Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / sshsm / 0c89b3ccba7c9b7332ab67ae1936aff51ca62367 / . / SoftHSMv2 / src / lib / test / ObjectTests.cpp
blob: cd6c6769beccf5496c8bd141f9e7b5c670136ae0 [file] [log] [blame]
NingSun0c89b3c2018-02-08 08:34:03 -0800[diff] [blame^]1/*
2 * Copyright (c) 2012 SURFnet
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27/*****************************************************************************
28 ObjectTests.cpp
29
30 Contains test cases for:
31 C_CreateObject
32 C_CopyObject
33 C_DestroyObject
34 C_GetAttributeValue
35 C_SetAttributeValue
36 C_FindObjectsInit
37 C_FindObjects
38 C_FindObjectsFinal
39 C_GenererateKeyPair
40
41 Below is a list of tests we need to add in order to verify that the PKCS#11 library
42 is working as expected.
43
44 We want to be sure that order of attributes does not impact the tests, therefore
45 every function involving attributes should have the order of the attributes
46 in the template randomized.
47
48 We want to be sure that only attributes that are specified as being part of an
49 object class can be used when creating an object.
50 Using other attributes should return an error on creation of the object.
51
52 We want to be sure that attributes that are required but missing will result
53 in a template incomplete return value.
54
55 We want to be sure that we get an error when trying to modify an attribute that
56 may not be modified
57
58 We want to be sure that attributes that may be changed to one value but not
59 back to the previous value are handled correctly.
60
61 We want to verify that an error is returned when we are trying to modify
62 read-only attributes.
63
64 We want to verify that sensitive attributes cannot be read.
65
66 Because the teardown also removes token objects it is not really
67 required to destroy objects created during the test in the CreateObject tests.
68
69 *****************************************************************************/
70
71#include <config.h>
72#include <stdlib.h>
73#include <string.h>
74#include "ObjectTests.h"
75
76// Common object attributes
77const CK_BBOOL CKA_TOKEN_DEFAULT = CK_FALSE;
78//const CK_BBOOL CKA_PRIVATE_DEFAULT = <token/object attribute dependent>
79const CK_BBOOL CKA_MODIFIABLE_DEFAULT = CK_TRUE;
80const CK_UTF8CHAR_PTR CKA_LABEL_DEFAULT = NULL;
81const CK_BBOOL CKA_COPYABLE_DEFAULT = CK_TRUE;
82const CK_BBOOL CKA_DESTROYABLE_DEFAULT = CK_TRUE;
83
84// Data Object Attributes
85const CK_UTF8CHAR_PTR CKA_APPLICATION_DEFAULT = NULL;
86const CK_BYTE_PTR CKA_OBJECT_ID_DEFAULT = NULL;
87const CK_BYTE_PTR CKA_VALUE_DEFAULT = NULL;
88
89// CKA_TOKEN
90const CK_BBOOL ON_TOKEN = CK_TRUE;
91const CK_BBOOL IN_SESSION = CK_FALSE;
92
93// CKA_PRIVATE
94const CK_BBOOL IS_PRIVATE = CK_TRUE;
95const CK_BBOOL IS_PUBLIC = CK_FALSE;
96
97
98CPPUNIT_TEST_SUITE_REGISTRATION(ObjectTests);
99
100void ObjectTests::checkCommonObjectAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS objClass)
101{
102 CK_RV rv;
103
104 CK_OBJECT_CLASS obj_class = CKO_VENDOR_DEFINED;
105 CK_ATTRIBUTE attribs[] = {
106 { CKA_CLASS, &obj_class, sizeof(obj_class) }
107 };
108
109 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 1) );
110 CPPUNIT_ASSERT(rv == CKR_OK);
111 CPPUNIT_ASSERT(obj_class == objClass);
112}
113
114void ObjectTests::checkCommonStorageObjectAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_BBOOL bToken, CK_BBOOL /*bPrivate*/, CK_BBOOL bModifiable, CK_UTF8CHAR_PTR pLabel, CK_ULONG ulLabelLen, CK_BBOOL bCopyable, CK_BBOOL bDestroyable)
115{
116 CK_RV rv;
117
118 CK_BBOOL obj_token = CK_FALSE;
119 CK_BBOOL obj_private = CK_FALSE;
120 CK_BBOOL obj_modifiable = CK_FALSE;
121 CK_BBOOL obj_copyable = CK_FALSE;
122 CK_BBOOL obj_destroyable = CK_FALSE;
123 CK_ATTRIBUTE attribs[] = {
124 { CKA_LABEL, NULL_PTR, 0 },
125 { CKA_TOKEN, &obj_token, sizeof(obj_token) },
126 { CKA_PRIVATE, &obj_private, sizeof(obj_private) },
127 { CKA_MODIFIABLE, &obj_modifiable, sizeof(obj_modifiable) },
128 { CKA_COPYABLE, &obj_copyable, sizeof(obj_copyable) },
129 { CKA_DESTROYABLE, &obj_destroyable, sizeof(obj_destroyable) }
130 };
131
132 // Get length
133 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 1) );
134 CPPUNIT_ASSERT(rv == CKR_OK);
135 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
136
137 // Check values
138 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 6) );
139 CPPUNIT_ASSERT(rv == CKR_OK);
140 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulLabelLen);
141 CPPUNIT_ASSERT(obj_token == bToken);
142 /* Default is token-specifict
143 CPPUNIT_ASSERT(obj_private == bPrivate); */
144 CPPUNIT_ASSERT(obj_modifiable == bModifiable);
145 CPPUNIT_ASSERT(obj_copyable == bCopyable);
146 CPPUNIT_ASSERT(obj_destroyable == bDestroyable);
147 if (ulLabelLen > 0)
148 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pLabel, ulLabelLen) == 0);
149
150 free(attribs[0].pValue);
151}
152
153void ObjectTests::checkDataObjectAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_UTF8CHAR_PTR pApplication, CK_ULONG ulApplicationLen, CK_BYTE_PTR pObjectID, CK_ULONG ulObjectIdLen, CK_BYTE_PTR pValue, CK_ULONG ulValueLen)
154{
155 CK_RV rv;
156
157 CK_ATTRIBUTE attribs[] = {
158 { CKA_APPLICATION, NULL_PTR, 0 },
159 { CKA_OBJECT_ID, NULL_PTR, 0 },
160 { CKA_VALUE, NULL_PTR, 0 }
161 };
162
163 // Get length
164 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 3) );
165 CPPUNIT_ASSERT(rv == CKR_OK);
166 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
167 attribs[1].pValue = (CK_VOID_PTR)malloc(attribs[1].ulValueLen);
168 attribs[2].pValue = (CK_VOID_PTR)malloc(attribs[2].ulValueLen);
169
170 // Check values
171 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 3) );
172 CPPUNIT_ASSERT(rv == CKR_OK);
173 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulApplicationLen);
174 CPPUNIT_ASSERT(attribs[1].ulValueLen == ulObjectIdLen);
175 CPPUNIT_ASSERT(attribs[2].ulValueLen == ulValueLen);
176 if (ulApplicationLen > 0)
177 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pApplication, ulApplicationLen) == 0);
178 if (ulObjectIdLen > 0)
179 CPPUNIT_ASSERT(memcmp(attribs[1].pValue, pObjectID, ulObjectIdLen) == 0);
180 if (ulValueLen > 0)
181 CPPUNIT_ASSERT(memcmp(attribs[2].pValue, pValue, ulValueLen) == 0);
182
183 free(attribs[0].pValue);
184 free(attribs[1].pValue);
185 free(attribs[2].pValue);
186}
187
188void ObjectTests::checkCommonCertificateObjectAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_CERTIFICATE_TYPE certType, CK_BBOOL bTrusted, CK_ULONG ulCertificateCategory, CK_BYTE_PTR pCheckValue, CK_ULONG ulCheckValueLen, CK_DATE startDate, CK_ULONG ulStartDateLen, CK_DATE endDate, CK_ULONG ulEndDateLen)
189{
190 CK_RV rv;
191
192 CK_CERTIFICATE_TYPE obj_type = CKC_X_509;
193 CK_BBOOL obj_trusted = CK_FALSE;
194 CK_ULONG obj_category = 0;
195 CK_DATE obj_start;
196 CK_DATE obj_end;
197 CK_ATTRIBUTE attribs[] = {
198 { CKA_CHECK_VALUE, NULL_PTR, 0 },
199 { CKA_CERTIFICATE_TYPE, &obj_type, sizeof(obj_type) },
200 { CKA_TRUSTED, &obj_trusted, sizeof(obj_trusted) },
201 { CKA_CERTIFICATE_CATEGORY, &obj_category, sizeof(obj_category) },
202 { CKA_START_DATE, &obj_start, sizeof(obj_start) },
203 { CKA_END_DATE, &obj_end, sizeof(obj_end) }
204 };
205
206 // Get length
207 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 1) );
208 CPPUNIT_ASSERT(rv == CKR_OK);
209 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
210
211 // Check values
212 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 6) );
213 CPPUNIT_ASSERT(rv == CKR_OK);
214 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulCheckValueLen);
215 CPPUNIT_ASSERT(obj_type == certType);
216 CPPUNIT_ASSERT(obj_trusted == bTrusted);
217 CPPUNIT_ASSERT(obj_category == ulCertificateCategory);
218 CPPUNIT_ASSERT(attribs[4].ulValueLen == ulStartDateLen);
219 CPPUNIT_ASSERT(attribs[5].ulValueLen == ulEndDateLen);
220 if (ulCheckValueLen > 0)
221 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pCheckValue, ulCheckValueLen) == 0);
222 if (ulStartDateLen > 0)
223 CPPUNIT_ASSERT(memcmp(attribs[4].pValue, &startDate, ulStartDateLen) == 0);
224 if (ulEndDateLen > 0)
225 CPPUNIT_ASSERT(memcmp(attribs[5].pValue, &endDate, ulEndDateLen) == 0);
226
227 free(attribs[0].pValue);
228}
229
230void ObjectTests::checkX509CertificateObjectAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_BYTE_PTR pSubject, CK_ULONG ulSubjectLen, CK_BYTE_PTR pId, CK_ULONG ulIdLen, CK_BYTE_PTR pIssuer, CK_ULONG ulIssuerLen, CK_BYTE_PTR pSerialNumber, CK_ULONG ulSerialNumberLen, CK_BYTE_PTR pValue, CK_ULONG ulValueLen, CK_BYTE_PTR pUrl, CK_ULONG ulUrlLen, CK_BYTE_PTR pHashOfSubjectPublicKey, CK_ULONG ulHashOfSubjectPublicKeyLen, CK_BYTE_PTR pHashOfIssuerPublicKey, CK_ULONG ulHashOfIssuerPublicKeyLen, CK_ULONG ulJavaMidpSecurityDomain, CK_MECHANISM_TYPE nameHashAlgorithm)
231{
232 CK_RV rv;
233
234 CK_ULONG obj_java = 0;
235 CK_MECHANISM_TYPE obj_mech = CKM_VENDOR_DEFINED;
236 CK_ATTRIBUTE attribs[] = {
237 { CKA_SUBJECT, NULL_PTR, 0 },
238 { CKA_ID, NULL_PTR, 0 },
239 { CKA_ISSUER, NULL_PTR, 0 },
240 { CKA_SERIAL_NUMBER, NULL_PTR, 0 },
241 { CKA_VALUE, NULL_PTR, 0 },
242 { CKA_URL, NULL_PTR, 0 },
243 { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, NULL_PTR, 0 },
244 { CKA_HASH_OF_ISSUER_PUBLIC_KEY, NULL_PTR, 0 },
245 { CKA_JAVA_MIDP_SECURITY_DOMAIN, &obj_java, sizeof(obj_java) },
246 { CKA_NAME_HASH_ALGORITHM, &obj_mech, sizeof(obj_mech) }
247 };
248
249 // Get length
250 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 8) );
251 CPPUNIT_ASSERT(rv == CKR_OK);
252 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
253 attribs[1].pValue = (CK_VOID_PTR)malloc(attribs[1].ulValueLen);
254 attribs[2].pValue = (CK_VOID_PTR)malloc(attribs[2].ulValueLen);
255 attribs[3].pValue = (CK_VOID_PTR)malloc(attribs[3].ulValueLen);
256 attribs[4].pValue = (CK_VOID_PTR)malloc(attribs[4].ulValueLen);
257 attribs[5].pValue = (CK_VOID_PTR)malloc(attribs[5].ulValueLen);
258 attribs[6].pValue = (CK_VOID_PTR)malloc(attribs[6].ulValueLen);
259 attribs[7].pValue = (CK_VOID_PTR)malloc(attribs[7].ulValueLen);
260
261 // Check values
262 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 10) );
263 CPPUNIT_ASSERT(rv == CKR_OK);
264 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulSubjectLen);
265 CPPUNIT_ASSERT(attribs[1].ulValueLen == ulIdLen);
266 CPPUNIT_ASSERT(attribs[2].ulValueLen == ulIssuerLen);
267 CPPUNIT_ASSERT(attribs[3].ulValueLen == ulSerialNumberLen);
268 CPPUNIT_ASSERT(attribs[4].ulValueLen == ulValueLen);
269 CPPUNIT_ASSERT(attribs[5].ulValueLen == ulUrlLen);
270 CPPUNIT_ASSERT(attribs[6].ulValueLen == ulHashOfSubjectPublicKeyLen);
271 CPPUNIT_ASSERT(attribs[7].ulValueLen == ulHashOfIssuerPublicKeyLen);
272 CPPUNIT_ASSERT(obj_java == ulJavaMidpSecurityDomain);
273 CPPUNIT_ASSERT(obj_mech == nameHashAlgorithm);
274 if (ulSubjectLen > 0)
275 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pSubject, ulSubjectLen) == 0);
276 if (ulIdLen > 0)
277 CPPUNIT_ASSERT(memcmp(attribs[1].pValue, pId, ulIdLen) == 0);
278 if (ulIssuerLen > 0)
279 CPPUNIT_ASSERT(memcmp(attribs[2].pValue, pIssuer, ulIssuerLen) == 0);
280 if (ulSerialNumberLen > 0)
281 CPPUNIT_ASSERT(memcmp(attribs[3].pValue, pSerialNumber, ulSerialNumberLen) == 0);
282 if (ulValueLen > 0)
283 CPPUNIT_ASSERT(memcmp(attribs[4].pValue, pValue, ulValueLen) == 0);
284 if (ulUrlLen > 0)
285 CPPUNIT_ASSERT(memcmp(attribs[5].pValue, pUrl, ulUrlLen) == 0);
286 if (ulHashOfSubjectPublicKeyLen > 0)
287 CPPUNIT_ASSERT(memcmp(attribs[6].pValue, pHashOfSubjectPublicKey, ulHashOfSubjectPublicKeyLen) == 0);
288 if (ulHashOfIssuerPublicKeyLen > 0)
289 CPPUNIT_ASSERT(memcmp(attribs[7].pValue, pHashOfIssuerPublicKey, ulHashOfIssuerPublicKeyLen) == 0);
290
291 free(attribs[0].pValue);
292 free(attribs[1].pValue);
293 free(attribs[2].pValue);
294 free(attribs[3].pValue);
295 free(attribs[4].pValue);
296 free(attribs[5].pValue);
297 free(attribs[6].pValue);
298 free(attribs[7].pValue);
299}
300
301void ObjectTests::checkCommonKeyAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_KEY_TYPE keyType, CK_BYTE_PTR pId, CK_ULONG ulIdLen, CK_DATE startDate, CK_ULONG ulStartDateLen, CK_DATE endDate, CK_ULONG ulEndDateLen, CK_BBOOL bDerive, CK_BBOOL bLocal, CK_MECHANISM_TYPE keyMechanismType, CK_MECHANISM_TYPE_PTR pAllowedMechanisms, CK_ULONG ulAllowedMechanismsLen)
302{
303 CK_RV rv;
304
305 CK_KEY_TYPE obj_type = CKK_VENDOR_DEFINED;
306 CK_DATE obj_start;
307 CK_DATE obj_end;
308 CK_BBOOL obj_derive = CK_FALSE;
309 CK_BBOOL obj_local = CK_FALSE;
310 CK_MECHANISM_TYPE obj_mech = CKM_VENDOR_DEFINED;
311 CK_ATTRIBUTE attribs[] = {
312 { CKA_ID, NULL_PTR, 0 },
313 { CKA_KEY_TYPE, &obj_type, sizeof(obj_type) },
314 { CKA_START_DATE, &obj_start, sizeof(obj_start) },
315 { CKA_END_DATE, &obj_end, sizeof(obj_end) },
316 { CKA_DERIVE, &obj_derive, sizeof(obj_derive) },
317 { CKA_LOCAL, &obj_local, sizeof(obj_local) },
318 { CKA_KEY_GEN_MECHANISM, &obj_mech, sizeof(obj_mech) },
