From e949618ec2941ae74cf4ba1a132298d8d0455ac9 Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Fri, 27 Nov 2015 17:13:54 +0100 Subject: [PATCH] YKCS11: started adding RSA test. --- ykcs11/tests/ykcs11_tests.c | 193 ++++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) diff --git a/ykcs11/tests/ykcs11_tests.c b/ykcs11/tests/ykcs11_tests.c index 0f95887..f81e153 100644 --- a/ykcs11/tests/ykcs11_tests.c +++ b/ykcs11/tests/ykcs11_tests.c @@ -3,6 +3,7 @@ #include +#include #include #include #include @@ -403,6 +404,197 @@ static void test_import_and_sign_all_10() { } +// Import a newly generated RSA1024 pvt key and a certificate +// to every slot and use the key to sign some data +static void test_import_and_sign_all_10_RSA() { + + EVP_PKEY *evp; + RSA *rsak; + X509 *cert; + ASN1_TIME *tm; + CK_BYTE i, j; + CK_BYTE some_data[32]; + CK_BYTE e[] = {0x01, 0x00, 0x01}; + CK_BYTE p[64]; + CK_BYTE q[64]; + CK_BYTE dp[64]; + CK_BYTE dq[64]; + CK_BYTE qinv[64]; + BIGNUM *e_bn; + CK_ULONG class_k = CKO_PRIVATE_KEY; + CK_ULONG class_c = CKO_CERTIFICATE; + CK_ULONG kt = CKK_RSA; + CK_BYTE id = 0; + CK_BYTE sig[64]; + CK_ULONG recv_len; + CK_BYTE value_c[3100]; + CK_ULONG cert_len; + CK_BYTE der_encoded[80]; + CK_BYTE_PTR der_ptr; + CK_BYTE_PTR r_ptr; + CK_BYTE_PTR s_ptr; + CK_ULONG r_len; + CK_ULONG s_len; + + unsigned char *px; + + CK_ATTRIBUTE privateKeyTemplate[] = { + {CKA_CLASS, &class_k, sizeof(class_k)}, + {CKA_KEY_TYPE, &kt, sizeof(kt)}, + {CKA_ID, &id, sizeof(id)}, + {CKA_PUBLIC_EXPONENT, e, sizeof(e)}, + {CKA_PRIME_1, p, sizeof(p)}, + {CKA_PRIME_2, q, sizeof(q)}, + {CKA_EXPONENT_1, dp, sizeof(dp)}, + {CKA_EXPONENT_2, dq, sizeof(dq)}, + {CKA_COEFFICIENT, qinv, sizeof(qinv)} + }; + + CK_ATTRIBUTE publicKeyTemplate[] = { + {CKA_CLASS, &class_c, sizeof(class_c)}, + {CKA_ID, &id, sizeof(id)}, + {CKA_VALUE, value_c, sizeof(value_c)} + }; + + CK_OBJECT_HANDLE obj[24]; + CK_SESSION_HANDLE session; + CK_MECHANISM mech = {CKM_RSA_PKCS, NULL}; + + evp = EVP_PKEY_new(); + + if (evp == NULL) + exit(EXIT_FAILURE); + + rsak = RSA_new(); + + if (rsak == NULL) + exit(EXIT_FAILURE); + + e_bn = BN_bin2bn(e, 3, NULL); + + if (e_bn == NULL) + exit(EXIT_FAILURE); + + asrt(RSA_generate_key_ex(rsak, 1024, e_bn, NULL), 1, "GENERATE RSAK"); + + asrt(BN_bn2bin(rsak->p, p), 64, "GET P"); + asrt(BN_bn2bin(rsak->q, q), 64, "GET Q"); + asrt(BN_bn2bin(rsak->dmp1, dp), 64, "GET DP"); + asrt(BN_bn2bin(rsak->dmq1, dp), 64, "GET DQ"); + asrt(BN_bn2bin(rsak->iqmp, qinv), 64, "GET QINV"); + + + + if (EVP_PKEY_set1_RSA(evp, rsak) == 0) + exit(EXIT_FAILURE); + + cert = X509_new(); + + if (cert == NULL) + exit(EXIT_FAILURE); + + if (X509_set_pubkey(cert, evp) == 0) + exit(EXIT_FAILURE); + + tm = ASN1_TIME_new(); + if (tm == NULL) + exit(EXIT_FAILURE); + + ASN1_TIME_set_string(tm, "000001010000Z"); + X509_set_notBefore(cert, tm); + X509_set_notAfter(cert, tm); + + cert->sig_alg->algorithm = OBJ_nid2obj(8); + cert->cert_info->signature->algorithm = OBJ_nid2obj(8); + + ASN1_BIT_STRING_set_bit(cert->signature, 8, 1); + ASN1_BIT_STRING_set(cert->signature, "\x00", 1); + + px = value_c; + if ((cert_len = (CK_ULONG) i2d_X509(cert, &px)) == 0 || cert_len > sizeof(value_c)) + exit(EXIT_FAILURE); + + publicKeyTemplate[2].ulValueLen = cert_len; + + asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE"); + asrt(funcs->C_OpenSession(0, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session), CKR_OK, "OpenSession1"); + asrt(funcs->C_Login(session, CKU_SO, "010203040506070801020304050607080102030405060708", 48), CKR_OK, "Login SO"); + + for (i = 0; i < 24; i++) { + id = i; + asrt(funcs->C_CreateObject(session, publicKeyTemplate, 3, obj + i), CKR_OK, "IMPORT CERT"); + asrt(funcs->C_CreateObject(session, privateKeyTemplate, 9, obj + i), CKR_OK, "IMPORT KEY"); + } + + asrt(funcs->C_Logout(session), CKR_OK, "Logout SO"); + + for (i = 0; i < 24; i++) { + for (j = 0; j < 10; j++) { + + if(RAND_pseudo_bytes(some_data, sizeof(some_data)) == -1) + exit(EXIT_FAILURE); + + asrt(funcs->C_Login(session, CKU_USER, "123456", 6), CKR_OK, "Login USER"); + asrt(funcs->C_SignInit(session, &mech, obj[i]), CKR_OK, "SignInit"); + + recv_len = sizeof(sig); + asrt(funcs->C_Sign(session, some_data, sizeof(some_data), sig, &recv_len), CKR_OK, "Sign"); + + /* r_len = 32; */ + /* s_len = 32; */ + + /* der_ptr = der_encoded; */ + /* *der_ptr++ = 0x30; */ + /* *der_ptr++ = 0xff; // placeholder, fix below */ + + /* r_ptr = sig; */ + + /* *der_ptr++ = 0x02; */ + /* *der_ptr++ = r_len; */ + /* if (*r_ptr >= 0x80) { */ + /* *(der_ptr - 1) = *(der_ptr - 1) + 1; */ + /* *der_ptr++ = 0x00; */ + /* } */ + /* else if (*r_ptr == 0x00 && *(r_ptr + 1) < 0x80) { */ + /* r_len--; */ + /* *(der_ptr - 1) = *(der_ptr - 1) - 1; */ + /* r_ptr++; */ + /* } */ + /* memcpy(der_ptr, r_ptr, r_len); */ + /* der_ptr+= r_len; */ + + /* s_ptr = sig + 32; */ + + /* *der_ptr++ = 0x02; */ + /* *der_ptr++ = s_len; */ + /* if (*s_ptr >= 0x80) { */ + /* *(der_ptr - 1) = *(der_ptr - 1) + 1; */ + /* *der_ptr++ = 0x00; */ + /* } */ + /* else if (*s_ptr == 0x00 && *(s_ptr + 1) < 0x80) { */ + /* s_len--; */ + /* *(der_ptr - 1) = *(der_ptr - 1) - 1; */ + /* s_ptr++; */ + /* } */ + /* memcpy(der_ptr, s_ptr, s_len); */ + /* der_ptr+= s_len; */ + + /* der_encoded[1] = der_ptr - der_encoded - 2; */ + + /* dump_hex(der_encoded, der_encoded[1] + 2, stderr, 1); */ + + /* asrt(ECDSA_verify(0, some_data, sizeof(some_data), der_encoded, der_encoded[1] + 2, eck), 1, "ECDSA VERIFICATION"); */ + + } + } + + asrt(funcs->C_Logout(session), CKR_OK, "Logout USER"); + + asrt(funcs->C_CloseSession(session), CKR_OK, "CloseSession"); + asrt(funcs->C_Finalize(NULL), CKR_OK, "FINALIZE"); + +} + int main(void) { get_functions(&funcs); @@ -416,6 +608,7 @@ int main(void) { test_session(); test_login(); test_import_and_sign_all_10(); + test_import_and_sign_all_10_RSA(); #else fprintf(stderr, "HARDWARE TESTS DISABLED!, skipping...\n"); #endif