📄 tokentest.c
字号:
/*____________________________________________________________________________
TokenTest.c
Copyright (C) 2003,2004 PGP Corporation
All rights reserved.
FIPS 140-2 Operational Test: Token/Smartcard test
$Id: TokenTest.c 48493 2006-10-12 21:19:56Z vinnie $
____________________________________________________________________________*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "pgpErrors.h"
#include "pgpKeys.h"
#include "pgpMemoryMgr.h"
#include "pgpUtilities.h"
#include "pgpPublicKey.h"
#include "optest.h"
/* Plain-text test message */
static PGPByte testData[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa,
0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55
};
static PGPError printTokenInfo(PGPContextRef context, PGPUInt32 tokNum)
{
PGPError err = kPGPError_NoErr;
PGPPublicKeyAlgorithm keyGenAlgorithm = kPGPPublicKeyAlgorithm_Invalid;
PGPUInt32 numPrivKeys;
PGPUInt32 numPubKeys;
PGPUInt32 minPinLen;
PGPUInt32 maxPinLen;
PGPUInt32 minKeySize;
PGPUInt32 maxKeySize;
PGPByte manufacturerID[33];
PGPByte model[17];
PGPByte serialNumber[80];
PGPByte label[80];
PGPSize sizeout;
err = PGPGetTokenInfoNumericProperty(context, tokNum, kPGPTokenProperty_KeyGenAlgorithm ,(PGPUInt32*) &keyGenAlgorithm); CKERR;
err = PGPGetTokenInfoNumericProperty(context, tokNum, kPGPTokenProperty_PrivateKeys ,&numPrivKeys); CKERR;
err = PGPGetTokenInfoNumericProperty(context, tokNum, kPGPTokenProperty_PublicKeys ,&numPubKeys); CKERR;
err = PGPGetTokenInfoNumericProperty(context, tokNum, kPGPTokenProperty_MinPINSize ,&minPinLen); CKERR;
err = PGPGetTokenInfoNumericProperty(context, tokNum, kPGPTokenProperty_MaxPINSize ,&maxPinLen); CKERR;
err = PGPGetTokenInfoNumericProperty(context, tokNum, kPGPTokenProperty_MinKeySize ,&minKeySize); CKERR;
err = PGPGetTokenInfoNumericProperty(context, tokNum, kPGPTokenProperty_MaxKeySize ,&maxKeySize); CKERR;
err = PGPGetTokenInfoDataProperty(context, tokNum,
kPGPTokenProperty_ManufacturerID, &manufacturerID, sizeof( manufacturerID),&sizeout); CKERR;
err = PGPGetTokenInfoDataProperty(context, tokNum,
kPGPTokenProperty_Model, &model, sizeof( model),&sizeout); CKERR;
err = PGPGetTokenInfoDataProperty(context, tokNum,
kPGPTokenProperty_SerialNumber, &serialNumber, sizeof( serialNumber),&sizeout); CKERR;
err = PGPGetTokenInfoDataProperty(context, tokNum,
kPGPTokenProperty_TokenLabel, &label, sizeof( label), &sizeout); CKERR;
OPTESTPrintF("\t [%d]\tMfg : %s\n",tokNum, manufacturerID);
OPTESTPrintF("\t \tModel : %s\n", model);
OPTESTPrintF("\t \tSerialNo : %s\n", serialNumber);
OPTESTPrintF("\t \tLabel : %s\n", label);
OPTESTPrintF("\t \tPinLen : %d < %d\n",minPinLen, maxPinLen );
OPTESTPrintF("\t \tKeySize : %d < %d\n",minKeySize, maxKeySize );
OPTESTPrintF("\t \tPrivKeys : %d\n",numPrivKeys );
OPTESTPrintF("\t \tPubKeys : %d\n",numPubKeys);
OPTESTPrintF("\t \tGenKeyAlg: %s\n",key_algor_table(keyGenAlgorithm));
done:
return err;
}
static PGPError listAvailableTokens( PGPContextRef context, PGPUInt32* keys, PGPUInt32* tokens, TokenTestFlags testFlags)
{
PGPError err = kPGPError_NoErr;
PGPKeyDBRef keyDB = kInvalidPGPKeyDBRef;
PGPKeyIterRef iter = kInvalidPGPKeyIterRef;
PGPKeyDBObjRef theKey = kInvalidPGPKeyDBObjRef;
PGPBoolean hadChanges;
PGPUInt32 numKeys = 0;
PGPUInt32 numTokens = 0;
PGPUInt32 i;
/* create a temp key database to read the token keys into */
err = PGPNewKeyDB( context, &keyDB ); CKERR;
/* make an iterator */
err = PGPNewKeyIterFromKeyDB( keyDB, &iter); CKERR;
/* sync the keys into the database */
err = PGPSyncTokenKeys( context, -1, keyDB, &hadChanges);