319 { CKA_ALLOWED_MECHANISMS, NULL_PTR, 0 }
320 };
321
322 // Get length
323 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 1) );
324 CPPUNIT_ASSERT(rv == CKR_OK);
325 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
326
327 // Check values
328 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 8) );
329 CPPUNIT_ASSERT(rv == CKR_OK);
330 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulIdLen);
331 CPPUNIT_ASSERT(obj_type == keyType);
332 CPPUNIT_ASSERT(attribs[2].ulValueLen == ulStartDateLen);
333 CPPUNIT_ASSERT(attribs[3].ulValueLen == ulEndDateLen);
334 CPPUNIT_ASSERT(obj_derive == bDerive);
335 CPPUNIT_ASSERT(obj_local == bLocal);
336 CPPUNIT_ASSERT(obj_mech == keyMechanismType);
337 CPPUNIT_ASSERT(attribs[7].ulValueLen == ulAllowedMechanismsLen);
338
339 if (ulIdLen > 0)
340 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pId, ulIdLen) == 0);
341 if (ulStartDateLen > 0)
342 CPPUNIT_ASSERT(memcmp(attribs[2].pValue, &startDate, ulStartDateLen) == 0);
343 if (ulEndDateLen > 0)
344 CPPUNIT_ASSERT(memcmp(attribs[3].pValue, &endDate, ulEndDateLen) == 0);
345 if (ulAllowedMechanismsLen > 0)
346 CPPUNIT_ASSERT(memcmp(attribs[7].pValue, pAllowedMechanisms, ulAllowedMechanismsLen) == 0);
347
348 free(attribs[0].pValue);
349}
350
351void ObjectTests::checkCommonPublicKeyAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_BYTE_PTR pSubject, CK_ULONG ulSubjectLen, CK_BBOOL /*bEncrypt*/, CK_BBOOL /*bVerify*/, CK_BBOOL /*bVerifyRecover*/, CK_BBOOL /*bWrap*/, CK_BBOOL bTrusted, CK_ATTRIBUTE_PTR pWrapTemplate, CK_ULONG ulWrapTemplateLen)
352{
353 CK_RV rv;
354
355 CK_BBOOL obj_encrypt = CK_FALSE;
356 CK_BBOOL obj_verify = CK_FALSE;
357 CK_BBOOL obj_verify_recover = CK_FALSE;
358 CK_BBOOL obj_wrap = CK_FALSE;
359 CK_BBOOL obj_trusted = CK_FALSE;
360 CK_LONG len_wrap_template = ulWrapTemplateLen;
361 CK_ATTRIBUTE attribs[] = {
362 { CKA_SUBJECT, NULL_PTR, 0 },
363 { CKA_ENCRYPT, &obj_encrypt, sizeof(obj_encrypt) },
364 { CKA_VERIFY, &obj_verify, sizeof(obj_verify) },
365 { CKA_VERIFY_RECOVER, &obj_verify_recover, sizeof(obj_verify_recover) },
366 { CKA_WRAP, &obj_wrap, sizeof(obj_wrap) },
367 { CKA_TRUSTED, &obj_trusted, sizeof(obj_trusted) },
368 { CKA_WRAP_TEMPLATE, pWrapTemplate, ulWrapTemplateLen }
369 };
370
371 // Get length
372 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 1) );
373 CPPUNIT_ASSERT(rv == CKR_OK);
374 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
375
376 // Check values
377 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 7) );
378 CPPUNIT_ASSERT(rv == CKR_OK);
379 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulSubjectLen);
380 /* Default is token-specifict
381 CPPUNIT_ASSERT(obj_encrypt == bEncrypt);
382 CPPUNIT_ASSERT(obj_verify == bVerify);
383 CPPUNIT_ASSERT(obj_verify_recover == bVerifyRecover);
384 CPPUNIT_ASSERT(obj_wrap == bWrap); */
385 CPPUNIT_ASSERT(obj_trusted == bTrusted);
386 len_wrap_template = attribs[6].ulValueLen;
387 CPPUNIT_ASSERT(len_wrap_template == 0);
388 if (ulSubjectLen > 0)
389 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pSubject, ulSubjectLen) == 0);
390
391 free(attribs[0].pValue);
392}
393
394void ObjectTests::checkCommonPrivateKeyAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_BYTE_PTR pSubject, CK_ULONG ulSubjectLen, CK_BBOOL bSensitive, CK_BBOOL bDecrypt, CK_BBOOL bSign, CK_BBOOL bSignRecover, CK_BBOOL bUnwrap, CK_BBOOL bExtractable, CK_BBOOL bAlwaysSensitive, CK_BBOOL bNeverExtractable, CK_BBOOL bWrapWithTrusted, CK_ATTRIBUTE_PTR pUnwrapTemplate, CK_ULONG ulUnwrapTemplateLen, CK_BBOOL bAlwaysAuthenticate)
395{
396 CK_RV rv;
397
398 CK_BBOOL obj_sensitive = CK_FALSE;
399 CK_BBOOL obj_decrypt = CK_FALSE;
400 CK_BBOOL obj_sign = CK_FALSE;
401 CK_BBOOL obj_sign_recover = CK_FALSE;
402 CK_BBOOL obj_unwrap = CK_FALSE;
403 CK_BBOOL obj_extractable = CK_FALSE;
404 CK_BBOOL obj_always_sensitive = CK_FALSE;
405 CK_BBOOL obj_never_extractable = CK_FALSE;
406 CK_BBOOL obj_wrap_with_trusted = CK_FALSE;
407 CK_BBOOL obj_always_authenticate = CK_FALSE;
408 CK_LONG len_unwrap_template = ulUnwrapTemplateLen;
409 CK_ATTRIBUTE attribs[] = {
410 { CKA_SUBJECT, NULL_PTR, 0 },
411 { CKA_SENSITIVE, &obj_sensitive, sizeof(obj_sensitive) },
412 { CKA_DECRYPT, &obj_decrypt, sizeof(obj_decrypt) },
413 { CKA_SIGN, &obj_sign, sizeof(obj_sign) },
414 { CKA_SIGN_RECOVER, &obj_sign_recover, sizeof(obj_sign_recover) },
415 { CKA_UNWRAP, &obj_unwrap, sizeof(obj_unwrap) },
416 { CKA_EXTRACTABLE, &obj_extractable, sizeof(obj_extractable) },
417 { CKA_ALWAYS_SENSITIVE, &obj_always_sensitive, sizeof(obj_always_sensitive) },
418 { CKA_NEVER_EXTRACTABLE, &obj_never_extractable, sizeof(obj_never_extractable) },
419 { CKA_WRAP_WITH_TRUSTED, &obj_wrap_with_trusted, sizeof(obj_wrap_with_trusted) },
420 { CKA_UNWRAP_TEMPLATE, pUnwrapTemplate, ulUnwrapTemplateLen },
421 { CKA_ALWAYS_AUTHENTICATE, &obj_always_authenticate, sizeof(obj_always_authenticate) }
422 };
423
424 // Get length
425 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 1) );
426 CPPUNIT_ASSERT(rv == CKR_OK);
427 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
428
429 // Check values
430 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 12) );
431 CPPUNIT_ASSERT(rv == CKR_OK);
432 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulSubjectLen);
433 CPPUNIT_ASSERT(obj_sensitive == bSensitive);
434 CPPUNIT_ASSERT(obj_decrypt == bDecrypt);
435 CPPUNIT_ASSERT(obj_sign == bSign);
436 CPPUNIT_ASSERT(obj_sign_recover == bSignRecover);
437 CPPUNIT_ASSERT(obj_unwrap == bUnwrap);
438 CPPUNIT_ASSERT(obj_extractable == bExtractable);
439 CPPUNIT_ASSERT(obj_always_sensitive == bAlwaysSensitive);
440 CPPUNIT_ASSERT(obj_never_extractable == bNeverExtractable);
441 CPPUNIT_ASSERT(obj_wrap_with_trusted == bWrapWithTrusted);
442 CPPUNIT_ASSERT(obj_always_authenticate == bAlwaysAuthenticate);
443 len_unwrap_template = attribs[10].ulValueLen;
444 CPPUNIT_ASSERT(len_unwrap_template == 0);
445 if (ulSubjectLen > 0)
446 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pSubject, ulSubjectLen) == 0);
447
448 free(attribs[0].pValue);
449}
450
451void ObjectTests::checkCommonRSAPublicKeyAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_BYTE_PTR pModulus, CK_ULONG ulModulusLen, CK_ULONG ulModulusBits, CK_BYTE_PTR pPublicExponent, CK_ULONG ulPublicExponentLen)
452{
453 CK_RV rv;
454
455 CK_ULONG obj_bits = 0;
456 CK_ATTRIBUTE attribs[] = {
457 { CKA_MODULUS, NULL_PTR, 0 },
458 { CKA_PUBLIC_EXPONENT, NULL_PTR, 0 },
459 { CKA_MODULUS_BITS, &obj_bits, sizeof(obj_bits) }
460 };
461
462 // Get length
463 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 2) );
464 CPPUNIT_ASSERT(rv == CKR_OK);
465 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
466 attribs[1].pValue = (CK_VOID_PTR)malloc(attribs[1].ulValueLen);
467
468 // Check values
469 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 3) );
470 CPPUNIT_ASSERT(rv == CKR_OK);
471 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulModulusLen);
472 CPPUNIT_ASSERT(attribs[1].ulValueLen == ulPublicExponentLen);
473 CPPUNIT_ASSERT(obj_bits == ulModulusBits);
474 if (ulModulusLen > 0)
475 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pModulus, ulModulusLen) == 0);
476 if (ulPublicExponentLen > 0)
477 CPPUNIT_ASSERT(memcmp(attribs[1].pValue, pPublicExponent, ulPublicExponentLen) == 0);
478
479 free(attribs[0].pValue);
480 free(attribs[1].pValue);
481}
482
483void ObjectTests::checkCommonRSAPrivateKeyAttributes(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_BYTE_PTR pModulus, CK_ULONG ulModulusLen, CK_BYTE_PTR /*pPublicExponent*/, CK_ULONG /*ulPublicExponentLen*/, CK_BYTE_PTR pPrivateExponent, CK_ULONG ulPrivateExponentLen, CK_BYTE_PTR /*pPrime1*/, CK_ULONG /*ulPrime1Len*/, CK_BYTE_PTR /*pPrime2*/, CK_ULONG /*ulPrime2Len*/, CK_BYTE_PTR /*pExponent1*/, CK_ULONG /*ulExponent1Len*/, CK_BYTE_PTR /*pExponent2*/, CK_ULONG /*ulExponent2Len*/, CK_BYTE_PTR /*pCoefficient*/, CK_ULONG /*ulCoefficientLen*/)
484{
485 CK_RV rv;
486
487 CK_ATTRIBUTE attribs[] = {
488 { CKA_MODULUS, NULL_PTR, 0 },
489 { CKA_PRIVATE_EXPONENT, NULL_PTR, 0 }
490 /* Some tokens may only store modulus and private exponent
491 { CKA_PUBLIC_EXPONENT, NULL_PTR, 0 },
492 { CKA_PRIME_1, NULL_PTR, 0 },
493 { CKA_PRIME_2, NULL_PTR, 0 },
494 { CKA_EXPONENT_1, NULL_PTR, 0 },
495 { CKA_EXPONENT_2, NULL_PTR, 0 },
496 { CKA_COEFFICIENT, NULL_PTR, 0 }, */
497 };
498
499 // Get length
500 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 2) );
501 CPPUNIT_ASSERT(rv == CKR_OK);
502 attribs[0].pValue = (CK_VOID_PTR)malloc(attribs[0].ulValueLen);
503 attribs[1].pValue = (CK_VOID_PTR)malloc(attribs[1].ulValueLen);
504
505 // Check values
506 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &attribs[0], 2) );
507 CPPUNIT_ASSERT(rv == CKR_OK);
508 CPPUNIT_ASSERT(attribs[0].ulValueLen == ulModulusLen);
509 CPPUNIT_ASSERT(attribs[1].ulValueLen == ulPrivateExponentLen);
510 if (ulModulusLen > 0)
511 CPPUNIT_ASSERT(memcmp(attribs[0].pValue, pModulus, ulModulusLen) == 0);
512 if (ulPrivateExponentLen > 0)
513 CPPUNIT_ASSERT(memcmp(attribs[1].pValue, pPrivateExponent, ulPrivateExponentLen) == 0);
514
515 free(attribs[0].pValue);
516 free(attribs[1].pValue);
517}
518
519CK_RV ObjectTests::createDataObjectMinimal(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hObject)
520{
521 CK_OBJECT_CLASS cClass = CKO_DATA;
522 CK_UTF8CHAR label[] = "A data object";
523 CK_ATTRIBUTE objTemplate[] = {
524 // Common
525 { CKA_CLASS, &cClass, sizeof(cClass) },
526
527 // Storage
528 { CKA_TOKEN, &bToken, sizeof(bToken) },
529 { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) },
530 //CKA_MODIFIABLE
531 { CKA_LABEL, label, sizeof(label)-1 },
532 //CKA_COPYABLE
533 //CKA_DESTROYABLE
534
535 // Data
536 };
537
538 hObject = CK_INVALID_HANDLE;
539 return CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE),&hObject) );
540}
541
542CK_RV ObjectTests::createDataObjectMCD(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_BBOOL bModifiable, CK_BBOOL bCopyable, CK_BBOOL bDestroyable, CK_OBJECT_HANDLE &hObject)
543{
544 CK_OBJECT_CLASS cClass = CKO_DATA;
545 CK_UTF8CHAR label[] = "A data object";
546 CK_ATTRIBUTE objTemplate[] = {
547 // Common
548 { CKA_CLASS, &cClass, sizeof(cClass) },
549
550 // Storage
551 { CKA_TOKEN, &bToken, sizeof(bToken) },
552 { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) },
553 { CKA_MODIFIABLE, &bModifiable, sizeof(bModifiable) },
554 { CKA_LABEL, label, sizeof(label)-1 },
555 { CKA_COPYABLE, &bCopyable, sizeof(bCopyable) },
556 { CKA_DESTROYABLE, &bDestroyable, sizeof(bDestroyable) }
557
558 // Data
559 };
560
561 hObject = CK_INVALID_HANDLE;
562 return CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE),&hObject) );
563}
564
565CK_RV ObjectTests::createDataObjectNormal(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hObject)
566{
567 CK_OBJECT_CLASS cClass = CKO_DATA;
568 CK_UTF8CHAR label[] = "A data object";
569
570 CK_UTF8CHAR application[] = "An application";
571 CK_BYTE objectID[] = "invalid object id";
572 CK_BYTE data[] = "Sample data";
573
574 CK_ATTRIBUTE objTemplate[] = {
575 // Common
576 { CKA_CLASS, &cClass, sizeof(cClass) },
577
578 // Storage
579 { CKA_TOKEN, &bToken, sizeof(bToken) },
580 { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) },
581 //CKA_MODIFIABLE
582 { CKA_LABEL, label, sizeof(label)-1 },
583 //CKA_COPYABLE
584 //CKA_DESTROYABLE
585
586 // Data
587 { CKA_APPLICATION, application, sizeof(application)-1 },
588 { CKA_OBJECT_ID, objectID, sizeof(objectID) },
589 { CKA_VALUE, data, sizeof(data) }
590 };
591
592 hObject = CK_INVALID_HANDLE;
593 return CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE),&hObject) );
594}
595
596CK_RV ObjectTests::createCertificateObjectIncomplete(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hObject)
597{
598 CK_OBJECT_CLASS cClass = CKO_CERTIFICATE;
599 CK_ATTRIBUTE objTemplate[] = {
600 // Common
601 { CKA_CLASS, &cClass, sizeof(cClass) },
602 // Storage
603 { CKA_TOKEN, &bToken, sizeof(bToken) },
604 { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) }
605 };
606
607 hObject = CK_INVALID_HANDLE;
608 return CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE),&hObject) );
609}
610
611CK_RV ObjectTests::createCertificateObjectX509(CK_SESSION_HANDLE hSession, CK_BBOOL bToken, CK_BBOOL bPrivate, CK_OBJECT_HANDLE &hObject)
612{
613 CK_OBJECT_CLASS cClass = CKO_CERTIFICATE;
614 CK_CERTIFICATE_TYPE cType = CKC_X_509;
615 const char *pSubject = "invalid subject der";
616 const char *pValue = "invalid certificate der";
617
618 CK_ATTRIBUTE objTemplate[] = {
619 // Common
620 { CKA_CLASS, &cClass, sizeof(cClass) },
621 // Storage
622 { CKA_TOKEN, &bToken, sizeof(bToken) },
623 { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) },
624 // Common Certificate Object Attributes
625 { CKA_CERTIFICATE_TYPE, &cType, sizeof(cType) },
626 // X.509 Certificate Object Attributes
627 { CKA_SUBJECT, (CK_VOID_PTR)pSubject, strlen(pSubject) },
