1--TEST-- 2OASIS Verify Basic test - C_VerifyInit(), C_Verify() 3--DESCRIPTION-- 4Based on the same design than C_Sign() tests, let's first 5C_Sign() a data then let's C_Verify(). 6--SKIPIF-- 7<?php 8 9require_once 'require-userpin-login.skipif.inc'; 10 11$pin = getenv('PHP11_PIN'); 12if (strlen($pin) === 0) 13 $pin = null; # Smart card without any pin code 14 15$rv = $module->C_Login($session, Pkcs11\CKU_USER, $pin); 16 17$Template = [ 18 Pkcs11\CKA_CLASS => Pkcs11\CKO_PRIVATE_KEY, 19 Pkcs11\CKA_KEY_TYPE => Pkcs11\CKK_RSA, 20]; 21$rv = $module->C_FindObjectsInit($session, $Template); 22$rv = $module->C_FindObjects($session, $Objects); 23if (empty($Objects)) { 24 echo 'skip - Missing RSA key'; 25} 26 27?> 28--FILE-- 29<?php declare(strict_types=1); 30 31$modulePath = getenv('PHP11_MODULE'); 32$module = new Pkcs11\Module($modulePath); 33 34$rv = $module->C_GetSlotList(true, $s); 35var_dump($rv); 36 37$rv = $module->C_OpenSession($s[0], Pkcs11\CKF_SERIAL_SESSION, null, null, $session); 38var_dump($rv); 39var_dump($session); 40 41$pin = getenv('PHP11_PIN'); 42if (strlen($pin) === 0) 43 $pin = null; # Smart card without any pin code 44 45$rv = $module->C_Login($session, Pkcs11\CKU_USER, $pin); 46var_dump($rv); 47 48$Template = [ 49 Pkcs11\CKA_CLASS => Pkcs11\CKO_PRIVATE_KEY, 50 Pkcs11\CKA_KEY_TYPE => Pkcs11\CKK_RSA, 51 //Pkcs11\CKA_ID => hex2bin("E828BD080F8025000001FF001002"), 52// Pkcs11\CKA_LABEL => 'xyz_PRIV_SIG', # the label of your private key 53]; 54 55$rv = $module->C_FindObjectsInit($session, $Template); 56 57var_dump($rv); 58 59$rv = $module->C_FindObjects($session, $Objects); 60var_dump($rv); 61if (count($Objects) >= 1) { 62 echo "OK, got 1 Key" . PHP_EOL; 63} else { 64 die("Missing private RSA key"); 65} 66 67$key = end($Objects); 68var_dump($key); 69 70$rv = $module->C_FindObjectsFinal($session); 71var_dump($rv); 72 73$rv = $module->C_SignInit($session, 74 new Pkcs11\Mechanism(Pkcs11\CKM_RSA_PKCS), 75 //new Pkcs11\Mechanism(Pkcs11\CKM_SHA256_RSA_PKCS), 76 $key); 77var_dump($rv); 78 79$rv = $module->C_Sign($session, "Cantina bar", $signature); 80var_dump($rv); 81var_dump(strlen($signature)); // expect 256 bytes 82 83$rv = $module->C_Logout($session); 84var_dump($rv); 85 86/* - - - Verify it - - - */ 87$Template = [ 88 Pkcs11\CKA_CLASS => Pkcs11\CKO_PUBLIC_KEY, 89 Pkcs11\CKA_KEY_TYPE => Pkcs11\CKK_RSA, 90 //Pkcs11\CKA_ID => hex2bin("E828BD080F8025000001FF001002"), 91// Pkcs11\CKA_LABEL => 'xyz_PUBLIC_SIG', # the label of your public key 92]; 93 94$rv = $module->C_FindObjectsInit($session, $Template); 95 96var_dump($rv); 97 98$rv = $module->C_FindObjects($session, $Objects); 99var_dump($rv); 100if (count($Objects) >= 1) { 101 echo "OK, got 1 Key" . PHP_EOL; 102} else { 103 die("Missing public RSA key"); 104} 105 106$key = end($Objects); 107var_dump($key); 108 109$rv = $module->C_FindObjectsFinal($session); 110 111$rv = $module->C_VerifyInit($session, 112 new Pkcs11\Mechanism(Pkcs11\CKM_RSA_PKCS), 113 $key); 114var_dump($rv); 115 116$rv = $module->C_Verify($session, "Cantina barx", $signature); 117switch($rv) { 118 case Pkcs11\CKR_SIGNATURE_INVALID: 119 echo "CKR_SIGNATURE_INVALID".PHP_EOL; 120 break; 121 case Pkcs11\CKR_OK: 122 echo "Signature: CKR_OK".PHP_EOL; 123 break; 124 default: 125 var_dump($rv); 126 break; 127} 128 129$rv = $module->C_VerifyInit($session, 130 new Pkcs11\Mechanism(Pkcs11\CKM_RSA_PKCS), 131 $key); 132var_dump($rv); 133 134$rv = $module->C_Verify($session, "Cantina bar", $signature); 135switch($rv) { 136 case Pkcs11\CKR_SIGNATURE_INVALID: 137 echo "CKR_SIGNATURE_INVALID".PHP_EOL; 138 break; 139 case Pkcs11\CKR_OK: 140 echo "Signature: CKR_OK".PHP_EOL; 141 break; 142 default: 143 var_dump($rv); 144 break; 145} 146 147$rv = $module->C_CloseSession($session); 148var_dump($rv); 149 150?> 151--EXPECTF-- 152int(0) 153int(0) 154object(Pkcs11\Session)#2 (2) { 155 ["hSession"]=> 156 int(%d) 157 ["slotID"]=> 158 int(%d) 159} 160int(0) 161int(0) 162int(0) 163OK, got 1 Key 164int(%d) 165int(0) 166int(0) 167int(0) 168int(256) 169int(0) 170int(0) 171int(0) 172OK, got 1 Key 173int(%d) 174int(0) 175CKR_SIGNATURE_INVALID 176int(0) 177Signature: CKR_OK 178int(0) 179