AC_CONFIG_HEADER([config.h]) 28 | AC_CONFIG_SRCDIR([src/Makefile.am]) 29 | AC_CONFIG_MACRO_DIR([m4]) 30 | AM_INIT_AUTOMAKE(foreign) 31 | ACX_PREFIXHACK 32 | 33 | # Checks for compilers 34 | AC_PROG_CC 35 | AC_PROG_CXX 36 | 37 | # Compiler flags 38 | ACX_PEDANTIC 39 | ACX_STRICT 40 | 41 | # Check for libraries 42 | ACX_DLOPEN 43 | 44 | # Check for functions 45 | AC_CHECK_FUNCS(getpassphrase) 46 | 47 | AC_DEFINE_UNQUOTED( 48 | [MAX_PIN_LEN], 49 | [255], 50 | [Maximum PIN length] 51 | ) 52 | AC_DEFINE_UNQUOTED( 53 | [MIN_PIN_LEN], 54 | [4], 55 | [Minimum PIN length] 56 | ) 57 | 58 | # Generate the libtool script and install script 59 | AC_PROG_INSTALL 60 | AC_PROG_LIBTOOL 61 | 62 | # Generate the makefiles 63 | AC_CONFIG_FILES([ 64 | Makefile 65 | src/Makefile 66 | ]) 67 | 68 | AC_OUTPUT 69 | -------------------------------------------------------------------------------- /m4/acx_dlopen.m4: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AC_DEFUN([ACX_DLOPEN],[ 4 | tmp_SUCCESS="no" 5 | 6 | # Unix 7 | AC_CHECK_FUNC( 8 | [dlopen], 9 | [ 10 | AC_DEFINE(HAVE_DLOPEN, 1, [Define if you have dlopen]) 11 | tmp_SUCCESS="yes" 12 | ], 13 | [ 14 | AC_CHECK_LIB( 15 | [dl], 16 | [dlopen], 17 | [ 18 | AC_DEFINE(HAVE_DLOPEN, 1, [Define if you have dlopen]) 19 | LIBS="$LIBS -ldl" 20 | tmp_SUCCESS="yes" 21 | ] 22 | ) 23 | ] 24 | ) 25 | 26 | # Windows 27 | if test "$tmp_SUCCESS" = "no" 28 | then 29 | AC_MSG_CHECKING([for LoadLibrary]) 30 | AC_TRY_LINK( 31 | [#include ], 32 | [LoadLibrary(NULL);], 33 | [ 34 | AC_DEFINE(HAVE_LOADLIBRARY, 1, [Define if you have LoadLibrary]) 35 | tmp_SUCCESS="yes" 36 | ] 37 | ) 38 | AC_MSG_RESULT([$tmp_SUCCESS]) 39 | fi 40 | 41 | if test "$tmp_SUCCESS" = "no" 42 | then 43 | AC_MSG_ERROR([No dynamic library loading support]) 44 | fi 45 | ]) 46 | -------------------------------------------------------------------------------- /m4/acx_pedantic.m4: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AC_DEFUN([ACX_PEDANTIC],[ 4 | AC_ARG_ENABLE( 5 | [pedantic], 6 | [AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@enabled@:>@])], 7 | , 8 | [enable_pedantic="yes"] 9 | ) 10 | if test "${enable_pedantic}" = "yes"; then 11 | enable_strict="yes"; 12 | CFLAGS="${CFLAGS} -pedantic" 13 | fi 14 | ]) 15 | -------------------------------------------------------------------------------- /m4/acx_prefixhack.m4: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | # 3 | # Special processing of paths depending on whether --prefix, 4 | # --sysconfdir or --localstatedir arguments were given. 5 | 6 | AC_DEFUN([ACX_PREFIXHACK],[ 7 | case "$prefix" in 8 | NONE) 9 | case "$sysconfdir" in 10 | '${prefix}/etc') 11 | sysconfdir=/etc 12 | ac_configure_args="$ac_configure_args --sysconfdir=$sysconfdir" 13 | AC_MSG_NOTICE([sysconfdir set to $sysconfdir]) 14 | ;; 15 | esac 16 | case "$localstatedir" in 17 | '${prefix}/var') 18 | localstatedir=/var 19 | ac_configure_args="$ac_configure_args --localstatedir=$localstatedir" 20 | AC_MSG_NOTICE([localstate set to $localstatedir]) 21 | ;; 22 | esac 23 | ;; 24 | esac 25 | ]) 26 | -------------------------------------------------------------------------------- /m4/acx_strict.m4: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | AC_DEFUN([ACX_STRICT],[ 4 | AC_ARG_ENABLE( 5 | [strict], 6 | [AS_HELP_STRING([--enable-strict],[enable strict compile mode @<:@enabled@:>@])], 7 | , 8 | [enable_strict="yes"] 9 | ) 10 | if test "${enable_strict}" = "yes"; then 11 | CFLAGS="${CFLAGS} -Wall -Wextra" 12 | fi 13 | ]) 14 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | 3 | MAINTAINERCLEANFILES = $(srcdir)/Makefile.in 4 | 5 | AM_CPPFLAGS = -I$(srcdir)/cryptoki_compat 6 | 7 | # dist_man_MANS = pkcs11-testing.1 8 | 9 | bin_PROGRAMS = pkcs11-testing 10 | 11 | pkcs11_testing_SOURCES = pkcs11-testing.cpp \ 12 | error.cpp \ 13 | getpw.cpp \ 14 | library.cpp \ 15 | mechanisms.cpp \ 16 | publickey.cpp \ 17 | import.cpp \ 18 | session.cpp \ 19 | showslots.cpp \ 20 | stability.cpp 21 | 22 | EXTRA_DIST = $(srcdir)/*.h \ 23 | $(srcdir)/cryptoki_compat/*.h 24 | -------------------------------------------------------------------------------- /src/cryptoki.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | cryptoki.h 31 | *****************************************************************************/ 32 | 33 | #ifndef _PKCS11_TESTING_CRYPTOKI_H 34 | #define _PKCS11_TESTING_CRYPTOKI_H 35 | 36 | #define CRYPTOKI_COMPAT 37 | 38 | #include "pkcs11.h" 39 | 40 | #endif // !_PKCS11_TESTING_CRYPTOKI_H 41 | 42 | -------------------------------------------------------------------------------- /src/cryptoki_compat/pkcs11.h: -------------------------------------------------------------------------------- 1 | /* pkcs11.h 2 | Copyright 2006, 2007 g10 Code GmbH 3 | Copyright 2006 Andreas Jellinghaus 4 | 5 | This file is free software; as a special exception the author gives 6 | unlimited permission to copy and/or distribute it, with or without 7 | modifications, as long as this notice is preserved. 8 | 9 | This file is distributed in the hope that it will be useful, but 10 | WITHOUT ANY WARRANTY, to the extent permitted by law; without even 11 | the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR 12 | PURPOSE. */ 13 | 14 | /* Please submit changes back to the Scute project at 15 | http://www.scute.org/ (or send them to marcus@g10code.com), so that 16 | they can be picked up by other projects from there as well. */ 17 | 18 | /* This file is a modified implementation of the PKCS #11 standard by 19 | RSA Security Inc. It is mostly a drop-in replacement, with the 20 | following change: 21 | 22 | This header file does not require any macro definitions by the user 23 | (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros 24 | for you (if useful, some are missing, let me know if you need 25 | more). 26 | 27 | There is an additional API available that does comply better to the 28 | GNU coding standard. It can be switched on by defining 29 | CRYPTOKI_GNU before including this header file. For this, the 30 | following changes are made to the specification: 31 | 32 | All structure types are changed to a "struct ck_foo" where CK_FOO 33 | is the type name in PKCS #11. 34 | 35 | All non-structure types are changed to ck_foo_t where CK_FOO is the 36 | lowercase version of the type name in PKCS #11. The basic types 37 | (CK_ULONG et al.) are removed without substitute. 38 | 39 | All members of structures are modified in the following way: Type 40 | indication prefixes are removed, and underscore characters are 41 | inserted before words. Then the result is lowercased. 42 | 43 | Note that function names are still in the original case, as they 44 | need for ABI compatibility. 45 | 46 | CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use 47 | . 48 | 49 | If CRYPTOKI_COMPAT is defined before including this header file, 50 | then none of the API changes above take place, and the API is the 51 | one defined by the PKCS #11 standard. */ 52 | 53 | #ifndef PKCS11_H 54 | #define PKCS11_H 1 55 | 56 | #if defined(__cplusplus) 57 | extern "C" { 58 | #endif 59 | 60 | 61 | /* The version of cryptoki we implement. The revision is changed with 62 | each modification of this file. If you do not use the "official" 63 | version of this file, please consider deleting the revision macro 64 | (you may use a macro with a different name to keep track of your 65 | versions). */ 66 | #define CRYPTOKI_VERSION_MAJOR 2 67 | #define CRYPTOKI_VERSION_MINOR 20 68 | #define CRYPTOKI_VERSION_REVISION 6 69 | 70 | 71 | /* Compatibility interface is default, unless CRYPTOKI_GNU is 72 | given. */ 73 | #ifndef CRYPTOKI_GNU 74 | #ifndef CRYPTOKI_COMPAT 75 | #define CRYPTOKI_COMPAT 1 76 | #endif 77 | #endif 78 | 79 | /* System dependencies. */ 80 | 81 | #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) 82 | 83 | /* There is a matching pop below. */ 84 | #pragma pack(push, cryptoki, 1) 85 | 86 | #ifdef CRYPTOKI_EXPORTS 87 | #define CK_SPEC __declspec(dllexport) 88 | #else 89 | #define CK_SPEC __declspec(dllimport) 90 | #endif 91 | 92 | #else 93 | 94 | #define CK_SPEC 95 | 96 | #endif 97 | 98 | 99 | #ifdef CRYPTOKI_COMPAT 100 | /* If we are in compatibility mode, switch all exposed names to the 101 | PKCS #11 variant. There are corresponding #undefs below. */ 102 | 103 | #define ck_flags_t CK_FLAGS 104 | #define ck_version _CK_VERSION 105 | 106 | #define ck_info _CK_INFO 107 | #define cryptoki_version cryptokiVersion 108 | #define manufacturer_id manufacturerID 109 | #define library_description libraryDescription 110 | #define library_version libraryVersion 111 | 112 | #define ck_notification_t CK_NOTIFICATION 113 | #define ck_slot_id_t CK_SLOT_ID 114 | 115 | #define ck_slot_info _CK_SLOT_INFO 116 | #define slot_description slotDescription 117 | #define hardware_version hardwareVersion 118 | #define firmware_version firmwareVersion 119 | 120 | #define ck_token_info _CK_TOKEN_INFO 121 | #define serial_number serialNumber 122 | #define max_session_count ulMaxSessionCount 123 | #define session_count ulSessionCount 124 | #define max_rw_session_count ulMaxRwSessionCount 125 | #define rw_session_count ulRwSessionCount 126 | #define max_pin_len ulMaxPinLen 127 | #define min_pin_len ulMinPinLen 128 | #define total_public_memory ulTotalPublicMemory 129 | #define free_public_memory ulFreePublicMemory 130 | #define total_private_memory ulTotalPrivateMemory 131 | #define free_private_memory ulFreePrivateMemory 132 | #define utc_time utcTime 133 | 134 | #define ck_session_handle_t CK_SESSION_HANDLE 135 | #define ck_user_type_t CK_USER_TYPE 136 | #define ck_state_t CK_STATE 137 | 138 | #define ck_session_info _CK_SESSION_INFO 139 | #define slot_id slotID 140 | #define device_error ulDeviceError 141 | 142 | #define ck_object_handle_t CK_OBJECT_HANDLE 143 | #define ck_object_class_t CK_OBJECT_CLASS 144 | #define ck_hw_feature_type_t CK_HW_FEATURE_TYPE 145 | #define ck_key_type_t CK_KEY_TYPE 146 | #define ck_certificate_type_t CK_CERTIFICATE_TYPE 147 | #define ck_attribute_type_t CK_ATTRIBUTE_TYPE 148 | 149 | #define ck_attribute _CK_ATTRIBUTE 150 | #define value pValue 151 | #define value_len ulValueLen 152 | 153 | #define ck_date _CK_DATE 154 | 155 | #define ck_mechanism_type_t CK_MECHANISM_TYPE 156 | 157 | #define ck_mechanism _CK_MECHANISM 158 | #define parameter pParameter 159 | #define parameter_len ulParameterLen 160 | 161 | #define ck_mechanism_info _CK_MECHANISM_INFO 162 | #define min_key_size ulMinKeySize 163 | #define max_key_size ulMaxKeySize 164 | 165 | #define ck_rv_t CK_RV 166 | #define ck_notify_t CK_NOTIFY 167 | 168 | #define ck_function_list _CK_FUNCTION_LIST 169 | 170 | #define ck_createmutex_t CK_CREATEMUTEX 171 | #define ck_destroymutex_t CK_DESTROYMUTEX 172 | #define ck_lockmutex_t CK_LOCKMUTEX 173 | #define ck_unlockmutex_t CK_UNLOCKMUTEX 174 | 175 | #define ck_c_initialize_args _CK_C_INITIALIZE_ARGS 176 | #define create_mutex CreateMutex 177 | #define destroy_mutex DestroyMutex 178 | #define lock_mutex LockMutex 179 | #define unlock_mutex UnlockMutex 180 | #define reserved pReserved 181 | 182 | #endif /* CRYPTOKI_COMPAT */ 183 | 184 | 185 | 186 | typedef unsigned long ck_flags_t; 187 | 188 | struct ck_version 189 | { 190 | unsigned char major; 191 | unsigned char minor; 192 | }; 193 | 194 | 195 | struct ck_info 196 | { 197 | struct ck_version cryptoki_version; 198 | unsigned char manufacturer_id[32]; 199 | ck_flags_t flags; 200 | unsigned char library_description[32]; 201 | struct ck_version library_version; 202 | }; 203 | 204 | 205 | typedef unsigned long ck_notification_t; 206 | 207 | #define CKN_SURRENDER (0) 208 | 209 | 210 | typedef unsigned long ck_slot_id_t; 211 | 212 | 213 | struct ck_slot_info 214 | { 215 | unsigned char slot_description[64]; 216 | unsigned char manufacturer_id[32]; 217 | ck_flags_t flags; 218 | struct ck_version hardware_version; 219 | struct ck_version firmware_version; 220 | }; 221 | 222 | 223 | #define CKF_TOKEN_PRESENT (1 << 0) 224 | #define CKF_REMOVABLE_DEVICE (1 << 1) 225 | #define CKF_HW_SLOT (1 << 2) 226 | #define CKF_ARRAY_ATTRIBUTE (1 << 30) 227 | 228 | 229 | struct ck_token_info 230 | { 231 | unsigned char label[32]; 232 | unsigned char manufacturer_id[32]; 233 | unsigned char model[16]; 234 | unsigned char serial_number[16]; 235 | ck_flags_t flags; 236 | unsigned long max_session_count; 237 | unsigned long session_count; 238 | unsigned long max_rw_session_count; 239 | unsigned long rw_session_count; 240 | unsigned long max_pin_len; 241 | unsigned long min_pin_len; 242 | unsigned long total_public_memory; 243 | unsigned long free_public_memory; 244 | unsigned long total_private_memory; 245 | unsigned long free_private_memory; 246 | struct ck_version hardware_version; 247 | struct ck_version firmware_version; 248 | unsigned char utc_time[16]; 249 | }; 250 | 251 | 252 | #define CKF_RNG (1 << 0) 253 | #define CKF_WRITE_PROTECTED (1 << 1) 254 | #define CKF_LOGIN_REQUIRED (1 << 2) 255 | #define CKF_USER_PIN_INITIALIZED (1 << 3) 256 | #define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5) 257 | #define CKF_CLOCK_ON_TOKEN (1 << 6) 258 | #define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8) 259 | #define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9) 260 | #define CKF_TOKEN_INITIALIZED (1 << 10) 261 | #define CKF_SECONDARY_AUTHENTICATION (1 << 11) 262 | #define CKF_USER_PIN_COUNT_LOW (1 << 16) 263 | #define CKF_USER_PIN_FINAL_TRY (1 << 17) 264 | #define CKF_USER_PIN_LOCKED (1 << 18) 265 | #define CKF_USER_PIN_TO_BE_CHANGED (1 << 19) 266 | #define CKF_SO_PIN_COUNT_LOW (1 << 20) 267 | #define CKF_SO_PIN_FINAL_TRY (1 << 21) 268 | #define CKF_SO_PIN_LOCKED (1 << 22) 269 | #define CKF_SO_PIN_TO_BE_CHANGED (1 << 23) 270 | 271 | #define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1) 272 | #define CK_EFFECTIVELY_INFINITE (0) 273 | 274 | 275 | typedef unsigned long ck_session_handle_t; 276 | 277 | #define CK_INVALID_HANDLE (0) 278 | 279 | 280 | typedef unsigned long ck_user_type_t; 281 | 282 | #define CKU_SO (0) 283 | #define CKU_USER (1) 284 | #define CKU_CONTEXT_SPECIFIC (2) 285 | 286 | 287 | typedef unsigned long ck_state_t; 288 | 289 | #define CKS_RO_PUBLIC_SESSION (0) 290 | #define CKS_RO_USER_FUNCTIONS (1) 291 | #define CKS_RW_PUBLIC_SESSION (2) 292 | #define CKS_RW_USER_FUNCTIONS (3) 293 | #define CKS_RW_SO_FUNCTIONS (4) 294 | 295 | 296 | struct ck_session_info 297 | { 298 | ck_slot_id_t slot_id; 299 | ck_state_t state; 300 | ck_flags_t flags; 301 | unsigned long device_error; 302 | }; 303 | 304 | #define CKF_RW_SESSION (1 << 1) 305 | #define CKF_SERIAL_SESSION (1 << 2) 306 | 307 | 308 | typedef unsigned long ck_object_handle_t; 309 | 310 | 311 | typedef unsigned long ck_object_class_t; 312 | 313 | #define CKO_DATA (0) 314 | #define CKO_CERTIFICATE (1) 315 | #define CKO_PUBLIC_KEY (2) 316 | #define CKO_PRIVATE_KEY (3) 317 | #define CKO_SECRET_KEY (4) 318 | #define CKO_HW_FEATURE (5) 319 | #define CKO_DOMAIN_PARAMETERS (6) 320 | #define CKO_MECHANISM (7) 321 | #define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31)) 322 | 323 | 324 | typedef unsigned long ck_hw_feature_type_t; 325 | 326 | #define CKH_MONOTONIC_COUNTER (1) 327 | #define CKH_CLOCK (2) 328 | #define CKH_USER_INTERFACE (3) 329 | #define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31)) 330 | 331 | 332 | typedef unsigned long ck_key_type_t; 333 | 334 | #define CKK_RSA (0) 335 | #define CKK_DSA (1) 336 | #define CKK_DH (2) 337 | #define CKK_ECDSA (3) 338 | #define CKK_EC (3) 339 | #define CKK_X9_42_DH (4) 340 | #define CKK_KEA (5) 341 | #define CKK_GENERIC_SECRET (0x10) 342 | #define CKK_RC2 (0x11) 343 | #define CKK_RC4 (0x12) 344 | #define CKK_DES (0x13) 345 | #define CKK_DES2 (0x14) 346 | #define CKK_DES3 (0x15) 347 | #define CKK_CAST (0x16) 348 | #define CKK_CAST3 (0x17) 349 | #define CKK_CAST5 (0x18) /* Rickard */ 350 | #define CKK_CAST128 (0x18) 351 | #define CKK_RC5 (0x19) 352 | #define CKK_IDEA (0x1a) 353 | #define CKK_SKIPJACK (0x1b) 354 | #define CKK_BATON (0x1c) 355 | #define CKK_JUNIPER (0x1d) 356 | #define CKK_CDMF (0x1e) 357 | #define CKK_AES (0x1f) 358 | #define CKK_BLOWFISH (0x20) 359 | #define CKK_TWOFISH (0x21) 360 | #define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31)) 361 | 362 | 363 | typedef unsigned long ck_certificate_type_t; 364 | 365 | #define CKC_X_509 (0) 366 | #define CKC_X_509_ATTR_CERT (1) 367 | #define CKC_WTLS (2) 368 | #define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31)) 369 | 370 | 371 | typedef unsigned long ck_attribute_type_t; 372 | 373 | #define CKA_CLASS (0) 374 | #define CKA_TOKEN (1) 375 | #define CKA_PRIVATE (2) 376 | #define CKA_LABEL (3) 377 | #define CKA_APPLICATION (0x10) 378 | #define CKA_VALUE (0x11) 379 | #define CKA_OBJECT_ID (0x12) 380 | #define CKA_CERTIFICATE_TYPE (0x80) 381 | #define CKA_ISSUER (0x81) 382 | #define CKA_SERIAL_NUMBER (0x82) 383 | #define CKA_AC_ISSUER (0x83) 384 | #define CKA_OWNER (0x84) 385 | #define CKA_ATTR_TYPES (0x85) 386 | #define CKA_TRUSTED (0x86) 387 | #define CKA_CERTIFICATE_CATEGORY (0x87) 388 | #define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88) 389 | #define CKA_URL (0x89) 390 | #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a) 391 | #define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b) 392 | #define CKA_CHECK_VALUE (0x90) 393 | #define CKA_KEY_TYPE (0x100) 394 | #define CKA_SUBJECT (0x101) 395 | #define CKA_ID (0x102) 396 | #define CKA_SENSITIVE (0x103) 397 | #define CKA_ENCRYPT (0x104) 398 | #define CKA_DECRYPT (0x105) 399 | #define CKA_WRAP (0x106) 400 | #define CKA_UNWRAP (0x107) 401 | #define CKA_SIGN (0x108) 402 | #define CKA_SIGN_RECOVER (0x109) 403 | #define CKA_VERIFY (0x10a) 404 | #define CKA_VERIFY_RECOVER (0x10b) 405 | #define CKA_DERIVE (0x10c) 406 | #define CKA_START_DATE (0x110) 407 | #define CKA_END_DATE (0x111) 408 | #define CKA_MODULUS (0x120) 409 | #define CKA_MODULUS_BITS (0x121) 410 | #define CKA_PUBLIC_EXPONENT (0x122) 411 | #define CKA_PRIVATE_EXPONENT (0x123) 412 | #define CKA_PRIME_1 (0x124) 413 | #define CKA_PRIME_2 (0x125) 414 | #define CKA_EXPONENT_1 (0x126) 415 | #define CKA_EXPONENT_2 (0x127) 416 | #define CKA_COEFFICIENT (0x128) 417 | #define CKA_PRIME (0x130) 418 | #define CKA_SUBPRIME (0x131) 419 | #define CKA_BASE (0x132) 420 | #define CKA_PRIME_BITS (0x133) 421 | #define CKA_SUB_PRIME_BITS (0x134) 422 | #define CKA_VALUE_BITS (0x160) 423 | #define CKA_VALUE_LEN (0x161) 424 | #define CKA_EXTRACTABLE (0x162) 425 | #define CKA_LOCAL (0x163) 426 | #define CKA_NEVER_EXTRACTABLE (0x164) 427 | #define CKA_ALWAYS_SENSITIVE (0x165) 428 | #define CKA_KEY_GEN_MECHANISM (0x166) 429 | #define CKA_MODIFIABLE (0x170) 430 | #define CKA_ECDSA_PARAMS (0x180) 431 | #define CKA_EC_PARAMS (0x180) 432 | #define CKA_EC_POINT (0x181) 433 | #define CKA_SECONDARY_AUTH (0x200) 434 | #define CKA_AUTH_PIN_FLAGS (0x201) 435 | #define CKA_ALWAYS_AUTHENTICATE (0x202) 436 | #define CKA_WRAP_WITH_TRUSTED (0x210) 437 | #define CKA_HW_FEATURE_TYPE (0x300) 438 | #define CKA_RESET_ON_INIT (0x301) 439 | #define CKA_HAS_RESET (0x302) 440 | #define CKA_PIXEL_X (0x400) 441 | #define CKA_PIXEL_Y (0x401) 442 | #define CKA_RESOLUTION (0x402) 443 | #define CKA_CHAR_ROWS (0x403) 444 | #define CKA_CHAR_COLUMNS (0x404) 445 | #define CKA_COLOR (0x405) 446 | #define CKA_BITS_PER_PIXEL (0x406) 447 | #define CKA_CHAR_SETS (0x480) 448 | #define CKA_ENCODING_METHODS (0x481) 449 | #define CKA_MIME_TYPES (0x482) 450 | #define CKA_MECHANISM_TYPE (0x500) 451 | #define CKA_REQUIRED_CMS_ATTRIBUTES (0x501) 452 | #define CKA_DEFAULT_CMS_ATTRIBUTES (0x502) 453 | #define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503) 454 | #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211) 455 | #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212) 456 | #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600) 457 | #define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31)) 458 | 459 | 460 | struct ck_attribute 461 | { 462 | ck_attribute_type_t type; 463 | void *value; 464 | unsigned long value_len; 465 | }; 466 | 467 | 468 | struct ck_date 469 | { 470 | unsigned char year[4]; 471 | unsigned char month[2]; 472 | unsigned char day[2]; 473 | }; 474 | 475 | 476 | typedef unsigned long ck_mechanism_type_t; 477 | 478 | #define CKM_RSA_PKCS_KEY_PAIR_GEN (0) 479 | #define CKM_RSA_PKCS (1) 480 | #define CKM_RSA_9796 (2) 481 | #define CKM_RSA_X_509 (3) 482 | #define CKM_MD2_RSA_PKCS (4) 483 | #define CKM_MD5_RSA_PKCS (5) 484 | #define CKM_SHA1_RSA_PKCS (6) 485 | #define CKM_RIPEMD128_RSA_PKCS (7) 486 | #define CKM_RIPEMD160_RSA_PKCS (8) 487 | #define CKM_RSA_PKCS_OAEP (9) 488 | #define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa) 489 | #define CKM_RSA_X9_31 (0xb) 490 | #define CKM_SHA1_RSA_X9_31 (0xc) 491 | #define CKM_RSA_PKCS_PSS (0xd) 492 | #define CKM_SHA1_RSA_PKCS_PSS (0xe) 493 | #define CKM_DSA_KEY_PAIR_GEN (0x10) 494 | #define CKM_DSA (0x11) 495 | #define CKM_DSA_SHA1 (0x12) 496 | #define CKM_DH_PKCS_KEY_PAIR_GEN (0x20) 497 | #define CKM_DH_PKCS_DERIVE (0x21) 498 | #define CKM_X9_42_DH_KEY_PAIR_GEN (0x30) 499 | #define CKM_X9_42_DH_DERIVE (0x31) 500 | #define CKM_X9_42_DH_HYBRID_DERIVE (0x32) 501 | #define CKM_X9_42_MQV_DERIVE (0x33) 502 | #define CKM_SHA256_RSA_PKCS (0x40) 503 | #define CKM_SHA384_RSA_PKCS (0x41) 504 | #define CKM_SHA512_RSA_PKCS (0x42) 505 | #define CKM_SHA256_RSA_PKCS_PSS (0x43) 506 | #define CKM_SHA384_RSA_PKCS_PSS (0x44) 507 | #define CKM_SHA512_RSA_PKCS_PSS (0x45) 508 | #define CKM_RC2_KEY_GEN (0x100) 509 | #define CKM_RC2_ECB (0x101) 510 | #define CKM_RC2_CBC (0x102) 511 | #define CKM_RC2_MAC (0x103) 512 | #define CKM_RC2_MAC_GENERAL (0x104) 513 | #define CKM_RC2_CBC_PAD (0x105) 514 | #define CKM_RC4_KEY_GEN (0x110) 515 | #define CKM_RC4 (0x111) 516 | #define CKM_DES_KEY_GEN (0x120) 517 | #define CKM_DES_ECB (0x121) 518 | #define CKM_DES_CBC (0x122) 519 | #define CKM_DES_MAC (0x123) 520 | #define CKM_DES_MAC_GENERAL (0x124) 521 | #define CKM_DES_CBC_PAD (0x125) 522 | #define CKM_DES2_KEY_GEN (0x130) 523 | #define CKM_DES3_KEY_GEN (0x131) 524 | #define CKM_DES3_ECB (0x132) 525 | #define CKM_DES3_CBC (0x133) 526 | #define CKM_DES3_MAC (0x134) 527 | #define CKM_DES3_MAC_GENERAL (0x135) 528 | #define CKM_DES3_CBC_PAD (0x136) 529 | #define CKM_CDMF_KEY_GEN (0x140) 530 | #define CKM_CDMF_ECB (0x141) 531 | #define CKM_CDMF_CBC (0x142) 532 | #define CKM_CDMF_MAC (0x143) 533 | #define CKM_CDMF_MAC_GENERAL (0x144) 534 | #define CKM_CDMF_CBC_PAD (0x145) 535 | #define CKM_MD2 (0x200) 536 | #define CKM_MD2_HMAC (0x201) 537 | #define CKM_MD2_HMAC_GENERAL (0x202) 538 | #define CKM_MD5 (0x210) 539 | #define CKM_MD5_HMAC (0x211) 540 | #define CKM_MD5_HMAC_GENERAL (0x212) 541 | #define CKM_SHA_1 (0x220) 542 | #define CKM_SHA_1_HMAC (0x221) 543 | #define CKM_SHA_1_HMAC_GENERAL (0x222) 544 | #define CKM_RIPEMD128 (0x230) 545 | #define CKM_RIPEMD128_HMAC (0x231) 546 | #define CKM_RIPEMD128_HMAC_GENERAL (0x232) 547 | #define CKM_RIPEMD160 (0x240) 548 | #define CKM_RIPEMD160_HMAC (0x241) 549 | #define CKM_RIPEMD160_HMAC_GENERAL (0x242) 550 | #define CKM_SHA256 (0x250) 551 | #define CKM_SHA256_HMAC (0x251) 552 | #define CKM_SHA256_HMAC_GENERAL (0x252) 553 | #define CKM_SHA384 (0x260) 554 | #define CKM_SHA384_HMAC (0x261) 555 | #define CKM_SHA384_HMAC_GENERAL (0x262) 556 | #define CKM_SHA512 (0x270) 557 | #define CKM_SHA512_HMAC (0x271) 558 | #define CKM_SHA512_HMAC_GENERAL (0x272) 559 | #define CKM_CAST_KEY_GEN (0x300) 560 | #define CKM_CAST_ECB (0x301) 561 | #define CKM_CAST_CBC (0x302) 562 | #define CKM_CAST_MAC (0x303) 563 | #define CKM_CAST_MAC_GENERAL (0x304) 564 | #define CKM_CAST_CBC_PAD (0x305) 565 | #define CKM_CAST3_KEY_GEN (0x310) 566 | #define CKM_CAST3_ECB (0x311) 567 | #define CKM_CAST3_CBC (0x312) 568 | #define CKM_CAST3_MAC (0x313) 569 | #define CKM_CAST3_MAC_GENERAL (0x314) 570 | #define CKM_CAST3_CBC_PAD (0x315) 571 | #define CKM_CAST5_KEY_GEN (0x320) 572 | #define CKM_CAST128_KEY_GEN (0x320) 573 | #define CKM_CAST5_ECB (0x321) 574 | #define CKM_CAST128_ECB (0x321) 575 | #define CKM_CAST5_CBC (0x322) 576 | #define CKM_CAST128_CBC (0x322) 577 | #define CKM_CAST5_MAC (0x323) 578 | #define CKM_CAST128_MAC (0x323) 579 | #define CKM_CAST5_MAC_GENERAL (0x324) 580 | #define CKM_CAST128_MAC_GENERAL (0x324) 581 | #define CKM_CAST5_CBC_PAD (0x325) 582 | #define CKM_CAST128_CBC_PAD (0x325) 583 | #define CKM_RC5_KEY_GEN (0x330) 584 | #define CKM_RC5_ECB (0x331) 585 | #define CKM_RC5_CBC (0x332) 586 | #define CKM_RC5_MAC (0x333) 587 | #define CKM_RC5_MAC_GENERAL (0x334) 588 | #define CKM_RC5_CBC_PAD (0x335) 589 | #define CKM_IDEA_KEY_GEN (0x340) 590 | #define CKM_IDEA_ECB (0x341) 591 | #define CKM_IDEA_CBC (0x342) 592 | #define CKM_IDEA_MAC (0x343) 593 | #define CKM_IDEA_MAC_GENERAL (0x344) 594 | #define CKM_IDEA_CBC_PAD (0x345) 595 | #define CKM_GENERIC_SECRET_KEY_GEN (0x350) 596 | #define CKM_CONCATENATE_BASE_AND_KEY (0x360) 597 | #define CKM_CONCATENATE_BASE_AND_DATA (0x362) 598 | #define CKM_CONCATENATE_DATA_AND_BASE (0x363) 599 | #define CKM_XOR_BASE_AND_DATA (0x364) 600 | #define CKM_EXTRACT_KEY_FROM_KEY (0x365) 601 | #define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370) 602 | #define CKM_SSL3_MASTER_KEY_DERIVE (0x371) 603 | #define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372) 604 | #define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373) 605 | #define CKM_TLS_PRE_MASTER_KEY_GEN (0x374) 606 | #define CKM_TLS_MASTER_KEY_DERIVE (0x375) 607 | #define CKM_TLS_KEY_AND_MAC_DERIVE (0x376) 608 | #define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377) 609 | #define CKM_SSL3_MD5_MAC (0x380) 610 | #define CKM_SSL3_SHA1_MAC (0x381) 611 | #define CKM_MD5_KEY_DERIVATION (0x390) 612 | #define CKM_MD2_KEY_DERIVATION (0x391) 613 | #define CKM_SHA1_KEY_DERIVATION (0x392) 614 | #define CKM_PBE_MD2_DES_CBC (0x3a0) 615 | #define CKM_PBE_MD5_DES_CBC (0x3a1) 616 | #define CKM_PBE_MD5_CAST_CBC (0x3a2) 617 | #define CKM_PBE_MD5_CAST3_CBC (0x3a3) 618 | #define CKM_PBE_MD5_CAST5_CBC (0x3a4) 619 | #define CKM_PBE_MD5_CAST128_CBC (0x3a4) 620 | #define CKM_PBE_SHA1_CAST5_CBC (0x3a5) 621 | #define CKM_PBE_SHA1_CAST128_CBC (0x3a5) 622 | #define CKM_PBE_SHA1_RC4_128 (0x3a6) 623 | #define CKM_PBE_SHA1_RC4_40 (0x3a7) 624 | #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) 625 | #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) 626 | #define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) 627 | #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) 628 | #define CKM_PKCS5_PBKD2 (0x3b0) 629 | #define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0) 630 | #define CKM_KEY_WRAP_LYNKS (0x400) 631 | #define CKM_KEY_WRAP_SET_OAEP (0x401) 632 | #define CKM_SKIPJACK_KEY_GEN (0x1000) 633 | #define CKM_SKIPJACK_ECB64 (0x1001) 634 | #define CKM_SKIPJACK_CBC64 (0x1002) 635 | #define CKM_SKIPJACK_OFB64 (0x1003) 636 | #define CKM_SKIPJACK_CFB64 (0x1004) 637 | #define CKM_SKIPJACK_CFB32 (0x1005) 638 | #define CKM_SKIPJACK_CFB16 (0x1006) 639 | #define CKM_SKIPJACK_CFB8 (0x1007) 640 | #define CKM_SKIPJACK_WRAP (0x1008) 641 | #define CKM_SKIPJACK_PRIVATE_WRAP (0x1009) 642 | #define CKM_SKIPJACK_RELAYX (0x100a) 643 | #define CKM_KEA_KEY_PAIR_GEN (0x1010) 644 | #define CKM_KEA_KEY_DERIVE (0x1011) 645 | #define CKM_FORTEZZA_TIMESTAMP (0x1020) 646 | #define CKM_BATON_KEY_GEN (0x1030) 647 | #define CKM_BATON_ECB128 (0x1031) 648 | #define CKM_BATON_ECB96 (0x1032) 649 | #define CKM_BATON_CBC128 (0x1033) 650 | #define CKM_BATON_COUNTER (0x1034) 651 | #define CKM_BATON_SHUFFLE (0x1035) 652 | #define CKM_BATON_WRAP (0x1036) 653 | #define CKM_ECDSA_KEY_PAIR_GEN (0x1040) 654 | #define CKM_EC_KEY_PAIR_GEN (0x1040) 655 | #define CKM_ECDSA (0x1041) 656 | #define CKM_ECDSA_SHA1 (0x1042) 657 | #define CKM_ECDH1_DERIVE (0x1050) 658 | #define CKM_ECDH1_COFACTOR_DERIVE (0x1051) 659 | #define CKM_ECMQV_DERIVE (0x1052) 660 | #define CKM_JUNIPER_KEY_GEN (0x1060) 661 | #define CKM_JUNIPER_ECB128 (0x1061) 662 | #define CKM_JUNIPER_CBC128 (0x1062) 663 | #define CKM_JUNIPER_COUNTER (0x1063) 664 | #define CKM_JUNIPER_SHUFFLE (0x1064) 665 | #define CKM_JUNIPER_WRAP (0x1065) 666 | #define CKM_FASTHASH (0x1070) 667 | #define CKM_AES_KEY_GEN (0x1080) 668 | #define CKM_AES_ECB (0x1081) 669 | #define CKM_AES_CBC (0x1082) 670 | #define CKM_AES_MAC (0x1083) 671 | #define CKM_AES_MAC_GENERAL (0x1084) 672 | #define CKM_AES_CBC_PAD (0x1085) 673 | #define CKM_DSA_PARAMETER_GEN (0x2000) 674 | #define CKM_DH_PKCS_PARAMETER_GEN (0x2001) 675 | #define CKM_X9_42_DH_PARAMETER_GEN (0x2002) 676 | #define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31)) 677 | 678 | /* Missing mechanisms: Added by Rickard Bellgrim */ 679 | #define CKM_SHA224_RSA_PKCS (0x46) 680 | #define CKM_SHA224_RSA_PKCS_PSS (0x47) 681 | #define CKM_DES_OFB64 (0x150) 682 | #define CKM_DES_OFB8 (0x151) 683 | #define CKM_DES_CFB64 (0x152) 684 | #define CKM_DES_CFB8 (0x153) 685 | #define CKM_SHA224 (0x255) 686 | #define CKM_SHA224_HMAC (0x256) 687 | #define CKM_SHA224_HMAC_GENERAL (0x257) 688 | #define CKM_SECURID_KEY_GEN (0x280) 689 | #define CKM_SECURID (0x282) 690 | #define CKM_HOTP_KEY_GEN (0x290) 691 | #define CKM_HOTP (0x291) 692 | #define CKM_ACTI (0x2a0) 693 | #define CKM_ACTI_KEY_GEN (0x2a1) 694 | #define CKM_TLS_PRF (0x378) 695 | #define CKM_SHA256_KEY_DERIVATION (0x393) 696 | #define CKM_SHA384_KEY_DERIVATION (0x394) 697 | #define CKM_SHA512_KEY_DERIVATION (0x395) 698 | #define CKM_SHA224_KEY_DERIVATION (0x396) 699 | #define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0) 700 | #define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1) 701 | #define CKM_WTLS_MASTER_KEY_DERVIE_DH_ECC (0x3d2) 702 | #define CKM_WTLS_PRF (0x3d3) 703 | #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4) 704 | #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5) 705 | #define CKM_CMS_SIG (0x500) 706 | #define CKM_KIP_DERIVE (0x510) 707 | #define CKM_KIP_WRAP (0x511) 708 | #define CKM_KIP_MAC (0x512) 709 | #define CKM_CAMELLIA_KEY_GEN (0x550) 710 | #define CKM_CAMELLIA_ECB (0x551) 711 | #define CKM_CAMELLIA_CBC (0x552) 712 | #define CKM_CAMELLIA_MAC (0x553) 713 | #define CKM_CAMELLIA_MAC_GENERAL (0x554) 714 | #define CKM_CAMELLIA_CBC_PAD (0x555) 715 | #define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556) 716 | #define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557) 717 | #define CKM_CAMELLIA_CTR (0x558) 718 | #define CKM_ARIA_KEY_GEN (0x560) 719 | #define CKM_ARIA_ECB (0x561) 720 | #define CKM_ARIA_CBC (0x562) 721 | #define CKM_ARIA_MAC (0x563) 722 | #define CKM_ARIA_MAC_GENERAL (0x564) 723 | #define CKM_ARIA_CBC_PAD (0x565) 724 | #define CKM_ARIA_ECB_ENCRYPT_DATA (0x566) 725 | #define CKM_ARIA_CBC_ENCRYPT_DATA (0x567) 726 | #define CKM_AES_CTR (0x1086) 727 | #define CKM_BLOWFISH_KEY_GEN (0x1090) 728 | #define CKM_BLOWFISH_CBC (0x1091) 729 | #define CKM_TWOFISH_KEY_GEN (0x1092) 730 | #define CKM_TWOFISH_CBC (0x1093) 731 | #define CKM_DES_ECB_ENCRYPT_DATA (0x1100) 732 | #define CKM_DES_CBC_ENCRYPT_DATA (0x1101) 733 | #define CKM_DES3_ECB_ENCRYPT_DATA (0x1102) 734 | #define CKM_DES3_CBC_ENCRYPT_DATA (0x1103) 735 | #define CKM_AES_ECB_ENCRYPT_DATA (0x1104) 736 | #define CKM_AES_CBC_ENCRYPT_DATA (0x1105) 737 | 738 | struct ck_mechanism 739 | { 740 | ck_mechanism_type_t mechanism; 741 | void *parameter; 742 | unsigned long parameter_len; 743 | }; 744 | 745 | 746 | struct ck_mechanism_info 747 | { 748 | unsigned long min_key_size; 749 | unsigned long max_key_size; 750 | ck_flags_t flags; 751 | }; 752 | 753 | #define CKF_HW (1 << 0) 754 | #define CKF_ENCRYPT (1 << 8) 755 | #define CKF_DECRYPT (1 << 9) 756 | #define CKF_DIGEST (1 << 10) 757 | #define CKF_SIGN (1 << 11) 758 | #define CKF_SIGN_RECOVER (1 << 12) 759 | #define CKF_VERIFY (1 << 13) 760 | #define CKF_VERIFY_RECOVER (1 << 14) 761 | #define CKF_GENERATE (1 << 15) 762 | #define CKF_GENERATE_KEY_PAIR (1 << 16) 763 | #define CKF_WRAP (1 << 17) 764 | #define CKF_UNWRAP (1 << 18) 765 | #define CKF_DERIVE (1 << 19) 766 | #define CKF_EXTENSION ((unsigned long) (1 << 31)) 767 | 768 | 769 | /* Flags for C_WaitForSlotEvent. */ 770 | #define CKF_DONT_BLOCK (1) 771 | 772 | 773 | typedef unsigned long ck_rv_t; 774 | 775 | 776 | typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, 777 | ck_notification_t event, void *application); 778 | 779 | /* Forward reference. */ 780 | struct ck_function_list; 781 | 782 | #define _CK_DECLARE_FUNCTION(name, args) \ 783 | typedef ck_rv_t (*CK_ ## name) args; \ 784 | ck_rv_t CK_SPEC name args 785 | 786 | _CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); 787 | _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); 788 | _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); 789 | _CK_DECLARE_FUNCTION (C_GetFunctionList, 790 | (struct ck_function_list **function_list)); 791 | 792 | _CK_DECLARE_FUNCTION (C_GetSlotList, 793 | (unsigned char token_present, ck_slot_id_t *slot_list, 794 | unsigned long *count)); 795 | _CK_DECLARE_FUNCTION (C_GetSlotInfo, 796 | (ck_slot_id_t slot_id, struct ck_slot_info *info)); 797 | _CK_DECLARE_FUNCTION (C_GetTokenInfo, 798 | (ck_slot_id_t slot_id, struct ck_token_info *info)); 799 | _CK_DECLARE_FUNCTION (C_WaitForSlotEvent, 800 | (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); 801 | _CK_DECLARE_FUNCTION (C_GetMechanismList, 802 | (ck_slot_id_t slot_id, 803 | ck_mechanism_type_t *mechanism_list, 804 | unsigned long *count)); 805 | _CK_DECLARE_FUNCTION (C_GetMechanismInfo, 806 | (ck_slot_id_t slot_id, ck_mechanism_type_t type, 807 | struct ck_mechanism_info *info)); 808 | _CK_DECLARE_FUNCTION (C_InitToken, 809 | (ck_slot_id_t slot_id, unsigned char *pin, 810 | unsigned long pin_len, unsigned char *label)); 811 | _CK_DECLARE_FUNCTION (C_InitPIN, 812 | (ck_session_handle_t session, unsigned char *pin, 813 | unsigned long pin_len)); 814 | _CK_DECLARE_FUNCTION (C_SetPIN, 815 | (ck_session_handle_t session, unsigned char *old_pin, 816 | unsigned long old_len, unsigned char *new_pin, 817 | unsigned long new_len)); 818 | 819 | _CK_DECLARE_FUNCTION (C_OpenSession, 820 | (ck_slot_id_t slot_id, ck_flags_t flags, 821 | void *application, ck_notify_t notify, 822 | ck_session_handle_t *session)); 823 | _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); 824 | _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); 825 | _CK_DECLARE_FUNCTION (C_GetSessionInfo, 826 | (ck_session_handle_t session, 827 | struct ck_session_info *info)); 828 | _CK_DECLARE_FUNCTION (C_GetOperationState, 829 | (ck_session_handle_t session, 830 | unsigned char *operation_state, 831 | unsigned long *operation_state_len)); 832 | _CK_DECLARE_FUNCTION (C_SetOperationState, 833 | (ck_session_handle_t session, 834 | unsigned char *operation_state, 835 | unsigned long operation_state_len, 836 | ck_object_handle_t encryption_key, 837 | ck_object_handle_t authentiation_key)); 838 | _CK_DECLARE_FUNCTION (C_Login, 839 | (ck_session_handle_t session, ck_user_type_t user_type, 840 | unsigned char *pin, unsigned long pin_len)); 841 | _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); 842 | 843 | _CK_DECLARE_FUNCTION (C_CreateObject, 844 | (ck_session_handle_t session, 845 | struct ck_attribute *templ, 846 | unsigned long count, ck_object_handle_t *object)); 847 | _CK_DECLARE_FUNCTION (C_CopyObject, 848 | (ck_session_handle_t session, ck_object_handle_t object, 849 | struct ck_attribute *templ, unsigned long count, 850 | ck_object_handle_t *new_object)); 851 | _CK_DECLARE_FUNCTION (C_DestroyObject, 852 | (ck_session_handle_t session, 853 | ck_object_handle_t object)); 854 | _CK_DECLARE_FUNCTION (C_GetObjectSize, 855 | (ck_session_handle_t session, 856 | ck_object_handle_t object, 857 | unsigned long *size)); 858 | _CK_DECLARE_FUNCTION (C_GetAttributeValue, 859 | (ck_session_handle_t session, 860 | ck_object_handle_t object, 861 | struct ck_attribute *templ, 862 | unsigned long count)); 863 | _CK_DECLARE_FUNCTION (C_SetAttributeValue, 864 | (ck_session_handle_t session, 865 | ck_object_handle_t object, 866 | struct ck_attribute *templ, 867 | unsigned long count)); 868 | _CK_DECLARE_FUNCTION (C_FindObjectsInit, 869 | (ck_session_handle_t session, 870 | struct ck_attribute *templ, 871 | unsigned long count)); 872 | _CK_DECLARE_FUNCTION (C_FindObjects, 873 | (ck_session_handle_t session, 874 | ck_object_handle_t *object, 875 | unsigned long max_object_count, 876 | unsigned long *object_count)); 877 | _CK_DECLARE_FUNCTION (C_FindObjectsFinal, 878 | (ck_session_handle_t session)); 879 | 880 | _CK_DECLARE_FUNCTION (C_EncryptInit, 881 | (ck_session_handle_t session, 882 | struct ck_mechanism *mechanism, 883 | ck_object_handle_t key)); 884 | _CK_DECLARE_FUNCTION (C_Encrypt, 885 | (ck_session_handle_t session, 886 | unsigned char *data, unsigned long data_len, 887 | unsigned char *encrypted_data, 888 | unsigned long *encrypted_data_len)); 889 | _CK_DECLARE_FUNCTION (C_EncryptUpdate, 890 | (ck_session_handle_t session, 891 | unsigned char *part, unsigned long part_len, 892 | unsigned char *encrypted_part, 893 | unsigned long *encrypted_part_len)); 894 | _CK_DECLARE_FUNCTION (C_EncryptFinal, 895 | (ck_session_handle_t session, 896 | unsigned char *last_encrypted_part, 897 | unsigned long *last_encrypted_part_len)); 898 | 899 | _CK_DECLARE_FUNCTION (C_DecryptInit, 900 | (ck_session_handle_t session, 901 | struct ck_mechanism *mechanism, 902 | ck_object_handle_t key)); 903 | _CK_DECLARE_FUNCTION (C_Decrypt, 904 | (ck_session_handle_t session, 905 | unsigned char *encrypted_data, 906 | unsigned long encrypted_data_len, 907 | unsigned char *data, unsigned long *data_len)); 908 | _CK_DECLARE_FUNCTION (C_DecryptUpdate, 909 | (ck_session_handle_t session, 910 | unsigned char *encrypted_part, 911 | unsigned long encrypted_part_len, 912 | unsigned char *part, unsigned long *part_len)); 913 | _CK_DECLARE_FUNCTION (C_DecryptFinal, 914 | (ck_session_handle_t session, 915 | unsigned char *last_part, 916 | unsigned long *last_part_len)); 917 | 918 | _CK_DECLARE_FUNCTION (C_DigestInit, 919 | (ck_session_handle_t session, 920 | struct ck_mechanism *mechanism)); 921 | _CK_DECLARE_FUNCTION (C_Digest, 922 | (ck_session_handle_t session, 923 | unsigned char *data, unsigned long data_len, 924 | unsigned char *digest, 925 | unsigned long *digest_len)); 926 | _CK_DECLARE_FUNCTION (C_DigestUpdate, 927 | (ck_session_handle_t session, 928 | unsigned char *part, unsigned long part_len)); 929 | _CK_DECLARE_FUNCTION (C_DigestKey, 930 | (ck_session_handle_t session, ck_object_handle_t key)); 931 | _CK_DECLARE_FUNCTION (C_DigestFinal, 932 | (ck_session_handle_t session, 933 | unsigned char *digest, 934 | unsigned long *digest_len)); 935 | 936 | _CK_DECLARE_FUNCTION (C_SignInit, 937 | (ck_session_handle_t session, 938 | struct ck_mechanism *mechanism, 939 | ck_object_handle_t key)); 940 | _CK_DECLARE_FUNCTION (C_Sign, 941 | (ck_session_handle_t session, 942 | unsigned char *data, unsigned long data_len, 943 | unsigned char *signature, 944 | unsigned long *signature_len)); 945 | _CK_DECLARE_FUNCTION (C_SignUpdate, 946 | (ck_session_handle_t session, 947 | unsigned char *part, unsigned long part_len)); 948 | _CK_DECLARE_FUNCTION (C_SignFinal, 949 | (ck_session_handle_t session, 950 | unsigned char *signature, 951 | unsigned long *signature_len)); 952 | _CK_DECLARE_FUNCTION (C_SignRecoverInit, 953 | (ck_session_handle_t session, 954 | struct ck_mechanism *mechanism, 955 | ck_object_handle_t key)); 956 | _CK_DECLARE_FUNCTION (C_SignRecover, 957 | (ck_session_handle_t session, 958 | unsigned char *data, unsigned long data_len, 959 | unsigned char *signature, 960 | unsigned long *signature_len)); 961 | 962 | _CK_DECLARE_FUNCTION (C_VerifyInit, 963 | (ck_session_handle_t session, 964 | struct ck_mechanism *mechanism, 965 | ck_object_handle_t key)); 966 | _CK_DECLARE_FUNCTION (C_Verify, 967 | (ck_session_handle_t session, 968 | unsigned char *data, unsigned long data_len, 969 | unsigned char *signature, 970 | unsigned long signature_len)); 971 | _CK_DECLARE_FUNCTION (C_VerifyUpdate, 972 | (ck_session_handle_t session, 973 | unsigned char *part, unsigned long part_len)); 974 | _CK_DECLARE_FUNCTION (C_VerifyFinal, 975 | (ck_session_handle_t session, 976 | unsigned char *signature, 977 | unsigned long signature_len)); 978 | _CK_DECLARE_FUNCTION (C_VerifyRecoverInit, 979 | (ck_session_handle_t session, 980 | struct ck_mechanism *mechanism, 981 | ck_object_handle_t key)); 982 | _CK_DECLARE_FUNCTION (C_VerifyRecover, 983 | (ck_session_handle_t session, 984 | unsigned char *signature, 985 | unsigned long signature_len, 986 | unsigned char *data, 987 | unsigned long *data_len)); 988 | 989 | _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, 990 | (ck_session_handle_t session, 991 | unsigned char *part, unsigned long part_len, 992 | unsigned char *encrypted_part, 993 | unsigned long *encrypted_part_len)); 994 | _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, 995 | (ck_session_handle_t session, 996 | unsigned char *encrypted_part, 997 | unsigned long encrypted_part_len, 998 | unsigned char *part, 999 | unsigned long *part_len)); 1000 | _CK_DECLARE_FUNCTION (C_SignEncryptUpdate, 1001 | (ck_session_handle_t session, 1002 | unsigned char *part, unsigned long part_len, 1003 | unsigned char *encrypted_part, 1004 | unsigned long *encrypted_part_len)); 1005 | _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, 1006 | (ck_session_handle_t session, 1007 | unsigned char *encrypted_part, 1008 | unsigned long encrypted_part_len, 1009 | unsigned char *part, 1010 | unsigned long *part_len)); 1011 | 1012 | _CK_DECLARE_FUNCTION (C_GenerateKey, 1013 | (ck_session_handle_t session, 1014 | struct ck_mechanism *mechanism, 1015 | struct ck_attribute *templ, 1016 | unsigned long count, 1017 | ck_object_handle_t *key)); 1018 | _CK_DECLARE_FUNCTION (C_GenerateKeyPair, 1019 | (ck_session_handle_t session, 1020 | struct ck_mechanism *mechanism, 1021 | struct ck_attribute *public_key_template, 1022 | unsigned long public_key_attribute_count, 1023 | struct ck_attribute *private_key_template, 1024 | unsigned long private_key_attribute_count, 1025 | ck_object_handle_t *public_key, 1026 | ck_object_handle_t *private_key)); 1027 | _CK_DECLARE_FUNCTION (C_WrapKey, 1028 | (ck_session_handle_t session, 1029 | struct ck_mechanism *mechanism, 1030 | ck_object_handle_t wrapping_key, 1031 | ck_object_handle_t key, 1032 | unsigned char *wrapped_key, 1033 | unsigned long *wrapped_key_len)); 1034 | _CK_DECLARE_FUNCTION (C_UnwrapKey, 1035 | (ck_session_handle_t session, 1036 | struct ck_mechanism *mechanism, 1037 | ck_object_handle_t unwrapping_key, 1038 | unsigned char *wrapped_key, 1039 | unsigned long wrapped_key_len, 1040 | struct ck_attribute *templ, 1041 | unsigned long attribute_count, 1042 | ck_object_handle_t *key)); 1043 | _CK_DECLARE_FUNCTION (C_DeriveKey, 1044 | (ck_session_handle_t session, 1045 | struct ck_mechanism *mechanism, 1046 | ck_object_handle_t base_key, 1047 | struct ck_attribute *templ, 1048 | unsigned long attribute_count, 1049 | ck_object_handle_t *key)); 1050 | 1051 | _CK_DECLARE_FUNCTION (C_SeedRandom, 1052 | (ck_session_handle_t session, unsigned char *seed, 1053 | unsigned long seed_len)); 1054 | _CK_DECLARE_FUNCTION (C_GenerateRandom, 1055 | (ck_session_handle_t session, 1056 | unsigned char *random_data, 1057 | unsigned long random_len)); 1058 | 1059 | _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); 1060 | _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); 1061 | 1062 | 1063 | struct ck_function_list 1064 | { 1065 | struct ck_version version; 1066 | CK_C_Initialize C_Initialize; 1067 | CK_C_Finalize C_Finalize; 1068 | CK_C_GetInfo C_GetInfo; 1069 | CK_C_GetFunctionList C_GetFunctionList; 1070 | CK_C_GetSlotList C_GetSlotList; 1071 | CK_C_GetSlotInfo C_GetSlotInfo; 1072 | CK_C_GetTokenInfo C_GetTokenInfo; 1073 | CK_C_GetMechanismList C_GetMechanismList; 1074 | CK_C_GetMechanismInfo C_GetMechanismInfo; 1075 | CK_C_InitToken C_InitToken; 1076 | CK_C_InitPIN C_InitPIN; 1077 | CK_C_SetPIN C_SetPIN; 1078 | CK_C_OpenSession C_OpenSession; 1079 | CK_C_CloseSession C_CloseSession; 1080 | CK_C_CloseAllSessions C_CloseAllSessions; 1081 | CK_C_GetSessionInfo C_GetSessionInfo; 1082 | CK_C_GetOperationState C_GetOperationState; 1083 | CK_C_SetOperationState C_SetOperationState; 1084 | CK_C_Login C_Login; 1085 | CK_C_Logout C_Logout; 1086 | CK_C_CreateObject C_CreateObject; 1087 | CK_C_CopyObject C_CopyObject; 1088 | CK_C_DestroyObject C_DestroyObject; 1089 | CK_C_GetObjectSize C_GetObjectSize; 1090 | CK_C_GetAttributeValue C_GetAttributeValue; 1091 | CK_C_SetAttributeValue C_SetAttributeValue; 1092 | CK_C_FindObjectsInit C_FindObjectsInit; 1093 | CK_C_FindObjects C_FindObjects; 1094 | CK_C_FindObjectsFinal C_FindObjectsFinal; 1095 | CK_C_EncryptInit C_EncryptInit; 1096 | CK_C_Encrypt C_Encrypt; 1097 | CK_C_EncryptUpdate C_EncryptUpdate; 1098 | CK_C_EncryptFinal C_EncryptFinal; 1099 | CK_C_DecryptInit C_DecryptInit; 1100 | CK_C_Decrypt C_Decrypt; 1101 | CK_C_DecryptUpdate C_DecryptUpdate; 1102 | CK_C_DecryptFinal C_DecryptFinal; 1103 | CK_C_DigestInit C_DigestInit; 1104 | CK_C_Digest C_Digest; 1105 | CK_C_DigestUpdate C_DigestUpdate; 1106 | CK_C_DigestKey C_DigestKey; 1107 | CK_C_DigestFinal C_DigestFinal; 1108 | CK_C_SignInit C_SignInit; 1109 | CK_C_Sign C_Sign; 1110 | CK_C_SignUpdate C_SignUpdate; 1111 | CK_C_SignFinal C_SignFinal; 1112 | CK_C_SignRecoverInit C_SignRecoverInit; 1113 | CK_C_SignRecover C_SignRecover; 1114 | CK_C_VerifyInit C_VerifyInit; 1115 | CK_C_Verify C_Verify; 1116 | CK_C_VerifyUpdate C_VerifyUpdate; 1117 | CK_C_VerifyFinal C_VerifyFinal; 1118 | CK_C_VerifyRecoverInit C_VerifyRecoverInit; 1119 | CK_C_VerifyRecover C_VerifyRecover; 1120 | CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; 1121 | CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; 1122 | CK_C_SignEncryptUpdate C_SignEncryptUpdate; 1123 | CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; 1124 | CK_C_GenerateKey C_GenerateKey; 1125 | CK_C_GenerateKeyPair C_GenerateKeyPair; 1126 | CK_C_WrapKey C_WrapKey; 1127 | CK_C_UnwrapKey C_UnwrapKey; 1128 | CK_C_DeriveKey C_DeriveKey; 1129 | CK_C_SeedRandom C_SeedRandom; 1130 | CK_C_GenerateRandom C_GenerateRandom; 1131 | CK_C_GetFunctionStatus C_GetFunctionStatus; 1132 | CK_C_CancelFunction C_CancelFunction; 1133 | CK_C_WaitForSlotEvent C_WaitForSlotEvent; 1134 | }; 1135 | 1136 | 1137 | typedef ck_rv_t (*ck_createmutex_t) (void **mutex); 1138 | typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); 1139 | typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); 1140 | typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); 1141 | 1142 | 1143 | struct ck_c_initialize_args 1144 | { 1145 | ck_createmutex_t create_mutex; 1146 | ck_destroymutex_t destroy_mutex; 1147 | ck_lockmutex_t lock_mutex; 1148 | ck_unlockmutex_t unlock_mutex; 1149 | ck_flags_t flags; 1150 | void *reserved; 1151 | }; 1152 | 1153 | 1154 | #define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0) 1155 | #define CKF_OS_LOCKING_OK (1 << 1) 1156 | 1157 | #define CKR_OK (0) 1158 | #define CKR_CANCEL (1) 1159 | #define CKR_HOST_MEMORY (2) 1160 | #define CKR_SLOT_ID_INVALID (3) 1161 | #define CKR_GENERAL_ERROR (5) 1162 | #define CKR_FUNCTION_FAILED (6) 1163 | #define CKR_ARGUMENTS_BAD (7) 1164 | #define CKR_NO_EVENT (8) 1165 | #define CKR_NEED_TO_CREATE_THREADS (9) 1166 | #define CKR_CANT_LOCK (0xa) 1167 | #define CKR_ATTRIBUTE_READ_ONLY (0x10) 1168 | #define CKR_ATTRIBUTE_SENSITIVE (0x11) 1169 | #define CKR_ATTRIBUTE_TYPE_INVALID (0x12) 1170 | #define CKR_ATTRIBUTE_VALUE_INVALID (0x13) 1171 | #define CKR_DATA_INVALID (0x20) 1172 | #define CKR_DATA_LEN_RANGE (0x21) 1173 | #define CKR_DEVICE_ERROR (0x30) 1174 | #define CKR_DEVICE_MEMORY (0x31) 1175 | #define CKR_DEVICE_REMOVED (0x32) 1176 | #define CKR_ENCRYPTED_DATA_INVALID (0x40) 1177 | #define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41) 1178 | #define CKR_FUNCTION_CANCELED (0x50) 1179 | #define CKR_FUNCTION_NOT_PARALLEL (0x51) 1180 | #define CKR_FUNCTION_NOT_SUPPORTED (0x54) 1181 | #define CKR_KEY_HANDLE_INVALID (0x60) 1182 | #define CKR_KEY_SIZE_RANGE (0x62) 1183 | #define CKR_KEY_TYPE_INCONSISTENT (0x63) 1184 | #define CKR_KEY_NOT_NEEDED (0x64) 1185 | #define CKR_KEY_CHANGED (0x65) 1186 | #define CKR_KEY_NEEDED (0x66) 1187 | #define CKR_KEY_INDIGESTIBLE (0x67) 1188 | #define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68) 1189 | #define CKR_KEY_NOT_WRAPPABLE (0x69) 1190 | #define CKR_KEY_UNEXTRACTABLE (0x6a) 1191 | #define CKR_MECHANISM_INVALID (0x70) 1192 | #define CKR_MECHANISM_PARAM_INVALID (0x71) 1193 | #define CKR_OBJECT_HANDLE_INVALID (0x82) 1194 | #define CKR_OPERATION_ACTIVE (0x90) 1195 | #define CKR_OPERATION_NOT_INITIALIZED (0x91) 1196 | #define CKR_PIN_INCORRECT (0xa0) 1197 | #define CKR_PIN_INVALID (0xa1) 1198 | #define CKR_PIN_LEN_RANGE (0xa2) 1199 | #define CKR_PIN_EXPIRED (0xa3) 1200 | #define CKR_PIN_LOCKED (0xa4) 1201 | #define CKR_SESSION_CLOSED (0xb0) 1202 | #define CKR_SESSION_COUNT (0xb1) 1203 | #define CKR_SESSION_HANDLE_INVALID (0xb3) 1204 | #define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4) 1205 | #define CKR_SESSION_READ_ONLY (0xb5) 1206 | #define CKR_SESSION_EXISTS (0xb6) 1207 | #define CKR_SESSION_READ_ONLY_EXISTS (0xb7) 1208 | #define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8) 1209 | #define CKR_SIGNATURE_INVALID (0xc0) 1210 | #define CKR_SIGNATURE_LEN_RANGE (0xc1) 1211 | #define CKR_TEMPLATE_INCOMPLETE (0xd0) 1212 | #define CKR_TEMPLATE_INCONSISTENT (0xd1) 1213 | #define CKR_TOKEN_NOT_PRESENT (0xe0) 1214 | #define CKR_TOKEN_NOT_RECOGNIZED (0xe1) 1215 | #define CKR_TOKEN_WRITE_PROTECTED (0xe2) 1216 | #define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0) 1217 | #define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1) 1218 | #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2) 1219 | #define CKR_USER_ALREADY_LOGGED_IN (0x100) 1220 | #define CKR_USER_NOT_LOGGED_IN (0x101) 1221 | #define CKR_USER_PIN_NOT_INITIALIZED (0x102) 1222 | #define CKR_USER_TYPE_INVALID (0x103) 1223 | #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104) 1224 | #define CKR_USER_TOO_MANY_TYPES (0x105) 1225 | #define CKR_WRAPPED_KEY_INVALID (0x110) 1226 | #define CKR_WRAPPED_KEY_LEN_RANGE (0x112) 1227 | #define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113) 1228 | #define CKR_WRAPPING_KEY_SIZE_RANGE (0x114) 1229 | #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115) 1230 | #define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120) 1231 | #define CKR_RANDOM_NO_RNG (0x121) 1232 | #define CKR_DOMAIN_PARAMS_INVALID (0x130) 1233 | #define CKR_BUFFER_TOO_SMALL (0x150) 1234 | #define CKR_SAVED_STATE_INVALID (0x160) 1235 | #define CKR_INFORMATION_SENSITIVE (0x170) 1236 | #define CKR_STATE_UNSAVEABLE (0x180) 1237 | #define CKR_CRYPTOKI_NOT_INITIALIZED (0x190) 1238 | #define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191) 1239 | #define CKR_MUTEX_BAD (0x1a0) 1240 | #define CKR_MUTEX_NOT_LOCKED (0x1a1) 1241 | #define CKR_FUNCTION_REJECTED (0x200) 1242 | #define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31)) 1243 | 1244 | 1245 | 1246 | /* Compatibility layer. */ 1247 | 1248 | #ifdef CRYPTOKI_COMPAT 1249 | 1250 | #undef CK_DEFINE_FUNCTION 1251 | #define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name 1252 | 1253 | /* For NULL. */ 1254 | #include 1255 | 1256 | typedef unsigned char CK_BYTE; 1257 | typedef unsigned char CK_CHAR; 1258 | typedef unsigned char CK_UTF8CHAR; 1259 | typedef unsigned char CK_BBOOL; 1260 | typedef unsigned long int CK_ULONG; 1261 | typedef long int CK_LONG; 1262 | typedef CK_BYTE *CK_BYTE_PTR; 1263 | typedef CK_CHAR *CK_CHAR_PTR; 1264 | typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; 1265 | typedef CK_ULONG *CK_ULONG_PTR; 1266 | typedef void *CK_VOID_PTR; 1267 | typedef void **CK_VOID_PTR_PTR; 1268 | #define CK_FALSE 0 1269 | #define CK_TRUE 1 1270 | #ifndef CK_DISABLE_TRUE_FALSE 1271 | #ifndef FALSE 1272 | #define FALSE 0 1273 | #endif 1274 | #ifndef TRUE 1275 | #define TRUE 1 1276 | #endif 1277 | #endif 1278 | 1279 | typedef struct ck_version CK_VERSION; 1280 | typedef struct ck_version *CK_VERSION_PTR; 1281 | 1282 | typedef struct ck_info CK_INFO; 1283 | typedef struct ck_info *CK_INFO_PTR; 1284 | 1285 | typedef ck_slot_id_t *CK_SLOT_ID_PTR; 1286 | 1287 | typedef struct ck_slot_info CK_SLOT_INFO; 1288 | typedef struct ck_slot_info *CK_SLOT_INFO_PTR; 1289 | 1290 | typedef struct ck_token_info CK_TOKEN_INFO; 1291 | typedef struct ck_token_info *CK_TOKEN_INFO_PTR; 1292 | 1293 | typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; 1294 | 1295 | typedef struct ck_session_info CK_SESSION_INFO; 1296 | typedef struct ck_session_info *CK_SESSION_INFO_PTR; 1297 | 1298 | typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; 1299 | 1300 | typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; 1301 | 1302 | typedef struct ck_attribute CK_ATTRIBUTE; 1303 | typedef struct ck_attribute *CK_ATTRIBUTE_PTR; 1304 | 1305 | typedef struct ck_date CK_DATE; 1306 | typedef struct ck_date *CK_DATE_PTR; 1307 | 1308 | typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; 1309 | 1310 | typedef struct ck_mechanism CK_MECHANISM; 1311 | typedef struct ck_mechanism *CK_MECHANISM_PTR; 1312 | 1313 | typedef struct ck_mechanism_info CK_MECHANISM_INFO; 1314 | typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; 1315 | 1316 | typedef struct ck_function_list CK_FUNCTION_LIST; 1317 | typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; 1318 | typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; 1319 | 1320 | typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; 1321 | typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; 1322 | 1323 | #define NULL_PTR NULL 1324 | 1325 | /* Delete the helper macros defined at the top of the file. */ 1326 | #undef ck_flags_t 1327 | #undef ck_version 1328 | 1329 | #undef ck_info 1330 | #undef cryptoki_version 1331 | #undef manufacturer_id 1332 | #undef library_description 1333 | #undef library_version 1334 | 1335 | #undef ck_notification_t 1336 | #undef ck_slot_id_t 1337 | 1338 | #undef ck_slot_info 1339 | #undef slot_description 1340 | #undef hardware_version 1341 | #undef firmware_version 1342 | 1343 | #undef ck_token_info 1344 | #undef serial_number 1345 | #undef max_session_count 1346 | #undef session_count 1347 | #undef max_rw_session_count 1348 | #undef rw_session_count 1349 | #undef max_pin_len 1350 | #undef min_pin_len 1351 | #undef total_public_memory 1352 | #undef free_public_memory 1353 | #undef total_private_memory 1354 | #undef free_private_memory 1355 | #undef utc_time 1356 | 1357 | #undef ck_session_handle_t 1358 | #undef ck_user_type_t 1359 | #undef ck_state_t 1360 | 1361 | #undef ck_session_info 1362 | #undef slot_id 1363 | #undef device_error 1364 | 1365 | #undef ck_object_handle_t 1366 | #undef ck_object_class_t 1367 | #undef ck_hw_feature_type_t 1368 | #undef ck_key_type_t 1369 | #undef ck_certificate_type_t 1370 | #undef ck_attribute_type_t 1371 | 1372 | #undef ck_attribute 1373 | #undef value 1374 | #undef value_len 1375 | 1376 | #undef ck_date 1377 | 1378 | #undef ck_mechanism_type_t 1379 | 1380 | #undef ck_mechanism 1381 | #undef parameter 1382 | #undef parameter_len 1383 | 1384 | #undef ck_mechanism_info 1385 | #undef min_key_size 1386 | #undef max_key_size 1387 | 1388 | #undef ck_rv_t 1389 | #undef ck_notify_t 1390 | 1391 | #undef ck_function_list 1392 | 1393 | #undef ck_createmutex_t 1394 | #undef ck_destroymutex_t 1395 | #undef ck_lockmutex_t 1396 | #undef ck_unlockmutex_t 1397 | 1398 | #undef ck_c_initialize_args 1399 | #undef create_mutex 1400 | #undef destroy_mutex 1401 | #undef lock_mutex 1402 | #undef unlock_mutex 1403 | #undef reserved 1404 | 1405 | #endif /* CRYPTOKI_COMPAT */ 1406 | 1407 | 1408 | /* System dependencies. */ 1409 | #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) 1410 | #pragma pack(pop, cryptoki) 1411 | #endif 1412 | 1413 | #if defined(__cplusplus) 1414 | } 1415 | #endif 1416 | 1417 | #endif /* PKCS11_H */ 1418 | -------------------------------------------------------------------------------- /src/error.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | error.cpp 31 | 32 | Function for getting error string 33 | *****************************************************************************/ 34 | 35 | #include "error.h" 36 | 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | 43 | 44 | const char* rv2string(CK_RV rv) 45 | { 46 | switch (rv) 47 | { 48 | case CKR_OK: 49 | return "CKR_OK"; 50 | case CKR_CANCEL: 51 | return "CKR_CANCEL"; 52 | case CKR_HOST_MEMORY: 53 | return "CKR_HOST_MEMORY"; 54 | case CKR_SLOT_ID_INVALID: 55 | return "CKR_SLOT_ID_INVALID"; 56 | case CKR_GENERAL_ERROR: 57 | return "CKR_GENERAL_ERROR"; 58 | case CKR_FUNCTION_FAILED: 59 | return "CKR_FUNCTION_FAILED"; 60 | case CKR_ARGUMENTS_BAD: 61 | return "CKR_ARGUMENTS_BAD"; 62 | case CKR_NO_EVENT: 63 | return "CKR_NO_EVENT"; 64 | case CKR_NEED_TO_CREATE_THREADS: 65 | return "CKR_NEED_TO_CREATE_THREADS"; 66 | case CKR_CANT_LOCK: 67 | return "CKR_CANT_LOCK"; 68 | case CKR_ATTRIBUTE_READ_ONLY: 69 | return "CKR_ATTRIBUTE_READ_ONLY"; 70 | case CKR_ATTRIBUTE_SENSITIVE: 71 | return "CKR_ATTRIBUTE_SENSITIVE"; 72 | case CKR_ATTRIBUTE_TYPE_INVALID: 73 | return "CKR_ATTRIBUTE_TYPE_INVALID"; 74 | case CKR_ATTRIBUTE_VALUE_INVALID: 75 | return "CKR_ATTRIBUTE_VALUE_INVALID"; 76 | case CKR_DATA_INVALID: 77 | return "CKR_DATA_INVALID"; 78 | case CKR_DATA_LEN_RANGE: 79 | return "CKR_DATA_LEN_RANGE"; 80 | case CKR_DEVICE_ERROR: 81 | return "CKR_DEVICE_ERROR"; 82 | case CKR_DEVICE_MEMORY: 83 | return "CKR_DEVICE_MEMORY"; 84 | case CKR_DEVICE_REMOVED: 85 | return "CKR_DEVICE_REMOVED"; 86 | case CKR_ENCRYPTED_DATA_INVALID: 87 | return "CKR_ENCRYPTED_DATA_INVALID"; 88 | case CKR_ENCRYPTED_DATA_LEN_RANGE: 89 | return "CKR_ENCRYPTED_DATA_LEN_RANGE"; 90 | case CKR_FUNCTION_CANCELED: 91 | return "CKR_FUNCTION_CANCELED"; 92 | case CKR_FUNCTION_NOT_PARALLEL: 93 | return "CKR_FUNCTION_NOT_PARALLEL"; 94 | case CKR_KEY_HANDLE_INVALID: 95 | return "CKR_KEY_HANDLE_INVALID"; 96 | case CKR_KEY_SIZE_RANGE: 97 | return "CKR_KEY_SIZE_RANGE"; 98 | case CKR_KEY_TYPE_INCONSISTENT: 99 | return "CKR_KEY_TYPE_INCONSISTENT"; 100 | case CKR_KEY_NOT_NEEDED: 101 | return "CKR_KEY_NOT_NEEDED"; 102 | case CKR_KEY_CHANGED: 103 | return "CKR_KEY_CHANGED"; 104 | case CKR_KEY_NEEDED: 105 | return "CKR_KEY_NEEDED"; 106 | case CKR_KEY_INDIGESTIBLE: 107 | return "CKR_KEY_INDIGESTIBLE"; 108 | case CKR_KEY_FUNCTION_NOT_PERMITTED: 109 | return "CKR_KEY_FUNCTION_NOT_PERMITTED"; 110 | case CKR_KEY_NOT_WRAPPABLE: 111 | return "CKR_KEY_NOT_WRAPPABLE"; 112 | case CKR_KEY_UNEXTRACTABLE: 113 | return "CKR_KEY_UNEXTRACTABLE"; 114 | case CKR_MECHANISM_INVALID: 115 | return "CKR_MECHANISM_INVALID"; 116 | case CKR_MECHANISM_PARAM_INVALID: 117 | return "CKR_MECHANISM_PARAM_INVALID"; 118 | case CKR_OBJECT_HANDLE_INVALID: 119 | return "CKR_OBJECT_HANDLE_INVALID"; 120 | case CKR_OPERATION_ACTIVE: 121 | return "CKR_OPERATION_ACTIVE"; 122 | case CKR_OPERATION_NOT_INITIALIZED: 123 | return "CKR_OPERATION_NOT_INITIALIZED"; 124 | case CKR_PIN_INCORRECT: 125 | return "CKR_PIN_INCORRECT"; 126 | case CKR_PIN_INVALID: 127 | return "CKR_PIN_INVALID"; 128 | case CKR_PIN_LEN_RANGE: 129 | return "CKR_PIN_LEN_RANGE"; 130 | case CKR_PIN_EXPIRED: 131 | return "CKR_PIN_EXPIRED"; 132 | case CKR_PIN_LOCKED: 133 | return "CKR_PIN_LOCKED"; 134 | case CKR_SESSION_CLOSED: 135 | return "CKR_SESSION_CLOSED"; 136 | case CKR_SESSION_COUNT: 137 | return "CKR_SESSION_COUNT"; 138 | case CKR_SESSION_HANDLE_INVALID: 139 | return "CKR_SESSION_HANDLE_INVALID"; 140 | case CKR_SESSION_PARALLEL_NOT_SUPPORTED: 141 | return "CKR_SESSION_PARALLEL_NOT_SUPPORTED"; 142 | case CKR_SESSION_READ_ONLY: 143 | return "CKR_SESSION_READ_ONLY"; 144 | case