628 { CKA_VALUE, (CK_VOID_PTR)pValue, strlen(pValue) }
629 };
630
631 hObject = CK_INVALID_HANDLE;
632 return CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE),&hObject) );
633}
634
635CK_RV ObjectTests::generateRsaKeyPair(CK_SESSION_HANDLE hSession, CK_BBOOL bTokenPuk, CK_BBOOL bPrivatePuk, CK_BBOOL bTokenPrk, CK_BBOOL bPrivatePrk, CK_OBJECT_HANDLE &hPuk, CK_OBJECT_HANDLE &hPrk)
636{
637 CK_MECHANISM mechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 };
638 CK_ULONG bits = 1536;
639 CK_BYTE pubExp[] = {0x01, 0x00, 0x01};
640 CK_BYTE subject[] = { 0x12, 0x34 }; // dummy
641 CK_BYTE id[] = { 123 } ; // dummy
642 CK_BBOOL bFalse = CK_FALSE;
643 CK_BBOOL bTrue = CK_TRUE;
644 CK_ATTRIBUTE pukAttribs[] = {
645 { CKA_TOKEN, &bTokenPuk, sizeof(bTokenPuk) },
646 { CKA_PRIVATE, &bPrivatePuk, sizeof(bPrivatePuk) },
647 { CKA_ENCRYPT, &bFalse, sizeof(bFalse) },
648 { CKA_VERIFY, &bTrue, sizeof(bTrue) },
649 { CKA_WRAP, &bFalse, sizeof(bFalse) },
650 { CKA_MODULUS_BITS, &bits, sizeof(bits) },
651 { CKA_PUBLIC_EXPONENT, &pubExp[0], sizeof(pubExp) }
652 };
653 CK_ATTRIBUTE prkAttribs[] = {
654 { CKA_TOKEN, &bTokenPrk, sizeof(bTokenPrk) },
655 { CKA_PRIVATE, &bPrivatePrk, sizeof(bPrivatePrk) },
656 { CKA_SUBJECT, &subject[0], sizeof(subject) },
657 { CKA_ID, &id[0], sizeof(id) },
658 { CKA_SENSITIVE, &bTrue, sizeof(bTrue) },
659 { CKA_DECRYPT, &bFalse, sizeof(bFalse) },
660 { CKA_SIGN, &bTrue, sizeof(bTrue) },
661 { CKA_UNWRAP, &bFalse, sizeof(bFalse) }
662 };
663
664 hPuk = CK_INVALID_HANDLE;
665 hPrk = CK_INVALID_HANDLE;
666 return CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism,
667 pukAttribs, sizeof(pukAttribs)/sizeof(CK_ATTRIBUTE),
668 prkAttribs, sizeof(prkAttribs)/sizeof(CK_ATTRIBUTE),
669 &hPuk, &hPrk) );
670}
671
672void ObjectTests::testCreateObject()
673{
674// printf("\ntestCreateObject\n");
675
676 // [PKCS#11 v2.40, C_CreateObject]
677 // a. Only session objects can be created during read-only session.
678 // b. Only public objects can be created unless the normal user is logged in.
679 // c. Key object will have CKA_LOCAL == CK_FALSE.
680 // d. If key object is secret or a private key then both CKA_ALWAYS_SENSITIVE == CK_FALSE and CKA_NEVER_EXTRACTABLE == CKA_FALSE.
681
682 CK_RV rv;
683 CK_SESSION_HANDLE hSession;
684 CK_OBJECT_HANDLE hObject;
685
686 CK_BBOOL bFalse = CK_FALSE;
687 CK_BBOOL bTrue = CK_TRUE;
688 CK_OBJECT_CLASS secretClass = CKO_SECRET_KEY;
689 CK_KEY_TYPE genKeyType = CKK_GENERIC_SECRET;
690 CK_BYTE keyPtr[128];
691 CK_ULONG keyLen = 128;
692 CK_ATTRIBUTE attribs[] = {
693 { CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) },
694 { CKA_CLASS, &secretClass, sizeof(secretClass) },
695 { CKA_KEY_TYPE, &genKeyType, sizeof(genKeyType) },
696 { CKA_TOKEN, &bFalse, sizeof(bFalse) },
697 { CKA_PRIVATE, &bTrue, sizeof(bTrue) },
698 { CKA_SENSITIVE, &bTrue, sizeof(bTrue) },
699 { CKA_VALUE, keyPtr, keyLen }
700 };
701
702 CK_BBOOL local;
703 CK_BBOOL always;
704 CK_BBOOL never;
705 CK_ATTRIBUTE getTemplate[] = {
706 { CKA_LOCAL, &local, sizeof(local) },
707 { CKA_ALWAYS_SENSITIVE, &always, sizeof(always) },
708 { CKA_NEVER_EXTRACTABLE, &never, sizeof(never) }
709 };
710
711 // Just make sure that we finalize any previous tests
712 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
713
714 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
715 CPPUNIT_ASSERT(rv == CKR_OK);
716
717 /////////////////////////////////
718 // READ-ONLY & PUBLIC
719 /////////////////////////////////
720
721 // Open read-only session and don't login
722 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) );
723 CPPUNIT_ASSERT(rv == CKR_OK);
724
725 // We should be allowed to create public session objects
726 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PUBLIC, hObject);
727 CPPUNIT_ASSERT(rv == CKR_OK);
728 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
729 CPPUNIT_ASSERT(rv == CKR_OK);
730
731 // Only public objects can be created unless the normal user is logged in
732 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PRIVATE, hObject);
733 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
734
735 // We should not be allowed to create token objects because the session is read-only
736 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PUBLIC, hObject);
737 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
738 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PRIVATE, hObject);
739 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
740
741 /////////////////////////////////
742 // READ-ONLY & USER
743 /////////////////////////////////
744
745 // Login USER into the read-only session
746 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_USER,m_userPin1,m_userPin1Length) );
747 CPPUNIT_ASSERT(rv==CKR_OK);
748
749 // We should be allowed to create public session objects
750 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PUBLIC, hObject);
751 CPPUNIT_ASSERT(rv == CKR_OK);
752 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
753 CPPUNIT_ASSERT(rv == CKR_OK);
754
755 // We should be allowed to create private session objects
756 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PRIVATE, hObject);
757 CPPUNIT_ASSERT(rv == CKR_OK);
758 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
759 CPPUNIT_ASSERT(rv == CKR_OK);
760
761 // We should not be allowed to create token objects.
762 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PUBLIC, hObject);
763 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
764 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PRIVATE, hObject);
765 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
766
767 // Close session
768 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
769 CPPUNIT_ASSERT(rv==CKR_OK);
770
771 /////////////////////////////////
772 // READ-WRITE & PUBLIC
773 /////////////////////////////////
774
775 // Open as read-write session but don't login.
776 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
777 CPPUNIT_ASSERT(rv == CKR_OK);
778
779 // We should be allowed to create public session objects
780 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PUBLIC, hObject);
781 CPPUNIT_ASSERT(rv == CKR_OK);
782 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
783 CPPUNIT_ASSERT(rv == CKR_OK);
784
785 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PRIVATE, hObject);
786 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
787
788 // We should be allowed to create public token objects even when not logged in.
789 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PUBLIC, hObject);
790 CPPUNIT_ASSERT(rv == CKR_OK);
791 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
792 CPPUNIT_ASSERT(rv == CKR_OK);
793
794 // We should not be able to create private token objects because we are not logged in now
795 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PRIVATE, hObject);
796 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
797
798 // Close session
799 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
800 CPPUNIT_ASSERT(rv == CKR_OK);
801
802 /////////////////////////////////
803 // READ-WRITE & USER
804 /////////////////////////////////
805
806 // Open as read-write session
807 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
808 CPPUNIT_ASSERT(rv == CKR_OK);
809
810 // Login to the read-write session
811 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_USER,m_userPin1,m_userPin1Length) );
812 CPPUNIT_ASSERT(rv==CKR_OK);
813
814 // We should always be allowed to create public session objects
815 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PUBLIC, hObject);
816 CPPUNIT_ASSERT(rv == CKR_OK);
817 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
818 CPPUNIT_ASSERT(rv == CKR_OK);
819
820 // We should be able allowed to create private session objects because we are logged in.
821 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PRIVATE, hObject);
822 CPPUNIT_ASSERT(rv == CKR_OK);
823 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
824 CPPUNIT_ASSERT(rv == CKR_OK);
825
826 // We should be allowed to create public token objects even when not logged in.
827 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PUBLIC, hObject);
828 CPPUNIT_ASSERT(rv == CKR_OK);
829 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
830 CPPUNIT_ASSERT(rv == CKR_OK);
831
832 // We should be able to create private token objects because we are logged in now
833 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PRIVATE, hObject);
834 CPPUNIT_ASSERT(rv == CKR_OK);
835 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
836 CPPUNIT_ASSERT(rv == CKR_OK);
837
838 // Close session
839 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
840 CPPUNIT_ASSERT(rv == CKR_OK);
841
842 /////////////////////////////////
843 // READ-WRITE & SO
844 /////////////////////////////////
845
846 // Open as read-write session
847 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
848 CPPUNIT_ASSERT(rv == CKR_OK);
849
850 // Login to the read-write session
851 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_SO,m_soPin1,m_soPin1Length) );
852 CPPUNIT_ASSERT(rv==CKR_OK);
853
854 // We should always be allowed to create public session objects
855 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PUBLIC, hObject);
856 CPPUNIT_ASSERT(rv == CKR_OK);
857 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
858 CPPUNIT_ASSERT(rv == CKR_OK);
859
860 // Only public objects can be created unless the normal user is logged in.
861 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PRIVATE, hObject);
862 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
863
864 // We should be allowed to create public token objects even when not logged in.
865 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PUBLIC, hObject);
866 CPPUNIT_ASSERT(rv == CKR_OK);
867 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
868 CPPUNIT_ASSERT(rv == CKR_OK);
869
870 // Only public objects can be created unless the normal user is logged in.
871 rv = createDataObjectMinimal(hSession, ON_TOKEN, IS_PRIVATE, hObject);
872 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
873
874 // Close session
875 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
876 CPPUNIT_ASSERT(rv == CKR_OK);
877
878 /////////////////////////////////
879 // READ-WRITE & USER
880 /////////////////////////////////
881
882 // Open as read-write session
883 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
884 CPPUNIT_ASSERT(rv == CKR_OK);
885
886 // Login to the read-write session
887 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_USER,m_userPin1,m_userPin1Length) );
888 CPPUNIT_ASSERT(rv==CKR_OK);
889
890 // Create a secret object
891 rv = CRYPTOKI_F_PTR( C_GenerateRandom(hSession, keyPtr, keyLen) );
892 CPPUNIT_ASSERT(rv == CKR_OK);
893 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
894 CPPUNIT_ASSERT(rv == CKR_OK);
895
896 // Check value
897 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, getTemplate, 3) );
898 CPPUNIT_ASSERT(rv == CKR_OK);
899 CPPUNIT_ASSERT(local == CK_FALSE);
900 CPPUNIT_ASSERT(always == CK_FALSE);
901 CPPUNIT_ASSERT(never == CK_FALSE);
902
903 // Destroy the secret object
904 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
905 CPPUNIT_ASSERT(rv == CKR_OK);
906
907 // Close session
908 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
909 CPPUNIT_ASSERT(rv == CKR_OK);
910}
911
912void ObjectTests::testCopyObject()
913{
914// printf("\ntestCopyObject\n");
915
916 CK_RV rv;
917 CK_SESSION_HANDLE hSession;
918 CK_OBJECT_HANDLE hObject;
919 CK_OBJECT_HANDLE hObjectCopy;
920 CK_OBJECT_HANDLE hObject1;
921
922 // Just make sure that we finalize any previous tests
923 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
924
925 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
926 CPPUNIT_ASSERT(rv == CKR_OK);
927
928 // Open read-only session and don't login
929 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) );
930 CPPUNIT_ASSERT(rv == CKR_OK);
931
932 // Get a public session object
933 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PUBLIC, hObject);
934 CPPUNIT_ASSERT(rv == CKR_OK);
935 rv = createDataObjectMCD(hSession, IN_SESSION, IS_PUBLIC, CK_TRUE, CK_FALSE, CK_TRUE, hObjectCopy);
936 CPPUNIT_ASSERT(rv == CKR_OK);
937
938 // Allowed to copy it
939 const char *pLabel = "Label modified via C_CopyObject";
940 CK_BBOOL bToken = CK_FALSE;
941 CK_BBOOL bPrivate = CK_FALSE;
942 CK_OBJECT_CLASS cClass = CKO_DATA;
943 CK_ATTRIBUTE attribs[] = {
944 { CKA_LABEL, (CK_UTF8CHAR_PTR)pLabel, strlen(pLabel) },
945 { CKA_TOKEN, &bToken, sizeof(bToken) },
946 { CKA_PRIVATE, &bPrivate, sizeof(bPrivate) },
947 { CKA_CLASS, &cClass, sizeof(cClass) }
948 };
949 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 1, &hObject1) );
950 CPPUNIT_ASSERT(rv == CKR_OK);
951 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hObject1) );
952 CPPUNIT_ASSERT(rv == CKR_OK);
953
954 // Not allowed to copy.
