test_crypto.c

IBM的Linux上的PKCS#11实现

    fprintf(stderr, "ERROR: call to C_Encrypt failed.\n");
    return rc;
  }

  if (0 != memcmp(pDecryptedData, pData, ulDataLen)) {
    fprintf(stderr, "Decryption text is not equal to initial plaintext.\n");
    return -1;
  }
  
  return rc;
}

int test_rsa_signature(CK_SESSION_HANDLE hSession)
{
  return CKR_OK;
}



/* 
 * test the CKM_DES_ECB mechanism 
 */ 
int test_ecb_des(CK_SESSION_HANDLE hSession) 
{
  CK_RV rc;
  CK_OBJECT_CLASS class = CKO_SECRET_KEY;
  CK_KEY_TYPE keyType = CKK_DES;
  CK_CHAR label[] = "A DES secret key object";
  CK_BYTE value[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
  CK_BBOOL true = TRUE;
  CK_ATTRIBUTE template[] = {
    {CKA_CLASS, &class, sizeof(class)},
    {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
    {CKA_TOKEN, &true, sizeof(true)},
    {CKA_LABEL, label, sizeof(label)},
    {CKA_ENCRYPT, &true, sizeof(true)},
    {CKA_VALUE, value, sizeof(value)}
  };
  CK_OBJECT_HANDLE hKey;
  CK_CHAR plain[] = {0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
		     0x6a, 0x2a, 0x19, 0xf4, 0x1e, 0xca, 0x85, 0x4b};
  /* expected result */
  CK_CHAR cipher[] = {0x3f, 0xa4, 0x0e, 0x8a, 0x98, 0x4d, 0x48, 0x15,
		      0xa8, 0x89, 0x70, 0xdb, 0xeb, 0xa2, 0x4d, 0x80};
  CK_CHAR *encryptedData;
  CK_ULONG encryptedDataLen = 0;
  CK_MECHANISM mechanism = {
    CKM_DES_ECB, NULL, 0
  };
  
  /* create DES secret key object */
  rc = FunctionPtr->C_CreateObject(hSession, 
				   template, 
				   sizeof(template) / sizeof (CK_ATTRIBUTE),
				   &hKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_CreateObject failed, rc = %0x\n", rc);
    return rc;
  }

  rc = symmetric_encryption(hSession, hKey, mechanism, plain, sizeof(plain), &encryptedData, &encryptedDataLen);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to symmetric_encryption failed, rc =%0x\n", rc);
    rc = CKR_GENERAL_ERROR;
    goto done;
  }
  
  /* known answer test */
  rc = memcmp(cipher, encryptedData, sizeof(cipher));
  if (rc != 0) {
    fprintf(stderr, "ERROR test vector failed.\n");
    rc = CKR_GENERAL_ERROR;
    goto done;
  }

  rc = CKR_OK;
  
 done:
  if (encryptedData) {
    free(encryptedData);
  }
  
  return rc;
}

/* 
 * test CKM_DES_CBC mechanism
 */

int test_cbc_des(CK_SESSION_HANDLE hSession) 
{
  CK_RV rc;
  CK_OBJECT_CLASS class = CKO_SECRET_KEY;
  CK_KEY_TYPE keyType = CKK_DES;
  CK_CHAR label[] = "A DES secret key object";
  CK_BYTE value[8] = {0xDE, 0xAD, 0xBE, 0xEF, 0xCA, 0xFE, 0xCA, 0xFE};
  CK_BBOOL true = TRUE;
  CK_ATTRIBUTE template[] = {
    {CKA_CLASS, &class, sizeof(class)},
    {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
    {CKA_TOKEN, &true, sizeof(true)},
    {CKA_LABEL, label, sizeof(label)},
    {CKA_ENCRYPT, &true, sizeof(true)},
    {CKA_VALUE, value, sizeof(value)}
  };
  