CKR_SESSION_EXISTS: 145 | return "CKR_SESSION_EXISTS"; 146 | case CKR_SESSION_READ_ONLY_EXISTS: 147 | return "CKR_SESSION_READ_ONLY_EXISTS"; 148 | case CKR_SESSION_READ_WRITE_SO_EXISTS: 149 | return "CKR_SESSION_READ_WRITE_SO_EXISTS"; 150 | case CKR_SIGNATURE_INVALID: 151 | return "CKR_SIGNATURE_INVALID"; 152 | case CKR_SIGNATURE_LEN_RANGE: 153 | return "CKR_SIGNATURE_LEN_RANGE"; 154 | case CKR_TEMPLATE_INCOMPLETE: 155 | return "CKR_TEMPLATE_INCOMPLETE"; 156 | case CKR_TEMPLATE_INCONSISTENT: 157 | return "CKR_TEMPLATE_INCONSISTENT"; 158 | case CKR_TOKEN_NOT_PRESENT: 159 | return "CKR_TOKEN_NOT_PRESENT"; 160 | case CKR_TOKEN_NOT_RECOGNIZED: 161 | return "CKR_TOKEN_NOT_RECOGNIZED"; 162 | case CKR_TOKEN_WRITE_PROTECTED: 163 | return "CKR_TOKEN_WRITE_PROTECTED"; 164 | case CKR_UNWRAPPING_KEY_HANDLE_INVALID: 165 | return "CKR_UNWRAPPING_KEY_HANDLE_INVALID"; 166 | case CKR_UNWRAPPING_KEY_SIZE_RANGE: 167 | return "CKR_UNWRAPPING_KEY_SIZE_RANGE"; 168 | case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: 169 | return "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT"; 170 | case CKR_USER_ALREADY_LOGGED_IN: 171 | return "CKR_USER_ALREADY_LOGGED_IN"; 172 | case CKR_USER_NOT_LOGGED_IN: 173 | return "CKR_USER_NOT_LOGGED_IN"; 174 | case CKR_USER_PIN_NOT_INITIALIZED: 175 | return "CKR_USER_PIN_NOT_INITIALIZED"; 176 | case CKR_USER_TYPE_INVALID: 177 | return "CKR_USER_TYPE_INVALID"; 178 | case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: 179 | return "CKR_USER_ANOTHER_ALREADY_LOGGED_IN"; 180 | case CKR_USER_TOO_MANY_TYPES: 181 | return "CKR_USER_TOO_MANY_TYPES"; 182 | case CKR_WRAPPED_KEY_INVALID: 183 | return "CKR_WRAPPED_KEY_INVALID"; 184 | case CKR_WRAPPED_KEY_LEN_RANGE: 185 | return "CKR_WRAPPED_KEY_LEN_RANGE"; 186 | case CKR_WRAPPING_KEY_HANDLE_INVALID: 187 | return "CKR_WRAPPING_KEY_HANDLE_INVALID"; 188 | case CKR_WRAPPING_KEY_SIZE_RANGE: 189 | return "CKR_WRAPPING_KEY_SIZE_RANGE"; 190 | case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: 191 | return "CKR_WRAPPING_KEY_TYPE_INCONSISTENT"; 192 | case CKR_RANDOM_SEED_NOT_SUPPORTED: 193 | return "CKR_RANDOM_SEED_NOT_SUPPORTED"; 194 | case CKR_RANDOM_NO_RNG: 195 | return "CKR_RANDOM_NO_RNG"; 196 | case CKR_DOMAIN_PARAMS_INVALID: 197 | return "CKR_DOMAIN_PARAMS_INVALID"; 198 | case CKR_BUFFER_TOO_SMALL: 199 | return "CKR_BUFFER_TOO_SMALL"; 200 | case CKR_SAVED_STATE_INVALID: 201 | return "CKR_SAVED_STATE_INVALID"; 202 | case CKR_INFORMATION_SENSITIVE: 203 | return "CKR_INFORMATION_SENSITIVE"; 204 | case CKR_STATE_UNSAVEABLE: 205 | return "CKR_STATE_UNSAVEABLE"; 206 | case CKR_CRYPTOKI_NOT_INITIALIZED: 207 | return "CKR_CRYPTOKI_NOT_INITIALIZED"; 208 | case CKR_CRYPTOKI_ALREADY_INITIALIZED: 209 | return "CKR_CRYPTOKI_ALREADY_INITIALIZED"; 210 | case CKR_MUTEX_BAD: 211 | return "CKR_MUTEX_BAD"; 212 | case CKR_MUTEX_NOT_LOCKED: 213 | return "CKR_MUTEX_NOT_LOCKED"; 214 | case CKR_FUNCTION_REJECTED: 215 | return "CKR_FUNCTION_REJECTED"; 216 | case CKR_VENDOR_DEFINED: 217 | return "CKR_VENDOR_DEFINED"; 218 | default: 219 | return "Unknown error"; 220 | } 221 | } 222 | -------------------------------------------------------------------------------- /src/error.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | error.h 31 | 32 | Function for getting error string 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_ERROR_H 36 | #define _PKCS11_TESTING_ERROR_H 37 | 38 | #include "cryptoki.h" 39 | 40 | const char* rv2string(CK_RV rv); 41 | 42 | #endif // !_PKCS11_TESTING_ERROR_H 43 | -------------------------------------------------------------------------------- /src/getpw.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | getpw.cpp 31 | 32 | Helper function to get a password from the user 33 | *****************************************************************************/ 34 | 35 | #include 36 | #include "getpw.h" 37 | 38 | #include 39 | #include 40 | #include 41 | #include 42 | 43 | // Get a password from the user 44 | void getPW(char *pin, char *newPIN, CK_ULONG userType) 45 | { 46 | // Keep a copy of the PIN because getpass/getpassphrase 47 | // will overwrite the previous PIN. 48 | char password[MAX_PIN_LEN+1]; 49 | 50 | int length = 0; 51 | 52 | if (pin) 53 | { 54 | length = strlen(pin); 55 | } 56 | 57 | while (length < MIN_PIN_LEN || length > MAX_PIN_LEN) 58 | { 59 | if (userType == CKU_SO) 60 | { 61 | printf("*** SO PIN (%i-%i characters) ***\n", 62 | MIN_PIN_LEN, MAX_PIN_LEN); 63 | } 64 | else 65 | { 66 | printf("*** User PIN (%i-%i characters) ***\n", 67 | MIN_PIN_LEN, MAX_PIN_LEN); 68 | } 69 | 70 | #ifdef HAVE_GETPASSPHRASE 71 | if (userType == CKU_SO) 72 | { 73 | pin = getpassphrase("Please enter SO PIN: "); 74 | } 75 | else 76 | { 77 | pin = getpassphrase("Please enter user PIN: "); 78 | } 79 | #else 80 | if (userType == CKU_SO) 81 | { 82 | pin = getpass("Please enter SO PIN: "); 83 | } 84 | else 85 | { 86 | pin = getpass("Please enter user PIN: "); 87 | } 88 | #endif 89 | 90 | length = strlen(pin); 91 | if (length < MIN_PIN_LEN || length > MAX_PIN_LEN) 92 | { 93 | fprintf(stderr, "ERROR: The length of the PIN is out of range.\n"); 94 | length = 0; 95 | continue; 96 | } 97 | strcpy(password, pin); 98 | 99 | #ifdef HAVE_GETPASSPHRASE 100 | if (userType == CKU_SO) 101 | { 102 | pin = getpassphrase("Please reenter SO PIN: "); 103 | } 104 | else 105 | { 106 | pin = getpassphrase("Please reenter user PIN: "); 107 | } 108 | #else 109 | if (userType == CKU_SO) 110 | { 111 | pin = getpass("Please reenter SO PIN: "); 112 | } 113 | else 114 | { 115 | pin = getpass("Please reenter user PIN: "); 116 | } 117 | #endif 118 | 119 | if (strcmp(password, pin)) 120 | { 121 | fprintf(stderr, "ERROR: The entered PINs are not equal.\n"); 122 | length = 0; 123 | continue; 124 | } 125 | } 126 | 127 | strcpy(newPIN, pin); 128 | } 129 | -------------------------------------------------------------------------------- /src/getpw.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | getpw.h 31 | 32 | Helper function to get a password from the user 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_GETPW_H 36 | #define _PKCS11_TESTING_GETPW_H 37 | 38 | #include "cryptoki.h" 39 | 40 | void getPW(char *pin, char *newPIN, CK_ULONG userType); 41 | 42 | #endif // !_PKCS11_TESTING_GETPW_H 43 | -------------------------------------------------------------------------------- /src/import.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | import.cpp 31 | 32 | Functions for testing key import 33 | *****************************************************************************/ 34 | 35 | #include "import.h" 36 | #include "error.h" 37 | #include "publickey.h" 38 | 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | 45 | 46 | extern CK_FUNCTION_LIST_PTR p11; 47 | 48 | int testRSAImport(CK_SESSION_HANDLE hSession) 49 | { 50 | CK_RV rv; 51 | int retVal = 0; 52 | CK_BYTE id[] = { 123 }; 53 | CK_BBOOL ckTrue = CK_TRUE, ckFalse = CK_FALSE; 54 | CK_BYTE label[] = "label"; 55 | CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY, privClass = CKO_PRIVATE_KEY; 56 | CK_KEY_TYPE keyType = CKK_RSA; 57 | CK_OBJECT_HANDLE hPublicKey, hPrivateKey; 58 | 59 | CK_BYTE n_1024[] = { 60 | 0xB8, 0xA4, 0xAF, 0x0A, 0xE1, 0x26, 0xD2, 0x04, 0x72, 0xCD, 0xC3, 0xF0, 0x00, 0x83, 61 | 0x1F, 0x02, 0x00, 0xC8, 0x5F, 0x0B, 0xCC, 0xE5, 0x87, 0xCC, 0xF1, 0x82, 0x91, 0xE4, 62 | 0x65, 0x81, 0x2E, 0x8C, 0xAF, 0x87, 0xF1, 0x00, 0x92, 0x96, 0x81, 0x1E, 0xB6, 0x52, 63 | 0xA4, 0x28, 0x35, 0x16, 0xBB, 0xA2, 0x51, 0xA1, 0xB8, 0xDE, 0xB0, 0x6F, 0x2A, 0x37, 64 | 0x97, 0xF4, 0x8C, 0x56, 0x60, 0x7A, 0xC4, 0x0A, 0x20, 0x75, 0xED, 0x3D, 0x9B, 0xE3, 65 | 0xCF, 0x87, 0x96, 0x5C, 0xF6, 0x0C, 0xB3, 0xB4, 0x17, 0xF3, 0xAA, 0x13, 0x4D, 0x3E, 66 | 0x6F, 0xDD, 0xA7, 0xF9, 0x0B, 0xD3, 0x6E, 0xFD, 0xA5, 0x5C, 0x59, 0x93, 0x7D, 0xFC, 67 | 0x51, 0xFE, 0x61, 0x0C, 0xEB, 0xDE, 0x94, 0x21, 0x0F, 0x98, 0xE8, 0x86, 0x03, 0x13, 68 | 0x0E, 0x33, 0xAF, 0x16, 0x32, 0x47, 0xA0, 0xC7, 0x24, 0x51, 0xFB, 0x3F, 0x0C, 0x6B, 69 | 0x99, 0x79 70 | }; 71 | CK_BYTE e_1024[] = { 72 | 0x01, 0x00, 0x01 73 | }; 74 | CK_BYTE d_1024[] = { 75 | 0x82, 0xB8, 0xA4, 0xEC, 0x70, 0xE6, 0x88, 0xFD, 0x79, 0x41, 0xD0, 0x1C, 0x54, 0x60, 76 | 0x80, 0x4D, 0x6C, 0xBC, 0x6E, 0xFD, 0xED, 0xBB, 0xFA, 0xDE, 0xCF, 0x84, 0xFF, 0x40, 77 | 0xD1, 0xD4, 0x19, 0x5E, 0xA4, 0xCE, 0xFB, 0x82, 0xCA, 0x45, 0x1F, 0x78, 0xDC, 0xDF, 78 | 0xB9, 0x34, 0x76, 0x11, 0x78, 0x19, 0xBC, 0xED, 0x5F, 0xF2, 0xD8, 0xBA, 0x7B, 0x0B, 79 | 0x0C, 0xDB, 0xA7, 0x97, 0x67, 0x8A, 0xC2, 0xCA, 0xAC, 0x6E, 0xFA, 0x9F, 0x79, 0x8A, 80 | 0xE4, 0x7F, 0x3A, 0x44, 0xFA, 0xC0, 0x03, 0xF2, 0x7A, 0xD9, 0x0E, 0xB1, 0x2A, 0x0C, 81 | 0xCA, 0x61, 0x9F, 0x09, 0xF1, 0x71, 0x4D, 0x8E, 0xAE, 0x6C, 0x5F, 0x8C, 0x12, 0x4F, 82 | 0x64, 0x9A, 0xFC, 0x14, 0x3F, 0xCB, 0x2B, 0xB8, 0x65, 0x68, 0x7B, 0xCD, 0xF7, 0x25, 83 | 0x67, 0xD5, 0xC4, 0x8C, 0x77, 0xD5, 0x76, 0xC1, 0xA7, 0xC5, 0xF1, 0x81, 0xE2, 0xCE, 84 | 0x7D, 0x01 85 | }; 86 | CK_BYTE p_1024[] = { 87 | 0xE3, 0xB8, 0x61, 0xA8, 0x68, 0x93, 0x01, 0xAA, 0x65, 0xF5, 0x94, 0x17, 0x7A, 0x34, 88 | 0xAC, 0xCD, 0x8B, 0xFC, 0x1B, 0xD1, 0xB8, 0xF4, 0x4E, 0xCF, 0xA1, 0xB3, 0xD7, 0xFE, 89 | 0x29, 0xC2, 0xC4, 0x28, 0x23, 0x3D, 0xDB, 0x52, 0xB6, 0xCA, 0x30, 0x2D, 0x7B, 0xDD, 90 | 0x71, 0xFC, 0x9D, 0x23, 0xFE, 0x01, 0x01, 0x47, 0x6E, 0xCD, 0xA3, 0x22, 0xD5, 0x9F, 91 | 0x23, 0xB9, 0xB6, 0xB5, 0xF8, 0x40, 0x25, 0x49 92 | }; 93 | CK_BYTE q_1024[] = { 94 | 0xCF, 0x92, 0xCF, 0xE2, 0xFE, 0xF9, 0x8C, 0xEF, 0x04, 0x70, 0x7D, 0xED, 0x10, 0xE0, 95 | 0x14, 0x95, 0x0B, 0x21, 0x9D, 0xF4, 0x27, 0xBB, 0x0C, 0x7E, 0x48, 0x20, 0xFC, 0x5A, 96 | 0xAA, 0x2F, 0x07, 0xC0, 0x06, 0xC8, 0x2E, 0x28, 0x63, 0xB2, 0x43, 0xA2, 0x77, 0x11, 97 | 0x5E, 0x05, 0xB1, 0x96, 0x11, 0x03, 0x88, 0xBA, 0x86, 0x85, 0x07, 0x53, 0x69, 0xBB, 98 | 0xC4, 0xBE, 0x4F, 0x26, 0xEB, 0xCD, 0x42, 0xB1 99 | }; 100 | CK_BYTE dp_1024[] = { 101 | 0xE1, 0xA5, 0x56, 0xBF, 0xB5, 0xBF, 0xD5, 0xAA, 0xAF, 0x95, 0x84, 0xC5, 0x2E, 0xC6, 102 | 0xFB, 0x64, 0x42, 0x0D, 0xF2, 0xD3, 0x01, 0xDE, 0xB4, 0x29, 0x72, 0x25, 0xEF, 0x25, 103 | 0x5E, 0xE4, 0x2B, 0xD3, 0x49, 0xF8, 0x85, 0x57, 0x94, 0xE1, 0x0C, 0x94, 0x45, 0x64, 104 | 0xCD, 0x0A, 0x6F, 0xFB, 0xB6, 0x39, 0xF0, 0xB6, 0x83, 0xC9, 0x28, 0x99, 0xDF, 0xEB, 105 | 0xED, 0x4E, 0x9D, 0x09, 0xFB, 0x90, 0x34, 0x61 106 | }; 107 | CK_BYTE dq_1024[] = { 108 | 0x20, 0x94, 0xEB, 0xDA, 0xB6, 0xA9, 0x17, 0x2D, 0x21, 0x66, 0x42, 0xED, 0xE6, 0x3B, 109 | 0x36, 0x1F, 0xDA, 0xFA, 0x70, 0xDF, 0xB5, 0x28, 0xD0, 0x22, 0x36, 0x52, 0x2F, 0x2A, 110 | 0x50, 0x12, 0x47, 0xC6, 0x25, 0x8A, 0x60, 0x6C, 0x68, 0x91, 0xBF, 0xBA, 0x0D, 0xB4, 111 | 0x85, 0x2C, 0xA1, 0x9E, 0x6B, 0x97, 0x41, 0x6B, 0xFD, 0xD7, 0x7D, 0xB9, 0xE3, 0x1B, 112 | 0xDD, 0x1A, 0xFE, 0x33, 0x9E, 0xC9, 0xBE, 0x51 113 | }; 114 | CK_BYTE iqmp_1024[] = { 115 | 0xD9, 0x17, 0xBF, 0x9B, 0x88, 0xF1, 0x39, 0x97, 0xE6, 0xA8, 0xC1, 0x69, 0xC1, 0xEA, 116 | 0xD8, 0x71, 0xC2, 0x71, 0xED, 0x96, 0x7E, 0xBA, 0x8B, 0x83, 0x52, 0x96, 0x1D, 0x1C, 117 | 0x61, 0x8F, 0xC7, 0x84, 0x4D, 0xF8, 0xEC, 0xCD, 0x4D, 0x6F, 0x6C, 0xFD, 0xA3, 0x41, 118 | 0x8F, 0xEC, 0x1F, 0xA0, 0xA7, 0xE2, 0xD2, 0x78, 0x17, 0x17, 0xEF, 0x91, 0x22, 0x11, 119 | 0xD3, 0x60, 0x1B, 0xEA, 0x58, 0xBA, 0x7F, 0xE4 120 | }; 121 | CK_ATTRIBUTE pubTemplate_1024[] = { 122 | { CKA_CLASS, &pubClass, sizeof(pubClass) }, 123 | { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, 124 | { CKA_LABEL, label, sizeof(label) }, 125 | { CKA_ID, id, sizeof(id) }, 126 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 127 | { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, 128 | { CKA_ENCRYPT, &ckFalse, sizeof(ckFalse) }, 129 | { CKA_WRAP, &ckFalse, sizeof(ckFalse) }, 130 | { CKA_PUBLIC_EXPONENT, e_1024, sizeof(e_1024) }, 131 | { CKA_MODULUS, n_1024, sizeof(n_1024) } 132 | }; 133 | CK_ATTRIBUTE privTemplate_1024[] = { 134 | { CKA_CLASS, &privClass, sizeof(privClass) }, 135 | { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, 136 | { CKA_LABEL, label, sizeof(label) }, 137 | { CKA_ID, id, sizeof(id) }, 138 | { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, 139 | { CKA_DECRYPT, &ckFalse, sizeof(ckFalse) }, 140 | { CKA_UNWRAP, &ckFalse, sizeof(ckFalse) }, 141 | { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, 142 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 143 | { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, 144 | { CKA_EXTRACTABLE, &ckFalse, sizeof(ckFalse) }, 145 | { CKA_PUBLIC_EXPONENT, e_1024, sizeof(e_1024) }, 146 | { CKA_MODULUS, n_1024, sizeof(n_1024) }, 147 | { CKA_PRIVATE_EXPONENT, d_1024, sizeof(d_1024) }, 148 | { CKA_PRIME_1, p_1024, sizeof(p_1024) }, 149 | { CKA_PRIME_2, q_1024, sizeof(q_1024) }, 150 | { CKA_EXPONENT_1, dp_1024, sizeof(dp_1024) }, 151 | { CKA_EXPONENT_2, dq_1024, sizeof(dq_1024) }, 152 | { CKA_COEFFICIENT, iqmp_1024, sizeof(iqmp_1024) } 153 | }; 154 | 155 | CK_BYTE n_1025[] = { 156 | 0x01, 0x97, 0xDC, 0xA8, 0x7E, 0xBA, 0xA7, 0x5E, 0xB3, 0xEE, 0x4B, 0x83, 0x54, 0x91, 0x29, 157 | 0x33, 0xFC, 0x9D, 0x04, 0x6E, 0x12, 0xCF, 0xDF, 0x8B, 0xA8, 0x05, 0x6B, 0xBF, 0x83, 0x8C, 158 | 0x22, 0xA3, 0xED, 0x06, 0xAE, 0x9E, 0x6D, 0x1B, 0x6B, 0x7A, 0x8B, 0xEA, 0x57, 0xD0, 0xB9, 159 | 0x9B, 0x57, 0x33, 0xFA, 0xD7, 0x56, 0x2C, 0x1E, 0x82, 0x77, 0x3B, 0x01, 0x07, 0x6D, 0xB0, 160 | 0x86, 0xC1, 0x85, 0x2B, 0x18, 0x6F, 0x96, 0x01, 0xF9, 0xB1, 0x13, 0x76, 0x90, 0x2F, 0xD0, 161 | 0x02, 0xA2, 0xE4, 0x58, 0xA7, 0x19, 0xB5, 0xC3, 0x66, 0x7D, 0xE6, 0x68, 0x97, 0x30, 0x16, 162 | 0xE9, 0x96, 0x1E, 0x6B, 0xFF, 0x77, 0x7E, 0xEE, 0x92, 0x6E, 0x1A, 0xEE, 0x34, 0x77, 0x2A, 163 | 0xDE, 0xF7, 0xD0, 0x48, 0x9B, 0x04, 0x9E, 0x57, 0x74, 0x3E, 0x9E, 0x41, 0xBD, 0x5A, 0xCC, 164 | 0xD6, 0xC7, 0x32, 0x31, 0x2D, 0x8E, 0x99, 0x0D, 0x45 165 | }; 166 | CK_BYTE e_1025[] = { 167 | 0x01, 0x00, 0x01 168 | }; 169 | CK_BYTE d_1025[] = { 170 | 0x01, 0x87, 0x73, 0x6C, 0xF4, 0x54, 0xC9, 0x16, 0x87, 0xB3, 0x0A, 0x1E, 0xBE, 0x27, 0xA4, 171 | 0x58, 0x14, 0xF7, 0xCE, 0xAC, 0xA6, 0xB9, 0x84, 0x60, 0x51, 0x9F, 0x02, 0x4F, 0x09, 0x3E, 172 | 0x92, 0x70, 0xAA, 0xA9, 0x63, 0x27, 0x02, 0xA8, 0xF2, 0x7A, 0xE7, 0x96, 0xBF, 0x39, 0xC1, 173 | 0x2A, 0x6A, 0x83, 0xA5, 0x18, 0xCF, 0xC8, 0x00, 0x70, 0x4F, 0x66, 0xFE, 0x11, 0xD7, 0x21, 174 | 0x39, 0xF4, 0xBA, 0x8F, 0x23, 0x83, 0x3A, 0x39, 0xB2, 0x07, 0x63, 0x76, 0x8D, 0x6D, 0x57, 175 | 0xCD, 0x3F, 0x34, 0x73, 0x0E, 0xFC, 0x17, 0xEC, 0x09, 0xCA, 0x7F, 0x6E, 0x64, 0x9C, 0x38, 176 | 0x0E, 0x56, 0xCF, 0xF2, 0xA0, 0x4B, 0x78, 0xD0, 0x0E, 0xD9, 0xFC, 0x8A, 0xEE, 0x5E, 0x71, 177 | 0xA9, 0x53, 0x1B, 0x1A, 0xE2, 0xC7, 0xD9, 0x81, 0xEB, 0x9A, 0x34, 0xC0, 0x1B, 0x87, 0xDE, 178 | 0x62, 0x68, 0xF6, 0x35, 0xA2, 0x13, 0xE7, 0xC9, 0x81 179 | }; 180 | CK_BYTE p_1025[] = { 181 | 0x01, 0xE0, 0x42, 0x6B, 0x29, 0x30, 0x21, 0x4C, 0xB1, 0x86, 0xBF, 0x1C, 0x7F, 0x75, 0x9D, 182 | 0x55, 0x8A, 0x67, 0x33, 0x56, 0x44, 0xCD, 0x2D, 0xDF, 0x0E, 0x5A, 0x98, 0x58, 0x22, 0xC7, 183 | 0x8C, 0x40, 0x74, 0x78, 0x67, 0xE1, 0x17, 0x80, 0x62, 0x57, 0xBA, 0xA3, 0x84, 0x6C, 0x18, 184 | 0xCC, 0xCE, 0x41, 0x74, 0x92, 0xA5, 0xC1, 0x01, 0xB1, 0xB8, 0x72, 0xFC, 0x16, 0xF6, 0xAF, 185 | 0x16, 0xB9, 0x0D, 0xB1, 0x1D 186 | }; 187 | CK_BYTE q_1025[] = { 188 | 0xD9, 0x68, 0xAA, 0xEF, 0x6E, 0x50, 0xD6, 0xCA, 0x4F, 0xA2, 0xD2, 0x15, 0xF2, 0x2A, 0x6A, 189 | 0x10, 0x79, 0xAF, 0xFB, 0x29, 0xB5, 0x8B, 0x62, 0xB3, 0x74, 0x16, 0xF7, 0x0A, 0xE4, 0x05, 190 | 0x8F, 0xDB, 0xE7, 0x3B, 0x19, 0x5D, 0x35, 0x59, 0xBE, 0x8A, 0x75, 0xBE, 0xE1, 0x0B, 0x76, 191 | 0x18, 0x4A, 0xF8, 0xA4, 0x90, 0x48, 0x8A, 0x7D, 0xEB, 0x25, 0x81, 0x61, 0x4A, 0x04, 0xE9, 192 | 0x9E, 0x6D, 0xFC, 0x49 193 | }; 194 | CK_BYTE dp_1025[] = { 195 | 0x62, 0x57, 0xB7, 0x71, 0xDB, 0xB5, 0x35, 0xEB, 0x34, 0x58, 0x76, 0x11, 0x73, 0x98, 0x20, 196 | 0x28, 0x13, 0x31, 0xE3, 0xFC, 0x7A, 0xB7, 0x65, 0xF1, 0x9E, 0x83, 0x8B, 0xA8, 0xB3, 0x8B, 197 | 0xF8, 0xB6, 0xE0, 0xE1, 0x04, 0xAA, 0xB7, 0x53, 0x6B, 0xFB, 0x7F, 0xF8, 0x61, 0xDA, 0x42, 198 | 0x36, 0x0A, 0x19, 0x40, 0xDE, 0x48, 0x43, 0x7C, 0x8C, 0xF4, 0x9E, 0xC2, 0x65, 0x09, 0x3D, 199 | 0x71, 0xEF, 0x67, 0xD1 200 | }; 201 | CK_BYTE dq_1025[] = { 202 | 0x1C, 0xD2, 0x33, 0x56, 0xEA, 0x58, 0xED, 0x20, 0x84, 0xCE, 0x20, 0xEB, 0xA7, 0xDE, 0xD7, 203 | 0x90, 0xB7, 0x91, 0x0C, 0xCA, 0xCA, 0xB6, 0x5F, 0xAF, 0x4A, 0x84, 0x80, 0xDB, 0x80, 0xBE, 204 | 0xFC, 0x03, 0x3A, 0xF4, 0x2A, 0xB8, 0xA0, 0x89, 0xF5, 0x28, 0x85, 0xD3, 0x78, 0x21, 0xFC, 205 | 0xD5, 0xDB, 0x9A, 0x7A, 0xB6, 0x65, 0xE7, 0x76, 0x29, 0xE6, 0x1E, 0xF0, 0xB6, 0xCF, 0x4F, 206 | 0xE9, 0x20, 0xCB, 0x81 207 | }; 208 | CK_BYTE iqmp_1025[] = { 209 | 0x01, 0x6D, 0x82, 0xC6, 0x60, 0xF1, 0xA2, 0xAA, 0xC2, 0xFA, 0x72, 0xF2, 0x23, 0x7D, 0x95, 210 | 0xBD, 0xCD, 0xE6, 0x4D, 0x52, 0x2E, 0x80, 0xDD, 0x44, 0x10, 0x1E, 0x6C, 0xE8, 0x20, 0x96, 211 | 0xA4, 0x51, 0x36, 0x95, 0x17, 0x99, 0x8D, 0x32, 0x77, 0xD5, 0xF3, 0x38, 0x86, 0x96, 0xF8, 212 | 0xD5, 0x73, 0xD0, 0x8B, 0xFA, 0x70, 0xA2, 0x57, 0x0D, 0xF8, 0x0D, 0x61, 0x9E, 0x30, 0x45, 213 | 0x88, 0x1A, 0xF1, 0x5E, 0x8E 214 | }; 215 | CK_ATTRIBUTE pubTemplate_1025[] = { 216 | { CKA_CLASS, &pubClass, sizeof(pubClass) }, 217 | { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, 218 | { CKA_LABEL, label, sizeof(label) }, 219 | { CKA_ID, id, sizeof(id) }, 220 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 221 | { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, 222 | { CKA_ENCRYPT, &ckFalse, sizeof(ckFalse) }, 223 | { CKA_WRAP, &ckFalse, sizeof(ckFalse) }, 224 | { CKA_PUBLIC_EXPONENT, e_1025, sizeof(e_1025) }, 225 | { CKA_MODULUS, n_1025, sizeof(n_1025) } 226 | }; 227 | CK_ATTRIBUTE privTemplate_1025[] = { 228 | { CKA_CLASS, &privClass, sizeof(privClass) }, 229 | { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, 230 | { CKA_LABEL, label, sizeof(label) }, 231 | { CKA_ID, id, sizeof(id) }, 232 | { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, 233 | { CKA_DECRYPT, &ckFalse, sizeof(ckFalse) }, 234 | { CKA_UNWRAP, &ckFalse, sizeof(ckFalse) }, 235 | { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, 236 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 237 | { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, 238 | { CKA_EXTRACTABLE, &ckFalse, sizeof(ckFalse) }, 239 | { CKA_PUBLIC_EXPONENT, e_1025, sizeof(e_1025) }, 240 | { CKA_MODULUS, n_1025, sizeof(n_1025) }, 241 | { CKA_PRIVATE_EXPONENT, d_1025, sizeof(d_1025) }, 242 | { CKA_PRIME_1, p_1025, sizeof(p_1025) }, 243 | { CKA_PRIME_2, q_1025, sizeof(q_1025) }, 244 | { CKA_EXPONENT_1, dp_1025, sizeof(dp_1025) }, 245 | { CKA_EXPONENT_2, dq_1025, sizeof(dq_1025) }, 246 | { CKA_COEFFICIENT, iqmp_1025, sizeof(iqmp_1025) } 247 | }; 248 | 249 | printf("\n************************************\n"); 250 | printf("* Test for importing RSA key pairs *\n"); 251 | printf("************************************\n\n"); 252 | printf("This test will try to import 1024 bit and 1025 bit\n"); 253 | printf("key pairs. Some HSM:s might not accept the odd size 1025.\n"); 254 | printf("Also verify that the HSM set the key lengths correctly.