955 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObjectCopy, &attribs[0], 1, &hObject1) );
956 CPPUNIT_ASSERT(rv == CKR_ACTION_PROHIBITED);
957 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hObjectCopy) );
958 CPPUNIT_ASSERT(rv == CKR_OK);
959
960 // Still allowed when still session and public
961 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 3, &hObject1) );
962 CPPUNIT_ASSERT(rv == CKR_OK);
963 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hObject1) );
964 CPPUNIT_ASSERT(rv == CKR_OK);
965
966 // Not allowed to overwrite an !ck8 attribute
967 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 4, &hObject1) );
968 CPPUNIT_ASSERT(rv == CKR_ATTRIBUTE_READ_ONLY);
969
970 // Not allowed to go on token
971 bToken = CK_TRUE;
972 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 3, &hObject1) );
973 bToken = CK_FALSE;
974 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
975
976 // Not allowed to go to private
977 bPrivate = CK_TRUE;
978 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 3, &hObject1) );
979 bPrivate = CK_FALSE;
980 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
981
982 // Close session
983 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
984 CPPUNIT_ASSERT(rv == CKR_OK);
985
986 // Create a read-write session
987 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
988 CPPUNIT_ASSERT(rv == CKR_OK);
989
990 // Login USER into the sessions so we can create a private object
991 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
992 CPPUNIT_ASSERT(rv == CKR_OK);
993
994 // Get a public session object
995 rv = createDataObjectNormal(hSession, IN_SESSION, IS_PUBLIC, hObject);
996 CPPUNIT_ASSERT(rv == CKR_OK);
997
998 // Allowed to go on token
999 bToken = CK_TRUE;
1000 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 3, &hObject1) );
1001 CPPUNIT_ASSERT(rv == CKR_OK);
1002 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hObject1) );
1003 CPPUNIT_ASSERT(rv == CKR_OK);
1004
1005 // Allowed to go to private
1006 bPrivate = CK_TRUE;
1007 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 3, &hObject1) );
1008 CPPUNIT_ASSERT(rv == CKR_OK);
1009 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hObject1) );
1010 CPPUNIT_ASSERT(rv == CKR_OK);
1011
1012 // Not allowed to change a !ck8 parameter
1013 CK_BYTE id[] = "Another object ID";
1014 attribs[3].type = CKA_OBJECT_ID;
1015 attribs[3].pValue = id;
1016 attribs[3].ulValueLen = sizeof(id);
1017 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 4, &hObject1) );
1018 CPPUNIT_ASSERT(rv == CKR_ATTRIBUTE_READ_ONLY);
1019
1020 // Not allowed to downgrade privacy
1021 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hObject) );
1022 CPPUNIT_ASSERT(rv == CKR_OK);
1023 rv = createDataObjectNormal(hSession, IN_SESSION, IS_PRIVATE, hObject);
1024 CPPUNIT_ASSERT(rv == CKR_OK);
1025 bToken = CK_FALSE;
1026 bPrivate = CK_FALSE;
1027 rv = CRYPTOKI_F_PTR( C_CopyObject(hSession, hObject, &attribs[0], 3, &hObject1) );
1028 CPPUNIT_ASSERT(rv == CKR_TEMPLATE_INCONSISTENT);
1029
1030 // Close session
1031 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
1032 CPPUNIT_ASSERT(rv == CKR_OK);
1033}
1034
1035void ObjectTests::testDestroyObject()
1036{
1037// printf("\ntestDestroyObject\n");
1038
1039 // [PKCS#11 v2.40, C_Logout] When logout is successful...
1040 // a. Any of the application's handles to private objects become invalid.
1041 // b. Even if a user is later logged back into the token those handles remain invalid.
1042 // c. All private session objects from sessions belonging to the application area destroyed.
1043
1044 // [PKCS#11 v2.40, C_CreateObject]
1045 // Only session objects can be created during read-only session.
1046 // Only public objects can be created unless the normal user is logged in.
1047
1048 CK_RV rv;
1049 CK_SESSION_HANDLE hSessionRO;
1050 CK_SESSION_HANDLE hSessionRW;
1051 CK_OBJECT_HANDLE hObjectSessionPublic;
1052 CK_OBJECT_HANDLE hObjectSessionPrivate;
1053 CK_OBJECT_HANDLE hObjectTokenPublic;
1054 CK_OBJECT_HANDLE hObjectTokenPrivate;
1055 CK_OBJECT_HANDLE hObjectDestroy;
1056
1057 // Just make sure that we finalize any previous tests
1058 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1059
1060 // Open read-only session on when the token is not initialized should fail
1061 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1062 CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
1063
1064 // Initialize the library and start the test.
1065 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1066 CPPUNIT_ASSERT(rv == CKR_OK);
1067
1068 // Try to destroy an invalid object using an invalid session
1069 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRO,CK_INVALID_HANDLE) );
1070 CPPUNIT_ASSERT(rv == CKR_SESSION_HANDLE_INVALID);
1071
1072 // Create a read-only session.
1073 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1074 CPPUNIT_ASSERT(rv == CKR_OK);
1075
1076 // Trying to destroy an invalid object in a read-only session
1077 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRO,CK_INVALID_HANDLE) );
1078 CPPUNIT_ASSERT(rv == CKR_OBJECT_HANDLE_INVALID);
1079
1080 // Create a read-write session
1081 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
1082 CPPUNIT_ASSERT(rv == CKR_OK);
1083
1084 // Trying to destroy an invalid object in a read-write session
1085 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRO,CK_INVALID_HANDLE) );
1086 CPPUNIT_ASSERT(rv == CKR_OBJECT_HANDLE_INVALID);
1087
1088 // Login USER into the sessions so we can create a private objects
1089 rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
1090 CPPUNIT_ASSERT(rv==CKR_OK);
1091
1092 // Create all permutations of session/token, public/private objects
1093 rv = createDataObjectMinimal(hSessionRW, IN_SESSION, IS_PUBLIC, hObjectSessionPublic);
1094 CPPUNIT_ASSERT(rv == CKR_OK);
1095 rv = createDataObjectMinimal(hSessionRW, IN_SESSION, IS_PRIVATE, hObjectSessionPrivate);
1096 CPPUNIT_ASSERT(rv == CKR_OK);
1097 rv = createDataObjectMinimal(hSessionRW, ON_TOKEN, IS_PUBLIC, hObjectTokenPublic);
1098 CPPUNIT_ASSERT(rv == CKR_OK);
1099 rv = createDataObjectMinimal(hSessionRW, ON_TOKEN, IS_PRIVATE, hObjectTokenPrivate);
1100 CPPUNIT_ASSERT(rv == CKR_OK);
1101 rv = createDataObjectMCD(hSessionRW, IN_SESSION, IS_PUBLIC, CK_TRUE, CK_TRUE, CK_FALSE, hObjectDestroy);
1102 CPPUNIT_ASSERT(rv == CKR_OK);
1103
1104 // We should not be able to destroy a non-destroyable object.
1105 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRO,hObjectDestroy) );
1106 CPPUNIT_ASSERT(rv == CKR_ACTION_PROHIBITED);
1107
1108 // On a read-only session we should not be able to destroy the public token object
1109 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRO,hObjectTokenPublic) );
1110 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
1111
1112 // On a read-only session we should not be able to destroy the private token object
1113 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRO,hObjectTokenPrivate) );
1114 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
1115
1116 // Logout with a different session than the one used for login should be fine.
1117 rv = CRYPTOKI_F_PTR( C_Logout(hSessionRW) );
1118 CPPUNIT_ASSERT(rv==CKR_OK);
1119
1120 // Login USER into the sessions so we can destroy private objects
1121 rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
1122 CPPUNIT_ASSERT(rv==CKR_OK);
1123
1124 // We should be able to destroy the public session object from a read-only session.
1125 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRO,hObjectSessionPublic) );
1126 CPPUNIT_ASSERT(rv == CKR_OK);
1127
1128 // All private session objects should have been destroyed when logging out.
1129 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRW,hObjectSessionPrivate) );
1130 CPPUNIT_ASSERT(rv == CKR_OBJECT_HANDLE_INVALID);
1131
1132 // We should be able to destroy the public token object now.
1133 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRW,hObjectTokenPublic) );
1134 CPPUNIT_ASSERT(rv == CKR_OK);
1135
1136 // All handles to private token objects should have been invalidated when logging out.
1137 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSessionRW,hObjectTokenPrivate) );
1138 CPPUNIT_ASSERT(rv == CKR_OBJECT_HANDLE_INVALID);
1139
1140 // Close session
1141 rv = CRYPTOKI_F_PTR( C_CloseSession(hSessionRO) );
1142 CPPUNIT_ASSERT(rv == CKR_OK);
1143
1144 // Close session
1145 rv = CRYPTOKI_F_PTR( C_CloseSession(hSessionRW) );
1146 CPPUNIT_ASSERT(rv == CKR_OK);
1147}
1148
1149void ObjectTests::testGetObjectSize()
1150{
1151 CK_RV rv;
1152 CK_SESSION_HANDLE hSession;
1153 CK_OBJECT_HANDLE hObject;
1154
1155 // Just make sure that we finalize any previous tests
1156 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1157
1158 // Open read-only session on when the token is not initialized should fail
1159 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1160 CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
1161
1162 // Initialize the library and start the test.
1163 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1164 CPPUNIT_ASSERT(rv == CKR_OK);
1165
1166 // Open a session
1167 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1168 CPPUNIT_ASSERT(rv == CKR_OK);
1169
1170 // Get an object
1171 rv = createDataObjectMinimal(hSession, IN_SESSION, IS_PUBLIC, hObject);
1172 CPPUNIT_ASSERT(rv == CKR_OK);
1173
1174 // Get the object size
1175 CK_ULONG objectSize;
1176 rv = CRYPTOKI_F_PTR( C_GetObjectSize(hSession, hObject, &objectSize) );
1177 CPPUNIT_ASSERT(rv == CKR_OK);
1178 CPPUNIT_ASSERT(objectSize == CK_UNAVAILABLE_INFORMATION);
1179
1180 // Close session
1181 rv = CRYPTOKI_F_PTR( C_CloseSession(hSession) );
1182 CPPUNIT_ASSERT(rv == CKR_OK);
1183}
1184
1185void ObjectTests::testGetAttributeValue()
1186{
1187 CK_RV rv;
1188 CK_SESSION_HANDLE hSessionRO;
1189 CK_SESSION_HANDLE hSessionRW;
1190 CK_OBJECT_HANDLE hObjectSessionPublic;
1191
1192 // Just make sure that we finalize any previous tests
1193 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1194
1195 // Open read-only session on when the token is not initialized should fail
1196 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1197 CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
1198
1199 // Initialize the library and start the test.
1200 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1201 CPPUNIT_ASSERT(rv == CKR_OK);
1202
1203 // Open read-only session
1204 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1205 CPPUNIT_ASSERT(rv == CKR_OK);
1206
1207 // Open read-write
1208 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
1209 CPPUNIT_ASSERT(rv == CKR_OK);
1210
1211 // Try to destroy an invalid object using an invalid session
1212 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSessionRO,CK_INVALID_HANDLE,NULL,1) );
1213 CPPUNIT_ASSERT(rv == CKR_ARGUMENTS_BAD);
1214
1215 // Create all permutations of session/token, public/private objects
1216 rv = createDataObjectMinimal(hSessionRO, IN_SESSION, IS_PUBLIC, hObjectSessionPublic);
1217 CPPUNIT_ASSERT(rv == CKR_OK);
1218
1219 CK_OBJECT_CLASS cClass = CKO_VENDOR_DEFINED;
1220 CK_ATTRIBUTE attribs[] = {
1221 { CKA_CLASS, &cClass, sizeof(cClass) }
1222 };
1223
1224 rv = CRYPTOKI_F_PTR( C_GetAttributeValue (hSessionRO,hObjectSessionPublic,&attribs[0],1) );//sizeof(attribs)/sizeof(CK_ATTRIBUTE));
1225 CPPUNIT_ASSERT(rv == CKR_OK);
1226
1227 // Close session
1228 rv = CRYPTOKI_F_PTR( C_CloseSession(hSessionRO) );
1229 CPPUNIT_ASSERT(rv == CKR_OK);
1230
1231 // Close session
1232 rv = CRYPTOKI_F_PTR( C_CloseSession(hSessionRW) );
1233 CPPUNIT_ASSERT(rv == CKR_OK);
1234}
1235
1236void ObjectTests::testSetAttributeValue()
1237{
1238 // [PKCS#11 v2.40, 4.1.1 Creating objects]
1239 // 1. If the supplied template specifies a value for an invalid attribute, then the attempt
1240 // should fail with the error code CKR_ATTRIBUTE_TYPE_INVALID. An attribute
1241 // is valid if it is either one of the attributes described in the Cryptoki specification or an
1242 // additional vendor-specific attribute supported by the library and token.
1243 //
1244 // 2. If the supplied template specifies an invalid value for a valid attribute, then the
1245 // attempt should fail with the error code CKR_ATTRIBUTE_VALUE_INVALID.
1246 // The valid values for Cryptoki attributes are described in the Cryptoki specification.
1247 //
1248 // 3. If the supplied template specifies a value for a read-only attribute, then the attempt
1249 // should fail with the error code CKR_ATTRIBUTE_READ_ONLY. Whether or not a
1250 // given Cryptoki attribute is read-only is explicitly stated in the Cryptoki specification;
1251 // however, a particular library and token may be even more restrictive than Cryptoki
1252 // specifies. In other words, an attribute which Cryptoki says is not read-only may
1253 // nonetheless be read-only under certain circumstances (i.e., in conjunction with some
1254 // combinations of other attributes) for a particular library and token. Whether or not a
1255 // given non-Cryptoki attribute is read-only is obviously outside the scope of Cryptoki.
