1 /*
2 * Copyright (c) 2014 Red Hat
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 /*****************************************************************************
28 AsymWrapUnwrapTests.cpp
29
30 Contains test cases for C_WrapKey and C_UnwrapKey
31 using asymmetrical algorithms (RSA)
32 *****************************************************************************/
33
34 #include <config.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include "AsymWrapUnwrapTests.h"
38
39 // CKA_TOKEN
40 const CK_BBOOL ON_TOKEN = CK_TRUE;
41 const CK_BBOOL IN_SESSION = CK_FALSE;
42
43 // CKA_PRIVATE
44 const CK_BBOOL IS_PRIVATE = CK_TRUE;
45 const CK_BBOOL IS_PUBLIC = CK_FALSE;
46
47
48 CPPUNIT_TEST_SUITE_REGISTRATION(AsymWrapUnwrapTests);
49
50 // Generate throw-away (session) symmetric key
generateAesKey(CK_SESSION_HANDLE hSession,CK_OBJECT_HANDLE & hKey)51 CK_RV AsymWrapUnwrapTests::generateAesKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE &hKey)
52 {
53 CK_MECHANISM mechanism = { CKM_AES_KEY_GEN, NULL_PTR, 0 };
54 CK_ULONG bytes = 16;
55 CK_BBOOL bFalse = CK_FALSE;
56 CK_BBOOL bTrue = CK_TRUE;
57 CK_ATTRIBUTE keyAttribs[] = {
58 { CKA_TOKEN, &bFalse, sizeof(bTrue) },
59 { CKA_PRIVATE, &bTrue, sizeof(bTrue) },
60 { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) },
61 { CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
62 { CKA_VALUE_LEN, &bytes, sizeof(bytes) },
63 };
64
65 hKey = CK_INVALID_HANDLE;
66 return CRYPTOKI_F_PTR( C_GenerateKey(hSession, &mechanism,
67 keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE),
68 &hKey) );
69 }
70
generateRsaKeyPair(CK_SESSION_HANDLE hSession,CK_BBOOL bTokenPuk,CK_BBOOL bPrivatePuk,CK_BBOOL bTokenPrk,CK_BBOOL bPrivatePrk,CK_OBJECT_HANDLE & hPuk,CK_OBJECT_HANDLE & hPrk)71 CK_RV AsymWrapUnwrapTests::generateRsaKeyPair(CK_SESSION_HANDLE hSession, CK_BBOOL bTokenPuk, CK_BBOOL bPrivatePuk, CK_BBOOL bTokenPrk, CK_BBOOL bPrivatePrk, CK_OBJECT_HANDLE &hPuk, CK_OBJECT_HANDLE &hPrk)
72 {
73 CK_MECHANISM mechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 };
74 CK_ULONG bits = 1536;
75 CK_BYTE pubExp[] = {0x01, 0x00, 0x01};
76 CK_BYTE subject[] = { 0x12, 0x34 }; // dummy
77 CK_BYTE id[] = { 123 } ; // dummy
78 CK_BBOOL bFalse = CK_FALSE;
79 CK_BBOOL bTrue = CK_TRUE;
80 CK_ATTRIBUTE pukAttribs[] = {
81 { CKA_TOKEN, &bTokenPuk, sizeof(bTokenPuk) },
82 { CKA_PRIVATE, &bPrivatePuk, sizeof(bPrivatePuk) },
83 { CKA_ENCRYPT, &bFalse, sizeof(bFalse) },
84 { CKA_VERIFY, &bFalse, sizeof(bFalse) },
85 { CKA_WRAP, &bTrue, sizeof(bTrue) },
86 { CKA_MODULUS_BITS, &bits, sizeof(bits) },
87 { CKA_PUBLIC_EXPONENT, &pubExp[0], sizeof(pubExp) }
88 };
89 CK_ATTRIBUTE prkAttribs[] = {
90 { CKA_TOKEN, &bTokenPrk, sizeof(bTokenPrk) },
91 { CKA_PRIVATE, &bPrivatePrk, sizeof(bPrivatePrk) },
92 { CKA_SUBJECT, &subject[0], sizeof(subject) },
93 { CKA_ID, &id[0], sizeof(id) },
94 { CKA_SENSITIVE, &bTrue, sizeof(bTrue) },
95 { CKA_DECRYPT, &bFalse, sizeof(bFalse) },
96 { CKA_SIGN, &bFalse, sizeof(bFalse) },
97 { CKA_UNWRAP, &bTrue, sizeof(bTrue) },
98 };
99
100 hPuk = CK_INVALID_HANDLE;
101 hPrk = CK_INVALID_HANDLE;
102 return CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism,
103 pukAttribs, sizeof(pukAttribs)/sizeof(CK_ATTRIBUTE),
104 prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE),
105 &hPuk, &hPrk) );
106 }
107
rsaWrapUnwrap(CK_MECHANISM_TYPE mechanismType,CK_SESSION_HANDLE hSession,CK_OBJECT_HANDLE hPublicKey,CK_OBJECT_HANDLE hPrivateKey)108 void AsymWrapUnwrapTests::rsaWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey)
109 {
110 CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 };
111 CK_RSA_PKCS_OAEP_PARAMS oaepParams = { CKM_SHA_1, CKG_MGF1_SHA1, CKZ_DATA_SPECIFIED, NULL_PTR, 0 };
112 CK_BYTE cipherText[2048];
113 CK_ULONG ulCipherTextLen;
114 CK_BYTE symValue[64];
115 CK_ULONG ulSymValueLen = sizeof(symValue);
116 CK_BYTE unwrappedValue[64];
117 CK_ULONG ulUnwrappedValueLen = sizeof(unwrappedValue);
118 CK_OBJECT_HANDLE symKey = CK_INVALID_HANDLE;
119 CK_OBJECT_HANDLE unwrappedKey = CK_INVALID_HANDLE;
120 CK_RV rv;
121 CK_ULONG wrappedLenEstimation;
122
123 CK_BBOOL bFalse = CK_FALSE;
124 CK_BBOOL bTrue = CK_TRUE;
125 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