\n\n"); 255 | 256 | printf("Importing 1024 bit public RSA key: "); 257 | rv = p11->C_CreateObject(hSession, pubTemplate_1024, 10, &hPublicKey); 258 | if (rv != CKR_OK) 259 | { 260 | printf("Failed to import. rv=%s\n", rv2string(rv)); 261 | return 1; 262 | } 263 | printf("OK\n"); 264 | 265 | printf("Importing 1024 bit private RSA key: "); 266 | rv = p11->C_CreateObject(hSession, privTemplate_1024, 19, &hPrivateKey); 267 | if (rv != CKR_OK) 268 | { 269 | printf("Failed to import. rv=%s\n", rv2string(rv)); 270 | p11->C_DestroyObject(hSession, hPublicKey); 271 | return 1; 272 | } 273 | printf("OK\n"); 274 | 275 | if (testRSAImport_size(hSession, hPublicKey)) retVal = 1; 276 | if (testRSAImport_signverify(hSession, hPublicKey, hPrivateKey)) retVal = 1; 277 | 278 | p11->C_DestroyObject(hSession, hPublicKey); 279 | p11->C_DestroyObject(hSession, hPrivateKey); 280 | 281 | printf("Importing 1025 bit public RSA key: "); 282 | rv = p11->C_CreateObject(hSession, pubTemplate_1025, 10, &hPublicKey); 283 | if (rv != CKR_OK) 284 | { 285 | printf("Failed to import. rv=%s\n", rv2string(rv)); 286 | return 1; 287 | } 288 | printf("OK\n"); 289 | 290 | printf("Importing 1025 bit private RSA key: "); 291 | rv = p11->C_CreateObject(hSession, privTemplate_1025, 19, &hPrivateKey); 292 | if (rv != CKR_OK) 293 | { 294 | printf("Failed to import. rv=%s\n", rv2string(rv)); 295 | p11->C_DestroyObject(hSession, hPublicKey); 296 | return 1; 297 | } 298 | printf("OK\n"); 299 | 300 | if (testRSAImport_size(hSession, hPublicKey)) retVal = 1; 301 | if (testRSAImport_signverify(hSession, hPublicKey, hPrivateKey)) retVal = 1; 302 | 303 | p11->C_DestroyObject(hSession, hPublicKey); 304 | p11->C_DestroyObject(hSession, hPrivateKey); 305 | 306 | return retVal; 307 | } 308 | 309 | int testRSAImport_size(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey) 310 | { 311 | CK_RV rv; 312 | CK_ULONG modulus_bits, bits; 313 | int mask; 314 | CK_BYTE_PTR modulus = NULL; 315 | CK_ATTRIBUTE template1[] = { 316 | { CKA_MODULUS_BITS, &modulus_bits, sizeof(CK_ULONG) } 317 | }; 318 | CK_ATTRIBUTE template2[] = { 319 | { CKA_MODULUS, NULL_PTR, 0 } 320 | }; 321 | 322 | int retVal = 0; 323 | 324 | printf("Key size from CKA_MODULUS_BITS in public key: "); 325 | 326 | // Get value 327 | rv = p11->C_GetAttributeValue(hSession, hPublicKey, template1, 1); 328 | if (rv != CKR_OK) 329 | { 330 | printf("Failed to get attribute. rv=%s\n", rv2string(rv)); 331 | modulus_bits = 0; 332 | retVal = 1; 333 | } 334 | else 335 | { 336 | printf("%lu bits\n", modulus_bits); 337 | } 338 | 339 | printf("Key size from CKA_MODULUS in public key: "); 340 | 341 | // Get buffer sizes 342 | rv = p11->C_GetAttributeValue(hSession, hPublicKey, template2, 1); 343 | if (rv != CKR_OK) 344 | { 345 | printf("Failed to get the size of the attribute. rv=%s\n", rv2string(rv)); 346 | return 1; 347 | } 348 | 349 | // Allocate memory 350 | modulus = (CK_BYTE_PTR)malloc(template2[0].ulValueLen); 351 | template2[0].pValue = modulus; 352 | if (modulus == NULL) 353 | { 354 | printf("Failed to allocate memory\n"); 355 | return 1; 356 | } 357 | 358 | // Get the attribute 359 | rv = p11->C_GetAttributeValue(hSession, hPublicKey, template2, 1); 360 | if (rv != CKR_OK) 361 | { 362 | printf("Failed to get the attribute. rv=%s\n", rv2string(rv)); 363 | free(modulus); 364 | return 1; 365 | } 366 | 367 | // Calculate size 368 | bits = template2[0].ulValueLen * 8; 369 | mask = 0x80; 370 | for (int i = 0; bits && (modulus[i] & mask) == 0; bits--) 371 | { 372 | mask >>= 1; 373 | if (mask == 0) 374 | { 375 | i++; 376 | mask = 0x80; 377 | } 378 | } 379 | free(modulus); 380 | 381 | printf("%lu bits\n", bits); 382 | 383 | if (bits == modulus_bits) 384 | { 385 | printf("Equal bit length: Yes\n"); 386 | } 387 | else 388 | { 389 | printf("Equal bit length: No\n"); 390 | retVal = 1; 391 | } 392 | 393 | return retVal; 394 | } 395 | 396 | int testRSAImport_signverify(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey) 397 | { 398 | CK_RV rv; 399 | CK_MECHANISM mechanism = { CKM_RSA_PKCS, NULL_PTR, 0 }; 400 | CK_BYTE_PTR pSignature; 401 | CK_ULONG pSignature_len; 402 | CK_BYTE data[] = {"Text"}; 403 | int retVal = 0; 404 | 405 | printf("Create signature: "); 406 | 407 | rv = p11->C_SignInit(hSession, &mechanism, hPrivateKey); 408 | if (rv != CKR_OK) 409 | { 410 | printf("Failed to initialize signing. rv=%s\n", rv2string(rv)); 411 | return 1; 412 | } 413 | 414 | rv = p11->C_Sign(hSession, data, sizeof(data)-1, NULL_PTR, &pSignature_len); 415 | if (rv != CKR_OK) 416 | { 417 | printf("Failed to get the length of the signature. rv=%s\n", rv2string(rv)); 418 | return 1; 419 | } 420 | 421 | pSignature = (CK_BYTE_PTR)malloc(pSignature_len); 422 | if (pSignature == NULL) 423 | { 424 | printf("Failed to allocate memory\n"); 425 | return 1; 426 | } 427 | 428 | rv = p11->C_Sign(hSession, data, sizeof(data)-1, pSignature, &pSignature_len); 429 | if (rv != CKR_OK) 430 | { 431 | printf("Failed to sign data. rv=%s\n", rv2string(rv)); 432 | free (pSignature); 433 | return 1; 434 | } 435 | 436 | printf("OK\n"); 437 | printf("Verify signature: "); 438 | 439 | rv = p11->C_VerifyInit(hSession, &mechanism, hPublicKey); 440 | if (rv != CKR_OK) 441 | { 442 | printf("Failed to initialize verification. rv=%s\n", rv2string(rv)); 443 | free (pSignature); 444 | return 1; 445 | } 446 | 447 | rv = p11->C_Verify(hSession, data, sizeof(data)-1, pSignature, pSignature_len); 448 | if (rv != CKR_OK) 449 | { 450 | printf("Failed to verify signature. rv=%s\n", rv2string(rv)); 451 | printf("Signature: "); 452 | printBinBuffer(pSignature, pSignature_len); 453 | retVal = 1; 454 | 455 | } 456 | else 457 | { 458 | printf("OK\n"); 459 | } 460 | 461 | free (pSignature); 462 | return retVal; 463 | } 464 | -------------------------------------------------------------------------------- /src/import.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | import.h 31 | 32 | Functions for testing key import 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_IMPORT_H 36 | #define _PKCS11_TESTING_IMPORT_H 37 | 38 | #include "cryptoki.h" 39 | 40 | int testRSAImport(CK_SESSION_HANDLE hSession); 41 | 42 | // Internal 43 | int testRSAImport_size(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey); 44 | int testRSAImport_signverify(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey); 45 | 46 | #endif // !_PKCS11_TESTING_IMPORT_H 47 | -------------------------------------------------------------------------------- /src/library.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | library.cpp 31 | 32 | Support function for handling PKCS#11 libraries 33 | *****************************************************************************/ 34 | 35 | #include 36 | #include "library.h" 37 | 38 | #include 39 | #include 40 | #if defined(HAVE_DLOPEN) 41 | #include 42 | #endif 43 | 44 | // Load the PKCS#11 library 45 | CK_C_GetFunctionList loadLibrary(char *module, void **moduleHandle) 46 | { 47 | if (module == NULL || moduleHandle == NULL) 48 | { 49 | return NULL; 50 | } 51 | 52 | CK_C_GetFunctionList pGetFunctionList = NULL; 53 | 54 | #if defined(HAVE_LOADLIBRARY) 55 | HINSTANCE hDLL = NULL; 56 | 57 | // Load PKCS #11 library 58 | HINSTANCE hDLL = LoadLibrary(_T(module)); 59 | 60 | if (!hDLL) 61 | { 62 | // Failed to load the PKCS #11 library 63 | return NULL; 64 | } 65 | 66 | // Retrieve the entry point for C_GetFunctionList 67 | pGetFunctionList = (CK_C_GetFunctionList) GetProcAddress(hDLL, _T("C_GetFunctionList")); 68 | 69 | #elif defined(HAVE_DLOPEN) 70 | void *pDynLib; 71 | 72 | // Load PKCS #11 library 73 | pDynLib = dlopen(module, RTLD_NOW | RTLD_LOCAL); 74 | 75 | if (!pDynLib) 76 | { 77 | // Failed to load the PKCS #11 library 78 | return NULL; 79 | } 80 | 81 | // Retrieve the entry point for C_GetFunctionList 82 | pGetFunctionList = (CK_C_GetFunctionList) dlsym(pDynLib, "C_GetFunctionList"); 83 | 84 | // Store the handle so we can dlclose it later 85 | *moduleHandle = pDynLib; 86 | 87 | #else 88 | fprintf(stderr, "ERROR: Not compiled with library support.\n"); 89 | 90 | return NULL; 91 | #endif 92 | 93 | return pGetFunctionList; 94 | } 95 | 96 | void unloadLibrary(void *moduleHandle) 97 | { 98 | if (moduleHandle) 99 | { 100 | #if defined(HAVE_LOADLIBRARY) 101 | // no idea 102 | #elif defined(HAVE_DLOPEN) 103 | dlclose(moduleHandle); 104 | #endif 105 | } 106 | } 107 | -------------------------------------------------------------------------------- /src/library.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | library.h 31 | 32 | Support function for handling PKCS#11 libraries 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_LIBRARY_H 36 | #define _PKCS11_TESTING_LIBRARY_H 37 | 38 | #include "cryptoki.h" 39 | 40 | CK_C_GetFunctionList loadLibrary(char *module, void **moduleHandle); 41 | void unloadLibrary(void *moduleHandle); 42 | 43 | #endif // !_PKCS11_TESTING_LIBRARY_H 44 | -------------------------------------------------------------------------------- /src/mechanisms.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | mechanisms.cpp 31 | 32 | Functions for mechanism tests 33 | *****************************************************************************/ 34 | 35 | #include "mechanisms.h" 36 | #include "error.h" 37 | 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | 44 | 45 | extern CK_FUNCTION_LIST_PTR p11; 46 | 47 | int showMechs(char *slot) 48 | { 49 | CK_MECHANISM_TYPE_PTR pMechanismList; 50 | CK_SLOT_ID slotID; 51 | CK_RV rv; 52 | CK_ULONG ulMechCount; 53 | 54 | if (slot == NULL) 55 | { 56 | fprintf(stderr, "ERROR: A slot number must be supplied. " 57 | "Use --slot \n"); 58 | return 1; 59 | } 60 | slotID = atoi(slot); 61 | 62 | // Get the size of the buffer 63 | rv = p11->C_GetMechanismList(slotID, NULL_PTR, &ulMechCount); 64 | if (rv == CKR_SLOT_ID_INVALID) 65 | { 66 | fprintf(stderr, "ERROR: The slot does not exist.\n"); 67 | return 1; 68 | } 69 | if (rv != CKR_OK) 70 | { 71 | fprintf(stderr, "ERROR: Could not get the number of mechanisms. rv=%s\n", rv2string(rv)); 72 | return 1; 73 | } 74 | pMechanismList = (CK_MECHANISM_TYPE_PTR)malloc(ulMechCount * sizeof(CK_MECHANISM_TYPE_PTR)); 75 | 76 | // Get the mechanism list 77 | rv = p11->C_GetMechanismList(slotID, pMechanismList, &ulMechCount); 78 | if (rv != CKR_OK) 79 | { 80 | fprintf(stderr, "ERROR: Could not get the list of mechanisms. rv=%s\n", rv2string(rv)); 81 | free(pMechanismList); 82 | return 1; 83 | } 84 | 85 | printf("The following mechanisms are supported:\n"); 86 | printf("(key size is in bits or bytes depending on mechanism)\n\n"); 87 | 88 | for (int i = 0; i < ulMechCount; i++) 89 | { 90 | printMechInfo(slotID, pMechanismList[i]); 91 | } 92 | 93 | free(pMechanismList); 94 | 95 | return 0; 96 | } 97 | 98 | int testDNSSEC(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 99 | { 100 | CK_RV rv; 101 | int retVal = 0; 102 | 103 | printf("\n************************************************\n"); 104 | printf("* Testing what DNSSEC algorithms are available *\n"); 105 | printf("************************************************\n"); 106 | printf("\n(Cannot test GOST since it is not available in PKCS#11 v2.20)\n"); 107 | 108 | if (testDNSSEC_digest(slotID, hSession)) retVal = 1; 109 | if (testDNSSEC_rsa_keygen(slotID, hSession)) retVal = 1; 110 | if (testDNSSEC_rsa_sign(slotID, hSession)) retVal = 1; 111 | if (testDNSSEC_dsa_keygen(slotID, hSession)) retVal = 1; 112 | if (testDNSSEC_dsa_sign(slotID, hSession)) retVal = 1; 113 | 114 | return retVal; 115 | } 116 | 117 | int testSuiteB(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 118 | { 119 | CK_RV rv; 120 | int retVal = 0; 121 | 122 | printf("\n***************************************************\n"); 123 | printf("* Testing if NSA Suite B algorithms are available *\n"); 124 | printf("***************************************************\n"); 125 | 126 | if (testSuiteB_AES(slotID, hSession)) retVal = 1; 127 | if (testSuiteB_ECDSA(slotID, hSession)) retVal = 1; 128 | if (testSuiteB_ECDH(slotID, hSession)) retVal = 1; 129 | if (testSuiteB_SHA(slotID, hSession)) retVal = 1; 130 | 131 | return retVal; 132 | } 133 | 134 | int testSuiteB_AES(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 135 | { 136 | CK_RV rv; 137 | CK_MECHANISM_INFO info; 138 | int retVal = 0; 139 | 140 | CK_MECHANISM_TYPE types[] = { 141 | CKM_AES_KEY_GEN, 142 | CKM_AES_CBC, 143 | CKM_AES_CTR 144 | }; 145 | 146 | printf("\nTesting symmetric encryption\n"); 147 | printf("****************************\n"); 148 | printf(" (Not testing functionality)\n"); 149 | printf(" Should support between 128 and 256 bits.\n\n"); 150 | 151 | for (int i = 0; i < 3; i++) 152 | { 153 | printf(" %s: ", getMechName(types[i])); 154 | rv = p11->C_GetMechanismInfo(slotID, types[i], &info); 155 | if (rv == CKR_MECHANISM_INVALID) 156 | { 157 | printf("Not available\n"); 158 | retVal = 1; 159 | continue; 160 | } 161 | if (rv != CKR_OK) 162 | { 163 | printf("Not available. rv=%s\n", rv2string(rv)); 164 | retVal = 1; 165 | continue; 166 | } 167 | 168 | if (info.ulMinKeySize > 16 || info.ulMaxKeySize < 32) 169 | { 170 | printf("OK, but only support %i-%i bits.\n", info.ulMinKeySize * 8, info.ulMaxKeySize * 8); 171 | } 172 | else 173 | { 174 | printf("OK\n"); 175 | } 176 | } 177 | 178 | return retVal; 179 | } 180 | 181 | int testSuiteB_ECDSA(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 182 | { 183 | CK_RV rv; 184 | CK_MECHANISM_INFO info; 185 | int retVal = 0; 186 | 187 | CK_MECHANISM_TYPE types[] = { 188 | CKM_EC_KEY_PAIR_GEN, 189 | CKM_ECDSA 190 | }; 191 | 192 | printf("\nTesting signatures\n"); 193 | printf("*********************\n"); 194 | printf(" (Not testing functionality)\n"); 195 | printf(" Should support between 256 and 384 bits.\n\n"); 196 | 197 | for (int i = 0; i < 2; i++) 198 | { 199 | printf(" %s: ", getMechName(types[i])); 200 | rv = p11->C_GetMechanismInfo(slotID, types[i], &info); 201 | if (rv == CKR_MECHANISM_INVALID) 202 | { 203 | printf("Not available\n"); 204 | retVal = 1; 205 | continue; 206 | } 207 | if (rv != CKR_OK) 208 | { 209 | printf("Not available. rv=%s\n", rv2string(rv)); 210 | retVal = 1; 211 | continue; 212 | } 213 | 214 | if (info.ulMinKeySize > 256 || info.ulMaxKeySize < 384) 215 | { 216 | printf("OK, but only support %i-%i bits\n", info.ulMinKeySize, info.ulMaxKeySize); 217 | } 218 | else 219 | { 220 | printf("OK\n"); 221 | } 222 | } 223 | 224 | return retVal; 225 | } 226 | 227 | int testSuiteB_ECDH(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 228 | { 229 | CK_RV rv; 230 | CK_MECHANISM_INFO info; 231 | int retVal = 0; 232 | 233 | CK_MECHANISM_TYPE types[] = { 234 | CKM_ECDH1_DERIVE, 235 | CKM_ECDH1_COFACTOR_DERIVE 236 | }; 237 | 238 | printf("\nTesting key agreement\n"); 239 | printf("*********************\n"); 240 | printf(" (Not testing functionality)\n"); 241 | printf(" Should support between 256 and 384 bits.\n\n"); 242 | 243 | for (int i = 0; i < 2; i++) 244 | { 245 | printf(" %s: ", getMechName(types[i])); 246 | rv = p11->C_GetMechanismInfo(slotID, types[i], &info); 247 | if (rv == CKR_MECHANISM_INVALID) 248 | { 249 | printf("Not available\n"); 250 | retVal = 1; 251 | continue; 252 | } 253 | if (rv != CKR_OK) 254 | { 255 | printf("Not available. rv=%s\n", rv2string(rv)); 256 | retVal = 1; 257 | continue; 258 | } 259 | 260 | if (info.ulMinKeySize > 256 || info.ulMaxKeySize < 384) 261 | { 262 | printf("OK, but only support %i-%i bits\n", info.ulMinKeySize, info.ulMaxKeySize); 263 | } 264 | else 265 | { 266 | printf("OK\n"); 267 | } 268 | } 269 | 270 | return retVal; 271 | } 272 | 273 | int testSuiteB_SHA(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 274 | { 275 | CK_RV rv; 276 | CK_MECHANISM_INFO info; 277 | int retVal = 0; 278 | 279 | CK_MECHANISM_TYPE types[] = { 280 | CKM_SHA256, 281 | CKM_SHA384 282 | }; 283 | 284 | printf("\nTesting digesting\n"); 285 | printf("*****************\n"); 286 | printf(" (Not testing functionality)\n"); 287 | printf(" Will test if the digesting mechanisms are supported.\n"); 288 | printf(" If the digesting algorithms are not available, \n"); 289 | printf(" then digesting has to be done in the host application.\n\n"); 290 | 291 | for (int i = 0; i < 2; i++) 292 | { 293 | printf(" %s: ", getMechName(types[i])); 294 | rv = p11->C_GetMechanismInfo(slotID, types[i], &info); 295 | if (rv == CKR_MECHANISM_INVALID) 296 | { 297 | printf("Not available\n"); 298 | retVal = 1; 299 | continue; 300 | } 301 | if (rv != CKR_OK) 302 | { 303 | printf("Not available. rv=%s\n", rv2string(rv)); 304 | retVal = 1; 305 | continue; 306 | } 307 | 308 | printf("OK\n"); 309 | } 310 | 311 | return retVal; 312 | } 313 | 314 | int testDNSSEC_digest(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 315 | { 316 | CK_RV rv; 317 | CK_MECHANISM_INFO info; 318 | int retVal = 0; 319 | CK_BYTE_PTR digest; 320 | CK_ULONG digestLen; 321 | CK_BYTE data[] = {"Text to digest"}; 322 | CK_MECHANISM mechanism = { 323 | CKM_VENDOR_DEFINED, NULL_PTR, 0 324 | }; 325 | 326 | CK_MECHANISM_TYPE types[] = { 327 | CKM_MD5, 328 | CKM_SHA_1, 329 | CKM_SHA256, 330 | CKM_SHA512 331 | }; 332 | 333 | printf("\nTesting digesting\n"); 334 | printf("*****************\n"); 335 | printf(" Will test the digesting mechanisms.\n"); 336 | printf(" If the algorithm is not available, then digesting has to be done\n"); 337 | printf(" in the host application. (MD5 is not recommended to use)\n\n"); 338 | 339 | for (int i = 0; i < 4; i++) 340 | { 341 | printf(" %s: ", getMechName(types[i])); 342 | rv = p11->C_GetMechanismInfo(slotID, types[i], &info); 343 | if (rv == CKR_MECHANISM_INVALID) 344 | { 345 | printf("Not available\n"); 346 | retVal = 1; 347 | continue; 348 | } 349 | if (rv != CKR_OK) 350 | { 351 | printf("Not available. rv=%s\n", rv2string(rv)); 352 | retVal = 1; 353 | continue; 354 | } 355 | 356 | mechanism.mechanism = types[i]; 357 | rv = p11->C_DigestInit(hSession, &mechanism); 358 | if (rv != CKR_OK) 359 | { 360 | printf("Available, but could not initialize digesting. rv=%s\n", rv2string(rv)); 361 | retVal = 1; 362 | continue; 363 | } 364 | 365 | rv = p11->C_Digest(hSession, data, sizeof(data)-1, NULL_PTR, &digestLen); 366 | if (rv != CKR_OK) 367 | { 368 | printf("Available, but could not check the size of the digest. rv=%s\n", rv2string(rv)); 369 | retVal = 1; 370 | continue; 371 | } 372 | digest = (CK_BYTE_PTR)malloc(digestLen); 373 | 374 | rv = p11->C_Digest(hSession, data, sizeof(data)-1, digest, &digestLen); 375 | free(digest); 376 | if (rv != CKR_OK) 377 | { 378 | printf("Available, but could not digest the data. rv=%s\n", rv2string(rv)); 379 | retVal = 1; 380 | continue; 381 | } 382 | 383 | printf("OK\n"); 384 | } 385 | 386 | return retVal; 387 | } 388 | 389 | int testDNSSEC_rsa_keygen(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 390 | { 391 | CK_RV rv; 392 | CK_MECHANISM_INFO info; 393 | int retVal = 0; 394 | CK_OBJECT_HANDLE hPublicKey, hPrivateKey; 395 | CK_BBOOL ckTrue = CK_TRUE; 396 | CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; 397 | CK_BYTE publicExponent[] = { 1, 0, 1 }; 398 | 399 | CK_ATTRIBUTE publicKeyTemplate[] = { 400 | { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, 401 | { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, 402 | { CKA_WRAP, &ckTrue, sizeof(ckTrue) }, 403 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 404 | { CKA_MODULUS_BITS, NULL_PTR, 0 }, 405 | { CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) } 406 | }; 407 | CK_ATTRIBUTE privateKeyTemplate[] = { 408 | { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, 409 | { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, 410 | { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, 411 | { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, 412 | { CKA_UNWRAP, &ckTrue, sizeof(ckTrue) }, 413 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) } 414 | }; 415 | 416 | CK_ULONG keySizes[] = { 417 | 512, 418 | 768, 419 | 1024, 420 | 1536, 421 | 2048, 422 | 3072, 423 | 4096 424 | }; 425 | 426 | printf("\nTesting RSA key generation\n"); 427 | printf("**************************\n"); 428 | printf(" Will test if RSA key generation is supported.\n"); 429 | printf(" DNSSEC support keys up to 4096 bits.