Back to index

lightning-sunbird  0.9+nobinonly
Defines | Enumerations | Functions | Variables
pk11test.c File Reference
#include <stdlib.h>
#include <stdio.h>
#include <prio.h>
#include <prprf.h>
#include <plarena.h>
#include <prinit.h>
#include <prmem.h>
#include <pkcs11t.h>
#include <secmodt.h>
#include <pk11func.h>
#include <secmod.h>
#include <secutil.h>
#include <keyt.h>
#include "pk11test.h"
#include "pkcs11.h"

Go to the source code of this file.

Defines

#define VERSION_MAJOR   1
#define VERSION_MINOR   0
#define VERSION_POINT   7
#define FIPS_DSA_TYPE   siBuffer
#define FIPS_DSA_DIGEST_LENGTH   20 /* 160-bits */
#define FIPS_DSA_SUBPRIME_LENGTH   20 /* 160-bits */
#define FIPS_DSA_SIGNATURE_LENGTH   40 /* 320-bits */
#define FIPS_DSA_PRIME_LENGTH   64 /* 512-bits */
#define FIPS_DSA_BASE_LENGTH   64 /* 512-bits */

Enumerations

enum  {
  NO_ERROR_AT_ALL = 0, NO_SUCH_SLOT = 1, KEY_GEN_FAILED, CREATE_CONTEXT_FAILED,
  INTERNAL_RNG_FAILED, MECH_NOT_FOUND, INPUT_FILE_ERROR, KEY_COPY_FAILED,
  CIPHER_OP_FAILED, FINALIZE_FAILED, RESULTS_DONT_MATCH, PARAM_GEN_FAILED,
  PLAINTEXT_DOESNT_MATCH, ENCRYPTION_IS_NOOP, WRAP_PRIVKEY_FAILED, WRAP_SYMKEY_FAILED,
  UNWRAP_SYMKEY_FAILED, UNWRAPPED_KEY_DOESNT_MATCH, UNWRAP_PRIVKEY_FAILED, SIGNATURE_FAILED,
  SIGNATURE_DOESNT_VERIFY, AUTHENTICATION_FAILED, AUTHENTICATION_SUCCEEDED, MODDB_ACCESS
}

Functions

void SEC_Init (void)
PRStatus InitCrypto (char *)
int TestUserManagement ()
int TestCrypto ()
MechInfoGetMechInfo (CK_MECHANISM_TYPE type)
int TestEncrypt (CK_MECHANISM_TYPE mech)
int TestSign (CK_MECHANISM_TYPE mech)
int TestDigest (CK_MECHANISM_TYPE mech)
int TestHMAC (CK_MECHANISM_TYPE mech)
int TestSymmetricEncrypt (CK_MECHANISM_TYPE mech)
int TestPKEncrypt (CK_MECHANISM_TYPE mech)
int ReadInputFile (char *filename, char **tokenname, char **moddbname, char **userpw)
char * PasswordFunc (PK11SlotInfo *slot, PRBool loadcerts, void *wincx)
int main (int argc, char *argv[])
int IsSymmetric (CK_MECHANISM_TYPE mech)
voidGeneratePKParams (CK_MECHANISM_TYPE mech)
void FreePKParams (void *p, CK_MECHANISM_TYPE mech)

Variables

static char * userpw = NULL
static int secerror = 0
PK11SlotInfo * slot = NULL
static char * errString []
static PRBool supplyPassword = PR_TRUE

Define Documentation

#define FIPS_DSA_BASE_LENGTH   64 /* 512-bits */
#define FIPS_DSA_DIGEST_LENGTH   20 /* 160-bits */
#define FIPS_DSA_PRIME_LENGTH   64 /* 512-bits */
#define FIPS_DSA_SIGNATURE_LENGTH   40 /* 320-bits */
#define FIPS_DSA_SUBPRIME_LENGTH   20 /* 160-bits */

Definition at line 36 of file pk11test.c.

Definition at line 37 of file pk11test.c.

Definition at line 38 of file pk11test.c.