/* get a count of what we have */
err = PGPCountTokens(context, &numTokens ); CKERR;
err = PGPCountKeysInKeyDB(keyDB, &numKeys); CKERR;
OPTESTPrintF("\t%d token%s found\n", numTokens, numTokens==1?"":"s");
for(i = 0; i < numTokens; i++)
{
err = printTokenInfo(context, i); CKERR;
}
/* check passphrase */
if(gTokenUserPIN)
{
OPTESTPrintF("\n");
for(i = 0; i < numTokens; i++)
{
OPTESTPrintF("\tChecking Token %d Passphrase: \"%s\"\n",i,gTokenUserPIN);
err = PGPTokenPassphraseIsValid(context, i, (PGPByte*)gTokenUserPIN, strlen(gTokenUserPIN)); CKERR;
}
}
if(numKeys)
{
OPTESTPrintF("\n\t%d key%s from tokens\n",numKeys, numKeys==1?"":"s");
err = PGPKeyIterRewind(iter, kPGPKeyDBObjType_Key); CKERR;
/* Iterate through each key */
for(i = 1; IsntPGPError( PGPKeyIterNextKeyDBObj( iter, kPGPKeyDBObjType_Key, &theKey) ); i++)
{
char header[32];
sprintf(header, " [%d] ", i);
if(gVerbose_flag)
{
printKeyDetails(header,FALSE,theKey);
OPTESTPrintF("\n");
}
else
printKeyInfo(header,theKey);
if( (testFlags & kTokenTestFlags_KeyTest)
&& gTokenUserPIN != NULL
&& (canKeyDecrypt(theKey) || canKeySignMessages(theKey)))
{
OPTESTPrintF("\t ");
err = TestKeyCertificate(context, theKey, (PGPByte*) gTokenUserPIN,
testData, sizeof(testData),
testData, sizeof(testData),
NULL, 0 ); CKERR;
OPTESTPrintF("\n");
}
}
}
if(keys) *keys = numKeys;
if(tokens) *tokens = numTokens;
done:
if( PGPKeyIterRefIsValid( iter ) )
PGPFreeKeyIter( iter );
if( PGPKeyDBRefIsValid( keyDB ) )
PGPFreeKeyDB( keyDB );
return err;
}
static PGPError formatToken(PGPContextRef context, PGPUInt32 tokNum, char *SO, char *PIN )
{
PGPError err = kPGPError_NoErr;
if(!SO || (strlen(SO) == 0) || !PIN || (strlen(PIN) == 0))
FAIL("Can not format a token without SO and User PIN\n");
OPTESTPrintF("\n\tFormating Token %d\n\t PIN0 = \"%s\"\n\t PIN1 = \"%s\"\n", tokNum, SO ,PIN );
err = PGPFormatToken( context, tokNum, (PGPByte*)SO, strlen(SO), (PGPByte*)PIN, strlen(PIN)); CKERR
OPTESTPrintF("\n");
done:
return err;
}
static PGPError wipeToken(PGPContextRef context, PGPUInt32 tokNum, char *PIN )
{
PGPError err = kPGPError_NoErr;
if( !PIN || (strlen(PIN) == 0))
FAIL("Can not Wipe a token without User PIN\n");
OPTESTPrintF("\n\tWiping Token %d PIN = \"%s\"\n", tokNum ,PIN );
err = PGPWipeToken( context, tokNum, (PGPByte*)PIN, strlen(PIN) ); CKERR
OPTESTPrintF("\n");
done:
return err;
}
static PGPError genKeyOnToken(PGPContextRef context, PGPUInt32 tokNum, char *PIN )
{
PGPError err = kPGPError_NoErr;
PGPKeyDBRef keyDB = kInvalidPGPKeyDBRef;
PGPKeyDBObjRef key = kInvalidPGPKeyDBObjRef;
PGPKeyDBObjRef subkey = kInvalidPGPKeyDBObjRef;
char *keyName = "Token Generated test key";
if( !PIN || (strlen(PIN) == 0))
FAIL("Can not Generate key on a token without User PIN\n");
err = PGPNewKeyDB( context, &keyDB ); CKERR;
OPTESTPrintF("\tPGPGenerateKey() on token %d\n", tokNum);
err = PGPGenerateKey( context, &key,
PGPOKeyGenParams( context,kPGPPublicKeyAlgorithm_RSA, 1024),
PGPOKeyGenName( context, (PGPByte*)keyName, strlen(keyName)),
PGPOTokenNumber(context, tokNum),
PGPOExpiration(context, 30),
PGPOKeyDBRef( context, keyDB ),
PGPOPassphrase( context, PIN ),
PGPOKeyGenFast( context, TRUE ),
PGPOKeyFlags( context, kPGPKeyPropertyFlags_UsageSign | kPGPKeyPropertyFlags_UsageEncrypt ),
PGPOLastOption( context ) ); CKERR;
OPTESTPrintF("\tPGPGenerateSubKey()\n");
err = PGPGenerateSubKey( context, &subkey,
PGPOKeyGenMasterKey( context, key ),
PGPOKeyGenParams( context,kPGPPublicKeyAlgorithm_RSA, 1024),
PGPOTokenNumber(context, tokNum),
PGPOExpiration(context, 30),