1256 //
1257 // 4. N/A (Does not apply to C_SetAttributeValue)
1258 //
1259 // 5. If the attribute values in the supplied template, together with any default attribute
1260 // values and any attribute values contributed to the object by the object-creation
1261 // function itself, are inconsistent, then the attempt should fail with the error code
1262 // CKR_TEMPLATE_INCONSISTENT. A set of attribute values is inconsistent if not
1263 // all of its members can be satisfied simultaneously by the token, although each value
1264 // individually is valid in Cryptoki. One example of an inconsistent template would be
1265 // using a template which specifies two different values for the same attribute. Another
1266 // example would be trying to create a secret key object with an attribute which is
1267 // appropriate for various types of public keys or private keys, but not for secret keys.
1268 // A final example would be a template with an attribute that violates some token
1269 // specific requirement. Note that this final example of an inconsistent template is
1270 // token-dependent—on a different token, such a template might not be inconsistent.
1271 //
1272 // 6. If the supplied template specifies the same value for a particular attribute more than
1273 // once (or the template specifies the same value for a particular attribute that the object-
1274 // creation function itself contributes to the object), then the behavior of Cryptoki is not
1275 // completely specified. The attempt to create an object can either succeed—thereby
1276 // creating the same object that would have been created if the multiply-specified
1277 // attribute had only appeared once—or it can fail with error code
1278 // CKR_TEMPLATE_INCONSISTENT. Library developers are encouraged to make
1279 // their libraries behave as though the attribute had only appeared once in the template;
1280 // application developers are strongly encouraged never to put a particular attribute into
1281 // a particular template more than once.
1282
1283 CK_RV rv;
1284 CK_SESSION_HANDLE hSessionRO;
1285 CK_SESSION_HANDLE hSessionRW;
1286 CK_OBJECT_HANDLE hObjectSessionPublic;
1287 CK_OBJECT_HANDLE hObjectSessionPrivate;
1288 CK_OBJECT_HANDLE hObjectTokenPublic;
1289 CK_OBJECT_HANDLE hObjectTokenPrivate;
1290 CK_OBJECT_HANDLE hObjectSet;
1291
1292 // Just make sure that we finalize any previous tests
1293 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1294
1295 // Open read-only session on when the token is not initialized should fail
1296 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1297 CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
1298
1299 // Initialize the library and start the test.
1300 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1301 CPPUNIT_ASSERT(rv == CKR_OK);
1302
1303 // Open read-only session
1304 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1305 CPPUNIT_ASSERT(rv == CKR_OK);
1306
1307 // Open read-write session
1308 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
1309 CPPUNIT_ASSERT(rv == CKR_OK);
1310
1311 // Login USER into the sessions so we can create a private objects
1312 rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
1313 CPPUNIT_ASSERT(rv==CKR_OK);
1314
1315 // Create all permutations of session/token, public/private objects
1316 rv = createDataObjectMinimal(hSessionRO, IN_SESSION, IS_PUBLIC, hObjectSessionPublic);
1317 CPPUNIT_ASSERT(rv == CKR_OK);
1318 rv = createDataObjectMinimal(hSessionRW, IN_SESSION, IS_PRIVATE, hObjectSessionPrivate);
1319 CPPUNIT_ASSERT(rv == CKR_OK);
1320 rv = createDataObjectMinimal(hSessionRW, ON_TOKEN, IS_PUBLIC, hObjectTokenPublic);
1321 CPPUNIT_ASSERT(rv == CKR_OK);
1322 rv = createDataObjectMinimal(hSessionRW, ON_TOKEN, IS_PRIVATE, hObjectTokenPrivate);
1323 CPPUNIT_ASSERT(rv == CKR_OK);
1324 rv = createDataObjectMCD(hSessionRO, IN_SESSION, IS_PUBLIC, CK_FALSE, CK_TRUE, CK_TRUE, hObjectSet);
1325 CPPUNIT_ASSERT(rv == CKR_OK);
1326
1327 // Check that label can be modified on all combintations of session/token and public/private objects
1328 const char *pLabel = "Label modified via C_SetAttributeValue";
1329 CK_ATTRIBUTE attribs[] = {
1330 { CKA_LABEL, (CK_UTF8CHAR_PTR)pLabel, strlen(pLabel) }
1331 };
1332
1333 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRO,hObjectSessionPublic,&attribs[0],1) );
1334 CPPUNIT_ASSERT(rv == CKR_OK);
1335 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRO,hObjectSessionPrivate,&attribs[0],1) );
1336 CPPUNIT_ASSERT(rv == CKR_OK);
1337 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRO,hObjectTokenPublic,&attribs[0],1) );
1338 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
1339 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRW,hObjectTokenPublic,&attribs[0],1) );
1340 CPPUNIT_ASSERT(rv == CKR_OK);
1341 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRO,hObjectTokenPrivate,&attribs[0],1) );
1342 CPPUNIT_ASSERT(rv == CKR_SESSION_READ_ONLY);
1343 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRW,hObjectTokenPrivate,&attribs[0],1) );
1344 CPPUNIT_ASSERT(rv == CKR_OK);
1345 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRO,hObjectSet,&attribs[0],1) );
1346 CPPUNIT_ASSERT(rv == CKR_ACTION_PROHIBITED);
1347
1348 attribs[0].pValue = NULL_PTR;
1349 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSessionRO,hObjectSessionPublic,&attribs[0],1) );
1350 CPPUNIT_ASSERT(rv == CKR_OK);
1351 CPPUNIT_ASSERT(attribs[0].ulValueLen == strlen(pLabel));
1352
1353 char pStoredLabel[64];
1354 attribs[0].pValue = &pStoredLabel[0];
1355 attribs[0].ulValueLen = 64;
1356 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSessionRO,hObjectSessionPublic,&attribs[0],1) );
1357 CPPUNIT_ASSERT(rv == CKR_OK);
1358 CPPUNIT_ASSERT(attribs[0].ulValueLen == strlen(pLabel));
1359 CPPUNIT_ASSERT(memcmp(pLabel,pStoredLabel,strlen(pLabel)) == 0);
1360
1361 // Close session
1362 rv = CRYPTOKI_F_PTR( C_CloseSession(hSessionRO) );
1363 CPPUNIT_ASSERT(rv == CKR_OK);
1364
1365 // Close session
1366 rv = CRYPTOKI_F_PTR( C_CloseSession(hSessionRW) );
1367 CPPUNIT_ASSERT(rv == CKR_OK);
1368}
1369
1370void ObjectTests::testFindObjects()
1371{
1372 CK_RV rv;
1373 CK_SESSION_HANDLE hSessionRO;
1374 CK_SESSION_HANDLE hSessionRW;
1375 CK_OBJECT_HANDLE hObjectSessionPublic;
1376 CK_OBJECT_HANDLE hObjectSessionPrivate;
1377 CK_OBJECT_HANDLE hObjectTokenPublic;
1378 CK_OBJECT_HANDLE hObjectTokenPrivate;
1379
1380 // Just make sure that we finalize any previous tests
1381 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1382
1383 // Open read-only session on when the token is not initialized should fail
1384 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1385 CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
1386
1387 // Initialize the library and start the test.
1388 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1389 CPPUNIT_ASSERT(rv == CKR_OK);
1390
1391 // Open read-only session
1392 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1393 CPPUNIT_ASSERT(rv == CKR_OK);
1394
1395 // Open read-write session
1396 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
1397 CPPUNIT_ASSERT(rv == CKR_OK);
1398
1399 // Login USER into the sessions so we can create a private objects
1400 rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
1401 CPPUNIT_ASSERT(rv==CKR_OK);
1402
1403 // Create all permutations of session/token, public/private objects
1404 rv = createDataObjectMinimal(hSessionRO, IN_SESSION, IS_PUBLIC, hObjectSessionPublic);
1405 CPPUNIT_ASSERT(rv == CKR_OK);
1406 rv = createDataObjectMinimal(hSessionRW, IN_SESSION, IS_PRIVATE, hObjectSessionPrivate);
1407 CPPUNIT_ASSERT(rv == CKR_OK);
1408 rv = createDataObjectMinimal(hSessionRW, ON_TOKEN, IS_PUBLIC, hObjectTokenPublic);
1409 CPPUNIT_ASSERT(rv == CKR_OK);
1410 rv = createDataObjectMinimal(hSessionRW, ON_TOKEN, IS_PRIVATE, hObjectTokenPrivate);
1411 CPPUNIT_ASSERT(rv == CKR_OK);
1412
1413 // Set labels for the objects
1414 const char *pLabel = "Label modified via C_SetAttributeValue";
1415 CK_ATTRIBUTE attribs[] = {
1416 { CKA_LABEL, (CK_UTF8CHAR_PTR)pLabel, strlen(pLabel) }
1417 };
1418 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRO,hObjectSessionPublic,&attribs[0],1) );
1419 CPPUNIT_ASSERT(rv == CKR_OK);
1420 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRO,hObjectSessionPrivate,&attribs[0],1) );
1421 CPPUNIT_ASSERT(rv == CKR_OK);
1422 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRW,hObjectTokenPublic,&attribs[0],1) );
1423 CPPUNIT_ASSERT(rv == CKR_OK);
1424 rv = CRYPTOKI_F_PTR( C_SetAttributeValue (hSessionRW,hObjectTokenPrivate,&attribs[0],1) );
1425 CPPUNIT_ASSERT(rv == CKR_OK);
1426
1427 // Now find the objects while logged in should find them all.
1428 rv = CRYPTOKI_F_PTR( C_FindObjectsInit(hSessionRO,&attribs[0],1) );
1429 CPPUNIT_ASSERT(rv == CKR_OK);
1430 CK_OBJECT_HANDLE hObjects[16];
1431 CK_ULONG ulObjectCount = 0;
1432 rv = CRYPTOKI_F_PTR( C_FindObjects(hSessionRO,&hObjects[0],16,&ulObjectCount) );
1433 CPPUNIT_ASSERT(rv == CKR_OK);
1434 CPPUNIT_ASSERT(4 == ulObjectCount);
1435 rv = CRYPTOKI_F_PTR( C_FindObjectsFinal(hSessionRO) );
1436
1437
1438 rv = CRYPTOKI_F_PTR( C_Logout(hSessionRO) );
1439 CPPUNIT_ASSERT(rv == CKR_OK);
1440
1441 // Now find the objects while no longer logged in should find only 2
1442 rv = CRYPTOKI_F_PTR( C_FindObjectsInit(hSessionRO,&attribs[0],1) );
1443 CPPUNIT_ASSERT(rv == CKR_OK);
1444 rv = CRYPTOKI_F_PTR( C_FindObjects(hSessionRO,&hObjects[0],16,&ulObjectCount) );
1445 CPPUNIT_ASSERT(rv == CKR_OK);
1446 CPPUNIT_ASSERT(2 == ulObjectCount);
1447 rv = CRYPTOKI_F_PTR( C_FindObjectsFinal(hSessionRO) );
1448
1449 // Close the session used to create the session objects, should also destroy the session objects.
1450 rv = CRYPTOKI_F_PTR( C_CloseSession(hSessionRO) );
1451 CPPUNIT_ASSERT(rv == CKR_OK);
1452
1453 // Now find just the public token object as public session object should be gone now.
1454 rv = CRYPTOKI_F_PTR( C_FindObjectsInit(hSessionRW,&attribs[0],1) );
1455 CPPUNIT_ASSERT(rv == CKR_OK);
1456 rv = CRYPTOKI_F_PTR( C_FindObjects(hSessionRW,&hObjects[0],16,&ulObjectCount) );
1457 CPPUNIT_ASSERT(rv == CKR_OK);
1458 CPPUNIT_ASSERT(1 == ulObjectCount);
1459 rv = CRYPTOKI_F_PTR( C_FindObjectsFinal(hSessionRW) );
1460
1461 // Login USER into the sessions so we can gain access to private objects
1462 rv = CRYPTOKI_F_PTR( C_Login(hSessionRW,CKU_USER,m_userPin1,m_userPin1Length) );
1463 CPPUNIT_ASSERT(rv==CKR_OK);
1464
1465 // Now find just the public token object as public session object should be gone now.
1466 rv = CRYPTOKI_F_PTR( C_FindObjectsInit(hSessionRW,&attribs[0],1) );
1467 CPPUNIT_ASSERT(rv == CKR_OK);
1468 rv = CRYPTOKI_F_PTR( C_FindObjects(hSessionRW,&hObjects[0],16,&ulObjectCount) );
1469 CPPUNIT_ASSERT(rv == CKR_OK);
1470 CPPUNIT_ASSERT(2 == ulObjectCount);
1471 rv = CRYPTOKI_F_PTR( C_FindObjectsFinal(hSessionRW) );
1472}
1473
1474
1475void ObjectTests::testGenerateKeys()
1476{
1477 CK_RV rv;
1478 CK_SESSION_HANDLE hSessionRO;
1479 CK_SESSION_HANDLE hSessionRW;
1480
1481 // Just make sure that we finalize any previous tests
1482 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1483
1484 // Open read-only session on when the token is not initialized should fail
1485 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1486 CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_NOT_INITIALIZED);
1487
1488 // Initialize the library and start the test.
1489 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1490 CPPUNIT_ASSERT(rv == CKR_OK);
1491
1492 // Open read-only session
1493 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR, &hSessionRO) );
1494 CPPUNIT_ASSERT(rv == CKR_OK);
1495
1496 // Open read-write session
1497 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSessionRW) );
1498 CPPUNIT_ASSERT(rv == CKR_OK);
1499
1500 // Login USER into the sessions so we can create a private objects
1501 rv = CRYPTOKI_F_PTR( C_Login(hSessionRO,CKU_USER,m_userPin1,m_userPin1Length) );
1502 CPPUNIT_ASSERT(rv==CKR_OK);
1503
1504 CK_OBJECT_HANDLE hPuk = CK_INVALID_HANDLE;
1505 CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE;
1506
1507 // Generate all combinations of session/token public/private key pairs.
