/* * Copyright (c) 2012 SURFnet * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /***************************************************************************** SignVerifyTests.cpp Contains test cases for: C_SignInit C_Sign C_SignUpdate C_SignFinal C_VerifyInit C_Verify C_VerifyUpdate C_VerifyFinal *****************************************************************************/ #include #include #include #include "SignVerifyTests.h" // CKA_TOKEN const CK_BBOOL ON_TOKEN = CK_TRUE; const CK_BBOOL IN_SESSION = CK_FALSE; // CKA_PRIVATE const CK_BBOOL IS_PRIVATE = CK_TRUE; const CK_BBOOL IS_PUBLIC = CK_FALSE; CPPUNIT_TEST_SUITE_REGISTRATION(SignVerifyTests); CK_RV SignVerifyTests::generateRSA(CK_SESSION_HANDLE hSession, CK_BBOOL bTokenPuk, CK_BBOOL bPrivatePuk, CK_BBOOL bTokenPrk, CK_BBOOL bPrivatePrk, CK_OBJECT_HANDLE &hPuk, CK_OBJECT_HANDLE &hPrk) { CK_MECHANISM mechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 }; CK_KEY_TYPE keyType = CKK_RSA; CK_ULONG bits = 1536; CK_BYTE pubExp[] = {0x01, 0x00, 0x01}; CK_BYTE label[] = { 0x12, 0x34 }; // dummy CK_BYTE id[] = { 123 } ; // dummy CK_BBOOL bFalse = CK_FALSE; CK_BBOOL bTrue = CK_TRUE; CK_ATTRIBUTE pukAttribs[] = { { CKA_LABEL, &label[0], sizeof(label) }, { CKA_ID, &id[0], sizeof(id) }, { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_VERIFY, &bTrue, sizeof(bTrue) }, { CKA_ENCRYPT, &bFalse, sizeof(bFalse) }, { CKA_WRAP, &bFalse, sizeof(bFalse) }, { CKA_TOKEN, &bTokenPuk, sizeof(bTokenPuk) }, { CKA_PRIVATE, &bPrivatePuk, sizeof(bPrivatePuk) }, { CKA_MODULUS_BITS, &bits, sizeof(bits) }, { CKA_PUBLIC_EXPONENT, &pubExp[0], sizeof(pubExp) } }; CK_ATTRIBUTE prkAttribs[] = { { CKA_LABEL, &label[0], sizeof(label) }, { CKA_ID, &id[0], sizeof(id) }, { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_SIGN, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bFalse, sizeof(bFalse) }, { CKA_UNWRAP, &bFalse, sizeof(bFalse) }, { CKA_SENSITIVE, &bTrue, sizeof(bTrue) }, { CKA_TOKEN, &bTokenPrk, sizeof(bTokenPrk) }, { CKA_PRIVATE, &bPrivatePrk, sizeof(bPrivatePrk) }, { CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) } }; hPuk = CK_INVALID_HANDLE; hPrk = CK_INVALID_HANDLE; return CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, pukAttribs, sizeof(pukAttribs)/sizeof(CK_ATTRIBUTE), prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE), &hPuk, &hPrk) ); } #ifdef WITH_ECC CK_RV SignVerifyTests::generateEC(const char* curve, CK_SESSION_HANDLE hSession, CK_BBOOL bTokenPuk, CK_BBOOL bPrivatePuk, CK_BBOOL bTokenPrk, CK_BBOOL bPrivatePrk, CK_OBJECT_HANDLE &hPuk, CK_OBJECT_HANDLE &hPrk) { CK_MECHANISM mechanism = { CKM_EC_KEY_PAIR_GEN, NULL_PTR, 0 }; CK_KEY_TYPE keyType = CKK_EC; CK_BYTE oidP256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 }; CK_BYTE oidP384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 }; CK_BYTE oidP521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 }; CK_BYTE label[] = { 0x12, 0x34 }; // dummy CK_BYTE id[] = { 123 } ; // dummy CK_BBOOL bFalse = CK_FALSE; CK_BBOOL bTrue = CK_TRUE; CK_ATTRIBUTE pukAttribs[] = { { CKA_EC_PARAMS, NULL, 