\n\n"); 430 | 431 | printf(" %s: ", getMechName(CKM_RSA_PKCS_KEY_PAIR_GEN)); 432 | rv = p11->C_GetMechanismInfo(slotID, CKM_RSA_PKCS_KEY_PAIR_GEN, &info); 433 | if (rv == CKR_MECHANISM_INVALID) 434 | { 435 | printf("Not available\n"); 436 | return 1; 437 | } 438 | if (rv != CKR_OK) 439 | { 440 | printf("Not available. rv=%s\n", rv2string(rv)); 441 | return 1; 442 | } 443 | 444 | if (info.ulMaxKeySize < 4096) 445 | { 446 | printf("OK, but support maximum %i bits\n", info.ulMaxKeySize); 447 | } 448 | else 449 | { 450 | printf("OK\n"); 451 | } 452 | 453 | for (int i = 0; i < 7; i++) 454 | { 455 | printf(" %i bits: ", keySizes[i]); 456 | 457 | CK_ULONG keySize = keySizes[i]; 458 | 459 | publicKeyTemplate[4].pValue = &keySize; 460 | publicKeyTemplate[4].ulValueLen = sizeof(keySize); 461 | rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, &hPublicKey, &hPrivateKey); 462 | if (rv != CKR_OK) 463 | { 464 | printf("Failed. rv=%s\n", rv2string(rv)); 465 | retVal = 1; 466 | continue; 467 | } 468 | 469 | printf("OK\n"); 470 | 471 | p11->C_DestroyObject(hSession, hPublicKey); 472 | p11->C_DestroyObject(hSession, hPrivateKey); 473 | } 474 | 475 | return retVal; 476 | } 477 | 478 | int testDNSSEC_rsa_sign(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 479 | { 480 | CK_RV rv; 481 | CK_MECHANISM_INFO info; 482 | int retVal = 0; 483 | CK_OBJECT_HANDLE hPublicKey, hPrivateKey; 484 | CK_BBOOL ckTrue = CK_TRUE; 485 | CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; 486 | CK_BYTE publicExponent[] = { 1, 0, 1 }; 487 | CK_ULONG modulusBits = 1024; 488 | CK_MECHANISM mechanism = { 489 | CKM_VENDOR_DEFINED, NULL_PTR, 0 490 | }; 491 | CK_ULONG length; 492 | CK_BYTE_PTR pSignature; 493 | CK_BYTE data[] = {"Text"}; 494 | 495 | CK_ATTRIBUTE publicKeyTemplate[] = { 496 | { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, 497 | { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, 498 | { CKA_WRAP, &ckTrue, sizeof(ckTrue) }, 499 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 500 | { CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits) }, 501 | { CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) } 502 | }; 503 | CK_ATTRIBUTE privateKeyTemplate[] = { 504 | { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, 505 | { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, 506 | { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, 507 | { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, 508 | { CKA_UNWRAP, &ckTrue, sizeof(ckTrue) }, 509 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) } 510 | }; 511 | 512 | CK_MECHANISM_TYPE types[] = { 513 | CKM_RSA_PKCS, 514 | CKM_RSA_X_509, 515 | CKM_MD5_RSA_PKCS, 516 | CKM_SHA1_RSA_PKCS, 517 | CKM_SHA256_RSA_PKCS, 518 | CKM_SHA512_RSA_PKCS 519 | }; 520 | 521 | printf("\nTesting RSA signing\n"); 522 | printf("*******************\n"); 523 | printf(" Will test if RSA signing is supported.\n"); 524 | printf(" Doing RAW RSA signing is not recommended (CKM_RSA_X_509)\n"); 525 | printf(" If the digesting algorithms are not available, \n"); 526 | printf(" then digesting has to be done in the host application.\n"); 527 | printf(" Then use the RSA only mechanisms.\n\n"); 528 | 529 | rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, &hPublicKey, &hPrivateKey); 530 | if (rv != CKR_OK) 531 | { 532 | printf("Failed to generate a keypair. rv=%s\n", rv2string(rv)); 533 | printf("RSA is probably not supported\n"); 534 | return 1; 535 | } 536 | 537 | for (int i = 0; i < 6; i++) 538 | { 539 | printf(" %s: ", getMechName(types[i])); 540 | rv = p11->C_GetMechanismInfo(slotID, types[i], &info); 541 | if (rv == CKR_MECHANISM_INVALID) 542 | { 543 | printf("Not available\n"); 544 | retVal = 1; 545 | continue; 546 | } 547 | if (rv != CKR_OK) 548 | { 549 | printf("Not available. rv=%s\n", rv2string(rv)); 550 | retVal = 1; 551 | continue; 552 | } 553 | 554 | mechanism.mechanism = types[i]; 555 | rv = p11->C_SignInit(hSession, &mechanism, hPrivateKey); 556 | if (rv != CKR_OK) 557 | { 558 | printf("Available, but could not initialize signing. rv=%s\n", rv2string(rv)); 559 | retVal = 1; 560 | continue; 561 | } 562 | 563 | rv = p11->C_Sign(hSession, data, sizeof(data)-1, NULL_PTR, &length); 564 | if (rv != CKR_OK) 565 | { 566 | printf("Available, but could not check the size of the signature. rv=%s\n", rv2string(rv)); 567 | retVal = 1; 568 | continue; 569 | } 570 | pSignature = (CK_BYTE_PTR)malloc(length); 571 | 572 | rv = p11->C_Sign(hSession, data, sizeof(data)-1, pSignature, &length); 573 | free(pSignature); 574 | if (rv != CKR_OK) 575 | { 576 | printf("Available, but could not sign the data. rv=%s\n", rv2string(rv)); 577 | retVal = 1; 578 | continue; 579 | } 580 | 581 | printf("OK\n"); 582 | } 583 | 584 | p11->C_DestroyObject(hSession, hPublicKey); 585 | p11->C_DestroyObject(hSession, hPrivateKey); 586 | 587 | return retVal; 588 | } 589 | 590 | int testDNSSEC_dsa_keygen(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 591 | { 592 | CK_RV rv; 593 | CK_MECHANISM_INFO info; 594 | int retVal = 0; 595 | 596 | CK_ULONG keySizes[] = { 597 | 512, 598 | 640, 599 | 768, 600 | 896, 601 | 1024 602 | }; 603 | 604 | printf("\nTesting DSA key generation\n"); 605 | printf("**************************\n"); 606 | printf(" (Not testing functionality)\n"); 607 | printf(" Will test if DSA key generation is supported.\n"); 608 | printf(" DNSSEC support keys up to 1024 bits.\n\n"); 609 | 610 | printf(" %s: ", getMechName(CKM_DSA_PARAMETER_GEN)); 611 | rv = p11->C_GetMechanismInfo(slotID, CKM_DSA_PARAMETER_GEN, &info); 612 | if (rv == CKR_MECHANISM_INVALID) 613 | { 614 | printf("Not available\n"); 615 | retVal = 1; 616 | } 617 | else if (rv != CKR_OK) 618 | { 619 | printf("Not available. rv=%s\n", rv2string(rv)); 620 | retVal = 1; 621 | } 622 | else 623 | { 624 | if (info.ulMaxKeySize < 1024) 625 | { 626 | printf("OK, but support maximum %i bits\n", info.ulMaxKeySize); 627 | } 628 | else 629 | { 630 | printf("OK\n"); 631 | } 632 | } 633 | 634 | printf(" %s: ", getMechName(CKM_DSA_KEY_PAIR_GEN)); 635 | rv = p11->C_GetMechanismInfo(slotID, CKM_DSA_KEY_PAIR_GEN, &info); 636 | if (rv == CKR_MECHANISM_INVALID) 637 | { 638 | printf("Not available\n"); 639 | retVal = 1; 640 | } 641 | else if (rv != CKR_OK) 642 | { 643 | printf("Not available. rv=%s\n", rv2string(rv)); 644 | retVal = 1; 645 | } 646 | else 647 | { 648 | if (info.ulMaxKeySize < 1024) 649 | { 650 | printf("OK, but support maximum %i bits\n", info.ulMaxKeySize); 651 | } 652 | else 653 | { 654 | printf("OK\n"); 655 | } 656 | } 657 | 658 | // for (int i = 0; i < 5; i++) 659 | // { 660 | // } 661 | 662 | return retVal; 663 | } 664 | 665 | int testDNSSEC_dsa_sign(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession) 666 | { 667 | CK_RV rv; 668 | CK_MECHANISM_INFO info; 669 | int retVal = 0; 670 | 671 | CK_MECHANISM_TYPE types[] = { 672 | CKM_DSA, 673 | CKM_DSA_SHA1 674 | }; 675 | 676 | printf("\nTesting DSA signing\n"); 677 | printf("*******************\n"); 678 | printf(" (Not testing functionality)\n"); 679 | printf(" Will test if DSA signing is supported.\n"); 680 | printf(" If the digesting algorithm is not available, \n"); 681 | printf(" then digesting has to be done in the host application.\n"); 682 | printf(" Then use the DSA only mechanism.\n\n"); 683 | 684 | for (int i = 0; i < 2; i++) 685 | { 686 | printf(" %s: ", getMechName(types[i])); 687 | rv = p11->C_GetMechanismInfo(slotID, types[i], &info); 688 | if (rv == CKR_MECHANISM_INVALID) 689 | { 690 | printf("Not available\n"); 691 | retVal = 1; 692 | continue; 693 | } 694 | if (rv != CKR_OK) 695 | { 696 | printf("Not available. rv=%s\n", rv2string(rv)); 697 | retVal = 1; 698 | continue; 699 | } 700 | 701 | printf("OK\n"); 702 | } 703 | 704 | return retVal; 705 | } 706 | 707 | void printMechInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE mechType) 708 | { 709 | CK_MECHANISM_INFO info; 710 | CK_RV rv; 711 | 712 | info.ulMinKeySize = 0; 713 | info.ulMaxKeySize = 0; 714 | 715 | printf("%-36s", getMechName(mechType)); 716 | 717 | rv = p11->C_GetMechanismInfo(slotID, mechType, &info); 718 | if (rv != CKR_OK) 719 | { 720 | printf(" Could not get info about the mechanism. rv=%s\n", rv2string(rv)); 721 | return; 722 | } 723 | 724 | printMechKeySize(info.ulMinKeySize, info.ulMaxKeySize); 725 | printMechFlags(info.flags); 726 | } 727 | 728 | void printMechKeySize(CK_ULONG ulMinKeySize, CK_ULONG ulMaxKeySize) 729 | { 730 | char buffer[512]; 731 | buffer[0] = '\0'; 732 | 733 | if (ulMinKeySize) 734 | { 735 | if (ulMaxKeySize > ulMinKeySize) 736 | { 737 | sprintf(buffer, "%i - %i", ulMinKeySize, ulMaxKeySize); 738 | } 739 | else 740 | { 741 | sprintf(buffer, "%i", ulMinKeySize); 742 | } 743 | } 744 | printf("%-14s", buffer); 745 | } 746 | 747 | void printMechFlags(CK_FLAGS flags) 748 | { 749 | std::string stringFlags = ""; 750 | 751 | if (flags & CKF_HW) 752 | { 753 | stringFlags += "HW "; 754 | flags ^= CKF_HW; 755 | } 756 | else 757 | { 758 | stringFlags += "No-HW "; 759 | } 760 | 761 | if (flags & CKF_ENCRYPT) 762 | { 763 | stringFlags += "encrypt "; 764 | flags ^= CKF_ENCRYPT; 765 | } 766 | if (flags & CKF_DECRYPT) 767 | { 768 | stringFlags += "decrypt "; 769 | flags ^= CKF_DECRYPT; 770 | } 771 | if (flags & CKF_DIGEST) 772 | { 773 | stringFlags += "digest "; 774 | flags ^= CKF_DIGEST; 775 | } 776 | if (flags & CKF_SIGN) 777 | { 778 | stringFlags += "sign "; 779 | flags ^= CKF_SIGN; 780 | } 781 | if (flags & CKF_SIGN_RECOVER) 782 | { 783 | stringFlags += "sign-recover "; 784 | flags ^= CKF_SIGN_RECOVER; 785 | } 786 | if (flags & CKF_VERIFY) 787 | { 788 | stringFlags += "verify "; 789 | flags ^= CKF_VERIFY; 790 | } 791 | if (flags & CKF_VERIFY_RECOVER) 792 | { 793 | stringFlags += "verify-recover "; 794 | flags ^= CKF_VERIFY_RECOVER; 795 | } 796 | if (flags & CKF_GENERATE) 797 | { 798 | stringFlags += "generate "; 799 | flags ^= CKF_GENERATE; 800 | } 801 | if (flags & CKF_GENERATE_KEY_PAIR) 802 | { 803 | stringFlags += "generate-key-pair "; 804 | flags ^= CKF_GENERATE_KEY_PAIR; 805 | } 806 | if (flags & CKF_WRAP) 807 | { 808 | stringFlags += "wrap "; 809 | flags ^= CKF_WRAP; 810 | } 811 | if (flags & CKF_UNWRAP) 812 | { 813 | stringFlags += "unwrap "; 814 | flags ^= CKF_UNWRAP; 815 | } 816 | if (flags & CKF_DERIVE) 817 | { 818 | stringFlags += "derive "; 819 | flags ^= CKF_DERIVE; 820 | } 821 | 822 | printf("%s\n", stringFlags.c_str()); 823 | } 824 | 825 | const char* getMechName(CK_MECHANISM_TYPE mechType) 826 | { 827 | static char buffer[20]; 828 | 829 | switch (mechType) 830 | { 831 | case CKM_RSA_PKCS_KEY_PAIR_GEN: 832 | return "CKM_RSA_PKCS_KEY_PAIR_GEN"; 833 | case CKM_RSA_PKCS: 834 | return "CKM_RSA_PKCS"; 835 | case CKM_RSA_9796: 836 | return "CKM_RSA_9796"; 837 | case CKM_RSA_X_509: 838 | return "CKM_RSA_X_509"; 839 | case CKM_MD2_RSA_PKCS: 840 | return "CKM_MD2_RSA_PKCS"; 841 | case CKM_MD5_RSA_PKCS: 842 | return "CKM_MD5_RSA_PKCS"; 843 | case CKM_SHA1_RSA_PKCS: 844 | return "CKM_SHA1_RSA_PKCS"; 845 | case CKM_RIPEMD128_RSA_PKCS: 846 | return "CKM_RIPEMD128_RSA_PKCS"; 847 | case CKM_RIPEMD160_RSA_PKCS: 848 | return "CKM_RIPEMD160_RSA_PKCS"; 849 | case CKM_RSA_PKCS_OAEP: 850 | return "CKM_RSA_PKCS_OAEP"; 851 | case CKM_RSA_X9_31_KEY_PAIR_GEN: 852 | return "CKM_RSA_X9_31_KEY_PAIR_GEN"; 853 | case CKM_RSA_X9_31: 854 | return "CKM_RSA_X9_31"; 855 | case CKM_SHA1_RSA_X9_31: 856 | return "CKM_SHA1_RSA_X9_31"; 857 | case CKM_RSA_PKCS_PSS: 858 | return "CKM_RSA_PKCS_PSS"; 859 | case CKM_SHA1_RSA_PKCS_PSS: 860 | return "CKM_SHA1_RSA_PKCS_PSS"; 861 | case CKM_DSA_KEY_PAIR_GEN: 862 | return "CKM_DSA_KEY_PAIR_GEN"; 863 | case CKM_DSA: 864 | return "CKM_DSA"; 865 | case CKM_DSA_SHA1: 866 | return "CKM_DSA_SHA1"; 867 | case CKM_DH_PKCS_KEY_PAIR_GEN: 868 | return "CKM_DH_PKCS_KEY_PAIR_GEN"; 869 | case CKM_DH_PKCS_DERIVE: 870 | return "CKM_DH_PKCS_DERIVE"; 871 | case CKM_X9_42_DH_KEY_PAIR_GEN: 872 | return "CKM_X9_42_DH_KEY_PAIR_GEN"; 873 | case CKM_X9_42_DH_DERIVE: 874 | return "CKM_X9_42_DH_DERIVE"; 875 | case CKM_X9_42_DH_HYBRID_DERIVE: 876 | return "CKM_X9_42_DH_HYBRID_DERIVE"; 877 | case CKM_X9_42_MQV_DERIVE: 878 | return "CKM_X9_42_MQV_DERIVE"; 879 | case CKM_SHA256_RSA_PKCS: 880 | return "CKM_SHA256_RSA_PKCS"; 881 | case CKM_SHA384_RSA_PKCS: 882 | return "CKM_SHA384_RSA_PKCS"; 883 | case CKM_SHA512_RSA_PKCS: 884 | return "CKM_SHA512_RSA_PKCS"; 885 | case CKM_SHA256_RSA_PKCS_PSS: 886 | return "CKM_SHA256_RSA_PKCS_PSS"; 887 | case CKM_SHA384_RSA_PKCS_PSS: 888 | return "CKM_SHA384_RSA_PKCS_PSS"; 889 | case CKM_SHA512_RSA_PKCS_PSS: 890 | return "CKM_SHA512_RSA_PKCS_PSS"; 891 | case CKM_SHA224_RSA_PKCS: 892 | return "CKM_SHA224_RSA_PKCS"; 893 | case CKM_SHA224_RSA_PKCS_PSS: 894 | return "CKM_SHA224_RSA_PKCS_PSS"; 895 | case CKM_RC2_KEY_GEN: 896 | return "CKM_RC2_KEY_GEN"; 897 | case CKM_RC2_ECB: 898 | return "CKM_RC2_ECB"; 899 | case CKM_RC2_CBC: 900 | return "CKM_RC2_CBC"; 901 | case CKM_RC2_MAC: 902 | return "CKM_RC2_MAC"; 903 | case CKM_RC2_MAC_GENERAL: 904 | return "CKM_RC2_MAC_GENERAL"; 905 | case CKM_RC2_CBC_PAD: 906 | return "CKM_RC2_CBC_PAD"; 907 | case CKM_RC4_KEY_GEN: 908 | return "CKM_RC4_KEY_GEN"; 909 | case CKM_RC4: 910 | return "CKM_RC4"; 911 | case CKM_DES_KEY_GEN: 912 | return "CKM_DES_KEY_GEN"; 913 | case CKM_DES_ECB: 914 | return "CKM_DES_ECB"; 915 | case CKM_DES_CBC: 916 | return "CKM_DES_CBC"; 917 | case CKM_DES_MAC: 918 | return "CKM_DES_MAC"; 919 | case CKM_DES_MAC_GENERAL: 920 | return "CKM_DES_MAC_GENERAL"; 921 | case CKM_DES_CBC_PAD: 922 | return "CKM_DES_CBC_PAD"; 923 | case CKM_DES2_KEY_GEN: 924 | return "CKM_DES2_KEY_GEN"; 925 | case CKM_DES3_KEY_GEN: 926 | return "CKM_DES3_KEY_GEN"; 927 | case CKM_DES3_ECB: 928 | return "CKM_DES3_ECB"; 929 | case CKM_DES3_CBC: 930 | return "CKM_DES3_CBC"; 931 | case CKM_DES3_MAC: 932 | return "CKM_DES3_MAC"; 933 | case CKM_DES3_MAC_GENERAL: 934 | return "CKM_DES3_MAC_GENERAL"; 935 | case CKM_DES3_CBC_PAD: 936 | return "CKM_DES3_CBC_PAD"; 937 | case CKM_CDMF_KEY_GEN: 938 | return "CKM_CDMF_KEY_GEN"; 939 | case CKM_CDMF_ECB: 940 | return "CKM_CDMF_ECB"; 941 | case CKM_CDMF_CBC: 942 | return "CKM_CDMF_CBC"; 943 | case CKM_CDMF_MAC: 944 | return "CKM_CDMF_MAC"; 945 | case CKM_CDMF_MAC_GENERAL: 946 | return "CKM_CDMF_MAC_GENERAL"; 947 | case CKM_CDMF_CBC_PAD: 948 | return "CKM_CDMF_CBC_PAD"; 949 | case CKM_DES_OFB64: 950 | return "CKM_DES_OFB64"; 951 | case CKM_DES_OFB8: 952 | return "CKM_DES_OFB8"; 953 | case CKM_DES_CFB64: 954 | return "CKM_DES_CFB64"; 955 | case CKM_DES_CFB8: 956 | return "CKM_DES_CFB8"; 957 | case CKM_MD2: 958 | return "CKM_MD2"; 959 | case CKM_MD2_HMAC: 960 | return "CKM_MD2_HMAC"; 961 | case CKM_MD2_HMAC_GENERAL: 962 | return "CKM_MD2_HMAC_GENERAL"; 963 | case CKM_MD5: 964 | return "CKM_MD5"; 965 | case CKM_MD5_HMAC: 966 | return "CKM_MD5_HMAC"; 967 | case CKM_MD5_HMAC_GENERAL: 968 | return "CKM_MD5_HMAC_GENERAL"; 969 | case CKM_SHA_1: 970 | return "CKM_SHA_1"; 971 | case CKM_SHA_1_HMAC: 972 | return "CKM_SHA_1_HMAC"; 973 | case CKM_SHA_1_HMAC_GENERAL: 974 | return "CKM_SHA_1_HMAC_GENERAL"; 975 | case CKM_RIPEMD128: 976 | return "CKM_RIPEMD128"; 977 | case CKM_RIPEMD128_HMAC: 978 | return "CKM_RIPEMD128_HMAC"; 979 | case CKM_RIPEMD128_HMAC_GENERAL: 980 | return "CKM_RIPEMD128_HMAC_GENERAL"; 981 | case CKM_RIPEMD160: 982 | return "CKM_RIPEMD160"; 983 | case CKM_RIPEMD160_HMAC: 984 | return "CKM_RIPEMD160_HMAC"; 985 | case CKM_RIPEMD160_HMAC_GENERAL: 986 | return "CKM_RIPEMD160_HMAC_GENERAL"; 987 | case CKM_SHA256: 988 | return "CKM_SHA256"; 989 | case CKM_SHA256_HMAC: 990 | return "CKM_SHA256_HMAC"; 991 | case CKM_SHA256_HMAC_GENERAL: 992 | return "CKM_SHA256_HMAC_GENERAL"; 993 | case CKM_SHA224: 994 | return "CKM_SHA224"; 995 | case CKM_SHA224_HMAC: 996 | return "CKM_SHA224_HMAC"; 997 | case CKM_SHA224_HMAC_GENERAL: 998 | return "CKM_SHA224_HMAC_GENERAL"; 999 | case CKM_SHA384: 1000 | return "CKM_SHA384"; 1001 | case CKM_SHA384_HMAC: 1002 | return "CKM_SHA384_HMAC"; 1003 | case CKM_SHA384_HMAC_GENERAL: 1004 | return "CKM_SHA384_HMAC_GENERAL"; 1005 | case CKM_SHA512: 1006 | return "CKM_SHA512"; 1007 | case CKM_SHA512_HMAC: 1008 | return "CKM_SHA512_HMAC"; 1009 | case CKM_SHA512_HMAC_GENERAL: 1010 | return "CKM_SHA512_HMAC_GENERAL"; 1011 | case CKM_SECURID_KEY_GEN: 1012 | return "CKM_SECURID_KEY_GEN"; 1013 | case CKM_SECURID: 1014 | return "CKM_SECURID"; 1015 | case CKM_HOTP_KEY_GEN: 1016 | return "CKM_HOTP_KEY_GEN"; 1017 | case CKM_HOTP: 1018 | return "CKM_HOTP"; 1019 | case CKM_ACTI: 1020 | return "CKM_ACTI"; 1021 | case CKM_ACTI_KEY_GEN: 1022 | return "CKM_ACTI_KEY_GEN"; 1023 | case CKM_CAST_KEY_GEN: 1024 | return "CKM_CAST_KEY_GEN"; 1025 | case CKM_CAST_ECB: 1026 | return "CKM_CAST_ECB"; 1027 | case CKM_CAST_CBC: 1028 | return "CKM_CAST_CBC"; 1029 | case CKM_CAST_MAC: 1030 | return "CKM_CAST_MAC"; 1031 | case CKM_CAST_MAC_GENERAL: 1032 | return "CKM_CAST_MAC_GENERAL"; 1033 | case CKM_CAST_CBC_PAD: 1034 | return "CKM_CAST_CBC_PAD"; 1035 | case CKM_CAST3_KEY_GEN: 1036 | return "CKM_CAST3_KEY_GEN"; 1037 | case CKM_CAST3_ECB: 1038 | return "CKM_CAST3_ECB"; 1039 | case CKM_CAST3_CBC: 1040 | return "CKM_CAST3_CBC"; 1041 | case CKM_CAST3_MAC: 1042 | return "CKM_CAST3_MAC"; 1043 | case CKM_CAST3_MAC_GENERAL: 1044 | return "CKM_CAST3_MAC_GENERAL"; 1045 | case CKM_CAST3_CBC_PAD: 1046 | return "CKM_CAST3_CBC_PAD"; 1047 | case CKM_CAST128_KEY_GEN: 1048 | return "CKM_CAST128_KEY_GEN"; 1049 | case CKM_CAST128_ECB: 1050 | return "CKM_CAST128_ECB"; 1051 | case CKM_CAST128_CBC: 1052 | return "CKM_CAST128_CBC"; 1053 | case CKM_CAST128_MAC: 1054 | return "CKM_CAST128_MAC"; 1055 | case CKM_CAST128_MAC_GENERAL: 1056 | return "CKM_CAST128_MAC_GENERAL"; 1057 | case CKM_CAST128_CBC_PAD: 1058 | return "CKM_CAST128_CBC_PAD"; 1059 | case CKM_RC5_KEY_GEN: 1060 | return "CKM_RC5_KEY_GEN"; 1061 | case CKM_RC5_ECB: 1062 | return "CKM_RC5_ECB"; 1063 | case CKM_RC5_CBC: 1064 | return "CKM_RC5_CBC"; 1065 | case CKM_RC5_MAC: 1066 | return "CKM_RC5_MAC"; 1067 | case CKM_RC5_MAC_GENERAL: 1068 | return "CKM_RC5_MAC_GENERAL"; 1069 | case CKM_RC5_CBC_PAD: 1070 | return "CKM_RC5_CBC_PAD"; 1071 | case CKM_IDEA_KEY_GEN: 1072 | return "CKM_IDEA_KEY_GEN"; 1073 | case CKM_IDEA_ECB: 1074 | return "CKM_IDEA_ECB"; 1075 | case CKM_IDEA_CBC: 1076 | return "CKM_IDEA_CBC"; 1077 | case CKM_IDEA_MAC: 1078 | return "CKM_IDEA_MAC"; 1079 | case CKM_IDEA_MAC_GENERAL: 1080 | return "CKM_IDEA_MAC_GENERAL"; 1081 | case CKM_IDEA_CBC_PAD: 1082 | return "CKM_IDEA_CBC_PAD"; 1083 | case CKM_GENERIC_SECRET_KEY_GEN: 1084 | return "CKM_GENERIC_SECRET_KEY_GEN"; 1085 | case CKM_CONCATENATE_BASE_AND_KEY: 1086 | return "CKM_CONCATENATE_BASE_AND_KEY"; 1087 | case CKM_CONCATENATE_BASE_AND_DATA: 1088 | return "CKM_CONCATENATE_BASE_AND_DATA"; 1089 | case CKM_CONCATENATE_DATA_AND_BASE: 1090 | return "CKM_CONCATENATE_DATA_AND_BASE"; 1091 | case CKM_XOR_BASE_AND_DATA: 1092 | return "CKM_XOR_BASE_AND_DATA"; 1093 | case CKM_EXTRACT_KEY_FROM_KEY: 1094 | return "CKM_EXTRACT_KEY_FROM_KEY"; 1095 | case CKM_SSL3_PRE_MASTER_KEY_GEN: 1096 | return "CKM_SSL3_PRE_MASTER_KEY_GEN"; 1097 | case CKM_SSL3_MASTER_KEY_DERIVE: 1098 | return "CKM_SSL3_MASTER_KEY_DERIVE"; 1099 | case CKM_SSL3_KEY_AND_MAC_DERIVE: 1100 | return "CKM_SSL3_KEY_AND_MAC_DERIVE"; 1101 | case CKM_SSL3_MASTER_KEY_DERIVE_DH: 1102 | return "CKM_SSL3_MASTER_KEY_DERIVE_DH"; 1103 | case CKM_TLS_PRE_MASTER_KEY_GEN: 1104 | return "CKM_TLS_PRE_MASTER_KEY_GEN"; 1105 | case CKM_TLS_MASTER_KEY_DERIVE: 1106 | return "CKM_TLS_MASTER_KEY_DERIVE"; 1107 | case CKM_TLS_KEY_AND_MAC_DERIVE: 1108 | return "CKM_TLS_KEY_AND_MAC_DERIVE"; 1109 | case CKM_TLS_MASTER_KEY_DERIVE_DH: 1110 | return "CKM_TLS_MASTER_KEY_DERIVE_DH"; 1111 | case CKM_TLS_PRF: 1112 | return "CKM_TLS_PRF"; 1113 | case CKM_SSL3_MD5_MAC: 1114 | return "CKM_SSL3_MD5_MAC"; 1115 | case CKM_SSL3_SHA1_MAC: 1116 | return "CKM_SSL3_SHA1_MAC"; 1117 | case CKM_MD5_KEY_DERIVATION: 1118 | return "CKM_MD5_KEY_DERIVATION"; 1119 | case CKM_MD2_KEY_DERIVATION: 1120 | return "CKM_MD2_KEY_DERIVATION"; 1121 | case CKM_SHA1_KEY_DERIVATION: 1122 | return "CKM_SHA1_KEY_DERIVATION"; 1123 | case CKM_SHA256_KEY_DERIVATION: 1124 | return "CKM_SHA256_KEY_DERIVATION"; 1125 | case CKM_SHA384_KEY_DERIVATION: 1126 | return "CKM_SHA384_KEY_DERIVATION"; 1127 | case CKM_SHA512_KEY_DERIVATION: 1128 | return "CKM_SHA512_KEY_DERIVATION"; 1129 | case CKM_SHA224_KEY_DERIVATION: 1130 | return "CKM_SHA224_KEY_DERIVATION"; 1131 | case CKM_PBE_MD2_DES_CBC: 1132 | return "CKM_PBE_MD2_DES_CBC"; 1133 | case CKM_PBE_MD5_DES_CBC: 1134 | return "CKM_PBE_MD5_DES_CBC"; 1135 | case CKM_PBE_MD5_CAST_CBC: 1136 | return "CKM_PBE_MD5_CAST_CBC"; 1137 | case CKM_PBE_MD5_CAST3_CBC: 1138 | return "CKM_PBE_MD5_CAST3_CBC"; 1139 | case CKM_PBE_MD5_CAST128_CBC: 1140 | return "CKM_PBE_MD5_CAST128_CBC"; 1141 | case CKM_PBE_SHA1_CAST128_CBC: 1142 | return "CKM_PBE_SHA1_CAST128_CBC"; 1143 | case CKM_PBE_SHA1_RC4_128: 1144 | return "CKM_PBE_SHA1_RC4_128"; 1145 | case CKM_PBE_SHA1_RC4_40: 1146 | return "CKM_PBE_SHA1_RC4_40"; 1147 | case CKM_PBE_SHA1_DES3_EDE_CBC: 1148 | return "CKM_PBE_SHA1_DES3_EDE_CBC"; 1149 | case CKM_PBE_SHA1_DES2_EDE_CBC: 1150 | return "CKM_PBE_SHA1_DES2_EDE_CBC"; 1151 | case CKM_PBE_SHA1_RC2_128_CBC: 1152 | return "CKM_PBE_SHA1_RC2_128_CBC"; 1153 | case CKM_PBE_SHA1_RC2_40_CBC: 1154 | return "CKM_PBE_SHA1_RC2_40_CBC"; 1155 | case CKM_PKCS5_PBKD2: 1156 | return "CKM_PKCS5_PBKD2"; 1157 | case CKM_PBA_SHA1_WITH_SHA1_HMAC: 1158 | return "CKM_PBA_SHA1_WITH_SHA1_HMAC"; 1159 | case CKM_WTLS_PRE_MASTER_KEY_GEN: 1160 | return "CKM_WTLS_PRE_MASTER_KEY_GEN"; 1161 | case CKM_WTLS_MASTER_KEY_DERIVE: 1162 | return "CKM_WTLS_MASTER_KEY_DERIVE"; 1163 | case CKM_WTLS_MASTER_KEY_DERVIE_DH_ECC: 1164 | return "CKM_WTLS_MASTER_KEY_DERVIE_DH_ECC"; 1165 | case CKM_WTLS_PRF: 1166 | return "CKM_WTLS_PRF"; 1167 | case CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE: 1168 | return "CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE"; 1169 | case CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE: 1170 | return "CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE"; 1171 | case CKM_KEY_WRAP_LYNKS: 1172 | return "CKM_KEY_WRAP_LYNKS"; 1173 | case CKM_KEY_WRAP_SET_OAEP: 1174 | return "CKM_KEY_WRAP_SET_OAEP"; 1175 | case CKM_CMS_SIG: 1176 | return "CKM_CMS_SIG"; 1177 | case CKM_KIP_DERIVE: 1178 | return "CKM_KIP_DERIVE"; 1179 | case CKM_KIP_WRAP: 1180 | return "CKM_KIP_WRAP"; 1181 | case CKM_KIP_MAC: 1182 | return "CKM_KIP_MAC"; 1183 | case CKM_CAMELLIA_KEY_GEN: 1184 | return "CKM_CAMELLIA_KEY_GEN"; 1185 | case CKM_CAMELLIA_ECB: 1186 | return "CKM_CAMELLIA_ECB"; 1187 | case CKM_CAMELLIA_CBC: 1188 | return "CKM_CAMELLIA_CBC"; 1189 | case CKM_CAMELLIA_MAC: 1190 | return "CKM_CAMELLIA_MAC"; 1191 | case CKM_CAMELLIA_MAC_GENERAL: 1192 | return "CKM_CAMELLIA_MAC_GENERAL"; 1193 | case CKM_CAMELLIA_CBC_PAD: 1194 | return "CKM_CAMELLIA_CBC_PAD"; 1195 | case CKM_CAMELLIA_ECB_ENCRYPT_DATA: 1196 | return "CKM_CAMELLIA_ECB_ENCRYPT_DATA"; 1197 | case CKM_CAMELLIA_CBC_ENCRYPT_DATA: 1198 | return "CKM_CAMELLIA_CBC_ENCRYPT_DATA"; 1199 | case CKM_CAMELLIA_CTR: 1200 | return "CKM_CAMELLIA_CTR"; 1201 | case CKM_ARIA_KEY_GEN: 1202 | return "CKM_ARIA_KEY_GEN"; 1203 | case CKM_ARIA_ECB: 1204 | return "CKM_ARIA_ECB"; 1205 | case CKM_ARIA_CBC: 1206 | return "CKM_ARIA_CBC"; 1207 | case CKM_ARIA_MAC: 1208 | return "CKM_ARIA_MAC"; 1209 | case CKM_ARIA_MAC_GENERAL: 1210 | return "CKM_ARIA_MAC_GENERAL"; 1211 | case CKM_ARIA_CBC_PAD: 1212 | return "CKM_ARIA_CBC_PAD"; 1213 | case CKM_ARIA_ECB_ENCRYPT_DATA: 1214 | return "CKM_ARIA_ECB_ENCRYPT_DATA"; 1215 | case CKM_ARIA_CBC_ENCRYPT_DATA: 1216 | return "CKM_ARIA_CBC_ENCRYPT_DATA"; 1217 | case CKM_SKIPJACK_KEY_GEN: 1218 | return "CKM_SKIPJACK_KEY_GEN"; 1219 | case CKM_SKIPJACK_ECB64: 1220 | return "CKM_SKIPJACK_ECB64"; 1221 | case CKM_SKIPJACK_CBC64: 1222 | return "CKM_SKIPJACK_CBC64"; 1223 | case CKM_SKIPJACK_OFB64: 1224 | return "CKM_SKIPJACK_OFB64"; 1225 | case CKM_SKIPJACK_CFB64: 1226 | return "CKM_SKIPJACK_CFB64"; 1227 | case CKM_SKIPJACK_CFB32: 1228 | return "CKM_SKIPJACK_CFB32"; 1229 | case CKM_SKIPJACK_CFB16: 1230 | return "CKM_SKIPJACK_CFB16"; 1231 | case CKM_SKIPJACK_CFB8: 1232 | return "CKM_SKIPJACK_CFB8"; 1233 | case CKM_SKIPJACK_WRAP: 1234 | return "CKM_SKIPJACK_WRAP"; 1235 | case CKM_SKIPJACK_PRIVATE_WRAP: 1236 | return "CKM_SKIPJACK_PRIVATE_WRAP"; 1237 | case CKM_SKIPJACK_RELAYX: 1238 | return "CKM_SKIPJACK_RELAYX"; 1239 | case CKM_KEA_KEY_PAIR_GEN: 1240 | return "CKM_KEA_KEY_PAIR_GEN"; 1241 | case CKM_KEA_KEY_DERIVE: 1242 | return "CKM_KEA_KEY_DERIVE"; 1243 | case CKM_FORTEZZA_TIMESTAMP: 1244 | return "CKM_FORTEZZA_TIMESTAMP"; 1245 | case CKM_BATON_KEY_GEN: 1246 | return "CKM_BATON_KEY_GEN"; 1247 | case CKM_BATON_ECB128: 1248 | return "CKM_BATON_ECB128"; 1249 | case CKM_BATON_ECB96: 1250 | return "CKM_BATON_ECB96"; 1251 | case CKM_BATON_CBC128: 1252 | return "CKM_BATON_CBC128"; 1253 | case CKM_BATON_COUNTER: 1254 | return "CKM_BATON_COUNTER"; 1255 | case CKM_BATON_SHUFFLE: 1256 | return "CKM_BATON_SHUFFLE"; 1257 | case CKM_BATON_WRAP: 1258 | return "CKM_BATON_WRAP"; 1259 | case CKM_EC_KEY_PAIR_GEN: 1260 | return "CKM_EC_KEY_PAIR_GEN"; 1261 | case CKM_ECDSA: 1262 | return "CKM_ECDSA"; 1263 | case CKM_ECDSA_SHA1: 1264 | return "CKM_ECDSA_SHA1"; 1265 | case CKM_ECDH1_DERIVE: 1266 | return "CKM_ECDH1_DERIVE"; 1267 | case CKM_ECDH1_COFACTOR_DERIVE: 1268 | return "CKM_ECDH1_COFACTOR_DERIVE"; 1269 | case CKM_ECMQV_DERIVE: 1270 | return "CKM_ECMQV_DERIVE"; 1271 | case CKM_JUNIPER_KEY_GEN: 1272 | return "CKM_JUNIPER_KEY_GEN"; 1273 | case CKM_JUNIPER_ECB128: 1274 | return "CKM_JUNIPER_ECB128"; 1275 | case CKM_JUNIPER_CBC128: 1276 | return "CKM_JUNIPER_CBC128"; 1277 | case CKM_JUNIPER_COUNTER: 1278 | return "CKM_JUNIPER_COUNTER"; 1279 | case CKM_JUNIPER_SHUFFLE: 1280 | return "CKM_JUNIPER_SHUFFLE"; 1281 | case CKM_JUNIPER_WRAP: 1282 | return "CKM_JUNIPER_WRAP"; 1283 | case CKM_FASTHASH: 1284 | return "CKM_FASTHASH"; 1285 | case CKM_AES_KEY_GEN: 1286 | return "CKM_AES_KEY_GEN"; 1287 | case CKM_AES_ECB: 1288 | return "CKM_AES_ECB"; 1289 | case CKM_AES_CBC: 1290 | return "CKM_AES_CBC"; 1291 | case CKM_AES_MAC: 1292 | return "CKM_AES_MAC"; 1293 | case CKM_AES_MAC_GENERAL: 1294 | return "CKM_AES_MAC_GENERAL"; 1295 | case CKM_AES_CBC_PAD: 1296 | return "CKM_AES_CBC_PAD"; 1297 | case CKM_AES_CTR: 1298 | return "CKM_AES_CTR"; 1299 | case CKM_BLOWFISH_KEY_GEN: 1300 | return "CKM_BLOWFISH_KEY_GEN"; 1301 | case CKM_BLOWFISH_CBC: 1302 | return "CKM_BLOWFISH_CBC"; 1303 | case CKM_TWOFISH_KEY_GEN: 1304 | return "CKM_TWOFISH_KEY_GEN"; 1305 | case CKM_TWOFISH_CBC: 1306 | return "CKM_TWOFISH_CBC"; 1307 | case CKM_DES_ECB_ENCRYPT_DATA: 1308 | return "CKM_DES_ECB_ENCRYPT_DATA"; 1309 | case CKM_DES_CBC_ENCRYPT_DATA: 1310 | return "CKM_DES_CBC_ENCRYPT_DATA"; 1311 | case CKM_DES3_ECB_ENCRYPT_DATA: 1312 | return "CKM_DES3_ECB_ENCRYPT_DATA"; 1313 | case CKM_DES3_CBC_ENCRYPT_DATA: 1314 | return "CKM_DES3_CBC_ENCRYPT_DATA"; 1315 | case CKM_AES_ECB_ENCRYPT_DATA: 1316 | return "CKM_AES_ECB_ENCRYPT_DATA"; 1317 | case CKM_AES_CBC_ENCRYPT_DATA: 1318 | return "CKM_AES_CBC_ENCRYPT_DATA"; 1319 | case CKM_DSA_PARAMETER_GEN: 1320 | return "CKM_DSA_PARAMETER_GEN"; 1321 | case CKM_DH_PKCS_PARAMETER_GEN: 1322 | return "CKM_DH_PKCS_PARAMETER_GEN"; 1323 | case CKM_X9_42_DH_PARAMETER_GEN: 1324 | return "CKM_X9_42_DH_PARAMETER_GEN"; 1325 | case CKM_VENDOR_DEFINED: 1326 | return "CKM_VENDOR_DEFINED"; 1327 | defult: 1328 | break; 1329 | } 1330 | 1331 | sprintf(buffer, "0x%08X", mechType); 1332 | 1333 | return buffer; 1334 | } 1335 | -------------------------------------------------------------------------------- /src/mechanisms.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | mechanisms.h 31 | 32 | Functions for mechanism tests 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_MECHANISMS_H 36 | #define _PKCS11_TESTING_MECHANISMS_H 37 | 38 | #include "cryptoki.h" 39 | 40 | int showMechs(char *slot); 41 | int testDNSSEC(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 42 | int testSuiteB(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 43 | 44 | // showMechs helper functions 45 | void printMechInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE mechType); 46 | void printMechKeySize(CK_ULONG ulMinKeySize, CK_ULONG ulMaxKeySize); 47 | void printMechFlags(CK_FLAGS flags); 48 | 49 | // testDNSSEC helper functions 50 | int testDNSSEC_digest(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 51 | int testDNSSEC_rsa_keygen(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 52 | int testDNSSEC_rsa_sign(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 53 | int testDNSSEC_dsa_keygen(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 54 | int testDNSSEC_dsa_sign(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 55 | 56 | // testSuiteB helper functions 57 | int testSuiteB_AES(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 58 | int testSuiteB_ECDSA(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 59 | int testSuiteB_ECDH(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 60 | int testSuiteB_SHA(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession); 61 | 62 | // Internal functions 63 | const char* getMechName(CK_MECHANISM_TYPE mechType); 64 | 65 | #endif // !_PKCS11_TESTING_MECHANISMS_H 66 | -------------------------------------------------------------------------------- /src/pkcs11-testing.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | pkcs11-testing.cpp 31 | 32 | This program can be used for testing HSMs using PKCS#11. 33 | *****************************************************************************/ 34 | 35 | #include 36 | #include "pkcs11-testing.h" 37 | #include "session.h" 38 | #include "library.h" 39 | #include "mechanisms.h" 40 | #include "showslots.h" 41 | #include "publickey.h" 42 | #include "import.h" 43 | #include "error.h" 44 | #include "stability.h" 45 | 46 | #include 47 | #include 48 | #include 49 | #include 50 | #include 51 | #include 52 | #include 53 | 54 | // Display the usage 55 | void usage() 56 | { 57 | printf("Program for testing HSMs using PKCS#11\n"); 58 | printf("Usage: pkcs11-testing [ACTION] [OPTIONS]\n"); 59 | printf("[ACTIONS]\n"); 60 | printf(" -h Shows this help screen.\n"); 61 | printf(" --help Shows this help screen.\n"); 62 | printf(" --show-mechanisms Display the available mechanisms.\n"); 63 | printf(" --show-slots Display the available slots.\n"); 64 | printf(" --test-all Run all tests (except stability test)\n"); 65 | printf(" --test-dnssec Test if the DNSSEC algorithms are available.\n"); 66 | printf(" --test-rsaimport Test if RSA keys can be imported.\n"); 67 | printf(" --test-rsapub Test if the public information is available in the private key.\n"); 68 | printf(" --test-stability Test if the HSM is stable. Creating keys and signing.\n"); 69 | printf(" --test-suiteb Test if the NSA Suite B algorithms are available.\n"); 70 | printf(" -v Show version info.\n"); 71 | printf(" --version Show version info.\n"); 72 | printf("[OPTIONS]\n"); 73 | printf(" --batchjobs The number of batchjobs in the stability test.\n"); 74 | printf(" --module The path to the PKCS#11 library.\n"); 75 | printf(" --pin The PIN for the normal user.\n"); 76 | printf(" --rollovers The number of rollovers in the stability test.\n"); 77 | printf(" --signatures The number of signatures in the stability test.\n"); 78 | printf(" --sleep The time between each batchjob.\n"); 79 | printf(" --slot The slot where the token is located.\n"); 80 | } 81 | 82 | // Enumeration of the long options 83 | enum { 84 | OPT_BATCHJOBS = 0x100, 85 | OPT_HELP, 86 | OPT_MODULE, 87 | OPT_PIN, 88 | OPT_ROLLOVERS, 89 | OPT_SHOW_MECHANISMS, 90 | OPT_SHOW_SLOTS, 91 | OPT_SIGNATURES, 92 | OPT_SLEEP, 93 | OPT_SLOT, 94 | OPT_TEST_ALL, 95 | OPT_TEST_DNSSEC, 96 | OPT_TEST_RSAIMPORT, 97 | OPT_TEST_RSAPUB, 98 | OPT_TEST_STABILITY, 99 | OPT_TEST_SUITEB, 100 | OPT_VERSION 101 | }; 102 | 103 | // Text representation of the long options 104 | static const struct option long_options[] = { 105 | { "batchjobs", 1, NULL, OPT_BATCHJOBS }, 106 | { "help", 0, NULL, OPT_HELP }, 107 | { "module", 1, NULL, OPT_MODULE }, 108 | { "pin", 1, NULL, OPT_PIN }, 109 | { "rollovers", 1, NULL, OPT_ROLLOVERS }, 110 | { "show-mechanisms", 0, NULL, OPT_SHOW_MECHANISMS }, 111 | { "show-slots", 0, NULL, OPT_SHOW_SLOTS }, 112 | { "signatures", 1, NULL, OPT_SIGNATURES }, 113 | { "sleep", 1, NULL, OPT_SLEEP }, 114 | { "slot", 1, NULL, OPT_SLOT }, 115 | { "test-all", 0, NULL, OPT_TEST_ALL }, 116 | { "test-dnssec", 0, NULL, OPT_TEST_DNSSEC }, 117 | { "test-rsaimport", 0, NULL, OPT_TEST_RSAIMPORT }, 118 | { "test-rsapub", 0, NULL, OPT_TEST_RSAPUB }, 119 | { "test-stability", 0, NULL, OPT_TEST_STABILITY }, 120 | { "test-suiteb", 0, NULL, OPT_TEST_SUITEB }, 121 | { "version", 0, NULL, OPT_VERSION }, 122 | { NULL, 0, NULL, 0 } 123 | }; 124 | 125 | CK_FUNCTION_LIST_PTR p11; 126 | 127 | // The main function 128 | int main(int argc, char *argv[]) 129 | { 130 | int option_index = 0, opt, retVal = 0, action = 0, needSession = 0; 131 | 132 | int rollovers = 2; 133 | int batchjobs = 2; 134 | int signatures = 100; 135 | int sleepTime = 15; 136 | char *userPIN = NULL; 137 | char *module = NULL; 138 | char *slot = NULL; 139 | CK_SLOT_ID slotID; 140 | CK_SESSION_HANDLE hSession; 141 | 142 | CK_C_GetFunctionList pGetFunctionList; 143 | CK_RV rv; 144 | 145 | moduleHandle = NULL; 146 | p11 = NULL; 147 | 148 | while ((opt = getopt_long(argc, argv, "hv", long_options, &option_index)) != -1) 149 | { 150 | switch (opt) 151 | { 152 | case OPT_SHOW_MECHANISMS: 153 | case OPT_SHOW_SLOTS: 154 | action = opt; 155 | break; 156 | case OPT_TEST_ALL: 157 | case OPT_TEST_DNSSEC: 158 | case OPT_TEST_RSAIMPORT: 159 | case OPT_TEST_RSAPUB: 160 | case OPT_TEST_STABILITY: 161 | case OPT_TEST_SUITEB: 162 | needSession = 1; 163 | action = opt; 164 | break; 165 | case OPT_BATCHJOBS: 166 | batchjobs = atoi(optarg); 167 | break; 168 | case OPT_ROLLOVERS: 169 | rollovers = atoi(optarg); 170 | break; 171 | case OPT_SIGNATURES: 172 | signatures = atoi(optarg); 173 | break; 174 | case OPT_SLEEP: 175 | sleepTime = atoi(optarg); 176 | break; 177 | case OPT_SLOT: 178 | slot = optarg; 179 | break; 180 | case OPT_MODULE: 181 | module = optarg; 182 | break; 183 | case OPT_PIN: 184 | userPIN = optarg; 185 | break; 186 | case OPT_VERSION: 187 | case 'v': 188 | printf("%s\n", PACKAGE_VERSION); 189 | exit(0); 190 | break; 191 | case OPT_HELP: 192 | case 'h': 193 | default: 194 | usage(); 195 | exit(0); 196 | break; 197 | } 198 | } 199 | 200 | // No action given, display the usage. 201 | if (!action) 202 | { 203 | usage(); 204 | exit(0); 205 | } 206 | 207 | if (module == NULL) 208 | { 209 | fprintf(stderr, "Please provide the path to the PKCS#11 library by using --module\n"); 210 | exit(1); 211 | } 212 | 213 | // Get a pointer to the function list for PKCS#11 library 214 | pGetFunctionList = loadLibrary(module, &moduleHandle); 215 | if (pGetFunctionList == NULL) 216 | { 217 | fprintf(stderr, "ERROR: Could not load the library.\n"); 218 | exit(1); 219 | } 220 | 221 | // Load the function list 222 | (*pGetFunctionList)(&p11); 223 | 224 | // Initialize the library 225 | rv = p11->C_Initialize(NULL_PTR); 226 | if (rv != CKR_OK) 227 | { 228 | fprintf(stderr, "ERROR: Could not initialize the library. rv=%s\n", rv2string(rv)); 229 | exit(1); 230 | } 231 | 232 | if (needSession) 233 | { 234 | retVal = openLogin(slot, userPIN, &slotID, &hSession); 235 | if (retVal) 236 | { 237 | // Finalize the library 238 | p11->C_Finalize(NULL_PTR); 239 | unloadLibrary(moduleHandle); 240 | 241 | return retVal; 242 | } 243 | } 244 | 245 | switch (action) 246 | { 247 | case OPT_SHOW_MECHANISMS: 248 | retVal = showMechs(slot); 249 | break; 250 | case OPT_SHOW_SLOTS: 251 | retVal = showSlots(); 252 | break; 253 | case OPT_TEST_ALL: 254 | if (testDNSSEC(slotID, hSession)) retVal = 1; 255 | if (testSuiteB(slotID, hSession)) retVal = 1; 256 | if (testRSAPub(hSession)) retVal = 1; 257 | if (testRSAImport(hSession)) retVal = 1; 258 | break; 259 | case OPT_TEST_DNSSEC: 260 | retVal = testDNSSEC(slotID, hSession); 261 | break; 262 | case OPT_TEST_RSAIMPORT: 263 | retVal = testRSAImport(hSession); 264 | break; 265 | case OPT_TEST_RSAPUB: 266 | retVal = testRSAPub(hSession); 267 | break; 268 | case OPT_TEST_STABILITY: 269 | retVal = testStability(slotID, hSession, rollovers, batchjobs, signatures, sleepTime); 270 | break; 271 | case OPT_TEST_SUITEB: 272 | retVal = testSuiteB(slotID, hSession); 273 | break; 274 | default: 275 | break; 276 | } 277 | 278 | // Finalize the library 279 | p11->C_Finalize(NULL_PTR); 280 | unloadLibrary(moduleHandle); 281 | 282 | return retVal; 283 | } 284 | -------------------------------------------------------------------------------- /src/pkcs11-testing.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | pkcs11-testing.h 31 | 32 | This program can be used for testing HSMs using PKCS#11. 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_H 36 | #define _PKCS11_TESTING_H 37 | 38 | #include "cryptoki.h" 39 | 40 | // Main functions 41 | 42 | void usage(); 43 | 44 | /// Library 45 | static void *moduleHandle; 46 | 47 | #endif // !_PKCS11_TESTING_H 48 | -------------------------------------------------------------------------------- /src/publickey.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | publickey.cpp 31 | 32 | Functions for public key tests 33 | *****************************************************************************/ 34 | 35 | #include "publickey.h" 36 | #include "error.h" 37 | 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | 44 | 45 | extern CK_FUNCTION_LIST_PTR p11; 46 | 47 | int testRSAPub(CK_SESSION_HANDLE hSession) 48 | { 49 | CK_RV rv; 50 | int retVal = 0; 51 | 52 | CK_BBOOL ckTrue = CK_TRUE; 53 | CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; 54 | CK_BYTE publicExponent[] = { 1, 0, 1 }; 55 | CK_ULONG modulusBits = 1024; 56 | CK_MECHANISM mechanism = { 57 | CKM_VENDOR_DEFINED, NULL_PTR, 0 58 | }; 59 | CK_OBJECT_HANDLE hPublicKey, hPrivateKey; 60 | 61 | CK_ATTRIBUTE publicKeyTemplate[] = { 62 | { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, 63 | { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, 64 | { CKA_WRAP, &ckTrue, sizeof(ckTrue) }, 65 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 66 | { CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits) }, 67 | { CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) } 68 | }; 69 | CK_ATTRIBUTE privateKeyTemplate[] = { 70 | { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, 71 | { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, 72 | { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, 73 | { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, 74 | { CKA_UNWRAP, &ckTrue, sizeof(ckTrue) }, 75 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) } 76 | }; 77 | 78 | printf("\n******************************************************\n"); 79 | printf("* Test for public information in the RSA private key *\n"); 80 | printf("******************************************************\n\n"); 81 | printf("You normally have a public and private key object.\n"); 82 | printf("But the private key could contain all the necessary\n"); 83 | printf("information in order to export the public key from the\n"); 84 | printf("private key object. However, PKCS#11 cannot guarantee\n"); 85 | printf("that the HSM can do this. If the private key object\n"); 86 | printf("has all the necessary information, then you only need\n"); 87 | printf("to keep the private key. Thus saving space in the HSM.