1 /*
2 * COPYRIGHT (c) International Business Machines Corp. 2006-2017
3 *
4 * This program is provided under the terms of the Common Public License,
5 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
6 * software constitutes recipient's acceptance of CPL-1.0 terms which can be
7 * found in the file LICENSE file or at
8 * https://opensource.org/licenses/cpl1.0.php
9 */
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <memory.h>
15
16 #include "pkcs11types.h"
17 #include "regress.h"
18 #include "aes.h"
19 #include "common.c"
20 #include "mech_to_str.h"
21
22 CK_ULONG key_lens[] = { 16, 24, 32 };
23
24 /* aes-ctr has 3encck+3decck+3encsk+3decsk+3keywrap+1RSA
25 * aes-ecb has 3encck+3decck+3encsk+3decsk+3keywrap+1RSA
26 * aec-cbc has 3encck+3decck+3encsk+3decsk+3keywrap+3encpad+3decpad+
27 * 3keywrappad+2RSA
28 * Note: securekey and clearkey both have 3enc and 3dec, so number
29 * of assertions is the same whether using clearkey or securekey.
30 */
31
do_EncryptDecryptAES(struct generated_test_suite_info * tsuite)32 CK_RV do_EncryptDecryptAES(struct generated_test_suite_info *tsuite)
33 {
34 int i;
35 CK_BYTE original[BIG_REQUEST];
36 CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE];
37 CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE];
38 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
39 CK_ULONG j;
40 CK_ULONG user_pin_len;
41 CK_ULONG orig_len, crypt_len, decrypt_len;
42
43 CK_SESSION_HANDLE session;
44 CK_MECHANISM mechkey, mech;
45 CK_OBJECT_HANDLE h_key;
46 CK_FLAGS flags;
47 CK_RV rc = CKR_OK;
48 CK_SLOT_ID slot_id = SLOT_ID;
49
50 testsuite_begin("%s Encryption/Decryption.", tsuite->name);
51 testcase_rw_session();
52 testcase_user_login();
53
54 /** skip tests if the slot doesn't support this mechanism **/
55 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
56 testsuite_skip(3,
57 "Slot %u doesn't support %s (%u)",
58 (unsigned int) slot_id,
59 mech_to_str(tsuite->mech.mechanism),
60 (unsigned int) tsuite->mech.mechanism);
61 goto testcase_cleanup;
62 }
63
64
65 /** iterate over test key sizes **/
66 for (i = 0; i < 3; i++) {
67
68 testcase_begin("%s Encryption/Decryption with key len=%ld.",
69 tsuite->name, key_lens[i]);
70
71 /** generate key **/
72 mechkey = aes_keygen;
73 rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key);
74
75 if (rc != CKR_OK) {
76 testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
77 goto testcase_cleanup;
78 }
79
80 /** clear buffers **/
81 memset(original, 0, sizeof(original));
82 memset(crypt, 0, sizeof(crypt));
83 memset(decrypt, 0, sizeof(decrypt));
84
85 /** generate data **/
86 orig_len = sizeof(original);
87
88 for (j = 0; j < orig_len; j++)
89 original[j] = j % 255;
90
91 /** set crypto mech **/
92 mech = tsuite->mech;
93
94 /** single encryption **/
95 rc = funcs->C_EncryptInit(session, &mech, h_key);
96 if (rc != CKR_OK) {
97 testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
98 goto error;
99 }
100
101 crypt_len = sizeof(crypt);
102
103 rc = funcs->C_Encrypt(session, original, orig_len, crypt, &crypt_len);
104
105 if (rc != CKR_OK) {
106 testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
107 goto error;
108 }
109
110 /** single decryption **/
111 rc = funcs->C_DecryptInit(session, &mech, h_key);
112 if (rc != CKR_OK) {
113 testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
114 goto error;
115 }
116
117 decrypt_len = sizeof(decrypt);
118
119 rc = funcs->C_Decrypt(session, crypt, crypt_len, decrypt, &decrypt_len);
120
121 if (rc != CKR_OK) {
122 testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
123 goto error;
124 }
125
126 /** compare actual results with expected results **/
127 testcase_new_assertion();
128
129 if (decrypt_len != orig_len) {
130 testcase_fail("decrypted data length does not "
131 "match original data length.\nexpected "
132 "length=%ld, but found length=%ld\n",
133 orig_len, decrypt_len);
134 } else if (memcmp(decrypt, original, orig_len)) {
135 testcase_fail("decrypted data does not match " "original data");
136 } else {
137 testcase_pass("%s Encryption/Decryption with "
138 "key length %ld passed.", tsuite->name, key_lens[i]);
139 }
140
141 /** clean up **/
142 rc = funcs->C_DestroyObject(session, h_key);
143 if (rc != CKR_OK) {
144 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
145 goto testcase_cleanup;
146 }
147 }
148 goto testcase_cleanup;
149
150 error:
151 rc = funcs->C_DestroyObject(session, h_key);
152 if (rc != CKR_OK)
153 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
154
155 testcase_cleanup:
156 testcase_user_logout();
157 rc = funcs->C_CloseAllSessions(slot_id);
158 if (rc != CKR_OK) {
159 testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
160 }
161
162 return rc;
163 }
164
do_EncryptDecryptUpdateAES(struct generated_test_suite_info * tsuite)165 CK_RV do_EncryptDecryptUpdateAES(struct generated_test_suite_info * tsuite)
166 {
167 int i;
168 CK_BYTE original[BIG_REQUEST];
169 CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE];
170 CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE];
171 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
172 CK_ULONG j, k, tmp;
173 CK_ULONG user_pin_len;
174 CK_ULONG orig_len, crypt_len, decrypt_len;
175
176 CK_SLOT_ID slot_id = SLOT_ID;
177 CK_SESSION_HANDLE session;
178 CK_MECHANISM mechkey, mech;
179 CK_OBJECT_HANDLE h_key;
180 CK_FLAGS flags;
181 CK_RV rc = CKR_OK;
182
183 /** begin testsuite **/
184 testsuite_begin("%s Multipart Encryption/Decryption.", tsuite->name);
185 testcase_rw_session();
186 testcase_user_login();
187
188 /** skip test if the slot doesn't support this mechanism **/
189 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
190 testcase_skip("Slot %u doesn't support %s (%u)",
191 (unsigned int) slot_id,
192 mech_to_str(tsuite->mech.mechanism),
193 (unsigned int) tsuite->mech.mechanism);
194 goto testcase_cleanup;
195 }
196
197 /** iterate over key sizes **/
198 for (i = 0; i < 3; i++) {
199
200 testcase_begin("%s Multipart Encryption/Decryption with "
201 "key len=%ld.", tsuite->name, key_lens[i]);
202
203 /** generate key **/
204 mechkey = aes_keygen;
205 rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key);
206
207 if (rc != CKR_OK) {
208 testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
209 goto testcase_cleanup;
210 }
211
212 /** clear buffers **/
213 memset(original, 0, sizeof(original));
214 memset(crypt, 0, sizeof(crypt));
215 memset(decrypt, 0, sizeof(decrypt));
216
217 /** generate data **/
218 orig_len = sizeof(original);
219
220 for (j = 0; j < orig_len; j++)
221 original[j] = j % 255;
222
223 /** set crypto mech **/
224 mech = tsuite->mech;
225
226 /** multipart encryption **/
227 rc = funcs->C_EncryptInit(session, &mech, h_key);
228 if (rc != CKR_OK) {
229 testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
230 goto error;
231 }
232
233 /* Encrypt in place except for CBC_PAD, since it
