test_crypto.c

IBM的Linux上的PKCS#11实现

#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <stdio.h>
#include <dlfcn.h>
#include <pkcs11types.h>
#include "slotmgr.h"

#define DEFAULT_PIN "12345678"

CK_RV init(void);
void print_man(void);
CK_RV verify_slot(long slot_num);
CK_RV test_crypto(long slot_num);
CK_RV symmetric_encryption(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, 
			   CK_MECHANISM mechanism, CK_CHAR *data, CK_ULONG data_sz, 
			   CK_CHAR **encryptedData, CK_ULONG *encryptedData_sz);

void *dllPtr;
CK_FUNCTION_LIST_PTR   FunctionPtr = NULL;
Slot_Mgr_Shr_t         *shmp = NULL;


int main(int argc, char *argv[]) {
  CK_RV rc = 1;
  CK_FLAGS flags = 0;
  CK_CHAR_PTR slot = NULL;
  long slot_num = 0;  
  int c;
  
  /* parse the command line parameters */
  if (argc < 2) {
    print_man();
    exit(1);
  } 
  
  while ((c = getopt(argc, argv, "c:S")) != (-1)) {
    switch (c) {
    case 'c':  /* a specific card (slot) is specified */
      slot = (CK_CHAR_PTR) malloc(strlen(optarg));
      memcpy(slot, optarg, strlen(optarg));
      if (slot == NULL) {
	fprintf(stderr, "Must enter a Slot ID\n");
	print_man();
	exit(1);
      }
      slot_num = atol(slot);
      break;
    default:   /* if something else was passed in it is an error */
      fprintf(stderr, "ERROR bad arguments.\n");
      print_man();
      exit(1);
    }
  }
      
  /* load the PKCS11 library */
  rc = init();
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR calling init, rc = %x.\n", rc);
    exit (1);
  }
  
  /* verify the slot number */
  rc = verify_slot(slot_num);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR invalid slot ID, rc = %x.\n", rc);
    exit (1);
  }
  
  /* test the crypto functions */
  rc = test_crypto(slot_num);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to test_crytpo failed.\n", rc);
    exit (1);
  }
  
  exit (0);
}


void print_man(void)
{
  fprintf(stderr, "Usage:  test_crypto <slotId>\n  To get a list of slotIDs, call\n /usr/lib/pkcs11/methods/pkcsconf -s\n");
}

CK_RV init(void) 
{
  CK_RV rc;
  void (*funcPtr)();   // Pointer to function for the DLL
  char *error;

  /* Open the PKCS11 API */
  dllPtr = dlopen("/usr/lib/pkcs11/PKCS11_API.so", RTLD_NOW);
  if (! dllPtr) {
    fprintf(stderr, "%s\n", dlerror());
    rc = CKR_FUNCTION_FAILED;
    goto done;
  }

  /* Get a pointer to the function that gets the list of PKCS11 functions this token supports */
  funcPtr = (void (*)())dlsym(dllPtr, "C_GetFunctionList");
  if ((error = dlerror()) != NULL) {
    fprintf(stderr, "%s\n", error);
    rc = CKR_FUNCTION_FAILED;
    goto done;
  }
  else if (! funcPtr) {
    fprintf(stderr, "Error, C_GetFunctionList is NULL\n");
    rc = CKR_GENERAL_ERROR;
    goto done;
  }
  
  /* get the list of functions */
  funcPtr(&FunctionPtr);

  rc = FunctionPtr->C_Initialize(NULL);
  if (rc != CKR_OK) {
    goto done;
  }
 
  rc = CKR_OK;

 done:
  if (rc != CKR_OK) {
    /* call C_Finalize and close the dyn. linked lib */
    if (FunctionPtr) {
      FunctionPtr->C_Finalize(NULL);
    }
    if (dllPtr) {
      dlclose(dllPtr);
    }
  }

  return rc;
}

CK_RV verify_slot(long slot_num) 
{
  CK_RV rc;
  CK_SLOT_ID_PTR pSlotWithTokenList;
  CK_ULONG ulSlotWithTokenCount;
  int i;

  rc = FunctionPtr->C_GetSlotList(TRUE, NULL_PTR, &ulSlotWithTokenCount); 
  if (rc == CKR_OK) {
    pSlotWithTokenList = (CK_SLOT_ID_PTR)malloc(ulSlotWithTokenCount*sizeof(CK_SLOT_ID));
    rc = FunctionPtr->C_GetSlotList(TRUE, pSlotWithTokenList, &ulSlotWithTokenCount);
    if (rc != CKR_OK) {
      fprintf(stderr, "Error geting list of slots with token\n");
      return rc;
    }
  }
  else {
    fprintf(stderr, "Error getting number of slots with token.\n");
    return rc;
  }

  for (i = 0; i < ulSlotWithTokenCount; i ++) {
    if (slot_num == pSlotWithTokenList[i]) {
      /* slot id is valid */
      return CKR_OK;
    }
  }

  /* if we are here, slot ID is invalid */
  fprintf(stderr, "Error:   Slot ID is invalid\n");
  return CKR_GENERAL_ERROR;
}
  


CK_RV test_crypto(long slot_num) 
{
  CK_RV rc;
  CK_SESSION_HANDLE hSession;

  /* open a R/W cryptoki session, CKR_SERIAL_SESSION is a legacy bit we have to set */
  rc = FunctionPtr->C_OpenSession(slot_num, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL_PTR,
				  NULL_PTR, &hSession);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_OpenSession failed, rc = 0x%0x\n", rc);
    return rc;
  }

  /* log in as normal user */
  rc = FunctionPtr->C_Login(hSession, CKU_USER, DEFAULT_PIN, strlen(DEFAULT_PIN));
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_Login failed, rc = 0x%0x\n", rc);
    return rc;
  }

