diff options
Diffstat (limited to 'SoftHSMv2/src')
| -rw-r--r-- | SoftHSMv2/src/bin/Makefile.am | 3 | ||||
| -rw-r--r-- | SoftHSMv2/src/bin/win32/getopt.cpp | 520 | ||||
| -rw-r--r-- | SoftHSMv2/src/bin/win32/getopt.h | 101 | ||||
| -rw-r--r-- | SoftHSMv2/src/bin/win32/getpassphase.cpp | 35 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/Makefile.am | 5 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/SoftHSM.cpp | 59 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/SoftHSM.h | 1 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp | 93 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp | 30 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp | 34 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/crypto/test/GOSTTests.h | 2 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/test/Makefile.am | 2 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp | 233 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h | 7 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/win32/dllmain.cc | 18 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/win32/setenv.cpp | 20 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/win32/setenv.h | 12 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/win32/syslog.cpp | 69 | ||||
| -rw-r--r-- | SoftHSMv2/src/lib/win32/syslog.h | 46 |
19 files changed, 411 insertions, 879 deletions
diff --git a/SoftHSMv2/src/bin/Makefile.am b/SoftHSMv2/src/bin/Makefile.am index 354c272..06a03d9 100644 --- a/SoftHSMv2/src/bin/Makefile.am +++ b/SoftHSMv2/src/bin/Makefile.am @@ -6,5 +6,4 @@ if BUILD_MIGRATE SUBDIRS += migrate endif -EXTRA_DIST = $(srcdir)/win32/*.cpp \ - $(srcdir)/win32/*.h +#EXTRA_DIST = diff --git a/SoftHSMv2/src/bin/win32/getopt.cpp b/SoftHSMv2/src/bin/win32/getopt.cpp deleted file mode 100644 index dfeabe2..0000000 --- a/SoftHSMv2/src/bin/win32/getopt.cpp +++ /dev/null @@ -1,520 +0,0 @@ -/*- - * Copyright (c) 2000 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Dieter Baron and Thomas Klausner. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the NetBSD - * Foundation, Inc. and its contributors. - * 4. Neither the name of The NetBSD Foundation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#include <config.h> -#include <getopt.h> -#include <stdlib.h> -#include <string.h> - -#ifdef _WIN32 - -/* Windows needs warnx(). We change the definition though: - * 1. (another) global is defined, opterrmsg, which holds the error message - * 2. errors are always printed out on stderr w/o the program name - * Note that opterrmsg always gets set no matter what opterr is set to. The - * error message will not be printed if opterr is 0 as usual. - */ - -#include <stdio.h> -#include <stdarg.h> - -extern char opterrmsg[128]; -char opterrmsg[128]; /* last error message is stored here */ - -static void warnx(int print_error, const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - if (fmt != NULL) - _vsnprintf(opterrmsg, 128, fmt, ap); - else - opterrmsg[0]='\0'; - va_end(ap); - if (print_error) { - fprintf(stderr, opterrmsg); - fprintf(stderr, "\n"); - } -} - -#endif /*_WIN32*/ - -/* not part of the original file */ -#ifndef _DIAGASSERT -#define _DIAGASSERT(X) -#endif - -#if HAVE_CONFIG_H && !HAVE_GETOPT_LONG && !HAVE_DECL_OPTIND -#define REPLACE_GETOPT -#endif - -int opterr = 1; /* if error message should be printed */ -int optind = 1; /* index into parent argv vector */ -int optopt = '?'; /* character checked for validity */ -int optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ - -#if !HAVE_GETOPT_LONG -#define IGNORE_FIRST (*options == '-' || *options == '+') -#define PRINT_ERROR ((opterr) && ((*options != ':') \ - || (IGNORE_FIRST && options[1] != ':'))) -#define IS_POSIXLY_CORRECT (getenv("POSIXLY_CORRECT") != NULL) -#define PERMUTE (!IS_POSIXLY_CORRECT && !IGNORE_FIRST) -/* XXX: GNU ignores PC if *options == '-' */ -#define IN_ORDER (!IS_POSIXLY_CORRECT && *options == '-') - -/* return values */ -#define BADCH (int)'?' -#define BADARG ((IGNORE_FIRST && options[1] == ':') \ - || (*options == ':') ? (int)':' : (int)'?') -#define INORDER (int)1 - -#define EMSG "" - -static int getopt_internal(int, char * const *, const char *); -static int gcd(int, int); -static void permute_args(int, int, int, char * const *); - -static char *place = EMSG; /* option letter processing */ - -/* XXX: set optreset to 1 rather than these two */ -static int nonopt_start = -1; /* first non option argument (for permute) */ -static int nonopt_end = -1; /* first option after non options (for permute) */ - -/* Error messages */ -static const char recargchar[] = "option requires an argument -- %c"; -static const char recargstring[] = "option requires an argument -- %s"; -static const char ambig[] = "ambiguous option -- %.*s"; -static const char noarg[] = "option doesn't take an argument -- %.