234 * pads and pkcs padding can make it unclear about what is
235 * output at what stage. (See pkcs11v2.20 Section 11.2)
236 */
237 if (mech.mechanism != CKM_AES_CBC_PAD) {
238
239 memcpy(crypt, original, orig_len);
240 crypt_len = orig_len;
241 k = 0;
242 while (k < orig_len) {
243 rc = funcs->C_EncryptUpdate(session,
244 &crypt[k],
245 AES_BLOCK_SIZE,
246 &crypt[k], &crypt_len);
247 if (rc != CKR_OK) {
248 testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
249 goto error;
250 }
251
252 k += crypt_len; // encrypted amount
253 crypt_len = orig_len - k; // space in out buf
254
255 }
256 } else {
257
258 j = k = 0; // j indexes source buffer
259 // k indexes destination buffer
260 crypt_len = sizeof(crypt);
261
262 while (j < orig_len) {
263 tmp = crypt_len - k; // room left
264 rc = funcs->C_EncryptUpdate(session,
265 &original[j],
266 AES_BLOCK_SIZE, &crypt[k], &tmp);
267 if (rc != CKR_OK) {
268 testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
269 goto error;
270 }
271
272 k += tmp;
273 j += AES_BLOCK_SIZE;
274 }
275
276 crypt_len = sizeof(crypt) - k;
277 }
278
279 rc = funcs->C_EncryptFinal(session, &crypt[k], &crypt_len);
280 if (rc != CKR_OK) {
281 testcase_error("C_EncryptFinal rc=%s", p11_get_ckr(rc));
282 goto error;
283 }
284
285 crypt_len += k;
286
287 /** multipart decryption **/
288 rc = funcs->C_DecryptInit(session, &mech, h_key);
289 if (rc != CKR_OK) {
290 testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
291 goto error;
292 }
293
294 /* decrypt in place. skip for AES_CBC_PAD since it
295 * pads and pkcs padding can make it unclear about what is
296 * output at what stage. (See pkcs11v2.20 Section 11.2)
297 */
298 if (mech.mechanism != CKM_AES_CBC_PAD) {
299
300 memcpy(decrypt, crypt, crypt_len);
301 k = 0;
302 decrypt_len = crypt_len;
303 while (k < crypt_len) {
304 rc = funcs->C_DecryptUpdate(session,
305 &decrypt[k],
306 AES_BLOCK_SIZE,
307 &decrypt[k], &decrypt_len);
308 if (rc != CKR_OK) {
309 testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
310 goto error;
311 }
312
313 k += decrypt_len; // decrypted amount
314 decrypt_len = crypt_len - k; // space in out buf
315 }
316 } else {
317
318 j = k = 0; // j indexes source buffer,
319 // k indexes destination buffer
320 decrypt_len = sizeof(decrypt);
321 while (j < crypt_len) {
322 tmp = decrypt_len - k; // room left in outbuf
323 rc = funcs->C_DecryptUpdate(session,
324 &crypt[j],
325 AES_BLOCK_SIZE, &decrypt[k], &tmp);
326 if (rc != CKR_OK) {
327 testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
328 goto error;
329 }
330 k += tmp;
331 j += AES_BLOCK_SIZE;
332 }
333
334 decrypt_len = sizeof(decrypt) - k;
335 }
336
337 rc = funcs->C_DecryptFinal(session, &decrypt[k], &decrypt_len);
338 if (rc != CKR_OK) {
339 testcase_error("C_DecryptFinal rc=%s", p11_get_ckr(rc));
340 goto error;
341 }
342
343 decrypt_len += k;
344
345 /** compare actual results with expected results **/
346 testcase_new_assertion();
347
348 if (decrypt_len != orig_len) {
349 testcase_fail("decrypted multipart data length does not"
350 " match original data length.\nexpected "
351 "length=%ld, but found length=%ld\n",
352 orig_len, decrypt_len);
353 } else if (memcmp(decrypt, original, orig_len)) {
354 testcase_fail("decrypted multipart data does not match"
355 " original data");
356 } else {
357 testcase_pass("%s Multipart Encryption/Decryption with"
358 " key length %ld passed.", tsuite->name, key_lens[i]);
359 }
360
361 rc = funcs->C_DestroyObject(session, h_key);
362 if (rc != CKR_OK) {
363 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
364 goto testcase_cleanup;
365 }
366 }
367 goto testcase_cleanup;
368
369 error:
370 rc = funcs->C_DestroyObject(session, h_key);
371 if (rc != CKR_OK)
372 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
373
374 testcase_cleanup:
375 testcase_user_logout();
376 rc = funcs->C_CloseAllSessions(slot_id);
377 if (rc != CKR_OK) {
378 testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
379 }
380
381 return rc;
382 }
383
do_EncryptAES(struct published_test_suite_info * tsuite)384 CK_RV do_EncryptAES(struct published_test_suite_info * tsuite)
385 {
386 unsigned int i;
387 CK_BYTE input[BIG_REQUEST]; // cleartext buffer
388 CK_BYTE output[BIG_REQUEST]; // encryption buffer
389 CK_BYTE expected[BIG_REQUEST]; // encrypted data
390 CK_ULONG input_len, output_len, expected_len;
391 CK_ULONG user_pin_len;
392 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
393 CK_SESSION_HANDLE session;
394 CK_MECHANISM mech;
395 CK_OBJECT_HANDLE h_key;
396 CK_RV rc = CKR_OK;
397 CK_FLAGS flags;
398 CK_SLOT_ID slot_id = SLOT_ID;
399 CK_GCM_PARAMS *gcm_param;
400
401 /** begin testsuite **/
402 testsuite_begin("%s Encryption.", tsuite->name);
403 testcase_rw_session();
404 testcase_user_login();
405
406 /** skip test if the slot doesn't support this mechanism **/
407 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
408 testsuite_skip(tsuite->tvcount,
409 "Slot %u doesn't support %s (%u)",
410 (unsigned int) slot_id,
411 mech_to_str(tsuite->mech.mechanism),
412 (unsigned int) tsuite->mech.mechanism);
413 goto testcase_cleanup;
414 }
415
416 for (i = 0; i < tsuite->tvcount; i++) {
417
418 testcase_begin("%s Encryption with published test vector %d.",
419 tsuite->name, i);
420
421 rc = CKR_OK;
422
423 /** create key handle **/
424 rc = create_AESKey(session,
425 tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
426
427 if (rc != CKR_OK) {
428 testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
429 goto error;
430 }
431
432 /** get mech **/
433 mech = tsuite->mech;
434 if (mech.mechanism == CKM_AES_GCM) {
435 gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
436 gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
437 gcm_param->ulIvLen = tsuite->tv[i].ivlen;
438 gcm_param->pAAD = tsuite->tv[i].aad;
439 gcm_param->ulAADLen = tsuite->tv[i].aadlen;
440 gcm_param->ulTagBits = tsuite->tv[i].taglen;
441 }
442
443 /** clear buffers **/
444 memset(expected, 0, sizeof(expected));
445 memset(input, 0, sizeof(input));
446 memset(output, 0, sizeof(output));
447
448 /** get ciphertext (expected results) **/
449 expected_len = tsuite->tv[i].clen;
450 memcpy(expected, tsuite->tv[i].ciphertext, expected_len);
451
452 /** get plaintext **/
453 input_len = tsuite->tv[i].plen;
454 memcpy(input, tsuite->tv[i].plaintext, input_len);
455
456 /** single (in-place) encryption **/
457 rc = funcs->C_EncryptInit(session, &mech, h_key);
458 if (rc != CKR_OK) {
459 testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
460 goto error;
461 }
462
463 rc = funcs->C_Encrypt(session, input, input_len, NULL, &output_len);
464 if (rc != CKR_OK) {
465 testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
466 goto error;
467 }
468
469 rc = funcs->C_Encrypt(session, input, input_len, output, &output_len);
470
471 if (rc != CKR_OK) {