\n\n"); 88 | 89 | printf("Generate a key pair: "); 90 | rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, &hPublicKey, &hPrivateKey); 91 | if (rv != CKR_OK) 92 | { 93 | printf("Failed to generate a keypair. rv=%s\n", rv2string(rv)); 94 | return 1; 95 | } 96 | printf("OK\n"); 97 | 98 | retVal = testRSAPub_keypair(hSession, hPublicKey, hPrivateKey); 99 | 100 | p11->C_DestroyObject(hSession, hPublicKey); 101 | p11->C_DestroyObject(hSession, hPrivateKey); 102 | 103 | return retVal; 104 | } 105 | 106 | int testRSAPub_keypair(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey) 107 | { 108 | CK_RV rv; 109 | CK_ATTRIBUTE pubTemplate[] = { 110 | { CKA_PUBLIC_EXPONENT, NULL_PTR, 0 }, 111 | { CKA_MODULUS, NULL_PTR, 0 } 112 | }; 113 | CK_BYTE_PTR public_exponent1 = NULL; 114 | CK_BYTE_PTR public_exponent2 = NULL; 115 | CK_ULONG public_exponent_len1 = 0; 116 | CK_ULONG public_exponent_len2 = 0; 117 | CK_BYTE_PTR modulus1 = NULL; 118 | CK_BYTE_PTR modulus2 = NULL; 119 | CK_ULONG modulus_len1 = 0; 120 | CK_ULONG modulus_len2 = 0; 121 | int retVal = 0; 122 | 123 | printf("Public key information from public key object: "); 124 | 125 | // Get buffer sizes 126 | rv = p11->C_GetAttributeValue(hSession, hPublicKey, pubTemplate, 2); 127 | if (rv != CKR_OK) 128 | { 129 | printf("Failed to get the size of modulus and pubexp. rv=%s\n", rv2string(rv)); 130 | return 1; 131 | } 132 | 133 | // Allocate memory 134 | public_exponent_len1 = pubTemplate[0].ulValueLen; 135 | modulus_len1 = pubTemplate[1].ulValueLen; 136 | public_exponent1 = (CK_BYTE_PTR)malloc(public_exponent_len1); 137 | pubTemplate[0].pValue = public_exponent1; 138 | if (public_exponent1 == NULL) 139 | { 140 | printf("Failed to allocate memory\n"); 141 | return 1; 142 | } 143 | modulus1 = (CK_BYTE_PTR)malloc(modulus_len1); 144 | pubTemplate[1].pValue = modulus1; 145 | if (modulus1 == NULL) 146 | { 147 | printf("Failed to allocate memory\n"); 148 | free(public_exponent1); 149 | return 1; 150 | } 151 | 152 | // Get the information from the public key 153 | rv = p11->C_GetAttributeValue(hSession, hPublicKey, pubTemplate, 2); 154 | if (rv != CKR_OK) 155 | { 156 | printf("Failed to get the modulus and pubexp. rv=%s\n", rv2string(rv)); 157 | free(public_exponent1); 158 | free(modulus1); 159 | return 1; 160 | } 161 | 162 | printf("OK\n"); 163 | 164 | printf("Public key information from private key object: "); 165 | 166 | // Get buffer sizes 167 | pubTemplate[0].ulValueLen = 0; 168 | pubTemplate[1].ulValueLen = 0; 169 | pubTemplate[0].pValue = NULL_PTR; 170 | pubTemplate[1].pValue = NULL_PTR; 171 | rv = p11->C_GetAttributeValue(hSession, hPrivateKey, pubTemplate, 2); 172 | if (rv == CKR_ATTRIBUTE_TYPE_INVALID) 173 | { 174 | printf("Failed. The modulus or pubexp does not exist\n"); 175 | free(public_exponent1); 176 | free(modulus1); 177 | return 1; 178 | } 179 | if (rv != CKR_OK) 180 | { 181 | printf("Failed to get the size of modulus and pubexp. rv=%s\n", rv2string(rv)); 182 | free(public_exponent1); 183 | free(modulus1); 184 | return 1; 185 | } 186 | 187 | // Allocate memory 188 | public_exponent_len2 = pubTemplate[0].ulValueLen; 189 | modulus_len2 = pubTemplate[1].ulValueLen; 190 | public_exponent2 = (CK_BYTE_PTR)malloc(public_exponent_len2); 191 | pubTemplate[0].pValue = public_exponent2; 192 | if (public_exponent2 == NULL) 193 | { 194 | printf("Failed to allocate memory\n"); 195 | free(public_exponent1); 196 | free(modulus1); 197 | return 1; 198 | } 199 | modulus2 = (CK_BYTE_PTR)malloc(modulus_len2); 200 | pubTemplate[1].pValue = modulus2; 201 | if (modulus2 == NULL) 202 | { 203 | printf("Failed to allocate memory\n"); 204 | free(public_exponent1); 205 | free(modulus1); 206 | free(public_exponent2); 207 | return 1; 208 | } 209 | 210 | // Get the information from the private key 211 | rv = p11->C_GetAttributeValue(hSession, hPrivateKey, pubTemplate, 2); 212 | if (rv != CKR_OK) 213 | { 214 | printf("Failed to get the modulus and pubexp. rv=%s\n", rv2string(rv)); 215 | free(public_exponent1); 216 | free(modulus1); 217 | free(public_exponent2); 218 | free(modulus2); 219 | return 1; 220 | } 221 | 222 | printf("OK\n"); 223 | printf("Testing if the data is equal: "); 224 | 225 | // Make sure that the information from the public and private key are equal 226 | if 227 | ( 228 | public_exponent_len1 != public_exponent_len2 || 229 | memcmp(public_exponent1, public_exponent2, public_exponent_len1) != 0 || 230 | modulus_len1 != modulus_len2 || 231 | memcmp(modulus1, modulus2, modulus_len1) != 0 232 | ) 233 | { 234 | printf("Not equal\n"); 235 | retVal = 1; 236 | } 237 | else 238 | { 239 | printf("OK\n"); 240 | } 241 | 242 | printf("\nFrom public key:\n"); 243 | printf("Public exponent: "); 244 | printBinBuffer(public_exponent1, public_exponent_len1); 245 | printf("Modulus: "); 246 | printBinBuffer(modulus1, modulus_len1); 247 | 248 | printf("\nFrom private key:\n"); 249 | printf("Public exponent: "); 250 | printBinBuffer(public_exponent2, public_exponent_len2); 251 | printf("Modulus: "); 252 | printBinBuffer(modulus2, modulus_len2); 253 | 254 | free(public_exponent1); 255 | free(modulus1); 256 | free(public_exponent2); 257 | free(modulus2); 258 | 259 | return retVal; 260 | } 261 | 262 | void printBinBuffer(void *pValue, unsigned long ulValueLen) 263 | { 264 | char *buffer = (char*)pValue; 265 | 266 | if (buffer != NULL) 267 | { 268 | for (int i = 0; i < ulValueLen; i++) 269 | { 270 | printf("%02X", buffer[i] & 0xFF); 271 | } 272 | } 273 | 274 | printf("\n"); 275 | } 276 | -------------------------------------------------------------------------------- /src/publickey.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | publickey.h 31 | 32 | Functions for public key tests 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_PUBLICKEY_H 36 | #define _PKCS11_TESTING_PUBLICKEY_H 37 | 38 | #include "cryptoki.h" 39 | 40 | int testRSAPub(CK_SESSION_HANDLE hSession); 41 | 42 | // Internal 43 | int testRSAPub_keypair(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey); 44 | void printBinBuffer(void *pValue, unsigned long ulValueLen); 45 | 46 | #endif // !_PKCS11_TESTING_PUBLICKEY_H 47 | -------------------------------------------------------------------------------- /src/session.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | session.cpp 31 | 32 | Functions for session handling 33 | *****************************************************************************/ 34 | 35 | #include "session.h" 36 | #include "config.h" 37 | #include "getpw.h" 38 | #include "error.h" 39 | 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | 47 | extern CK_FUNCTION_LIST_PTR p11; 48 | 49 | int openLogin(char *slot, char *pin, CK_SLOT_ID *slotID, CK_SESSION_HANDLE *hSession) 50 | { 51 | CK_RV rv; 52 | int retVal = 0; 53 | char user_pin_copy[MAX_PIN_LEN+1]; 54 | 55 | if (slotID == NULL || hSession == NULL) 56 | { 57 | return 1; 58 | } 59 | 60 | if (slot == NULL) 61 | { 62 | fprintf(stderr, "ERROR: A slot number must be supplied. " 63 | "Use --slot \n"); 64 | return 1; 65 | } 66 | *slotID = atoi(slot); 67 | 68 | // Open a session 69 | rv = p11->C_OpenSession(*slotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, hSession); 70 | if (rv == CKR_SLOT_ID_INVALID) 71 | { 72 | fprintf(stderr, "ERROR: The slot does not exist.\n"); 73 | return 1; 74 | } 75 | if (rv != CKR_OK) 76 | { 77 | fprintf(stderr, "ERROR: Could not open a session. rv=%s\n", rv2string(rv)); 78 | return 1; 79 | } 80 | 81 | // Login 82 | getPW(pin, user_pin_copy, CKU_USER); 83 | rv = p11->C_Login(*hSession, CKU_USER, (CK_UTF8CHAR_PTR)user_pin_copy, strlen(user_pin_copy)); 84 | if (rv != CKR_OK) 85 | { 86 | if (rv == CKR_PIN_INCORRECT) { 87 | fprintf(stderr, "ERROR: The given user PIN does not match the one in the token.\n"); 88 | } 89 | else 90 | { 91 | fprintf(stderr, "ERROR: Could not log in on the token. rv=%s\n", rv2string(rv)); 92 | } 93 | return 1; 94 | } 95 | 96 | return 0; 97 | } 98 | -------------------------------------------------------------------------------- /src/session.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | session.h 31 | 32 | Functions for session handling 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_SESSION_H 36 | #define _PKCS11_TESTING_SESSION_H 37 | 38 | #include "cryptoki.h" 39 | 40 | int openLogin(char *slot, char *pin, CK_SLOT_ID *slotID, CK_SESSION_HANDLE *hSession); 41 | 42 | #endif // !_PKCS11_TESTING_PUBLICKEY_H 43 | -------------------------------------------------------------------------------- /src/showslots.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | showslots.cpp 31 | 32 | Show the slots available in the HSM 33 | *****************************************************************************/ 34 | 35 | #include "showslots.h" 36 | #include "cryptoki.h" 37 | #include "error.h" 38 | 39 | #include 40 | #include 41 | #include 42 | #include 43 | 44 | extern CK_FUNCTION_LIST_PTR p11; 45 | 46 | int showSlots() 47 | { 48 | CK_ULONG ulSlotCount; 49 | CK_RV rv = p11->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount); 50 | if (rv != CKR_OK) 51 | { 52 | fprintf(stderr, "ERROR: Could not get the number of slots. rv=%s\n", rv2string(rv)); 53 | return 1; 54 | } 55 | 56 | CK_SLOT_ID_PTR pSlotList = (CK_SLOT_ID_PTR) malloc(ulSlotCount*sizeof(CK_SLOT_ID)); 57 | if (!pSlotList) 58 | { 59 | fprintf(stderr, "ERROR: Could not allocate memory.\n"); 60 | return 1; 61 | } 62 | 63 | rv = p11->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount); 64 | if (rv != CKR_OK) 65 | { 66 | fprintf(stderr, "ERROR: Could not get the slot list. rv=%s\n", rv2string(rv)); 67 | free(pSlotList); 68 | return 1; 69 | } 70 | 71 | printf("Available slots:\n"); 72 | 73 | for (unsigned int i = 0; i < ulSlotCount; i++) 74 | { 75 | CK_SLOT_INFO slotInfo; 76 | CK_TOKEN_INFO tokenInfo; 77 | 78 | rv = p11->C_GetSlotInfo(pSlotList[i], &slotInfo); 79 | if (rv != CKR_OK) 80 | { 81 | fprintf(stderr, "ERROR: Could not get info about slot %lu. rv=%s\n", pSlotList[i], rv2string(rv)); 82 | continue; 83 | } 84 | 85 | printf("Slot %lu\n", pSlotList[i]); 86 | printf(" Slot info:\n"); 87 | printf(" Description: %.*s\n", 64, slotInfo.slotDescription); 88 | printf(" Manufacturer ID: %.*s\n", 32, slotInfo.manufacturerID); 89 | printf(" Hardware version: %i.%i\n", slotInfo.hardwareVersion.major, 90 | slotInfo.hardwareVersion.minor); 91 | printf(" Firmware version: %i.%i\n", slotInfo.firmwareVersion.major, 92 | slotInfo.firmwareVersion.minor); 93 | printf(" Token present: "); 94 | if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) 95 | { 96 | printf("no\n"); 97 | continue; 98 | } 99 | 100 | printf("yes\n"); 101 | printf(" Token info:\n"); 102 | 103 | rv = p11->C_GetTokenInfo(pSlotList[i], &tokenInfo); 104 | if (rv != CKR_OK) 105 | { 106 | fprintf(stderr, "ERROR: Could not get info about the token in slot %lu. rv=%s\n", 107 | pSlotList[i], rv2string(rv)); 108 | continue; 109 | } 110 | 111 | printf(" Manufacturer ID: %.*s\n", 32, tokenInfo.manufacturerID); 112 | printf(" Model: %.*s\n", 16, tokenInfo.model); 113 | printf(" Hardware version: %i.%i\n", tokenInfo.hardwareVersion.major, 114 | tokenInfo.hardwareVersion.minor); 115 | printf(" Firmware version: %i.%i\n", tokenInfo.firmwareVersion.major, 116 | tokenInfo.firmwareVersion.minor); 117 | printf(" Serial number: %.*s\n", 16, tokenInfo.serialNumber); 118 | printf(" Initialized: "); 119 | if ((tokenInfo.flags & CKF_TOKEN_INITIALIZED) == 0) 120 | { 121 | printf("no\n"); 122 | } 123 | else 124 | { 125 | printf("yes\n"); 126 | } 127 | 128 | printf(" User PIN init.: "); 129 | if ((tokenInfo.flags & CKF_USER_PIN_INITIALIZED) == 0) 130 | { 131 | printf("no\n"); 132 | } 133 | else 134 | { 135 | printf("yes\n"); 136 | } 137 | 138 | printf(" Label: %.*s\n", 32, tokenInfo.label); 139 | } 140 | 141 | free(pSlotList); 142 | 143 | return 0; 144 | } 145 | -------------------------------------------------------------------------------- /src/showslots.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | showslots.h 31 | 32 | Show the slots available in the HSM 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_SHOWSLOTS_H 36 | #define _PKCS11_TESTING_SHOWSLOTS_H 37 | 38 | int showSlots(); 39 | 40 | #endif // !_PKCS11_TESTING_SHOWSLOTS_H 41 | -------------------------------------------------------------------------------- /src/stability.cpp: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | stability.cpp 31 | 32 | Functions for stability test 33 | *****************************************************************************/ 34 | 35 | #include "stability.h" 36 | #include "error.h" 37 | 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | 44 | 45 | extern CK_FUNCTION_LIST_PTR p11; 46 | 47 | int testStability(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession, int rollovers, int batchjobs, int signatures, int sleepTime) 48 | { 49 | CK_RV rv; 50 | int retVal = 0; 51 | CK_OBJECT_HANDLE hPublicKey, hPrivateKey; 52 | CK_SESSION_HANDLE hSessionTmp; 53 | CK_BYTE_PTR pSignature = NULL; 54 | CK_ULONG ulSignatureLen = 0; 55 | CK_BYTE pData[] = {"Text"}; 56 | CK_ULONG ulDataLen = sizeof(pData)-1; 57 | 58 | printf("\n********************************************************\n"); 59 | printf("* Test for stability during key generation and signing *\n"); 60 | printf("********************************************************\n\n"); 61 | printf("This test will perform the following:\n\n"); 62 | printf("* Key rollovers = %i\n", rollovers); 63 | printf(" The number of times that the key pair will be replaced.\n"); 64 | printf("* Batchjobs = %i\n", batchjobs); 65 | printf(" The number of batchjobs for each key pair.\n"); 66 | printf("* signatures = %i\n", signatures); 67 | printf(" Each batchjob will create signatures and verify them.\n"); 68 | printf("* sleep time = %i\n", sleepTime); 69 | printf(" The process will sleep between the batchjobs.\n\n"); 70 | 71 | for (int i = 0; i <= rollovers; i++) 72 | { 73 | // Generate key pair 74 | if (testStability_generate(hSession, &hPublicKey, &hPrivateKey)) 75 | { 76 | retVal = 1; 77 | continue; 78 | } 79 | 80 | for (int j = 0; j < batchjobs; j++) 81 | { 82 | // Open Session 83 | rv = p11->C_OpenSession(slotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionTmp); 84 | if (rv != CKR_OK) 85 | { 86 | printf("ERROR: Failed to open a session. rv=%s\n", rv2string(rv)); 87 | retVal = 1; 88 | continue; 89 | } 90 | 91 | printf("Creating signatures and verifying them...\n"); 92 | 93 | for (int k = 0; k < signatures; k++) 94 | { 95 | // Sign data 96 | if (testStability_sign( 97 | hSessionTmp, 98 | hPrivateKey, 99 | pData, 100 | ulDataLen, 101 | &pSignature, 102 | &ulSignatureLen)) 103 | { 104 | retVal = 1; 105 | continue; 106 | } 107 | 108 | // Verify signature 109 | if (testStability_verify( 110 | hSessionTmp, 111 | hPublicKey, 112 | pData, 113 | ulDataLen, 114 | pSignature, 115 | ulSignatureLen)) 116 | { 117 | retVal = 1; 118 | } 119 | 120 | // Clean up 121 | if (pSignature != NULL) 122 | { 123 | free(pSignature); 124 | pSignature = NULL; 125 | ulSignatureLen = 0; 126 | } 127 | } 128 | 129 | // Close session 130 | rv = p11->C_CloseSession(hSessionTmp); 131 | if (rv != CKR_OK) 132 | { 133 | printf("ERROR: Failed to close session. rv=%s\n", rv2string(rv)); 134 | retVal = 1; 135 | } 136 | 137 | // Sleep 138 | printf("Sleeping for %i seconds...\n", sleepTime); 139 | sleep(sleepTime); 140 | } 141 | 142 | // Delete key pair 143 | printf("Deleting the key pair...\n"); 144 | rv = p11->C_DestroyObject(hSession, hPublicKey); 145 | if (rv != CKR_OK) 146 | { 147 | printf("ERROR: Failed to delete the public key. rv=%s\n", rv2string(rv)); 148 | retVal = 1; 149 | } 150 | rv = p11->C_DestroyObject(hSession, hPrivateKey); 151 | if (rv != CKR_OK) 152 | { 153 | printf("ERROR: Failed to delete the private key. rv=%s\n", rv2string(rv)); 154 | retVal = 1; 155 | } 156 | } 157 | 158 | if (retVal == 0) 159 | { 160 | printf("\nThe test was performed successfully.\n"); 161 | } 162 | else 163 | { 164 | printf("\nThe test was not performed successfully.\n"); 165 | } 166 | 167 | return retVal; 168 | } 169 | 170 | int testStability_generate(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE *hPublicKey, CK_OBJECT_HANDLE *hPrivateKey) 171 | { 172 | CK_RV rv; 173 | CK_BBOOL ckTrue = CK_TRUE; 174 | CK_MECHANISM keyGenMechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; 175 | CK_BYTE publicExponent[] = { 1, 0, 1 }; 176 | CK_ULONG modulusBits = 1024; 177 | CK_MECHANISM mechanism = { 178 | CKM_VENDOR_DEFINED, NULL_PTR, 0 179 | }; 180 | 181 | CK_ATTRIBUTE publicKeyTemplate[] = { 182 | { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, 183 | { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, 184 | { CKA_WRAP, &ckTrue, sizeof(ckTrue) }, 185 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) }, 186 | { CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits) }, 187 | { CKA_PUBLIC_EXPONENT, &publicExponent, sizeof(publicExponent) } 188 | }; 189 | CK_ATTRIBUTE privateKeyTemplate[] = { 190 | { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) }, 191 | { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) }, 192 | { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, 193 | { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, 194 | { CKA_UNWRAP, &ckTrue, sizeof(ckTrue) }, 195 | { CKA_TOKEN, &ckTrue, sizeof(ckTrue) } 196 | }; 197 | 198 | printf("Generating a key pair...\n"); 199 | rv = p11->C_GenerateKeyPair(hSession, &keyGenMechanism, publicKeyTemplate, 6, privateKeyTemplate, 6, hPublicKey, hPrivateKey); 200 | if (rv != CKR_OK) 201 | { 202 | printf("ERROR: Failed to generate a keypair. rv=%s\n", rv2string(rv)); 203 | return 1; 204 | } 205 | 206 | return 0; 207 | } 208 | 209 | int testStability_sign 210 | ( 211 | CK_SESSION_HANDLE hSession, 212 | CK_OBJECT_HANDLE hPrivateKey, 213 | CK_BYTE_PTR pData, 214 | CK_ULONG ulDataLen, 215 | CK_BYTE_PTR *ppSignature, 216 | CK_ULONG_PTR pulSignatureLen 217 | ) 218 | { 219 | CK_RV rv; 220 | CK_MECHANISM mechanism = { 221 | CKM_RSA_PKCS, NULL_PTR, 0 222 | }; 223 | 224 | rv = p11->C_SignInit(hSession, &mechanism, hPrivateKey); 225 | if (rv != CKR_OK) 226 | { 227 | printf("ERROR: Failed to initialize signing. rv=%s\n", rv2string(rv)); 228 | return 1; 229 | } 230 | 231 | *pulSignatureLen = 0; 232 | rv = p11->C_Sign(hSession, pData, ulDataLen, NULL_PTR, pulSignatureLen); 233 | if (rv != CKR_OK) 234 | { 235 | printf("ERROR: Failed to check the size of the signature. rv=%s\n", rv2string(rv)); 236 | return 1; 237 | } 238 | *ppSignature = (CK_BYTE_PTR)malloc(*pulSignatureLen); 239 | 240 | rv = p11->C_Sign(hSession, pData, ulDataLen, *ppSignature, pulSignatureLen); 241 | if (rv != CKR_OK) 242 | { 243 | printf("ERROR: Failed to sign the data. rv=%s\n", rv2string(rv)); 244 | free(*ppSignature); 245 | *ppSignature = NULL; 246 | *pulSignatureLen = 0; 247 | return 1; 248 | } 249 | 250 | return 0; 251 | } 252 | 253 | int testStability_verify 254 | ( 255 | CK_SESSION_HANDLE hSession, 256 | CK_OBJECT_HANDLE hPublicKey, 257 | CK_BYTE_PTR pData, 258 | CK_ULONG ulDataLen, 259 | CK_BYTE_PTR pSignature, 260 | CK_ULONG ulSignatureLen 261 | ) 262 | { 263 | CK_RV rv; 264 | CK_MECHANISM mechanism = { 265 | CKM_RSA_PKCS, NULL_PTR, 0 266 | }; 267 | 268 | rv = p11->C_VerifyInit(hSession, &mechanism, hPublicKey); 269 | if (rv != CKR_OK) 270 | { 271 | printf("ERROR: Failed to initialize verification. rv=%s\n", rv2string(rv)); 272 | return 1; 273 | } 274 | 275 | rv = p11->C_Verify(hSession, pData, ulDataLen, pSignature, ulSignatureLen); 276 | if (rv != CKR_OK) 277 | { 278 | printf("ERROR: Failed to verify signature. rv=%s\n", rv2string(rv)); 279 | return 1; 280 | } 281 | 282 | return 0; 283 | } 284 | -------------------------------------------------------------------------------- /src/stability.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 20 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 22 | * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 24 | * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 25 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | /***************************************************************************** 30 | stability.h 31 | 32 | Functions for stability test 33 | *****************************************************************************/ 34 | 35 | #ifndef _PKCS11_TESTING_STABILITY_H 36 | #define _PKCS11_TESTING_STABILITY_H 37 | 38 | #include "cryptoki.h" 39 | 40 | int testStability(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession, int rollovers, int batchjobs, int signatures, int sleepTime); 41 | 42 | // Internal 43 | int testStability_generate(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE *hPublicKey, CK_OBJECT_HANDLE *hPrivateKey); 44 | int testStability_sign(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPrivateKey, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR *ppSignature, CK_ULONG_PTR pulSignatureLen); 45 | int testStability_verify(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); 46 | 47 | #endif // !_PKCS11_TESTING_STABILITY_H 48 | --------------------------------------------------------------------------------