1508 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPuk,hPrk);
1509 CPPUNIT_ASSERT(rv == CKR_OK);
1510 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,IN_SESSION,IS_PRIVATE,hPuk,hPrk);
1511 CPPUNIT_ASSERT(rv == CKR_OK);
1512 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,ON_TOKEN,IS_PUBLIC,hPuk,hPrk);
1513 CPPUNIT_ASSERT(rv == CKR_OK);
1514 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PUBLIC,ON_TOKEN,IS_PRIVATE,hPuk,hPrk);
1515 CPPUNIT_ASSERT(rv == CKR_OK);
1516
1517 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PRIVATE,IN_SESSION,IS_PUBLIC,hPuk,hPrk);
1518 CPPUNIT_ASSERT(rv == CKR_OK);
1519 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PRIVATE,IN_SESSION,IS_PRIVATE,hPuk,hPrk);
1520 CPPUNIT_ASSERT(rv == CKR_OK);
1521 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PRIVATE,ON_TOKEN,IS_PUBLIC,hPuk,hPrk);
1522 CPPUNIT_ASSERT(rv == CKR_OK);
1523 rv = generateRsaKeyPair(hSessionRW,IN_SESSION,IS_PRIVATE,ON_TOKEN,IS_PRIVATE,hPuk,hPrk);
1524 CPPUNIT_ASSERT(rv == CKR_OK);
1525
1526 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PUBLIC,IN_SESSION,IS_PUBLIC,hPuk,hPrk);
1527 CPPUNIT_ASSERT(rv == CKR_OK);
1528 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PUBLIC,IN_SESSION,IS_PRIVATE,hPuk,hPrk);
1529 CPPUNIT_ASSERT(rv == CKR_OK);
1530 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PUBLIC,ON_TOKEN,IS_PUBLIC,hPuk,hPrk);
1531 CPPUNIT_ASSERT(rv == CKR_OK);
1532 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PUBLIC,ON_TOKEN,IS_PRIVATE,hPuk,hPrk);
1533 CPPUNIT_ASSERT(rv == CKR_OK);
1534
1535 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PRIVATE,IN_SESSION,IS_PUBLIC,hPuk,hPrk);
1536 CPPUNIT_ASSERT(rv == CKR_OK);
1537 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PRIVATE,IN_SESSION,IS_PRIVATE,hPuk,hPrk);
1538 CPPUNIT_ASSERT(rv == CKR_OK);
1539 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PRIVATE,ON_TOKEN,IS_PUBLIC,hPuk,hPrk);
1540 CPPUNIT_ASSERT(rv == CKR_OK);
1541 rv = generateRsaKeyPair(hSessionRW,ON_TOKEN,IS_PRIVATE,ON_TOKEN,IS_PRIVATE,hPuk,hPrk);
1542 CPPUNIT_ASSERT(rv == CKR_OK);
1543}
1544
1545void ObjectTests::testCreateCertificates()
1546{
1547 CK_RV rv;
1548 CK_SESSION_HANDLE hSession;
1549
1550 // Just make sure that we finalize any previous tests
1551 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1552
1553 // Initialize the library and start the test.
1554 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1555 CPPUNIT_ASSERT(rv == CKR_OK);
1556
1557 // Open read-write session
1558 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1559 CPPUNIT_ASSERT(rv == CKR_OK);
1560
1561 // Login USER into the sessions so we can create a private objects
1562 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_USER,m_userPin1,m_userPin1Length) );
1563 CPPUNIT_ASSERT(rv==CKR_OK);
1564
1565 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
1566
1567 rv = createCertificateObjectIncomplete(hSession,IN_SESSION,IS_PUBLIC,hObject);
1568 CPPUNIT_ASSERT(rv == CKR_TEMPLATE_INCOMPLETE);
1569 rv = createCertificateObjectX509(hSession,IN_SESSION,IS_PUBLIC,hObject);
1570 CPPUNIT_ASSERT(rv == CKR_OK);
1571
1572 CK_BYTE pCheckValue[] = { 0x2b, 0x84, 0xf6 };
1573 CK_ATTRIBUTE attribs[] = {
1574 { CKA_CHECK_VALUE, pCheckValue, sizeof(pCheckValue) }
1575 };
1576
1577 rv = CRYPTOKI_F_PTR( C_SetAttributeValue(hSession, hObject, attribs, 1) );
1578 CPPUNIT_ASSERT(rv == CKR_ATTRIBUTE_READ_ONLY);
1579}
1580
1581void ObjectTests::testDefaultDataAttributes()
1582{
1583 CK_RV rv;
1584 CK_SESSION_HANDLE hSession;
1585 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
1586
1587 // Minimal data object
1588 CK_OBJECT_CLASS objClass = CKO_DATA;
1589 CK_ATTRIBUTE objTemplate[] = {
1590 { CKA_CLASS, &objClass, sizeof(objClass) }
1591 };
1592
1593 // Just make sure that we finalize any previous tests
1594 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1595
1596 // Initialize the library and start the test.
1597 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1598 CPPUNIT_ASSERT(rv == CKR_OK);
1599
1600 // Open read-write session
1601 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1602 CPPUNIT_ASSERT(rv == CKR_OK);
1603
1604 // Login USER into the sessions so we can create a private objects
1605 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
1606 CPPUNIT_ASSERT(rv == CKR_OK);
1607
1608 // Create minimal data object
1609 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE), &hObject) );
1610 CPPUNIT_ASSERT(rv == CKR_OK);
1611
1612 // Check attributes in data object
1613 checkCommonObjectAttributes(hSession, hObject, objClass);
1614 checkCommonStorageObjectAttributes(hSession, hObject, CK_FALSE, CK_TRUE, CK_TRUE, NULL_PTR, 0, CK_TRUE, CK_TRUE);
1615 checkDataObjectAttributes(hSession, hObject, NULL_PTR, 0, NULL_PTR, 0, NULL_PTR, 0);
1616}
1617
1618void ObjectTests::testDefaultX509CertAttributes()
1619{
1620 CK_RV rv;
1621 CK_SESSION_HANDLE hSession;
1622 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
1623
1624 // Minimal X509 certificate object
1625 CK_OBJECT_CLASS objClass = CKO_CERTIFICATE;
1626 CK_CERTIFICATE_TYPE certificateType = CKC_X_509;
1627 CK_BYTE pSubject[] = "Test1";
1628 CK_BYTE pValue[] = "Test2";
1629 CK_BYTE pCheckValue[] = { 0x2b, 0x84, 0xf6 };
1630 CK_DATE emptyDate;
1631 CK_ATTRIBUTE objTemplate[] = {
1632 { CKA_CLASS, &objClass, sizeof(objClass) },
1633 { CKA_CERTIFICATE_TYPE, &certificateType, sizeof(certificateType) },
1634 { CKA_SUBJECT, pSubject, sizeof(pSubject)-1 },
1635 { CKA_VALUE, pValue, sizeof(pValue)-1 }
1636 };
1637
1638 // Just make sure that we finalize any previous tests
1639 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1640
1641 // Initialize the library and start the test.
1642 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1643 CPPUNIT_ASSERT(rv == CKR_OK);
1644
1645 // Open read-write session
1646 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1647 CPPUNIT_ASSERT(rv == CKR_OK);
1648
1649 // Login USER into the sessions so we can create a private objects
1650 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
1651 CPPUNIT_ASSERT(rv == CKR_OK);
1652
1653 // Create minimal X509 certificate
1654 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE), &hObject) );
1655 CPPUNIT_ASSERT(rv == CKR_OK);
1656
1657 // Check attributes in X509 certificate object
1658 checkCommonObjectAttributes(hSession, hObject, objClass);
1659 checkCommonStorageObjectAttributes(hSession, hObject, CK_FALSE, CK_FALSE, CK_TRUE, NULL_PTR, 0, CK_TRUE, CK_TRUE);
1660 memset(&emptyDate, 0, sizeof(emptyDate));
1661 checkCommonCertificateObjectAttributes(hSession, hObject, CKC_X_509, CK_FALSE, 0, pCheckValue, sizeof(pCheckValue), emptyDate, 0, emptyDate, 0);
1662 checkX509CertificateObjectAttributes(hSession, hObject, pSubject, sizeof(pSubject)-1, NULL_PTR, 0, NULL_PTR, 0, NULL_PTR, 0, pValue, sizeof(pValue)-1, NULL_PTR, 0, NULL_PTR, 0, NULL_PTR, 0, 0, CKM_SHA_1);
1663}
1664
1665void ObjectTests::testDefaultRSAPubAttributes()
1666{
1667 CK_RV rv;
1668 CK_SESSION_HANDLE hSession;
1669 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
1670
1671 // Minimal RSA public key object
1672 CK_OBJECT_CLASS objClass = CKO_PUBLIC_KEY;
1673 CK_KEY_TYPE objType = CKK_RSA;
1674 CK_BYTE pN[] = { 0xC6, 0x47, 0xDD, 0x74, 0x3B, 0xCB, 0xDC, 0x6F, 0xCE, 0xA7,
1675 0xF0, 0x5F, 0x29, 0x4B, 0x27, 0x00, 0xCC, 0x92, 0xE9, 0x20,
1676 0x8A, 0x2C, 0x87, 0x36, 0x47, 0x24, 0xB0, 0xD5, 0x7D, 0xB0,
1677 0x92, 0x01, 0xA0, 0xA3, 0x55, 0x2E, 0x3F, 0xFE, 0xA7, 0x4C,
1678 0x4B, 0x3F, 0x9D, 0x4E, 0xCB, 0x78, 0x12, 0xA9, 0x42, 0xAD,
1679 0x51, 0x1F, 0x3B, 0xBD, 0x3D, 0x6A, 0xE5, 0x38, 0xB7, 0x45,
1680 0x65, 0x50, 0x30, 0x35 };
1681 CK_BYTE pE[] = { 0x01, 0x00, 0x01 };
1682 CK_DATE emptyDate;
1683 CK_ATTRIBUTE objTemplate[] = {
1684 { CKA_CLASS, &objClass, sizeof(objClass) },
1685 { CKA_KEY_TYPE, &objType, sizeof(objType) },
1686 { CKA_MODULUS, pN, sizeof(pN) },
1687 { CKA_PUBLIC_EXPONENT, pE, sizeof(pE) }
1688 };
1689
1690 // Just make sure that we finalize any previous tests
1691 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1692
1693 // Initialize the library and start the test.
1694 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1695 CPPUNIT_ASSERT(rv == CKR_OK);
1696
1697 // Open read-write session
1698 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1699 CPPUNIT_ASSERT(rv == CKR_OK);
1700
1701 // Login USER into the sessions so we can create a private objects
1702 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
1703 CPPUNIT_ASSERT(rv == CKR_OK);
1704
1705 // Create minimal RSA public key object
1706 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE), &hObject) );
1707 CPPUNIT_ASSERT(rv == CKR_OK);
1708
1709 // Check attributes in RSA public key object
1710 checkCommonObjectAttributes(hSession, hObject, objClass);
1711 checkCommonStorageObjectAttributes(hSession, hObject, CK_FALSE, CK_FALSE, CK_TRUE, NULL_PTR, 0, CK_TRUE, CK_TRUE);
1712 memset(&emptyDate, 0, sizeof(emptyDate));
1713 checkCommonKeyAttributes(hSession, hObject, objType, NULL_PTR, 0, emptyDate, 0, emptyDate, 0, CK_FALSE, CK_FALSE, CK_UNAVAILABLE_INFORMATION, NULL_PTR, 0);
1714 checkCommonPublicKeyAttributes(hSession, hObject, NULL_PTR, 0, CK_TRUE, CK_TRUE, CK_TRUE, CK_TRUE, CK_FALSE, NULL_PTR, 0);
1715 checkCommonRSAPublicKeyAttributes(hSession, hObject, pN, sizeof(pN), 512, pE, sizeof(pE));
1716}
1717
1718void ObjectTests::testDefaultRSAPrivAttributes()
1719{
1720 CK_RV rv;
1721 CK_SESSION_HANDLE hSession;
1722 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
1723
1724 // Minimal RSA private key object
1725 CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY;
1726 CK_KEY_TYPE objType = CKK_RSA;
1727 CK_BBOOL bTrue = CK_TRUE;
1728 CK_BBOOL bFalse = CK_FALSE;
1729 CK_BYTE pN[] = { 0xC6, 0x47, 0xDD, 0x74, 0x3B, 0xCB, 0xDC, 0x6F, 0xCE, 0xA7,
1730 0xF0, 0x5F, 0x29, 0x4B, 0x27, 0x00, 0xCC, 0x92, 0xE9, 0x20,
1731 0x8A, 0x2C, 0x87, 0x36, 0x47, 0x24, 0xB0, 0xD5, 0x7D, 0xB0,
1732 0x92, 0x01, 0xA0, 0xA3, 0x55, 0x2E, 0x3F, 0xFE, 0xA7, 0x4C,
1733 0x4B, 0x3F, 0x9D, 0x4E, 0xCB, 0x78, 0x12, 0xA9, 0x42, 0xAD,
1734 0x51, 0x1F, 0x3B, 0xBD, 0x3D, 0x6A, 0xE5, 0x38, 0xB7, 0x45,
1735 0x65, 0x50, 0x30, 0x35 };
1736 CK_BYTE pD[] = { 0x6D, 0x94, 0x6B, 0xEB, 0xFF, 0xDC, 0x03, 0x80, 0x7B, 0x0A,
1737 0x4F, 0x0A, 0x98, 0x6C, 0xA3, 0x2A, 0x8A, 0xE4, 0xAA, 0x18,
1738 0x44, 0xA4, 0xA5, 0x39, 0x37, 0x0A, 0x2C, 0xFC, 0x5F, 0xD1,
1739 0x44, 0x6E, 0xCE, 0x25, 0x9B, 0xE5, 0xD1, 0x51, 0xAF, 0xA8,
1740 0x30, 0xD1, 0x4D, 0x3C, 0x60, 0x33, 0xB5, 0xED, 0x4C, 0x39,
1741 0xDA, 0x68, 0x78, 0xF9, 0x6B, 0x4F, 0x47, 0x55, 0xB2, 0x02,
1742 0x00, 0x7E, 0x9C, 0x05 };
1743 CK_DATE emptyDate;
1744 // Make the key non-sensitive and extractable so that we can test it.
1745 CK_ATTRIBUTE objTemplate[] = {
1746 { CKA_CLASS, &objClass, sizeof(objClass) },
1747 { CKA_KEY_TYPE, &objType, sizeof(objType) },
1748 { CKA_SENSITIVE, &bFalse, sizeof(bFalse) },
1749 { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) },
1750 { CKA_MODULUS, pN, sizeof(pN) },
1751 { CKA_PRIVATE_EXPONENT, pD, sizeof(pD) }
1752 };
1753
1754 // Just make sure that we finalize any previous tests
1755 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1756
1757 // Initialize the library and start the test.
1758 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1759 CPPUNIT_ASSERT(rv == CKR_OK);
1760
1761 // Open read-write session
1762 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1763 CPPUNIT_ASSERT(rv == CKR_OK);
1764
1765 // Login USER into the sessions so we can create a private objects
1766 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
1767 CPPUNIT_ASSERT(rv == CKR_OK);
1768
1769 // Create minimal RSA public key object
1770 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE), &hObject) );
1771 CPPUNIT_ASSERT(rv == CKR_OK);
1772
1773 // Check attributes in RSA public key object
1774 checkCommonObjectAttributes(hSession, hObject, objClass);
1775 checkCommonStorageObjectAttributes(hSession, hObject, CK_FALSE, CK_TRUE, CK_TRUE, NULL_PTR, 0, CK_TRUE, CK_TRUE);
1776 memset(&emptyDate, 0, sizeof(emptyDate));
1777 checkCommonKeyAttributes(hSession, hObject, objType, NULL_PTR, 0, emptyDate, 0, emptyDate, 0, CK_FALSE, CK_FALSE, CK_UNAVAILABLE_INFORMATION, NULL_PTR, 0);
1778 checkCommonPrivateKeyAttributes(hSession, hObject, NULL_PTR, 0, CK_FALSE, CK_TRUE, CK_TRUE, CK_TRUE, CK_TRUE, CK_TRUE, CK_FALSE, CK_FALSE, CK_FALSE, NULL_PTR, 0, CK_FALSE);
1779 checkCommonRSAPrivateKeyAttributes(hSession, hObject, pN, sizeof(pN), NULL_PTR, 0, pD, sizeof(pD), NULL_PTR, 0, NULL_PTR, 0, NULL_PTR, 0, NULL_PTR, 0, NULL_PTR, 0);
1780}
1781
1782void ObjectTests::testAlwaysNeverAttribute()
1783{
1784 CK_RV rv;
1785 CK_SESSION_HANDLE hSession;
1786 CK_OBJECT_HANDLE hPuk = CK_INVALID_HANDLE;
1787 CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE;
1788
1789 CK_MECHANISM mechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 };
1790 CK_ULONG bits = 1536;
1791 CK_BBOOL bFalse = CK_FALSE;
1792 CK_BBOOL bTrue = CK_TRUE;
1793 CK_BBOOL always;
1794 CK_BBOOL never;
1795 CK_ATTRIBUTE pukAttribs[] = {
1796 { CKA_MODULUS_BITS, &bits, sizeof(bits) }
1797 };
1798 CK_ATTRIBUTE prkAttribs[] = {
1799 { CKA_SENSITIVE, &bTrue, sizeof(bTrue) },
1800 { CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) }
1801 };
1802 CK_ATTRIBUTE getTemplate[] = {
1803 { CKA_ALWAYS_SENSITIVE, &always, sizeof(always) },
1804 { CKA_NEVER_EXTRACTABLE, &never, sizeof(never) }
1805 };
1806
1807 // Just make sure that we finalize any previous tests
1808 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1809
1810 // Initialize the library and start the test.