472 testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
473 goto error;
474 }
475
476 /** compare actual results with expected results. **/
477 testcase_new_assertion();
478
479 if (output_len != expected_len) {
480 testcase_fail("encrypted data length does not match "
481 "test vector's encrypted data length.\n\n"
482 "expected length=%ld, but found length=%ld\n",
483 expected_len, output_len);
484 } else if (memcmp(output, expected, expected_len)) {
485 testcase_fail("encrypted data does not match test "
486 "vector's encrypted data");
487 } else {
488 testcase_pass("%s Encryption with test vector %d "
489 "passed.", tsuite->name, i);
490 }
491
492 rc = funcs->C_DestroyObject(session, h_key);
493 if (rc != CKR_OK) {
494 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
495 goto testcase_cleanup;
496 }
497 }
498 goto testcase_cleanup;
499
500 error:
501 rc = funcs->C_DestroyObject(session, h_key);
502 if (rc != CKR_OK)
503 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
504
505 testcase_cleanup:
506 testcase_user_logout();
507 rc = funcs->C_CloseAllSessions(slot_id);
508 if (rc != CKR_OK) {
509 testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
510 }
511
512 return rc;
513 }
514
do_EncryptUpdateAES(struct published_test_suite_info * tsuite)515 CK_RV do_EncryptUpdateAES(struct published_test_suite_info * tsuite)
516 {
517 unsigned int i;
518 CK_BYTE plaintext[BIG_REQUEST];
519 CK_BYTE expected[BIG_REQUEST]; // encrypted data
520 CK_BYTE crypt[BIG_REQUEST];
521 CK_ULONG expected_len, p_len, crypt_len, k;
522 CK_ULONG user_pin_len;
523 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
524 CK_SESSION_HANDLE session;
525 CK_MECHANISM mech;
526 CK_OBJECT_HANDLE h_key;
527 CK_RV rc = CKR_OK;
528 CK_FLAGS flags;
529 CK_SLOT_ID slot_id = SLOT_ID;
530 CK_GCM_PARAMS *gcm_param;
531
532 testsuite_begin("%s Multipart Encryption.", tsuite->name);
533 testcase_rw_session();
534 testcase_user_login();
535
536 /** skip test if the slot doesn't support this mechanism **/
537 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
538 testsuite_skip(tsuite->tvcount,
539 "Slot %u doesn't support %s (%u)",
540 (unsigned int) slot_id,
541 mech_to_str(tsuite->mech.mechanism),
542 (unsigned int) tsuite->mech.mechanism);
543 goto testcase_cleanup;
544 }
545
546 for (i = 0; i < tsuite->tvcount; i++) {
547
548 testcase_begin("%s Multipart Encryption with published test "
549 "vector %d.", tsuite->name, i);
550
551 rc = CKR_OK;
552
553 /** create key handle **/
554 rc = create_AESKey(session,
555 tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
556
557 if (rc != CKR_OK) {
558 testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
559 goto error;
560 }
561
562 /** get mech **/
563 mech = tsuite->mech;
564 if (mech.mechanism == CKM_AES_GCM) {
565 gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
566 gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
567 gcm_param->ulIvLen = tsuite->tv[i].ivlen;
568 gcm_param->pAAD = tsuite->tv[i].aad;
569 gcm_param->ulAADLen = tsuite->tv[i].aadlen;
570 gcm_param->ulTagBits = tsuite->tv[i].taglen;
571 }
572
573 /** clear buffers **/
574 memset(expected, 0, sizeof(expected));
575 memset(plaintext, 0, sizeof(plaintext));
576 memset(crypt, 0, sizeof(crypt));
577
578 /** get ciphertext (expected results) **/
579 expected_len = tsuite->tv[i].clen;
580 memcpy(expected, tsuite->tv[i].ciphertext, expected_len);
581
582 /** get plaintext **/
583 p_len = tsuite->tv[i].plen;
584 memcpy(plaintext, tsuite->tv[i].plaintext, p_len);
585
586 /** multipart encryption **/
587 rc = funcs->C_EncryptInit(session, &mech, h_key);
588 if (rc != CKR_OK) {
589 testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
590 goto error;
591 }
592
593 /* for chunks, -1 is NULL, and 0 is empty string,
594 * and a value > 0 is amount of data from test vector's
595 * plaintext data. This way we test vary-sized chunks.
596 */
597 if (tsuite->tv[i].num_chunks_plain) {
598 int j;
599 CK_ULONG outlen, len;
600 CK_BYTE *data_chunk = NULL;
601
602 k = 0;
603 crypt_len = 0;
604 outlen = sizeof(crypt);
605
606 for (j = 0; j < tsuite->tv[i].num_chunks_plain; j++) {
607 if (tsuite->tv[i].chunks_plain[j] == -1) {
608 len = 0;
609 data_chunk = NULL;
610 } else if (tsuite->tv[i].chunks_plain[j] == 0) {
611 len = 0;
612 data_chunk = (CK_BYTE *) "";
613 } else {
614 len = tsuite->tv[i].chunks_plain[j];
615 data_chunk = plaintext + k;
616 }
617
618 rc = funcs->C_EncryptUpdate(session, data_chunk,
619 len, &crypt[crypt_len], &outlen);
620 if (rc != CKR_OK) {
621 testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
622 goto error;
623 }
624 k += len;
625 crypt_len += outlen;
626 outlen = sizeof(crypt) - crypt_len;
627 }
628 } else {
629 crypt_len = sizeof(crypt);
630 rc = funcs->C_EncryptUpdate(session, plaintext, p_len,
631 crypt, &crypt_len);
632 if (rc != CKR_OK) {
633 testcase_error("C_EncryptUpdate rc=%s", p11_get_ckr(rc));
634 goto error;
635 }
636 }
637
638 k = sizeof(crypt) - crypt_len;
639 rc = funcs->C_EncryptFinal(session, &crypt[crypt_len], &k);
640 if (rc != CKR_OK) {
641 testcase_error("C_EncryptFinal rc=%s", p11_get_ckr(rc));
642 goto error;
643 }
644
645 crypt_len += k;
646
647 /** compare encryption results with expected results. **/
648 testcase_new_assertion();
649
650 if (crypt_len != expected_len) {
651 testcase_fail("encrypted multipart data length does "
652 "not match test vector's encrypted data length."
653 "\n\nexpected length=%ld, but found length=%ld"
654 "\n", expected_len, crypt_len);
655 } else if (memcmp(crypt, expected, expected_len)) {
656 testcase_fail("encrypted multipart data does not match"
657 " test vector's encrypted data.\n");
658 } else {
659 testcase_pass("%s Multipart Encryption with test "
660 "vector %d passed.", tsuite->name, i);
661 }
662
663 rc = funcs->C_DestroyObject(session, h_key);
664 if (rc != CKR_OK) {
665 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
666 goto testcase_cleanup;
667 }
668 }
669 goto testcase_cleanup;
670
671 error:
672 rc = funcs->C_DestroyObject(session, h_key);
673 if (rc != CKR_OK)
674 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
675
676 testcase_cleanup:
677 testcase_user_logout();
678 rc = funcs->C_CloseAllSessions(slot_id);
679 if (rc != CKR_OK) {
680 testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
681 }
682
683 return rc;
684 }
685
do_DecryptAES(struct published_test_suite_info * tsuite)686 CK_RV do_DecryptAES(struct published_test_suite_info * tsuite)
687 {
688 unsigned int i;
689 CK_BYTE input[BIG_REQUEST]; // encrypted buffer
690 CK_BYTE output[BIG_REQUEST]; // decryption buffer
691 CK_BYTE expected[BIG_REQUEST]; // decrypted data
692 CK_ULONG input_len, output_len, expected_len;
693 CK_ULONG user_pin_len;
694 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
695 CK_SESSION_HANDLE session;
696 CK_MECHANISM mech;
697 CK_OBJECT_HANDLE h_key;