*s"; -static const char illoptchar[] = "unknown option -- %c"; -static const char illoptstring[] = "unknown option -- %s"; - - -/* - * Compute the greatest common divisor of a and b. - */ -static int -gcd(int a, int b) -{ - int c; - - c = a % b; - while (c != 0) { - a = b; - b = c; - c = a % b; - } - - return b; -} - -/* - * Exchange the block from nonopt_start to nonopt_end with the block - * from nonopt_end to opt_end (keeping the same order of arguments - * in each block). - */ -static void -permute_args(int panonopt_start, int panonopt_end, - int opt_end, char * const *nargv) -{ - int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; - char *swap; - - _DIAGASSERT(nargv != NULL); - - /* - * compute lengths of blocks and number and size of cycles - */ - nnonopts = panonopt_end - panonopt_start; - nopts = opt_end - panonopt_end; - ncycle = gcd(nnonopts, nopts); - cyclelen = (opt_end - panonopt_start) / ncycle; - - for (i = 0; i < ncycle; i++) { - cstart = panonopt_end+i; - pos = cstart; - for (j = 0; j < cyclelen; j++) { - if (pos >= panonopt_end) - pos -= nnonopts; - else - pos += nopts; - swap = nargv[pos]; - /* LINTED const cast */ - ((char **) nargv)[pos] = nargv[cstart]; - /* LINTED const cast */ - ((char **)nargv)[cstart] = swap; - } - } -} - -/* - * getopt_internal -- - * Parse argc/argv argument vector. Called by user level routines. - * Returns -2 if -- is found (can be long option or end of options marker). - */ -static int -getopt_internal(int nargc, char * const *nargv, const char *options) -{ - char *oli; /* option letter list index */ - int optchar; - - _DIAGASSERT(nargv != NULL); - _DIAGASSERT(options != NULL); - - optarg = NULL; - - /* - * XXX Some programs (like rsyncd) expect to be able to - * XXX re-initialize optind to 0 and have getopt_long(3) - * XXX properly function again. Work around this braindamage. - */ - if (optind == 0) - optind = 1; - - if (optreset) - nonopt_start = nonopt_end = -1; -start: - if (optreset || !*place) { /* update scanning pointer */ - optreset = 0; - if (optind >= nargc) { /* end of argument vector */ - place = EMSG; - if (nonopt_end != -1) { - /* do permutation, if we have to */ - permute_args(nonopt_start, nonopt_end, - optind, nargv); - optind -= nonopt_end - nonopt_start; - } - else if (nonopt_start != -1) { - /* - * If we skipped non-options, set optind - * to the first of them. - */ - optind = nonopt_start; - } - nonopt_start = nonopt_end = -1; - return -1; - } - if ((*(place = nargv[optind]) != '-') - || (place[1] == '\0')) { /* found non-option */ - place = EMSG; - if (IN_ORDER) { - /* - * GNU extension: - * return non-option as argument to option 1 - */ - optarg = nargv[optind++]; - return INORDER; - } - if (!PERMUTE) { - /* - * if no permutation wanted, stop parsing - * at first non-option - */ - return -1; - } - /* do permutation */ - if (nonopt_start == -1) - nonopt_start = optind; - else if (nonopt_end != -1) { - permute_args(nonopt_start, nonopt_end, - optind, nargv); - nonopt_start = optind - - (nonopt_end - nonopt_start); - nonopt_end = -1; - } - optind++; - /* process next argument */ - goto start; - } - if (nonopt_start != -1 && nonopt_end == -1) - nonopt_end = optind; - if (place[1] && *++place == '-') { /* found "--" */ - place++; - return -2; - } - } - if ((optchar = (int)*place++) == (int)':' || - (oli = (char *) strchr(options + (IGNORE_FIRST ? 1 : 0), - optchar)) == NULL) { - /* option letter unknown or ':' */ - if (!*place) - ++optind; -#ifndef _WIN32 - if (PRINT_ERROR) - warnx(illoptchar, optchar); -#else - warnx(PRINT_ERROR, illoptchar, optchar); -#endif - optopt = optchar; - return BADCH; - } - if (optchar == 'W' && oli[1] == ';') { /* -W long-option */ - /* XXX: what if no long options provided (called by getopt)? */ - if (*place) - return -2; - - if (++optind >= nargc) { /* no arg */ - place = EMSG; -#ifndef _WIN32 - if (PRINT_ERROR) - warnx(recargchar, optchar); -#else - warnx(PRINT_ERROR, recargchar, optchar); -#endif - optopt = optchar; - return BADARG; - } else /* white space */ - place = nargv[optind]; - /* - * Handle -W arg the same as --arg (which causes getopt to - * stop parsing). - */ - return -2; - } - if (*++oli != ':') { /* doesn't take argument */ - if (!*place) - ++optind; - } else { /* takes (optional) argument */ - optarg = NULL; - if (*place) /* no white space */ - optarg = place; - /* XXX: disable test for :: if PC? (GNU doesn't) */ - else if (oli[1] != ':') { /* arg not optional */ - if (++optind >= nargc) { /* no arg */ - place = EMSG; -#ifndef _WIN32 - if (PRINT_ERROR) - warnx(recargchar, optchar); -#else - warnx(PRINT_ERROR, recargchar, optchar); -#endif - optopt = optchar; - return BADARG; - } else - optarg = nargv[optind]; - } - place = EMSG; - ++optind; - } - /* dump back option letter */ - return optchar; -} - -/* - * getopt -- - * Parse argc/argv argument vector. - * - * [eventually this will replace the real getopt] - */ -int -getopt(int nargc, char * const *nargv, const char *options) -{ - int retval; - - _DIAGASSERT(nargv != NULL); - _DIAGASSERT(options != NULL); - - if ((retval = getopt_internal(nargc, nargv, options)) == -2) { - ++optind; - /* - * We found an option (--), so if we skipped non-options, - * we have to permute. - */ - if (nonopt_end != -1) { - permute_args(nonopt_start, nonopt_end, optind, - nargv); - optind -= nonopt_end - nonopt_start; - } - nonopt_start = nonopt_end = -1; - retval = -1; - } - return retval; -} - -/* - * getopt_long -- - * Parse argc/argv argument vector. - */ -int -getopt_long(int nargc, - char * const *nargv, - const char *options, - const struct option *long_options, - int *idx) -{ - int retval; - - _DIAGASSERT(nargv != NULL); - _DIAGASSERT(options != NULL); - _DIAGASSERT(long_options != NULL); - /* idx may be NULL */ - - if ((retval = getopt_internal(nargc, nargv, options)) == -2) { - char *current_argv, *has_equal; - size_t current_argv_len; - int i, match; - - current_argv = place; - match = -1; - - optind++; - place = EMSG; - - if (*current_argv == '\0') { /* found "--" */ - /* - * We found an option (--), so if we skipped - * non-options, we have to permute. - */ - if (nonopt_end != -1) { - permute_args(nonopt_start, nonopt_end, - optind, nargv); - optind -= nonopt_end - nonopt_start; - } - nonopt_start = nonopt_end = -1; - return -1; - } - if ((has_equal = strchr(current_argv, '=')) != NULL) { - /* argument found (--option=arg) */ - current_argv_len = has_equal - current_argv; - has_equal++; - } else - current_argv_len = strlen(current_argv); - - for (i = 0; long_options[i].name; i++) { - /* find matching long option */ - if (strncmp(current_argv, long_options[i].name, - current_argv_len)) - continue; - - if (strlen(long_options[i].name) == - (unsigned)current_argv_len) { - /* exact match */ - match = i; - break; - } - if (match == -1) /* partial match */ - match = i; - else { - /* ambiguous abbreviation */ -#ifndef _WIN32 - if (PRINT_ERROR) - warnx(ambig, (int)current_argv_len, - current_argv); -#else - warnx(PRINT_ERROR, ambig, (int)current_argv_len, - current_argv); -#endif - optopt = 0; - return BADCH; - } - } - if (match != -1) { /* option found */ - if (long_options[match].has_arg == no_argument - && has_equal) { -#ifndef _WIN32 - if (PRINT_ERROR) - warnx(noarg, (int)current_argv_len, - current_argv); -#else - warnx(PRINT_ERROR, noarg, (int)current_argv_len, - current_argv); -#endif - /* - * XXX: GNU sets optopt to val regardless of - * flag - */ - if (long_options[match].flag == NULL) - optopt = long_options[match].val; - else - optopt = 0; - return BADARG; - } - if (long_options[match].has_arg == required_argument || - long_options[match].has_arg == optional_argument) { - if (has_equal) - optarg = has_equal; - else if (long_options[match].has_arg == - required_argument) { - /* - * optional argument doesn't use - * next nargv - */ - optarg = nargv[optind++]; - } - } - if ((long_options[match].has_arg == required_argument) - && (optarg == NULL)) { - /* - * Missing argument; leading ':' - * indicates no error should be generated - */ -#ifndef _WIN32 - if (PRINT_ERROR) - warnx(recargstring, current_argv); -#else - warnx(PRINT_ERROR, recargstring, current_argv); -#endif - /* - * XXX: GNU sets optopt to val regardless - * of flag - */ - if (long_options[match].flag == NULL) - optopt = long_options[match].val; - else - optopt = 0; - --optind; - return BADARG; - } - } else { /* unknown option */ -#ifndef _WIN32 - if (PRINT_ERROR) - warnx(illoptstring, current_argv); -#else - warnx(PRINT_ERROR, illoptstring, current_argv); -#endif - optopt = 0; - return BADCH; - } - if (long_options[match].flag) { - *long_options[match].flag = long_options[match].val; - retval = 0; - } else - retval = long_options[match].val; - if (idx) - *idx = match; - } - return retval; -} -#endif /* !GETOPT_LONG */ diff --git a/SoftHSMv2/src/bin/win32/getopt.h b/SoftHSMv2/src/bin/win32/getopt.h deleted file mode 100644 index f6b65a5..0000000 --- a/SoftHSMv2/src/bin/win32/getopt.h +++ /dev/null @@ -1,101 +0,0 @@ -/*- - * Copyright (c) 2000 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Dieter Baron and Thomas Klausner. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the NetBSD - * Foundation, Inc. and its contributors. - * 4. Neither the name of The NetBSD Foundation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _GETOPT_H_ -#define _GETOPT_H_ - -#ifdef _WIN32 -/* from <sys/cdefs.h> */ -# ifdef __cplusplus -# define __BEGIN_DECLS extern "C" { -# define __END_DECLS } -# else -# define __BEGIN_DECLS -# define __END_DECLS -# endif -# define __P(args) args -#endif - -/*#ifndef _WIN32 -#include <sys/cdefs.h> -#include <unistd.h> -#endif*/ - -/* - * Gnu like getopt_long() and BSD4.4 getsubopt()/optreset extensions - */ -#if !defined(_POSIX_SOURCE) && !defined(_XOPEN_SOURCE) -#define no_argument 0 -#define required_argument 1 -#define optional_argument 2 - -struct option { - /* name of long option */ - const char *name; - /* - * one of no_argument, required_argument, and optional_argument: - * whether option takes an argument - */ - int has_arg; - /* if not NULL, set *flag to val when option found */ - int *flag; - /* if flag not NULL, value to set *flag to; else return value */ - int val; -}; - -__BEGIN_DECLS -int getopt_long __P((int, char * const *, const char *, - const struct option *, int *)); -__END_DECLS -#endif - -#ifdef _WIN32 -/* These are global getopt variables */ -__BEGIN_DECLS - -extern int opterr, /* if error message should be printed */ - optind, /* index into parent argv vector */ - optopt, /* character checked for validity */ - optreset; /* reset getopt */ -extern char* optarg; /* argument associated with option */ - -/* Original getopt */ -int getopt __P((int, char * const *, const char *)); - -__END_DECLS -#endif - -#endif /* !_GETOPT_H_ */ diff --git a/SoftHSMv2/src/bin/win32/getpassphase.cpp b/SoftHSMv2/src/bin/win32/getpassphase.cpp deleted file mode 100644 index 9d8aaca..0000000 --- a/SoftHSMv2/src/bin/win32/getpassphase.cpp +++ /dev/null @@ -1,35 +0,0 @@ -/* WIN32 getpassphrase */ - -#include <config.h> -#include <stdio.h> - -char * -getpassphrase(const char *prompt) { - static char buf[128]; - HANDLE h; - DWORD cc, mode; - int cnt; - - h = GetStdHandle(STD_INPUT_HANDLE); - fputs(prompt, stderr); - fflush(stderr); - fflush(stdout); - FlushConsoleInputBuffer(h); - GetConsoleMode(h, &mode); - SetConsoleMode(h, ENABLE_PROCESSED_INPUT); - - for (cnt = 0; cnt < sizeof(buf) - 1; cnt++) - { - ReadFile(h, buf + cnt, 1, &cc, NULL); - if (buf[cnt] == '\r') - break; - fputc('*', stdout); - fflush(stderr); - fflush(stdout); - } - - SetConsoleMode(h, mode); - buf[cnt] = '\0'; - fputs("\n", stderr); - return (buf); -} diff --git a/SoftHSMv2/src/lib/Makefile.am b/SoftHSMv2/src/lib/Makefile.am index f3f5bb4..c579d62 100644 --- a/SoftHSMv2/src/lib/Makefile.am +++ b/SoftHSMv2/src/lib/Makefile.am @@ -46,7 +46,4 @@ SUBDIRS = common \ test EXTRA_DIST = $(srcdir)/*.h \ - $(srcdir)/pkcs11/*.h \ - $(srcdir)/win32/*.cc \ - $(srcdir)/win32/*.cpp \ - $(srcdir)/win32/*.h + $(srcdir)/pkcs11/*.h diff --git a/SoftHSMv2/src/lib/SoftHSM.cpp b/SoftHSMv2/src/lib/SoftHSM.cpp index b06efc2..7a23a8a 100644 --- a/SoftHSMv2/src/lib/SoftHSM.cpp +++ b/SoftHSMv2/src/lib/SoftHSM.cpp @@ -6131,6 +6131,11 @@ CK_RV SoftHSM::C_WrapKey alg = AsymAlgo::ECDSA; break; #endif +#ifdef WITH_GOST + case CKK_GOSTR3410: + alg = AsymAlgo::GOST; + break; +#endif default: return CKR_KEY_NOT_WRAPPABLE; } @@ -6160,6 +6165,11 @@ CK_RV SoftHSM::C_WrapKey rv = getECPrivateKey((ECPrivateKey*)privateKey, token, key); break; #endif +#ifdef WITH_GOST + case CKK_GOSTR3410: + rv = getGOSTPrivateKey((GOSTPrivateKey*)privateKey, token, key); + break; +#endif } if (rv != CKR_OK) { @@ -6568,10 +6578,18 @@ CK_RV SoftHSM::C_UnwrapKey { bOK = bOK && setDHPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE); } +#ifdef WITH_ECC else if (keyType == CKK_EC) { bOK = bOK && setECPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE); } +#endif +#ifdef WITH_GOST + else if (keyType == CKK_GOSTR3410) + { + bOK = bOK && setGOSTPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE); + } +#endif else bOK = false; @@ -11083,6 +11101,7 @@ bool SoftHSM::setDHPrivateKey(OSObject* key, const ByteString &ber, Token* token return bOK; } + bool SoftHSM::setECPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const { AsymmetricAlgorithm* ecc = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA); @@ -11123,6 +11142,46 @@ bool SoftHSM::setECPrivateKey(OSObject* key, const ByteString &ber, Token* token return bOK; } +bool SoftHSM::setGOSTPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const +{ + AsymmetricAlgorithm* gost = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST); + if (gost == NULL) + return false; + PrivateKey* priv = gost->newPrivateKey(); + if (priv == NULL) + { + CryptoFactory::i()->recycleAsymmetricAlgorithm(gost); + return false; + } + if (!priv->PKCS8Decode(ber)) + { + gost->recyclePrivateKey(priv); + CryptoFactory::i()->recycleAsymmetricAlgorithm(gost); + return false; + } + // GOST Private Key Attributes + ByteString value; + ByteString param_a; + if (isPrivate) + { + token->encrypt(((GOSTPrivateKey*)priv)->getD(), value); + token->encrypt(((GOSTPrivateKey*)priv)->getEC(), param_a); + } + else + { + value = ((GOSTPrivateKey*)priv)->getD(); + param_a = ((GOSTPrivateKey*)priv)->getEC(); + } + bool bOK = true; + bOK = bOK && key->setAttribute(CKA_VALUE, value); + bOK = bOK && key->setAttribute(CKA_GOSTR3410_PARAMS, param_a); + + gost->recyclePrivateKey(priv); + CryptoFactory::i()->recycleAsymmetricAlgorithm(gost); + + return bOK; +} + CK_RV SoftHSM::MechParamCheckRSAPKCSOAEP(CK_MECHANISM_PTR pMechanism) { // This is a programming error diff --git a/SoftHSMv2/src/lib/SoftHSM.h b/SoftHSMv2/src/lib/SoftHSM.h index 19909e4..70d497a 100644 --- a/SoftHSMv2/src/lib/SoftHSM.h +++ b/SoftHSMv2/src/lib/SoftHSM.h @@ -391,6 +391,7 @@ private: bool setDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; bool setDHPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; bool setECPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; + bool setGOSTPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; CK_RV WrapKeyAsym diff --git a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp index 890f135..e5bb3b4 100644 --- a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp +++ b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp @@ -38,6 +38,12 @@ #include "BotanRNG.h" #include "BotanUtil.h" #include <string.h> +#include <botan/pkcs8.h> +#include <botan/ber_dec.h> +#include <botan/der_enc.h> +#include <botan/asn1_oid.h> +#include <botan/oids.h> +#include <botan/version.h> // Constructors BotanGOSTPrivateKey::BotanGOSTPrivateKey() @@ -151,14 +157,93 @@ bool BotanGOSTPrivateKey::deserialise(ByteString& serialised) ByteString BotanGOSTPrivateKey::PKCS8Encode() { ByteString der; - // TODO - return der; + createBotanKey(); + if (eckey == NULL) return der; + // Force EC_DOMPAR_ENC_OID + const size_t PKCS8_VERSION = 0; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) + const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::secure_vector<Botan::byte> ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->private_key_bits(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::secure_vector<Botan::byte> ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#else + const Botan::MemoryVector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::SecureVector<Botan::byte> ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#endif + der.resize(ber.size()); + memcpy(&der[0], &ber[0], ber.size()); + return der; } // Decode from PKCS#8 BER -bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/) +bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& ber) { - return false; + Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); + if (source.end_of_data()) return false; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + Botan::secure_vector<Botan::byte> keydata; +#else + Botan::SecureVector<Botan::byte> keydata; +#endif + Botan::AlgorithmIdentifier alg_id; + Botan::GOST_3410_PrivateKey* key = NULL; + try + { + Botan::BER_Decoder(source) + .start_cons(Botan::SEQUENCE) + .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") + .decode(alg_id) + .decode(keydata, Botan::OCTET_STRING) + .discard_remaining() + .end_cons(); + if (keydata.empty()) + throw Botan::Decoding_Error("PKCS #8 private key decoding failed"); + if (Botan::OIDS::lookup(alg_id.oid).compare("GOST-34.10")) + { + ERROR_MSG("Decoded private key not GOST-34.10"); + + return false; + } + key = new Botan::GOST_3410_PrivateKey(alg_id, keydata); + if (key == NULL) return false; + + setFromBotan(key); + + delete key; + } + catch (std::exception& e) + { + ERROR_MSG("Decode failed on %s", e.what()); + + return false; + } + + return true; } // Retrieve the Botan representation of the key diff --git a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp index 6371e8f..a68b720 100644 --- a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp +++ b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp @@ -36,6 +36,7 @@ #include "OSSLGOSTPrivateKey.h" #include "OSSLUtil.h" #include <string.h> +#include <openssl/x509.h> #include <openssl/ec.h> // DER of a private key @@ -172,13 +173,36 @@ bool OSSLGOSTPrivateKey::deserialise(ByteString& serialised) ByteString OSSLGOSTPrivateKey::PKCS8Encode() { ByteString der; - // TODO + if (pkey == NULL) return der; + PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey); + if (p8inf == NULL) return der; + int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL); + if (len < 0) + { + PKCS8_PRIV_KEY_INFO_free(p8inf); + return der; + } + der.resize(len); + unsigned char* priv = &der[0]; + int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv); + PKCS8_PRIV_KEY_INFO_free(p8inf); + if (len2 != len) der.wipe(); return der; } // Decode from PKCS#8 BER -bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/) +bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& ber) { - return false; + int len = ber.size(); + if (len <= 0) return false; + const unsigned char* priv = ber.const_byte_str(); + PKCS8_PRIV_KEY_INFO* p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &priv, len); + if (p8 == NULL) return false; + EVP_PKEY* key = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (key == NULL) return false; + setFromOSSL(key); + EVP_PKEY_free(key); + return true; } #endif diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp index 91f6876..50d42e0 100644 --- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp +++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp @@ -264,6 +264,40 @@ void GOSTTests::testSerialisation() gost->recycleKeyPair(dKP); } +void GOSTTests::testPKCS8() +{ + AsymmetricKeyPair* kp; + ECParameters *p; + ByteString curve = "06072a850302022301"; + + // Get parameters + p = new ECParameters; + CPPUNIT_ASSERT(p != NULL); + p->setEC(curve); + + // Generate key-pair + CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p)); + CPPUNIT_ASSERT(kp != NULL); + + GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey(); + CPPUNIT_ASSERT(priv != NULL); + + // Encode and decode the private key + ByteString pkcs8 = priv->PKCS8Encode(); + CPPUNIT_ASSERT(pkcs8.size() != 0); + + GOSTPrivateKey* dPriv = (GOSTPrivateKey*) gost->newPrivateKey(); + CPPUNIT_ASSERT(dPriv != NULL); + + CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8)); + + CPPUNIT_ASSERT(priv->getD() == dPriv->getD()); + CPPUNIT_ASSERT(priv->getEC() == dPriv->getEC()); + + gost->recycleKeyPair(kp); + gost->recyclePrivateKey(dPriv); +} + void GOSTTests::testSigningVerifying() { AsymmetricKeyPair* kp; diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h index f243392..ac6bf01 100644 --- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h +++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h @@ -47,6 +47,7 @@ class GOSTTests : public CppUnit::TestFixture CPPUNIT_TEST(testHashKnownVector); CPPUNIT_TEST(testKeyGeneration); CPPUNIT_TEST(testSerialisation); + CPPUNIT_TEST(testPKCS8); CPPUNIT_TEST(testSigningVerifying); CPPUNIT_TEST(testSignVerifyKnownVector); CPPUNIT_TEST_SUITE_END(); @@ -57,6 +58,7 @@ public: void testHashKnownVector(); void testKeyGeneration(); void testSerialisation(); + void testPKCS8(); void testSigningVerifying(); void testSignVerifyKnownVector(); diff --git a/SoftHSMv2/src/lib/test/Makefile.am b/SoftHSMv2/src/lib/test/Makefile.am index 4345878..3723399 100644 --- a/SoftHSMv2/src/lib/test/Makefile.am +++ b/SoftHSMv2/src/lib/test/Makefile.am @@ -35,6 +35,4 @@ p11test_LDFLAGS = @CRYPTO_LIBS@ @CPPUNIT_LIBS@ -no-install -pthread -static TESTS = p11test EXTRA_DIST = $(srcdir)/*.h \ - $(srcdir)/softhsm2-alt.conf.win32 \ - $(srcdir)/softhsm2.conf.win32 \ $(srcdir)/tokens/dummy.in diff --git a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp index f301c73..bbc340c 100644 --- a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp +++ b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp @@ -370,7 +370,54 @@ CK_RV SymmetricAlgorithmTests::generateRsaPrivateKey(CK_SESSION_HANDLE hSession, return rv; } -void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) +#ifdef WITH_GOST +CK_RV SymmetricAlgorithmTests::generateGostPrivateKey(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey) +{ + CK_MECHANISM mechanism = { CKM_GOSTR3410_KEY_PAIR_GEN, NULL_PTR, 0 }; + CK_BYTE param_a[] = { 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01 }; + CK_BYTE param_b[] = { 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x01 }; + CK_BYTE subject[] = { 0x12, 0x34 }; // dummy + CK_BYTE id[] = { 123 } ; // dummy + CK_BBOOL bFalse = CK_FALSE; + CK_BBOOL bTrue = CK_TRUE; + CK_ATTRIBUTE pubAttribs[] = { + { CKA_TOKEN, &bToken, sizeof(bToken) }, + { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) }, + { CKA_ENCRYPT, &bFalse, sizeof(bFalse) }, + { CKA_VERIFY, &bTrue, sizeof(bTrue) }, + { CKA_WRAP, &bFalse, sizeof(bFalse) }, + { CKA_GOSTR3410_PARAMS, ¶m_a[0], sizeof(param_a) }, + { CKA_GOSTR3411_PARAMS, ¶m_b[0], sizeof(param_b) } + }; + CK_ATTRIBUTE privAttribs[] = { + { CKA_TOKEN, &bToken, sizeof(bToken) }, + { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) }, + { CKA_SUBJECT, &subject[0], sizeof(subject) }, + { CKA_ID, &id[0], sizeof(id) }, + { CKA_SENSITIVE, &bTrue, sizeof(bTrue) }, + { CKA_DECRYPT, &bFalse, sizeof(bFalse) }, + { CKA_SIGN, &bTrue, sizeof(bTrue) }, + { CKA_UNWRAP, &bFalse, sizeof(bFalse) }, + { CKA_SENSITIVE, &bFalse, sizeof(bFalse) }, + { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) } + }; + + CK_OBJECT_HANDLE hPub = CK_INVALID_HANDLE; + hKey = CK_INVALID_HANDLE; + CK_RV rv; + rv = CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, + pubAttribs, sizeof(pubAttribs)/sizeof(CK_ATTRIBUTE), + privAttribs, sizeof(privAttribs)/sizeof(CK_ATTRIBUTE), + &hPub, &hKey) ); + if (hPub != CK_INVALID_HANDLE) + { + CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPub) ); + } + return rv; +} +#endif + +void SymmetricAlgorithmTests::aesWrapUnwrapGeneric(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; CK_BBOOL bFalse = CK_FALSE; @@ -455,54 +502,61 @@ void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_ wrappedPtr = NULL_PTR; rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hSecret) ); CPPUNIT_ASSERT(rv == CKR_OK); +} - CK_OBJECT_HANDLE hRsa; - hRsa = CK_INVALID_HANDLE; - rv = generateRsaPrivateKey(hSession, CK_TRUE, CK_TRUE, hRsa); +void SymmetricAlgorithmTests::aesWrapUnwrapRsa(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) +{ + CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; + CK_BBOOL bFalse = CK_FALSE; + CK_BBOOL bTrue = CK_TRUE; + CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE; + CK_RV rv = generateRsaPrivateKey(hSession, CK_TRUE, CK_TRUE, hPrk); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); CK_OBJECT_CLASS privateClass = CKO_PRIVATE_KEY; - CK_KEY_TYPE rsaKeyType = CKK_RSA; - CK_BYTE_PTR p2Ptr = NULL_PTR; - CK_ULONG p2Len = 0UL; - CK_ATTRIBUTE rsaAttribs[] = { + CK_KEY_TYPE keyType = CKK_RSA; + CK_BYTE_PTR prkAttrPtr = NULL_PTR; + CK_ULONG prkAttrLen = 0UL; + CK_ATTRIBUTE prkAttribs[] = { { CKA_CLASS, &privateClass, sizeof(privateClass) }, - { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_PRIME_2, NULL_PTR, 0UL } }; - rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE)) ); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); - CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY); - CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); - CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA); + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_RSA); - p2Len = rsaAttribs[2].ulValueLen; - p2Ptr = (CK_BYTE_PTR) malloc(2 * p2Len); - CPPUNIT_ASSERT(p2Ptr != NULL_PTR); - rsaAttribs[2].pValue = p2Ptr; - rsaAttribs[2].ulValueLen = p2Len; + prkAttrLen = prkAttribs[2].ulValueLen; + prkAttrPtr = (CK_BYTE_PTR) malloc(2 * prkAttrLen); + CPPUNIT_ASSERT(prkAttrPtr != NULL_PTR); + prkAttribs[2].pValue = prkAttrPtr; + prkAttribs[2].ulValueLen = prkAttrLen; - rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE)) ); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); - rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen) ); + CK_BYTE_PTR wrappedPtr = NULL_PTR; + CK_ULONG wrappedLen = 0UL; + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); CPPUNIT_ASSERT(rv == CKR_OK); wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen); CPPUNIT_ASSERT(wrappedPtr != NULL_PTR); - rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen) ); + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); CPPUNIT_ASSERT(rv == CKR_OK); - rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hRsa) ); + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); CPPUNIT_ASSERT(rv == CKR_OK); - CK_ATTRIBUTE nRsaAttribs[] = { + CK_ATTRIBUTE nPrkAttribs[] = { { CKA_CLASS, &privateClass, sizeof(privateClass) }, - { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_TOKEN, &bFalse, sizeof(bFalse) }, { CKA_PRIVATE, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, @@ -512,28 +566,114 @@ void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_ { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) } }; - hRsa = CK_INVALID_HANDLE; - rv = CRYPTOKI_F_PTR( C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nRsaAttribs, sizeof(nRsaAttribs)/sizeof(CK_ATTRIBUTE), &hRsa) ); + hPrk = CK_INVALID_HANDLE; + rv = CRYPTOKI_F_PTR( C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nPrkAttribs, sizeof(nPrkAttribs)/sizeof(CK_ATTRIBUTE), &hPrk) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); - rsaAttribs[2].pValue = p2Ptr + p2Len; - rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE)) ); + prkAttribs[2].pValue = prkAttrPtr + prkAttrLen; + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); - CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY); - CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); - CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA); - CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len); - CPPUNIT_ASSERT(memcmp(p2Ptr, p2Ptr + p2Len, p2Len) == 0); + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_RSA); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); + CPPUNIT_ASSERT(memcmp(prkAttrPtr, prkAttrPtr + prkAttrLen, prkAttrLen) == 0); free(wrappedPtr); - free(p2Ptr); - rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hRsa) ); + free(prkAttrPtr); + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); CPPUNIT_ASSERT(rv == CKR_OK); } +#ifdef WITH_GOST +void SymmetricAlgorithmTests::aesWrapUnwrapGost(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) +{ + CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; + CK_BBOOL bFalse = CK_FALSE; + CK_BBOOL bTrue = CK_TRUE; + CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE; + CK_RV rv = generateGostPrivateKey(hSession, CK_TRUE, CK_TRUE, hPrk); + CPPUNIT_ASSERT(rv == CKR_OK); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); + + CK_OBJECT_CLASS privateClass = CKO_PRIVATE_KEY; + CK_KEY_TYPE keyType = CKK_GOSTR3410; + CK_BYTE_PTR prkAttrPtr = NULL_PTR; + CK_ULONG prkAttrLen = 0UL; + CK_ATTRIBUTE prkAttribs[] = { + { CKA_CLASS, &privateClass, sizeof(privateClass) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, + { CKA_VALUE, NULL_PTR, 0UL } + }; + + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_GOSTR3410); + + prkAttrLen = prkAttribs[2].ulValueLen; + prkAttrPtr = (CK_BYTE_PTR) malloc(2 * prkAttrLen); + CPPUNIT_ASSERT(prkAttrPtr != NULL_PTR); + prkAttribs[2].pValue = prkAttrPtr; + prkAttribs[2].ulValueLen = prkAttrLen; + + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); + CPPUNIT_ASSERT(rv == CKR_OK); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); + + CK_BYTE_PTR wrappedPtr = NULL_PTR; + CK_ULONG wrappedLen = 0UL; + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); + CPPUNIT_ASSERT(rv == CKR_OK); + wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen); + CPPUNIT_ASSERT(wrappedPtr != NULL_PTR); + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + CK_ATTRIBUTE nPrkAttribs[] = { + { CKA_CLASS, &privateClass, sizeof(privateClass) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, + { CKA_TOKEN, &bFalse, sizeof(bFalse) }, + { CKA_PRIVATE, &bTrue, sizeof(bTrue) }, + { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, + { CKA_SIGN, &bFalse,sizeof(bFalse) }, + { CKA_UNWRAP, &bTrue, sizeof(bTrue) }, + { CKA_SENSITIVE, &bFalse, sizeof(bFalse) }, + { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) } + }; + + hPrk = CK_INVALID_HANDLE; + rv = CRYPTOKI_F_PTR( C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nPrkAttribs, sizeof(nPrkAttribs)/sizeof(CK_ATTRIBUTE), &hPrk) ); + CPPUNIT_ASSERT(rv == CKR_OK); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); + + prkAttribs[2].pValue = prkAttrPtr + prkAttrLen; + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_GOSTR3410); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); + CPPUNIT_ASSERT(memcmp(prkAttrPtr, prkAttrPtr + prkAttrLen, prkAttrLen) == 0); + + free(wrappedPtr); + free(prkAttrPtr); + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); + CPPUNIT_ASSERT(rv == CKR_OK); +} +#endif + void SymmetricAlgorithmTests::testAesEncryptDecrypt() { CK_RV rv; @@ -620,9 +760,18 @@ void SymmetricAlgorithmTests::testAesWrapUnwrap() rv = generateAesKey(hSession,IN_SESSION,IS_PUBLIC,hKey); CPPUNIT_ASSERT(rv == CKR_OK); - aesWrapUnwrap(CKM_AES_KEY_WRAP, hSession, hKey); + aesWrapUnwrapGeneric(CKM_AES_KEY_WRAP, hSession, hKey); + aesWrapUnwrapRsa(CKM_AES_KEY_WRAP, hSession, hKey); +#ifdef WITH_GOST + aesWrapUnwrapGost(CKM_AES_KEY_WRAP, hSession, hKey); +#endif + #ifdef HAVE_AES_KEY_WRAP_PAD - aesWrapUnwrap(CKM_AES_KEY_WRAP_PAD, hSession, hKey); + aesWrapUnwrapGeneric(CKM_AES_KEY_WRAP_PAD, hSession, hKey); + aesWrapUnwrapRsa(CKM_AES_KEY_WRAP_PAD, hSession, hKey); +#ifdef