1811 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1812 CPPUNIT_ASSERT(rv == CKR_OK);
1813
1814 // Open read-write session
1815 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1816 CPPUNIT_ASSERT(rv == CKR_OK);
1817
1818 // Login USER into the sessions so we can create a private objects
1819 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
1820 CPPUNIT_ASSERT(rv == CKR_OK);
1821
1822 // Create object
1823 rv = CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, pukAttribs, 1, prkAttribs, 2, &hPuk, &hPrk) );
1824 CPPUNIT_ASSERT(rv == CKR_OK);
1825
1826 // Check value
1827 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, getTemplate, 2) );
1828 CPPUNIT_ASSERT(rv == CKR_OK);
1829 CPPUNIT_ASSERT(always == CK_TRUE);
1830 CPPUNIT_ASSERT(never == CK_TRUE);
1831
1832 // Set value
1833 rv = CRYPTOKI_F_PTR( C_SetAttributeValue(hSession, hPrk, prkAttribs, 2) );
1834 CPPUNIT_ASSERT(rv == CKR_ATTRIBUTE_READ_ONLY);
1835
1836 // Create object
1837 prkAttribs[0].pValue = &bFalse;
1838 prkAttribs[1].pValue = &bTrue;
1839 rv = CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, pukAttribs, 1, prkAttribs, 2, &hPuk, &hPrk) );
1840 CPPUNIT_ASSERT(rv == CKR_OK);
1841
1842 // Check value
1843 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, getTemplate, 2) );
1844 CPPUNIT_ASSERT(rv == CKR_OK);
1845 CPPUNIT_ASSERT(always == CK_FALSE);
1846 CPPUNIT_ASSERT(never == CK_FALSE);
1847}
1848
1849void ObjectTests::testSensitiveAttributes()
1850{
1851 CK_RV rv;
1852 CK_SESSION_HANDLE hSession;
1853 CK_OBJECT_HANDLE hPuk = CK_INVALID_HANDLE;
1854 CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE;
1855
1856 CK_MECHANISM mechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 };
1857 CK_ULONG bits = 1536;
1858 CK_BBOOL bSensitive = CK_TRUE;
1859 CK_BBOOL bTrue = CK_TRUE;
1860 CK_ATTRIBUTE pukAttribs[] = {
1861 { CKA_MODULUS_BITS, &bits, sizeof(bits) }
1862 };
1863 // Sensitive attributes cannot be revealed in plaintext even if wrapping is allowed
1864 CK_ATTRIBUTE prkAttribs[] = {
1865 { CKA_SENSITIVE, &bSensitive, sizeof(bSensitive) },
1866 { CKA_EXTRACTABLE, &bTrue, sizeof(bTrue) }
1867 };
1868 CK_ATTRIBUTE getTemplate[] = {
1869 { CKA_PRIVATE_EXPONENT, NULL_PTR, 0 },
1870 { CKA_PRIME_1, NULL_PTR, 0 },
1871 { CKA_PRIME_2, NULL_PTR, 0 },
1872 { CKA_EXPONENT_1, NULL_PTR, 0 },
1873 { CKA_EXPONENT_2, NULL_PTR, 0 },
1874 { CKA_COEFFICIENT, NULL_PTR, 0 }
1875 };
1876
1877 // Just make sure that we finalize any previous tests
1878 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1879
1880 // Initialize the library and start the test.
1881 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1882 CPPUNIT_ASSERT(rv == CKR_OK);
1883
1884 // Open read-write session
1885 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1886 CPPUNIT_ASSERT(rv == CKR_OK);
1887
1888 // Login USER into the sessions so we can create a private objects
1889 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
1890 CPPUNIT_ASSERT(rv == CKR_OK);
1891
1892 // Create object
1893 rv = CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, pukAttribs, 1, prkAttribs, 2, &hPuk, &hPrk) );
1894 CPPUNIT_ASSERT(rv == CKR_OK);
1895
1896 // Check value
1897 for (int i = 0; i < 6; i++)
1898 {
1899 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, &getTemplate[i], 1) );
1900 CPPUNIT_ASSERT(rv == CKR_ATTRIBUTE_SENSITIVE);
1901 }
1902
1903 // Retry with non-sensitive object
1904 bSensitive = CK_FALSE;
1905 rv = CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, pukAttribs, 1, prkAttribs, 2, &hPuk, &hPrk) );
1906 CPPUNIT_ASSERT(rv == CKR_OK);
1907
1908 // Check value
1909 for (int i = 0; i < 6; i++)
1910 {
1911 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hPrk, &getTemplate[i], 1) );
1912 CPPUNIT_ASSERT(rv == CKR_OK);
1913 }
1914}
1915
1916void ObjectTests::testGetInvalidAttribute()
1917{
1918 CK_RV rv;
1919 CK_SESSION_HANDLE hSession;
1920 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
1921
1922 // Minimal data object
1923 CK_OBJECT_CLASS objClass = CKO_DATA;
1924 CK_BBOOL bSign;
1925 CK_ATTRIBUTE objTemplate[] = {
1926 { CKA_CLASS, &objClass, sizeof(objClass) }
1927 };
1928 CK_ATTRIBUTE getTemplate[] = {
1929 { CKA_SIGN, &bSign, sizeof(bSign) }
1930 };
1931
1932 // Just make sure that we finalize any previous tests
1933 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1934
1935 // Initialize the library and start the test.
1936 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1937 CPPUNIT_ASSERT(rv == CKR_OK);
1938
1939 // Open read-write session
1940 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1941 CPPUNIT_ASSERT(rv == CKR_OK);
1942
1943 // Login USER into the sessions so we can create a private objects
1944 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
1945 CPPUNIT_ASSERT(rv == CKR_OK);
1946
1947 // Create minimal data object
1948 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, 1, &hObject) );
1949 CPPUNIT_ASSERT(rv == CKR_OK);
1950
1951 // Check value
1952 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, getTemplate, 1) );
1953 CPPUNIT_ASSERT(rv == CKR_ATTRIBUTE_TYPE_INVALID);
1954}
1955
1956void ObjectTests::testReAuthentication()
1957{
1958 CK_RV rv;
1959 CK_SESSION_HANDLE hSession;
1960 CK_OBJECT_HANDLE hPuk = CK_INVALID_HANDLE;
1961 CK_OBJECT_HANDLE hPrk = CK_INVALID_HANDLE;
1962
1963 CK_MECHANISM mechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 };
1964 CK_ULONG bits = 1024;
1965 CK_BBOOL bTrue = CK_TRUE;
1966 CK_ATTRIBUTE pukAttribs[] = {
1967 { CKA_MODULUS_BITS, &bits, sizeof(bits) }
1968 };
1969 CK_ATTRIBUTE prkAttribs[] = {
1970 { CKA_PRIVATE, &bTrue, sizeof(bTrue) },
1971 { CKA_DECRYPT, &bTrue, sizeof(bTrue) },
1972 { CKA_SIGN, &bTrue, sizeof(bTrue) },
1973 { CKA_ALWAYS_AUTHENTICATE, &bTrue, sizeof(bTrue) }
1974 };
1975
1976 CK_MECHANISM signMech = { CKM_SHA256_RSA_PKCS, NULL_PTR, 0 };
1977 CK_BYTE data[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
1978 CK_BYTE signature256[256];
1979 CK_ULONG signature256Len = sizeof(signature256);
1980
1981 CK_MECHANISM encMech = { CKM_RSA_PKCS, NULL_PTR, 0 };
1982 CK_BYTE cipherText[256];
1983 CK_ULONG ulCipherTextLen = sizeof(cipherText);
1984 CK_BYTE recoveredText[256];
1985 CK_ULONG ulRecoveredTextLen = sizeof(recoveredText);
1986
1987 // Just make sure that we finalize any previous tests
1988 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
1989
1990 // Initialize the library and start the test.
1991 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
1992 CPPUNIT_ASSERT(rv == CKR_OK);
1993
1994 // Open read-write session
1995 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
1996 CPPUNIT_ASSERT(rv == CKR_OK);
1997
1998 // Login USER into the sessions so we can create private objects
1999 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_USER,m_userPin1,m_userPin1Length) );
2000 CPPUNIT_ASSERT(rv == CKR_OK);
2001
2002 // Create object
2003 rv = CRYPTOKI_F_PTR( C_GenerateKeyPair(hSession, &mechanism, pukAttribs, 1, prkAttribs, 4, &hPuk, &hPrk) );
2004 CPPUNIT_ASSERT(rv == CKR_OK);
2005
2006 // Test C_Sign with re-authentication with invalid and valid PIN
2007 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_CONTEXT_SPECIFIC,m_userPin1,m_userPin1Length) );
2008 CPPUNIT_ASSERT(rv == CKR_OPERATION_NOT_INITIALIZED);
2009 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &signMech, hPrk) );
2010 CPPUNIT_ASSERT(rv == CKR_OK);
2011 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_CONTEXT_SPECIFIC,m_userPin1,m_userPin1Length-1) );
2012 CPPUNIT_ASSERT(rv == CKR_PIN_INCORRECT);
2013 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_CONTEXT_SPECIFIC,m_userPin1,m_userPin1Length) );
2014 CPPUNIT_ASSERT(rv == CKR_OK);
2015 rv = CRYPTOKI_F_PTR( C_Sign(hSession, data, sizeof(data), signature256, &signature256Len) );
2016 CPPUNIT_ASSERT(rv == CKR_OK);
2017
2018 // Test C_Sign without re-authentication
2019 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &signMech, hPrk) );
2020 CPPUNIT_ASSERT(rv == CKR_OK);
2021 rv = CRYPTOKI_F_PTR( C_Sign(hSession, data, sizeof(data), signature256, &signature256Len) );
2022 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
2023 rv = CRYPTOKI_F_PTR( C_Sign(hSession, data, sizeof(data), signature256, &signature256Len) );
2024 CPPUNIT_ASSERT(rv == CKR_OPERATION_NOT_INITIALIZED);
2025
2026 // Test C_SignUpdate with re-authentication
2027 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &signMech, hPrk) );
2028 CPPUNIT_ASSERT(rv == CKR_OK);
2029 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_CONTEXT_SPECIFIC,m_userPin1,m_userPin1Length) );
2030 CPPUNIT_ASSERT(rv == CKR_OK);
2031 rv = CRYPTOKI_F_PTR( C_SignUpdate(hSession, data, sizeof(data)) );
2032 CPPUNIT_ASSERT(rv == CKR_OK);
2033 rv = CRYPTOKI_F_PTR( C_SignFinal(hSession, signature256, &signature256Len) );
2034 CPPUNIT_ASSERT(rv == CKR_OK);
2035
2036 // Test C_SignUpdate without re-authentication
2037 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &signMech, hPrk) );
2038 CPPUNIT_ASSERT(rv == CKR_OK);
2039 rv = CRYPTOKI_F_PTR( C_SignUpdate(hSession, data, sizeof(data)) );
2040 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
2041 rv = CRYPTOKI_F_PTR( C_SignUpdate(hSession, data, sizeof(data)) );
2042 CPPUNIT_ASSERT(rv == CKR_OPERATION_NOT_INITIALIZED);
2043
2044 // Test C_SignFinal with re-authentication
2045 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &signMech, hPrk) );
2046 CPPUNIT_ASSERT(rv == CKR_OK);
2047 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_CONTEXT_SPECIFIC,m_userPin1,m_userPin1Length) );
2048 CPPUNIT_ASSERT(rv == CKR_OK);
2049 rv = CRYPTOKI_F_PTR( C_SignFinal(hSession, signature256, &signature256Len) );
2050 CPPUNIT_ASSERT(rv == CKR_OK);
2051
2052 // Test C_SignFinal without re-authentication
2053 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &signMech, hPrk) );
2054 CPPUNIT_ASSERT(rv == CKR_OK);
2055 rv = CRYPTOKI_F_PTR( C_SignFinal(hSession, signature256, &signature256Len) );
2056 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
2057 rv = CRYPTOKI_F_PTR( C_SignFinal(hSession, signature256, &signature256Len) );
2058 CPPUNIT_ASSERT(rv == CKR_OPERATION_NOT_INITIALIZED);
2059
2060 // Encrypt some data
2061 rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&encMech,hPuk) );
2062 CPPUNIT_ASSERT(rv==CKR_OK);
2063 rv = CRYPTOKI_F_PTR( C_Encrypt(hSession,data,sizeof(data),cipherText,&ulCipherTextLen) );
2064 CPPUNIT_ASSERT(rv==CKR_OK);
2065
2066 // Test C_Decrypt with re-authentication
2067 rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,&encMech,hPrk) );
2068 CPPUNIT_ASSERT(rv==CKR_OK);
2069 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_CONTEXT_SPECIFIC,m_userPin1,m_userPin1Length) );
2070 CPPUNIT_ASSERT(rv == CKR_OK);
2071 rv = CRYPTOKI_F_PTR( C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen) );
2072 CPPUNIT_ASSERT(rv==CKR_OK);
2073 CPPUNIT_ASSERT(memcmp(data, &recoveredText[ulRecoveredTextLen-sizeof(data)], sizeof(data)) == 0);
2074
2075 // Test C_Decrypt without re-authentication
2076 rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,&encMech,hPrk) );
2077 CPPUNIT_ASSERT(rv==CKR_OK);
2078 rv = CRYPTOKI_F_PTR( C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen) );
2079 CPPUNIT_ASSERT(rv == CKR_USER_NOT_LOGGED_IN);
2080 rv = CRYPTOKI_F_PTR( C_Decrypt(hSession,cipherText,ulCipherTextLen,recoveredText,&ulRecoveredTextLen) );
2081 CPPUNIT_ASSERT(rv == CKR_OPERATION_NOT_INITIALIZED);
2082}
2083
2084void ObjectTests::testAllowedMechanisms()
2085{
2086 CK_RV rv;
2087 CK_SESSION_HANDLE hSession;
2088
2089 // Just make sure that we finalize any previous tests
2090 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
2091
2092 // Initialize the library and start the test.
2093 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
2094 CPPUNIT_ASSERT(rv == CKR_OK);
2095
2096 // Open read-write session
2097 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
2098 CPPUNIT_ASSERT(rv == CKR_OK);
2099
2100 // Login USER into the sessions so we can create a private objects
2101 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_USER,m_userPin1,m_userPin1Length) );
2102 CPPUNIT_ASSERT(rv==CKR_OK);
2103
2104 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
2105 CK_OBJECT_CLASS secretClass = CKO_SECRET_KEY;
2106 CK_BYTE key[65] = { "0000000000000000000000000000000000000000000000000000000000000000" };
2107 CK_MECHANISM_TYPE allowedMechs[] = { CKM_SHA256_HMAC, CKM_SHA512_HMAC };
2108 CK_ATTRIBUTE attribs[] = {
2109 { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
2110 { CKA_CLASS, &secretClass, sizeof(secretClass) },
2111 { CKA_VALUE, &key, sizeof(key)-1 },
2112 { CKA_ALLOWED_MECHANISMS, &allowedMechs, sizeof(allowedMechs) }
2113 };
2114
2115 CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
2116 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hKey) );
2117 CPPUNIT_ASSERT(rv == CKR_OK);
2118
2119 CK_BYTE data[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
2120
2121 // SHA_1_HMAC is not an allowed mechanism
2122 CK_MECHANISM mechanism = { CKM_SHA_1_HMAC, NULL_PTR, 0 };
2123 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &mechanism, hKey) );
2124 CPPUNIT_ASSERT(rv == CKR_MECHANISM_INVALID);
2125
2126 // SHA256_HMAC is an allowed mechanism
2127 mechanism.mechanism = CKM_SHA256_HMAC;
2128 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &mechanism, hKey) );
2129 CPPUNIT_ASSERT(rv == CKR_OK);
2130 CK_BYTE signature256[256];
2131 CK_ULONG signature256Len = sizeof(signature256);
2132 rv = CRYPTOKI_F_PTR( C_Sign(hSession, data, sizeof(data), signature256, &signature256Len) );
2133 CPPUNIT_ASSERT(rv == CKR_OK);
2134
2135 // SHA384_HMAC is not an allowed mechanism
2136 mechanism.mechanism = CKM_SHA384_HMAC;
2137 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &mechanism, hKey) );
2138 CPPUNIT_ASSERT(rv == CKR_MECHANISM_INVALID);
2139
2140 // SHA512_HMAC is an allowed mechanism
2141 mechanism.mechanism = CKM_SHA512_HMAC;
2142 rv = CRYPTOKI_F_PTR( C_SignInit(hSession, &mechanism, hKey) );
2143 CPPUNIT_ASSERT(rv == CKR_OK);
2144 CK_BYTE signature512[512];
2145 CK_ULONG signature512Len = sizeof(signature512);
2146 rv = CRYPTOKI_F_PTR( C_Sign(hSession, data, sizeof(data), signature512, &signature512Len) );
2147 CPPUNIT_ASSERT(rv == CKR_OK);
2148
2149 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession, hKey) );
2150 CPPUNIT_ASSERT(rv == CKR_OK);
2151}
2152
2153void ObjectTests::testTemplateAttribute()
2154{
2155 CK_RV rv;
2156 CK_SESSION_HANDLE hSession;
2157 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
2158 CK_BYTE pE[] = { 0x01, 0x00, 0x01 };
2159 CK_MECHANISM_TYPE allowedMechs[] = { CKM_SHA256_HMAC, CKM_SHA512_HMAC };
2160
2161 // Wrap template
2162 CK_KEY_TYPE wrapType = CKK_SHA256_HMAC;;
2163 CK_ATTRIBUTE wrapTemplate[] = {
2164 { CKA_KEY_TYPE, &wrapType, sizeof(wrapType) },
2165 { CKA_PUBLIC_EXPONENT, pE, sizeof(pE) },
2166 { CKA_ALLOWED_MECHANISMS, &allowedMechs, sizeof(allowedMechs) }
2167 };
2168
2169 // Minimal public key object
2170 CK_OBJECT_CLASS objClass = CKO_PUBLIC_KEY;
2171 CK_KEY_TYPE objType = CKK_RSA;
2172 CK_BYTE pN[] = { 0xC6, 0x47, 0xDD, 0x74, 0x3B, 0xCB, 0xDC, 0x6F, 0xCE, 0xA7,
2173 0xF0, 0x5F, 0x29, 0x4B, 0x27, 0x00, 0xCC, 0x92, 0xE9, 0x20,
2174 0x8A, 0x2C, 0x87, 0x36, 0x47, 0x24, 0xB0, 0xD5, 0x7D, 0xB0,
2175 0x92, 0x01, 0xA0, 0xA3, 0x55, 0x2E, 0x3F, 0xFE, 0xA7, 0x4C,
2176 0x4B, 0x3F, 0x9D, 0x4E, 0xCB, 0x78, 0x12, 0xA9, 0x42, 0xAD,
2177 0x51, 0x1F, 0x3B, 0xBD, 0x3D, 0x6A, 0xE5, 0x38, 0xB7, 0x45,
2178 0x65, 0x50, 0x30, 0x35 };
2179 CK_ATTRIBUTE objTemplate[] = {
2180 { CKA_CLASS, &objClass, sizeof(objClass) },
2181 { CKA_KEY_TYPE, &objType, sizeof(objType) },
2182 { CKA_MODULUS, pN, sizeof(pN) },
2183 { CKA_PUBLIC_EXPONENT, pE, sizeof(pE) },
2184 { CKA_WRAP_TEMPLATE, wrapTemplate, sizeof(wrapTemplate) }
2185 };
2186
2187 // Just make sure that we finalize any previous tests
2188 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
2189
2190 // Initialize the library and start the test.
2191 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
2192 CPPUNIT_ASSERT(rv == CKR_OK);
2193
2194 // Open read-write session
2195 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
2196 CPPUNIT_ASSERT(rv == CKR_OK);
2197
2198 // Login USER into the sessions so we can create a private objects
2199 rv = CRYPTOKI_F_PTR( C_Login(hSession, CKU_USER, m_userPin1, m_userPin1Length) );
2200 CPPUNIT_ASSERT(rv == CKR_OK);
2201
2202 // Create minimal RSA public key object
2203 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, objTemplate, sizeof(objTemplate)/sizeof(CK_ATTRIBUTE), &hObject) );
2204 CPPUNIT_ASSERT(rv == CKR_OK);
2205
2206 CK_ATTRIBUTE wrapAttribs[] = {
2207 { 0, NULL_PTR, 0 },
2208 { 0, NULL_PTR, 0 },
2209 { 0, NULL_PTR, 0 }
2210 };
2211 CK_ATTRIBUTE wrapAttrib = { CKA_WRAP_TEMPLATE, NULL_PTR, 0 };
2212
2213 // Get number of elements
2214 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &wrapAttrib, 1) );
2215 CPPUNIT_ASSERT(rv == CKR_OK);
2216 CPPUNIT_ASSERT(wrapAttrib.ulValueLen == 3 * sizeof(CK_ATTRIBUTE));
2217
2218 // Get element types and sizes
2219 wrapAttrib.pValue = wrapAttribs;
2220 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &wrapAttrib, 1) );
2221 CPPUNIT_ASSERT(rv == CKR_OK);
2222 CPPUNIT_ASSERT(wrapAttrib.ulValueLen == 3 * sizeof(CK_ATTRIBUTE));
2223 for (size_t i = 0; i < 3; i++)
2224 {
2225 switch (wrapAttribs[i].type)
2226 {
2227 case CKA_KEY_TYPE:
2228 CPPUNIT_ASSERT(wrapAttribs[i].ulValueLen == sizeof(CK_KEY_TYPE));
2229 break;
2230 case CKA_PUBLIC_EXPONENT:
2231 CPPUNIT_ASSERT(wrapAttribs[i].ulValueLen == sizeof(pE));
2232 break;
2233 case CKA_ALLOWED_MECHANISMS:
2234 CPPUNIT_ASSERT(wrapAttribs[i].ulValueLen == sizeof(allowedMechs));
2235 break;
2236 default:
2237 CPPUNIT_ASSERT(false);
2238 }
2239 }
2240
2241 // Get values
2242 wrapAttribs[0].pValue = (CK_VOID_PTR)malloc(wrapAttribs[0].ulValueLen);
2243 wrapAttribs[1].pValue = (CK_VOID_PTR)malloc(wrapAttribs[1].ulValueLen);
2244 wrapAttribs[2].pValue = (CK_VOID_PTR)malloc(wrapAttribs[2].ulValueLen);
2245 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, &wrapAttrib, 1) );
2246 CPPUNIT_ASSERT(rv == CKR_OK);
2247 for (size_t i = 0; i < 3; i++)
2248 {
2249 switch (wrapAttribs[i].type)
2250 {
2251 case CKA_KEY_TYPE:
2252 CPPUNIT_ASSERT(*(CK_KEY_TYPE*) wrapAttribs[i].pValue == CKK_SHA256_HMAC);
2253 break;
2254 case CKA_PUBLIC_EXPONENT:
2255 CPPUNIT_ASSERT(memcmp(wrapAttribs[i].pValue, pE, sizeof(pE)) == 0);
2256 break;
2257 case CKA_ALLOWED_MECHANISMS:
2258 CPPUNIT_ASSERT(memcmp(wrapAttribs[i].pValue, allowedMechs, sizeof(allowedMechs)) == 0);
2259 break;
2260 default:
2261 CPPUNIT_ASSERT(false);
2262 }
2263 }
2264
2265 free(wrapAttribs[0].pValue);
2266 free(wrapAttribs[1].pValue);
2267 free(wrapAttribs[2].pValue);
2268}
2269
2270void ObjectTests::testCreateSecretKey()
2271{
2272 CK_RV rv;
2273 CK_SESSION_HANDLE hSession;
2274
2275 // Just make sure that we finalize any previous tests
2276 CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
2277
2278 // Initialize the library and start the test.
2279 rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
2280 CPPUNIT_ASSERT(rv == CKR_OK);
2281
2282 // Open read-write session
2283 rv = CRYPTOKI_F_PTR( C_OpenSession(m_initializedTokenSlotID, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL_PTR, NULL_PTR, &hSession) );
2284 CPPUNIT_ASSERT(rv == CKR_OK);
2285
2286 // Login USER into the sessions so we can create a private objects
2287 rv = CRYPTOKI_F_PTR( C_Login(hSession,CKU_USER,m_userPin1,m_userPin1Length) );
2288 CPPUNIT_ASSERT(rv==CKR_OK);
2289
2290 CK_BYTE genericKey[] = {
2291 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
2292 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2293 };
2294 CK_BYTE aesKey[] = {
2295 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
2296 0x01, 0x02, 0x03, 0x04, 0x05, 0x06
2297 };
2298 CK_BYTE desKey[] = {
2299 0x81, 0xdc, 0x9b, 0xdb, 0x52, 0xd0, 0x4d, 0xc2
2300 };
2301 CK_BYTE des2Key[] = {
2302 0x81, 0xdc, 0x9b, 0xdb, 0x52, 0xd0, 0x4d, 0xc2, 0x00, 0x36,
2303 0xdb, 0xd8, 0x31, 0x3e, 0xd0, 0x55
2304 };
2305 CK_BYTE des3Key[] = {
2306 0x81, 0xdc, 0x9b, 0xdb, 0x52, 0xd0, 0x4d, 0xc2, 0x00, 0x36,
2307 0xdb, 0xd8, 0x31, 0x3e, 0xd0, 0x55, 0xcc, 0x57, 0x76, 0xd1,
2308 0x6a, 0x1f, 0xb6, 0xe4
2309 };
2310 CK_BYTE genericKCV[] = { 0x5c, 0x3b, 0x7c };
2311 CK_BYTE aesKCV[] = { 0x08, 0xbd, 0x28 };
2312 CK_BYTE desKCV[] = { 0x08, 0xa1, 0x50 };
2313 CK_BYTE des2KCV[] = { 0xa9, 0x67, 0xae };
2314 CK_BYTE des3KCV[] = { 0x5c, 0x5e, 0xec };
2315
2316 CK_OBJECT_HANDLE hObject = CK_INVALID_HANDLE;
2317 CK_BBOOL bFalse = CK_FALSE;
2318 CK_BBOOL bTrue = CK_TRUE;
2319 CK_OBJECT_CLASS secretClass = CKO_SECRET_KEY;
2320 CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
2321 CK_ATTRIBUTE attribs[] = {
2322 { CKA_VALUE, genericKey, sizeof(genericKey) },
2323 { CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) },
2324 { CKA_CLASS, &secretClass, sizeof(secretClass) },
2325 { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
2326 { CKA_TOKEN, &bFalse, sizeof(bFalse) },
2327 { CKA_PRIVATE, &bTrue, sizeof(bTrue) },
2328 { CKA_SENSITIVE, &bTrue, sizeof(bTrue) }
2329 };
2330
2331 CK_BYTE pCheckValue[3];
2332 CK_ATTRIBUTE attribKCV[] = {
2333 { CKA_CHECK_VALUE, pCheckValue, sizeof(pCheckValue) }
2334 };
2335
2336 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
2337 CPPUNIT_ASSERT(rv == CKR_OK);
2338 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
2339 CPPUNIT_ASSERT(rv == CKR_OK);
2340 CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
2341 CPPUNIT_ASSERT(memcmp(pCheckValue, genericKCV, 3) == 0);
2342 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
2343 CPPUNIT_ASSERT(rv == CKR_OK);
2344
2345 keyType = CKK_AES;
2346 attribs[0].pValue = aesKey;
2347 attribs[0].ulValueLen = sizeof(aesKey);
2348 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
2349 CPPUNIT_ASSERT(rv == CKR_OK);
2350 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
2351 CPPUNIT_ASSERT(rv == CKR_OK);
2352 CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
2353 CPPUNIT_ASSERT(memcmp(pCheckValue, aesKCV, 3) == 0);
2354 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
2355 CPPUNIT_ASSERT(rv == CKR_OK);
2356
2357 keyType = CKK_DES;
2358 attribs[0].pValue = desKey;
2359 attribs[0].ulValueLen = sizeof(desKey);
2360 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
2361 CPPUNIT_ASSERT(rv == CKR_OK);
2362 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
2363 CPPUNIT_ASSERT(rv == CKR_OK);
2364 CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
2365 CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
2366 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
2367 CPPUNIT_ASSERT(rv == CKR_OK);
2368
2369 keyType = CKK_DES2;
2370 attribs[0].pValue = des2Key;
2371 attribs[0].ulValueLen = sizeof(des2Key);
2372 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
2373 CPPUNIT_ASSERT(rv == CKR_OK);
2374 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
2375 CPPUNIT_ASSERT(rv == CKR_OK);
2376 CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
2377 CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
2378 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
2379 CPPUNIT_ASSERT(rv == CKR_OK);
2380
2381 keyType = CKK_DES3;
2382 attribs[0].pValue = des3Key;
2383 attribs[0].ulValueLen = sizeof(des3Key);
2384 rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
2385 CPPUNIT_ASSERT(rv == CKR_OK);
2386 rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
2387 CPPUNIT_ASSERT(rv == CKR_OK);
2388 CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
2389 CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
2390 rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
2391 CPPUNIT_ASSERT(rv == CKR_OK);
2392}
2393