#if 1
  rc = test_ecb_des(hSession);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR DES_ECB failed, rc = 0x%0x\n", rc);
    return rc;
  }
  fprintf(stderr, "CKM_DES_ECB test passed.\n");

  rc = test_cbc_des(hSession);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR DES_CBC failed, rc = 0x%0x\n", rc);
    return rc;
  }
  fprintf(stderr, "CKM_DES_CBC test passed.\n");
 
  rc = test_ecb_3des(hSession);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR, DES3_ECB failed, rc = 0x%0x\n", rc);
    return rc;
  }
  fprintf(stderr, "CKM_DES3_ECB test passed.\n");

  rc = test_cbc_3des(hSession);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR, DES3_CBC failed, rc = 0x%0x\n", rc);
    return rc;
  }
  fprintf(stderr, "CKM_DES3_CBC test passed.\n");
   
#endif

  rc = test_rsa_encryption(hSession);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR, RSA encryption failed, rc = 0x%0x\n", rc);
    return rc;
  } 
  fprintf(stderr, "CKM_RSA_PKCS_KEY_PAIR_GEN and CKM_RSA_PKCS tests passed.\n");
 
  rc = test_rsa_signature(hSession);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR, RSA signature failed, rc = 0x%0x\n", rc);
    return rc;
  }

  return CKR_OK;
}


/* 
 * test the CKM_RSA_PKCS_KEY_PAIR_GEN and CKM_RSA_PKCS mechanisms 
 */
int test_rsa_encryption(CK_SESSION_HANDLE hSession)
{
  CK_RV rc;
  CK_OBJECT_HANDLE hPublicKey, hPrivateKey;
  CK_MECHANISM mechanism = {CKM_RSA_PKCS_KEY_PAIR_GEN, NULL, 0};
  CK_MECHANISM mechanism_encr = {CKM_RSA_PKCS, NULL, 0};
  CK_BYTE pData[8] = {0xDE, 0xAD, 0xBE, 0xEF, 0xC0, 0xC0, 0xCA, 0xFE};
  CK_ULONG ulDataLen = 8;
  CK_BYTE_PTR pEncryptedData;
  CK_BYTE_PTR pDecryptedData;
  CK_ULONG encryptedDataLen = 0;
  CK_ULONG decryptedDataLen = 0;
  /* pub and priv key template declarations */
  CK_BBOOL true = TRUE;
  CK_ULONG modulusBits = 768;
  CK_BYTE publicExponent[] = {0x01, 0x00, 0x03 };
  CK_BYTE subject[] = {'p', 'e', 'a', 'c', 'e'};
  CK_BYTE id[] = {123};
  CK_ATTRIBUTE publicKeyTemplate[] = {
    {CKA_ENCRYPT, &true, sizeof(true)},
    {CKA_VERIFY, &true, sizeof(true)},
    {CKA_WRAP, &true, sizeof(true)},
    {CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)},
    {CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)}
  };
  CK_ATTRIBUTE privateKeyTemplate[] = {
    {CKA_TOKEN, &true, sizeof(true)},
    {CKA_PRIVATE, &true, sizeof(true)},
    {CKA_SUBJECT, subject, sizeof(subject)},
    {CKA_ID, id, sizeof(id)},
    {CKA_SENSITIVE, &true, sizeof(true)},
    {CKA_DECRYPT, &true, sizeof(true)},
    {CKA_SIGN, &true, sizeof(true)},
    {CKA_SIGN, &true, sizeof(true)},
    {CKA_UNWRAP, &true, sizeof(true)}
  };
  CK_MECHANISM_INFO info;

  /* generate a new key */
  rc = FunctionPtr->C_GenerateKeyPair(
				       hSession, &mechanism, 
				       publicKeyTemplate, 5, 
				       privateKeyTemplate, 8,
				       &hPublicKey, &hPrivateKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR:  call to C_GenerateKeyPair failed.\n");
    return rc;
  }

  /* get information on CKM_RSA_PKS mechanism */
  rc = FunctionPtr->C_GetMechanismInfo(0, CKM_RSA_PKCS, &info);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR:  call to C_GetMechanismInfo faile.\n");
    return rc;
  }

  fprintf(stderr, "* Minimum key size:  %u\n* Maximum key size:  %u\n", info.ulMinKeySize, info.ulMaxKeySize);

  /* encrypt something */
  rc = FunctionPtr->C_EncryptInit(hSession, &mechanism_encr, hPublicKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR: call to C_EncryptInit failed.\n");
    return rc;
  }
  rc = FunctionPtr->C_Encrypt(hSession, pData, ulDataLen, NULL, &encryptedDataLen);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR: call to C_Encrypt to get size of encryptedData failed.\n");
    return rc;
  }
  pEncryptedData = (CK_BYTE_PTR)malloc(encryptedDataLen);
  rc = FunctionPtr->C_Encrypt(hSession, pData, ulDataLen, pEncryptedData, &encryptedDataLen);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR: call to C_Encrypt failed.\n");
    return rc;
  }

  /* now try decrypting */
  rc = FunctionPtr->C_DecryptInit(hSession, &mechanism_encr, hPrivateKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR: call to C_EncryptInit failed.\n");
    return rc;
  }
  rc = FunctionPtr->C_Decrypt(hSession, pEncryptedData, encryptedDataLen, NULL, &decryptedDataLen);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR: call to C_Encrypt failed.\n");
    return rc;
  }
  pDecryptedData = (CK_BYTE_PTR)malloc(decryptedDataLen);
  rc = FunctionPtr->C_Decrypt(hSession, pEncryptedData, encryptedDataLen, pDecryptedData, &decryptedDataLen);
  if (rc != CKR_OK) {