lib/hx509/test_soft_pkcs11.c

   1 /*
   2  * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "hx_locl.h"
  35 #include "pkcs11.h"
  36 #include <err.h>
  37
  38 static CK_RV
  39 find_object(CK_SESSION_HANDLE session,
  40             char *id,
  41             CK_OBJECT_CLASS key_class,
  42             CK_OBJECT_HANDLE_PTR object)
  43 {
  44     CK_ULONG object_count;
  45     CK_RV ret;
  46     CK_ATTRIBUTE search_data[] = {
  47         {CKA_ID, id, 0 },
  48         {CKA_CLASS, &key_class, sizeof(key_class)}
  49     };
  50     CK_ULONG num_search_data = sizeof(search_data)/sizeof(search_data[0]);
  51
  52     search_data[0].ulValueLen = strlen(id);
  53
  54     ret = C_FindObjectsInit(session, search_data, num_search_data);
  55     if (ret != CKR_OK)
  56         return ret;
  57
  58     ret = C_FindObjects(session, object, 1, &object_count);
  59     if (ret != CKR_OK)
  60         return ret;
  61     if (object_count == 0) {
  62         printf("found no object\n");
  63         return 1;
  64     }
  65
  66     ret = C_FindObjectsFinal(session);
  67     if (ret != CKR_OK)
  68         return ret;
  69
  70     return CKR_OK;
  71 }
  72
  73 static char *sighash = "hej";
  74 static char signature[1024];
  75
  76
  77 int
  78 main(int argc, char **argv)
  79 {
  80     CK_SLOT_ID_PTR slot_ids;
  81     CK_SLOT_ID slot;
  82     CK_ULONG num_slots;
  83     CK_RV ret;
  84     CK_SLOT_INFO slot_info;
  85     CK_TOKEN_INFO token_info;
  86     CK_SESSION_HANDLE session;
  87     CK_OBJECT_HANDLE public, private;
  88
  89     C_Initialize(NULL_PTR);
  90
  91     ret = C_GetSlotList(FALSE, NULL, &num_slots);
  92     if (ret != CKR_OK)
  93         errx(1, "C_GetSlotList1 failed: %d", (int)ret);
  94
  95     if (num_slots == 0)
  96         errx(1, "no slots");
  97
  98     if ((slot_ids = calloc(1, num_slots * sizeof(*slot_ids))) == NULL)
  99         err(1, "alloc slots failed");
 100
 101     ret = C_GetSlotList(FALSE, slot_ids, &num_slots);
 102     if (ret != CKR_OK)
 103         errx(1, "C_GetSlotList2 failed: %d", (int)ret);
 104
 105     slot = slot_ids[0];
 106     free(slot_ids);
 107
 108     ret = C_GetSlotInfo(slot, &slot_info);
 109     if (ret)
 110         errx(1, "C_GetSlotInfo failed: %d", (int)ret);
 111
 112     if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0)
 113         errx(1, "no token present");
 114
 115     ret = C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, &session);
 116     if (ret != CKR_OK)
 117         errx(1, "C_OpenSession failed: %d", (int)ret);
 118
 119     ret = C_Login(session, CKU_USER, (unsigned char*)"foobar", 6);
 120     if (ret != CKR_OK)
 121         errx(1, "C_Login failed: %d", (int)ret);
 122
 123     ret = C_GetTokenInfo(slot, &token_info);
 124     if (ret)
 125         errx(1, "C_GetTokenInfo failed: %d", (int)ret);
 126
 127     if (token_info.flags & CKF_LOGIN_REQUIRED)
 128         errx(1, "login required, even after C_Login");
 129
 130     ret = find_object(session, "cert", CKO_PUBLIC_KEY, &public);
 131     if (ret != CKR_OK)
 132         errx(1, "find cert failed: %d", (int)ret);
 133     ret = find_object(session, "cert", CKO_PRIVATE_KEY, &private);
 134     if (ret != CKR_OK)
 135         errx(1, "find private key failed: %d", (int)ret);
 136
 137     {
 138         CK_ULONG ck_sigsize;
 139         CK_MECHANISM mechanism;
 140
 141         memset(&mechanism, 0, sizeof(mechanism));
 142         mechanism.mechanism = CKM_RSA_PKCS;
 143
 144         ret = C_SignInit(session, &mechanism, private);
 145         if (ret != CKR_OK)
 146             return 1;
 147
 148         ck_sigsize = sizeof(signature);
 149         ret = C_Sign(session, (CK_BYTE *)sighash, strlen(sighash),
 150                      (CK_BYTE *)signature, &ck_sigsize);
 151         if (ret != CKR_OK) {
 152             printf("C_Sign failed with: %d\n", (int)ret);
 153             return 1;
 154         }
 155
 156         ret = C_VerifyInit(session, &mechanism, public);
 157         if (ret != CKR_OK)
 158             return 1;
 159
 160         ret = C_Verify(session, (CK_BYTE *)signature, ck_sigsize,
 161                        (CK_BYTE *)sighash, strlen(sighash));
 162         if (ret != CKR_OK) {
 163             printf("message: %d\n", (int)ret);
 164             return 1;
 165         }
 166     }
 167
 168 #if 0
 169     {
 170         CK_ULONG ck_sigsize, outsize;
 171         CK_MECHANISM mechanism;
 172         char outdata[1024];
 173
 174         memset(&mechanism, 0, sizeof(mechanism));
 175         mechanism.mechanism = CKM_RSA_PKCS;
 176
 177         ret = C_EncryptInit(session, &mechanism, public);
 178         if (ret != CKR_OK)
 179             return 1;
 180
 181         ck_sigsize = sizeof(signature);
 182         ret = C_Encrypt(session, (CK_BYTE *)sighash, strlen(sighash),
 183                      (CK_BYTE *)signature, &ck_sigsize);
 184         if (ret != CKR_OK) {
 185             printf("message: %d\n", (int)ret);
 186             return 1;
 187         }
 188
 189         ret = C_DecryptInit(session, &mechanism, private);
 190         if (ret != CKR_OK)
 191             return 1;
 192
 193         outsize = sizeof(outdata);
 194         ret = C_Decrypt(session, (CK_BYTE *)signature, ck_sigsize,
 195                        (CK_BYTE *)outdata, &outsize);
 196         if (ret != CKR_OK) {
 197             printf("message: %d\n", (int)ret);
 198             return 1;
 199         }
 200
 201         if (memcmp(sighash, outdata, strlen(sighash)) != 0)
 202             return 1;
 203     }
 204 #endif
 205
 206     ret = C_CloseSession(session);
 207     if (ret != CKR_OK)
 208         return 1;
 209
 210     C_Finalize(NULL_PTR);
 211
 212     return 0;
 213 }