126 CK_KEY_TYPE keyType = CKK_AES;
127 CK_ATTRIBUTE unwrapTemplate[] = {
128 { CKA_CLASS, &keyClass, sizeof(keyClass) },
129 { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
130 { CKA_TOKEN, &bFalse, sizeof(bFalse) },
131 { CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
132 { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) }
133 };
134
135 CK_ATTRIBUTE valueTemplate[] = {
136 { CKA_VALUE, &symValue, ulSymValueLen }
137 };
138
139 CK_MECHANISM_INFO mechInfo;
140
141 if (mechanismType == CKM_RSA_PKCS_OAEP)
142 {
143 mechanism.pParameter = &oaepParams;
144 mechanism.ulParameterLen = sizeof(oaepParams);
145 }
146
147 // Generate temporary symmetric key and remember it's value
148 rv = generateAesKey(hSession, symKey);
149 CPPUNIT_ASSERT(rv==CKR_OK);
150
151 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, symKey, valueTemplate, sizeof(valueTemplate)/sizeof(CK_ATTRIBUTE)) );
152 CPPUNIT_ASSERT(rv==CKR_OK);
153 ulSymValueLen = valueTemplate[0].ulValueLen;
154
155 // CKM_RSA_PKCS Wrap/Unwrap support
156 rv = CRYPTOKI_F_PTR( C_GetMechanismInfo(m_initializedTokenSlotID, CKM_RSA_PKCS, &mechInfo) );
157 CPPUNIT_ASSERT(rv==CKR_OK);
158 CPPUNIT_ASSERT(mechInfo.flags&CKF_WRAP);
159 CPPUNIT_ASSERT(mechInfo.flags&CKF_UNWRAP);
160
161 // Estimate wrapped length
162 rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hPublicKey, symKey, NULL_PTR, &wrappedLenEstimation) );
163 CPPUNIT_ASSERT(rv==CKR_OK);
164 CPPUNIT_ASSERT(wrappedLenEstimation>0);
165
166 // This should always fail because wrapped data have to be longer than 0 bytes
167 ulCipherTextLen = 0;
168 rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hPublicKey, symKey, cipherText, &ulCipherTextLen) );
169 CPPUNIT_ASSERT(rv==CKR_BUFFER_TOO_SMALL);
170
171 // Do real wrapping
172 ulCipherTextLen = sizeof(cipherText);
173 rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hPublicKey, symKey, cipherText, &ulCipherTextLen) );
174 CPPUNIT_ASSERT(rv==CKR_OK);
175 // Check length 'estimation'
176 CPPUNIT_ASSERT(wrappedLenEstimation>=ulCipherTextLen);
177
178 rv = CRYPTOKI_F_PTR( C_UnwrapKey(hSession, &mechanism, hPrivateKey, cipherText, ulCipherTextLen, unwrapTemplate, sizeof(unwrapTemplate)/sizeof(CK_ATTRIBUTE), &unwrappedKey) );
179 CPPUNIT_ASSERT(rv==CKR_OK);
180
181 valueTemplate[0].pValue = &unwrappedValue;
182 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, unwrappedKey, valueTemplate, sizeof(valueTemplate)/sizeof(CK_ATTRIBUTE)) );
183 CPPUNIT_ASSERT(rv==CKR_OK);
184 ulUnwrappedValueLen = valueTemplate[0].ulValueLen;
185
186 CPPUNIT_ASSERT(ulSymValueLen == ulUnwrappedValueLen);
187 CPPUNIT_ASSERT(memcmp(symValue, unwrappedValue, ulSymValueLen) == 0);
188 }
189
testRsaWrapUnwrap()190 void AsymWrapUnwrapTests::testRsaWrapUnwrap()
191 {
192 CK_RV rv;
193 CK_SESSION_HANDLE hSessionRO;
194 CK_SESSION_HANDLE hSessionRW;
195
196 // Just make sure that we finalize any previous tests
197 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
198
199 // Open read-only session on when the token is not initialized should fail
200 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
201 CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
202
203 // Initialize the library and start the test.
204 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
205 CPPUNIT_ASSERT(rv == CKR_OK);
206
207 // Open read-only session
208 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
209 CPPUNIT_ASSERT(rv == CKR_OK);
210
211 // Open read-write session
212 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
213 CPPUNIT_ASSERT(rv == CKR_OK);
214
215 // Login USER into the sessions so we can create a private objects
216 rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
217 CPPUNIT_ASSERT(rv==CKR_OK);
218
219 CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
220 CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;
221
222 // Generate all combinations of session/token public/private key pairs.
223 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPublicKey,hPrivateKey);
224 CPPUNIT_ASSERT(rv == CKR_OK);
225
226 rsaWrapUnwrap(CKM_RSA_PKCS,hSessionRO,hPublicKey,hPrivateKey);
227 rsaWrapUnwrap(CKM_RSA_PKCS_OAEP,hSessionRO,hPublicKey,hPrivateKey);
228 }
229