698 CK_RV rc = CKR_OK;
699 CK_FLAGS flags;
700 CK_SLOT_ID slot_id = SLOT_ID;
701 CK_GCM_PARAMS *gcm_param;
702
703 testsuite_begin("%s Decryption.", tsuite->name);
704 testcase_rw_session();
705 testcase_user_login();
706
707 /** skip test if the slot doesn't support this mechanism **/
708 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
709 testsuite_skip(tsuite->tvcount,
710 "Slot %u doesn't support %s (%u)",
711 (unsigned int) slot_id,
712 mech_to_str(tsuite->mech.mechanism),
713 (unsigned int) tsuite->mech.mechanism);
714 goto testcase_cleanup;
715 }
716
717 for (i = 0; i < tsuite->tvcount; i++) {
718
719 testcase_begin("%s Decryption with published test vector %d.",
720 tsuite->name, i);
721
722 rc = CKR_OK;
723
724 /** create key handle **/
725 rc = create_AESKey(session,
726 tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
727
728 if (rc != CKR_OK) {
729 testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
730 goto error;
731 }
732
733 /** get mech **/
734 mech = tsuite->mech;
735 if (mech.mechanism == CKM_AES_GCM) {
736 gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
737 gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
738 gcm_param->ulIvLen = tsuite->tv[i].ivlen;
739 gcm_param->pAAD = tsuite->tv[i].aad;
740 gcm_param->ulAADLen = tsuite->tv[i].aadlen;
741 gcm_param->ulTagBits = tsuite->tv[i].taglen;
742 }
743
744 /** clear buffers **/
745 memset(expected, 0, sizeof(expected));
746 memset(input, 0, sizeof(input));
747 memset(output, 0, sizeof(output));
748
749 /** get plaintext (expected results) **/
750 expected_len = tsuite->tv[i].plen;
751 memcpy(expected, tsuite->tv[i].plaintext, expected_len);
752
753 /** get ciphertext **/
754 input_len = tsuite->tv[i].clen;
755 memcpy(input, tsuite->tv[i].ciphertext, input_len);
756
757 /** single (in-place) decryption **/
758 rc = funcs->C_DecryptInit(session, &mech, h_key);
759 if (rc != CKR_OK) {
760 testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
761 goto error;
762 }
763
764 rc = funcs->C_Decrypt(session, input, input_len, NULL, &output_len);
765 if (rc != CKR_OK) {
766 testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
767 goto error;
768 }
769
770 rc = funcs->C_Decrypt(session, input, input_len, output, &output_len);
771 if (rc != CKR_OK) {
772 testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
773 goto error;
774 }
775
776 /** compare actual results with expected results. **/
777 testcase_new_assertion();
778
779 if (output_len != expected_len) {
780 testcase_fail("decrypted data length does not match "
781 "test vector's decrypted data length.\n\n"
782 "expected length=%ld, but found length=%ld\n",
783 expected_len, output_len);
784 } else if (memcmp(output, expected, expected_len)) {
785 testcase_fail("decrypted data does not match test "
786 "vector's decrypted data");
787 } else {
788 testcase_pass("%s Decryption with test vector %d "
789 "passed.", tsuite->name, i);
790 }
791
792 /** clean up **/
793 rc = funcs->C_DestroyObject(session, h_key);
794 if (rc != CKR_OK) {
795 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
796 goto testcase_cleanup;
797 }
798 }
799 goto testcase_cleanup;
800
801 error:
802 rc = funcs->C_DestroyObject(session, h_key);
803 if (rc != CKR_OK)
804 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
805
806 testcase_cleanup:
807 testcase_user_logout();
808 rc = funcs->C_CloseAllSessions(slot_id);
809 if (rc != CKR_OK)
810 testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
811
812 return rc;
813 }
814
do_DecryptUpdateAES(struct published_test_suite_info * tsuite)815 CK_RV do_DecryptUpdateAES(struct published_test_suite_info * tsuite)
816 {
817 unsigned int i;
818 CK_BYTE cipher[BIG_REQUEST];
819 CK_BYTE expected[BIG_REQUEST]; // decrypted data
820 CK_BYTE plaintext[BIG_REQUEST];
821 CK_ULONG cipher_len, expected_len, p_len, k;
822 CK_ULONG user_pin_len;
823 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
824 CK_SESSION_HANDLE session;
825 CK_MECHANISM mech;
826 CK_OBJECT_HANDLE h_key;
827 CK_RV rc = CKR_OK;
828 CK_FLAGS flags;
829 CK_SLOT_ID slot_id = SLOT_ID;
830 CK_GCM_PARAMS *gcm_param;
831
832 testsuite_begin("%s Multipart Decryption.", tsuite->name);
833 testcase_rw_session();
834 testcase_user_login();
835
836 /** skip tests if the slot doesn't support this mechanism **/
837 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
838 testsuite_skip(tsuite->tvcount,
839 "Slot %u doesn't support %s (%u)",
840 (unsigned int) slot_id,
841 mech_to_str(tsuite->mech.mechanism),
842 (unsigned int) tsuite->mech.mechanism);
843 goto testcase_cleanup;
844 }
845
846 for (i = 0; i < tsuite->tvcount; i++) {
847
848 testcase_begin("%s Multipart Decryption with published test "
849 "vector %d.", tsuite->name, i);
850
851 /** create key handle **/
852 rc = create_AESKey(session,
853 tsuite->tv[i].key, tsuite->tv[i].klen, &h_key);
854
855 if (rc != CKR_OK) {
856 testcase_error("C_CreateObject rc=%s", p11_get_ckr(rc));
857 goto error;
858 }
859
860 /** get mech **/
861 mech = tsuite->mech;
862 if (mech.mechanism == CKM_AES_GCM) {
863 gcm_param = ((CK_GCM_PARAMS *) mech.pParameter);
864 gcm_param->pIv = (CK_BYTE *) tsuite->tv[i].iv;
865 gcm_param->ulIvLen = tsuite->tv[i].ivlen;
866 gcm_param->pAAD = tsuite->tv[i].aad;
867 gcm_param->ulAADLen = tsuite->tv[i].aadlen;
868 gcm_param->ulTagBits = tsuite->tv[i].taglen;
869 }
870
871 /** clear buffers **/
872 memset(expected, 0, sizeof(expected));
873 memset(cipher, 0, sizeof(cipher));
874 memset(plaintext, 0, sizeof(plaintext));
875
876 /** get plaintext (expected results) **/
877 expected_len = tsuite->tv[i].plen;
878 memcpy(expected, tsuite->tv[i].plaintext, expected_len);
879
880 p_len = sizeof(plaintext);
881 cipher_len = tsuite->tv[i].clen;
882 memcpy(cipher, tsuite->tv[i].ciphertext, cipher_len);
883
884 /** multipart (in-place) decryption **/
885 rc = funcs->C_DecryptInit(session, &mech, h_key);
886 if (rc != CKR_OK) {
887 testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
888 goto error;
889 }
890
891 /* for chunks, -1 is NULL, and 0 is empty string,
892 * and a value > 0 is amount of data from test vector's
893 * plaintext data. This way we test vary-sized chunks.
894 */
895 if (tsuite->tv[i].num_chunks_ciph) {
896 int j;
897 CK_ULONG outlen, len;
898 CK_BYTE *data_chunk = NULL;
899
900 k = 0;
901 p_len = 0;
902 outlen = sizeof(plaintext);
903 for (j = 0; j < tsuite->tv[i].num_chunks_ciph; j++) {
904 if (tsuite->tv[i].chunks_ciph[j] == -1) {
905 len = 0;
906 data_chunk = NULL;
907 } else if (tsuite->tv[i].chunks_ciph[j] == 0) {
908 len = 0;
909 data_chunk = (CK_BYTE *) "";
910 } else {
911 len = tsuite->tv[i].chunks_ciph[j];
912 data_chunk = cipher + k;
913 }
914
915 rc = funcs->C_DecryptUpdate(session, data_chunk,
916 len, &plaintext[p_len], &outlen);
917 if (rc != CKR_OK) {
918 testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
919 goto error;
920 }
921 k += len;
922 p_len += outlen;
923 outlen = sizeof(plaintext) - p_len;
924 }
925 } else {
926 p_len = sizeof(plaintext);
927 rc = funcs->C_DecryptUpdate(session, cipher, cipher_len,
928 plaintext, &p_len);
929 if (rc != CKR_OK) {
930 testcase_error("C_DecryptUpdate rc=%s", p11_get_ckr(rc));
931 goto error;
932 }
933 }
934
935 k = sizeof(plaintext) - p_len;
936 rc = funcs->C_DecryptFinal(session, &plaintext[p_len], &k);
937 if (rc != CKR_OK) {
938 testcase_error("C_DecryptFinal rc=%s", p11_get_ckr(rc));
939 goto error;
940 }
941 p_len += k; /* add possible last part to overall length */
942
943 /** compare decryption results with expected results. **/
944 testcase_new_assertion();
945
946 if (p_len != expected_len) {
947 testcase_fail("decrypted multipart data length does "
948 "not match test vector's decrypted data "
949 "length.\n\nexpected length=%ld, but found "
950 "length=%ld\n", expected_len, p_len);
951 } else if (memcmp(plaintext, expected, expected_len)) {
952 testcase_fail("decrypted multipart data does not match"
953 " test vector's decrypted data.\n");
954 } else {
955 testcase_pass("%s Multipart Decryption with test "
956 "vector %d passed.", tsuite->name, i);
957 }
958
959 rc = funcs->C_DestroyObject(session, h_key);
960 if (rc != CKR_OK) {
961 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
962 goto testcase_cleanup;
963 }
964 }
965 goto testcase_cleanup;
966 error:
967 rc = funcs->C_DestroyObject(session, h_key);
968 if (rc != CKR_OK)
969 testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc));
970
971 testcase_cleanup:
972 testcase_user_logout();
973 rc = funcs->C_CloseAllSessions(slot_id);
974 if (rc != CKR_OK)
975 testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
976
977 return rc;
978 }
979
do_WrapUnwrapAES(struct generated_test_suite_info * tsuite)980 CK_RV do_WrapUnwrapAES(struct generated_test_suite_info * tsuite)
981 {
982 unsigned int i, j;
983 CK_BYTE original[BIG_REQUEST + AES_BLOCK_SIZE];
984 CK_BYTE crypt[BIG_REQUEST + AES_BLOCK_SIZE];
985 CK_BYTE decrypt[BIG_REQUEST + AES_BLOCK_SIZE];
986 CK_BYTE_PTR wrapped_data = NULL;
987 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
988 CK_SESSION_HANDLE session;
989 CK_MECHANISM mechkey, mech;
990 CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE;
991 CK_OBJECT_HANDLE w_key = CK_INVALID_HANDLE;
992 CK_OBJECT_HANDLE uw_key = CK_INVALID_HANDLE;
993 CK_ULONG wrapped_data_len = 0;
994 CK_ULONG user_pin_len;
995 CK_ULONG orig_len, crypt_len, decrypt_len;
996 CK_ULONG tmpl_count = 3;
997 CK_ULONG key_size;
998 CK_FLAGS flags;
999 CK_RV rc = CKR_OK;
1000 CK_SLOT_ID slot_id = SLOT_ID;
1001 CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
1002 CK_KEY_TYPE key_type = CKK_AES;
1003 CK_ATTRIBUTE template[] = {
1004 {CKA_CLASS, &key_class, sizeof(key_class)}
1005 ,
1006 {CKA_KEY_TYPE, &key_type, sizeof(key_type)}
1007 ,
1008 {CKA_VALUE_LEN, &key_size, sizeof(key_size)}
1009 };
1010
1011 testsuite_begin("%s Wrap/Unwrap.", tsuite->name);
1012 testcase_rw_session();
1013 testcase_user_login();
1014
1015 /** skip test if the slot doesn't support this mechanism **/
1016 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
1017 testsuite_skip(3,
1018 "Slot %u doesn't support %s (%u)",
1019 (unsigned int) slot_id,
1020 mech_to_str(tsuite->mech.mechanism),
1021 (unsigned int) tsuite->mech.mechanism);
1022 goto testcase_cleanup;
1023 }
1024
1025 if (!wrap_supported(slot_id, tsuite->mech)) {
1026 testsuite_skip(3, "Slot %u doesn't support %s (%u)",
1027 (unsigned int) slot_id,
1028 mech_to_str(tsuite->mech.mechanism),
1029 (unsigned int) tsuite->mech.mechanism);
1030 goto testcase_cleanup;
1031 }
1032
1033 /* key sizes must be a multiple of AES block size in order to be passed
1034 in as data. Recall AES expects data in multiple of AES block size.
1035 */
1036 for (i = 0; i < 3; i++) {
1037
1038 if (key_lens[i] % AES_BLOCK_SIZE != 0)
1039 continue;
1040
1041 testcase_begin("%s Wrap/Unwrap key test with keylength=%ld.",
1042 tsuite->name, key_lens[i]);
1043
1044 /** set mechanisms **/
1045 mech = tsuite->mech;
1046 mechkey = aes_keygen;
1047
1048 /** set key_size **/
1049 key_size = key_lens[i];
1050
1051 /** clear buffers **/
1052 memset(original, 0, sizeof(original));
1053 memset(crypt, 0, sizeof(crypt));
1054 memset(decrypt, 0, sizeof(decrypt));
1055
1056 /** generate crypto key **/
1057 rc = generate_AESKey(session, key_lens[i], &mechkey, &h_key);
1058 if (rc != CKR_OK) {
1059 testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
1060 goto error;
1061 }
1062
1063 /** generate wrapping key **/
1064 rc = generate_AESKey(session, key_lens[i], &mechkey, &w_key);
1065 if (rc != CKR_OK) {
1066 testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
1067 goto error;
1068 }
1069
1070 /** generate data **/
1071 orig_len = BIG_REQUEST;
1072 crypt_len = BIG_REQUEST + AES_BLOCK_SIZE;
1073 decrypt_len = BIG_REQUEST + AES_BLOCK_SIZE;
1074 for (j = 0; j < orig_len; j++) {
1075 original[j] = j % 255;
1076 }
1077
1078 /** initiate the encrypt **/
1079 rc = funcs->C_EncryptInit(session, &mech, h_key);
1080 if (rc != CKR_OK) {
1081 testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
1082 goto error;
1083 }
1084
1085 /** continue with encrypt **/
1086 rc = funcs->C_Encrypt(session, original, orig_len, crypt, &crypt_len);
1087
1088 if (rc != CKR_OK) {
1089 testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
1090 goto error;
1091 }
1092
1093 /** wrap key **/
1094 rc = funcs->C_WrapKey(session,
1095 &mech, w_key, h_key, NULL, &wrapped_data_len);
1096
1097 if (rc != CKR_OK) {
1098 testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
1099 goto error;
1100 }
1101
1102 wrapped_data = malloc(wrapped_data_len);
1103 if (wrapped_data == NULL) {
1104 testcase_error("malloc failed");
1105 goto error;
1106 }
1107 memset(wrapped_data, 0, wrapped_data_len);
1108 rc = funcs->C_WrapKey(session, &mech, w_key, h_key, wrapped_data,
1109 &wrapped_data_len);
1110 if (rc != CKR_OK) {
1111 testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
1112 goto error;
1113 }
1114
1115 /** unwrap key **/
1116 rc = funcs->C_UnwrapKey(session,
1117 &mech,
1118 w_key,
1119 wrapped_data,
1120 wrapped_data_len,
1121 template, tmpl_count, &uw_key);
1122
1123 if (rc != CKR_OK) {
1124 testcase_error("C_UnwrapKey rc=%s", p11_get_ckr(rc));
1125 goto error;
1126 }
1127
1128 if (wrapped_data) {
1129 free(wrapped_data);
1130 wrapped_data = NULL;
1131 }
1132
1133 /** initiate decryption (with unwrapped key) **/
1134 rc = funcs->C_DecryptInit(session, &mech, uw_key);
1135 if (rc != CKR_OK) {
1136 testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
1137 goto error;
1138 }
1139
1140 /** do decryption (with the unwrapped key) **/
1141 rc = funcs->C_Decrypt(session, crypt, crypt_len, decrypt, &decrypt_len);
1142
1143 if (rc != CKR_OK) {
1144 testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
1145 goto error;
1146 }
1147
1148 /** compare actual results with expected results **/
1149 testcase_new_assertion();
1150
1151 if (decrypt_len != orig_len) {
1152 testcase_fail("Decrypted length doesn't match the "
1153 "original plaintext length.");
1154 rc = CKR_GENERAL_ERROR;
1155 } else if (memcmp(decrypt, original, orig_len)) {
1156 testcase_fail("Decrypted data does not match original "
1157 "plaintext data.");
1158 rc = CKR_GENERAL_ERROR;
1159 } else {
1160 testcase_pass("%s Wrap/UnWrap test with key length "
1161 "%u passed.", tsuite->name,
1162 (unsigned int) key_lens[i]);
1163 }
1164 /** clean up **/
1165 rc = funcs->C_DestroyObject(session, h_key);
1166 if (rc != CKR_OK) {
1167 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
1168 }
1169 h_key = CK_INVALID_HANDLE;
1170
1171 rc = funcs->C_DestroyObject(session, w_key);
1172 if (rc != CKR_OK) {
1173 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
1174 }
1175 w_key = CK_INVALID_HANDLE;
1176
1177 rc = funcs->C_DestroyObject(session, uw_key);
1178 if (rc != CKR_OK) {
1179 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
1180 }
1181 uw_key = CK_INVALID_HANDLE;
1182 }
1183 goto testcase_cleanup;
1184 error:
1185 if (wrapped_data)
1186 free(wrapped_data);
1187
1188 if (h_key != CK_INVALID_HANDLE) {
1189 rc = funcs->C_DestroyObject(session, h_key);
1190 if (rc != CKR_OK) {
1191 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
1192 }
1193 }
1194
1195 if (w_key != CK_INVALID_HANDLE) {
1196 rc = funcs->C_DestroyObject(session, w_key);
1197 if (rc != CKR_OK) {
1198 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
1199 }
1200 }
1201
1202 if (uw_key != CK_INVALID_HANDLE) {
1203 rc = funcs->C_DestroyObject(session, uw_key);
1204 if (rc != CKR_OK) {
1205 testcase_error("C_DestroyObject rc=%s.", p11_get_ckr(rc));
1206 }
1207 }
1208 goto testcase_cleanup;
1209
1210 testcase_cleanup:
1211 rc = funcs->C_CloseAllSessions(slot_id);
1212 if (rc != CKR_OK) {
1213 testcase_error("C_CloseAllSessions rc=%s", p11_get_ckr(rc));
1214 }
1215
1216 return rc;
1217 }
1218
do_WrapUnwrapRSA(struct generated_test_suite_info * tsuite)1219 CK_RV do_WrapUnwrapRSA(struct generated_test_suite_info * tsuite)
1220 {
1221 unsigned int i;
1222 CK_BYTE original[BIG_REQUEST];
1223 CK_BYTE decipher[BIG_REQUEST + AES_BLOCK_SIZE];
1224 CK_BYTE cipher[BIG_REQUEST + AES_BLOCK_SIZE];
1225 CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE];
1226 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
1227 CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 };
1228 CK_MECHANISM mech, mech2;
1229 CK_MECHANISM_INFO mech_info;
1230 CK_OBJECT_HANDLE publ_key, priv_key, w_key, uw_key;
1231 CK_ULONG orig_len, cipher_len, decipher_len;
1232 CK_ULONG bits = 1024;
1233 CK_ULONG wrapped_data_len;
1234 CK_ULONG user_pin_len;
1235 CK_ULONG key_size;
1236 CK_RV rc = CKR_OK;
1237 CK_FLAGS flags;
1238 CK_SESSION_HANDLE session;
1239 CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
1240 CK_KEY_TYPE keytype = CKK_RSA;
1241 CK_SLOT_ID slot_id = SLOT_ID;
1242
1243 CK_ATTRIBUTE pub_tmpl[] = {
1244 {CKA_MODULUS_BITS, &bits, sizeof(bits)}
1245 ,
1246 {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp)}
1247 };
1248 CK_ATTRIBUTE uw_tmpl[] = {
1249 {CKA_CLASS, &keyclass, sizeof(keyclass)}
1250 ,
1251 {CKA_KEY_TYPE, &keytype, sizeof(keytype)}
1252 };
1253 CK_ATTRIBUTE key_gen_tmpl[] = {
1254 {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG)}
1255 };
1256
1257 testsuite_begin("%s wrap/unwrap of RSA key.", tsuite->name);
1258 testcase_rw_session();
1259 testcase_user_login();
1260
1261 /** skip AES_EBC/AES_CBC (only supported for symmetric keys) **/
1262 if ((tsuite->mech.mechanism == CKM_AES_ECB) ||
1263 (tsuite->mech.mechanism == CKM_AES_CBC)) {
1264 testcase_skip
1265 ("Mechanism %s (%u) not supported to wrap/unwrap asymmetric Keys",
1266 mech_to_str(tsuite->mech.mechanism),
1267 (unsigned int) tsuite->mech.mechanism);
1268 goto testcase_cleanup;
1269 }
1270
1271 /** skip test if the slot doesn't support this mechanism **/
1272 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
1273 testsuite_skip(3,
1274 "Slot %u doesn't support %s (%u)",
1275 (unsigned int) slot_id,
1276 mech_to_str(tsuite->mech.mechanism),
1277 (unsigned int) tsuite->mech.mechanism);
1278 goto testcase_cleanup;
1279 }
1280
1281 for (i = 0; i < 3; i++) {
1282
1283 testcase_begin("%s wrap/unwrap of RSA key for key length=%ld.",
1284 tsuite->name, key_lens[i]);
1285
1286 key_size = key_lens[i];
1287
1288 /** first mechanism generate AES wrapping key **/
1289 mech.mechanism = CKM_AES_KEY_GEN;
1290 mech.ulParameterLen = 0;
1291 mech.pParameter = NULL;
1292
1293 /** mechanism to generate an RSA key pair to be wrapped **/
1294 mech2.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
1295 mech2.ulParameterLen = 0;
1296 mech2.pParameter = NULL;
1297
1298 /** generate an RSA key pair. **/
1299 rc = funcs->C_GenerateKeyPair(session,
1300 &mech2,
1301 pub_tmpl,
1302 2, NULL, 0, &publ_key, &priv_key);
1303
1304 if (rc != CKR_OK) {
1305 testcase_error("C_GenerateKeyPair rc=%s", p11_get_ckr(rc));
1306 goto testcase_cleanup;
1307 }
1308
1309 /** generate the wrapping key **/
1310 rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key);
1311
1312 if (rc != CKR_OK) {
1313 testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
1314 goto testcase_cleanup;
1315 }
1316
1317 /** set the mech for AES crypto **/
1318 mech = tsuite->mech;
1319
1320 /** wrap the key **/
1321 wrapped_data_len = sizeof(wrapped_data);
1322
1323 /** get mech info **/
1324 rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
1325
1326 if (rc != CKR_OK) {
1327 testcase_error("C_GetMechanismInfo rc=%s", p11_get_ckr(rc));
1328 goto testcase_cleanup;
1329 }
1330
1331 /** key is wrappable **/
1332 if (mech_info.flags & CKF_WRAP) {
1333 /** wrap key **/
1334 rc = funcs->C_WrapKey(session,
1335 &mech,
1336 w_key,
1337 priv_key, wrapped_data, &wrapped_data_len);
1338
1339 if (rc != CKR_OK) {
1340 testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
1341 goto testcase_cleanup;
1342 }
1343
1344 /** unwrap key **/
1345 rc = funcs->C_UnwrapKey(session,
1346 &mech,
1347 w_key,
1348 wrapped_data,
1349 wrapped_data_len, uw_tmpl, 2, &uw_key);
1350
1351 if (rc != CKR_OK) {
1352 testcase_error("C_UnWrapKey rc=%s", p11_get_ckr(rc));
1353 goto testcase_cleanup;
1354 }
1355
1356 /** generate data **/
1357 orig_len = 30;
1358 for (i = 0; i < orig_len; i++)
1359 original[i] = i % 255;
1360
1361 /** set mech2 for RSA crypto **/
1362 mech2.mechanism = CKM_RSA_PKCS;
1363 mech2.ulParameterLen = 0;
1364 mech2.pParameter = NULL;
1365
1366 /** initialize RSA encryption (with public key) **/
1367 rc = funcs->C_EncryptInit(session, &mech2, publ_key);
1368 if (rc != CKR_OK) {
1369 testcase_error("C_EncryptInit rc=%s", p11_get_ckr(rc));
1370 goto testcase_cleanup;
1371 }
1372
1373 cipher_len = sizeof(cipher); // set cipher buffer size
1374
1375 /** do RSA encryption (with public key) **/
1376 rc = funcs->C_Encrypt(session,
1377 original, orig_len, cipher, &cipher_len);
1378
1379 if (rc != CKR_OK) {
1380 testcase_error("C_Encrypt rc=%s", p11_get_ckr(rc));
1381 goto testcase_cleanup;
1382 }
1383
1384 /** initialize RSA decryption
1385 (with unwrapped private key) **/
1386 rc = funcs->C_DecryptInit(session, &mech2, uw_key);
1387 if (rc != CKR_OK) {
1388 testcase_error("C_DecryptInit rc=%s", p11_get_ckr(rc));
1389 goto testcase_cleanup;
1390 }
1391
1392 decipher_len = sizeof(decipher);
1393
1394 /** do RSA decryption (with unwrapped private key) **/
1395 rc = funcs->C_Decrypt(session,
1396 cipher, cipher_len, decipher, &decipher_len);
1397
1398 if (rc != CKR_OK) {
1399 testcase_error("C_Decrypt rc=%s", p11_get_ckr(rc));
1400 goto testcase_cleanup;
1401 }
1402
1403 /** compare actual results with expected results **/
1404 testcase_new_assertion();
1405 if (orig_len != decipher_len) {
1406 testcase_fail("lengths don't match: "
1407 "%ld vs %ld\n", orig_len, decipher_len);
1408 rc = CKR_GENERAL_ERROR;
1409 } else if (memcmp(original, decipher, orig_len)) {
1410 testcase_fail("deciphered data does not match"
1411 " original data");
1412 rc = CKR_GENERAL_ERROR;
1413 } else {
1414 testcase_pass("%s passed wrap/unwrap RSA key "
1415 "test.", tsuite->name);
1416 }
1417
1418
1419 } else { /** key is not wrappable **/
1420 testcase_new_assertion();
1421
1422 /** try to wrap key **/
1423 rc = funcs->C_WrapKey(session,
1424 &mech,
1425 w_key,
1426 priv_key, wrapped_data, &wrapped_data_len);
1427 if (rc != CKR_MECHANISM_INVALID && rc != CKR_KEY_NOT_WRAPPABLE) {
1428 testcase_fail("Expected CKR_MECHANISM_INVALID or "
1429 "CKR_KEY_NOT_WRAPPABLE, but got %s",
1430 p11_get_ckr(rc));
1431 } else {
1432 testcase_pass("%s passed wrap/unwrap RSA key "
1433 "test.", tsuite->name);
1434 }
1435 }
1436 }
1437
1438 testcase_cleanup:
1439 testcase_close_session();
1440
1441 return rc;
1442 }
1443
do_WrapRSA_Err(struct generated_test_suite_info * tsuite)1444 CK_RV do_WrapRSA_Err(struct generated_test_suite_info * tsuite)
1445 {
1446 unsigned int i;
1447 CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE];
1448 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN];
1449 CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 };
1450 CK_MECHANISM mech, mech2;
1451 CK_MECHANISM_INFO mech_info;
1452 CK_OBJECT_HANDLE publ_key, priv_key, w_key;
1453 CK_ULONG bits = 1024;
1454 CK_ULONG wrapped_data_len, user_pin_len, key_size;
1455 CK_RV rc = CKR_OK;
1456 CK_FLAGS flags;
1457 CK_SESSION_HANDLE session;
1458 CK_SLOT_ID slot_id = SLOT_ID;
1459
1460 CK_ATTRIBUTE pub_tmpl[] = {
1461 {CKA_MODULUS_BITS, &bits, sizeof(bits)}
1462 ,
1463 {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp)}
1464 };
1465 CK_ATTRIBUTE key_gen_tmpl[] = {
1466 {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG)}
1467 };
1468
1469 testsuite_begin("%s wrap/unwrap of RSA key.", tsuite->name);
1470 testcase_rw_session();
1471 testcase_user_login();
1472
1473 /** skip test if the slot doesn't support this mechanism **/
1474 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
1475 testsuite_skip(3, "Slot %u doesn't support %s (%u)",
1476 (unsigned int) slot_id,
1477 mech_to_str(tsuite->mech.mechanism),
1478 (unsigned int) tsuite->mech.mechanism);
1479 goto testcase_cleanup;
1480 }
1481
1482 for (i = 0; i < 3; i++) {
1483
1484 testcase_begin("%s wrap/unwrap of RSA key for key length=%ld.",
1485 tsuite->name, key_lens[i]);
1486
1487 key_size = key_lens[i];
1488
1489 /** first mechanism generate AES wrapping key **/
1490 mech.mechanism = CKM_AES_KEY_GEN;
1491 mech.ulParameterLen = 0;
1492 mech.pParameter = NULL;
1493
1494 /** mechanism to generate an RSA key pair to be wrapped **/
1495 mech2.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
1496 mech2.ulParameterLen = 0;
1497 mech2.pParameter = NULL;
1498
1499 /** generate an RSA key pair. **/
1500 rc = funcs->C_GenerateKeyPair(session, &mech2, pub_tmpl, 2, NULL,
1501 0, &publ_key, &priv_key);
1502 if (rc != CKR_OK) {
1503 testcase_error("C_GenerateKeyPair rc=%s", p11_get_ckr(rc));
1504 goto testcase_cleanup;
1505 }
1506
1507 /** generate the wrapping key **/
1508 rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key);
1509 if (rc != CKR_OK) {
1510 testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
1511 goto testcase_cleanup;
1512 }
1513
1514 /** set the mech for AES crypto **/
1515 mech = tsuite->mech;
1516
1517 /** wrap the key **/
1518 wrapped_data_len = sizeof(wrapped_data);
1519
1520 /** get mech info **/
1521 rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
1522
1523 if (rc != CKR_OK) {
1524 testcase_error("C_GetMechanismInfo rc=%s", p11_get_ckr(rc));
1525 goto testcase_cleanup;
1526 }
1527
1528 /** key is wrappable **/
1529 if (mech_info.flags & CKF_WRAP) {
1530
1531 testcase_new_assertion();
1532
1533 /** wrap key **/
1534 rc = funcs->C_WrapKey(session, &mech, w_key, priv_key,
1535 wrapped_data, &wrapped_data_len);
1536
1537 /* Expect dedicated error code here, since it's not allowed
1538 * to unwrap non secret keys with AES_ECB/AES_CBC */
1539 if (rc != CKR_KEY_NOT_WRAPPABLE) {
1540 testcase_error("Expected C_WrapKey rc=%s, but returned rc=%s",
1541 p11_get_ckr(CKR_KEY_NOT_WRAPPABLE),
1542 p11_get_ckr(rc));
1543 goto testcase_cleanup;
1544 } else {
1545 testcase_pass("%s passed wrap RSA key test.", tsuite->name);
1546 }
1547 } else {
1548 /** key is not wrappable **/
1549 testcase_new_assertion();
1550
1551 /** try to wrap key **/
1552 rc = funcs->C_WrapKey(session, &mech, w_key, priv_key,
1553 wrapped_data, &wrapped_data_len);
1554 if (rc != CKR_MECHANISM_INVALID && rc != CKR_KEY_NOT_WRAPPABLE)
1555 testcase_fail("Expected CKR_MECHANISM_INVALID or "
1556 "CKR_KEY_NOT_WRAPPABLE, but got %s",
1557 p11_get_ckr(rc));
1558 else
1559 testcase_pass("%s passed wrap/unwrap RSA key test.",
1560 tsuite->name);
1561 }
1562 }
1563
1564 testcase_cleanup:
1565 testcase_close_session();
1566
1567 return rc;
1568 }
1569
1570
1571
do_UnwrapRSA_Err(struct generated_test_suite_info * tsuite)1572 CK_RV do_UnwrapRSA_Err(struct generated_test_suite_info * tsuite)
1573 {
1574 unsigned int i;
1575 CK_BYTE wrapped_data[BIG_REQUEST + AES_BLOCK_SIZE] = {0};
1576 CK_BYTE user_pin[PKCS11_MAX_PIN_LEN] = {0};
1577 CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01 };
1578 CK_MECHANISM mech, mech1, mech2;
1579 CK_MECHANISM_INFO mech_info;
1580 CK_OBJECT_HANDLE publ_key = CK_INVALID_HANDLE,
1581 priv_key = CK_INVALID_HANDLE, w_key = CK_INVALID_HANDLE,
1582 uw_key = CK_INVALID_HANDLE;
1583 CK_ULONG bits = 1024;
1584 CK_ULONG wrapped_data_len = 0, user_pin_len = 0, key_size = 0;
1585 CK_RV rc = CKR_OK;
1586 CK_FLAGS flags = 0;
1587 CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