  CK_OBJECT_HANDLE hKey;
  CK_BYTE iv[] = {0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11};
  CK_CHAR data[] = {0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xC0, 0xC0, 0xCA, 0xFE, 0x11, 0x22, 0x33, 0x44};
  /* expected result */
  CK_CHAR cipher[] = {0x28, 0x16, 0xA1, 0x0C, 0x76, 0xAC, 0x4E, 0x67, 0xBC, 0x3F, 0x17, 0xC1, 0xD1, 0x2F, 0x4B, 0x92};
  CK_CHAR *encryptedData;
  CK_ULONG encryptedDataLen = 0;
  CK_MECHANISM mechanism = {
    CKM_DES_CBC, iv, sizeof(iv)
  };
  
 /* create DES secret key object */
  rc = FunctionPtr->C_CreateObject(hSession, 
				   template, 
				   sizeof(template) / sizeof (CK_ATTRIBUTE),
				   &hKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_CreateObject failed, rc = %0x\n", rc);
    return rc;
  }

  rc = symmetric_encryption(hSession, hKey, mechanism, data, sizeof(data), &encryptedData, &encryptedDataLen);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to symmetric_encryption failed, rc =%0x\n", rc);
    rc = CKR_GENERAL_ERROR;
    goto done;
  }

  /* known answer test */
  rc = memcmp(cipher, encryptedData, sizeof(cipher));
  if (rc != 0) {
    fprintf(stderr, "ERROR test vector failed.\n");
    rc = CKR_GENERAL_ERROR;
    goto done;
  }

  rc = CKR_OK;
  
 done:
  if (encryptedData) {
    free(encryptedData);
  }
  
  return rc;
}

/* 
 * test CKM_DES3_ECB mechanism 
 */

int test_ecb_3des(CK_SESSION_HANDLE hSession) 
{
  CK_RV rc;
  CK_OBJECT_CLASS class = CKO_SECRET_KEY;
  CK_KEY_TYPE keyType = CKK_DES3;
  CK_CHAR label[] = "A DES3 ECB secret key object";
  CK_BYTE value[24] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF};
  CK_BBOOL true = TRUE;
  CK_ATTRIBUTE template[] = {
    {CKA_CLASS, &class, sizeof(class)},
    {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
    {CKA_TOKEN, &true, sizeof(true)},
    {CKA_LABEL, label, sizeof(label)},
    {CKA_ENCRYPT, &true, sizeof(true)},
    {CKA_VALUE, value, sizeof(value)}
  };
  
  CK_OBJECT_HANDLE hKey;
  CK_CHAR data[] = {0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xC0, 0xC0, 0xCA, 0xFE, 0x11, 0x22, 0x33, 0x44};
  /* expected result */
  CK_CHAR cipher[] = {0x5E, 0x69, 0x7E, 0x64, 0xE6, 0x16, 0xF5, 0x79, 0x7A, 0xD6, 0x0E, 0xDC, 0xED, 0x4A, 0xE9, 0x24};
  CK_CHAR *encryptedData;
  CK_ULONG encryptedDataLen = 0;
  CK_MECHANISM mechanism = {
    CKM_DES3_ECB, NULL, 0
  };

 /* create DES secret key object */
  rc = FunctionPtr->C_CreateObject(hSession, 
				   template, 
				   sizeof(template) / sizeof (CK_ATTRIBUTE),
				   &hKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_CreateObject failed, rc = %0x\n", rc);
    return rc;
  }

  rc = symmetric_encryption(hSession, hKey, mechanism, data, sizeof(data), &encryptedData, &encryptedDataLen);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to symmetric_encryption failed, rc =%0x\n", rc);
    rc = CKR_GENERAL_ERROR;
    goto done;
  }