0 }, { CKA_LABEL, &label[0], sizeof(label) }, { CKA_ID, &id[0], sizeof(id) }, { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_VERIFY, &bTrue, sizeof(bTrue) }, { CKA_ENCRYPT, &bFalse, sizeof(bFalse) }, { CKA_WRAP, &bFalse, sizeof(bFalse) }, { CKA_TOKEN, &bTokenPuk, sizeof(bTokenPuk) }, { CKA_PRIVATE, &bPrivatePuk, sizeof(bPrivatePuk) } }; CK_ATTRIBUTE prkAttribs[] = { { CKA_LABEL, &label[0], sizeof(label) }, { CKA_ID, &id[0], sizeof(id) }, { CKA_KEY_TYPE, &keyType, sizeof(keyType) }, { CKA_SIGN, &bTrue, sizeof(bTrue) }, { CKA_DECRYPT, &bFalse, sizeof(bFalse) }, { CKA_UNWRAP, &bFalse, sizeof(bFalse) }, { CKA_SENSITIVE, &bTrue, sizeof(bTrue) }, { CKA_TOKEN, &bTokenPrk, sizeof(bTokenPrk) }, { CKA_PRIVATE, &bPrivatePrk, sizeof(bPrivatePrk) }, { CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) } }; /* Select the curve */ if (strcmp(curve, "P-256") == 0) { pukAttribs[0].pValue = oidP256; pukAttribs[0].ulValueLen = sizeof(oidP256); } else if (strcmp(curve, "P-384") == 0) { pukAttribs[0].pValue = oidP384; pukAttribs[0].ulValueLen = sizeof(oidP384); } else if (strcmp(curve, "P-521") == 0) { pukAttribs[0].pValue = oidP521; pukAttribs[0].ulValueLen = sizeof(oidP521); } else { return CKR_GENERAL_ERROR; } hPuk = CK_INVALID_HANDLE; hPrk = CK_INVALID_HANDLE; return CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, pukAttribs, sizeof(pukAttribs)/sizeof(CK_ATTRIBUTE), prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE), &hPuk, &hPrk) ); } #endif void SignVerifyTests::signVerifySingle(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_VOID_PTR param /* = NULL_PTR */, CK_ULONG paramLen /* = 0 */) { CK_RV rv; CK_MECHANISM mechanism = { mechanismType, param, paramLen }; CK_BYTE data[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,0x0C, 0x0D, 0x0F }; CK_BYTE signature[256]; CK_ULONG ulSignatureLen = 0; rv = CRYPTOKI_F_PTR( C_SignInit(hSession,&mechanism,hPrivateKey) ); CPPUNIT_ASSERT(rv==CKR_OK); ulSignatureLen = sizeof(signature); rv = CRYPTOKI_F_PTR( C_Sign(hSession,data,sizeof(data),signature,&ulSignatureLen) ); CPPUNIT_ASSERT(rv==CKR_OK); rv = CRYPTOKI_F_PTR( C_VerifyInit(hSession,&mechanism,hPublicKey) ); CPPUNIT_ASSERT(rv==CKR_OK); rv = CRYPTOKI_F_PTR( C_Verify(hSession,data,sizeof(data),signature,ulSignatureLen) ); CPPUNIT_ASSERT(rv==CKR_OK); // verify again, but now change the input that is being signed. rv = CRYPTOKI_F_PTR( C_VerifyInit(hSession,&mechanism,hPublicKey) ); CPPUNIT_ASSERT(rv==CKR_OK); data[0] = 0xff; rv = CRYPTOKI_F_PTR( C_Verify(hSession,data,sizeof(data),signature,ulSignatureLen) ); CPPUNIT_ASSERT(rv==CKR_SIGNATURE_INVALID); } void SignVerifyTests::signVerifySingleData(size_t dataSize, CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hPublicKey, CK_OBJECT_HANDLE hPrivateKey, CK_VOID_PTR param /* = NULL_PTR */, CK_ULONG paramLen /* = 0 */) { CK_RV rv; CK_MECHANISM mechanism = { mechanismType, param, paramLen }; CK_BYTE *data = (CK_BYTE*)malloc(dataSize); CK_BYTE signature[1024]; CK_ULONG ulSignatureLen = 0; unsigned i; CPPUNIT_ASSERT(data != NULL); for (i=0;i