Enumeration Type Documentation

anonymous enum
Enumerator:
NO_ERROR_AT_ALL 
NO_SUCH_SLOT 
KEY_GEN_FAILED 
CREATE_CONTEXT_FAILED 
INTERNAL_RNG_FAILED 
MECH_NOT_FOUND 
INPUT_FILE_ERROR 
KEY_COPY_FAILED 
CIPHER_OP_FAILED 
FINALIZE_FAILED 
RESULTS_DONT_MATCH 
PARAM_GEN_FAILED 
PLAINTEXT_DOESNT_MATCH 
ENCRYPTION_IS_NOOP 
WRAP_PRIVKEY_FAILED 
WRAP_SYMKEY_FAILED 
UNWRAP_SYMKEY_FAILED 
UNWRAPPED_KEY_DOESNT_MATCH 
UNWRAP_PRIVKEY_FAILED 
SIGNATURE_FAILED 
SIGNATURE_DOESNT_VERIFY 
AUTHENTICATION_FAILED 
AUTHENTICATION_SUCCEEDED 
MODDB_ACCESS 

Definition at line 83 of file pk11test.c.


Function Documentation

void FreePKParams ( void p,
CK_MECHANISM_TYPE  mech 
)

Definition at line 569 of file pk11test.c.

{

       switch(PK11_GetKeyGen(mech)) {
       case CKM_RSA_PKCS_KEY_PAIR_GEN:
              PR_Free( (PK11RSAGenParams*)p);
              break;
       case CKM_ECDSA_KEY_PAIR_GEN:
       case CKM_DSA_KEY_PAIR_GEN:
              PR_Free( (PQGParams*)p);
              break;
       }
}

Here is the call graph for this function:

Definition at line 481 of file pk11test.c.

{

       /* FIPS preprocessor directives for DSA.                        */
       #define FIPS_DSA_TYPE                           siBuffer
       #define FIPS_DSA_DIGEST_LENGTH                  20  /* 160-bits */
       #define FIPS_DSA_SUBPRIME_LENGTH                20  /* 160-bits */
       #define FIPS_DSA_SIGNATURE_LENGTH               40  /* 320-bits */
       #define FIPS_DSA_PRIME_LENGTH                   64  /* 512-bits */
       #define FIPS_DSA_BASE_LENGTH                    64  /* 512-bits */


       CK_MECHANISM_TYPE keygenMech;
       PK11RSAGenParams *rsaparams;
       PQGParams *dsa_pqg;
       unsigned char *dsa_P = (unsigned char *)
                           "\x8d\xf2\xa4\x94\x49\x22\x76\xaa"
                           "\x3d\x25\x75\x9b\xb0\x68\x69\xcb"
                           "\xea\xc0\xd8\x3a\xfb\x8d\x0c\xf7"
                           "\xcb\xb8\x32\x4f\x0d\x78\x82\xe5"
                           "\xd0\x76\x2f\xc5\xb7\x21\x0e\xaf"
                           "\xc2\xe9\xad\xac\x32\xab\x7a\xac"
                           "\x49\x69\x3d\xfb\xf8\x37\x24\xc2"
                           "\xec\x07\x36\xee\x31\xc8\x02\x91";
       unsigned char *dsa_Q = (unsigned char *)
                           "\xc7\x73\x21\x8c\x73\x7e\xc8\xee"
                           "\x99\x3b\x4f\x2d\xed\x30\xf4\x8e"
                           "\xda\xce\x91\x5f";
       unsigned char *dsa_G = (unsigned char *)
                           "\x62\x6d\x02\x78\x39\xea\x0a\x13"
                           "\x41\x31\x63\xa5\x5b\x4c\xb5\x00"
                           "\x29\x9d\x55\x22\x95\x6c\xef\xcb"
                           "\x3b\xff\x10\xf3\x99\xce\x2c\x2e"
                           "\x71\xcb\x9d\xe5\xfa\x24\xba\xbf"
                           "\x58\xe5\xb7\x95\x21\x92\x5c\x9c"
                           "\xc4\x2e\x9f\x6f\x46\x4b\x08\x8c"
                           "\xc5\x72\xaf\x53\xe6\xd7\x88\x02";


       keygenMech = PK11_GetKeyGen(mech);

       switch(keygenMech) {
       case CKM_RSA_PKCS_KEY_PAIR_GEN:
              rsaparams = PR_Malloc(sizeof(PK11RSAGenParams));
              rsaparams->keySizeInBits = REP_PK_KEY_SIZE;
              rsaparams->pe = 65537L;
              return (void*) rsaparams;
       case CKM_ECDSA_KEY_PAIR_GEN:
       case CKM_DSA_KEY_PAIR_GEN:

              /* Allocate PQG memory */
              dsa_pqg = PORT_ZAlloc(sizeof(PQGParams));
              dsa_pqg->prime.data = (unsigned char*)
                     PORT_ZAlloc(FIPS_DSA_PRIME_LENGTH);
              dsa_pqg->subPrime.data = (unsigned char*)
                     PORT_ZAlloc(FIPS_DSA_SUBPRIME_LENGTH);
              dsa_pqg->base.data = (unsigned char*)
                     PORT_ZAlloc(FIPS_DSA_BASE_LENGTH);

              dsa_pqg->prime.type = FIPS_DSA_TYPE;
              PORT_Memcpy(dsa_pqg->prime.data, dsa_P, FIPS_DSA_PRIME_LENGTH);
              dsa_pqg->prime.len = FIPS_DSA_PRIME_LENGTH;

              dsa_pqg->subPrime.type = FIPS_DSA_TYPE;
              PORT_Memcpy( dsa_pqg->subPrime.data, dsa_Q,
                     FIPS_DSA_SUBPRIME_LENGTH );
              dsa_pqg->subPrime.len = FIPS_DSA_SUBPRIME_LENGTH;

              dsa_pqg->base.type = FIPS_DSA_TYPE;
              PORT_Memcpy( dsa_pqg->base.data, dsa_G, FIPS_DSA_BASE_LENGTH );
              dsa_pqg->base.len = FIPS_DSA_BASE_LENGTH;

              return (void*) dsa_pqg;

       case CKM_DH_PKCS_KEY_PAIR_GEN:
       case CKM_KEA_KEY_PAIR_GEN:
       default:
              return NULL;
       }
       return NULL;
}

Here is the call graph for this function:

PRStatus InitCrypto ( char *  moddbname)
int main ( int  argc,
char *  argv[] 
)

Definition at line 234 of file pk11test.c.

{
       char *tokenname=NULL;
       char *moddbname=NULL;
       int errcode;

       if(argc < 3) {
              PR_fprintf(PR_STDERR,
"\nPKCS #11 Test Suite Version %d.%d.%d\n\
Usage: pkcs11 testid configfile\n",VERSION_MAJOR,VERSION_MINOR,VERSION_POINT);
              return -1;
       }

       testId = atoi(argv[1]);
       if(ReadInputFile(argv[2], &tokenname, &moddbname, &userpw)) {
              errcode = INPUT_FILE_ERROR;
              goto loser;
       }

       PR_fprintf(PR_STDOUT, "testId=%d\n", testId);
       PR_fprintf(PR_STDOUT, "tokenname=%s\n", tokenname);
       PR_fprintf(PR_STDOUT, "moddbname=%s\n", moddbname);

       PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);

       if( InitCrypto(moddbname) != PR_SUCCESS ) {
              errcode = MODDB_ACCESS;
              goto loser;
       }

       slot = PK11_FindSlotByName(tokenname);
       if(!slot) {
              errcode = NO_SUCH_SLOT;
              goto loser;
       }

       if(!REP_USE_CORRECT_PIN && userpw) {
              /* don't use the pin passed in */
              userpw[0]++;
       }
       PK11_SetPasswordFunc(PasswordFunc);
       if(PK11_NeedLogin(slot)) {
              SECStatus result;
              supplyPassword = PR_TRUE;
              result = PK11_Authenticate(slot, PR_FALSE, NULL);
              /* If we just did an invalid login, login correctly so we don't
               * cause the token to lock us out */
              if(!REP_USE_CORRECT_PIN) {
                     userpw[0]--;
                     supplyPassword = PR_TRUE;
                     PK11_Authenticate(slot, PR_FALSE, NULL);
              }
              if(REP_USE_CORRECT_PIN && result!=SECSuccess) {
                     errcode =  AUTHENTICATION_FAILED;
                     goto loser;
              } else if(!REP_USE_CORRECT_PIN && result==SECSuccess) {
                     errcode = AUTHENTICATION_SUCCEEDED;
                     goto loser;
              }
       }

       errcode = TestCrypto();

loser:
       if(tokenname) {
              PR_Free(tokenname); tokenname = NULL;
       }
       if(moddbname) {
              PR_Free(moddbname); moddbname = NULL;
       }
       if(errcode) {
           PR_fprintf(PR_STDOUT, "Exiting with error: %s.\n\n", errString[errcode]);
       } else {
              PR_fprintf(PR_STDOUT, "Test was successful\n\n");
       }
       return errcode;
}

Here is the call graph for this function:

char* PasswordFunc ( PK11SlotInfo *  slot,
PRBool  loadcerts,
void wincx 
)

Definition at line 215 of file pk11test.c.