  /* known answer test */
  rc = memcmp(cipher, encryptedData, sizeof(cipher));
  if (rc != 0) {
    fprintf(stderr, "ERROR test vector failed.\n");
    rc = CKR_GENERAL_ERROR;
    goto done;
  }  

  rc = CKR_OK;
  
 done:
  if (encryptedData) {
    free(encryptedData);
  }
  
  return rc;
}

/* 
 * test CMK_DES3_CBC mechanism
 */

int test_cbc_3des(CK_SESSION_HANDLE hSession) 
{
  CK_RV rc;
  CK_OBJECT_CLASS class = CKO_SECRET_KEY;
  CK_KEY_TYPE keyType = CKK_DES3;
  CK_CHAR label[] = "A DES3 secret key object";
  CK_BYTE value[24] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF};
  CK_BBOOL true = TRUE;
  CK_ATTRIBUTE template[] = {
    {CKA_CLASS, &class, sizeof(class)},
    {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
    {CKA_TOKEN, &true, sizeof(true)},
    {CKA_LABEL, label, sizeof(label)},
    {CKA_ENCRYPT, &true, sizeof(true)},
    {CKA_VALUE, value, sizeof(value)}
  };
  
  CK_OBJECT_HANDLE hKey;
  CK_BYTE iv[] = {0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11};
  CK_CHAR data[] = {0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xC0, 0xC0, 0xCA, 0xFE, 0x11, 0x22, 0x33, 0x44};
  /* expected result */
  CK_CHAR cipher[] = {0xA6, 0x19, 0xA1, 0xB1, 0x36, 0x07, 0xCB, 0x31, 0x83, 0x48, 0xDB, 0x30, 0x63, 0xC0, 0x12, 0xBB };
  CK_CHAR *encryptedData;
  CK_ULONG encryptedDataLen = 0;
  CK_MECHANISM mechanism = {
    CKM_DES3_CBC, iv, sizeof(iv)
  };
 /* create DES secret key object */
  rc = FunctionPtr->C_CreateObject(hSession, 
				   template, 
				   sizeof(template) / sizeof (CK_ATTRIBUTE),
				   &hKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_CreateObject failed, rc = %0x\n", rc);
    return rc;
  }

  rc = symmetric_encryption(hSession, hKey, mechanism, data, sizeof(data), &encryptedData, &encryptedDataLen);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to symmetric_encryption failed, rc =%0x\n", rc);
    rc = CKR_GENERAL_ERROR;
    goto done;
  }

 /* known answer test */
  rc = memcmp(cipher, encryptedData, sizeof(cipher));
  if (rc != 0) {
    fprintf(stderr, "ERROR test vector failed.\n");
    rc = CKR_GENERAL_ERROR;
    goto done;
  }  

  rc = CKR_OK;
  
 done:
  if (encryptedData) {
    free(encryptedData);
  }
  
  return rc;
}



/* General symmetric encryption, given a handle to a key object and a mechanism */
/* Caller needs to free memory for encryptedData */

CK_RV symmetric_encryption(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, 
			   CK_MECHANISM mechanism, CK_CHAR *data, CK_ULONG data_sz, 
			   CK_CHAR **encryptedData, CK_ULONG *encryptedData_sz)
{
  CK_RV rc;
  CK_CHAR *this_encryptedData;

  /* init */
  rc = FunctionPtr->C_EncryptInit(hSession, &mechanism, hKey);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_EncryptInit failed, rc = %0x\n", rc);
    return rc;
  }
  
  rc = FunctionPtr->C_Encrypt(hSession, data, data_sz, NULL, encryptedData_sz);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR failed to get size of encrypted data calling C_Encrypt, rc = %0x\n", rc);
    return rc;
  }

  this_encryptedData = (CK_CHAR *)malloc((*encryptedData_sz)*sizeof(CK_CHAR));

  /* encrypt */
  rc = FunctionPtr->C_Encrypt(hSession, data, data_sz, this_encryptedData, encryptedData_sz);
  if (rc != CKR_OK) {
    fprintf(stderr, "ERROR call to C_EncryptUpdate failed, rc = %0x\n", rc);
    return rc;
  }
  
  *encryptedData = this_encryptedData;

  rc = CKR_OK;
  return rc;
}