PGPOPassphrase( context, PIN ),
PGPOKeyGenFast( context, TRUE ),
PGPOKeyFlags( context, kPGPKeyPropertyFlags_UsageEncrypt ),
PGPOLastOption( context ) ); CKERR;
OPTESTPrintF("\n");
done:
if( PGPKeyDBRefIsValid( keyDB ) )
PGPFreeKeyDB( keyDB );
return err;
}
static PGPError exportKeytoToken(PGPContextRef context, PGPUInt32 tokNum, char *PIN )
{
PGPError err = kPGPError_NoErr;
PGPKeyDBRef keyDB = kInvalidPGPKeyDBRef;
PGPKeyDBObjRef key = kInvalidPGPKeyDBObjRef;
PGPKeyID theKeyID;
if( !PIN || (strlen(PIN) == 0))
FAIL("Can not Export key on to token without User PIN\n");
/* Read in the test keys and get a ref to it */
err = importKeys(context,gTestKeysPath, kPGPInputFormat_PGP, &keyDB); CKERR;
/* Find a key to sign the cert req with */
err = PGPNewKeyIDFromString( kOptestCAKeyIDString, kPGPPublicKeyAlgorithm_Invalid, &theKeyID); CKERR;
err = PGPFindKeyByKeyID( keyDB, &theKeyID, &key); CKERR;
OPTESTPrintF("\tExport test key %s to Token %d ", kOptestCAKeyIDString, tokNum);
err = PGPExport( context,
PGPOExportKeyDBObj(context, key),
PGPOOutputToken(context, tokNum),
PGPOPassphrase( context, kOptestCAKeyPassPhrase ),
PGPOPassphrase( context, PIN ),
PGPOLastOption( context ) ); CKERR;
OPTESTPrintF("\n");
done:
if( PGPKeyDBRefIsValid( keyDB ) )
PGPFreeKeyDB( keyDB );
return err;
}
/*
Run Token/SmartCard test
*/
// Athena "/usr/libexec/SmartCardServices/pkcs11/libASEPKCS11.dylib"
PGPError TestTokens(PGPContextRef context, TokenTestFlags testFlags)
{
PGPError err = kPGPError_NoErr;
PGPKeyDBRef keyDB = kInvalidPGPKeyDBRef;
PGPFileSpecRef pubKeysFileSpec = kInvalidPGPFileSpecRef;
PGPFileSpecRef privKeysFileSpec = kInvalidPGPFileSpecRef;
PGPUInt32 numKeys = 0;
PGPUInt32 numTokens = 0;
#if USE_IN_MEMORY_DB
err = PGPNewKeyDB( context, &keyDB ); CKERR;
#else
/* create filerefs to the key DB */
{
char buffer[256];
sprintf(buffer, "%s/tokens.pkr", gOutputDirectory );
err = PGPNewFileSpecFromFullPath(context, buffer, &pubKeysFileSpec); CKERR;
sprintf(buffer, "%s/tokens.skr", gOutputDirectory );
err = PGPNewFileSpecFromFullPath(context, buffer, &privKeysFileSpec); CKERR;
err = PGPOpenKeyDBFile( context,
kPGPOpenKeyDBFileOptions_Create | kPGPOpenKeyDBFileOptions_Mutable,
pubKeysFileSpec,
privKeysFileSpec,
&keyDB ); CKERR;
}
#endif
OPTESTPrintF("\tpkcs11 module: %s\n", gP11Module?gP11Module:"<DEFAULT>");
err = PGPSetPKCS11DrvFile(gP11Module); CKERR;
err = listAvailableTokens(context, &numKeys, &numTokens, testFlags); CKERR;
/* Format Token */
if((numTokens > 0) && (testFlags & kTokenTestFlags_Format))
{
err = formatToken(context, gTokNumber, gTokenSOPIN, gTokenUserPIN); CKERR;
}
/* Wipe Token Keys */
if((numTokens > 0) && (testFlags & kTokenTestFlags_Wipe))
{
err = wipeToken(context, gTokNumber, gTokenUserPIN); CKERR;
}
/* Generate Key on Token */
if((numTokens > 0) && (testFlags & kTokenTestFlags_Generate))
{
err = genKeyOnToken(context, gTokNumber, gTokenUserPIN); CKERR;
}
/* Export Key to Token */
if((numTokens > 0) && (testFlags & kTokenTestFlags_Export))
{
err = exportKeytoToken(context, gTokNumber, gTokenUserPIN); CKERR;
}
if(testFlags & (kTokenTestFlags_Generate | kTokenTestFlags_Export))
{
OPTESTPrintF("\tRescan Token\n");
err = listAvailableTokens(context, &numKeys, &numTokens, kTokenTestFlags_KeyTest); CKERR;
}
done:
if( PGPFileSpecRefIsValid(pubKeysFileSpec))
PGPFreeFileSpec(pubKeysFileSpec);
if( PGPFileSpecRefIsValid(privKeysFileSpec))
PGPFreeFileSpec(privKeysFileSpec);
if( PGPKeyDBRefIsValid( keyDB ) )
PGPFreeKeyDB( keyDB );
return err;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -