From da00ff6db5e68773996ec79d711c45fb3444c580 Mon Sep 17 00:00:00 2001 From: NingSun Date: Wed, 14 Mar 2018 16:35:31 -0700 Subject: Remove win32 support in SoftHSMv2 Due to license issue, we have to remove win32 support in SoftHSMv2. Issue-ID: AAF-151 Change-Id: I31dda45ed84065819e26be8205747dd096a37432 Signed-off-by: NingSun --- SoftHSMv2/src/lib/Makefile.am | 5 +- SoftHSMv2/src/lib/SoftHSM.cpp | 59 ++++++ SoftHSMv2/src/lib/SoftHSM.h | 1 + SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp | 93 +++++++- SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp | 30 ++- SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp | 34 +++ SoftHSMv2/src/lib/crypto/test/GOSTTests.h | 2 + SoftHSMv2/src/lib/test/Makefile.am | 2 - SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp | 233 +++++++++++++++++---- SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h | 7 +- SoftHSMv2/src/lib/win32/dllmain.cc | 18 -- SoftHSMv2/src/lib/win32/setenv.cpp | 20 -- SoftHSMv2/src/lib/win32/setenv.h | 12 -- SoftHSMv2/src/lib/win32/syslog.cpp | 69 ------ SoftHSMv2/src/lib/win32/syslog.h | 46 ---- 15 files changed, 410 insertions(+), 221 deletions(-) delete mode 100644 SoftHSMv2/src/lib/win32/dllmain.cc delete mode 100644 SoftHSMv2/src/lib/win32/setenv.cpp delete mode 100644 SoftHSMv2/src/lib/win32/setenv.h delete mode 100644 SoftHSMv2/src/lib/win32/syslog.cpp delete mode 100644 SoftHSMv2/src/lib/win32/syslog.h (limited to 'SoftHSMv2/src/lib') diff --git a/SoftHSMv2/src/lib/Makefile.am b/SoftHSMv2/src/lib/Makefile.am index f3f5bb4..c579d62 100644 --- a/SoftHSMv2/src/lib/Makefile.am +++ b/SoftHSMv2/src/lib/Makefile.am @@ -46,7 +46,4 @@ SUBDIRS = common \ test EXTRA_DIST = $(srcdir)/*.h \ - $(srcdir)/pkcs11/*.h \ - $(srcdir)/win32/*.cc \ - $(srcdir)/win32/*.cpp \ - $(srcdir)/win32/*.h + $(srcdir)/pkcs11/*.h diff --git a/SoftHSMv2/src/lib/SoftHSM.cpp b/SoftHSMv2/src/lib/SoftHSM.cpp index b06efc2..7a23a8a 100644 --- a/SoftHSMv2/src/lib/SoftHSM.cpp +++ b/SoftHSMv2/src/lib/SoftHSM.cpp @@ -6130,6 +6130,11 @@ CK_RV SoftHSM::C_WrapKey // can be ecdh too but it doesn't matter alg = AsymAlgo::ECDSA; break; +#endif +#ifdef WITH_GOST + case CKK_GOSTR3410: + alg = AsymAlgo::GOST; + break; #endif default: return CKR_KEY_NOT_WRAPPABLE; @@ -6159,6 +6164,11 @@ CK_RV SoftHSM::C_WrapKey case CKK_EC: rv = getECPrivateKey((ECPrivateKey*)privateKey, token, key); break; +#endif +#ifdef WITH_GOST + case CKK_GOSTR3410: + rv = getGOSTPrivateKey((GOSTPrivateKey*)privateKey, token, key); + break; #endif } if (rv != CKR_OK) @@ -6568,10 +6578,18 @@ CK_RV SoftHSM::C_UnwrapKey { bOK = bOK && setDHPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE); } +#ifdef WITH_ECC else if (keyType == CKK_EC) { bOK = bOK && setECPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE); } +#endif +#ifdef WITH_GOST + else if (keyType == CKK_GOSTR3410) + { + bOK = bOK && setGOSTPrivateKey(osobject, keydata, token, isPrivate != CK_FALSE); + } +#endif else bOK = false; @@ -11083,6 +11101,7 @@ bool SoftHSM::setDHPrivateKey(OSObject* key, const ByteString &ber, Token* token return bOK; } + bool SoftHSM::setECPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const { AsymmetricAlgorithm* ecc = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::ECDSA); @@ -11123,6 +11142,46 @@ bool SoftHSM::setECPrivateKey(OSObject* key, const ByteString &ber, Token* token return bOK; } +bool SoftHSM::setGOSTPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const +{ + AsymmetricAlgorithm* gost = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::GOST); + if (gost == NULL) + return false; + PrivateKey* priv = gost->newPrivateKey(); + if (priv == NULL) + { + CryptoFactory::i()->recycleAsymmetricAlgorithm(gost); + return false; + } + if (!priv->PKCS8Decode(ber)) + { + gost->recyclePrivateKey(priv); + CryptoFactory::i()->recycleAsymmetricAlgorithm(gost); + return false; + } + // GOST Private Key Attributes + ByteString value; + ByteString param_a; + if (isPrivate) + { + token->encrypt(((GOSTPrivateKey*)priv)->getD(), value); + token->encrypt(((GOSTPrivateKey*)priv)->getEC(), param_a); + } + else + { + value = ((GOSTPrivateKey*)priv)->getD(); + param_a = ((GOSTPrivateKey*)priv)->getEC(); + } + bool bOK = true; + bOK = bOK && key->setAttribute(CKA_VALUE, value); + bOK = bOK && key->setAttribute(CKA_GOSTR3410_PARAMS, param_a); + + gost->recyclePrivateKey(priv); + CryptoFactory::i()->recycleAsymmetricAlgorithm(gost); + + return bOK; +} + CK_RV SoftHSM::MechParamCheckRSAPKCSOAEP(CK_MECHANISM_PTR pMechanism) { // This is a programming error diff --git a/SoftHSMv2/src/lib/SoftHSM.h b/SoftHSMv2/src/lib/SoftHSM.h index 19909e4..70d497a 100644 --- a/SoftHSMv2/src/lib/SoftHSM.h +++ b/SoftHSMv2/src/lib/SoftHSM.h @@ -391,6 +391,7 @@ private: bool setDSAPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; bool setDHPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; bool setECPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; + bool setGOSTPrivateKey(OSObject* key, const ByteString &ber, Token* token, bool isPrivate) const; CK_RV WrapKeyAsym diff --git a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp index 890f135..e5bb3b4 100644 --- a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp +++ b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp @@ -38,6 +38,12 @@ #include "BotanRNG.h" #include "BotanUtil.h" #include +#include +#include +#include +#include +#include +#include // Constructors BotanGOSTPrivateKey::BotanGOSTPrivateKey() @@ -151,14 +157,93 @@ bool BotanGOSTPrivateKey::deserialise(ByteString& serialised) ByteString BotanGOSTPrivateKey::PKCS8Encode() { ByteString der; - // TODO - return der; + createBotanKey(); + if (eckey == NULL) return der; + // Force EC_DOMPAR_ENC_OID + const size_t PKCS8_VERSION = 0; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) + const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::secure_vector ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->private_key_bits(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::secure_vector ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#else + const Botan::MemoryVector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); + const Botan::SecureVector ber = + Botan::DER_Encoder() + .start_cons(Botan::SEQUENCE) + .encode(PKCS8_VERSION) + .encode(alg_id) + .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) + .end_cons() + .get_contents(); +#endif + der.resize(ber.size()); + memcpy(&der[0], &ber[0], ber.size()); + return der; } // Decode from PKCS#8 BER -bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/) +bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& ber) { - return false; + Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); + if (source.end_of_data()) return false; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + Botan::secure_vector keydata; +#else + Botan::SecureVector keydata; +#endif + Botan::AlgorithmIdentifier alg_id; + Botan::GOST_3410_PrivateKey* key = NULL; + try + { + Botan::BER_Decoder(source) + .start_cons(Botan::SEQUENCE) + .decode_and_check(0, "Unknown PKCS #8 version number") + .decode(alg_id) + .decode(keydata, Botan::OCTET_STRING) + .discard_remaining() + .end_cons(); + if (keydata.empty()) + throw Botan::Decoding_Error("PKCS #8 private key decoding failed"); + if (Botan::OIDS::lookup(alg_id.oid).compare("GOST-34.10")) + { + ERROR_MSG("Decoded private key not GOST-34.10"); + + return false; + } + key = new Botan::GOST_3410_PrivateKey(alg_id, keydata); + if (key == NULL) return false; + + setFromBotan(key); + + delete key; + } + catch (std::exception& e) + { + ERROR_MSG("Decode failed on %s", e.what()); + + return false; + } + + return true; } // Retrieve the Botan representation of the key diff --git a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp index 6371e8f..a68b720 100644 --- a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp +++ b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp @@ -36,6 +36,7 @@ #include "OSSLGOSTPrivateKey.h" #include "OSSLUtil.h" #include +#include #include // DER of a private key @@ -172,13 +173,36 @@ bool OSSLGOSTPrivateKey::deserialise(ByteString& serialised) ByteString OSSLGOSTPrivateKey::PKCS8Encode() { ByteString der; - // TODO + if (pkey == NULL) return der; + PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey); + if (p8inf == NULL) return der; + int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL); + if (len < 0) + { + PKCS8_PRIV_KEY_INFO_free(p8inf); + return der; + } + der.resize(len); + unsigned char* priv = &der[0]; + int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv); + PKCS8_PRIV_KEY_INFO_free(p8inf); + if (len2 != len) der.wipe(); return der; } // Decode from PKCS#8 BER -bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/) +bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& ber) { - return false; + int len = ber.size(); + if (len <= 0) return false; + const unsigned char* priv = ber.const_byte_str(); + PKCS8_PRIV_KEY_INFO* p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &priv, len); + if (p8 == NULL) return false; + EVP_PKEY* key = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (key == NULL) return false; + setFromOSSL(key); + EVP_PKEY_free(key); + return true; } #endif diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp index 91f6876..50d42e0 100644 --- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp +++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp @@ -264,6 +264,40 @@ void GOSTTests::testSerialisation() gost->recycleKeyPair(dKP); } +void GOSTTests::testPKCS8() +{ + AsymmetricKeyPair* kp; + ECParameters *p; + ByteString curve = "06072a850302022301"; + + // Get parameters + p = new ECParameters; + CPPUNIT_ASSERT(p != NULL); + p->setEC(curve); + + // Generate key-pair + CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p)); + CPPUNIT_ASSERT(kp != NULL); + + GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey(); + CPPUNIT_ASSERT(priv != NULL); + + // Encode and decode the private key + ByteString pkcs8 = priv->PKCS8Encode(); + CPPUNIT_ASSERT(pkcs8.size() != 0); + + GOSTPrivateKey* dPriv = (GOSTPrivateKey*) gost->newPrivateKey(); + CPPUNIT_ASSERT(dPriv != NULL); + + CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8)); + + CPPUNIT_ASSERT(priv->getD() == dPriv->getD()); + CPPUNIT_ASSERT(priv->getEC() == dPriv->getEC()); + + gost->recycleKeyPair(kp); + gost->recyclePrivateKey(dPriv); +} + void GOSTTests::testSigningVerifying() { AsymmetricKeyPair* kp; diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h index f243392..ac6bf01 100644 --- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h +++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h @@ -47,6 +47,7 @@ class GOSTTests : public CppUnit::TestFixture CPPUNIT_TEST(testHashKnownVector); CPPUNIT_TEST(testKeyGeneration); CPPUNIT_TEST(testSerialisation); + CPPUNIT_TEST(testPKCS8); CPPUNIT_TEST(testSigningVerifying); CPPUNIT_TEST(testSignVerifyKnownVector); CPPUNIT_TEST_SUITE_END(); @@ -57,6 +58,7 @@ public: void testHashKnownVector(); void testKeyGeneration(); void testSerialisation(); + void testPKCS8(); void testSigningVerifying(); void testSignVerifyKnownVector(); diff --git a/SoftHSMv2/src/lib/test/Makefile.am b/SoftHSMv2/src/lib/test/Makefile.am index 4345878..3723399 100644 --- a/SoftHSMv2/src/lib/test/Makefile.am +++ b/SoftHSMv2/src/lib/test/Makefile.am @@ -35,6 +35,4 @@ p11test_LDFLAGS = @CRYPTO_LIBS@ @CPPUNIT_LIBS@ -no-install -pthread -static TESTS = p11test EXTRA_DIST = $(srcdir)/*.h \ - $(srcdir)/softhsm2-alt.conf.win32 \ - $(srcdir)/softhsm2.conf.win32 \ $(srcdir)/tokens/dummy.in diff --git a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp index f301c73..bbc340c 100644 --- a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp +++ b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp @@ -370,7 +370,54 @@ CK_RV SymmetricAlgorithmTests::generateRsaPrivateKey(CK_SESSION_HANDLE hSession, return rv; } -void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) +#ifdef WITH_GOST +CK_RV SymmetricAlgorithmTests::generateGostPrivateKey(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey) +{ + CK_MECHANISM mechanism = { CKM_GOSTR3410_KEY_PAIR_GEN, NULL_PTR, 0 }; + CK_BYTE param_a[] = { 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01 }; + CK_BYTE param_b[] = { 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x01 }; + CK_BYTE subject[] = { 0x12, 0x34 }; // dummy + CK_BYTE id[] = { 123 } ; // dummy + CK_BBOOL bFalse = CK_FALSE; + CK_BBOOL bTrue = CK_TRUE; + CK_ATTRIBUTE pubAttribs[] = { + { CKA_TOKEN, &bToken, sizeof(bToken) }, + { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) }, + { CKA_ENCRYPT, &bFalse, sizeof(bFalse) }, + { CKA_VERIFY, &bTrue, sizeof(bTrue) }, + { CKA_WRAP, &bFalse, sizeof(bFalse) }, + { CKA_GOSTR3410_PARAMS, ¶m_a[0], sizeof(param_a) }, + { CKA_GOSTR3411_PARAMS, ¶m_b[0], sizeof(param_b) } + }; + CK_ATTRIBUTE privAttribs[] = { + { CKA_TOKEN, &bToken, sizeof(bToken) }, + { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) }, + { CKA_SUBJECT, &subject[0], sizeof(subject) }, + { CKA_ID, &id[0], sizeof(id) }, + { CKA_SENSITIVE, &bTrue, sizeof(bTrue) }, + { CKA_DECRYPT, &bFalse, sizeof(bFalse) }, + { CKA_SIGN, &bTrue, sizeof(bTrue) }, + { CKA_UNWRAP, &bFalse, sizeof(bFalse) }, + { CKA_SENSITIVE, &bFalse, sizeof(bFalse) }, + { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) } + }; + + CK_OBJECT_HANDLE hPub = CK_INVALID_HANDLE; + hKey = CK_INVALID_HANDLE; + CK_RV rv; + rv = CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, + pubAttribs, sizeof(pubAttribs)/sizeof(CK_ATTRIBUTE), + privAttribs, sizeof(privAttribs)/sizeof(CK_ATTRIBUTE), + &hPub, &hKey) ); + if (hPub != CK_INVALID_HANDLE) + { + CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPub) ); + } + return rv; +} +#endif + +void SymmetricAlgorithmTests::aesWrapUnwrapGeneric(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) { CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; CK_BBOOL bFalse = CK_FALSE; @@ -455,54 +502,61 @@ void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_ wrappedPtr = NULL_PTR; rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hSecret) ); CPPUNIT_ASSERT(rv == CKR_OK); +} - CK_OBJECT_HANDLE hRsa; - hRsa = CK_INVALID_HANDLE; - rv = generateRsaPrivateKey(hSession, CK_TRUE, CK_TRUE, hRsa); +void SymmetricAlgorithmTests::aesWrapUnwrapRsa(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) +{ + CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; + CK_BBOOL bFalse = CK_FALSE; + CK_BBOOL bTrue = CK_TRUE; + CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE; + CK_RV rv = generateRsaPrivateKey(hSession, CK_TRUE, CK_TRUE, hPrk); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); CK_OBJECT_CLASS privateClass = CKO_PRIVATE_KEY; - CK_KEY_TYPE rsaKeyType = CKK_RSA; - CK_BYTE_PTR p2Ptr = NULL_PTR; - CK_ULONG p2Len = 0UL; - CK_ATTRIBUTE rsaAttribs[] = { + CK_KEY_TYPE keyType = CKK_RSA; + CK_BYTE_PTR prkAttrPtr = NULL_PTR; + CK_ULONG prkAttrLen = 0UL; + CK_ATTRIBUTE prkAttribs[] = { { CKA_CLASS, &privateClass, sizeof(privateClass) }, - { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_PRIME_2, NULL_PTR, 0UL } }; - rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE)) ); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); - CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY); - CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); - CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA); + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_RSA); - p2Len = rsaAttribs[2].ulValueLen; - p2Ptr = (CK_BYTE_PTR) malloc(2 * p2Len); - CPPUNIT_ASSERT(p2Ptr != NULL_PTR); - rsaAttribs[2].pValue = p2Ptr; - rsaAttribs[2].ulValueLen = p2Len; + prkAttrLen = prkAttribs[2].ulValueLen; + prkAttrPtr = (CK_BYTE_PTR) malloc(2 * prkAttrLen); + CPPUNIT_ASSERT(prkAttrPtr != NULL_PTR); + prkAttribs[2].pValue = prkAttrPtr; + prkAttribs[2].ulValueLen = prkAttrLen; - rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE)) ); + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); - rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen) ); + CK_BYTE_PTR wrappedPtr = NULL_PTR; + CK_ULONG wrappedLen = 0UL; + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); CPPUNIT_ASSERT(rv == CKR_OK); wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen); CPPUNIT_ASSERT(wrappedPtr != NULL_PTR); - rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hRsa, wrappedPtr, &wrappedLen) ); + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); CPPUNIT_ASSERT(rv == CKR_OK); - rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hRsa) ); + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); CPPUNIT_ASSERT(rv == CKR_OK); - CK_ATTRIBUTE nRsaAttribs[] = { + CK_ATTRIBUTE nPrkAttribs[] = { { CKA_CLASS, &privateClass, sizeof(privateClass) }, - { CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_TOKEN, &bFalse, sizeof(bFalse) }, { CKA_PRIVATE, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, @@ -512,28 +566,114 @@ void SymmetricAlgorithmTests::aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_ { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) } }; - hRsa = CK_INVALID_HANDLE; - rv = CRYPTOKI_F_PTR( C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nRsaAttribs, sizeof(nRsaAttribs)/sizeof(CK_ATTRIBUTE), &hRsa) ); + hPrk = CK_INVALID_HANDLE; + rv = CRYPTOKI_F_PTR( C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nPrkAttribs, sizeof(nPrkAttribs)/sizeof(CK_ATTRIBUTE), &hPrk) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(hRsa != CK_INVALID_HANDLE); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); - rsaAttribs[2].pValue = p2Ptr + p2Len; - rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hRsa, rsaAttribs, sizeof(rsaAttribs)/sizeof(CK_ATTRIBUTE)) ); + prkAttribs[2].pValue = prkAttrPtr + prkAttrLen; + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(rsaAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); - CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)rsaAttribs[0].pValue == CKO_PRIVATE_KEY); - CPPUNIT_ASSERT(rsaAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); - CPPUNIT_ASSERT(*(CK_KEY_TYPE*)rsaAttribs[1].pValue == CKK_RSA); - CPPUNIT_ASSERT(rsaAttribs[2].ulValueLen == p2Len); - CPPUNIT_ASSERT(memcmp(p2Ptr, p2Ptr + p2Len, p2Len) == 0); + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_RSA); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); + CPPUNIT_ASSERT(memcmp(prkAttrPtr, prkAttrPtr + prkAttrLen, prkAttrLen) == 0); free(wrappedPtr); - free(p2Ptr); - rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hRsa) ); + free(prkAttrPtr); + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); CPPUNIT_ASSERT(rv == CKR_OK); } +#ifdef WITH_GOST +void SymmetricAlgorithmTests::aesWrapUnwrapGost(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) +{ + CK_MECHANISM mechanism = { mechanismType, NULL_PTR, 0 }; + CK_BBOOL bFalse = CK_FALSE; + CK_BBOOL bTrue = CK_TRUE; + CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE; + CK_RV rv = generateGostPrivateKey(hSession, CK_TRUE, CK_TRUE, hPrk); + CPPUNIT_ASSERT(rv == CKR_OK); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); + + CK_OBJECT_CLASS privateClass = CKO_PRIVATE_KEY; + CK_KEY_TYPE keyType = CKK_GOSTR3410; + CK_BYTE_PTR prkAttrPtr = NULL_PTR; + CK_ULONG prkAttrLen = 0UL; + CK_ATTRIBUTE prkAttribs[] = { + { CKA_CLASS, &privateClass, sizeof(privateClass) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, + { CKA_VALUE, NULL_PTR, 0UL } + }; + + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_GOSTR3410); + + prkAttrLen = prkAttribs[2].ulValueLen; + prkAttrPtr = (CK_BYTE_PTR) malloc(2 * prkAttrLen); + CPPUNIT_ASSERT(prkAttrPtr != NULL_PTR); + prkAttribs[2].pValue = prkAttrPtr; + prkAttribs[2].ulValueLen = prkAttrLen; + + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); + CPPUNIT_ASSERT(rv == CKR_OK); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); + + CK_BYTE_PTR wrappedPtr = NULL_PTR; + CK_ULONG wrappedLen = 0UL; + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); + CPPUNIT_ASSERT(rv == CKR_OK); + wrappedPtr = (CK_BYTE_PTR) malloc(wrappedLen); + CPPUNIT_ASSERT(wrappedPtr != NULL_PTR); + rv = CRYPTOKI_F_PTR( C_WrapKey(hSession, &mechanism, hKey, hPrk, wrappedPtr, &wrappedLen) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + CK_ATTRIBUTE nPrkAttribs[] = { + { CKA_CLASS, &privateClass, sizeof(privateClass) }, + { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, + { CKA_TOKEN, &bFalse, sizeof(bFalse) }, + { CKA_PRIVATE, &bTrue, sizeof(bTrue) }, + { CKA_DECRYPT, &bTrue, sizeof(bTrue) }, + { CKA_SIGN, &bFalse,sizeof(bFalse) }, + { CKA_UNWRAP, &bTrue, sizeof(bTrue) }, + { CKA_SENSITIVE, &bFalse, sizeof(bFalse) }, + { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) } + }; + + hPrk = CK_INVALID_HANDLE; + rv = CRYPTOKI_F_PTR( C_UnwrapKey(hSession, &mechanism, hKey, wrappedPtr, wrappedLen, nPrkAttribs, sizeof(nPrkAttribs)/sizeof(CK_ATTRIBUTE), &hPrk) ); + CPPUNIT_ASSERT(rv == CKR_OK); + CPPUNIT_ASSERT(hPrk != CK_INVALID_HANDLE); + + prkAttribs[2].pValue = prkAttrPtr + prkAttrLen; + rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE)) ); + CPPUNIT_ASSERT(rv == CKR_OK); + + CPPUNIT_ASSERT(prkAttribs[0].ulValueLen == sizeof(CK_OBJECT_CLASS)); + CPPUNIT_ASSERT(*(CK_OBJECT_CLASS*)prkAttribs[0].pValue == CKO_PRIVATE_KEY); + CPPUNIT_ASSERT(prkAttribs[1].ulValueLen == sizeof(CK_KEY_TYPE)); + CPPUNIT_ASSERT(*(CK_KEY_TYPE*)prkAttribs[1].pValue == CKK_GOSTR3410); + CPPUNIT_ASSERT(prkAttribs[2].ulValueLen == prkAttrLen); + CPPUNIT_ASSERT(memcmp(prkAttrPtr, prkAttrPtr + prkAttrLen, prkAttrLen) == 0); + + free(wrappedPtr); + free(prkAttrPtr); + rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hPrk) ); + CPPUNIT_ASSERT(rv == CKR_OK); +} +#endif + void SymmetricAlgorithmTests::testAesEncryptDecrypt() { CK_RV rv; @@ -620,9 +760,18 @@ void SymmetricAlgorithmTests::testAesWrapUnwrap() rv = generateAesKey(hSession,IN_SESSION,IS_PUBLIC,hKey); CPPUNIT_ASSERT(rv == CKR_OK); - aesWrapUnwrap(CKM_AES_KEY_WRAP, hSession, hKey); + aesWrapUnwrapGeneric(CKM_AES_KEY_WRAP, hSession, hKey); + aesWrapUnwrapRsa(CKM_AES_KEY_WRAP, hSession, hKey); +#ifdef WITH_GOST + aesWrapUnwrapGost(CKM_AES_KEY_WRAP, hSession, hKey); +#endif + #ifdef HAVE_AES_KEY_WRAP_PAD - aesWrapUnwrap(CKM_AES_KEY_WRAP_PAD, hSession, hKey); + aesWrapUnwrapGeneric(CKM_AES_KEY_WRAP_PAD, hSession, hKey); + aesWrapUnwrapRsa(CKM_AES_KEY_WRAP_PAD, hSession, hKey); +#ifdef WITH_GOST + aesWrapUnwrapGost(CKM_AES_KEY_WRAP_PAD, hSession, hKey); +#endif #endif } diff --git a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h index 9b96ae1..76191d9 100644 --- a/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h +++ b/SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h @@ -73,8 +73,13 @@ protected: CK_OBJECT_HANDLE hKey, size_t messageSize, bool isSizeOK=true); - void aesWrapUnwrap(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + void aesWrapUnwrapGeneric(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + void aesWrapUnwrapRsa(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); CK_RV generateRsaPrivateKey(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey); +#ifdef WITH_GOST + void aesWrapUnwrapGost(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + CK_RV generateGostPrivateKey(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hKey); +#endif }; #endif // !_SOFTHSM_V2_SYMENCRYPTDECRYPTTESTS_H diff --git a/SoftHSMv2/src/lib/win32/dllmain.cc b/SoftHSMv2/src/lib/win32/dllmain.cc deleted file mode 100644 index 359227d..0000000 --- a/SoftHSMv2/src/lib/win32/dllmain.cc +++ /dev/null @@ -1,18 +0,0 @@ -#include - -__declspec(dllexport) BOOL WINAPI -DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpvReserved) -{ - hModule = hModule; - lpvReserved = lpvReserved; - - switch (ul_reason_for_call) { - case DLL_PROCESS_ATTACH: - case DLL_THREAD_ATTACH: - case DLL_THREAD_DETACH: - case DLL_PROCESS_DETACH: - default: - break; - } - return (TRUE); -} diff --git a/SoftHSMv2/src/lib/win32/setenv.cpp b/SoftHSMv2/src/lib/win32/setenv.cpp deleted file mode 100644 index da41a62..0000000 --- a/SoftHSMv2/src/lib/win32/setenv.cpp +++ /dev/null @@ -1,20 +0,0 @@ -#include -#include -#include - -#ifdef _WIN32 - -int -setenv(const char *name, const char *value, int overwrite) -{ - std::string vv = name; - vv += "="; - vv += value; - - if (overwrite != 1) - return false; - - return _putenv(vv.c_str()) == 0; -} - -#endif diff --git a/SoftHSMv2/src/lib/win32/setenv.h b/SoftHSMv2/src/lib/win32/setenv.h deleted file mode 100644 index e199227..0000000 --- a/SoftHSMv2/src/lib/win32/setenv.h +++ /dev/null @@ -1,12 +0,0 @@ -#include - -#ifdef _WIN32 - -#ifndef _SETENV_H -#define _SETENV_H - -int setenv(const char *name, const char *value, int overwrite); - -#endif - -#endif \ No newline at end of file diff --git a/SoftHSMv2/src/lib/win32/syslog.cpp b/SoftHSMv2/src/lib/win32/syslog.cpp deleted file mode 100644 index 927592e..0000000 --- a/SoftHSMv2/src/lib/win32/syslog.cpp +++ /dev/null @@ -1,69 +0,0 @@ -#include - -#include -#include -#include -#include -#include - -#ifdef _WIN32 - -static HANDLE hEventLog = NULL; - -/* - * Close the Handle to the application Event Log - */ -void -closelog() { - DeregisterEventSource(hEventLog); -} - -/* - * Initialize event logging - */ -void -openlog(const char *ident, int logopt, int facility) { - /* Get a handle to the Application event log */ - hEventLog = RegisterEventSourceA(NULL, ident); -} - -/* - * Log to the NT Event Log - */ -void -syslog(int priority, const char *message, ...) { - va_list ap; - char buf[1024]; - LPCSTR str[1]; - - str[0] = buf; - - va_start(ap, message); - vsprintf(buf, message, ap); - va_end(ap); - - /* Make sure that the channel is open to write the event */ - if (hEventLog == NULL) { - openlog("SoftHSM", 0, 0); - } - if (hEventLog != NULL) { - switch (priority) { - case LOG_INFO: - case LOG_NOTICE: - case LOG_DEBUG: - ReportEventA(hEventLog, EVENTLOG_INFORMATION_TYPE, 0, - 0x40000003, NULL, 1, 0, str, NULL); - break; - case LOG_WARNING: - ReportEventA(hEventLog, EVENTLOG_WARNING_TYPE, 0, - 0x80000002, NULL, 1, 0, str, NULL); - break; - default: - ReportEventA(hEventLog, EVENTLOG_ERROR_TYPE, 0, - 0xc0000001, NULL, 1, 0, str, NULL); - break; - } - } -} - -#endif diff --git a/SoftHSMv2/src/lib/win32/syslog.h b/SoftHSMv2/src/lib/win32/syslog.h deleted file mode 100644 index 1ed207c..0000000 --- a/SoftHSMv2/src/lib/win32/syslog.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef _SYSLOG_H -#define _SYSLOG_H - -#include - -/* priorities */ -#define LOG_EMERG 0 /* system is unusable */ -#define LOG_ALERT 1 /* action must be taken immediately */ -#define LOG_CRIT 2 /* critical conditions */ -#define LOG_ERR 3 /* error conditions */ -#define LOG_WARNING 4 /* warning conditions */ -#define LOG_NOTICE 5 /* normal but signification condition */ -#define LOG_INFO 6 /* informational */ -#define LOG_DEBUG 7 /* debug-level messages */ - -/* NT event log does not support facility level */ -#define LOG_KERN 0 -#define LOG_USER 0 -#define LOG_MAIL 0 -#define LOG_DAEMON 0 -#define LOG_AUTH 0 -#define LOG_SYSLOG 0 -#define LOG_LPR 0 -#define LOG_LOCAL0 0 -#define LOG_LOCAL1 0 -#define LOG_LOCAL2 0 -#define LOG_LOCAL3 0 -#define LOG_LOCAL4 0 -#define LOG_LOCAL5 0 -#define LOG_LOCAL6 0 -#define LOG_LOCAL7 0 - -/* Constant definitions for openlog() */ -#define LOG_PID 1 -#define LOG_CONS 2 - -void -closelog(void); - -void -openlog(const char *ident, int logopt, int facility); - -void -syslog(int priority, const char *message, ...); - -#endif -- cgit 1.2.3-korg