1588 CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
1589 CK_KEY_TYPE keytype = CKK_RSA;
1590 CK_SLOT_ID slot_id = SLOT_ID;
1591
1592 memset(&mech, 0, sizeof(mech));
1593 memset(&mech1, 0, sizeof(mech1));
1594 memset(&mech2, 0, sizeof(mech2));
1595 memset(&mech_info, 0, sizeof(mech_info));
1596
1597 CK_ATTRIBUTE pub_tmpl[] = {
1598 {CKA_MODULUS_BITS, &bits, sizeof(bits)}
1599 ,
1600 {CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp)}
1601 };
1602 CK_ATTRIBUTE uw_tmpl[] = {
1603 {CKA_CLASS, &keyclass, sizeof(keyclass)}
1604 ,
1605 {CKA_KEY_TYPE, &keytype, sizeof(keytype)}
1606 };
1607 CK_ATTRIBUTE key_gen_tmpl[] = {
1608 {CKA_VALUE_LEN, &key_size, sizeof(CK_ULONG)}
1609 };
1610
1611 testsuite_begin("%s wrap/unwrap of RSA key.", tsuite->name);
1612 testcase_rw_session();
1613 testcase_user_login();
1614
1615 /** skip test if the slot doesn't support this mechanism **/
1616 if (!mech_supported(slot_id, tsuite->mech.mechanism)) {
1617 testsuite_skip(3,
1618 "Slot %u doesn't support %s (%u)",
1619 (unsigned int) slot_id,
1620 mech_to_str(tsuite->mech.mechanism),
1621 (unsigned int) tsuite->mech.mechanism);
1622 goto testcase_cleanup;
1623 }
1624
1625 for (i = 0; i < 3; i++) {
1626
1627 testcase_begin("%s wrap/unwrap of RSA key for key length=%ld.",
1628 tsuite->name, key_lens[i]);
1629
1630 key_size = key_lens[i];
1631
1632 /** first mechanism generate AES wrapping key **/
1633 mech.mechanism = CKM_AES_KEY_GEN;
1634 mech.ulParameterLen = 0;
1635 mech.pParameter = NULL;
1636
1637 /** mechanism to generate an RSA key pair to be wrapped **/
1638 mech2.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
1639 mech2.ulParameterLen = 0;
1640 mech2.pParameter = NULL;
1641
1642 /** generate an RSA key pair. **/
1643 rc = funcs->C_GenerateKeyPair(session, &mech2, pub_tmpl, 2, NULL,
1644 0, &publ_key, &priv_key);
1645 if (rc != CKR_OK) {
1646 testcase_error("C_GenerateKeyPair rc=%s", p11_get_ckr(rc));
1647 goto testcase_cleanup;
1648 }
1649
1650 /** generate the wrapping key **/
1651 rc = funcs->C_GenerateKey(session, &mech, key_gen_tmpl, 1, &w_key);
1652 if (rc != CKR_OK) {
1653 testcase_error("C_GenerateKey rc=%s", p11_get_ckr(rc));
1654 goto testcase_cleanup;
1655 }
1656
1657 /** set the mech for AES crypto **/
1658 mech = tsuite->mech;
1659
1660 /** wrap the key **/
1661 wrapped_data_len = sizeof(wrapped_data);
1662
1663 /** get mech info **/
1664 rc = funcs->C_GetMechanismInfo(slot_id, mech.mechanism, &mech_info);
1665 if (rc != CKR_OK) {
1666 testcase_error("C_GetMechanismInfo rc=%s", p11_get_ckr(rc));
1667 goto testcase_cleanup;
1668 }
1669
1670 /** key is wrappable **/
1671 if (mech_info.flags & CKF_UNWRAP) {
1672
1673 /** mechanism for wrapping the key **/
1674 mech1.mechanism = CKM_AES_CBC_PAD;
1675 mech1.ulParameterLen = AES_IV_SIZE;
1676 mech1.pParameter = &aes_iv;
1677
1678 /** wrap key **/
1679 rc = funcs->C_WrapKey(session, &mech1, w_key, priv_key,
1680 wrapped_data, &wrapped_data_len);
1681 if (rc != CKR_OK) {
1682 testcase_error("C_WrapKey rc=%s", p11_get_ckr(rc));
1683 goto testcase_cleanup;
1684 }
1685
1686 testcase_new_assertion();
1687
1688 /** unwrap key **/
1689 rc = funcs->C_UnwrapKey(session, &mech, w_key, wrapped_data,
1690 wrapped_data_len, uw_tmpl, 2, &uw_key);
1691 /* Expect dedicated error code here, since it's not allowed
1692 * to unwrap non secret keys with AES_ECB/AES_CBC */
1693 if (rc != CKR_ARGUMENTS_BAD) {
1694 testcase_error("Expected C_UnWrapKey rc=%s, but returned rc=%s",
1695 p11_get_ckr(CKR_ARGUMENTS_BAD), p11_get_ckr(rc));
1696 goto testcase_cleanup;
1697 }
1698 testcase_pass("%s passed unwrap RSA key test.", tsuite->name);
1699 } else {
1700 /** key is not wrappable **/
1701 testcase_new_assertion();
1702
1703 /** try to wrap key **/
1704 rc = funcs->C_WrapKey(session, &mech, w_key, priv_key,
1705 wrapped_data, &wrapped_data_len);
1706 if (rc != CKR_MECHANISM_INVALID && rc != CKR_KEY_NOT_WRAPPABLE) {
1707 testcase_fail("Expected CKR_MECHANISM_INVALID or "
1708 "CKR_KEY_NOT_WRAPPABLE, but got %s",
1709 p11_get_ckr(rc));
1710 } else {
1711 testcase_pass("%s passed unwrap RSA key test.", tsuite->name);
1712 }
1713 }
1714 }
1715
1716 testcase_cleanup:
1717 testcase_close_session();
1718
1719 return rc;
1720 }
1721
aes_funcs()1722 CK_RV aes_funcs()
1723 {
1724 unsigned int i;
1725 CK_RV rv = CKR_OK;
1726
1727 for (i = 0; i < NUM_OF_PUBLISHED_TESTSUITES; i++) {
1728 rv = do_EncryptAES(&published_test_suites[i]);
1729 if (rv != CKR_OK && (!no_stop))
1730 break;
1731
1732 rv = do_DecryptAES(&published_test_suites[i]);
1733 if (rv != CKR_OK && (!no_stop))
1734 break;
1735
1736 rv = do_EncryptUpdateAES(&published_test_suites[i]);
1737 if (rv != CKR_OK && (!no_stop))
1738 break;
1739
1740 rv = do_DecryptUpdateAES(&published_test_suites[i]);
1741 if (rv != CKR_OK && (!no_stop))
1742 break;
1743
1744 }
1745
1746 for (i = 0; i < NUM_OF_GENERATED_TESTSUITES; i++) {
1747 rv = do_EncryptDecryptAES(&generated_test_suites[i]);
1748 if (rv != CKR_OK && (!no_stop))
1749 break;
1750
1751 rv = do_EncryptDecryptUpdateAES(&generated_test_suites[i]);
1752 if (rv != CKR_OK && (!no_stop))
1753 break;
1754
1755 rv = do_WrapUnwrapAES(&generated_test_suites[i]);
1756 if (rv != CKR_OK && (!no_stop))
1757 break;
1758
1759 rv = do_WrapUnwrapRSA(&generated_test_suites[i]);
1760 if (rv != CKR_OK && (!no_stop))
1761 break;
1762 }
1763
1764 /***** Error scenarios *****/
1765 for (i = 0; i < NUM_OF_GENERATED_ERR_TESTSUITES; i++) {
1766 rv = do_WrapRSA_Err(&generated_err_test_suites[i]);
1767 if (rv != CKR_OK && (!no_stop))
1768 break;
1769
1770 rv = do_UnwrapRSA_Err(&generated_err_test_suites[i]);
1771 if (rv != CKR_OK && (!no_stop))
1772 break;
1773 }
1774
1775 return rv;
1776 }
1777
main(int argc,char ** argv)1778 int main(int argc, char **argv)
1779 {
1780 int rc;
1781 CK_C_INITIALIZE_ARGS cinit_args;
1782 CK_RV rv = 0;
1783
1784 rc = do_ParseArgs(argc, argv);
1785 if (rc != 1)
1786 return rc;
1787
1788 printf("Using slot #%lu...\n\n", SLOT_ID);
1789 printf("With option: nostop: %d\n", no_stop);
1790
1791 rc = do_GetFunctionList();
1792 if (!rc) {
1793 testcase_error("do_getFunctionList(), rc=%s", p11_get_ckr(rc));
1794 return rc;
1795 }
1796
1797 memset(&cinit_args, 0x0, sizeof(cinit_args));
1798 cinit_args.flags = CKF_OS_LOCKING_OK;
1799
1800 // SAB Add calls to ALL functions before the C_Initialize gets hit
1801
1802 funcs->C_Initialize(&cinit_args);
1803
1804 {
1805 CK_SESSION_HANDLE hsess = 0;
1806
1807 rc = funcs->C_GetFunctionStatus(hsess);
1808 if (rc != CKR_FUNCTION_NOT_PARALLEL)
1809 return rc;
1810
1811 rc = funcs->C_CancelFunction(hsess);
1812 if (rc != CKR_FUNCTION_NOT_PARALLEL)
1813 return rc;
1814 }
1815
1816 testcase_setup(0); //TODO
1817 rv = aes_funcs();
1818 testcase_print_result();
1819
1820 funcs->C_Finalize(NULL);
1821
1822 /* make sure we return non-zero if rv is non-zero */
1823 return ((rv == 0) || (rv % 256) ? (int)rv : -1);
1824 }
1825