{
       if(supplyPassword) {
              /*PR_fprintf(PR_STDOUT, "Feeding password: |%s|\n", userpw);*/
              supplyPassword = PR_FALSE;
              return PL_strdup(userpw);
       } else  {
              /*PR_fprintf(PR_STDOUT, "PasswordFunc supplying NULL.\n");*/
              return NULL;
       }
}
int ReadInputFile ( char *  filename,
char **  tokenname,
char **  moddbname,
char **  userpw 
)

Definition at line 148 of file pk11test.c.

{
       PRFileDesc* file=NULL;
       char readbuf[1025];
       int numbytes=0;
       char *cp;

       *tokenname = NULL;
       *moddbname = NULL;

       /* Open file */
       file = PR_Open(filename, PR_RDONLY, 0);
       if(!file) {
              return -1;
       }

       /* Read in everything */
       numbytes = PR_Read(file, readbuf, 1024);
       if(numbytes==-1) {
              goto loser;
       }
       readbuf[numbytes] = '\0'; /* make sure we're null-terminated */

       /* Get tokenname */
       cp = strtok(readbuf, "\r\n");
       if(cp == NULL) {
              goto loser;
       }
       *tokenname = PR_Malloc(strlen(cp)+1);
       strcpy(*tokenname, cp);

       /* get moddbname */
       cp = strtok(NULL, "\r\n");
       if(cp == NULL) {
              goto loser;
       }
       *moddbname = PR_Malloc(strlen(cp)+1);
       strcpy(*moddbname, cp);

       /* Get module PIN */
       cp = strtok(NULL, "\r\n");
       if(cp == NULL) {
              goto loser;
       }
       *userpw = PR_Malloc(strlen(cp)+1);
       strcpy(*userpw, cp);

       PR_Close(file);
       return 0;

loser:
       if(file) {
              PR_Close(file);
       }
       if(*tokenname) {
              PR_Free(*tokenname);
              *tokenname = NULL;
       }
       if(*moddbname) {
              PR_Free(*moddbname);
              *moddbname = NULL;
       }
       return -1;
}

Definition at line 43 of file secinit.c.

{
    /* PR_Init() must be called before SEC_Init() */
#if !defined(SERVER_BUILD)
    PORT_Assert(PR_Initialized() == PR_TRUE);
#endif
    if (sec_inited)
       return;

    sec_inited = 1;
}

Variable Documentation

char* errString[] [static]
Initial value:
 {
       "No error",
       "No such slot",
       "Failed to generate key",
       "Failed to create a cryptographic context",
       "Failed to generate random bytes",
       "Mechanism was not found",
       "Error in input file",
       "Failed to copy key from internal to external module",
       "Cipher operation failed",
       "Cipher finalization failed",
       "Internal module produced a different result than the target module",
       "Failed to generate cryptographic parameters",
       "Recovered plaintext does not match original plaintext",
       "Ciphertext is the same as plaintext",
       "Unable to wrap private key",
       "Unable to wrap symmetric key",
       "Unable to unwrap symmetric key",
       "Unwrapped key does not match original key",
       "Unable to unwrap private key",
       "Signing operation failed",
       "Incorrect signature: doesn't verify",
       "Failed to authenticate to slot",
       "Authenticated to slot with incorrect password",
       "Unable to access security module database"
}

Definition at line 110 of file pk11test.c.

int secerror = 0 [static]

Definition at line 78 of file pk11test.c.

PK11SlotInfo* slot = NULL

Definition at line 80 of file pk11test.c.

Definition at line 213 of file pk11test.c.

char* userpw = NULL [static]

Definition at line 77 of file pk11test.c.