WITH_GOST + aesWrapUnwrapGost(CKM_AES_KEY_WRAP_PAD, hSession, hKey); +#endif #endif } diff --git a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h index 9b96ae1..76191d9 100644 --- a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h +++ b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h @@ -73,8 +73,13 @@ protected: CK_OBJECT_HANDLE hKey, size_t messageSize, bool isSizeOK=true); - void aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + void aesWrapUnwrapGeneric(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + void aesWrapUnwrapRsa(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); CK_RV generateRsaPrivateKey(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey); +#ifdef WITH_GOST + void aesWrapUnwrapGost(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + CK_RV generateGostPrivateKey(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey); +#endif }; #endif // !_SOFTHSM_V2_SYMENCRYPTDECRYPTTESTS_H diff --git a/SoftHSMv2/src/lib/win32/dllmain.cc b/SoftHSMv2/src/lib/win32/dllmain.cc deleted file mode 100644 index 359227d..0000000 --- a/SoftHSMv2/src/lib/win32/dllmain.cc +++ /dev/null @@ -1,18 +0,0 @@ -#include <windows.h> - -__declspec(dllexport) BOOL WINAPI -DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpvReserved) -{ - hModule = hModule; - lpvReserved = lpvReserved; - - switch (ul_reason_for_call) { - case DLL_PROCESS_ATTACH: - case DLL_THREAD_ATTACH: - case DLL_THREAD_DETACH: - case DLL_PROCESS_DETACH: - default: - break; - } - return (TRUE); -} diff --git a/SoftHSMv2/src/lib/win32/setenv.cpp b/SoftHSMv2/src/lib/win32/setenv.cpp deleted file mode 100644 index da41a62..0000000 --- a/SoftHSMv2/src/lib/win32/setenv.cpp +++ /dev/null @@ -1,20 +0,0 @@ -#include <config.h> -#include <stdlib.h> -#include <string> - -#ifdef _WIN32 - -int -setenv(const char *name, const char *value, int overwrite) -{ - std::string vv = name; - vv += "="; - vv += value; - - if (overwrite != 1) - return false; - - return _putenv(vv.c_str()) == 0; -} - -#endif diff --git a/SoftHSMv2/src/lib/win32/setenv.h b/SoftHSMv2/src/lib/win32/setenv.h deleted file mode 100644 index e199227..0000000 --- a/SoftHSMv2/src/lib/win32/setenv.h +++ /dev/null @@ -1,12 +0,0 @@ -#include <config.h> - -#ifdef _WIN32 - -#ifndef _SETENV_H -#define _SETENV_H - -int setenv(const char *name, const char *value, int overwrite); - -#endif - -#endif
\ No newline at end of file diff --git a/SoftHSMv2/src/lib/win32/syslog.cpp b/SoftHSMv2/src/lib/win32/syslog.cpp deleted file mode 100644 index 927592e..0000000 --- a/SoftHSMv2/src/lib/win32/syslog.cpp +++ /dev/null @@ -1,69 +0,0 @@ -#include <config.h> - -#include <stdio.h> -#include <stdarg.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> - -#ifdef _WIN32 - -static HANDLE hEventLog = NULL; - -/* - * Close the Handle to the application Event Log - */ -void -closelog() { - DeregisterEventSource(hEventLog); -} - -/* - * Initialize event logging - */ -void -openlog(const char *ident, int logopt, int facility) { - /* Get a handle to the Application event log */ - hEventLog = RegisterEventSourceA(NULL, ident); -} - -/* - * Log to the NT Event Log - */ -void -syslog(int priority, const char *message, ...) { - va_list ap; - char buf[1024]; - LPCSTR str[1]; - - str[0] = buf; - - va_start(ap, message); - vsprintf(buf, message, ap); - va_end(ap); - - /* Make sure that the channel is open to write the event */ - if (hEventLog == NULL) { - openlog("SoftHSM", 0, 0); - } - if (hEventLog != NULL) { - switch (priority) { - case LOG_INFO: - case LOG_NOTICE: - case LOG_DEBUG: - ReportEventA(hEventLog, EVENTLOG_INFORMATION_TYPE, 0, - 0x40000003, NULL, 1, 0, str, NULL); - break; - case LOG_WARNING: - ReportEventA(hEventLog, EVENTLOG_WARNING_TYPE, 0, - 0x80000002, NULL, 1, 0, str, NULL); - break; - default: - ReportEventA(hEventLog, EVENTLOG_ERROR_TYPE, 0, - 0xc0000001, NULL, 1, 0, str, NULL); - break; - } - } -} - -#endif diff --git a/SoftHSMv2/src/lib/win32/syslog.h b/SoftHSMv2/src/lib/win32/syslog.h deleted file mode 100644 index 1ed207c..0000000 --- a/SoftHSMv2/src/lib/win32/syslog.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef _SYSLOG_H -#define _SYSLOG_H - -#include <stdio.h> - -/* priorities */ -#define LOG_EMERG 0 /* system is unusable */ -#define LOG_ALERT 1 /* action must be taken immediately */ -#define LOG_CRIT 2 /* critical conditions */ -#define LOG_ERR 3 /* error conditions */ -#define LOG_WARNING 4 /* warning conditions */ -#define LOG_NOTICE 5 /* normal but signification condition */ -#define LOG_INFO 6 /* informational */ -#define LOG_DEBUG 7 /* debug-level messages */ - -/* NT event log does not support facility level */ -#define LOG_KERN 0 -#define LOG_USER 0 -#define LOG_MAIL 0 -#define LOG_DAEMON 0 -#define LOG_AUTH 0 -#define LOG_SYSLOG 0 -#define LOG_LPR 0 -#define LOG_LOCAL0 0 -#define LOG_LOCAL1 0 -#define LOG_LOCAL2 0 -#define LOG_LOCAL3 0 -#define LOG_LOCAL4 0 -#define LOG_LOCAL5 0 -#define LOG_LOCAL6 0 -#define LOG_LOCAL7 0 - -/* Constant definitions for openlog() */ -#define LOG_PID 1 -#define LOG_CONS 2 - -void -closelog(void); - -void -openlog(const char *ident, int logopt, int facility); - -void -syslog(int priority, const char *message, ...); - -#endif |